Online Privacy, Vulnerabilities, and Threats: A Manager's Perspective

Online Privacy, Vulnerabilities, and Threats: A Manager's Perspective

Hy Sockel (DIKW Management Group, USA) and Louis K. Falk (University of Texas at Brownsville, USA)
Copyright: © 2009 |Pages: 24
DOI: 10.4018/978-1-60566-012-7.ch003
OnDemand PDF Download:


There are many potential threats that come with conducting business in an online environment. Management must find a way to neutralize or at least reduce these threats if the organization is going to maintain viability. This chapter is designed to give managers an understanding, as well as the vocabulary needed to have a working knowledge of online privacy, vulnerabilities, and threats. The chapter also highlights techniques that are commonly used to impede attacks and protect the privacy of the organization, its customers, and employees. With the advancements in computing technology, any and all conceivable steps should be taken to protect an organization’s data from outside and inside threats.
Chapter Preview


The Internet provides organizations unparalleled opportunities to perform research and conduct business beyond their physical borders. It has proven to be a vital medium for worldwide commerce. Even small organizations now rely on Internet connectivity to communicate with their customers, suppliers, and partners. Today, employees routinely work from areas beyond their office’s physical area. They regularly transport sensitive information on notebook computers, personal digital assistants (PDAs), smartphones, and a variety of storage media: thumb drives, CDs, DVDs, and even on floppies. It is not uncommon for employees to work offsite, at home, or out of a hotel room. Outside the office, they often use less than secure Internet connections—dial-up, cable, Internet cafés, libraries, and wireless.

Organizations often employ portals to share information with their stakeholders, however; these portals are not always secure from would be attackers. In order to protect the organization from vicious and malicious attacks, management needs to understand what they are up against. Even if the organization does not conduct any business on the Internet, they are still not out of harms way. Viruses, Trojans, and spyware can come from multiple sources; floppy discs, CDs, thumb drives, and even from mobile phones. To complicate the matter even more, the information technology (IT) environment at many organizations has become obscure—partially due to new regulations and industry standards. The standard has changed, it is no longer enough to be secure and protect the businesses assets, organizations need to be able demonstrate that they are compliant and that security is an ongoing concern; failure to do so could leave them facing stiff penalties (Forescout, 2007).

The purpose of this chapter is to address some of the potential threats that come with conducting business in an online environment. The chapter highlights the relationship between privacy and vulnerability and threats. It delves into techniques that are commonly used to thwart attacks and protect individuals’ privacy. In the age of unrest and terrorism, privacy has grown even more important, as freedoms are compromised for security.

The news is loaded with stories about security breaches. For example:

In May of 2007, the news of the TJ Maxx security breach shook up the banking and retail industry. At first it was estimated that hackers had downloaded at least 45.7 million credit- and debit-card numbers; however, court filings indicated that number was closer to 96 million. Estimates for damage range from $216 million to $4.5 billion. The breach was blamed on extensive cyber thief activity within TJ Maxx’s network from 2003 through June 2004 and then again from mid-May 2006 through mid-December 2006 (Schuman, 2007). However, others blame the breach on weak wireless security—Ou (2007) revealed that the “retailer’s wireless network had less security than many people have on their home networks.”

Another example is:

In April 5, 2002 hackers exploited vulnerabilities in a server holding a database of personnel information on California’s 265,000 state employees. The state responded, and the world listened. California is one of the largest economies in the world, bigger than most countries. The attack included in its victims, the then Governor Grey Davis and 120 state legislators. The breach compromised names, social security numbers, and payroll information. In response, the state legislature enacted a security breach notification law Senate Bill (SB) 1386.

To put this in perspective, if online privacy is described in terms of a risk “triangle,” the three corners are vulnerabilities, threats, and actions. Where actions represent anything the organization can (and should) do to mitigate attacks. Applications, like ships, are not designed and built to sit in a safe harbor, they were meant to be used in churning chaotic waters. It is important to understand threats and vulnerabilities enough to have a good idea to of what to expect, so that strategies and tools can be put in place to mitigate the consequences (Bumgarner & Borg, 2007). 



Software vulnerabilities are not going away, in fact they are increasing. According to the Coordination Center at Carnegie Mellon University (CERT, 2007) there was an average of over 10 vulnerabilities discovered every day in 2003 (3,784 in total). This number has jumped to over 5500 in the first nine months of 2007.

