Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
14 Cards in this Set
- Front
- Back
Security and Privacy Problem statement
|
There is a deep fear about how much information we give to our computer systems.
At the same time, we need more computers and to have those computers networked. How do we reconcile these competing concerns? |
|
The tradeoffs among Security, Privacy, Accessibility and Interoperability
|
What ‘privacy’ interests are we protecting?
How to protect them? Privacy Act and Fair Information Practices New Challenges to First Generation Principles Trustworthy Information Systems |
|
How do we create Trustworthy Systems? through risk reduction strategies
|
tWe creat trustworthy systems hrough risk reduction strategies
|
|
Privacy includes
|
No control…
Erroneous information being used in a legitimate decision affecting you. Information used against you in illegitimate ways. The general concern that modern society has intruded too deeply into the “personal sphere”. |
|
How do we protect ourselves
|
Our first instinct is to…
Restrict the flow and access to information Game the system But with some reflection… Open up systems for accountability Provide more of certain kinds of information (metadata to provide systems accountability and not personal accountability |
|
Privacy Act / Fair Information Practices
|
No secret personal data record-keeping systems
People have the right to access, inspect, review, and amend data about them that is kept in an information system. No use of personal information for purposes other than those for which it was gathered without prior consent Managers of systems should be held liable and accountable |
|
New Challenges Since Privacy Act
|
Technological innovation
No one individual knows the whole system Blurring of public and private information |
|
Trustworthy Information Systems
|
New set of principles very similar to the “chain of custody” in handling evidence
Integrity Reliability Authenticity Uses “Risk Reduction Strategy” |
|
Reconciling Two Concerns privacy and access
|
TIS solves the problem of BOTH those interested in protecting privacy AND those who want access to better information
Aligns these two powerful motivations rather than putting them in opposition “Recommendation: Information procedures should provide incentives for sharing, to restore a better balance between security and shared knowledge” 9/11 |
|
Specific Needs for Law Enforcement
|
Improve ability to respond to emergencies, including terrorist attacks
Produce comprehensive and practical approaches and solutions to combating threats Increase officer / deputy safety |
|
How did OLLEISN use TIS?
|
OLLEISN is an Open System
Based on published and publicly vetted design OLLEISN extensively uses Metadata - XML XML attributes were programmatically enforced Based on a national justice XML reference model (GJXDM) Logging and Auditing Use XML to trace handoffs (chain of custody) Traceability To prevent “loss” of information |
|
How does OLLESIN use TIS?
|
Uses Risk Reduction Strategies
Supporting Informal Information Systems Participation Prototyping User-Involvement and End-User Development |
|
Agency-Level Security Policies
|
Security Governance
Physical Security Systems Security Checks and Clearances Firewalls Passwords and Pins and Biometrics Configuration Management Secure Systems Design |
|
How does Ollesin use TIS Uses Risk Reduction Strategies
|
Supporting Informal Information Systems
Participation Prototyping User-Involvement and End-User Development |