SlideShare a Scribd company logo

Chapter 1

Download as PPTX, PDF
A
anas_desa
1 of 36
CHAPTER 1: ETHICS AND STANDARDS Network Security Ethics (NTC 1012) by HYGM
Objectives Describing on what is ethics and network security aspects. Explanations on the existing security and standard in network system. prepared by HYGM
Ethics In Network Security - The word "ethics" is derived from the Greek word ethos (character), and from the Latin word mores (customs). - Together, they combine to define how individuals choose to interact with one another. - In philosophy, ethics defines what is good for the individual and for society and establishes the nature of duties that people owe themselves and one another. prepared by HYMG
ETHICS - DEFINITION prepared by HYGM
ETHICS (cont) - Though law often embodies ethical principals, law and ethics are far from co-extensive. - Many acts that would be widely condemned as unethical are not prohibited by law -- lying or betraying the confidence of a friend, for example. prepared by HYGM
Ethics and Internet • Communication knows no physical boundaries Interconnected globe humming with electronic transmissions – a chattering planet nestled in provident silence of space “every person everywhere” • The Internet has a number of striking features. It is instantaneous, immediate, worldwide, decentralized, interactive, endlessly expandable in contents and outreach, flexible and adaptable to a remarkable degree • Anyone with the necessary equipment and modest technical skill can be an active presence in cyberspace prepared by HYMG
Security Concerns in Electronic Environment not while data transfer over public / private media only, but while storage as well. Ethics and Internet prepared by HYMG Confidentiality Integrity Availability
Classes of Ethical Problems • Personal Intrusion • Privacy • Morality • Deception • Security • Access • Intellectual Property • Ownership and control • Technology and social responsibility prepared by HYMG
- Network ethics covers ethical issues faced by a computer professional as well as relationship with and responsibilities toward customers, clients, coworkers, employees, employers and other users. - Most professions have highly detailed and enforceable codes for their respective memberships. - In some cases these are spoken of as "professional ethics," or in the case of law, "legal ethics“. - For example, the American Medical Association (http://www.ama- assn.org/) has the Principles of Medical Ethics and the American Bar Association (http://www.abanet.org/) has the Model Rules of Professional Conduct (http://www.law.cornell.edu/ethics/aba/index.htm). Ethics In Network Security prepared by HYMG
- Other professions with codes include dentistry, social work, education, government service, engineering, journalism, real estate, advertising, architecture, banking, insurance, and human resources management. - Some of these codes have been incorporated into the public law. All are likely to have some effect on judgments about professional conduct in litigation. Generally, failure to comply with a code of professional ethics may result in expulsion from the profession or some lesser sanction. Ethics In Network Security prepared by HYMG
Terminology A set of rules outlining the responsibilities of a proper practices for an individual/organization. - Guidelines that help determine if a specific action is ethical/unethical. Formal set of statements that define how the network resources are to be allocated among its clients  network based. prepared by HYMG
ACTIVITY prepared by HYMG
Scenarios • Preeti has walked away from a lab computer without logging off. Arjun sits down and, still logged in as Preeti, sends inflammatory e- mail messages out to a number of students and posts similar messages on the class newsgroup • A secretary on the campus of a tax-supported university has been requested to give her staff password to her supervisor. The supervisor would like to check the secretarys e-mail when she is not at work to see if departmental-related mail is coming in. The secretary is not comfortable giving her password to her supervisor, but is afraid to say no. prepared by HYMG
• Tina's e-mail is being diverted and sent out to her entire class. The messages are quite personal and Tina is very embarrassed • Maria figures out that when she is logged into the server she can look at others' directories, make copies of files, and deposit new files. The operating system was designed to allow this functionality so that people could share their work. Mr. Farham objects when he observes Maria poking around in another student's directory. But Maria responds by saying, "If the system allows me to do it and there's no specific rule against it, what's the problem?" Scenarios prepared by HYMG
•Alice had a report to write on acid rain. She used several sources -- books, magazines, newspaper articles, and an electronic encyclopedia. She listed all these sources in her bibliography at the end of the report. She found the encyclopedia to be the most convenient source because she could highlight portions of the text and paste them into her word processing document • Nurli really enjoys music but doesn't have much money to buy new CDs. He notices that the public library has a lot of CDs and decides to check them out. Once Joy has the CDs at home he realizes that he can burn the CDs and keep copies for himself. Scenarios prepared by HYMG
Who Should Act? • Government • Regulatory Authority • Organizations • Educators • Parents • Individuals prepared by HYMG
Professional Bodies In Malaysia- Examples Profession Professionals Doctor - Persatuan Perubatan Malaysia Lawyer - Majlis Peguam Malaysia Engineer - Lembaga Jurutera Malaysia Architect - Pertubuhan Arkitek Malaysia Akauntan - Institut Perakaunan Malaysia Kaunselor - Persatuan Kaunseling Malaysia prepared by HYMG
Standardization and Auditing • Need for Standardization E.g HIPAA, ISO 17799, BS7799 • Auditing • Policy of the organization prepared by HYMG
Association for Computing Machinery (ACM) This Code, consisting of 24 imperatives formulated as statements of personal responsibility, identifies the elements of such a commitment GENERAL MORAL IMPERATIVES • Contribute to society and human well-being • Avoid harm to others. • Be honest and trustworthy. • Be fair and take action not to discriminate • Honor property rights including copyrights and patent • Give proper credit for intellectual property • Respect the privacy of others • Honor confidentiality prepared by HYMG
