ASSIGNMENT 2

[TYPE THE COMPANY ADDRESS]

MANAGEMENT
INFORMATION
SYSTEM
CYBER CRIME AND
ETHICAL & SOCIAL IMPACT OF
INFORMATION SYSTEMS

ZAHID NAZIR
Roll No. AB523655
MBA Executive
2nd Semester , Spring 2009

ALLAMA IQBAL OPEN UNIVERSITY, ISLAMABAD

COMMONWEALTH OF LEARNING EXECUTIVE MBA PROGRAMME
 Zahid Nazir
Roll No. 523655

ETHICAL AND SOCIAL IMPACT OF

INFORMATION SYSTEMS
There is no question that the use of information technology in business
presents major security challenges, poses serious ethical questions, and affect
society in significant way.

The use of information technologies in business has had major impacts on

society and thus raises ethical issues in the areas of crime, privacy, individuality,
employment, health and working conditions.

Employment Privacy

Business / IT
Health Security
Ethics
and Society
Crime

Working
Individuality Conditions

Figure: Important aspects of the security, ethical and societal dimensions of the use of
information technology in business. Remember that information technologies can
support both beneficial and detrimental effects on society in each of the areas
shown.

However it should also realized that information technology has had beneficial
results as well as detrimental effects on society and people in each of these
areas. For example, computerizing a manufacturing process may have the
adverse effect of eliminating people’s jobs, but also have the beneficial result

2
 Zahid Nazir
Roll No. 523655

of improving working conditions and producing products of higher quality at

less cost. So job as a manager or business professional should involve
managing your work activities and those of others to minimize the detrimental
effects of business applications of information technology and optimize their
beneficial effects. That would represent an ethically responsible use of
information technology.

Information Property Rights

Rights & Political Issues & Obligations
Obligations
Social Issues

Ethical Issues

Information
&
Technology System
Quality
Individual
Accountability
& Control Society

Polity

Quality of Life

The fig. above shows the relationship between ethical, social, and political
issues in an information society.

ETHICAL RESPONSIBILITY OF BUSINESS PROFESSIONALS

As a business professional, one has a responsibility to promote ethical use of
information technology in the workplace. Whether one have managerial
responsibilities or not, one should accept the ethical responsibilities that come
with your work activities. That includes properly performing your role as a vital
human resource in the business systems you help to develop and use in your
organization. As a manager or business professional, it will be your
responsibility to make decisions about business activities and the use of

3
 Zahid Nazir
Roll No. 523655

information technologies, which may have an ethical dimension that must be

considered.
For example, should you electronically monitor your employee’s work activities
and electronic mail? Should you let employee use their work computers for
private business or take home copies of software for their personal use?
Should you electronically access your employee’s personal records or
workstation files? Should you sell customer information extracted from
transaction processing system to other companies? These are few examples of
the type of decisions you will have to make that have a controversial ethical
dimension. Below are some ethical foundations in information technology.

TECHNOLOGY ETHICS
An important ethical dimension deals specifically with the ethics of the use of
any form of technology. Below are the four principles of technology ethics.

Proportionality: The good achieved by the technology must outweigh

the harm of risk. Moreover, there must be no alternative that achieves
the same or comparable benefits with less harm or risk.

Informed Consent: Those affected by the technology should understand

and accept the risks.

Justice: The benefits and burdens of the technology should be

distributed fairly. Those who benefit should bear their fair share of the
risks, and those who do not benefit should not suffer a significant
increase in risk.

Minimized Risk: Even if judged acceptable by the other three guidelines,

the technology must be implemented so as to avoid all unnecessary risk.

These principles can serve as basic ethical requirements that companies should
meet to help ensure the ethical implementation of information technologies
and information system in business.

4
 Zahid Nazir
Roll No. 523655

One common example of technology ethics involves some of the health risks of
using computer workstations for extended periods in high volume data entry
job positions. Many organizations display ethical behavior by scheduling work
breaks and limiting the CRT exposure of data entry workers to minimize their
risk of developing a variety of work related health disorders, such as hand
injuries and overexposure to CRT radiation.

ETHICAL GUIDELINES

We have discussed few ethical principles that can serve as the basis for ethical
conduct by managers, end users and IS professionals. But what more specific
guidelines might help ethical use 0f information technology? Many companies
and organizations answer that question today with detailed policies for ethical
computer and internet usage by their employees. For example, most policies
specify that company computer workstations and networks are company
resources that must be used only for work related uses, whether using internal
networks or the internet.

Another way to answer this question is to examine statements of

responsibilities contained in codes of professional conduct for IS professionals.
A good example is the code of professional conduct of the Association of
Information Technology Professionals (AITP), an organization of professionals
in the computing field. Its code of conduct outlines the ethical considerations
inherent in the major responsibilities of an IS professional. Below is a portion
of AITP code of conduct.

AITP Standards 0f Professional Conduct

In recognition of my obligation to my employer I shall:

Avoid conflicts of interest and ensure that my employer is aware of any
potential conflicts.

Protect the privacy and confidentiality of all information entrusted to me.

Not misrepresent or withhold information that is germane to the situation.

Not attempt to use the resources of my employer for personal gain or for any
purpose without proper approval.

5
 Zahid Nazir
Roll No. 523655

Not exploit the weakness of a computer system for personal gain or personal
satisfaction.

In recognition of my obligation to society I shall:

Use my skill and knowledge to inform the public in all areas of my expertise.

To the best of my ability, ensure that the products of my work are used in a
socially responsible way.

Support, respect and abide by the appropriate local, state, provincial and
federal laws.

Never misrepresent or withhold information that is germane to a problem or a
situation of public concern, nor I will allow any such known information to
remain unchallenged.

Not use knowledge of a confidential or personal nature in any unauthorized
manner to achieve personal gain.

Business and IT professionals would live up to their ethical responsibilities by

voluntarily following such guidelines. For example, one can be a responsible
professional by

1. Acting with integrity

2. Increasing your professional competence
3. Setting high standards of personal performance
4. Accepting responsibility for your work
5. Advancing the health, privacy and general welfare of the public.

Then one would be demonstrating ethical conduct, avoiding computer crime

and increasing the security of any information system one develop or use.

Computer crime or Cybercrime is becoming one of the Net’s growth

businesses. Today criminals are doing everything from stealing intellectual
property and committing fraud to unleashing viruses and committing acts of
cyber terrorism.

Cyber Crime is a growing threat to society caused by the criminal or

irresponsible actions of individuals who are taking advantage of the
widespread use and vulnerability of computers and the internet and other

6
 Zahid Nazir
Roll No. 523655

networks. It thus presents a major challenge to the ethical use of information

technologies. Computer crime poses serious threats to the integrity, safety and
survival of most business systems, and thus makes the development of
effective security methods a top priority.

CYBER CRIME
“Cybercrimes are generally defined as any type of illegal activity that
makes use of the Internet, a private or public network, or an in-house
computer system.”

