chp 6_ethical_and_security_issues_in_is.ppt

Fundamentals & Ethics of
Information Systems
IS 201
Chapter 6
Ethical and Security Issues
in Information Systems
Chapter 6 – Ethics in Information Systems Slide 1

Learning Objectives
 Describe the major ethical issues related to information
technology and identify situations in which they occur.
 Describe the many threats to information security.
 Understand the various defense mechanisms used to
protect information systems.
 Explain threats related to email
 Provide an appreciation of the law as it relates to
computing

Chapter Overview
1. Ethics in the Digital World
2. The Ten Commandments of Computer
Ethics
3. The Four Categories of Ethical Issues
4. Privacy and Security
5. Email Ethical Issues
6. Computer Law
7. Summary

 Ethics
 A set of principles of right conduct
 The rules or standards governing the conduct
of a person or the members of a profession
 Ethics in the digital world are confusing.
 Ethical is not always the same as legal.
 Legal system has not kept pace with the
technology developments.

Examples of ethical cases
 Is your hard drive full of great music and films? Where did you get it?
 Copyright violation
 Have you given a friend a copy of your Microsoft Project software?
 Software piracy ‫أدبية‬ ‫سرقة‬
 Did you read the confidential company file that was accidentally
attached to your email?
 Computer abuse, security issue
 Did you gain access to the network and invade other workers emails
and files?
 Computer abuse, security issue
 You formatted your hard drive prior to leaving your company because
you were angry about leaving.
 Destruction of property

Ethical or Unethical?
 Judging behaviors in the digital world is not straightforward
 A student finds the teacher’s password to the school’s information
system and uses it to change his grades and the grades of other
students.
 A student uses the copy and paste commands to place large parts of
an electronic article into an assigned paper. He turns the paper in as
her own work
 A student makes a copy of a software program borrowed from
another student to use on his computer at home.
 A student downloads a graphic file from the web to place on his own
webpage. However, he does provide a link to the author’s site.
 A student copies a previous published story in his own handwriting
and submits it as his own work.

Virtual Vs. Real Worlds
 Some users view their computing actions as less
serious than their actions in the “real world”
 Stealing software from a store – no way! …. However,
SW piracy costs businesses billions of dollars per year
 Most of us would not pick a lock to someone’s house.
However, guessing passwords to gain access to a
website, information, or programs is common
 Sometimes the technology is not well understood.

2. The Ten Commandments of Computer
Ethics
 Computer Ethics Institute
 http://www.brook.edu/dybdocroot/its/ce
i/overview/Ten_Commanments_of_Comp
uter_Ethics.htm

3. The Four Categories of Ethical
Issues
 Privacy Issues involves collecting, storing and
disseminating information about individuals.
 Accuracy Issues involves the authenticity,
fidelity and accuracy of information that is
collected and processed.
 Property Issues involves the ownership and
value of information.
 Accessibility Issues revolve around who
should have access to information and
whether they should have to pay for this
access.

4
.
Privacy and Security
 Privacy - the right to be left alone when you
want to be, to have control over your own
personal possessions, and not to be
observed without your consent.
 Two rules have been followed fairly closely
in past court decision in many countries:
 The right of privacy is not absolute. Privacy must
be balanced against the needs of society
 The public’s right to know is superior to the
individual’s right of privacy.

4.1 Privacy Violation
 Electronic Surveillance. ‫اإللكترونية‬ ‫مراقبة‬
The tracking of people’s activities, online or
offline, with the aid of computers.
 Personal Information in Databases.
Information about individuals is being
kept in many databases: banks, utilities
co., govt. agencies, …etc.; the most visible
locations are credit-reporting agencies.

Privacy violation (Cont.)
 Information on Internet Bulletin
Boards and Newsgroups.
 Electronic discussions such as chat rooms
 Blogs (Weblog) ‫المدونات‬ is an informal,
personal journal that is frequently
updated and intended for general public
reading.

