Académique Documents
Professionnel Documents
Culture Documents
11- 2
Learning Objectives
11- 3
IT Security, Ethics and Society
11- 4
Ethical Responsibility
• Business professionals
– have a responsibility to promote ethical uses of
information technology in the workplace.
11- 5
Business Ethics
11- 6
Ethical Business Issues
Categories
11- 7
Corporate Social Responsibility
Theories
• Stockholder Theory
– Managers are agents of the stockholders
– Their only ethical responsibility is to increase the profits of
the business
– Without violating the law or engaging in fraudulent
practices
• Social Contract Theory
– Companies have ethical responsibilities to all members of
society
– Which allow corporations to exist based on a social
contract
11- 8
Corporate Social Responsibility
Theories
• Stakeholder Theory
– Managers have an ethical responsibility to manage a
firm for the benefit of all its stakeholders
– Stakeholders are all individuals and groups that have a
stake in, or claim on, a company
11- 9
Principles of Technology Ethics
11- 11
Responsible Professional Guidelines
11- 12
Computer Crime
Source: 2003 Global Security Survey by Deloitte Touche Tohmatsu, New York, June 2003,
In Mitch Betts, “The Almanac,” Computerworld, July 14, 2003, p 42. 11- 14
Hacking
11- 15
Common Hacking Tactics
• Denial of Service
– Hammering a website’s equipment with too many
requests for information
– Clogging the system, slowing performance or even
crashing the site
• Scans
– Widespread probes of the Internet to determine types of
computers, services, and connections
– Looking for weaknesses
11- 16
Common Hacking Tactics
• Sniffer
– Programs that search individual packets of data as they
pass through the Internet
– Capturing passwords or entire contents
• Spoofing
– Faking an e-mail address or Web page to trick users
into passing along critical information like passwords or
credit card numbers
11- 17
Common Hacking Tactics
• Trojan Horse
– A program that, unknown to the user, contains
instructions that exploit a known vulnerability in some
software
• Back Doors
– A hidden point of entry to be used in case the original
entry point has been detected or blocked
• Malicious Applets
– Tiny Java programs that misuse your computer’s
resources, modify files on the hard disk, send fake e-
mail, or steal passwords
11- 18
Common Hacking Tactics
• War Dialing
– Programs that automatically dial thousands of
telephone numbers in search of a way in through a
modem connection
• Logic Bombs
– An instruction in a computer program that triggers a
malicious act
• Buffer Overflow
– A technique for crashing or gaining control of a
computer by sending too much data to the buffer in a
computer’s memory
11- 19
Common Hacking Tactics
• Password Crackers
– Software that can guess passwords
• Social Engineering
– Gaining access to computer systems
– By talking unsuspecting company employees out of
valuable information such as passwords
• Dumpster Diving
– Sifting through a company’s garbage to find information
to help break into their computers
11- 20
Cyber Theft
11- 21
Unauthorized Use at Work
11- 22
Internet Abuses in the Workplace
• General e-mail abuses
• Unauthorized usage and access
• Copyright infringement/plagiarism
• Newsgroup postings
• Transmission of confidential data
• Pornography – accessing sexually explicit sites
• Hacking
• Non-work related download or upload
• Leisure use of the Internet
• Usage of external ISPs
• Moonlighting
11- 23
Software Piracy
• Software Piracy
– Unauthorized copying of computer programs
• Licensing
– Purchase of software is really a payment for a license
for fair use
– Site license allow a certain number of copies
• A third of the software industry’s revenues are
lost due to piracy
11- 24
Theft of Intellectual Property
• Intellectual property
– Copyrighted material such as
– Music, videos, images, articles, books, software
• Copyright infringement is illegal
11- 25
Viruses and Worms
11- 26
Cost of viruses and worms
11- 27
Adware and Spyware
• Adware
– Software that purports to serve a useful purpose
– But also allows Internet advertisers to display
advertisements (pop-up and banner ads)
– Without the consent of the computer’s user
• Spyware
– Adware that employs the user’s Internet connection in
the background without your permission or knowledge
– Captures information about you and sends it over the
Internet
11- 28
Privacy: Opt-in versus Opt-out
• Opt-in
– You explicitly consent to allow data to be compiled
about them
– Law in Europe
• Opt-out
– Data can be compiled about you unless you specifically
request it not be
– Default in the US
11- 29
Privacy Issues
• Violation of Privacy:
– Accessing individuals’ private e-mail conversations and
computer records,
– Collecting and sharing information about individuals
gained from their visits to Internet websites
• Computer Monitoring:
– Always knowing where a person is, especially as mobile
and paging services become more closely associated
with people rather than places
11- 30
Privacy Issues
• Computer Matching
– Using customer information gained from many sources
to market additional business services
• Unauthorized Personal Files
– Collecting telephone numbers, e-mail addresses, credit
card numbers, and other personal information to build
individual customer profiles
11- 31
Protecting your Privacy on the
Internet
• E-mail can be encrypted
• Newsgroup postings can be sent through
anonymous remailers
• ISP can be asked not to sell your name and
personal information to mailing list providers and
other marketers
• Decline to reveal personal data and interests on
online service and website user profiles
11- 32
Privacy Laws
11- 33
Censorship Issues
• Spamming
– Indiscriminate sending of unsolicited e-mail messages
to many Internet users
• Flaming
– Sending extremely critical, derogatory, and often vulgar
e-mail messages or newsgroup postings to other users
on the Internet or online services
11- 34
Cyberlaw
11- 35
Other Challenges
• Employment
– IT creates new jobs and increases productivity
– But can also cause significant reductions in job
opportunities as well as different types of skills required
for new jobs
• Computer Monitoring
– Computers used to monitor the productivity and
behavior of employees as they work
11- 36
Other Challenges
• Working Conditions
– IT has eliminated monotonous or obnoxious tasks
– But some jobs requiring a skilled craftsman have been
replaced by jobs requiring routine, repetitive tasks or
standby roles
• Individuality
– Dehumanize and depersonalize activities because
computers eliminate human relationships
– Systems without flexibility
11- 37
Health Issues
11- 38
Ergonomics
11- 39
Ergonomic Factors
11- 40
Security Management
• The goal of security
management is the
accuracy, integrity, and
safety of all information
system processes and
resources.