Cyber Crime has been an artifact of computer systems for a number of

decades. However, the phenomenon of Cyber Crime did not truly come into
being until the advent of the computer network. Information moving from
across physical distances was much easier to intercept than that on a
standalone system. Moreover, attaching a system to a network provided
would-be criminals an access point into other vulnerable systems attached to
the same network. But even in the early days of networked computing, Cyber
Crime was rare. The relative rarity of computers, combined with the highly
specialized knowledge needed to use them prevented widespread abuse. The
Cyber Crime problem emerged and grew as computing became easier and
less expensive.
The internet is growing rapidly. It has given rise to new opportunities in every
field we can think of – be it entertainment, business, sports or education.
There are two sides to a coin. Internet also has its own disadvantages. One of
the major disadvantages is Cyber Crime – illegal activity committed on the
internet. The internet, along with its advantages, has also exposed us to
security risks that come with connecting to a large network. Computers today
are being misused for illegal activities like e-mail espionage, credit card fraud,
spam’s, software piracy and so on, which invade our privacy and offend our
senses. Criminal activities in the cyberspace are on the rise.

7
 Zahid Nazir
Roll No. 523655

Different definitions of Cyber Crime are:

Computer Crime is defined by the Association of Information Technology

Professionals (AITP) as

 The unauthorized use, access, modification, and destruction

of hardware, software, data, or network resources
 The unauthorized release of information
 The unauthorized copying of software
 Denying an end user access to his or her own hardware,
software, data, or network resources
 Using or conspiring to use computer or network resources
illegally to obtain information or tangible property

A simple yet sturdy definition of Cyber Crime would be “unlawful acts

wherein the computer is either a tool or a target or both”. Defining
Cyber Crime, as “acts that are punishable by the Information
Technology Act 2000” would be unsuitable as the Indian Penal Code also
covers many cyber crimes, such as e-mail spoofing, cyber defamation etc.

Although the term Cyber Crime is usually restricted to describing criminal

activity in which the computer or network is an essential part of the
crime, this term is also used to include traditional crimes in which
computers or networks are used to enable the illicit activity.

Source: Wikipedia

Cyber Crime is the latest and perhaps the most complicated problem in
the cyber world. “Cyber Crime may be said to be those species, of which,
genus is the conventional crime, and where either the computer is an
object or subject of the conduct constituting crime”

Source Parthasarathi Pati, an author

8
 Zahid Nazir
Roll No. 523655

“Any criminal activity that uses a computer either as an instrumentality,

target or a means for perpetuating further crimes comes within the
ambit of Cyber Crime”.

A generalized definition of Cyber Crime may be “ unlawful acts wherein

the computer is either a tool or target or both”

Source Duggal Pawan, an author

All crimes performed or resorted to by abuse of electronic media or

otherwise, with the purpose of influencing the functioning of computer
or computer system. In short

COMPUTER CRIME is any crime where –

• Computer is a target.
• Computer is a tool of crime
• Computer is incidental to crime

Why learn about CYBER CRIME ?

Because

Everybody is using COMPUTERS.

From white collar criminals to terrorist organizations and
from Teenagers to Adults

Conventional crimes like Forgery, extortion, kidnapping etc.
are being committed with the help of computers

New generation is growing up with computers

MOST IMPORTANT - Monetary transactions are moving on
to the IINTERNET

9
 Zahid Nazir
Roll No. 523655

Who commits a Cyber Crime?

There is a growing convergence of technically savvy computer crackers with
financially motivated criminals. Historically, most computer crime on the
Internet has not been financially motivated: it was the result of either curious
or malicious technical attackers, called crackers. This changed as the Internet
became more commercialized. Financially motivated actors, spammers and
fraudsters, soon joined crackers to exploit this new potential goldmine. Cyber
Criminals have fully adopted the techniques of crackers and malicious code
authors. These are financially motivated people, who pursue their goals
considerably more aggressively than an average cracker. They have the
monetary means to buy the required expertise to develop very sophisticated
tools to accomplish their goals of spamming and scamming the public.

The perpetrators of these attacks vary considerably. At the low end are script
kiddies, who are usually unsophisticated users that download malicious
software from hacker web sites and follow the posted instructions to execute
an attack on some target. These attacks are often only annoyance attacks, but
they can be more severe. At the next level are hackers who are trying to prove
to their peers or to the world that they can compromise a specific system, such
as a government web site. Next are insiders, who are legitimate users of a
system that either access information that they should not have access to or
damage the system or data because they are disgruntled. Insiders are often
less knowledgeable then hackers, but they are often more dangerous because
they have legal access to resources that the hackers need to access illegally.

Next are organizational level attacks. In this case, the organization’s resources
are used to get information illegally or to cause damage or deny access to
other organizations to further the attacking organization’s gain. These can be
legitimate organizations, such as two companies bidding on the same contract
where one wants to know the other’s bid in order to make a better offer. They
could also be criminal organizations that are committing fraud or some other
illegal activity. At the highest level is the nation state that is trying to spy on or

10
 Zahid Nazir
Roll No. 523655

cause damage to another state. This level used to be called “national lab”
attackers, because the attackers have a substantial amount of resources at
their disposal, comparable to those that are available to researchers at a
national lab, such as Los Alamos Laboratory or Lawrence Livermore
Laboratory. After the September 11, 2001 terrorist attacks on the World Trade
Center, the idea of nation state level cyber attacks being carried out by
terrorists became a big concern.
Who can be typically expected to indulge in a Cyber Crime?
Disgruntled employees and ex-employees, spouses,
Insiders
lovers
Hackers Crack into networks with malicious intent
Pose serious threats to networks and systems
Virus Writers
worldwide

Use cyber tools as part of their services

For espionage activities
Foreign Intelligence: -

Can pose the biggest threat to the security of
another country
Terrorists Use to formulate plans, to raise funds, propaganda

Cyber Criminals can also be classified as follows:

Children and adolescents between the age group of 6 – 18 years:

The simple reason for this type of delinquent behavior pattern in children is
seen mostly due to the inquisitiveness to know and explore the things. Other
cognate reason may be to prove themselves to be outstanding amongst other
children in their group. Further the reasons may be psychological even.

Organized hackers:

These kinds of hackers are mostly organized together to fulfill certain

objective. The reason may be to fulfill their political bias, fundamentalism, etc.
The NASA as well as the Microsoft sites is always under attack by the hackers.

11
 Zahid Nazir
Roll No. 523655

Professional hackers / crackers:

Their work is motivated by the color of money. These kinds of hackers are
mostly employed to hack the site of the rivals and get credible, reliable and
valuable information. Further they are even employed to crack the system of
the employer basically as a measure to make it safer by detecting the
loopholes.

Discontented employees:
This group include those people who have been either sacked by their
employer or are dissatisfied with their employer. To avenge they normally hack
the system of their employee.

TYPES OF CYBER CRIME

Computer crime is a multi-billion dollar problem. Our Law enforcement must

seek ways to keep the drawbacks from overshadowing the great promise of
the computer age. Cyber Crime is a menace that has to be tackled effectively
not only by the official but also by the users by co-operating with the law. The
founding fathers of internet wanted it to be a boon to the whole world and it is
upon us to keep this tool of modernization as a boon and not make it a bane to
the society.

Cyber Crimes can be divided into 3 major categories:

 Cybercrimes against Persons.

 Cybercrimes against Property.
 Cybercrimes against Government.

