Industry sign banking montana permission slip secure
hello this is for is Oh el 633 at the University of the Cumberlands this is for chapter 2 of the textbook legal issues in information security this chapter is privacy overview so privacy is an area of growing importance for people and organizations this growth roughly corresponds with the growth of the Internet the Internet has made it possible for people to share all types of information very quickly organizations collecting use information to conduct business governments collecting use information to provide their own security individual share information to get goods and services people also share information to network while looking for jobs or to catch up with old friends with this increased collection of information some questions about proper information use this chapter provides an overview and privacy issues privacy is a very large field it's impossible to discuss all of the unique and interesting issues in the field of privacy the most part this chapter limits to the areas where information technology and privacy meet as chapter also addresses general privacy concepts so the learning objective of this chapter is to examine the concepts of privacy and its legal protections so the topics we will look at is why privacy is an issue what privacy is how privacy is different from information security what sources of privacy of law are what threats to privacy of there are in information age our workplace privacy is and what general principles for privacy protection exist in information as the systems so the key concepts as to why is privacy an issue how its privacy different from information security look at privacy laws threats to privacy in the Information Age principles of privacy protection in information systems so the basic privacy principles will explain the difference between information security and privacy describe the threats to privacy explain the important issues regarding workplace privacy and describe the general principles of privacy protection and information systems so what is privacy privacy is a simple term describe the number different but we were related concepts at its core privacy means that person has controlled his or her personal data patrol means that a person can specify the collection news and sharing of their data people also can describe whether they will provide personal data to third parties most traditional views and privacy include the belief at the government's power to interfere in the privacy of his citizens is limited this means that people and their information must be free from unreasonable government intrusion the government must not investigate a person or their personal information without a good reason courts spend a lot of time defining what government are allowed to investigate there when governments are allowed to investigate their citizens this is a core privacy concept for most Americans the types of information that person considers private are usually very personal what is private information for one person may not be as private for others information that most people generally consider private include the following Social Security and other identify identification numbers this includes driver's license and passport numbers financial information this includes bank and credit card account numbers this also includes investment and retirement account information most people also consider the amount of money and their accounts private information health information this includes diagnosis and the prescription drug information most people consider information regarding mental illness to be highly sensitive and private biometric data mr. Padilla includes fingerprints DNA analysis iris scanning estate about persons physical or behavioral traits security professionals and security equipment use biometric data to identify a particular person biometric data is special because is unique to an individual and can't easily be changed criminal history data this includes criminal charges the outcome of a criminal case and any punishment that a person may have received other information may include any other information that may embarrass a person if released to the public so why is privacy in the issue the rise in internet youths also has potential to change how people live according to US Census Bureau data in 2011 nearly 27 percent of US households reported they had internet access you can expect that number to grow internet and related technologies such as e-mail rapidly are becoming indispensable tools people use the internet for almost everything it's a tool for learning and entertainment you can search the internet for almost any type of information this increased access to information has some complications and you in the world can view information published on the Internet enemies of the government can view government information posted online people can copy and use articles posted to the internet without the author's permission blogs and pictures on personal web pages for family and friends to view are sometimes available to every anyone anywhere well information the Internet is also a concern larger more complex information systems allow business and governments to collect more and more individual data collection of large amounts of data has led to the concept of big data big data refers to large and complex data collections sophisticated applications review and analyze collected data perhaps from many sources owners of these systems can accumulate large amounts of data about people they can use the data for their own purposes they can create highly detailed individual profiles like combining their data with that of other systems you can also sell the data they collect to third parties privacy issues are challenged by big data collection because the collections contain information from many different sources people leave electronic footprints in many places on the Internet Internet service providers or ISP between logs at track performance information both sides tracked the actions of visitors to site or as Asians may track and record the internet and email activities of employees service providers of all types back up their logs and data for disaster recovery purposes these backups contain personal information many people don't know that their activities are recorded stored and monitored in so many different ways security and privacy the home of privacy different from information security information security and privacy are closely related however they're not the same privacy is defined here as an individual's right to control the use and disclosure of his/her own personal information this means individuals have the opportunity to assess a situation and determine how their data is used information security is the process used to keep data private security as a process privacy as a result just because information is secure doesn't mean as private information security is about protecting data to ensure confidentiality access and integrity privacy was respect to Information Systems means that people have control over and can make choices about how their information will be used security is used to carry out these choices privacy can't exist in information systems without security so search and privacy it's easy to discover personal information on the internet about other people but people can copy and use articles posted to the internet without an author's permission blogs and pictures and personal webpages for family and friends to view the town are sometimes available to available to anyone and anywhere so elements information security and privacy so element information security our access control authentication authorization confidentiality data integrity and non-repudiation