DGI Logo

office (952) 449-5240


Security Efficiency Reliability

 

Donnal Group Inc.

News

Our goal is to help you protect your information assets by helping mitigate risk to your business and  improve ROI. Here you will find information on various topics which you can use with your InfoSec planning.  Topics of interest that may lead you to further investigation and how it relates to your organization. You will find a wide variety security topics discussed in this section. Check back often to see what is new in the News.

Top Stories

  • Ethical and Legal Impact of Information Technology on Society

    Ethical and legal impact on information technology on society is often talked about because of the propensity of major media outlets to manage news cycles and alert viewers and readers to the increasing risk of identity theft. People are generally aware that their identity can be stolen and used in illegal activities, but do not understand the perils of a stolen identity.

    Forty years ago computers were not commonplace there was little thought to how the computer would evidentially become an intricate part of daily life. Crime has followed along this path as well to make victims of those whose data is discover. In the 1970’s the most common computer crime was in financial sectors. Bank systems were victims of one-half cent crimes, when the rounding values were compromised by programmers to divert this factional money into accounts they owned. Results of these early crimes led to the development of law enforcement learning better methods for handling digital evidence(Nelson, Philipps, Enfinger, & Steuart, 2006).

    In order to protect the individual from crime or unethical use, the Federal government has enacted various laws in efforts to mitigate the risk to individuals. These laws are usually enacted as a result of a serious breach of trust in the way business has managed its data or provided little safeguard in the protection sensitive consumer data.  Communication available to all computers because of the Internet provides the opportunity for crime on this Information Super Highway with limited ability for the criminal to be caught. Privacy law had been considered long before any consideration was given to computer system data. The Federal Privacy Act of 1974 regulated the use of government action protecting the privacy of the individual citizen. This law protected the misuse of government in providing information to others without the express authorization of the individual or entity’s permission. Laws have directed toward non-government entities have also been created. The Computer Fraud and Abuse Act of 1986 and later amended by the National Information Infrastructure Protection Act of 1996 identify many computer related crimes and prescribe the applicable punishment which can include fines or imprisonment of up to 20 years, or both. Severity is determined by the value of information obtained and if the offense is judged to have been committed(Whitman & Mattord, 2005):

    1)      For the advantage of commercial advantage

    2)      For private financial gain

    3)      In furtherance of a criminal act 

    The Electronic Communication Privacy Act of 1986 regulates the interception of wire, electronic and oral communication with these statues interacting in conjunction with the Fourth Amendment of the U.S. Constitution. Other laws impact various industry segments like the Health Insurance Portability and Accountability Act of 1996 (HIPAA) for the health and medical industry, Sarbanes-Oxley Act of 2002 (SOX) for governance of publicly traded firms in regard to organizational accountability, and Gramm-Leach-Bliley Act of 1999 (GLB) which focuses on the privacy of individuals within the financial sector and the disclosure of privacy policy and the sharing of non-public personal data it also permit due notice so that customers can request that their private information not be shared with third parties (Whitman & Mattord, 2005). Laws however, can be misleading in terms of perceived protection provided or even unconstitutional. The example of privacy law which is mostly directed at Internet consumer privacy does little to protect the personal data handling internally by the entity. Breaches in workplace security or how privacy should be defined and controlled finds little agreement among scholars who study the security realm(Desai, von der Embse, & Ofori-Brobbey, 2008).

    These and other state law offers some protection to the public. But ethical consideration is held at the personal level and not mandated or punished by law. Ethically responsibility is the responsibility of the individual to do the right thing when no one is watching. The responsibility to do the right thing by the business manager may shine a negative light on the business and embarrassing information could lead to a decline in future business due to a loss of confidence with the business’s ability  to protect and safeguard its data asset s.  Intellectual property is another area which is governed by law yet problems exist and ethical dilemmas arise. Is there a difference between ordinary data mining and obtaining specific proprietary information(Desai, von der Embse, & Ofori-Brobbey, 2008)?

    Ethical requirement must be considered when designing the wireless network. Wireless network communication uses transmission through the air connecting the source and destination equipment and possibly any other devices which target that communication airway stream. The supply and demand for the development of the wireless network introduces many ethical considerations in protecting data assets. Growth of business users have seen an increase from eight million business users in 2002 to over twenty five million users in 2006; fifty four percent of the companies utilizing wireless data in 2003 plan to expand their networks; and workforce users with mobile laptop computers continues to grow(Nguyen, 2005). Security protecting the confidentiality, integrity and accessibility (CIA) will demand that ethical consideration be one of the drivers in Wi-Fi networks development and usage. What will protect the confidentiality? Is it practical to consider that all data is confidential? Integrity can be assured by what methods or techniques? Accessibility available to all or to only authorized users?  

    Desai, M., von der Embse, T., & Ofori-Brobbey, K. (2008, June 22). Information technology and electronic information: an ethical dilemma. Retrieved November 6, 2009, from www.allbusiness.com: http://www.allbusiness.com/technology/software-services-applications-information/12002780-1.html

    Nelson, B., Philipps, A., Enfinger, F., & Steuart, C. (2006). Guide to Computer Forensics and Investigation 2nd Edition. Boston: Thomson Course Technology.

    Nguyen, T. (2005). Attitudes Toward Wireless Networking Security: An Analysis of the Relationship Between Individual Behaviors and Common Practices. A Dissertation Presented in Partial Fulfillment of the Requirements for the Degree Doctor of Philosophy (pp. 51-52). Ann Arbor: ProQuest Information and Learning Company.

    Whitman, M., & Mattord, H. (2005). Principles of Information Security 2nd Edition. Boston: Thomson Course Technology.

 

  • Paper: Internetworking Security at the Wireless Café

     

    Wireless connectivity is a new technology and it is here to stay. No longer tethered by wire and an inherent level of security, privacy and safety is often taken for granted. People bring their laptop computers to the coffee shop or café where they are able to connect wirelessly to the Internet. But, are they surfing in a web of unscrupulous spammers, hackers and crackers? What level of security is provided to the café patron or should there be signs posted “Internet SURFERS beware”?