2. Cyberscams and
Cybercriminals
Cyberscams are today’s fastest-growing
criminal niche
87 percent of companies surveyed reported
a security incident
The U.S. Federal Trade Commission says
identity theft is its top complaint
Stolen credit card account numbers are
regularly sold online
2Chapter 13 Security and Ethical Challenges
3. Ethical Responsibility
As a business professional there are several
issues related to ethical responsibilities.
Manager has to address issues like:
Should i monitor work activities of employees
(e.g. their emails)
Should i allow employee to use work computers
for personal use?
Should i sell personal information of my
customers
Chapter 13 Security and Ethical Challenges 3
4. Important aspects of security, ethical and
societal dimensions are
4Chapter 13 Security and Ethical Challenges
IT has both beneficial
and detrimental
effects on society and
people
Manage work
activities to
minimize the
detrimental effects
of IT
Optimize the
beneficial effects
5. Business Ethics
Ethics questions that managers confront as part
of their daily business decision making include:
Equity-All are equal and should be treated
fairly
Rights-privacy of customers and employees
Honesty-Security of company information
Exercise of corporate power -workplace safety
5Chapter 13 Security and Ethical Challenges
7. Corporate Social Responsibility
Theories
Stockholder Theory
Managers are agents of the stockholders
Their only ethical responsibility is to increase the profits of
the business without violating the law or engaging in
fraudulent practices
Stakeholder Theory
Managers have an ethical responsibility to manage a firm
for the benefit of all its stakeholders
Stakeholders are all individuals and groups that have a
stake in, or claim on, a company
7Chapter 13 Security and Ethical Challenges
8. Social contract theory
states that companies have ethical responsibilities to all
members of society, which allows corporations to exist
according to social contract.
The first condition requires company to enhance the
economic satisfaction of consumers and employess
without damaging environment, misusing political power
and subjecting employees to dehumanizing working
conditions.
The second condition requires companies to avoid
fraudulent practices, show respect for their employees
as human beings, and avoid practices that systematically
worsen the position of any group in society
Chapter 13 Security and Ethical Challenges 8
9. Principles of Technology Ethics
Proportionality - The good achieved by the technology must
outweigh the harm or risk; there must be no alternative that
achieves the same or comparable benefits with less harm or
risk
Informed Consent - Those affected by the technology should
understand and accept the risks
Justice
The benefits and burdens of the technology should be
distributed fairly
Those who benefit should bear their fair share of the risks,
and those who do not benefit should not suffer a significant
increase in risk
Minimized Risk - Even if judged acceptable by the other three
guidelines, the technology must be implemented so as to
avoid all unnecessary risk
9Chapter 13 Security and Ethical Challenges
10. AITP Standards of Professional
Conduct
10Chapter 13 Security and Ethical Challenges
11. Responsible Professional
Guidelines
A responsible professional
Acts with integrity
Increases personal competence
Sets high standards of personal performance
Accepts responsibility for his/her work
Advances the health, privacy, and general
welfare of the public
11Chapter 13 Security and Ethical Challenges
12. Computer Crime
Computer crime includes & is defined by AITP as
Unauthorized use, access, modification, or
destruction of hardware, software, data, or
network resources
The unauthorized release of information
The unauthorized copying of software
Denying an end user access to his/her own
hardware, software, data, or network resources
Using or conspiring to use computer or
network resources illegally to obtain
information or tangible property
12Chapter 13 Security and Ethical Challenges
14. Hacking
Hacking is
The obsessive use of computers
The unauthorized access and use of networked
computer systems
Electronic Breaking and Entering
Hacking into a computer system and reading
files, but neither stealing nor damaging anything
Cracker
A malicious or criminal hacker who maintains
knowledge of the vulnerabilities found for
private advantage
14Chapter 13 Security and Ethical Challenges
15. Common Hacking Tactics
Denial of Service
Hammering a website’s equipment with too many requests for
information
Clogging the system, slowing performance, or crashing the site
Scans
Widespread probes of the Internet to determine types of computers,
services, and connections
Looking for weaknesses
Sniffer
Programs that search individual packets of data as they pass through
the Internet
Capturing passwords or entire contents
Spoofing/Phishing
Faking an e-mail address or Web page to trick users into passing along
critical information like passwords or credit card numbers. Phishing is a
form of fraud in which the attacker tries to learn information such as login
credentials or account information by masquerading as a reputable entity or
person in email, IM or other communication channels.
