1. Welcome to Our Presentation
Angry Birds
1

2. 2

4.  IT Security, Ethics, and Society
 Business Ethics
 Categories of Ethical Business Issues
 Computer Crime
 Hacking
 Common Hacking Tactics
 Cyber Theft
 Unauthorized Use at Work
 Internet Abuses in the Workplace
 Software Piracy
 Theft of Intellectual Property
 Viruses and Worms
 Top Five Virus Families of all Time
 The Cost of Viruses, Trojans, Worms
 Adware and Spyware
 Spyware Problems
 Privacy Issues
 Opt-in Versus Opt-out
 Protecting Your Privacy on the Internet
 Health Issues
 Security Management of IT
 Security Management
 Internetworked Security Defenses
 Public/Private Key Encryption
 Internetworked Security Defenses
 Internet and Intranet Firewalls
 Internetworked Security Defenses
 Information System Controls 4

5.  IT has both beneficial
and detrimental effects
on society and people
 Manage work
activities to minimize
the detrimental
effects of IT
 Optimize the
beneficial effects
5

6.  Ethics questions that managers confront as
part of their daily business decision making
include:
 Equity
 Rights
 Honesty
 Exercise of corporate power
6

7. 7

8.  Computer crime includes
 Unauthorized use, access, modification, or
destruction of hardware, software, data, or network
resources
 The unauthorized release of information
 The unauthorized copying of software
 Denying an end user access to his/her own
hardware, software, data, or network resources
 Using or conspiring to use computer or network
resources illegally to obtain information or tangible
property
8

9.  Hacking is
 The obsessive use of computers
 The unauthorized access and use of networked
computer systems
 Electronic Breaking and Entering
 Hacking into a computer system and reading files, but
neither stealing nor damaging anything
 Cracker
 A malicious or criminal hacker who maintains
knowledge of the vulnerabilities found for
private advantage
9

10.  Denial of Service
 Hammering a website’s equipment with too many requests for
information
 Clogging the system, slowing performance, or crashing the site
 Scans
 Widespread probes of the Internet to determine types of
computers, services, and connections
 Looking for weaknesses
 Sniffer
 Programs that search individual packets of data as they pass through the
Internet
 Capturing passwords or entire contents
 Spoofing
 Faking an e-mail address or Web page to trick users into passing along
critical information like passwords or credit card numbers
10

11.  Trojan House
 A program that, unknown to the user, contains instructions that exploit
a known vulnerability in some software
 Back Doors
 A hidden point of entry to be used in case the original entry point is
detected or blocked
 Malicious Applets
 Tiny Java programs that misuse your computer’s resources, modify
files on the hard disk, send fake email, or steal passwords
 War Dialing
 Programs that automatically dial thousands of telephone numbers in
search of a way in through a modem connection
 Logic Bombs
 An instruction in a computer program that triggers a malicious act
11

12.  Buffer Overflow
 Crashing or gaining control of a computer by sending too much data to
buffer memory
 Password Crackers
 Software that can guess passwords
 Social Engineering
 Gaining access to computer systems by talking unsuspecting company
employees out of valuable information, such as passwords
 Dumpster Diving
 Sifting through a company’s garbage to find information to help break
into their computers
12

13.  Many computer crimes involve the theft of money
 The majority are “inside jobs” that involve
unauthorized network entry and alternation of
computer databases to cover the tracks of the
employees involved
 Many attacks occur through the Internet
 Most companies don’t reveal that they have been
targets or victims of cybercrime
13

14.  Unauthorized use of computer systems and
networks is time and resource theft
 Doing private consulting
 Doing personal finances
 Playing video games
 Unauthorized use of the Internet or company networks
 Sniffers
 Used to monitor network traffic or capacity
 Find evidence of improper use
14

15.  General email abuses
 Unauthorized usage and access
 Transmission of confidential data
 Pornography
 Hacking
 Non-work-related download/upload
 Leisure use of the Internet
 Use of external ISPs
15

16.  Software Piracy
 Unauthorized copying of computer programs
 Licensing
 Purchasing software is really a payment
for a license for fair use
 Site license allows a certain number of copies
16
A third of the software
industry’s revenues are lost to
piracy

17.  Intellectual Property
 Copyrighted material
 Includes such things as
music, videos, images, articles, books, and software
 Copyright Infringement is Illegal
 Peer-to-peer networking techniques have made it easy to
trade pirated intellectual property
 Publishers Offer Inexpensive Online Music
 Illegal downloading of music and video is
down and continues to drop
17

18.  A virus is a program that cannot work without being
inserted into another program
 A worm can run unaided
 These programs copy annoying or destructive routines
into networked computers
 Copy routines spread the virus
 Commonly transmitted through
 The Internet and online services
 Email and file attachments
 Disks from contaminated computers
 Shareware
18