Users Responsibility • That Which is Not Yours • Sharing that Which is Yours • Protecting that Which is Yours prepared by HYMG
BREAK prepared by HYMG
CHAPTER 1 ADDITIONAL: INTERNET SECURITY AND LEGAL CHALLENGES prepared by HYMG
Introduction  The law plays a critical part in IT security and organizations need to manage legal risks proactively to avoid legal liability.  Some of the key legal issues relate to digital evidence management, compliance with prevailing legislation and the need to take into account privacy rules and personal data protection.  Digital evidence management is a critical aspect of e- security management and the success of criminal prosecution is dependent on successful digital evidence management.  IT and Computer Security professionals need to work closely with law enforcement agencies closely. prepared by HYMG
Computer Crime Legislation  In most countries there are laws against accessing, altering or preventing authorized access to electronically stored data without proper authorization.  This is because it deals with 3 pillars of protection and attack: confidentiality, integrity and availability.  Example of the laws available are US Digital Millennium Copyright Act, in Malaysia there are Communications and Multimedia Act 1998, Malaysian Communications and Multimedia Commission Act 1998, Digital Signature Act 1997, Computer Crimes Act 1997 and Telemedicine Act 1997 prepared by HYMG
Digital Evidence  Log Files: critical form of evidence to prove that a criminal intrusion has taken place – hearsay evidence and not admissible in court.  Assist system admin to determine who did what and when on a system.  Provide reliable and relevant evidence  Example of the convergence of the law and IT security. prepared by HYMG
Legal Liability Avoidance • IT security professionals working with their legal counterpart (lawyer & judge) must ensure that the organization they work for are not exposed to legal liabilities which will typically result in higher cost for the company. This is because it is a primary concern for all organization. • Examples of legal liabilities: ‘pirated’ software, data leaking, staff misuse of IT facilities for hacking or virus spread and etc. prepared by HYMG
• An explicit warning should strengthen the legal case against intruders because their continued use of the system after viewing the warning implies that they acknowledge the security policy and give permission to be monitored. • Log in messages however may be an effective way to ensure that all the users of a system are aware of the company’s security policy. Legal Liability Avoidance (cont) prepared by HYMG
Personal Data Protection & Privacy • Another example of the role of law in IT security is the area of personal data protection and the need to ensure privacy. • IT security professionals typically have full access to the system and the capability to view the contents of user’s actions. • The best way to carry out this kind of job is limiting what the security professional needs to know to only those things necessary to implement and enforce the security policy, debug problems etc. prepared by HYMG
Personal Data Protection & Privacy (cont) • Some law in certain countries may place a legal obligation on the part of administrators not to exceed the limits of what they monitor failing which it may raise legal liability issues on the part of the organization. • Therefore should IT Security professionals become aware of any form illegal activity on the network or system, they may in turn have a legal obligation to ensure security and will need to investigate and report it, or stop the activity itself if it violates security policy. prepared by HYMG
Incident Handling • The collection of evidence during incident handling is a constant for IT Security professionals and they need to understand the role of law. • This is because computer data is volatile and so easily modified and sensitive to damage, it maybe quite difficult to preserve the integrity of evidence in order for it to be successfully presented in court. prepared by HYMG
Incident Handling (cont) • The defense can easily cast doubt on the evidence by looking at when it is collected, who was in charge of it, where it was stored and so on. • Very important here is that the quality of evidence will be critical and this would include factors such as the location of the program or data, its timestamp and accessibility. prepared by HYMG
Incident Handling (cont) • A better strategy in this matter is to copy logs and any other relevant files to read-only media like a CD. • Data treated in this manner after a crime will carry a much greater weight in court than data from a system that was compromised and continued to be left in operation. prepared by HYMG
Relationship with Law Enforcement Agencies • When an incident takes place, IT professionals should carry out certain checks before calling the law enforcement officers to ensure that no obstacles are created during the investigation process. • As a general practice, it is important to do one’s own investigation of before contacting the law enforcement agencies. prepared by HYMG
Relationship with Law Enforcement Agencies(cont) • This is because the IT professionals would have all the relevant information that is needed for an initial interview with the investigating agencies. • They can save a lot of time investigating, should they trace any irregularities or inconsistency by looking at the logs and by asking the administrator of the machines to examine their logs initially. Example of this can be related to an attack on the organizations’ IT system. prepared by HYMG
Problem Statement 1() • As a newly employed System Administrator of Perunding NWS (M) Sdn Bhd, you are responsible for ensuring that all computers, servers, network devices, and any other types of computing devices that you support comply with all published standards. This includes educating your supported users about their role in securing their computing devices and data. Conduct a research on various Security & Standards in Network System to simplify your task. prepared by HYMG
Problem Statement 1() prepared by HYMG Security & Standard In Network System Definition Categories/Types Importance/Benefits Example of standard Ethical issues Etc. Physical security Network device Security Wireless Network Security Operating System Security Database security