Cyber Crimes against Persons

Also known as Cyber harassment is a distinct Cyber Crime. Various kinds of

harassment can and do occur in cyberspace, or through the use of cyberspace.

12
 Zahid Nazir
Roll No. 523655

Harassment can be sexual, racial, religious, or other. Persons perpetuating

such harassment are also guilty of Cyber Crimes.

Cyber Crimes against Property

Cyber-crimes is that of Cybercrimes against all forms of property. These crimes

include computer vandalism (destruction of others' property), transmission of
harmful programs.

Cyber Crimes against Government

Also known as Cyber terrorism is one distinct kind of crime in this category.
The growth of internet has shown that the medium of Cyberspace is being
used by individuals and groups to threaten the international governments as
also to terrorize the citizens of a country. This crime manifests itself into
terrorism when an individual "cracks" into a government or military maintained
website.

Different types of cyber crime are:

• Hacking • Phishing
• Denial of service attack • Spoofing
• Virus Dissemination • Cyber Stalking
• Software Piracy • Cyber Defamation
• Pornography • Threatening
• IRC Crime • Salami Attack
• Credit Card Fraud • Net Extortion

HACKING

“Hacking in simple terms means illegal intrusion into a computer system without
the permission of the computer owner/user.”

13
 Zahid Nazir
Roll No. 523655

A hacker is a person who breaks codes and passwords to gain unauthorized

entry to computer systems. For hackers, the challenge of breaking the codes is
irresistible and so precautions have to be taken.

Computers that are not connected to the internet or to a wider network are
usually safe. Computers which form part of networks or those with external
links, such as attached modems, are a potential target.

Many hackers often have no specific fraudulent intent, but just enjoy the
challenge of breaking into a system. Company websites are an attractive target
for ‘cyber-vandals’ who change words around, add pictures or add their own
slogans to deface the sites.

In some instances the hacker's purpose could be to commit fraud, to steal

commercially valuable data or to damage or delete the data in order to harm
the company. It is often carried out by corrupt employees or those with a
grudge. They may have insider knowledge of passwords and User IDs which
makes it easy for them.

How can it affect Business?

The extent of hacking is difficult to assess as much of it is only discovered by

accident but the effects can vary greatly. The purpose could be to steal
sensitive data or to cause disruption to your business. There have been
numerous high profile cases of hacking some including the recent admission
from the Pentagon’s Chief Information Officer that the US Department of
Defense has been hacked on many occasions.

14
 Zahid Nazir
Roll No. 523655

TKMAXX, a large company trading online, were the recent victim of a hacker.
The retail outlet’s servers were accessed by hackers who then stole
approximately 45 million customers’ credit card details. Although the company
has argued that 75% of the details stolen were of no use to the criminals, that
still leaves 11 million that were. The knock on effect of the incident apart from
the money lost is the damage caused to the reputation of the company which
may be more costly than the money lost through the criminals hacking.

In addition to client information, hackers can also steal your information on

suppliers, costing and contact details so apart from the criminal gangs stealing
data there is also the possibility of corporate sabotage.

An attack could originate internally. Your company payroll details and other HR
information could be valuable and damaging information if in the wrong hands.

DENIAL OF SERVICE ATTACK

Action(s) which prevent any part of an AIS from functioning in accordance with
its intended purpose Result of any action or series of actions that prevents any
part of an information system from functioning.

An attack that consumes the resources on your computer for things it was not
intended to be doing, thus preventing normal use of your network.

An attack on a network designed to render it - or an Internet resource -

unavailable. The target may be an organization’s e-mail services or its website
Denial of service is an attack on a site or service that overwhelms a Web site's
servers with requests or messages, thus preventing users making legitimate
requests.

A malicious attack on a computer or computer network that can take various

forms. The targeted computer network is overwhelmed with massive amounts

15
 Zahid Nazir
Roll No. 523655

of useless traffic that can bring the network down. Some forms of attack have
special names such as The Ping Of Death and Teardrops.

This is an act by the criminal, who floods the bandwidth of the victim’s network
or fills his e-mail box with spam mail depriving him of the services he is entitled
to access or provide.

VIRUS DISSEMINATION
A computer virus is software or coding written for the sole purpose of infecting
a computer. The effects can range from the irritating but harmless, such as
humorous text or pictures being displayed on your monitor to the more
malicious sort that will delete all of the files on your hard disk. It is these types
of virus that can have the most damaging effects on a business and that is why
it is always necessary to have secure backups of all your data.

The most common method of spreading viruses is via email. Before email
appeared viruses were spread through the sharing of floppy disks. Other
methods such as disks and USB data sticks present a similar threat. However,
infection most commonly occurs through email.

Figure: Effects of a virus

16
 Zahid Nazir
Roll No. 523655

Typically, a virus is sent as an attachment to an email and the virus is spread

when the attachment is opened. Often the message is sent to intrigue the
recipient using the ‘RE:’ format to imply the message is a reply. The most
famous example of this was the “I Love You” virus which caused worldwide
disruption. The virus, once opened scanned all your contacts and then sent the
virus to them purporting to come from you. This virus went round the globe in
a matter of hours and unfortunately, many viruses created since then use
similar methods. According to reports there are over 1 million viruses and
malicious codes currently in circulation.

A worm is a little different to a virus in that it is self replicating and does not
need a host medium. A typical virus will spread via email or by an infected file
but a worm can be released on to a computer and will spread via network
connections, within an office, to within a business, across a multinational
network and across the whole internet. It’s the same as a virus in that its aim is
to infect your computer and execute tasks which can range from humorous to
malicious damage.

How can it affect Business?

 The affects to your business from a virus or worm infection could range
from mildly annoying to extremely damaging. Hard drives can be
completely wiped, in effect leaving a business with no option but to
close. In this case a backup of your company information would be
invaluable.
 A business being forced to close is the extreme case but the downtime
caused by infected equipment can cause setbacks and lost revenue
through the disruption
 A virus may access your email address lists and send embarrassing or
offensive messages to clients and contacts, the effects of which could be
severe embarrassment and loss of all trade. This may also result in your
Internet Service Provider (ISP) blocking email that you send, including
legitimate mail.

17
 Zahid Nazir
Roll No. 523655

SOFTWARE PIRACY

 Theft of software through the illegal copying of genuine programs or the

counterfeiting and distribution of products intended to pass for the
original.

 Retail revenue losses worldwide are ever increasing due to this crime

 Can be done in various ways-

End user copying, Hard disk loading, Counterfeiting, Illegal downloads
from the internet etc.

PORNOGRAPHY

 Pornography is the first consistently successful ecommerce product.

 Deceptive marketing tactics and mouse trapping technologies

Pornography encourage customers to access their websites.

 Anybody including children can log on to the internet and access

websites with pornographic contents with a click of a mouse.

 Publishing, transmitting any material in electronic form which is

lascivious or appeals to the prurient interest is an offence under the
provisions of I.T. Act.

 Pedophiles: Pedophilia, or sexual attraction to children by an adult, is a

sickness that does not discriminate by race, class, or age. The internet
allows Pedophiles i.e.