15Chapter 13 Security and Ethical Challenges
16. Common Hacking Tactics
Trojan House
A program that, unknown to the user, contains instructions that
exploit a known vulnerability in some software
Back Doors
A hidden point of entry to be used in case the original entry
point is detected or blocked
Malicious Applets
Tiny Java programs that misuse your computer’s resources,
modify files on the hard disk, send fake email, or steal
passwords
War Dialing
Programs that automatically dial thousands of telephone
numbers in search of a way in through a modem connection
Logic Bombs
An instruction in a computer program that triggers a malicious
act
16Chapter 13 Security and Ethical Challenges
17. Common Hacking Tactics
Buffer Overflow
Crashing or gaining control of a computer by sending too much
data to buffer memory
Password Crackers
Software that can guess passwords
Social Engineering
Gaining access to computer systems by talking unsuspecting
company employees out of valuable information, such as
passwords
Dumpster Diving
Sifting through a company’s garbage to find information to help
break into their computers
17Chapter 13 Security and Ethical Challenges
18. Cyber Theft
Many computer crimes involve the theft of
money
The majority are “inside jobs” that involve
unauthorized network entry and alternation of
computer databases to cover the tracks of the
employees involved
Many attacks occur through the Internet
Most companies don’t reveal that they have
been targets or victims of cybercrime
First russian hacker vladimir levin . $11 million
by gatecrashing citibank mainframe
18Chapter 13 Security and Ethical Challenges
19. Cyberterrorism
use of information technolgy by terrorist groups and
individuals to further their agenda. This can include use
of information technolgy to organize and executes
attacks against networks, computer systems and
telecommunications infrastructures , or for exchanging
information or making threats electronically.
e.g. in may 2007 estonia was subjected to mass cyber
attack. Attack included denial of services of ministry
networks and major bank were blocked by directing
traffic in that direction.
The reason was removal of russian world war II war
memorial from talinn
Chapter 13 Security and Ethical Challenges 19
20. Unauthorized Use at Work
Unauthorized use of computer systems and
networks is time and resource theft
Doing private consulting
Doing personal finances
Playing video games
Unauthorized use of the Internet or company
networks
Sniffers
Used to monitor network traffic or capacity
Find evidence of improper use
20Chapter 13 Security and Ethical Challenges
21. . Network monitoring software called sniffers is
frequently used to monitor network traffic to
evaluate network capacity
e.g. newyork times fired 23 workers because of
distributing racist jokes on company’s email
system
xerox fired 40 employees for spending eight
hours a day on pornography sites
Chapter 13 Security and Ethical Challenges 21
22. Internet Abuses in the Workplace
General email abuses
Unauthorized usage and access
Copyright infringement/plagiarism
Newsgroup postings
Transmission of confidential data
Pornography
Hacking
Non-work-related download/upload
Leisure use of the Internet
Use of external ISPs
Moonlighting-using org resources for private
benefit 22Chapter 13 Security and Ethical Challenges
23. Software Piracy
Software Piracy
Unauthorized copying of computer programs
Licensing
Purchasing software is really a payment
for a license for fair use
Site license allows a certain number of copies
23
A third of the software
industry’s revenues are
lost to piracy
Chapter 13 Security and Ethical Challenges
24. Other method is is to go for shareware which is
public domanin software.
60 percent of indian use pirated software. But
pirated softwares are always vulnerable to
external attacks. This risk is increasing as more
and more personal equipments are used (smart
phones) for office work.
Chapter 13 Security and Ethical Challenges 24
25. Theft of Intellectual Property
Intellectual Property
Copyrighted material
Includes such things as music, videos,
images, articles, books, and software
Copyright Infringement is Illegal
Peer-to-peer networking techniques have
made it easy to trade pirated intellectual
property
Publishers Offer Inexpensive Online Music
Illegal downloading of music and video is
down and continues to drop
25Chapter 13 Security and Ethical Challenges
26. Viruses and Worms
A virus is a program that cannot work without
being inserted into another program
A worm can run unaided
These programs copy annoying or destructive
routines into networked computers
Copy routines spread the virus
Commonly transmitted through
The Internet and online services
Email and file attachments
Disks from contaminated computers
Shareware
26Chapter 13 Security and Ethical Challenges
27. Adware and Spyware
Adware
Software that purports to serve a useful
purpose, and often does
Allows advertisers to display pop-up and
banner ads without the consent of the
computer users
Spyware
Adware that uses an Internet connection in
the background, without the user’s permission
or knowledge
Captures information about the user and
sends it over the Internet 27Chapter 13 Security and Ethical Challenges
28. Spyware Problems
Spyware can steal private information and also
Add advertising links to Web pages
Redirect affiliate payments
Change a users home page and search settings
Make a modem randomly call premium-rate
phone numbers
Leave security holes that let Trojans in
Degrade system performance
Removal programs are often not completely
successful in eliminating spyware
28Chapter 13 Security and Ethical Challenges
29. Steganography
Steganography ( i/ st .ə n .rə.fi/, STEG-ə-ˌ ɛɡ ˈ ɒɡ
NOG-rəfee) is the practice of concealing a file,
message, image, or video within another file,
message, image, or video. The word
steganography combines the Greek words
steganos (στεγανός), meaning "covered,
concealed, or protected", and graphein (γράφειν)
meaning "writing".