Recommended

Information Ethics
Information EthicsInformation Ethics
Information EthicsUMaine
 
Ethical issues and social issues related to systems upload
Ethical issues and social issues related to systems uploadEthical issues and social issues related to systems upload
Ethical issues and social issues related to systems uploadwaiforchi Wagiteerhh
 
Information system ethics
Information system ethicsInformation system ethics
Information system ethicsKriscila Yumul
 
Ethical And Social Issues in MIS - Management Information System
Ethical And Social Issues in MIS - Management Information SystemEthical And Social Issues in MIS - Management Information System
Ethical And Social Issues in MIS - Management Information SystemFaHaD .H. NooR
 
Ethics in Information Technology
Ethics in Information TechnologyEthics in Information Technology
Ethics in Information TechnologyAtul Kumar Pandey
 
Review questions
Review questionsReview questions
Review questionsAnura Kumara
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
 
Ethical issues of IS
Ethical issues of ISEthical issues of IS
Ethical issues of ISuniversity of education,Lahore
 

Recommended

Information Ethics
Information EthicsInformation Ethics
Information EthicsUMaine
 
Ethical issues and social issues related to systems upload
Ethical issues and social issues related to systems uploadEthical issues and social issues related to systems upload
Ethical issues and social issues related to systems uploadwaiforchi Wagiteerhh
 
Information system ethics
Information system ethicsInformation system ethics
Information system ethicsKriscila Yumul
 
Ethical And Social Issues in MIS - Management Information System
Ethical And Social Issues in MIS - Management Information SystemEthical And Social Issues in MIS - Management Information System
Ethical And Social Issues in MIS - Management Information SystemFaHaD .H. NooR
 
Ethics in Information Technology
Ethics in Information TechnologyEthics in Information Technology
Ethics in Information TechnologyAtul Kumar Pandey
 
Review questions
Review questionsReview questions
Review questionsAnura Kumara
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
 
Ethical issues of IS
Ethical issues of ISEthical issues of IS
Ethical issues of ISuniversity of education,Lahore
 
Ethical Issues In ICT
Ethical Issues In ICTEthical Issues In ICT
Ethical Issues In ICTkelly kusmulyono
 
Chapter 4 Ethical and Social Issues in Information Systems
Chapter 4 Ethical and Social Issues in Information SystemsChapter 4 Ethical and Social Issues in Information Systems
Chapter 4 Ethical and Social Issues in Information SystemsSammer Qader
 
102 Chapter 4 Pt 2
102 Chapter 4 Pt 2102 Chapter 4 Pt 2
102 Chapter 4 Pt 2manpreet04
 
Ethical Issues related to Information System Design and Use
Ethical Issues related to Information System Design and UseEthical Issues related to Information System Design and Use
Ethical Issues related to Information System Design and Useuniversity of education,Lahore
 
Ethics In Information Technology
Ethics In Information TechnologyEthics In Information Technology
Ethics In Information Technologyjvonschilling
 
Social & Ethical Issues in Information Systems
Social & Ethical Issues in Information SystemsSocial & Ethical Issues in Information Systems
Social & Ethical Issues in Information Systemsuniversity of education,Lahore
 
Ethical and social issues in management information systems for BBA hons pro...
Ethical and social issues in management information systems for BBA hons pro...Ethical and social issues in management information systems for BBA hons pro...
Ethical and social issues in management information systems for BBA hons pro...Tonmoy zahid Rishad
 
Chapter 5_dp-_pertemuan_7_8
Chapter 5_dp-_pertemuan_7_8 Chapter 5_dp-_pertemuan_7_8
Chapter 5_dp-_pertemuan_7_8UNIVERSITAS TEKNOKRAT INDONESIA
 
Mis ethical social
Mis ethical socialMis ethical social
Mis ethical socialuniversity of education,Lahore
 
MIS ppt 1
MIS ppt 1MIS ppt 1
MIS ppt 1Pankaj Nandurkar
 
Ethics for IT Professionals
Ethics for IT ProfessionalsEthics for IT Professionals
Ethics for IT ProfessionalsProf. Erwin Globio
 
Gr 3 Societal Issues of Information System Design and Use
Gr 3 Societal Issues of Information System Design and UseGr 3 Societal Issues of Information System Design and Use
Gr 3 Societal Issues of Information System Design and Useuniversity of education,Lahore
 
Ethical and social issues in information systems
Ethical and social issues in information systemsEthical and social issues in information systems
Ethical and social issues in information systemsAmity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
Ethical and social issues in information systems
Ethical and social issues in information systemsEthical and social issues in information systems
Ethical and social issues in information systemsProf. Othman Alsalloum
 
Ethical and social_issues_in_information_system
Ethical and social_issues_in_information_systemEthical and social_issues_in_information_system
Ethical and social_issues_in_information_systemKwame Afreh
 
An ethical approach to data privacy protection
An ethical approach to data privacy protectionAn ethical approach to data privacy protection
An ethical approach to data privacy protectionNicha Tatsaneeyapan
 
