Legal, Ethical and Professional Issues: Week 5

Links:
http://www.privacy.gov.au/index.php?option=com_content&view=article&id=629&Itemid=848
- Provides information on the Privacy Act, State and Territory privacy laws and other relevant Australian and international legislation.

http://www.efa.org.au/Issues/Privacy/cybercrimeact.html
- Overview of Laws and Acts concerning cybercrime/computer crime legislation

http://www-07.ibm.com/systems/au/information_infrastructure/solutions/information_security/
- Company that provides Information security to its clients, provides services in securing information.

http://www.oecd.org/document/62/0,3343,en_21571361_36139259_36296830_1_1_1_1,00.html
- Provides a list of Australia’s initiatives towards information security

http://www.aisa.org.au/
- Australian Information security association where members can come together and contribute information regarding security.

http://www.dsd.gov.au/
- The official website for the Australian government department of Defence Intelligence and security.

Research Methodology

Google was the only search engine used for research. Using the keywords provided in Moodle, I initially performed a search for pages within Australia. After this initial search, I tried a combination of words relating to security. Once I opened a couple of websites, it snowballed from there, where I opened one website that consisted of links to other websites. This is how found the above resources.

Important Resources

I felt all the resources above where important and relevant, however, I have narrowed it down to three most important resources and they are:

- Electronic Frontiers Australia (Cybercrime/Computer Crime Legislation)
- AISA (Australian Information Security Association)
- Australian Government Privacy Law

The first resource to me was important as it provides an overview of how the Cybercrime legislation was formed and for users who are interested; there are links to other pages with in-depth explanations as well. The EFA is a credible source and hence the information provided in the website is deemed to be correct.

The second resource is also important as it claims to be the ‘information security hub of Australia’. It ‘promotes awareness and understanding of Information Security Issues in an independent and unbiased manner’. As it is a portal for all Australians to come together and exchange information about security among each other, it seems like a great platform where users are able to put their views, ideas and news that they come across. As such, users who visit this site will be able to gain an overall idea about what Information Security is.

The third resource is the Australian Government website dedicated to Privacy Law. This source is credible, up-to-date and provides a detailed explanation of the Privacy Act for each of the states of Australia. It provides comprehensive information and people will be able to get a detailed explanation of rules and regulations regarding Privacy in Australia.

Local and International Privacy Laws

Local Australian Privacy laws are no doubt different from other countries such as America or the UK. This difference can make it difficult for countries to enforce their laws regarding Information Security if a breach was to take place from another country. Although almost all authorities can act against a domestic data controller for the benefit of a foreign individual, many are limited in or uncertain about their authority to protect their own citizens from privacy breaches by a foreign controller. A report by the OECD titled ‘Report on the Cross- Border Enforcement of Privacy Laws’ states that “Work by the Council of Europe, the European Union, and APEC has helped establish frameworks for enforcement co-operation among enforcement authorities on a regional basis.” Hence countries have started to work together to combat these grey areas that are present due to the differences in privacy laws in different countries.

Weekly Reflection: Week 4

I have an mp4 player that can be connected to a computer via a USB cable. A friend of mine wanted a couple of songs from there and so I decided to give him my mp4. He warned me saying: “I think I have a virus on my computer and I’ve tried to remove it many times, but it just does not go”. I told him I would take the risk and that if something went wrong with my laptop, it would be his fault. He copied the songs off my mp4. I had my free version of AVG antivirus ready- I plugged it into my computer, AVG detected and removed it. The virus was called ‘autorun.exe’. From what my friend told me, the virus did nothing except stop USB’s from auto running. I used google to find more information about the virus and there have been cases where the virus creates a large number of new files and folders with the names of real directories you have. I kept scanning my computer and mp4 player every 3 days for a couple of weeks just to make sure and was relieved to know that the virus had not been able to get onto my computer or my mp4 player.

Then I copied my free version of AVG and gave it to him so that he could remove the virus from his computer as well. Thinking about it now, I am sure it was a stupid thing for me to ‘take the risk’ and plug the USB in anyway, however now that I know of some of the consequences of having a virus on one’s computer, I will be more cautious before plugging anything into my laptop. I have also made it a point to update my antivirus definitions as well as scan my whole computer on a weekly basis.