for privacy the guidelines include the collection of limited levitation principle individuals must know about a consent to the collection of their data data quality principle any data collected must be correct person purpose a specification principle purpose of our data collection should be stated to individuals before their data is collected youths limitation principle data should be used only for the purpose stated when it is collected security safeguards principle the collected data must be protected from unauthorized access openness principle people can contact in 2d collecting their data people can discover where their personal data is collected and stored individual participation principle people must know if data about them has been collected people also must have access to their collected information and the accountability principles the entity collecting data must be held accountable for following the privacy principles so sources are privacy of law most people consider the right to privacy to be fundamental human right number of different sources define the scope of this right to privacy I was include constitutional law as this constitution is a source of legal authority for the US government it states the relationship between the federal government and the states and also provides some Authority for certain individual rights we can retained by all US citizens constitutional rights are basic individual rights recognized in the US Constitution federal laws federal laws are the laws the country's federal government creates no comprehensive D the security of all exist in the United States like the laws that regulate information security u.s. federal laws that address information in privacy are also industry based these laws put limits on the use of information personal information based on the nature of the underlying data Congress has enacted laws to protect various types of data descriptions of these laws Nexus state laws state constitutions are the documents to form the individual state government state constitutions apply to the people who live in a particular state state constitutions are the highest form of law for state governments ten state constitutions recognize a right to privacy and include Alaska Arizona California Florida Hawaii Illinois Louisiana Montana South Carolina and Washington these state constitutions provide clear privacy guarantees Montana State Constitution reads the right and individual privacy is essential to the well-being of a free society and Sheena Shannon now shall not be infringed without the showing of a compelling state interest and then common laws the US Supreme Court didn't specifically recognize a constitutional right to privacy until 1965 however u.s. common law recognize certain privacy torts as early as 1902 a tort is some sort of wrong act or harm that hurts a person in a tort case the injury party may sue the wrongdoer for damage disk tort law governs disputes between individuals common law as a body of law developed because of legal tradition and court cases u.s. come along as a body of law and legal principles inherited from England common law changes very slowly and develops as judges decide court cases for privacy torts still exist today most states give either common law or statutory regulation to these torts statutory recognition means that state has included the tort in the written laws of the state the for privacy torts are intrusion into seclusion portrayal of in a false light appropriation of likeness or identity and public disclosure of private facts the federal privacy laws include the senses confidentiality Act freedom Information Act in 1966 the wiretap Act meal privacy statue from 1971 privacy act Cuba Communications Policy Act in 1984 Electronic Communications Privacy Act u.s. Patriot Act in 2001 driver's Privacy Protection Act in 1994 and the e-government Act in 2002 again as we noted 10 state constitutions recognize a right to privacy as part of the state privacy laws state in New York was the first state to write a right of privacy into its statutes and other states have recognized a right of privacy through case law the thrust to personal and data privacy and technology-based the privacy issues exist before technology became an issue seems however that privacy issues became more urgent due to advances in technology people often have very little control over how their data is collected used and shared in an electronic manner they're concerned about how the data will be used later Resnick tronic Communications makes people wonder how private their lives truly are this section discusses some of today's privacy concerns so the technology beast concerns are caused by advances in technology he's concerned to rise because the types of data that can be collected with various technologies first one is spyware keystroke loggers and adware spyware is a technology that secretly gathers information about a person or system keystroke logger is a device or program that records the keystrokes need on a keyboard or mouse spyware and keystroke loggers are designed to gather information secretly cookies web beacons and click streams cookies a small string of text that a web site stores on a user's computer cookies contain text they can't execute like a program file cookies aren't considered spyware because they're not executable a cookie by itself isn't dangerous or a privacy threat however though other individuals and companies can use cookies and ways that invade your privacy these two kinds of cookies are first-party cookies exchanged between a user's browser and a website the user is visiting and third-party cookies except by once website but readable by another site third-party cookies are set when the website a user visits has content on it that is hosted by a No server web beacon is a small invisible electronic file that's placed on the webpage or in an email message it counts users who visit a web page the web beacon also can tell if a user opens an email message and took some action with it it also can monitor user behavior web beacon also is called the web bug a clear graphics interchange format or gift the type of image formatted that's often used as a web beacon this is because clear gifts are invisible and very small the click stream is a data trail and the internet user leaves while browsing movements are recorded on you as a user moves through a website users click links to request information from the website the click stream is essentially a set of digital footprints attract and Internet users it steps RFID or radio frequency identification it's a technology that uses radio waves to transmit data to a receiver RFID technology is wireless it's way to identify unique items using radio waves main purpose of RFID technology is to allow tagged items to be identified and tracked sometimes you can hear devices they use this technology called RFD tag or RFID chip GPS or Global Positioning System uses satellites above the earth to compute location of a GPS receiver GPS receivers use a number of different satellites to calculate time and location GPS receivers can be incorporated into a number of devices are used in automobile navigation units Warners use GPS receive built into heart rate monitors to help measure the distance that they have run GPS units are built into many cell phones to help locate cell phone users in an emergency cell phone applications also use GPS technology to track other users and family members security breaches the right privacy bright Clearing House maintains a list of US security breaches that involve records that contain personal information Clearinghouse began to collect data in January 2005 as a as of November 2013 the site reported 617 million 58,000 and 124 records have been involved in security breaches security breach is a compromise of any security system that results in the loss of personal identifiable information after breach unauthorized individuals protection can access data in the system in Euros a ssin can experience a security breach security breaches can be due to direct external attacks poor internal safeguards or both breaches can occur within a computer systems they can also occur with physical security systems such as parameter gate or fence are compromised the threats to personal data there are people based so people based concerned - caused by people's actions these concerns are raised when people compromised others privacy also are caused when people take actions that compromised their own data privacy examples of thes