4 key technological trends that raise ethical issues
4 key technological trends that raise ethical issues4 key technological trends that raise ethical issues
4 key technological trends that raise ethical issuesRownel Cerezo Gagani
 
Chapter 4
Chapter 4Chapter 4
Chapter 4ghghghghgh
 
Ethic02
Ethic02Ethic02
Ethic02Larcyneil Pascual
 
Lesson plan presentation
Lesson plan presentationLesson plan presentation
Lesson plan presentationdowde1
 
A team 43 C
A team 43 CA team 43 C
A team 43 Caldenustream
 
Olympic Hotel in Izvorani near Bucharest, Romania
Olympic Hotel in Izvorani near Bucharest, RomaniaOlympic Hotel in Izvorani near Bucharest, Romania
Olympic Hotel in Izvorani near Bucharest, RomaniaBogdan Tofan
 

More Related Content

What's hot

Chapter 4 Ethical and Social Issues in Information Systems
Chapter 4 Ethical and Social Issues in Information SystemsChapter 4 Ethical and Social Issues in Information Systems
Chapter 4 Ethical and Social Issues in Information SystemsSammer Qader
 
102 Chapter 4 Pt 2
102 Chapter 4 Pt 2102 Chapter 4 Pt 2
102 Chapter 4 Pt 2manpreet04
 
Ethical Issues related to Information System Design and Use
Ethical Issues related to Information System Design and UseEthical Issues related to Information System Design and Use
Ethical Issues related to Information System Design and Useuniversity of education,Lahore
 
Ethics In Information Technology
Ethics In Information TechnologyEthics In Information Technology
Ethics In Information Technologyjvonschilling
 
Ethical and social issues in management information systems for BBA hons pro...
Ethical and social issues in management information systems for BBA hons pro...Ethical and social issues in management information systems for BBA hons pro...
Ethical and social issues in management information systems for BBA hons pro...Tonmoy zahid Rishad
 
Gr 3 Societal Issues of Information System Design and Use
Gr 3 Societal Issues of Information System Design and UseGr 3 Societal Issues of Information System Design and Use
Gr 3 Societal Issues of Information System Design and Useuniversity of education,Lahore
 
Ethical and social issues in information systems
Ethical and social issues in information systemsEthical and social issues in information systems
Ethical and social issues in information systemsProf. Othman Alsalloum
 
Ethical and social_issues_in_information_system
Ethical and social_issues_in_information_systemEthical and social_issues_in_information_system
Ethical and social_issues_in_information_systemKwame Afreh
 
An ethical approach to data privacy protection
An ethical approach to data privacy protectionAn ethical approach to data privacy protection
An ethical approach to data privacy protectionNicha Tatsaneeyapan
 
4 key technological trends that raise ethical issues
4 key technological trends that raise ethical issues4 key technological trends that raise ethical issues
4 key technological trends that raise ethical issuesRownel Cerezo Gagani
 

What's hot (19)

Ethical Issues In ICT
Ethical Issues In ICTEthical Issues In ICT
Ethical Issues In ICT
 
Chapter 4 Ethical and Social Issues in Information Systems
Chapter 4 Ethical and Social Issues in Information SystemsChapter 4 Ethical and Social Issues in Information Systems
Chapter 4 Ethical and Social Issues in Information Systems
 
102 Chapter 4 Pt 2
102 Chapter 4 Pt 2102 Chapter 4 Pt 2
102 Chapter 4 Pt 2
 
Ethical Issues related to Information System Design and Use
Ethical Issues related to Information System Design and UseEthical Issues related to Information System Design and Use
Ethical Issues related to Information System Design and Use
 
Ethics In Information Technology
Ethics In Information TechnologyEthics In Information Technology
Ethics In Information Technology
 
Social & Ethical Issues in Information Systems
Social & Ethical Issues in Information SystemsSocial & Ethical Issues in Information Systems
Social & Ethical Issues in Information Systems
 
Ethical and social issues in management information systems for BBA hons pro...
Ethical and social issues in management information systems for BBA hons pro...Ethical and social issues in management information systems for BBA hons pro...
Ethical and social issues in management information systems for BBA hons pro...
 
Chapter 5_dp-_pertemuan_7_8
Chapter 5_dp-_pertemuan_7_8 Chapter 5_dp-_pertemuan_7_8
Chapter 5_dp-_pertemuan_7_8
 
Mis ethical social
Mis ethical socialMis ethical social
Mis ethical social
 
MIS ppt 1
MIS ppt 1MIS ppt 1
MIS ppt 1
 
Ethics for IT Professionals
Ethics for IT ProfessionalsEthics for IT Professionals
Ethics for IT Professionals
 
Gr 3 Societal Issues of Information System Design and Use
Gr 3 Societal Issues of Information System Design and UseGr 3 Societal Issues of Information System Design and Use
Gr 3 Societal Issues of Information System Design and Use
 
Ethical and social issues in information systems
Ethical and social issues in information systemsEthical and social issues in information systems
Ethical and social issues in information systems
 