4.2
Information Security
 Information Security is the practice of
defending information from unauthorized
access, use, exposure or disclosure,
disruption, modification, inspection,
recording or destruction
 A threat to an information resource is
any danger to which a system may be
exposed.
Chapter 6 – Ethics in Information Systems

Protection of Information
 confidentiality, ‫السرية‬ ‫ضمان‬
 integrity, ‫البيانات‬ ‫سالمة‬ ‫ضمان‬
 authenticity, ‫موثوقية‬
 access control, ‫الوصول‬ ‫في‬ ‫التحكم‬
 non-repudiation, ‫التنصل‬ ‫عدم‬
 availability, ‫متاحية‬
 accountability, ‫المساءلة‬
 authorization ‫ترخيص‬
/
‫تصريح‬
Slide 15

Information Security Terminology
 A system’s vulnerability ‫اإلصابة‬ ‫قابلية‬ is the possibility
that the system will suffer harm by a threat.
 Risk is the likelihood that a threat will occur.
 Information system controls are the procedures,
devices, or software aimed at preventing a
compromise to the system.

(cont.)
 Cybercrimes ‫اإلنترنت‬ ‫جرائم‬ are fraudulent
activities committed using computers and
communications networks, particularly
the Internet.

(cont.)
 Hackers. ‫القراصنة‬ An outside person who
has penetrated a computer system,
usually with no criminal intent.
 Cracker. A malicious hacker.
 Social engineering. Computer criminals
or corporate spies get around security
systems by building an inappropriate
trust relationship with insiders.

Espionage (Spying)
 Espionage is the act of gaining access to the
information an organization is trying to
protect by an unauthorized individual.
 Industrial espionage occurs in areas where
researching information about the
competition goes beyond the legal limits.
 Shoulder surfing is looking at a computer
monitor or ATM screen over another
person’s shoulder.

Information Extortion‫ابتزاز‬
 When an attacker or formerly trusted
employee steal information from a
computer system and then demands
compensation for its return or an
agreement not to disclose it.

Cyberterrorism
 Cyberterrorism is a planned, politically
motivated attack against information,
computer systems, computer programs, and
data that results in violence against civilian
targets by subnational groups or secret
agents.
 Cyberwar. ‫ونية‬9
‫ر‬‫اإللكت‬ ‫الحرب‬ War in which a
country’s information systems could be
paralyzed from a massive attack by
destructive software.

Identity Theft
 Crime in which someone uses the
personal information of others, usually
obtained from the Internet, to create a
false identity and then commits fraud.
 Fastest growing crime. 9 million victims
in 2005.

Software Attacks
 Malicious software (malware) designed to
damage, destroy, or deny service to the
targeted systems.
 Most common types of software attacks
are viruses, worms, Trojan horses, logic
bombs, back doors, denial-of-service,
alien software, phishing and pharming.

Software Attacks (Continued)
 Viruses. Segments of computer code that
performs malicious actions ranging from merely
annoying to destructive.
 Worms. Destructive programs that replicate
themselves without requiring another program to
provide a safe environment for replication.
 Trojan horses. Software programs that hide in
other computer programs and reveal their
designed behavior only when they are activated.

Software Attacks (Continued)
 Logic bombs. Designed to activate and perform a
destructive action at a certain time.
 Back doors or trap doors. Typically a password,
known only to the attacker, that allows access to
the system without having to go through any
security.
 Denial-of-service. An attacker sends so many
information requests to a target system that the
target cannot handle them successfully and can
crash the entire system.

Alien ‫أجنبي‬ Software
 Pestware. Secret software that uses up valuable
system resources and can report on your Web
surfing habits and other personal information.
 Adware. Designed to help popup advertisements
appear on your screen.
 Spyware. Software that gathers user information
through the user’s Internet connection without
their knowledge (i.e. keylogger, password capture).

Alien Software (Continued)
 Spam. Unsolicited ‫فيها‬ ‫المرغوب‬ ‫غير‬ e-mail,
usually for purposes of advertising.
 Spamware. ‫المزعج‬ ‫البريد‬ Designed to use
your computer as a launch pad ‫االطالق‬ ‫منصة‬
for spammers.

Alien Software (Continued)
 Web bugs. Small, usually invisible, graphic
images that are added to a Web page or e-
mail.
 Phishing. ‫التصيد‬ Uses deception to fraudulently
acquire sensitive personal information such as
account numbers and passwords disguised
‫متنكر‬ as an official-looking e-mail.
 Pharming. ‫العناوين‬ ‫تزوير‬ Fraudulently acquires
the Domain Name for a company’s Web site
and when people type in the Web site url they
are redirected to a fake Web site.

Compromises to Intellectual Property
 Intellectual property. Property created by
individuals or corporations which is protected
under trade secret, patent, and copyright laws.
 Trade secret. Intellectual work, such as a business
plan, that is a company secret and is not based on
public information.
 Patent. Document that grants the holder exclusive
rights on an invention or process for 20 years.

