Internet Security Principal Final Project

1
Internet Security PrincipalFinal Project Data
Protection

• Hsiao-Jung Chang hchang08_at_ecs.syr.edu
• Cho-Ting Huang chuang12_at_ecs.syr.edu

2
ABSTRACT

• Personal data are extremely important to the
  privacy of the individual.
• In this age, the information transmission is so
  fast and wide.
• Its not so hard to dig or mine these data
  without per- mission.
• The protection of personal information is a big
  and urgent problem.

3
Introduction

• There is a growing concern about the possibility
  of misuse and about a dilution of the privacy
  rights of individuals. Of particular concern
  to many people is the potential misa-
  ppropriation or abuse of private information.
• Thus, we should consider protecting data from
  the threat inside and outside of their
  physical boundaries.
• We're able to do this through.

4
Finacial Data

• Property and life insurance companies, mutual
  funds, investment advisors, and securities
  broker-dealers would be considered financial
  institutions.
• Insurance agents, loan brokers, finance
  companies, mortgage companies, and check
  cashiers/money trans- mitters also engage in a
  wide range of financial activities.
• The Internet has emerged as the great equalizer
  among these institutions.

5
Finacial Data(cont.)

• What are the technical options involved in
  getting started?
• Principles that financial institutions should
  follow.

6
Medical Data

• Medical information is any information that is
  created or received by a healthcare provider,
  health plan, public health authority,
  employer, life insurer, school or healthcare
  clear- inghouse that relates to physical or
  mental health or con- dition of an individual
  or the payment for the provision of healthcare
  to an individual.
• What are the possible results of inappropriate
  disclosure of private health information?
• - Incorrect medical decisions might be made
• - Mental anguish, discrimination, economic harm

7
Vulnerabilities
According to a report, hundreds of new
vulnerabilities are being discovered annually,
dozens of new patches are being released
monthly. We can part form possible vulerabilities
into attacks from outside through Internet and
dig from insiders.
8
Vulnerabilities(cont.)
Outside
- Structure - Cookies - Cross-site
scripting - Back doors
9
Vulnerabilities(cont.)
Insiders
_at_ Most companies tend to gain a false sense of
securi- ty from strong perimeter security,
like firewalls and intrusion-detection
systems. _at_ In fact, 80 of all attacks come from
the inside. _at_ However, they have spent about 80
of their securi- ty dollars to protect
against outside threats.
10
Insiders (cont.)
There are a variety of ways that fraud are
perpetrated by insiders - Altering Input -
Theft of Computer Time - Software Theft and
Modifications - Altering or Stealing Data
Files - Employees can also steal company data -
Theft or Misuse of Systems Output
11
HIPAA Regulation

• What HIPAA means to information Security?
• Signed into law in 1996, the Health Insurance
  Portability and Accountability Act (HIPPA).
• Addresses both health insurance reform and
  administrative simplification.
• The proposed standard for security and
  electronic signatures.

12
HIPAA Regulation(cont.)

• How does an institution become compliant with
  HIPAA privacy and security rule?
• - HIPAA recognizes that the largest task in
  compliance is administrative, not with the
  technical features of computer systems.
• - The proposed HIPAA regulations stress
  "reasonable and appropriate" security measures
  that address the particular institutions
  security needs, risks, and business
  requirements

13
HIPAA Regulation(cont.)

• Does HIPAA apply to most health sites?
• _at_ The rules cover only Web sites of health care
  providers, insurers that offer medical
  coverage, or clearinghouses
• that process claims.
• _at_ Activity covered at one site may not be safe
  at another.
• _at_ Some of the most popular health Web sites only
  provide information about health, not
  "health care.

14
Actions legislators

• Governments should signal their readiness to
  adjust policies in response to any incipient
  signs of a "hard landing" in the U.S. economy.
• How the United States and its G-7 partners
  manage this transition will impact every
  aspect of the world's economy.

15
Actions companies

• Ensure data security against the outside world
• Ensure security of data against insiders
• Watch your data around partners
• Be clear about how you'll use the information
• Heed special restrictions for financial
  institutions
• Pay attention to technical glitches facilitating
  data theft
• Don't store credit card data

16
Actions users

• Dont think the procedure is too complex.
• Using any kind of resources that can protect or
  reduce the number of attacks.

17
Conclusion

• The basic requirements are to ensure
  authentication, confi- dentiality, data
  integrity, availability and non-repudiation.
• The security process is one of continuous
  development and must become part of your
  organization's culture.
• Remember that security itself is not privacy. It
  is a tool to ensure privacy.