 Instant access to other predators worldwide;

 Open discussion of their sexual desires; ways to lure victims;

18
 Zahid Nazir
Roll No. 523655

 Mutual support of their adult child sex philosophies;

 Instant access to potential child victims worldwide;
 Disguised identities for approaching children, even to the point of
presenting as a member of teen groups;
 Ready access to "teen chat rooms" to find out how and why to target as
potential victims;
 Shared ideas about Means to identify and track down home contact
information;
 Ability to build a long-term "Internet" relationship with a potential victim,
prior to attempting to engage the child in physical contact.

IRC CRIME
Internet Relay Chat (IRC) is a form of real-time Internet Online chat or
synchronous conferencing. It is mainly designed for group communication in
discussion forums called channels, but also allows one-to-one communication
via private message, as well as chat and data transfers via Direct Client-to-
Client.

Internet Relay Chat (IRC) servers have chat rooms in which people from
anywhere the world can come together and chat with each other.

 Criminals use it for meeting coconspirators.

 Hackers use it for discussing their exploits / sharing the techniques
 Pedophiles use chat rooms to allure small children
 Cyber Stalking - In order to harass a woman her telephone number is
given to others as if she wants to befriend males

CREDIT CARD FRAUD

Credit card fraud is a wide-ranging term for theft and fraud committed using a
credit card or any similar payment mechanism as a fraudulent source of funds

19
 Zahid Nazir
Roll No. 523655

in a transaction. The purpose may be to obtain goods without paying, or to

obtain unauthorized funds from an account. Credit card fraud is also an adjunct
to identity theft.

There are two types of fraud within the identity theft category, application
fraud and account takeover. Application fraud occurs when criminals use
stolen or fake documents to open an account in someone else's name.
Criminals may try to steal documents such as utility bills and bank statements
to build up useful personal information. Alternatively, they may create
counterfeit documents.

Account takeover involves a criminal trying to take over another person's

account, first by gathering information about the intended victim, then
contacting their bank or credit issuer — masquerading as the genuine
cardholder — asking for mail to be redirected to a new address. The criminal
then reports the card lost and asks for a replacement to be sent. The
replacement card is then used fraudulently.

Some merchants added a new practice to protect consumers and self

reputation, where they ask the buyer to send a copy of the physical card and
statement to ensure the legitimate usage of a card.

Skimming is the theft of credit card information used in an otherwise

legitimate transaction. It is typically an "inside job" by a dishonest employee of
a legitimate merchant, and can be as simple as photocopying of receipts.
Common scenarios for skimming are restaurants or bars where the skimmer
has possession of the victim's credit card out of their immediate view. The
skimmer will typically use a small keypad to unobtrusively transcribe the 3 or 4
digit Card Security Code which is not present on the magnetic strip.

20
 Zahid Nazir
Roll No. 523655

Credit Card Skimmer

PHISHING

Phishing is a form of Identity Theft that involves sending out emails

indiscriminately which act as ‘bait’ and they then see how many unsuspecting
users they can ‘hook’. Attacks are those that use spoof emails and fraudulent
websites to trick people into giving out personal financial data. Phishers hijack
brand names of banks, web retailers and credit card companies and send out
wave after wave of emails that ask the recipient to click on a link to update
their details on what turns out to be a fake website. The message appears to
be credible because the email and related website often incorporate the
company logo making them look identical to the email or website
communications of the legitimate company.

The majority of phishing emails are sent by computers covertly controlled by

criminals.

How can it affect Business?

The criminal can then use that sensitive information to steal what may be in the
account, sign up for credit cards, take out loans or sell your personal
information on the black market. The potential damage caused by a successful
phishing attempt could be enough to force the closure of the business.

21
 Zahid Nazir
Roll No. 523655

You may also need to consider the potential effects of your company being
mimicked in emails sent out to your clients and customers, however if you do
not trade online or take confidential information via the internet, then your
clients would find it strange you should ask for personal details.

You should also be aware that apart from the danger of disclosing personal
information, bogus emails may also contain malware scripts that execute as
soon as the email is opened. If you do access a phishing site, you will be
vulnerable to drive by downloads of malicious code which will bypass any
firewall as you have effectively ‘trusted’ the website.

Figure: An example of a recent phishing attempt (The request to follow the link
to confirm bank details indicates the email is a scam – banks will never
request this!)

22
 Zahid Nazir
Roll No. 523655

SPOOFING

The word "spoof" means to hoax, trick, or deceive. Therefore, in the IT world,
spoofing refers tricking or deceiving computer systems or other computer
users. This is typically done by hiding one's identity or faking the identity of
another user on the Internet.

Spoofing can take place on the Internet in several different ways. One common
method is through e-mail. E-mail spoofing involves sending messages from a
bogus e-mail address or faking the e-mail address of another user. Fortunately,
most e-mail servers have security features that prevent unauthorized users
from sending messages. However, spammers often send spam messages from
their own SMTP, which allows them to use fake e-mail addresses. Therefore, it
is possible to receive e-mail from an address that is not the actual address of
the person sending the message.

Another way spoofing takes place on the Internet is via IP spoofing. This
involves masking the IP address of a certain computer system. By hiding or
faking a computer's IP address, it is difficult for other systems to determine
where the computer is transmitting data from. Because IP spoofing makes it
difficult to track the source of a transmission, it is often used in denial-of-
service attacks that overload a server. This may cause the server to either crash
or become unresponsive to legitimate requests. Fortunately, software security
systems have been developed that can identify denial-of-service attacks and
block their transmissions.

Finally, spoofing can be done by simply faking an identity, such as an online

username. For example, when posting on an Web discussion board, a user may
pretend he is the representative for a certain company, when he actually has
no association with the organization. In online chat rooms, users may fake their
age, gender, and location.

23
 Zahid Nazir
Roll No. 523655

While the Internet is a great place to communicate with others, it can also be
an easy place to fake an identity. Therefore, always make sure you know who
you are communicating with before giving out private information.

CYBER STALKING
Cyber stalking is a crime in which the attacker harasses a victim using electronic
communication, such as e-mail or instant messaging (IM), or messages posted
to a Web site or a discussion group. A cyber stalker relies upon the anonymity
afforded by the Internet to allow them to stalk their victim without being
detected. Cyber stalking messages differ from ordinary spam in that a cyber
stalker targets a specific victim with often threatening messages, while the
spammer targets a multitude of recipients with simply annoying messages.

Corporate cyber stalking, an organization stalks an individual. Corporate cyber

stalking (which is not the same thing as corporate monitoring of e-mail) is
usually initiated by a high-ranking company official with a grudge, but may be
conducted by any number of employees within the organization. Less
frequently, corporate cyber stalking involves an individual stalking a
corporation.

CYBER DEFAMATION
Any derogatory statement, which is designed to injure a person's business or
reputation, constitutes cyber defamation. Defamation can be accomplished as
libel or slander. Cyber defamation occurs when defamation takes place with
the help of computers and / or the Internet. E.g. someone publishes
defamatory matter about someone on a website or sends e-mails containing
defamatory information to all of that person's friends.