Ethical and social issues in information systems
Ethical and social issues in information systemsEthical and social issues in information systems
Ethical and social issues in information systems
 
Ethical and social_issues_in_information_system
Ethical and social_issues_in_information_systemEthical and social_issues_in_information_system
Ethical and social_issues_in_information_system
 
An ethical approach to data privacy protection
An ethical approach to data privacy protectionAn ethical approach to data privacy protection
An ethical approach to data privacy protection
 
4 key technological trends that raise ethical issues
4 key technological trends that raise ethical issues4 key technological trends that raise ethical issues
4 key technological trends that raise ethical issues
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
 
Ethic02
Ethic02Ethic02
Ethic02
 

Viewers also liked

Lesson plan presentation
Lesson plan presentationLesson plan presentation
Lesson plan presentationdowde1
 
Olympic Hotel in Izvorani near Bucharest, Romania
Olympic Hotel in Izvorani near Bucharest, RomaniaOlympic Hotel in Izvorani near Bucharest, Romania
Olympic Hotel in Izvorani near Bucharest, RomaniaBogdan Tofan
 
المشاركة في المجلدات والملفات
المشاركة في المجلدات والملفاتالمشاركة في المجلدات والملفات
المشاركة في المجلدات والملفاتm7md22
 
Six Wedding Trends For 2014
Six Wedding Trends For 2014Six Wedding Trends For 2014
Six Wedding Trends For 2014Unique Venues
 
Using Campuses for Religious Events
Using Campuses for Religious EventsUsing Campuses for Religious Events
Using Campuses for Religious EventsUnique Venues
 
Conference Centers: How to Find the Perfect One!
Conference Centers: How to Find the Perfect One!Conference Centers: How to Find the Perfect One!
Conference Centers: How to Find the Perfect One!Unique Venues
 
The Culinary Institute of America : External Scholarships
The Culinary Institute of America : External ScholarshipsThe Culinary Institute of America : External Scholarships
The Culinary Institute of America : External ScholarshipsMarilyn Sudduth
 
Styrketrening pp
Styrketrening ppStyrketrening pp
Styrketrening ppkenturban
 
Social Media Tips for Venues
Social Media Tips for VenuesSocial Media Tips for Venues
Social Media Tips for VenuesUnique Venues
 
The poem by Jordan Woodford
The poem by Jordan WoodfordThe poem by Jordan Woodford
The poem by Jordan Woodfordjordanmx519
 
What is DH? And What’s it Doing at the Claremont Colleges?
What is DH? And What’s it Doing at the Claremont Colleges?What is DH? And What’s it Doing at the Claremont Colleges?
What is DH? And What’s it Doing at the Claremont Colleges?Ashley Sanders, Ph.D.
 
Prezentacsia
PrezentacsiaPrezentacsia
Prezentacsiabaltagi0
 

Viewers also liked (15)

Lesson plan presentation
Lesson plan presentationLesson plan presentation
Lesson plan presentation
 
A team 43 C
A team 43 CA team 43 C
A team 43 C
 
Olympic Hotel in Izvorani near Bucharest, Romania
Olympic Hotel in Izvorani near Bucharest, RomaniaOlympic Hotel in Izvorani near Bucharest, Romania
Olympic Hotel in Izvorani near Bucharest, Romania
 
المشاركة في المجلدات والملفات
المشاركة في المجلدات والملفاتالمشاركة في المجلدات والملفات
المشاركة في المجلدات والملفات
 
Six Wedding Trends For 2014
Six Wedding Trends For 2014Six Wedding Trends For 2014
Six Wedding Trends For 2014
 
Using Campuses for Religious Events
Using Campuses for Religious EventsUsing Campuses for Religious Events
Using Campuses for Religious Events
 
Conference Centers: How to Find the Perfect One!
Conference Centers: How to Find the Perfect One!Conference Centers: How to Find the Perfect One!
Conference Centers: How to Find the Perfect One!
 
A team 43
A team 43A team 43
A team 43
 
The Culinary Institute of America : External Scholarships
The Culinary Institute of America : External ScholarshipsThe Culinary Institute of America : External Scholarships
The Culinary Institute of America : External Scholarships
 
Styrketrening pp
Styrketrening ppStyrketrening pp
Styrketrening pp
 
Social Media Tips for Venues
Social Media Tips for VenuesSocial Media Tips for Venues
Social Media Tips for Venues
 
The poem by Jordan Woodford
The poem by Jordan WoodfordThe poem by Jordan Woodford
The poem by Jordan Woodford
 
A team pdf
A team pdfA team pdf
A team pdf
 
What is DH? And What’s it Doing at the Claremont Colleges?
What is DH? And What’s it Doing at the Claremont Colleges?What is DH? And What’s it Doing at the Claremont Colleges?
What is DH? And What’s it Doing at the Claremont Colleges?
 
