8

BUSINESS ETHICS AND

INFORMATION TECHNOLOGY
 Learning Outcomes

At the end of this chapter, you should be able to:

 Identify the underlying ethical and social issues in information
technology
 Identify the various security threats of information technology
 Discuss some current ethical issues in information
technology
 Explain how organizations can establish information system
controls to ensure better information system security
 Discuss the government’s role in managing information
system security
 Distinguish and differentiate the different laws against
cybercrime
BUSINESS ETHICS (SECOND EDITION) All Rights Reserved
© Oxford Fajar Sdn. Bhd. (008974-T), 2018 8–3
 Introduction

 Information technology (IT) has provided much variety in terms

of available information and resources, as well as new
prospects for users, which in turn has given much needed
understanding of ethics in contemporary times.
 The risks posed by unethical adoption of IT have also
increased in tandem with the increase of IT acceptance in our
everyday lives.
 However, the importance of ethics and human values have
been seriously undermined with dire consequences.
Therefore, developing and sharing IT guidelines are
imperative as they could influence individuals’ present and
future practices.

BUSINESS ETHICS (SECOND EDITION) All Rights Reserved

© Oxford Fajar Sdn. Bhd. (008974-T), 2018 8–4
 Overview of Ethical and Social
Concerns in Information Technology

 In business, information is seen as the means through which

organizations expand and increase their capacity to achieve
their goals. Therefore, information forms intellectual capital
and organizations value this capital as an important resource.
 There are many and varied ethical and social challenges in
business, in particular how data and information are collected,
handled and distributed.
 The main ethical and social concern is people’s fear of losing
their personal information, being used or made accessible to
the public without their consent. The ethical concerns that
most organizations face are related to privacy, accuracy,
intellectual property and accessibility.

BUSINESS ETHICS (SECOND EDITION) All Rights Reserved

© Oxford Fajar Sdn. Bhd. (008974-T), 2018 8–5
 Overview of Ethical and Social
Concerns in Information Technology
(cont.)
 Privacy
– The main concern related to privacy is what kind of information
should people be required to divulge of themselves and under
what conditions should they do it?
– An array of technologies are available that could mitigate some
of the risks associated with privacy, including encryption,
anonymization/pseudonymization, and web browser interface
technologies that protect data from unauthorized access.
– The Malaysian government passed a bill in the Personal Data
Protection Act 2010 (PDPA) to regulate the processing of
personal data by data users in the context of commercial
transactions that will safeguard the personal data and interests
of individuals.
BUSINESS ETHICS (SECOND EDITION) All Rights Reserved
© Oxford Fajar Sdn. Bhd. (008974-T), 2018 8–6
 Overview of Ethical and Social
Concerns in Information Technology
(cont.)
 Accuracy
– Effective decision-making is driven by accurate information.
Therefore, organizations must ensure that the information
disseminated across and within the organization is accurate.
– Ethical issues involving accuracy can be mitigated by
determining the basis for the level of accuracy in any given
system and whether it is sufficient.
– With the advancement of IT, organizations can now use
automated data entry systems that caution users of bad data
entry, thus improving accuracy.

BUSINESS ETHICS (SECOND EDITION) All Rights Reserved

© Oxford Fajar Sdn. Bhd. (008974-T), 2018 8–7
 Overview of Ethical and Social
Concerns in Information Technology
(cont.)
 Intellectual Property
– Intellectual property rights have become the main concern of
organizations, especially the issues of intangible rights of
ownership in an asset such as a software program.
– There are four types of intellectual property rights relevant to
software, i.e. patents, copyrights, trade secrets and
trademarks.
 Accessibility
– The level of accessibility of information systems threatens to
increase the gap between the haves and the have-nots.
– In the long run, this gap may create social problems in the
society.

BUSINESS ETHICS (SECOND EDITION) All Rights Reserved

© Oxford Fajar Sdn. Bhd. (008974-T), 2018 8–8
 Security Threats that Affect
Information Systems
 Cybercrime
– Cybercrimes can be defined as ‘offences that are committed
against individuals or groups of individuals, with a criminal
motive to intentionally harm the reputation of the victim(s) or
cause physical or mental harm, or loss, to the victim(s) directly
or indirectly using modern telecommunication networks such
as the Internet (including but not limited to chat rooms, emails,
noticeboards and groups) and mobile phones (using Bluetooth,
Short Message Service (SMS) or Multimedia Messaging
Service (MMS))’.
– Cybercrime covers a wide range of different attacks and
shapes, including theft of personal data, copyright
infringement, fraud, child pornography, cyberstalking and
cyberbullying.
BUSINESS ETHICS (SECOND EDITION) All Rights Reserved
© Oxford Fajar Sdn. Bhd. (008974-T), 2018 8–9
 Security Threats that Affect
Information Systems (cont.)