THREATENING
The Criminal sends threatening email or comes in contact in chat rooms with
victim. (Any one disgruntled may do this against boss, friend or official)

24
 Zahid Nazir
Roll No. 523655

SALAMI ATTACKS
This is basically related to finance and therefore the main victims of this crime
are the financial institutions. This attack has a unique quality that the alteration
is so insignificant that in a single case it would go completely unnoticed. E.g. a
bank employee inserts a programme whereby a meager sum of Rs 3 is
deducted from random customer’s account periodically and transferred to a
specific account for personal gains. Such a small amount will not be noticeable
at all.

NET EXTORTION
Copying the company’s confidential data in order to extort said company for
huge amount.

PRIVACY ISSUES
Information Technology makes it technically and economically feasible to
collect, store, integrate, interchange and retrieve data and information quickly
and easily. This characteristic has an important beneficial effect on the
efficiency and effectiveness of computer based information systems. However
the power of information technology to store and retrieve information can
have a negative effect on the right to privacy of every individual. For example
confidential email messages by employees are monitored by many companies.
Personal information is being collected about individuals every time they visit a
site on the World Wide Web. Confidential information on individuals contained
in centralized computer database by credit bureaus, government agencies, and
private business firms has been stolen or misused, resulting in invasion of
privacy, fraud and other injustice. The unauthorized use of such information
has seriously damaged the privacy of individuals. Errors in such database could
seriously hurt the credit standing or reputation of an individual.

25
 Zahid Nazir
Roll No. 523655

Important privacy issues are being debated in business and government, as

internet technologies accelerate the ubiquity of global telecommunication
connections in business and society. For example:

Accessing individual’s private e-mail conversations and computer

records, and collecting and sharing information about individuals gained
from their visits to internet websites and newsgroups (violation of
privacy).
Always knowing where a person is, especially as mobile and paging
services become more closely associated with people rather than places
(computer monitoring).
Using customer information gained from many sources to market
additional business services (computer matching).
Collecting telephone numbers, e-mail addresses, credit card numbers and
other personal information to build individual customer profiles
(unauthorized personal files).

Privacy on the Internet

If one doesn’t take proper precautions, anytime you send an e-mail, access a
web site, post a message to a newsgroup or use the internet for banking and
shopping… whether you are online for business or pleasure, you are
vulnerable to anyone bent on collecting data about you without your
knowledge. Fortunately, by using tools like encryption and anonymous
remailers, and by being selective about the sites you visit and the information
you provide, you can minimize, if not completely eliminate, the risk of your
privacy being violated.

The internet is notorious for giving its users a feeling of anonymity, when in
actuality; they are highly visible and open to violations of their privacy. Most of
the internet, the World Wide Web, e-mail chat and newsgroups are still a wide
open, unsecured electronic frontier, with no touch rules on what information is
personal and private. Information about internet users is captured legitimately
and automatically each time you visit a website or newsgroup and recorded as
a “cookie file” on your hard disk. Then the web site owners or online auditing

26
 Zahid Nazir
Roll No. 523655

services like Double Click may sell the information from cookie files and other
records of your internet use to third parties. To make matter worse, much of
the Net and Web are easy targets for the interception or theft by hackers of
private information furnished to websites by internet users.

One can protect its privacy in several ways. For example, sensitive e-mail can be
protected by encryption, if both e-mail parties use compatible encryption
software built into their e-mail programs. News group postings can be made
privately by sending them through anonymous remailers that protect your
identity when you add your comments to a discussion. You can ask your ISP not
to sell your name and personal information to mailing list providers and other
marketers. Finally you can decline to reveal personal data and interests on
online service and website user profile to limit your exposure to electronic
snooping.

Computer Matching

Computer profiling and mistakes in the computer matching of personal data

are other controversial threats to privacy. Individuals have been mistakenly
arrested and jailed and people have been denied credit because their physical
profiles or personal data have been used by profiling software to match them
incorrectly or improperly with the wrong individuals. Another threat is the
unauthorized matching of computerized information about you extracted from
the database of sales transaction processing system and sold to information
brokers or other companies. A more recent threat is the unauthorized
matching and sale of information about you collected from the internet
websites and newsgroups visited. You are then subjected to a barrage of
unsolicited promotional material and sales contacts as well as having your
privacy violated.

Computer Libel and Censorship

The opposite side of the privacy debate is the right of people to know about
matters other may want to keep private (freedom of information), the right of
people to express their opinions about such matters (freedom of speech), and

27
 Zahid Nazir
Roll No. 523655

the right of people to publish those opinions (freedom of the press). Some of
the biggest battle grounds in the debate are the bulletin boards, e-mail boxes
and online files of the internet and public information networks such as
America Online and Microsoft network. The weapons being used in this battle
include spamming, flame mail, libel laws and censorship.

Spamming is the indiscriminate sending of unsolicited e-mail messages (spam)

to many internet users. Spamming is the favorite tactic of mass mailers of
unsolicited advertisements, or junk e-mails. Spamming has also been used by
cyber criminals to spread computer viruses or infiltrate many computer
systems.

Flaming is the practice of sending extremely critical, derogatory and often

vulgar e-mail messages (flame mail) or newsgroup postings to other users on
the internet or online services. Flaming is especially prevalent on some of the
internet’s special interest newsgroups.

There have been many incidents of racist or defamatory messages on the Web
that have led to calls for censorship and lawsuits for libel. In addition the
presence of sexually explicit material at many World Wide Web locations has
triggered lawsuits and censorship actions by various groups and governments.

IMPACT OF IT ON EMPLOYMENT
The impact of information technologies on employment is a major ethical
concern and is directly related to the use of computers to achieve automation
of work activities. There can be no doubt that the use of information
technologies has created new jobs and increased productivity, while also
causing a significant reduction in some types of job opportunities. For example,
when computers are used for accounting systems or for the automated control
of machine tools, they are accomplishing tasks formerly performed by many
clerks and machinists. Also jobs created by information technology may require
different types of skills and education than do the jobs that are eliminated.
Therefore, individuals may become unemployed unless they can be retrained
for new positions or new responsibilities.

28
 Zahid Nazir
Roll No. 523655

However, there can be no doubt that internet technologies have created a host
of new job opportunities. Many new jobs, including internet web masters, e-
commerce directors, systems analysts and user consultants have been created
to support e-business and e-commerce applications. Additional jobs have been
created because information technologies make possible the production of
complex industrial and technical goods and services that would otherwise be
impossible to produce. Thus jobs have been created by activities that are
heavily dependent on information technology, in such areas as space
exploration, microelectronics technology and telecommunications.

COMPUTER MONITORING

One of the most explosive ethical issue concerning workplace privacy and the
equality of working conditions in business is computer monitoring. That is,
computers are being used to monitor the productivity and behavior of millions
of employees while they work. Supposedly computer monitoring is done so
employers can collect productivity data about their employees to increase the
efficiency and quality of service. However, computer monitoring has been
criticized as unethical because it monitors individuals, not just work, and is
done continually, thus violating workers privacy and personal freedom. For
example, when you call to make a reservation, an airline reservation agent may
be timed on the exact number of seconds he or she took per caller, the time
between calls, and the number and length of breaks taken. In addition your
conversation may also be monitored.