Complete Chapter List

Search this Book:
Table of Contents
Kuanchin Chen, Adam Fadlalla
Chapter 1
Andrew Pauxtis
What began as simple homepages that listed favorite Web sites in the early 1990’s have grown into some of the most sophisticated, enormous... Sample PDF
Google: Technological Convenience vs. Technological Intrusion
Chapter 2
Angelena M. Secor
In this chapter, consumer online privacy legal issues are identified and discussed. Followed by the literature review in consumer online privacy... Sample PDF
A Taxonomic View of Consumer Online Privacy Legal Issues, Legislation, and Litigation
Chapter 3
Hy Sockel, Louis K. Falk
There are many potential threats that come with conducting business in an online environment. Management must find a way to neutralize or at least... Sample PDF
Online Privacy, Vulnerabilities, and Threats: A Manager's Perspective
Chapter 4
Thejs Willem Jansen
Governments and large companies are increasingly relying on information technology to provide enhanced services to the citizens and customers and... Sample PDF
Practical Privacy Assessments
Chapter 5
Leszek Lilien, Bharat Bhargava
Any interaction—from a simple transaction to a complex collaboration—requires an adequate level of trust between interacting parties. Trust includes... Sample PDF
Privacy and Trust in Online Interactions
Chapter 6
Huong Ha, Ken Coghill
The current measures to protect e-consumers’ privacy in Australia include (i) regulation/legislation; (ii) guidelines; (iii) codes of practice; and... Sample PDF
Current Measures to Protect E-Consumers' Privacy in Australia
Chapter 7
Anil Gurung, Anurag Jain
Individuals are generally concerned about their privacy and may withhold from disclosing their personal information while interacting with online... Sample PDF
Antecedents of Online Privacy Protection Behavior: Towards an Integrative Model
Chapter 8
Alan Rea, Kuanchin Chen
Protecting personal information while Web surfing has become a struggle. This is especially the case when transactions require a modicum of trust to... Sample PDF
Privacy Control and Assurance: Does Gender Influence Online Information Exchange?
Chapter 9
Bernadette H. Schell, Thomas J. Holt
This chapter looks at the literature—myths and realities—surrounding the demographics, psychological predispositions, and social/behavioral patterns... Sample PDF
A Profile of the Demographics, Psychological Predispositions, and Social/Behavioral Patterns of Computer Hacker Insiders and Outsiders
Chapter 10
Chiung-wen ("Julia") Hsu
This chapter introduces a situational paradigm as a means of studying online privacy. It argues that data subjects are not always opponent to data... Sample PDF
Privacy or Performance Matters on the Internet: Revisiting Privacy Toward a Situational Paradigm
Chapter 11
Tom S. Chan
While delivering content via the Internet can be efficient and economical, content owners risk losing control of their intellectual property. Any... Sample PDF
Online Consumer Privacy and Digital Rights Management Systems
Chapter 12
Betty J. Parker
Marketing practices have always presented challenges for consumers seeking to protect their privacy. This chapter discusses the ways in which the... Sample PDF
Online Privacy and Marketing: Current Issues for Consumers and Marketers
Chapter 13
Suhong Li
The purpose of this chapter is to investigate the current status of online privacy policies of Fortune 100 Companies. It was found that 94% of the... Sample PDF
An Analysis of Online Privacy Policies of Fortune 100 Companies
Chapter 14
Andy Chiou
In this chapter, the authors will briefly discuss some cross cultural concerns regarding Internet privacy. The authors believe that due to the cross... Sample PDF
Cross Cultural Perceptions on Privacy in the United States, Vietnam, Indonesia, and Taiwan
Chapter 15
Sean Lancaster
Biometrics is an application of technology to authenticate users’ identities through the measurement of physiological or behavioral patterns. The... Sample PDF
Biometric Controls and Privacy
Chapter 16
G. Scott Erickson
This chapter focuses on the specific issue of the federal Freedom of Information Act and associated state and local freedom of information laws.... Sample PDF
Government Stewardship of Online Information: FOIA Requirements and Other Considerations
Chapter 17
Charles O’Mahony
This chapter will discuss the legal framework for consumer and data protection in Europe. Central to this discussion will be the law of the European... Sample PDF
The Legal Framework for Data and Consumer Protection in Europe
Chapter 18
Karin Mika
This chapter provides an overview of law relating to online and Internet medical practice, data protection, and consumer information privacy. It... Sample PDF
Cybermedicine, Telemedicine, and Data Protection in the United States
Chapter 19
J. Michael Tarn
This chapter explores the current status and practices of online privacy protection in Japan. Since the concept of privacy in Japan is different... Sample PDF
Online Privacy Protection in Japan: The Current Status and Practices
About the Contributors