include fishing which is a form of an internet fraud in which attackers attempt to steal valuable information phishing attacks usually take place by email Fisher is usually trying to steal confidential information such as usernames and passwords or financial account information phishing scams our privacy concern however people can protect themselves from phishing scams you should not respond to unsolicited emails that request personal information phishing scams are also concerned if an employee in the organization that stored lost a personal information falls for the scam if an employee responds to a scam with email and password information organization can experience a large data breach that breach can involve customers personal information social engineering shoulder surfing as dumpster diving social engineering attacks rely on human interaction involved tricking people to gain sensitive information shoulder surfing occurs when an attacker looks over the shoulder of another person to discover sensitive information in each type of attack attackers are trying to get data they don't have permission to have often attackers are trying to get personal identifiable information dumpster diving is another threat to data privacy dumpster diving is shifting sifting through trash to discover personal information it's an issue because individuals and organizations dispose of personal information in unsecure ways thieves steal personal identifiable information to commit identity theft shredding documents documents before placing them in the trash is a safe disposal method social network sites personal data privacy is not compromised just by actions of third parties people can harm their own privacy by participating online social networks they have the potential to expose a lot of personal information social networking sites or web site applications allow users to post information about themselves these sites promote interaction between people and their other data gathering the Internet has made it much easier to learn people's beaten personal details about people people can search the internet for data on their neighbors co-workers family members perspective dates and public figures almost every person has some sort of digital presence social network sites personal web pages media web pages and government public records databases can easily be viewed for personal information where there are legitimate users for doing online personal data it also can be used to harass and threaten victims so workplace privacy and monitoring workplace privacy is a term that describes privacy issues in the workplace privacy can be implemented in a number of ways in the workplace hiring firing performance reviews all have potential privacy concerns how employers interact with employees in these matters can't have privacy implications as a rule most US employees have little expectation of privacy in the workplaces very few states have enacted laws that have workplace privacy issues some states may have laws related to general it's the issue such as telephone wiretapping not all states have considered the impact of these laws in the workplace so telephone and voicemail some organizations monitor employee telephone conversations as part of routine activities one reason to do this is to make the employee make sure the employees are providing good customer service toys have few protections from this type of monitoring video surveillance employees employers may want to use video surveillance to monitor their employees they can use it to protect against work theft video surveillance also can be used to protect workplace safety and monitoring productivity reliefs video surveillance as monitoring generally this allows employees are given notice employers must have a legitimate business reason for these surveillance employers must not use video surveillance to monitor workplace employees have a reasonable expectation for privacy areas considered private include restrooms employee lounges or private offices employees must be careful employers must be careful when using hidden video surveillance computer use employers may monitor employee computer and internet use for a number of reasons in addition to those already mentioned employers may monitor it to discourage inappropriate online contact at work this could include online shopping during work hours or viewing adult-only websites employees generally don't have any reasonable expectation of privacy in the use of employer provided resources an employer generally is allowed to monitor an employee's use of provider computers and internet access this monitoring includes reviewing files and software on the computer also flute racking internet use and webpages that an employer visits and then email monitoring email monitoring is a very similar to TOEFL and conversation monitoring the federal wiretap laws in place for monitoring telephone conversations also apply to intercepting email conversations like telephone conversations real-time email monitoring may be permitted in some instances an employer may intercept employee email using equipment furnished by the provider electronic communication services the poor must have a legitimate business purpose for intercepting email the general principles for privacy protection and information systems design information systems and ways to protect data privacy is very important customers will be loyal to organizations that protect privacy organizations must understand how the customers feel about data privacy even though people are sharing more information than ever before some feel that their privacy is under attack organizations must keep in mind that people want to control their personal data organizations must clearly state the type of data that they need to collect they also must determine how they are going to collect data from their customers active data collection practices should be used these data collection practices are obvious to the customers customers are aware of active data collection practices organizations should avoid passive data collection methods passive data collection happens secretly Morrow's ation collects data in a passive manner by using devices such as cookies and web beacons customers may not know that data collection is occurring with these collection methods so in summary we looked at why privacy is an issue of privacy different from information security with a custom privacy laws threats to privacy information age and principles of privacy protection in information system so privacy is a right that people no longer can take for granted people want to have control over their personal information they want to be able to choose how third parties collect use and store their information growth and electronic communication data transfer has changed how individuals view view privacy and how organizations must protect them organizations must use information security principles to make sure they protect a person's individual privacy choices thank you you