Compromises to Intellectual Property
(Cont.)
 Copyright. Legal grant that provides
creators of intellectual property with
ownership of the property for life of the
creator plus 70 years.
 Piracy. Copying a software program
without making payment to the owner.

Controls
 General controls. Established to protect
the system regardless of their application.

Physical controls. Physical protection of
computer facilities and resources.
 Access controls. Restriction of unauthorized
user access to computer resources; use
biometrics and passwords controls for user
identification.

Controls (Continued)
 Communications (networks) controls. To protect
the movement of data across networks and include
border security controls, authentication and
authorization.
 Firewalls. System that enforces access-control policy
between two networks.
 Encryption. Process of converting an original message
into a form that cannot be read by anyone except the
intended receiver.

Controls (Continued)
 Information systems auditing. Independent or
unbiased observers task to ensure that
information systems work properly.
 Audit. Examination of information
systems, their inputs, outputs and
processing.
 Types of Auditors and Audits
 Internal. Performed by corporate internal auditors.
 External. Reviews internal audit as well as the inputs,
processing and outputs of information systems.

5
.
Email Ethical Issues
 E-mail is completely insecure.

Each e-mail you send results in at least 3 or 4
copies being stored on different computers.

You can take measures to protect your e-mail.

Email Ethical Issues (Cont.)
 Be responsible enough not to waste other people’s
time or bandwidth by posting unnecessarily long
messages or unimportant messages and sending
large attachments
 Promote civility. Be pleasant and polite. Although
the Internet advocates freedom of speech, it does
not give anyone the right to write anything he
wants without minding how it will affect others.

 Use descriptive subject lines for your
messages as a courtesy to your reader -
to help people organize and prioritize
their messages.
 Let the recipient know who is sending the
message.
 From: or end your messages with your name
Signature

 When forwarding messages:
 Check the reliability of the source of a forwarded
message and the accuracy of the message or story
before passing it on.

Do not unnecessarily alarm people, waste their precious time,
and clog (block) the network.
 Clean up your messages before you forward them.

Take out unnecessary header information and forwarding
symbols (usually the > sign).

Retain only those that are important to your recipient.
 Choose the recipients of your forwarded message.

6
.
Computer Law
 In most countries there is a considerable
body of law that can apply to computer
professionals
1. Contract Law
2. Intellectual Property Law
3. Data Protection Law
4. Computer Misuse Law
5. Computer Evidence

Contract Law
 Contractors versus employees
 Intellectual property
 Package licensing versus specially made
software
 Contractual duties
 Fidelity (loyalty)
 Confidence
 You CANNOT contract out of “reasonable”
liabilities ‫التزامات‬

Intellectual Property Law
 Moral rights
 Right of integrity (honesty)
 Copyright
 Protects original works, sound recordings,
typographical layouts
 Patents
 Protect ideas which are novel and not obvious
 Design rights
 Protect designs such as circuit board layout

Data Protection Law
 The subject of personal data has the right to view
and correct that data
 Personal data should be accurate, adequate,
relevant and kept up to date
 Personal data should not be kept for longer than is
necessary
 Appropriate technical and organisational
measures should be taken against unauthorised or
unlawful processing of personal data and against
accidental loss or destruction of personal data

Computer Misuse Law
 Unauthorised access
 Systems
 Networks
 Programs
 Data
 Unauthorised modification
 Editing
 Deleting

Computer Evidence
 Rules govern what evidence is permissible in
courts of law
 Viewing log files with an editor after an
intrusion will invalidate the logs as evidence
 They might have been altered after the event
 Following audit trails back to the place of
origin of an attack is a task for specialists
 Amateurs ‫هواة‬ could invalidate evidence

Some Comments
 The law is constantly changing and never
as simple as it seems
 You should try to be familiar with the law
to protect yourself
 Even so, you DO need the help of
someone with formal training when
dealing with legal issues

7
.
Summary
2. The Ten Commandments of Computer Ethics
3. Privacy
4. Compromises to Intellectual Property
5. Email Ethical Issues
6. Computer Law

chp 6_ethical_and_security_issues_in_is.ppt

More Related Content

Similar to chp 6_ethical_and_security_issues_in_is.ppt (20)

More from EstherBaguma (13)

Recently uploaded (20)

chp 6_ethical_and_security_issues_in_is.ppt

Editor's Notes