eBook - ePub

Harboring Data

Name: Harboring Data
Author: Andrea M. Matwyshyn, Andrea M. Matwyshyn

Information Security, Law, and the Corporation

Andrea M. Matwyshyn, Andrea M. Matwyshyn

Buch teilen

368 Seiten
English
ePUB (handyfreundlich)
Über iOS und Android verfügbar

eBook - ePub

Harboring Data

Information Security, Law, and the Corporation

Andrea M. Matwyshyn, Andrea M. Matwyshyn

Angaben zum Buch

Buchvorschau

Inhaltsverzeichnis

Quellenangaben

Über dieses Buch

As identity theft and corporate data vulnerability continue to escalate, corporations must protect both the valuable consumer data they collect and their own intangible assets. Both Congress and the states have passed laws to improve practices, but the rate of data loss persists unabated and companies remain slow to invest in information security. Engaged in a bottom-up investigation, Harboring Data reveals the emergent nature of data leakage and vulnerability, as well as some of the areas where our current regulatory frameworks fall short.

With insights from leading academics, information security professionals, and other area experts, this original work explores the business, legal, and social dynamics behind corporate information leakage and data breaches. The authors reveal common mistakes companies make, which breaches go unreported despite notification statutes, and surprising weaknesses in the federal laws that regulate financial data privacy, children's data collection, and health data privacy. This forward-looking book will be vital to meeting the increasing information security concerns that new data-intensive business models will have.

Häufig gestellte Fragen

Wie kann ich mein Abo kündigen?

Gehe einfach zum Kontobereich in den Einstellungen und klicke auf „Abo kündigen“ – ganz einfach. Nachdem du gekündigt hast, bleibt deine Mitgliedschaft für den verbleibenden Abozeitraum, den du bereits bezahlt hast, aktiv. Mehr Informationen hier.

(Wie) Kann ich Bücher herunterladen?

Derzeit stehen all unsere auf Mobilgeräte reagierenden ePub-Bücher zum Download über die App zur Verfügung. Die meisten unserer PDFs stehen ebenfalls zum Download bereit; wir arbeiten daran, auch die übrigen PDFs zum Download anzubieten, bei denen dies aktuell noch nicht möglich ist. Weitere Informationen hier.

Welcher Unterschied besteht bei den Preisen zwischen den Aboplänen?

Mit beiden Aboplänen erhältst du vollen Zugang zur Bibliothek und allen Funktionen von Perlego. Die einzigen Unterschiede bestehen im Preis und dem Abozeitraum: Mit dem Jahresabo sparst du auf 12 Monate gerechnet im Vergleich zum Monatsabo rund 30 %.

Was ist Perlego?

Wir sind ein Online-Abodienst für Lehrbücher, bei dem du für weniger als den Preis eines einzelnen Buches pro Monat Zugang zu einer ganzen Online-Bibliothek erhältst. Mit über 1 Million Büchern zu über 1.000 verschiedenen Themen haben wir bestimmt alles, was du brauchst! Weitere Informationen hier.

Unterstützt Perlego Text-zu-Sprache?

Achte auf das Symbol zum Vorlesen in deinem nächsten Buch, um zu sehen, ob du es dir auch anhören kannst. Bei diesem Tool wird dir Text laut vorgelesen, wobei der Text beim Vorlesen auch grafisch hervorgehoben wird. Du kannst das Vorlesen jederzeit anhalten, beschleunigen und verlangsamen. Weitere Informationen hier.

Ist Harboring Data als Online-PDF/ePub verfügbar?

Ja, du hast Zugang zu Harboring Data von Andrea M. Matwyshyn, Andrea M. Matwyshyn im PDF- und/oder ePub-Format sowie zu anderen beliebten Büchern aus Jura & Gesellschaftsrecht. Aus unserem Katalog stehen dir über 1 Million Bücher zur Verfügung.

Information

Verlag

Stanford Law Books

Jahr

2009

ISBN

9780804772594

Auflage

Thema

Jura

Thema

Gesellschaftsrecht

Notes

Introduction

(Jewellap, 2007).

(“TJX Agrees to Class-Action Settlement,” 2007).

(Kerber, 2007).

(Gaudin, 2007).

(Vamosi, 2007).

Class-action lawsuits were filed both by consumers and by several bank associations in an attempt to recover the costs of reissuing credit card numbers compromised in the breach. (Gaudin, 2007).

(Ou, 2007).

(Pereira, 2007).