11- 42
Public/Private Key Encryption
11- 43
Internetworked Security
Defenses
• Firewalls
– A gatekeeper system that protects a company’s
intranets and other computer networks from intrusion
– By providing a filter and safe transfer point for access to
and from the Internet and other networks
• Firewalls are also important for individuals who
connect to the Internet with DSL or cable
modems
11- 44
Internet and Intranet Firewalls
11- 45
How to Defend Against Denial of
Service Attacks
• At the zombie machines (computers
commandeered by cyber criminals)
– Set and enforce security policies
– Scan for vulnerabilities
• At the ISP
– Monitor and block traffic spikes
• At the victim’s website
– Create backup servers and network connections
11- 46
Internetworked Security
Defenses
• E-mail Monitoring
– Use of content monitoring software that scans for
troublesome words that might compromise corporate
security
• Virus Defenses
– Centralize the distribution and updating of antivirus
software
– Use security suite that integrates virus protection with
firewalls, Web security, and content blocking features
11- 47
Other Security Measures
• Security Codes
– Multilevel password system
– Encrypted passwords
– Smart cards with microprocessors
• Backup Files
– Duplicate files of data or programs
• System Security Monitors
– Programs that monitor the use of computer systems
and networks and protects them from unauthorized use,
fraud, and destruction
11- 48
Biometrics
11- 49
Computer Failure Controls
11- 50
Fault Tolerant Systems
11- 51
Disaster Recovery Plan
11- 52
Information Systems Controls
11- 53
Auditing IT Security
• IT security audits
– By internal or external auditors
– Review and evaluate whether proper and adequate
security measures and management policies have been
developed and implemented
11- 54
How to protect yourself from
cybercrime
11- 55
Case 1: Cyberscams: Four Top
Cybercriminals: Who They Are and
What They Do
• Fastest growing criminal niche.
• Annual loss to computer crime - $67 Billion
• Many web sites eBay, Microsoft, and PayPal must
defend themselves from frequent fraudulent attempts by
cyberscammers.
• Law enforcement authorities are looking for four
individuals who are all Russians and have been
identified as high priority targets in their investigations.
• Many of these criminals are highly skilled and come from
low income families and countries with unstable
government.
11- 56
Case Study Questions
11- 57
Case Study Questions
11- 58
Real World Internet Activity
11- 59
Real World Group Activity
11- 60
Case 2: Lowe’s, TCI, Bank of America,
ChoicePoint, and Others: Failures in
Data Security Management
• Companies are having problem in protecting their
valuable data of their customers.
• Cheaper database software and storage devices have
made it much easier for companies to gather and save
private information about their customers, presenting a
challenge in securing the information from hackers.
• Lack of adequate and unreliable safeguard of data has
led to theft of vital information of their customers.
• The business cost of poor data security can be very
high.
11- 61
Case Study Questions
11- 62
Case Study Questions
11- 63
Real World Internet Activity
11- 64
Real World Group Activity
11- 65
Case 3: Western Corporate Federal
Credit Union and Others: Managing
Information Security
• Evolving threats and a greater exposure to risk are
pushing companies to take a strategic view of security.
• The growing use of wireless technologies and the
tendency to connect internal networks with those of
suppliers, partners, and customers have dramatically
increased security risks and the potential cost of a breach.
• Information security is a business problem and can not be
simply addressed by firewalls and other tools.
• OCTAVE helps companies identify infrastructure
vulnerabilities, prioritize information assets, and create
asset-specific threat profiles and mitigation plans.
11- 66
Case Study Questions
11- 67
Case Study Questions
11- 68
Real World Internet Activity
11- 69
Real World Group Activity
11- 70