Newethics

Security and Ethical
Challenges

Cyberscams and
Cybercriminals
 Cyberscams are today’s fastest-growing
criminal niche
87 percent of companies surveyed reported
a security incident
The U.S. Federal Trade Commission says
identity theft is its top complaint
Stolen credit card account numbers are
regularly sold online
2Chapter 13 Security and Ethical Challenges

Ethical Responsibility
 As a business professional there are several
issues related to ethical responsibilities.
Manager has to address issues like:
 Should i monitor work activities of employees
(e.g. their emails)
 Should i allow employee to use work computers
for personal use?
 Should i sell personal information of my
customers
Chapter 13 Security and Ethical Challenges 3

Important aspects of security, ethical and
societal dimensions are
 IT has both beneficial
and detrimental
effects on society and
people
 Manage work
activities to
minimize the
detrimental effects
of IT
 Optimize the
beneficial effects

Business Ethics
 Ethics questions that managers confront as part
of their daily business decision making include:
Equity-All are equal and should be treated
fairly
Rights-privacy of customers and employees
Honesty-Security of company information
Exercise of corporate power -workplace safety

Categories of Ethical Business
Issues

Corporate Social Responsibility
Theories
 Stockholder Theory
 Managers are agents of the stockholders
 Their only ethical responsibility is to increase the profits of
the business without violating the law or engaging in
fraudulent practices
 Stakeholder Theory
 Managers have an ethical responsibility to manage a firm
for the benefit of all its stakeholders
 Stakeholders are all individuals and groups that have a
stake in, or claim on, a company

Social contract theory
 states that companies have ethical responsibilities to all
members of society, which allows corporations to exist
according to social contract.
 The first condition requires company to enhance the
economic satisfaction of consumers and employess
without damaging environment, misusing political power
and subjecting employees to dehumanizing working
conditions.
 The second condition requires companies to avoid
fraudulent practices, show respect for their employees
as human beings, and avoid practices that systematically
worsen the position of any group in society

Principles of Technology Ethics
 Proportionality - The good achieved by the technology must
outweigh the harm or risk; there must be no alternative that
achieves the same or comparable benefits with less harm or
risk
 Informed Consent - Those affected by the technology should
understand and accept the risks
 Justice
 The benefits and burdens of the technology should be
distributed fairly
 Those who benefit should bear their fair share of the risks,
and those who do not benefit should not suffer a significant
increase in risk
 Minimized Risk - Even if judged acceptable by the other three
guidelines, the technology must be implemented so as to
avoid all unnecessary risk

AITP Standards of Professional
Conduct

Responsible Professional
Guidelines
 A responsible professional
Acts with integrity
Increases personal competence
Sets high standards of personal performance
Accepts responsibility for his/her work
Advances the health, privacy, and general
welfare of the public

Computer Crime
 Computer crime includes & is defined by AITP as
Unauthorized use, access, modification, or
destruction of hardware, software, data, or
network resources
The unauthorized release of information
The unauthorized copying of software
Denying an end user access to his/her own
hardware, software, data, or network resources
Using or conspiring to use computer or
network resources illegally to obtain
information or tangible property

Cybercrime Protection Measures

Hacking
 Hacking is
The obsessive use of computers
The unauthorized access and use of networked
computer systems
 Electronic Breaking and Entering
Hacking into a computer system and reading
files, but neither stealing nor damaging anything
 Cracker
A malicious or criminal hacker who maintains
knowledge of the vulnerabilities found for
private advantage

Common Hacking Tactics
 Denial of Service
 Hammering a website’s equipment with too many requests for
information
 Clogging the system, slowing performance, or crashing the site
 Scans
 Widespread probes of the Internet to determine types of computers,
services, and connections
 Looking for weaknesses
 Sniffer
 Programs that search individual packets of data as they pass through
the Internet
 Capturing passwords or entire contents
 Spoofing/Phishing
 Faking an e-mail address or Web page to trick users into passing along
critical information like passwords or credit card numbers. Phishing is a
form of fraud in which the attacker tries to learn information such as login
credentials or account information by masquerading as a reputable entity or
person in email, IM or other communication channels.