 Hacking and Cracking

– Hacking and cracking are malicious acts and related to security
threats from outside the organization.
– Hackers are individuals who enjoy going into a system to
understand how the whole system works.
– Crackers are individuals who break into a system by cracking
passwords, spoofing and exploiting weaknesses found in the
system.
 Computer Viruses
– Computer viruses that occur in the system can create
nuisance, alter or damage data, steal information, or cripple the
system’s functions.

BUSINESS ETHICS (SECOND EDITION) All Rights Reserved

© Oxford Fajar Sdn. Bhd. (008974-T), 2018 8–10
 Security Threats that Affect
Information Systems (cont.)
 Malware, Spyware and Adware
– Malware are malicious independent programs that disguise
themselves as useful applications, and are able to capture
private information. Worms, logic bombs and Trojan horses are
different form of malware.
– Spyware is used to gather private personal information that is
then relayed to third parties that have vested interests in the
information, for example, advertisers.
– Adware is another form of computer program that is malicious.
Advertisements such as pop-up windows or advertising
banners on web pages are one form of adware. The adware
captures and reports users’ habits, preferences or even
personal information.

BUSINESS ETHICS (SECOND EDITION) All Rights Reserved

© Oxford Fajar Sdn. Bhd. (008974-T), 2018 8–11
 Security Threats that Affect
Information Systems (cont.)

 Non-malicious Threats
– Threats to information systems security can also come from
authorized users who are not aware of their actions.
– Usually these threats come from the employees themselves,
such as data-entry clerks and system operators who are
unfamiliar with the system.
– Although actions by these employees are unintentional, they
still directly and indirectly contribute to security problems.
– Data-entry or programming errors can cause a system crash,
which can cause valuable data to be lost, damaged or altered,
causing organizations to operate at a loss.

BUSINESS ETHICS (SECOND EDITION) All Rights Reserved

© Oxford Fajar Sdn. Bhd. (008974-T), 2018 8–12
 Security Threats that Affect
Information Systems (cont.)
 Spamming, Phishing and Spoofing
– Spam is any form of email message that contains copies of the
same message, and are forced on people that do not request
or require the message. Spamming is usually done by
unauthorized individuals, who steal Internet mails, scan Usenet
postings or search addresses via the web.
– Phishing is also related to email messages that are forced
onto its recipients. However, it is more critical than spam as it
is used to gather personal and financial information disguised
as legitimate emails.
– Spoofing refers to email messages that appear to have been
sent from someone other than the real sender with malicious
intentions. Thus, the emails cannot be traced back to the
originator.
BUSINESS ETHICS (SECOND EDITION) All Rights Reserved
© Oxford Fajar Sdn. Bhd. (008974-T), 2018 8–13
 Security Threats that Affect
Information Systems (cont.)
 Denial of Service, Abuse of Wireless Networks, Misuse of Public
Web Applications
– The difficulty to establish connections between servers and
legitimate clients is termed as denial of service (DoS). Hackers
use this condition to their advantage by hijacking and
controlling thousands of computers remotely to launch massive,
coordinated attacks.
– The convenience and flexibility of wireless networks in
providing data and information is often abused by organizations
or people, referred to as abuse of wireless networks.
– The gaining of access to an organization’s network and data by
unauthorized users disrupts the organization’s activities. E-
commerce applications over the Internet can create
vulnerability and abuse of this application.
BUSINESS ETHICS (SECOND EDITION) All Rights Reserved
© Oxford Fajar Sdn. Bhd. (008974-T), 2018 8–14
 Security Threats that Affect
Information Systems (cont.)

 Computer Theft and Website Defacement

– Laptops and desktops are important artefacts of information
systems and need to be protected. The main security concern
is that they become the target for thieves.
– Theft of these items involve the loss of tangible and intangible
assets.
– Organizations should also be concerned about their websites.
One security concern is website defacement, where the
website is sabotaged by a third party and the attackers take
advantage of undisclosed system vulnerabilities or unpatched
systems.

BUSINESS ETHICS (SECOND EDITION) All Rights Reserved

© Oxford Fajar Sdn. Bhd. (008974-T), 2018 8–15
 Current Ethical Issues in
Information Technology

 Consumer Privacy
 Employee/workplace Surveillance and Privacy
 Location Privacy
 Globalization of Online Activity
 Protection of Intellectual Property

BUSINESS ETHICS (SECOND EDITION) All Rights Reserved

© Oxford Fajar Sdn. Bhd. (008974-T), 2018 8–16
 Managing Information System
Security
 Quarantine Software
– Organizations can install quarantine software (i.e. anti-virus,
anti-adware and anti-spyware).
– By having effective access control and regularly updating the
software organizations can keep their computers free from
viruses or malware.
 Operating System Penetration Software
– Several steps can be taken to guard against downloading free
patches offered by hackers and crackers, by installing several
operating system penetration software.
– Organizations can use the patch-management software by
automating the distribution of authentic patches from multiple
software vendors.
BUSINESS ETHICS (SECOND EDITION) All Rights Reserved
© Oxford Fajar Sdn. Bhd. (008974-T), 2018 8–17
 Managing Information System
Security (cont.)