Prezentacsia
PrezentacsiaPrezentacsia
Prezentacsia
 

Similar to Chapter 1

3999779.ppt
3999779.ppt3999779.ppt
3999779.pptpixvilx
 
chapter 6 Ethics and Professionalism of ET.pptx
chapter 6 Ethics and Professionalism of ET.pptxchapter 6 Ethics and Professionalism of ET.pptx
chapter 6 Ethics and Professionalism of ET.pptxAmanuelZewdie4
 
chapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggchapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggadabotor7
 
Chapter -6- Ethics and Professionalism of ET (2).pptx
Chapter -6- Ethics and Professionalism of ET (2).pptxChapter -6- Ethics and Professionalism of ET (2).pptx
Chapter -6- Ethics and Professionalism of ET (2).pptxbalewayalew
 
Legal And Ethical Aspects.pptx
Legal And Ethical Aspects.pptxLegal And Ethical Aspects.pptx
Legal And Ethical Aspects.pptxfatimagull32
 
Lecture 13 oveview of etichs, fraud, and internal control- james a. hall boo...
Lecture 13 oveview of etichs, fraud, and internal control- james a. hall boo...Lecture 13 oveview of etichs, fraud, and internal control- james a. hall boo...
Lecture 13 oveview of etichs, fraud, and internal control- james a. hall boo...Habib Ullah Qamar
 
Ethics of Computing in Pharmaceutical Research
Ethics of Computing in Pharmaceutical ResearchEthics of Computing in Pharmaceutical Research
Ethics of Computing in Pharmaceutical ResearchAshwani Dhingra
 
3-Professional Ethics Issues.pptx
3-Professional Ethics Issues.pptx3-Professional Ethics Issues.pptx
3-Professional Ethics Issues.pptxJohnLagman3
 
Stallings ch18 privacy
Stallings ch18 privacyStallings ch18 privacy
Stallings ch18 privacysalehnia
 
chapter5F.ppt
chapter5F.pptchapter5F.ppt
chapter5F.pptamreena6
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
Ethics of electronic marketing
Ethics of electronic marketingEthics of electronic marketing
Ethics of electronic marketinggaurav jain
 
Cyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fickCyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fickJacqueline Fick
 
Ethics of computing in pharmaceutical research
Ethics of computing in pharmaceutical researchEthics of computing in pharmaceutical research
Ethics of computing in pharmaceutical researchsuresh gautam
 

Similar to Chapter 1 (20)

3999779.ppt
3999779.ppt3999779.ppt
3999779.ppt
 
chapter 6 Ethics and Professionalism of ET.pptx
chapter 6 Ethics and Professionalism of ET.pptxchapter 6 Ethics and Professionalism of ET.pptx
chapter 6 Ethics and Professionalism of ET.pptx
 
chapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggchapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxggggggggggggggggggggggggggg
 
Chapter -6- Ethics and Professionalism of ET (2).pptx
Chapter -6- Ethics and Professionalism of ET (2).pptxChapter -6- Ethics and Professionalism of ET (2).pptx
Chapter -6- Ethics and Professionalism of ET (2).pptx
 
Legal And Ethical Aspects.pptx
Legal And Ethical Aspects.pptxLegal And Ethical Aspects.pptx
Legal And Ethical Aspects.pptx
 
E commerce
E commerce E commerce
E commerce
 
Lecture 13 oveview of etichs, fraud, and internal control- james a. hall boo...
Lecture 13 oveview of etichs, fraud, and internal control- james a. hall boo...Lecture 13 oveview of etichs, fraud, and internal control- james a. hall boo...
Lecture 13 oveview of etichs, fraud, and internal control- james a. hall boo...
 
Lecture 8.pdf
Lecture 8.pdfLecture 8.pdf
Lecture 8.pdf
 
Ethics of Computing in Pharmaceutical Research
Ethics of Computing in Pharmaceutical ResearchEthics of Computing in Pharmaceutical Research
Ethics of Computing in Pharmaceutical Research
 
Ethics in IT.pptx
Ethics in IT.pptxEthics in IT.pptx
Ethics in IT.pptx
 
chapter05 (1).ppt
chapter05 (1).pptchapter05 (1).ppt
chapter05 (1).ppt
 
3-Professional Ethics Issues.pptx
3-Professional Ethics Issues.pptx3-Professional Ethics Issues.pptx
3-Professional Ethics Issues.pptx
 
Stallings ch18 privacy
Stallings ch18 privacyStallings ch18 privacy
Stallings ch18 privacy
 
chapter5F.ppt
chapter5F.pptchapter5F.ppt
chapter5F.ppt
 
5362098
53620985362098
5362098
 
5362098
53620985362098
5362098
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
Ethics of electronic marketing
Ethics of electronic marketingEthics of electronic marketing
Ethics of electronic marketing
 
Cyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fickCyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fick
 
Ethics of computing in pharmaceutical research
Ethics of computing in pharmaceutical researchEthics of computing in pharmaceutical research
Ethics of computing in pharmaceutical research
 

