Internet Security Principal Final Project - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

Internet Security Principal Final Project

Description:

Finacial Data. Property and life insurance companies, ... institutions. Finacial Data ... How does an institution become compliant with HIPAA privacy and ... – PowerPoint PPT presentation

Number of Views:85
Avg rating:3.0/5.0
Slides: 18
Provided by: MAZ1
Category:

less

Transcript and Presenter's Notes

Title: Internet Security Principal Final Project


1
Internet Security PrincipalFinal Project Data
Protection
  • Hsiao-Jung Chang hchang08_at_ecs.syr.edu
  • Cho-Ting Huang chuang12_at_ecs.syr.edu

2
ABSTRACT
  • Personal data are extremely important to the
    privacy of the individual.
  • In this age, the information transmission is so
    fast and wide.
  • Its not so hard to dig or mine these data
    without per- mission.
  • The protection of personal information is a big
    and urgent problem.

3
Introduction
  • There is a growing concern about the possibility
    of misuse and about a dilution of the privacy
    rights of individuals. Of particular concern
    to many people is the potential misa-
    ppropriation or abuse of private information.
  • Thus, we should consider protecting data from
    the threat inside and outside of their
    physical boundaries.
  • We're able to do this through.

4
Finacial Data
  • Property and life insurance companies, mutual
    funds, investment advisors, and securities
    broker-dealers would be considered financial
    institutions.
  • Insurance agents, loan brokers, finance
    companies, mortgage companies, and check
    cashiers/money trans- mitters also engage in a
    wide range of financial activities.
  • The Internet has emerged as the great equalizer
    among these institutions.

5
Finacial Data(cont.)
  • What are the technical options involved in
    getting started?
  • Principles that financial institutions should
    follow.

6
Medical Data
  • Medical information is any information that is
    created or received by a healthcare provider,
    health plan, public health authority,
    employer, life insurer, school or healthcare
    clear- inghouse that relates to physical or
    mental health or con- dition of an individual
    or the payment for the provision of healthcare
    to an individual.
  • What are the possible results of inappropriate
    disclosure of private health information?
  • - Incorrect medical decisions might be made
  • - Mental anguish, discrimination, economic harm

7
Vulnerabilities
According to a report, hundreds of new
vulnerabilities are being discovered annually,
dozens of new patches are being released
monthly. We can part form possible vulerabilities
into attacks from outside through Internet and
dig from insiders.
8
Vulnerabilities(cont.)
Outside
- Structure - Cookies - Cross-site
scripting - Back doors
9
Vulnerabilities(cont.)
Insiders
_at_ Most companies tend to gain a false sense of
securi- ty from strong perimeter security,
like firewalls and intrusion-detection
systems. _at_ In fact, 80 of all attacks come from
the inside. _at_ However, they have spent about 80
of their securi- ty dollars to protect
against outside threats.
10
Insiders (cont.)
There are a variety of ways that fraud are
perpetrated by insiders - Altering Input -
Theft of Computer Time - Software Theft and
Modifications - Altering or Stealing Data
Files - Employees can also steal company data -
Theft or Misuse of Systems Output
11
HIPAA Regulation
  • What HIPAA means to information Security?
  • Signed into law in 1996, the Health Insurance
    Portability and Accountability Act (HIPPA).
  • Addresses both health insurance reform and
    administrative simplification.
  • The proposed standard for security and
    electronic signatures.

12
HIPAA Regulation(cont.)
  • How does an institution become compliant with
    HIPAA privacy and security rule?
  • - HIPAA recognizes that the largest task in
    compliance is administrative, not with the
    technical features of computer systems.
  • - The proposed HIPAA regulations stress
    "reasonable and appropriate" security measures
    that address the particular institutions
    security needs, risks, and business
    requirements

13
HIPAA Regulation(cont.)
  • Does HIPAA apply to most health sites?
  • _at_ The rules cover only Web sites of health care
    providers, insurers that offer medical
    coverage, or clearinghouses
  • that process claims.
  • _at_ Activity covered at one site may not be safe
    at another.
  • _at_ Some of the most popular health Web sites only
    provide information about health, not
    "health care.

14
Actions legislators
  • Governments should signal their readiness to
    adjust policies in response to any incipient
    signs of a "hard landing" in the U.S. economy.
  • How the United States and its G-7 partners
    manage this transition will impact every
    aspect of the world's economy.

15
Actions companies
  • Ensure data security against the outside world
  • Ensure security of data against insiders
  • Watch your data around partners
  • Be clear about how you'll use the information
  • Heed special restrictions for financial
    institutions
  • Pay attention to technical glitches facilitating
    data theft
  • Don't store credit card data

16
Actions users
  • Dont think the procedure is too complex.
  • Using any kind of resources that can protect or
    reduce the number of attacks.

17
Conclusion
  • The basic requirements are to ensure
    authentication, confi- dentiality, data
    integrity, availability and non-repudiation.
  • The security process is one of continuous
    development and must become part of your
    organization's culture.
  • Remember that security itself is not privacy. It
    is a tool to ensure privacy.
Write a Comment
User Comments (0)
About PowerShow.com