 Trojan House
 A program that, unknown to the user, contains instructions that
exploit a known vulnerability in some software
 Back Doors
 A hidden point of entry to be used in case the original entry
point is detected or blocked
 Malicious Applets
 Tiny Java programs that misuse your computer’s resources,
modify files on the hard disk, send fake email, or steal
passwords
 War Dialing
 Programs that automatically dial thousands of telephone
numbers in search of a way in through a modem connection
 Logic Bombs
 An instruction in a computer program that triggers a malicious
act

 Buffer Overflow
 Crashing or gaining control of a computer by sending too much
data to buffer memory
 Password Crackers
 Software that can guess passwords
 Social Engineering
 Gaining access to computer systems by talking unsuspecting
company employees out of valuable information, such as
passwords
 Dumpster Diving
 Sifting through a company’s garbage to find information to help
break into their computers

Cyber Theft
 Many computer crimes involve the theft of
money
 The majority are “inside jobs” that involve
unauthorized network entry and alternation of
computer databases to cover the tracks of the
employees involved
 Many attacks occur through the Internet
 Most companies don’t reveal that they have
been targets or victims of cybercrime
 First russian hacker vladimir levin . $11 million
by gatecrashing citibank mainframe

Cyberterrorism
 use of information technolgy by terrorist groups and
individuals to further their agenda. This can include use
of information technolgy to organize and executes
attacks against networks, computer systems and
telecommunications infrastructures , or for exchanging
information or making threats electronically.
 e.g. in may 2007 estonia was subjected to mass cyber
attack. Attack included denial of services of ministry
networks and major bank were blocked by directing
traffic in that direction.
 The reason was removal of russian world war II war
memorial from talinn

Unauthorized Use at Work
 Unauthorized use of computer systems and
networks is time and resource theft
Doing private consulting
Doing personal finances
Playing video games
Unauthorized use of the Internet or company
networks
 Sniffers
Used to monitor network traffic or capacity
Find evidence of improper use

 . Network monitoring software called sniffers is
frequently used to monitor network traffic to
evaluate network capacity
 e.g. newyork times fired 23 workers because of
distributing racist jokes on company’s email
system
 xerox fired 40 employees for spending eight
hours a day on pornography sites

Internet Abuses in the Workplace
General email abuses
Unauthorized usage and access
Copyright infringement/plagiarism
Newsgroup postings
Transmission of confidential data
Pornography
Hacking
Non-work-related download/upload
Leisure use of the Internet
Use of external ISPs
Moonlighting-using org resources for private
benefit 22Chapter 13 Security and Ethical Challenges

Software Piracy
 Software Piracy
Unauthorized copying of computer programs
 Licensing
Purchasing software is really a payment
for a license for fair use
Site license allows a certain number of copies
23
A third of the software
industry’s revenues are
lost to piracy
Chapter 13 Security and Ethical Challenges

 Other method is is to go for shareware which is
public domanin software.
 60 percent of indian use pirated software. But
pirated softwares are always vulnerable to
external attacks. This risk is increasing as more
and more personal equipments are used (smart
phones) for office work.

Theft of Intellectual Property
 Intellectual Property
Copyrighted material
Includes such things as music, videos,
images, articles, books, and software
 Copyright Infringement is Illegal
Peer-to-peer networking techniques have
made it easy to trade pirated intellectual
property
 Publishers Offer Inexpensive Online Music
Illegal downloading of music and video is
down and continues to drop

Viruses and Worms
 A virus is a program that cannot work without
being inserted into another program
A worm can run unaided
 These programs copy annoying or destructive
routines into networked computers
Copy routines spread the virus
 Commonly transmitted through
The Internet and online services
Email and file attachments
Disks from contaminated computers
Shareware

Adware and Spyware
 Adware
Software that purports to serve a useful
purpose, and often does
Allows advertisers to display pop-up and
banner ads without the consent of the
computer users
 Spyware
Adware that uses an Internet connection in
the background, without the user’s permission
or knowledge
Captures information about the user and
sends it over the Internet 27Chapter 13 Security and Ethical Challenges

Spyware Problems
 Spyware can steal private information and also
Add advertising links to Web pages
Redirect affiliate payments
Change a users home page and search settings
Make a modem randomly call premium-rate
phone numbers
Leave security holes that let Trojans in
Degrade system performance
 Removal programs are often not completely
successful in eliminating spyware

Steganography
 Steganography ( i/ st .ə n .rə.fi/, STEG-ə-ˌ ɛɡ ˈ ɒɡ
NOG-rəfee) is the practice of concealing a file,
message, image, or video within another file,
message, image, or video. The word
steganography combines the Greek words
steganos (στεγανός), meaning "covered,
concealed, or protected", and graphein (γράφειν)
meaning "writing".