Chapter 1

  • 1. CHAPTER 1: ETHICS AND STANDARDS Network Security Ethics (NTC 1012) by HYGM
  • 2. Objectives Describing on what is ethics and network security aspects. Explanations on the existing security and standard in network system. prepared by HYGM
  • 3. Ethics In Network Security - The word "ethics" is derived from the Greek word ethos (character), and from the Latin word mores (customs). - Together, they combine to define how individuals choose to interact with one another. - In philosophy, ethics defines what is good for the individual and for society and establishes the nature of duties that people owe themselves and one another. prepared by HYMG
  • 5. ETHICS (cont) - Though law often embodies ethical principals, law and ethics are far from co-extensive. - Many acts that would be widely condemned as unethical are not prohibited by law -- lying or betraying the confidence of a friend, for example. prepared by HYGM
  • 6. Ethics and Internet • Communication knows no physical boundaries Interconnected globe humming with electronic transmissions – a chattering planet nestled in provident silence of space “every person everywhere” • The Internet has a number of striking features. It is instantaneous, immediate, worldwide, decentralized, interactive, endlessly expandable in contents and outreach, flexible and adaptable to a remarkable degree • Anyone with the necessary equipment and modest technical skill can be an active presence in cyberspace prepared by HYMG
  • 7. Security Concerns in Electronic Environment not while data transfer over public / private media only, but while storage as well. Ethics and Internet prepared by HYMG Confidentiality Integrity Availability
  • 8. Classes of Ethical Problems • Personal Intrusion • Privacy • Morality • Deception • Security • Access • Intellectual Property • Ownership and control • Technology and social responsibility prepared by HYMG
  • 9. - Network ethics covers ethical issues faced by a computer professional as well as relationship with and responsibilities toward customers, clients, coworkers, employees, employers and other users. - Most professions have highly detailed and enforceable codes for their respective memberships. - In some cases these are spoken of as "professional ethics," or in the case of law, "legal ethics“. - For example, the American Medical Association (http://www.ama- assn.org/) has the Principles of Medical Ethics and the American Bar Association (http://www.abanet.org/) has the Model Rules of Professional Conduct (http://www.law.cornell.edu/ethics/aba/index.htm). Ethics In Network Security prepared by HYMG
  • 10. - Other professions with codes include dentistry, social work, education, government service, engineering, journalism, real estate, advertising, architecture, banking, insurance, and human resources management. - Some of these codes have been incorporated into the public law. All are likely to have some effect on judgments about professional conduct in litigation. Generally, failure to comply with a code of professional ethics may result in expulsion from the profession or some lesser sanction. Ethics In Network Security prepared by HYMG
  • 11. Terminology A set of rules outlining the responsibilities of a proper practices for an individual/organization. - Guidelines that help determine if a specific action is ethical/unethical. Formal set of statements that define how the network resources are to be allocated among its clients  network based. prepared by HYMG
  • 13. Scenarios • Preeti has walked away from a lab computer without logging off. Arjun sits down and, still logged in as Preeti, sends inflammatory e- mail messages out to a number of students and posts similar messages on the class newsgroup • A secretary on the campus of a tax-supported university has been requested to give her staff password to her supervisor. The supervisor would like to check the secretarys e-mail when she is not at work to see if departmental-related mail is coming in. The secretary is not comfortable giving her password to her supervisor, but is afraid to say no. prepared by HYMG
  • 14. • Tina's e-mail is being diverted and sent out to her entire class. The messages are quite personal and Tina is very embarrassed • Maria figures out that when she is logged into the server she can look at others' directories, make copies of files, and deposit new files. The operating system was designed to allow this functionality so that people could share their work. Mr. Farham objects when he observes Maria poking around in another student's directory. But Maria responds by saying, "If the system allows me to do it and there's no specific rule against it, what's the problem?" Scenarios prepared by HYMG
  • 15. •Alice had a report to write on acid rain. She used several sources -- books, magazines, newspaper articles, and an electronic encyclopedia. She listed all these sources in her bibliography at the end of the report. She found the encyclopedia to be the most convenient source because she could highlight portions of the text and paste them into her word processing document • Nurli really enjoys music but doesn't have much money to buy new CDs. He notices that the public library has a lot of CDs and decides to check them out. Once Joy has the CDs at home he realizes that he can burn the CDs and keep copies for himself. Scenarios prepared by HYMG
  • 16. Who Should Act? • Government • Regulatory Authority • Organizations • Educators • Parents • Individuals prepared by HYMG
  • 17. Professional Bodies In Malaysia- Examples Profession Professionals Doctor - Persatuan Perubatan Malaysia Lawyer - Majlis Peguam Malaysia Engineer - Lembaga Jurutera Malaysia Architect - Pertubuhan Arkitek Malaysia Akauntan - Institut Perakaunan Malaysia Kaunselor - Persatuan Kaunseling Malaysia prepared by HYMG
  • 18. Standardization and Auditing • Need for Standardization E.g HIPAA, ISO 17799, BS7799 • Auditing • Policy of the organization prepared by HYMG
  • 19. Association for Computing Machinery (ACM) This Code, consisting of 24 imperatives formulated as statements of personal responsibility, identifies the elements of such a commitment GENERAL MORAL IMPERATIVES • Contribute to society and human well-being • Avoid harm to others. • Be honest and trustworthy. • Be fair and take action not to discriminate • Honor property rights including copyrights and patent • Give proper credit for intellectual property • Respect the privacy of others • Honor confidentiality prepared by HYMG