19.  My Doom, 2004
 Spread via email and over Kazaa file-sharing network
 Installs a back door on infected computers
 Infected email poses as returned message or one that can’t be opened
correctly, urging recipient to click on attachment
 Opens up TCP ports that stay open even after termination of the worm
 Upon execution, a copy of Notepad is opened, filled with nonsense
characters
 Netsky, 2004
 Mass-mailing worm that spreads by emailing itself to all email
addresses found on infected computers
 Tries to spread via peer-to-peer file sharing by copying itself into the
shared folder
 It renames itself to pose as one of 26 other common files along the
way
19

20.  SoBig, 2004
 Mass-mailing email worm that arrives as
an attachment
▪ Examples: Movie_0074.mpg.pif, Document003.pif
 Scans all .WAB, .WBX, .HTML, .EML, and .TXT files looking for
email addresses to which it can send itself
 Also attempts to download updates for itself
 Klez, 2002
 A mass-mailing email worm that arrives with a randomly named
attachment
 Exploits a known vulnerability in MS Outlook to auto-execute on
unpatched clients
 Tries to disable virus scanners and then copy itself to all local and
networked drives with a random file name
 Deletes all files on the infected machine and any mapped network
drives on the 13th of all even-numbered months
20

21.  Sasser, 2004
 Exploits a Microsoft vulnerability to spread from
computer to computer with no user intervention
 Spawns multiple threads that scan local subnets for
vulnerabilities
21

22.  Cost of the top five virus families
 Nearly 115 million computers in 200 countries
were infected in 2004
 Up to 11 million computers are believed to
be permanently infected
 In 2004, total economic damage from virus
proliferation was $166 to $202 billion
 Average damage per computer is between
$277 and $366
22

23.  Adware
 Software that purports to serve a useful
purpose, and often does
 Allows advertisers to display pop-up and banner
ads without the consent of the computer users
 Spyware
 Adware that uses an Internet connection in the
background, without the user’s permission
or knowledge
 Captures information about the user and sends it
over the Internet
23

24.  Spyware can steal private information and also
 Add advertising links to Web pages
 Redirect affiliate payments
 Change a users home page and search settings
 Make a modem randomly call premium-rate phone
numbers
 Leave security holes that let Trojans in
 Degrade system performance
 Removal programs are often not completely
successful in eliminating spyware
24

25.  The power of information technology to store
and retrieve information can have a negative
effect on every individual’s right to privacy
 Personal information is collected with every
visit to a Web site
 Confidential information stored by credit
bureaus, credit card companies, and the
government has been stolen or misused
25

26.  Opt-In
 You explicitly consent to allow data to be compiled
about you
 This is the default in Europe
 Opt-Out
 Data can be compiled about you unless you
specifically request it not be
 This is the default in the U.S.
26

27.  There are multiple ways to protect your privacy
 Encrypt email
 Send newsgroup postings through anonymous
remailers
 Ask your ISP not to sell your name and information to
mailing list providers and
other marketers
 Don’t reveal personal data and interests on
online service and website user profiles
27

28.  Cumulative Trauma Disorders (CTDs)
 Disorders suffered by people who sit at a
PC or terminal and do fast-paced repetitive
keystroke jobs
 Carpal Tunnel Syndrome
 Painful, crippling ailment of the hand
and wrist
 Typically requires surgery to cure
28

29.  The Internet was developed for inter-
operability, not impenetrability
 Business managers and professionals alike
are responsible for the security, quality, and
performance of business information systems
 Hardware, software, networks, and data
resources must be protected by a variety
of security measures
29

30.  The goal of security
management is the
accuracy, integrity,
and safety of all
information system
processes and
resources
30

31.  Encryption
 Data is transmitted in scrambled form
 It is unscrambled by computer systems for
authorized users only
 The most widely used method uses a pair of public
and private keys unique to each individual
31

32. 32

33.  Firewalls
 A gatekeeper system that protects a company’s
intranets and other computer networks from
intrusion
 Provides a filter and safe transfer point for
access to/from the Internet and other networks
 Important for individuals who connect to the
Internet with DSL or cable modems
 Can deter hacking, but cannot prevent it
33

34. 34

35.  Email Monitoring
 Use of content monitoring software that scans
for troublesome words that might compromise
corporate security
 Virus Defenses
 Centralize the updating and distribution of
antivirus software
 Use a security suite that integrates virus protection
with firewalls, Web security,
and content blocking features
35

36.  Methods and
devices that
attempt to
ensure the
accuracy, validit
y, and propriety
of information
system activities
36

37. 37