Privacy Issues
 The power of information technology to store
and retrieve information can have a negative
effect on every individual’s right to privacy
Personal information is collected with every
visit to a Web site
Confidential information stored by credit
bureaus, credit card companies, and the
government has been stolen or misused

 Confidentail emails of employees are monitored by many
companies. Many websites contain personal information
of individuals. This may be sold, stolen and misused.
 Everytime you are online, for whatever purpose you are
vulnerable to data collected about you without your
knowledge. WWW is notorious for making you feel as
no one is observing you. Wherein the reality is that you
are highly visible.
 E.g. information about internet user is captured
legitimately. The moment he visits a website or
newsgroup ‘cookie file’ is created on your hard disk. This
information is captured and sold to other parties


Privacy Issues
 Violation of Privacy
 Accessing individuals’ private email conversations and
computer records
 Collecting and sharing information about individuals gained
from their visits to Internet websites
 Computer Monitoring
 Always knowing where a person is
 Mobile and paging services are becoming more closely
associated with people than with places
 Computer Matching
 Using personal information of individual and misusing it for
inappropriate acts.
 Unauthorized Access of Personal Files
 Collecting telephone numbers, email addresses, credit card
numbers, and other information to build customer profiles

Protecting Your Privacy on the
Internet
 There are multiple ways to protect your privacy
Encrypt email
Send newsgroup postings through
anonymous remailers
Ask your ISP not to sell your name and
information to mailing list providers and
other marketers
Don’t reveal personal data and interests on
online service and website user profiles

Computer Libel and Censorship
 The opposite side of the privacy debate…
 Freedom of information, speech, and press
 Biggest battlegrounds - bulletin boards, email boxes, and
online files of Internet and public networks
 Weapons used in this battle – spamming, flame mail,
libel laws, and censorship
 Spamming - Indiscriminate sending of unsolicited email
messages to many Internet users
 Flaming
 Sending extremely critical, derogatory, and often
vulgar email messages or newsgroup posting to other
users on the Internet or online services
 Especially prevalent on special-interest newsgroups

Other Challenges
 Employment
 IT creates new jobs and increases productivity
 It can also cause significant reductions in job opportunities, as well as
requiring new job skills
 Computer Monitoring
 Using computers to monitor the productivity and behavior of employees as
they work
 Criticized as unethical because it monitors individuals, not just work, and is
done constantly
 Criticized as invasion of privacy because many employees do not know
they are being monitored Just take an example of call centre executive
being monitored for quality and time

 Working Conditions
 IT has eliminated monotonous or obnoxious tasks
 However, some skilled craftsperson jobs have been replaced by jobs
requiring routine, repetitive tasks or standby roles
 routinized jobs are taken over by machines and robots. Now employees
can concen trate on challenging and interesting assignments
 Individuality
 Dehumanizes and depersonalizes activities because computers
eliminate human relationships
 Inflexible systems
 Things are very rigid and required you to adhere to norms if systme has to
work further. E.g. of customer reminded continuosly of payment in regular
interval. Though he made payment.

Health Issues
 related to arms, neck , back and job stress (specially
bcas of monitoring)
 Video displays and cathode ray tubes radiations are
equally damaging
 Cumulative Trauma Disorders (CTDs)
 Disorders suffered by people who sit at a
PC or terminal and do fast-paced repetitive keystroke
jobs
 Carpal Tunnel Syndrome
 Painful, crippling ailment of the hand
and wrist
 Typically requires surgery to cure

Ergonomics
 Designing healthy
work environments
 Safe, comfortable,
and pleasant for
people to work in
 Increases
employee morale
and productivity
 Also called human
factors
engineering
Ergonomics Factors

Societal Solutions
 Using information technologies to solve human
and social problems
Medical diagnosis
Computer-assisted instruction
Governmental program planning
Environmental quality control
Law enforcement
Job placement
 The detrimental effects of IT
Often caused by individuals or organizations
not accepting ethical responsibility for their
actions

Security Management of IT
 The Internet was developed for inter-operability,
not impenetrability
Business managers and professionals alike
are responsible for the security, quality, and
performance of business information systems
Hardware, software, networks, and data
resources must be protected by a variety
of security measures

Newethics

More Related Content

What's hot

Similar to Newethics

More from Dr. Vardhan choubey

Recently uploaded

Newethics