Chapter 13 Security and Ethical Challenges 29
30. Privacy Issues
The power of information technology to store
and retrieve information can have a negative
effect on every individual’s right to privacy
Personal information is collected with every
visit to a Web site
Confidential information stored by credit
bureaus, credit card companies, and the
government has been stolen or misused
30Chapter 13 Security and Ethical Challenges
31. Confidentail emails of employees are monitored by many
companies. Many websites contain personal information
of individuals. This may be sold, stolen and misused.
Everytime you are online, for whatever purpose you are
vulnerable to data collected about you without your
knowledge. WWW is notorious for making you feel as
no one is observing you. Wherein the reality is that you
are highly visible.
E.g. information about internet user is captured
legitimately. The moment he visits a website or
newsgroup ‘cookie file’ is created on your hard disk. This
information is captured and sold to other parties
Chapter 13 Security and Ethical Challenges 31
32. Privacy Issues
Violation of Privacy
Accessing individuals’ private email conversations and
computer records
Collecting and sharing information about individuals gained
from their visits to Internet websites
Computer Monitoring
Always knowing where a person is
Mobile and paging services are becoming more closely
associated with people than with places
Computer Matching
Using personal information of individual and misusing it for
inappropriate acts.
Unauthorized Access of Personal Files
Collecting telephone numbers, email addresses, credit card
numbers, and other information to build customer profiles
32Chapter 13 Security and Ethical Challenges
33. Protecting Your Privacy on the
Internet
There are multiple ways to protect your privacy
Encrypt email
Send newsgroup postings through
anonymous remailers
Ask your ISP not to sell your name and
information to mailing list providers and
other marketers
Don’t reveal personal data and interests on
online service and website user profiles
33Chapter 13 Security and Ethical Challenges
34. Computer Libel and Censorship
The opposite side of the privacy debate…
Freedom of information, speech, and press
Biggest battlegrounds - bulletin boards, email boxes, and
online files of Internet and public networks
Weapons used in this battle – spamming, flame mail,
libel laws, and censorship
Spamming - Indiscriminate sending of unsolicited email
messages to many Internet users
Flaming
Sending extremely critical, derogatory, and often
vulgar email messages or newsgroup posting to other
users on the Internet or online services
Especially prevalent on special-interest newsgroups
34Chapter 13 Security and Ethical Challenges
35. Other Challenges
Employment
IT creates new jobs and increases productivity
It can also cause significant reductions in job opportunities, as well as
requiring new job skills
Computer Monitoring
Using computers to monitor the productivity and behavior of employees as
they work
Criticized as unethical because it monitors individuals, not just work, and is
done constantly
Criticized as invasion of privacy because many employees do not know
they are being monitored Just take an example of call centre executive
being monitored for quality and time
35Chapter 13 Security and Ethical Challenges
36. Working Conditions
IT has eliminated monotonous or obnoxious tasks
However, some skilled craftsperson jobs have been replaced by jobs
requiring routine, repetitive tasks or standby roles
routinized jobs are taken over by machines and robots. Now employees
can concen trate on challenging and interesting assignments
Individuality
Dehumanizes and depersonalizes activities because computers
eliminate human relationships
Inflexible systems
Things are very rigid and required you to adhere to norms if systme has to
work further. E.g. of customer reminded continuosly of payment in regular
interval. Though he made payment.
Chapter 13 Security and Ethical Challenges 36
37. Health Issues
related to arms, neck , back and job stress (specially
bcas of monitoring)
Video displays and cathode ray tubes radiations are
equally damaging
Cumulative Trauma Disorders (CTDs)
Disorders suffered by people who sit at a
PC or terminal and do fast-paced repetitive keystroke
jobs
Carpal Tunnel Syndrome
Painful, crippling ailment of the hand
and wrist
Typically requires surgery to cure
37Chapter 13 Security and Ethical Challenges
38. Ergonomics
Designing healthy
work environments
Safe, comfortable,
and pleasant for
people to work in
Increases
employee morale
and productivity
Also called human
factors
engineering
38Chapter 13 Security and Ethical Challenges
Ergonomics Factors
39. Societal Solutions
Using information technologies to solve human
and social problems
Medical diagnosis
Computer-assisted instruction
Governmental program planning
Environmental quality control
Law enforcement
Job placement
The detrimental effects of IT
Often caused by individuals or organizations
not accepting ethical responsibility for their
actions
39Chapter 13 Security and Ethical Challenges
40. Security Management of IT
The Internet was developed for inter-operability,
not impenetrability
Business managers and professionals alike
are responsible for the security, quality, and
performance of business information systems
Hardware, software, networks, and data
resources must be protected by a variety
of security measures
40Chapter 13 Security and Ethical Challenges