Computer monitoring has been criticized as an invasion of the privacy of

employees because in many cases they do not know that they are being
monitored or don’t know how the information is being used. Critics also say
that an employee’s right of due process may be harmed by the improper use of
collected data to make personal decisions. Since computer monitoring
increases the stress on employees who must work under constant electronic
surveillance, it has also been blamed for causing health problems among
monitored workers. Finally, computer monitoring has been blamed for robbing
workers of the dignity of their work. In effect, computer monitoring creates an

29
 Zahid Nazir
Roll No. 523655

“electronic sweatshop” where workers are forced to work at a hectic pace

under poor working conditions.

CHALLEGNES IN WORKING CONDITIONS

Information technology has eliminated monotonous or obnoxious tasks in the
office and the factory that formerly had to be performed by people. For
example, word processing and desktop publishing make producing office
documents a lot easier to do, while robots have taken over repetitive welding
and spray painting jobs in the automotive industry. In many instances, this
allows people to concentrate on more challenging and interesting
assignments, upgrades the skill level of the work to be performed, and creates
challenging jobs requiring highly developed skills in the computer industry and
within computer using organizations. Thus information technology can be said
to upgrade the quality of work because it can upgrade the quality of working
conditions and the content of work activities.

CHALLENGES TO INDIVIDUALITY
A frequent criticism of information systems concerns their negative effect on
the individuality of people. Computer based systems are criticized as
impersonal systems that dehumanize and depersonalize activities that have
been computerized, since they eliminate the human relationship present in
noncomputer systems.

Another aspect of the loss of individuality is the regimentation of the individual

that seems to be required by some computer based systems. These systems do
not seem to possess any flexibility. They demand strict adherence to detailed
procedures if the system is to work. The negative impact of IT on individuality is
reinforced by horror stories that describe how inflexible and uncaring some
organizations with computer based processes are when it comes to rectifying
their own mistakes. Many of us are familiar with stories of how computerized
customer billing and accounting system continued to demand payment and

30
 Zahid Nazir
Roll No. 523655

send warning notices to a customer whose account had already been paid,
despite repeated attempts by the customer to have the error corrected.

However, many business applications of IT are designed to minimize

depersonalization and regimentation. For example, many e-commerce systems
are designed to stress personalization and community features to encourage
repeated visits to e-commerce websites. Thus, the widespread use of personal
computers and the internet has dramatically improved the development of
people oriented and personalized information systems.

HEALTH ISSUES
The use of information technology in the workplace raises a variety of health
issues. Heavy use of computers is reportedly causing health problems like job
stress, damaged arm and neck muscles, eye strain, radiation exposure and
even death by computer-caused accidents. For example, computer monitoring
is blamed as a major cause of computer related job stress. Workers, unions and
government officials criticizes computer monitoring as putting so much stress
on employees that leads to health problems. Some of the health issues related
to computer use are:

Eye problems are probably the major problems experienced by

computer users. These include fatigue, blurred vision and dry eyes. These
symptoms are also aggravated by external factors, such as poor lighting,
improperly designed work-stations and viewing the screen up too close.
Other problems are stress, depression and electromagnetic radiation
hazards. Do not forget that it is better to stay away from the back of
monitors, where the electromagnetic field is stronger and against which
walls did not give any protection. The monitor screen surface should be
approximately 18-24 inches away from upper body. It is good to have a
suitable monitor screen without any wave.
Bad posture is enemy number two. Long periods of time at the
computer while blogging, working or reading often leads to pain in the
lumbar region of the back. Neck and shoulder problems also result

31
 Zahid Nazir
Roll No. 523655

from poor seating and the poor organization of equipment on the desk
(stretching for the telephone or files etc).
Your hand and wrist ache after working at the computer all day, and
they sometimes start feeling numb. Research in recent years has found
that things like typing and sewing rarely cause carpal tunnel. Wear splints
while you work to keep your wrists from bending too high or low, and
use a keyboard tray or adjust your chair so the keyboard and mouse are
below your elbows and your wrists are level.
High levels of stress can kill you, don’t make mistakes! Highly stressful
workers have a higher risk of developing heart diseases and even cancer.
So make sure that you can manage your stress. Start making something
to reduce it, don’t wait till computer stress will be the main problem in
your life. Taking frequent breaks is an important step in preventing
repetitive computer stress injuries.

ERGONOMICS
Solutions to some of these health problems are based on the science of
ergonomics, also called human factors engineering.

Biomechanical Biomechanical
Physical Anthropometric
Lighting
The Tools Work Surface
(Computer, The Workstation Furniture
Hardware and and Environment
Software Climate

The User/
Operator

Software Design
Change Training The Tasks (Job
Content and
Job Satisfaction
Context
Support Systems
Rest Breaks
Shift Work Fig: Ergonomic Factors in the Workplace. Good
Management Systems ergonomic design considers tools, tasks, the workstation
and Environment.

32
 Zahid Nazir
Roll No. 523655

The goal of ergonomics is to design healthy work environments that are safe,
comfortable and pleasant for people to work in, thus increasing employee
morale and productivity. Ergonomics stresses the healthy design of the
workplace, workstations, computers and other machines, and even software
packages. Other health issues may require ergonomic solutions emphasizing
job design, rather than workplace design. For example, this may require
policies providing for work breaks from heavy VDT use every few hours, while
limiting the CRT (cathode ray tubes) exposure of pregnant workers. Ergonomic
job design can also provide more variety in job tasks for those workers who
spend most of their workday at computer workstations.

*************************

33
 Zahid Nazir
Roll No. 523655

PRACTICAL STUDY
OF ORGANISATION

34
 Zahid Nazir
Roll No. 523655

GALXOSMITHKLINE
COMPANY’S
S OVERVIEW
At GlaxoSmithKline,, we conduct our business with integrity and honesty, and
aspire to excellence in all we do. We know our people are vital to the success
of the business, and encourage everyone to achieve their maximum potential.
We offer a competitive benefits package and recognize the need for a healthy
balance between work and family life.

GlaxoSmithKline welcomes the talent of people from divers

diverse backgrounds to
provide the expertise, dedication and imagination to propel us toward a
prosperous future. We look for individuals with daring spirits and inquisitive
minds who seek a broad range of opportunities for personal and professional
growth, and whose efforts are realized in the improved health of people
worldwide.

GlaxoSmithKline is an exciting organization, which offers a variety of career

opportunities. Our recruitment process aims to achieve the highest level of
candidate care by listening to your interests, and treating you like a valued
customer.

35
 Zahid Nazir
Roll No. 523655

BUSINESS UNITS
The organizational structure of GlaxoSmithKline (GSK) is designed to make our
company a model for excellence in the pharmaceutical industry - a new
company that represents best practice in every way.

GSK is a company with the size and scale to invest in the tools we need to
succeed, and to drive that success going forward. To achieve that goal, GSK is
organized as a flexible company, capable of responding quickly to a rapidly
changing marketplace. Organized globally to coordinate activities and gain the
benefits of size and scale, the company is built on smaller,
smaller, customer-focused
customer
units, dedicated to delivering medicines that relieve the suffering of patients
around the world.

The new and innovative model for R&D, the focused structure of our
pharmaceutical business throughout the world and the organization of our
global services such as IT and Procurement are some of the highlights in the
approach which will lead our success.

