Computer Security And Computer Crimes. Problem under consideration A software flaw was found in a...
-
Upload
philomena-summers -
Category
Documents
-
view
215 -
download
0
Transcript of Computer Security And Computer Crimes. Problem under consideration A software flaw was found in a...
Computer Security
And
Computer Crimes
Problem under considerationProblem under consideration
• A software flaw was found in a national bank's A software flaw was found in a national bank's web site that allows anyone who knows about web site that allows anyone who knows about the flaw to read all information about other the flaw to read all information about other people's bank accounts. You consider it a people's bank accounts. You consider it a serious privacy risk. You sent e-mail to the bank serious privacy risk. You sent e-mail to the bank about the problem but received no answer. What about the problem but received no answer. What should you do next? Discuss pros and cons of should you do next? Discuss pros and cons of various possible actions. various possible actions.
Discussions coveredDiscussions covered
• Individual’s standpoint
• Bank’s perspective
Individual’s stand pointIndividual’s stand point
Customer Decision TreeCustomer Decision Tree
Call Customer Support
Representative
Take Advantage Do Nothing Try Again
Stage IStage I
Stage II
Individual’s stand point Individual’s stand point (cont’d.)(cont’d.)
[[Customer Decision Tree…]Customer Decision Tree…]
Harmless Hacking
Malicious Hacking
Hactivism
Close Account
Follow Executive Hierarchy
Repetition till remedy
Eye on possibility of threats
(Take Advantage) (Do Nothing) (Try Again)
Individual’s standpoint (cont’d.)Individual’s standpoint (cont’d.)
1.Take Advantage of the Situation1.Take Advantage of the Situation
• Use your knowledge to hack the web site
– Harmless hacking• Let the bank know they have been hacked• Probably illegal• Forces the bank to confront security breach• Is this ethically justified?
Individual’s standpoint (cont’d.)Individual’s standpoint (cont’d.)
[ [ 1.Take Advantage of the Situation…]1.Take Advantage of the Situation…]
– Malicious hacking• Access accounts yourself• Disrupt service and/or steal money• Very much illegal• Severe penalties• No ethical justification
Individual’s standpoint (cont’d.)Individual’s standpoint (cont’d.)
[ [ 1.Take Advantage of the Situation…]1.Take Advantage of the Situation…]
– Hacktivism• Disrupt service• Tell other customers that web site is unsafe• Very much illegal or valid civil disobedience?• Penalties may not be as severe
Individual’s standpoint (cont’d.)Individual’s standpoint (cont’d.)
[ [ 1.Take Advantage of the Situation…]1.Take Advantage of the Situation…]
• In all three hacking examples the bank may incur serious losses– Financial– Customer relationships– Service disruptions
• Close account and go away– Problem still exists– Save your own hide– No recognition of responsibility to anyone beyond
yourself; socially irresponsible– Absolutely the least one can do– Don’t care about bank’s further actions
Individual’s standpoint (cont’d.)Individual’s standpoint (cont’d.)
2. Do Nothing2. Do Nothing
• Go up one level in complaint– Threaten to leave – Threaten to go to authorities (FDIC)– Threaten to go to media
• Repeat process as necessary, through chain of command
Individual’s standpoint (cont’d.)Individual’s standpoint (cont’d.)
3. Try again3. Try again
Individual’s standpoint (cont’d.)Individual’s standpoint (cont’d.)
[ [ 3. Try again…]3. Try again…]
• Follow through on threats
• Shows – Social responsibility – Customer loyalty
Bank’s PerspectiveBank’s PerspectiveDecision TreeDecision Tree
Informed of Glitch
Do Nothing Do Something
Internal Fix External Fix
Bank’s PerspectiveBank’s Perspective
1. Keep quiet about it
– Don’t draw attention• Keep secret from hackers
– Reliance on secrecy• Cheap
– Cost of fix vs. cost of liability
• Cost of exposure could have consequences beyond the cost of fixing the problem
Bank’s Perspective (cont’d.)Bank’s Perspective (cont’d.)
2. Analyze and fix problem internally
– Problem can be fixed without undue publicity– Minimal disruption of service– Question of competence
• Can we trust the people who broke it to fix it?
– Potentially most cost effective
Bank’s Perspective (cont’d.)Bank’s Perspective (cont’d.)
[ 2. Analyze and fix problem internally…]
– Check the flaw and see if any others exist– Check on potential of IT team
• Maybe hire a hacker to test other parts of the system
– Let it stay within the bank
Bank’s Perspective (cont’d.)Bank’s Perspective (cont’d.)
3. Third party security audit
– What requires auditing?• Hardware• Software• Network
– Personnel evaluation
Bank’s Perspective (cont’d.)Bank’s Perspective (cont’d.)
[ 3. Third party security audit …]
– Question of security• Threat of exposure• Exposes secrets to outside entity
Bank’s Perspective (cont’d.)Bank’s Perspective (cont’d.)
• How to decide
–Has anyone been injured• Loss of money• Loss of personal information
–Consequences of breach becoming known• Known only to hackers• Known to general public
–Ethical considerations
Comments / QuestionsComments / Questions