 Security Policies and Procedure Initiatives

– Organizations need to design and implement information
systems security policies, procedures and initiatives, which
should effectively protect organizations against unauthorized
access.
– The content of these policies should be on maintaining in-
house and off-site backup of corporate data, as well as include
installing software that can be quickly restored in the case of a
system failure.

BUSINESS ETHICS (SECOND EDITION) All Rights Reserved

© Oxford Fajar Sdn. Bhd. (008974-T), 2018 8–18
 Government’s Role in Managing
Information System Security

 There have been an increasing trend of cyberthreats and

attacks happening in Malaysia and around the world in the
last few years. Such threats could have a direct impact on
Malaysian companies.
 To date, there are no cybersecurity-specific laws in Malaysia.
Currently, the Malaysian enforcement agencies have to rely
on existing legislation, such as the Communication and
Multimedia Act 1998, the Defamation Act 1957 and the
Sedition Act 1948 to combat cyberthreats. This is clearly
inadequate to protect Malaysians.
 With the change in the Federal government in May 2018, it is
yet to be seen if new cybersecurity laws will be tabled.

BUSINESS ETHICS (SECOND EDITION) All Rights Reserved

© Oxford Fajar Sdn. Bhd. (008974-T), 2018 8–19
 Protection Against Cybercrime:
Malaysian Legal Framework
 Hacking
– Under section 3 of the Computer Crimes Act 1997 (CCA), it is an
offence if a person knowingly and intentionally accesses a computer
without authorization (i.e. hacking) and causes a computer to
perform any function with the intent to secure access to any
program or data held in any computer.
 Denial of Service Attacks
– Under section 233(1)(b) of the Communications and Multimedia Act
1998 (CMA), a person who continuously, repeatedly or otherwise
initiates a communication using any application services with the
intent to annoy, abuse, threaten or harass any person at any
numbered or electronic address commits an offence, regardless of
whether the communication ensued and whether or not the person
initiating such communication disclosed their identity.
BUSINESS ETHICS (SECOND EDITION) All Rights Reserved
© Oxford Fajar Sdn. Bhd. (008974-T), 2018 8–20
 Protection Against Cybercrime:
Malaysian Legal Framework (cont.)

 Phishing
– Under section 416 of the Malaysian Penal Code, any person is
said to ‘cheat by personation’, if he cheats by pretending to be
some other person, or by knowingly substituting one person for
another, or representing that he or any other person is a person
other than he or such other person really is.
 Infection of IT Systems with Malware
– Under section 5 of the CCA, it is an offence for a person to
commit any act which he knows will cause unauthorized
modification of the contents of any computer.

BUSINESS ETHICS (SECOND EDITION) All Rights Reserved

© Oxford Fajar Sdn. Bhd. (008974-T), 2018 8–21
 Protection Against Cybercrime:
Malaysian Legal Framework (cont.)

 Possession or Use of Hardware, Software or Other Tools to

Commit Cybercrime
– Under section 236 of the CMA, it is an offence for a person to
possess or use any counterfeit access devices, unauthorized
access devices (e.g. lost, stolen, expired or obtained with the
intention to defraud), any device-making equipment intended
to make counterfeit access devices, or any other equipment or
device modified or altered or intended to alter or modify such
other equipment or device, in order to obtain unauthorized
access to any network services, etc.
– Under section 240 of the CMA, it is an offence to distribute or
advertise any communications equipment or device for
interception of communication.

BUSINESS ETHICS (SECOND EDITION) All Rights Reserved

© Oxford Fajar Sdn. Bhd. (008974-T), 2018 8–22
 Protection Against Cybercrime:
Malaysian Legal Framework (cont.)

 Identity Theft/Identity Fraud

– Section 416 of the Penal Code may apply to identity theft
(e.g. in connection with access devices).
 Electronic Theft
– Section 41 of the Copyright Act sets out a range of offences
for copyright infringement, which include the making for sale
or hire, distributing, and exhibiting in public any infringing
copy during the subsistence of copyright in a work or
performer’s right.

BUSINESS ETHICS (SECOND EDITION) All Rights Reserved

© Oxford Fajar Sdn. Bhd. (008974-T), 2018 8–23
 Protection Against Cybercrime:
Malaysian Legal Framework (cont.)

 Failure by an Organization to Implement Cybersecurity

Measures
– There is currently no legislation which imposes a blanket
requirement in respect of implementing cybersecurity
measures.
– The closest is the PDPA which only applies to organizations
involved in commercial transactions and expressly excludes
the Malaysian government.
– Organizations that are involved in processing personal data
are required to implement minimum security standards as
prescribed by the Personal Data Protection Commission from
time to time.

BUSINESS ETHICS (SECOND EDITION) All Rights Reserved

© Oxford Fajar Sdn. Bhd. (008974-T), 2018 8–24