DATA SECURITY AND

PRIVACY

PRIVACY
PRIVACY CONCEPTS :-
Privacy Principles and Policies
Authentication and Privacy
Data Mining
 Web security
 E-Mail Security
 Intrusion Detection Systems
Impacts on Emerging Technologies
 Privacy Principles and Policies:-

A privacy policy is a document that explains

how an organization handles any customer,
client or employee information gathered in its
operations. Most websites make their privacy
policies available to site visitors.
Authentication and Privacy :-
Authentication and privacy refer
to the problems of ensuring that
communication takes place only
between the right parties without
disclosure of information to
unauthorized eavesdroppers.
Data Mining:-
Data mining is the process of sorting
large data sets to identify patterns
and relationships that can help solve
business problems through data
analysis. Data mining techniques
and tools enable enterprises to
predict future trends and make
more-informed business decisions.
Web security:-
Web security refers to protecting
networks and computer systems from
damage to or the theft of software,
hardware, or data. It includes
protecting computer systems from
misdirecting or disrupting the services
they are designed to provide.
web security is synonymous with cyber
security and also covers website
security, which involves protecting
websites from attacks. It includes
cloud security and web application
security, which defend cloud services
and web-based applications,
respectively. Protection of a virtual
private network (VPN) also falls under
the web security umbrella.
E-Mail Security
Email security includes the
techniques and technologies used to
protect email accounts and
communications. Email, which is
an organization's largest attack
surface, is the primary target of
phishing attacks and can be used to
spread malware.
Types of Email Attacks
Cyber criminals use many different tactics to hack email, and some
methods can cause considerable damage to an organization’s data
and/or reputation. Malware, which is malicious software used to
harm or manipulate a device or its data, can be placed on a
computer using each of the following attacks.
Phishing:-
A phishing attack targets users by sending them a text, direct
message, or email. The attacker pretends to be a trusted
individual or institution and then uses their relationship with the
target to steal sensitive data like account numbers, credit card
details, or login information.
Spam:-
A phishing attack targets users by sending them a text, direct
message, or email. The attacker pretends to be a trusted
individual or institution and then uses their relationship with the
target to steal sensitive data like account numbers, credit card
details, or login information.
Intrusion Detection Systems:-

An Intrusion Detection System

(IDS) is a network security
technology originally built for
detecting vulnerability exploits
against a target application or
computer.
the IDS is also a listen-only device. The
IDS monitors traffic and reports its
results to an administrator, but cannot
automatically take action to prevent a
detected exploit from taking over the
system. Attackers are capable of
exploiting vulnerabilities very quickly
once they enter the network, rendering
the IDS an inadequate deployment for
prevention device.
DATA SECURITY AND PRIVACY

Legal and Ethical Issues in

Computer Security
Protecting Programs and Data :-
Copyrights, patents, and trade secrets are legal devices
that can protect computers, programs and data. Here
how each of these forms are originally designed to be
used and how each is currently used in computing are
described.

Copyrights: Copyrights are designed to protect the

expression of ideas. Thus it is applicable to a creative
work, such as story, photographs, song or pencil sketch.
The right to copy an expression of an idea is protected by
copyright. The idea of copyright is to allow regular and
free exchange of ideas. Copyright gives the author the
exclusive right to make copies of the expression and sell
them in public. That is, only the author can sell the copies
Patents: Patents are unlike copyrights in that they protect
inventions, tangible objects, or ways to make them, not works of
the mind. The distinction between patents and copyrights is that
patents were intended to apply to the results of science,
technology, and engineering, where as copyrights are meant to
cover works in the arts, literature, and written in the
scholarship. A Patent is designed to protect the device or process
for carrying out an idea itself.

Trade Secrets: A trade secret is unlike a patent and copyright

in that it must kept secret. The information has value only as
secret, and an infringer is one who divulges the secret. Once
divulged, the information usually cannot be made secret. A trade
secret is information that gives one company a competitive edge
over others. For example the formula of a soft drink is a trade
secret, as is a mailing list of customer or information about a
product due to be announced in a few months.
Information and the Law :-

The information would mean anything

which exists, in any form with a public
authority. The specific instances – records,
documents, memos, emails, opinions,
advices, reports, samples, models - are
merely meant to illustrate the broad scope.
Clearly, file-noting is opinion and hence
covered in the ambit of the Act.
Computer Crime:-
Crimes involving computers are an area of the law that
is even less clear than the other areas. Computer crime
consider why new laws are needed to address some of
its problems.

Issues in computer crime are:-

.Rules of property
.Rules of evidence Threats to integrity and
.confidentiality Value of data Acceptance of computer
terminology
Some people in the legal process do not
understand computers and computing, so crimes
involving computers are not always treated
properly.

Main reasons are:-

1.Lack of understanding
2.Lack of physical evidence.
3.Lack of recognition assets
4.Lack of political impacts
5.Complexity of case
6. Juveniles
Ethical Issues in Computer Security:-

In particular, we want to investigate

the privacy of sensitive data about
the user. The user should be
protected against the system's
misuse of the private data and the
system's failure to protect its user's
private data against outside attack
and disclosure. This is termed as
privacy in computer ethics.
The primary purpose of this section is to
explore some of ethical issues associated
withcomputer security and to show how
ethics functions as a control.

Difference between Law and Ethics:-