(Jewellap, 2007).

(Gartner, 2006).

(PGP, 2007).

(Fox, 2000).

(“More Businesses Are Buying over the Internet,” 2004). For a discussion of the consequences of technological adoption and the values embodied therein, see, for example, (M. Rogers, 2003), discussing the consequences of innovations, examining the value implications of different innovations, and arguing that technologies need to be critically evaluated from utilitarian and moral perspectives before being adopted.

H.R. Rep. No. 106–74, pt. 3, at 106–7 (1999). As a result of the explosion of information available via electronic services such as the internet, as well as the expansion of financial institutions through affiliations and other means as they seek to provide more and better products to consumers, the privacy of personal financial information has become an increasing concern of consumers.

(Winn and Wrathall, 2000).

For example, most law firms use document management systems to centralize work product. For a discussion of document management software, see Kennedy and Gelagin, 2003. This use of information technology facilitates knowledge management, the sharing of institutional intellectual resources such as form contracts, and control over access to certain information.

These attempts to centralize built in high dependencies between systems. (Labs, 2006).

In the context of manufacturing, this meant connecting up “islands of automation” into a single communication network.

(Fraudenheim, 2003).

(Sandeen, 2003). As a consequence of this transformation, numerous state corporate statutes have been amended to allow for email notice, virtual shareholder meetings, and internet proxy voting. (Derrick and Faught 2003; Pozen, 2003).

(Barabasi, 2002).

Databases with financial data and social security numbers became targets of choice because of their usefulness in identity theft.

For example, some professional spammer employees earn salaries in excess of $100,000 per year while professional spammer entity owners earn millions of dollars per year. (“Comments of Simple Nomad,” 2003).

(Chapman, 2007).

Phishing attacks are becoming increasingly sophisticated. (Desai, 2004).

(Federal Trade Commission, 2004). The FTC estimates that U.S. corporations lost as much as $48 billion to identity theft alone between September 2002 and September 2003. (MailFrontier, n.d.; Federal Trade Commission, 2003).

(“Good News,” 2004; Webb, 2004; Gartner, 2004).

In particular, phishing attacks usually infringe the trademarks of the spoofed entity as well as the look-and-feel of the entity’s website.

(“Phishing Alert,” n.d.; Valetk, 2004).

Spoofing is defined as sending a message to make it appear as if it is arriving from someone else. (“Spoofing,” n.d.).

One entity whose email is spoofed frequently is Citibank. For statistics on phishing see (Antiphishing Working Group, n.d.) For additional discussion of phishing, see (Federal Trade Commission, “Phishing Alert”; Valetk, 2004).

The term “phishing” is derived from the idea that internet con artists use email lures to “fish” for passwords and other personally identifiable data from the sea of internet users. The letters “ph” are a frequent replacement for “f” in hacker language, and most likely reflect an act of verbal homage to the original form of hacking, called “phreaking,” a term coined by the first hacker, John Draper, known as “Cap’n Crunch.” By 1996, hacked accounts had come to be known as “phish,” and by 1997 phish were used as currency by hackers in exchange for items such as hacking software. (Anti-Phishing Working Group, n.d.).

Even a highly technology-savvy consumer may have difficulty distinguishing between a phishing email and a legitimate commercial communication from an entity with whom the consumer has a preexisting relationship. (MailFrontier Phishing IQ Test II, n.d.). Even the author of this article misidentified one of the items in this quiz as fraudulent when in fact it was legitimate.

Monster chose not to notify the affected consumers until ten days after the discovery of the security problem, and a public relations maelstrom erupted. (“Monster. com Admits Keeping Data Breach Under Wraps,” 2007).

(Chapman, 2007).

(Hidalgo, 2007).

Zombie drones are security compromised machines that can be controlled remotely without the user’s knowledge for sending spam or other malicious purposes. (“Primer: Zombie Drone,” 2004; Testimony of Thomas M. Dailey, 2004).

For example, one Polish spam group uses more than 450,000 compromised systems, “most of them home computers running Windows high-speed connections” all over the world. (Ciphertrust, n.d.). Powerful economic incentives exist for information criminality. The black market in security-compromised machines is an international market. Recent arrests in Germany and elsewhere have provided useful information into the international market in zombie drones. (Leyden, 2004). The market in compromised machines is big international business: the price of these botNets (doSNets) was roughly $500 for 10,000 hosts during summer 2004 when the MyDoom and Blaster (the RPC exploit worm)...