GSK CONSUMER HEALTHCARE

HEALTHC
GlaxoSmithKline is a leader in the worldwide consumer healthcare market.
With nearly $6 billion in sales, over ten million brands and present in 130
markets, the consumer healthcare business brings an added dynamic
dimension to GSK.

Operating in the fiercely competitive environment of retail and consumer

marketing GlaxoSmithKline Consumer Healthcare brings oral healthcare, over-
the-counter
counter medicines and nutritional healthcare products to millions of
people.

36
 Zahid Nazir
Roll No. 523655

Brand names such as Panadol, Aquafresh toothpaste, Lucozade, Nicorette and

Niquitin smoking cessation products are household names around the world. In
one year ar GSK Consumer Healthcare produces - among many others - nine
billion tablets to relieve stomach upsets, six billion tablets of pain relief tablets
and 600 million tubes of toothpaste.

But the driving force behind GlaxoSmithKline's Consumer Healthcare bus business
is science. With four dedicated consumer healthcare R&D centers and
consumer healthcare regulatory affairs, the business takes scientific innovation
as seriously as marketing excellence and offers leading
leading-edge
edge capability in both.

GSK CORPORATE FUNCTIONS

FUNC
The Corporate business unit within GlaxoSmithKline,, is responsible for
leadership, processes, policies, standards and services in the core business
areas of Corporate Communications & Global Community Partnerships,
Corporate Ethics & Compliance, FinaFinance,
nce, Human Resources and Legal. The
functions work individually and in cross
cross-functional
functional teams across different
corporate functions and businesses within GSK.

The functions aim to achieve compliance with legal, financial and regulatory
frameworks within and outside the corporation; protecting, supporting and
motivating GSK people and the communities in which they work. They utilize a
responsive business infrastructure - combining account management and
shared services approaches - to work with GSK's diverse businesses. The
Corporate functions count among their audiences; employees, communities,
media, governments, analysts, institutions and shareholders worldwide.

37
 Zahid Nazir
Roll No. 523655

GSK INFORMATION TECH

TECHNOLOGY

In GSK, Information Technology is a business unit, one that is closely

clos integrated
with all parts of the company, all around the world. It is organized to take best
advantage of global scale when that is appropriate, while supporting GSK
people and businesses locally so they have the IT tools they need to succeed.

Global capabilities:
Six IT departments provide core services that are required by each of the
business units and by GSK at large. These IT departments are:

• Cross Functional Process Design - Ensures that all proposed systems

changes have a significant, positive impact on the performance of the
business processes.
• Global eBusiness - Develops GSK's commercial capabilities in eBusiness.
• Global Strategy & Applications - Drives the overall IT strategy of GSK and
ensures the IT architecture is coordinated in concert with business
strategies.
• Project and Portfolio Management - Builds processes for approving
projects, manages project issues as they progress and works with the
project management groups to build skills and capabilities.
• Systems and Communications Services - Builds, deploys and operates the
cost effective, flexible, computing and communications infrastructure
required by GSK.
• Risk Management & Security - Identifies
ifies and addresses security and other
risks resulting from external or internal use of information technology
and computerized information.

IT is supported by six core service teams: Audit, Communications, Finance &

Alliances, Human Resources, Legal and PProcurement.

38
 Zahid Nazir
Roll No. 523655

GLOBAL MANUFACTURING AND SUPPLY

GSK has 85 manufacturing sites in 37 countries with over 35,000 employees.
The sites within the GSK manufacturing network:

 supply products to 191 global markets for GSK

 produce over 1,200 different brands
 manufacture
acture almost 4 billion packs per year
 produce over 28,000 different finished packs per year
 supply around 6,900 tons of bulk active each year
 manage about 2,000 new product launches globally each year

Production of nutritional products is in excess of 300 million Lucozade/Ribena

bottles, 350 million Ribena tetra packs and 20 million Lucozade carbonated
cans per year. The annual output of Horlicks is 50 million kilograms, equivalent
to about 1,000 million servings. In oral care, the volume of toothpaste
manufactured
ufactured annually exceeds 600 million tubes.

GSK PHARMACEUTICALS
You would be forgiven for thinking that a company the size of GlaxoSmithKline
- with over 100,000 employees around the world - is only ever concerned with
the bottom line. But the truth is that every member of our organization is
equally dedicated to helping
helpi people around the world Live ive longer, Feel
F better
and Do more.

39
 Zahid Nazir
Roll No. 523655

We have a diverse portfolio of brands, as well as a health pipeline of new

exciting compounds. Every year

GlaxoSmithKline invests approx. $5 billion into research and development.

GlaxoSmithKline is a leader in four major therapeutic areas - anti infectives,
central nervous system, respiratory and gastro-intestinal.
gastro intestinal. Based on 2004
Annual Results, GSK had sales of $37.2 billion and profit before tax of 11.1 billion.
Pharmaceutical sales
es accounted 24.8 billion with new products representing
22% of total pharmaceutical sales.

This continued success is achieved by being a responsible leader, committed to

working with healthcare professionals, listening to patients and responding to
a changing
ging environment.

RESEARCH AND DEVELOPMENT

DEVELOPMENT (R&D)
We live in an exciting moment in the history of biomedical science. Disease is
giving up its secrets to the intelligence and dedication of scientists aided by
technological marvels that might have been the stuff of science fiction only a
generation ago. We have every reason to believe that ahead of us lies
accelerating progress against many of the afflictions of humankind.

At GlaxoSmithKline, scientists in Research and Development are committed to

capturing this moment. They bring to it their own very considerable abilities,
the resources of a parent company devoted to the scientific enterprise, and the
urgency of knowing that their highest purpose is the relief of human suffering.
In pursuit of this purpose,
purpose, they desire to make of GlaxoSmithKline a magnet for
others who share their talents, whether as prospective corporate colleagues or
as collaborators in industry, academe, and government.

Creating a new medicine is a complex business, costing over $324 mil

million and
typically taking between 12 and 15 years. Regulatory hurdles are increasingly
stringent, yet escalating costs, medical need and the pressure of competition

40
 Zahid Nazir
Roll No. 523655

demand that the whole process is condensed into as short a time as possible.
GSK uses the scale
cale of a huge company to reach its goal of applying science to
improve patient health. Equally important is its flexibility, allowing teams of
scientists the freedom to take an entrepreneurial approach, and enabling them
to move quickly, on the basis of iinformed decisions.

Once a compound has been identified as a potential drug candidate, it goes

through an exacting, rigorous process to prove that the new drug is both safe
and effective. Any potential new project not meeting the criteria at any stage is
dropped
opped from the company portfolio to make way for other, more promising
candidates.

GSK IN TIME

 Every second, more than 30 doses of vaccines are distributed by

GSK worldwide.
 Every minute, more than 1,100 prescriptions are written for GSK
products worldwide.
 Every hour, GSK spends more than $450,000 to find new
medicines.
 Every day, more than 200 million people around the world use a
GSK brand toothbrush or toothpaste.
 Every year, GlaxoSmithKline donates more than $138 million in cash
and products to communities around the world.