Article Location: http://www.securecomputing.net.au/News/145860,office-of-us-marshals-infected-by-neeris-virus.aspx

This article is about how the US Marshall Office was infected by the Neeris Virus. The Virus is “a new malware variant that has been customised to exploit the same vulnerability as the notorious Conficker worm”. “Neeris and Conficker look for missing patches. If the PCs and servers are patched, the malware doesn't work”. The issue with the US Marshall Office was that they had an out-of-date antivirus program leaving the whole organization vulnerable and open to threat. Once employees started noticing suspicious changes on their computers, the IT staff were notified. As a result of the infection, the IT staff disconnected the marshals' computers from the Justice Department's network to prevent further spread and that the internet connection was shut off all day. In addition, the computers and servers were patched and an updated version of the antivirus was placed on all agency computers. According to the spokeswoman for the US Marshall Office, no data was compromised or at risk as a result of the virus infection.

At UB, to deal with threats from viruses, Trojan horses, Back Doors and worms, a list of measures have been put in place. These are as follows:
· state of the art firewalls (software and hardware)
· virus & spyware protection
· anti-spam software
· multi tiered password protection
· secure login via Access@UB
· secure data storage
· security alerts
· educating UB students and staff
· access to free anti-virus software (Sophos)

Taken from: http://www.ballarat.edu.au/aasp/is/ict/security/

They also have important links on the UB website that provide information to users. Here is a list of links and a brief explanation of how it helps.
Warnings & alerts :- Alerts and Warnings about things happening on the net.
Security awareness campaigns:- Educating staff anf students about ICT Security.
Feature articles:- Things of interest and the odd surprise.

Monthly Statistics:- Some interesting facts and figures.
Free Anti-virus Software (Sophos):- Download Sophos anti-virus for FREE
Email & virus tips:- Some hints and tips about email and dealing with viruses.

Taken from: http://www.ballarat.edu.au/aasp/is/ict/security/

Chapter Reflection: Week 3

Section 1 (Introduction to Information Security)

This chapter provides a basic introduction to Information Security. I really enjoyed reading the brief case study with ‘Amy’ from the call centre. This case demonstrates how many people do not know what Internet Security means and how it can affect a whole business in a matter of minutes. By reading about the History of Internet Security, I learnt that many people did not even consider this to be an issue until there were incidents that took place that got people to think about how important security really is. The fact that some of the main problems with Internet Security today is because people failed to realise its importance in the earlier days is quite fascinating. I learnt that security is multifaceted such as physical, personal, operations, communications, network and information security. The CIA triangle that consists of Confidentiality, Integrity and Availability of information was quite intriguing.

I found it difficult to understand the SDLC and SecSDLC and the difference between the two. The figure on page number 13 titled NSTISSC security model was difficult to understand as well.
The article that I have chosen is called “Why employees ignore security: They have never heard of ‘policy’, that’s why” written by Joan Goodchild. This article relates to how employees ignore security policies because companies are vague about the rules and regulations relating to Information Security. She goes on to talk about how “Many companies may be sending out mixed messages to employees.” An examples of this is given by Frank Kenney: "If I work for a company where I can't use gmail, but I have access to gmail, the company isn't giving me better way to send out large files, and they haven't blocked gmail, I'm going to use gmail,".

This article relates to that part of the chapter which explains how it takes a wide range of people to support a security program within an organization.

Task 1 : Week 2

I have chosen this unit (Corporate Information Security) because it seemed like an interesting course and the fact that it was the only other unit i could find to fit into my schedule. During this semester, i hope to learn a few more things that are related to business and IT.

Security in general is a very important issue these days... as more people have the knowledge and the necessary tools required to hack into one's system; learning, knowing and preparing oneself against this has become essential. Therefore, i think doing this course will help to some extent.

From my point of view, Information is a collection of data which is relevant to a specific topic. After reading the collection of data or 'information' people are able to make decisions. Therefore, by gather information, people can make decisions. In other words, information is something that people use to make decisions about certain topics or areas.

There are different types of information, some can be shared with everyone, some only with certain people you trust and others that have to be kept a secret. This can be from a simple password to an email account or bank account details of an organization. If other people find out such information, they may be able to access personal information which may lead to bigger problems of identity theft, spending of other people's money etc the effects of which may be detrimental. Therefore Information security is the protection of confidential information.

By studying Information Security, i think it will help me be more knowledgable, it will make me more aware of the things i should/should not do in my personal as well as professional work career.