  • 20. Users Responsibility • That Which is Not Yours • Sharing that Which is Yours • Protecting that Which is Yours prepared by HYMG
  • 22. CHAPTER 1 ADDITIONAL: INTERNET SECURITY AND LEGAL CHALLENGES prepared by HYMG
  • 23. Introduction  The law plays a critical part in IT security and organizations need to manage legal risks proactively to avoid legal liability.  Some of the key legal issues relate to digital evidence management, compliance with prevailing legislation and the need to take into account privacy rules and personal data protection.  Digital evidence management is a critical aspect of e- security management and the success of criminal prosecution is dependent on successful digital evidence management.  IT and Computer Security professionals need to work closely with law enforcement agencies closely. prepared by HYMG
  • 24. Computer Crime Legislation  In most countries there are laws against accessing, altering or preventing authorized access to electronically stored data without proper authorization.  This is because it deals with 3 pillars of protection and attack: confidentiality, integrity and availability.  Example of the laws available are US Digital Millennium Copyright Act, in Malaysia there are Communications and Multimedia Act 1998, Malaysian Communications and Multimedia Commission Act 1998, Digital Signature Act 1997, Computer Crimes Act 1997 and Telemedicine Act 1997 prepared by HYMG
  • 25. Digital Evidence  Log Files: critical form of evidence to prove that a criminal intrusion has taken place – hearsay evidence and not admissible in court.  Assist system admin to determine who did what and when on a system.  Provide reliable and relevant evidence  Example of the convergence of the law and IT security. prepared by HYMG
  • 26. Legal Liability Avoidance • IT security professionals working with their legal counterpart (lawyer & judge) must ensure that the organization they work for are not exposed to legal liabilities which will typically result in higher cost for the company. This is because it is a primary concern for all organization. • Examples of legal liabilities: ‘pirated’ software, data leaking, staff misuse of IT facilities for hacking or virus spread and etc. prepared by HYMG
  • 27. • An explicit warning should strengthen the legal case against intruders because their continued use of the system after viewing the warning implies that they acknowledge the security policy and give permission to be monitored. • Log in messages however may be an effective way to ensure that all the users of a system are aware of the company’s security policy. Legal Liability Avoidance (cont) prepared by HYMG
  • 28. Personal Data Protection & Privacy • Another example of the role of law in IT security is the area of personal data protection and the need to ensure privacy. • IT security professionals typically have full access to the system and the capability to view the contents of user’s actions. • The best way to carry out this kind of job is limiting what the security professional needs to know to only those things necessary to implement and enforce the security policy, debug problems etc. prepared by HYMG
  • 29. Personal Data Protection & Privacy (cont) • Some law in certain countries may place a legal obligation on the part of administrators not to exceed the limits of what they monitor failing which it may raise legal liability issues on the part of the organization. • Therefore should IT Security professionals become aware of any form illegal activity on the network or system, they may in turn have a legal obligation to ensure security and will need to investigate and report it, or stop the activity itself if it violates security policy. prepared by HYMG
  • 30. Incident Handling • The collection of evidence during incident handling is a constant for IT Security professionals and they need to understand the role of law. • This is because computer data is volatile and so easily modified and sensitive to damage, it maybe quite difficult to preserve the integrity of evidence in order for it to be successfully presented in court. prepared by HYMG
  • 31. Incident Handling (cont) • The defense can easily cast doubt on the evidence by looking at when it is collected, who was in charge of it, where it was stored and so on. • Very important here is that the quality of evidence will be critical and this would include factors such as the location of the program or data, its timestamp and accessibility. prepared by HYMG
  • 32. Incident Handling (cont) • A better strategy in this matter is to copy logs and any other relevant files to read-only media like a CD. • Data treated in this manner after a crime will carry a much greater weight in court than data from a system that was compromised and continued to be left in operation. prepared by HYMG
  • 33. Relationship with Law Enforcement Agencies • When an incident takes place, IT professionals should carry out certain checks before calling the law enforcement officers to ensure that no obstacles are created during the investigation process. • As a general practice, it is important to do one’s own investigation of before contacting the law enforcement agencies. prepared by HYMG
  • 34. Relationship with Law Enforcement Agencies(cont) • This is because the IT professionals would have all the relevant information that is needed for an initial interview with the investigating agencies. • They can save a lot of time investigating, should they trace any irregularities or inconsistency by looking at the logs and by asking the administrator of the machines to examine their logs initially. Example of this can be related to an attack on the organizations’ IT system. prepared by HYMG
  • 35. Problem Statement 1() • As a newly employed System Administrator of Perunding NWS (M) Sdn Bhd, you are responsible for ensuring that all computers, servers, network devices, and any other types of computing devices that you support comply with all published standards. This includes educating your supported users about their role in securing their computing devices and data. Conduct a research on various Security & Standards in Network System to simplify your task. prepared by HYMG
  • 36. Problem Statement 1() prepared by HYMG Security & Standard In Network System Definition Categories/Types Importance/Benefits Example of standard Ethical issues Etc. Physical security Network device Security Wireless Network Security Operating System Security Database security