GSK employees are each expected to strive for improvement in these key
competencies and align themselves with the supportive behaviors.

Performance with Integrity - Delivering on promises with organizational

and individual trustworthiness.

People with Passion - People are enabled and motivated to do their best
work.

41
 Zahid Nazir
Roll No. 523655

Innovation & Entrepreneurship - Competitive advantage through well-

executed ingenuity.

Sense of Urgency - A nimble, focused, resilient and fast-learning

organization.

Everyone Committed, Everyone Contributing- All employees have an

opportunity to make a meaningful contribution, and to succeed based on
merit.

Accountability for Achievement - Clear expectations; focus on the critical

few. Performance matters, and will be rewarded.

Alignment with GSK Interests - One team, in single-minded pursuit of our

mission, reflecting a common spirit and integrated strategies.

Develop Self and Others - A norm of career-long learning agility across

the organization. Employees continuously learn and develop their
professional potential. Leaders have key roles as teachers, coaches and
champions of development.

WHAT IS DIVERSITY AT GSK?

At GSK, we are committed to creating an inclusive environment for our

employees, customers, and stakeholders.

For employees, it means creating an environment where we value and

draw on the differing knowledge, perspectives, experiences, and styles
resident in our global community.

For customers, it means understanding who they are, what their

changing needs are, and how GSK can help them do more, feel better,
and live longer.

For stakeholders, it means understanding what they prefer, what they

require, and how GSK can work most effectively with them.

42
 Zahid Nazir
Roll No. 523655

What makes GSK a great place to work?

We asked some of our current employees, and here's what they said:

"There are lots of local companies that would welcome someone of my

background and experience. Here, I get the added bonus of knowing
that I am contributing to better lives around the world"

"The company offers a competitive salary and excellent benefits. If you

analyze the whole package, you'll find that most companies can't beat it"

"Through friendly and supportive teams, individual innovation is

encouraged and rewarded."

"When you have a project there is a real sense of ownership which

means things get done"

"It's the people within the company that makes it great"

****************

43
 Zahid Nazir
Roll No. 523655

GALXOSMITHKLINE PAKISTAN LIMITED

Overview
GlaxoSmithKline Pakistan Limited was created on January 1st 2002 through the
merger of SmithKline and French of Pakistan Limited, Beecham Pakistan
(Private) Limited and Glaxo Wellcome (Pakistan) Limited- standing today as the
largest pharmaceutical company in Pakistan

As a leading international pharmaceutical company we make a real difference

to global healthcare and specifically to the developing world. We believe this is
both an ethical imperative and key to business success. Companies that
respond sensitively and with commitment by changing their business practices
to address such challenges will be the leaders of the future. GSK Pakistan
operates mainly in two industry segments: Pharmaceuticals (prescription drugs
and vaccines) and consumer healthcare (over-the-counter- medicines, oral care
and nutritional care).

GSK leads the industry in value, volume and prescription market shares. We are
proud of our consistency and stability in sales, profits and growth. Some of our
key brands include Augmentin, Panadol, Seretide, Betnovate, Zantac and
Calpol in medicine and renowned consumer healthcare brands include Horlicks,
Aquafresh, Macleans and ENO.

In addition, we are also deeply involved with our communities and undertake
various Corporate Social Responsibility initiatives including working with the
National Commission for Human Development (NCHD) for whom we were one
of the largest corporate donors. We consider it our responsibility to nurture the
environment we operate in and persevere to extend our support to our
community in every possible way. GSK participates in year round charitable
activities which include organizing medical camps, supporting welfare
organizations and donating to/sponsoring various developmental concerns and
hospitals. Furthermore, GSK maintains strong partnerships with non-

44
 Zahid Nazir
Roll No. 523655

government organizations such as Concern for Children, which is also

extremely involved in the design, implementation and replication of models for
the sustainable development of children with specific emphasis on primary
healthcare and education.

Mission Statement
Excited by the constant search for innovation, we at GSK undertake our quest
with the enthusiasm of entrepreneurs. We value performance achieved with
integrity. We will attain success as a world class global leader with each and
every one of our people contributing with passion and an unmatched sense of
urgency.

Our mission is to improve the quality of human life by enabling people to do

more, feel better and live longer.

Quality is at the heart of everything we do- from the discovery of a molecule to

the development of a medicine.

GSK IT
Sometimes the greatest revolutions in business are the quiet ones. IT at GSK is
leading a quiet revolution that is fundamentally changing the way we use
information. Combining business intelligence and marketing savvy with project
leadership capabilities, we enable the rest of the business to perform the
complex tasks involved in delivering life-enhancing solutions.

Ours is a complex enterprise, involving a computer network that supports over

80,000 internal users and thousands more externally. More specifically, our
employees:

45
 Zahid Nazir
Roll No. 523655

Send 300,000 email and instant messages per day

Spend 100 million minutes in audio conferencing each year

Enrol in 40,000 training sessions (mostly online) every month

And that's just for starters - we also enable 30,000 salespeople to call on
healthcare professionals every day, and help in the production and delivery of
over 4 billion product packs in a single year.

All of this is accomplished thanks to our dedicated team of 3,500 people,

based in 68 countries at over 100 sites. Together, we offer the business a rapid
response, intellectual integrity, and rigorous accounting of results.

Accordingly, we've created a culture of process management rather than

bureaucracy. Here, you'll learn from those around you, developing yourself and
others in the process, all the while continually striving to find new and better
ways of doing things.

GMS IT Mission
Our purpose
To improve GMS performance through optimised IT solutions and services
Our long-term aspiration
To build an enviable reputation for excellence
Our value proposition
We integrate IT and business processes to enable GMS to operate more
reliably, faster and at lower cost
Our core values
Integrity
Relationships
Results

46
 Zahid Nazir
Roll No. 523655

STRATEGIC ROLE OF IT

Information technology plays three strategic roles in GlaxoSmithKline:

it facilitates communication and access to information on a global basis.

it supports key business processes at the local, regional, functional and
global levels.

it enables the transformation and extension of key business activities.

SUPPORT FOR THE MERGER PROCESS

Information technology played a key part in providing the planning information
for the merger, much of which was derived from the existing systems in Glaxo
Wellcome and SmithKline Beecham. Of major importance was ensuring that
the new company had the IT systems in place to function effectively as soon as
the merger was complete. From the first day of GlaxoSmithKline, the 80,000
employees in 58 countries with e-mail accounts were able to contact their
colleagues electronically. Employees could also use short codes for dialing
between sites, search on-line phone directories, and access both companies’
intranet sites. Cross-site links to key business applications were provided.
GLOBAL COMMUNICATIONS

The past year has seen major growth in the number of internal websites. These
allow information to be shared across the company on a global basis and are
supported by internal search engines analogous to those used externally on
the Internet. The ability to provide shared access to information has enabled
the growing use of ‘virtual teams’, that work collaboratively, spanning multiple
geographies and time zones, often subject to stringent time constraints.

Information is also exchanged electronically with a broad array of suppliers,

customers and partners. Hence, protection against unauthorized access to key
systems, and the growing risks posed by computer viruses, is a major issue.
Intruder detection software has been added to company firewalls and virus

47
 Zahid Nazir
Roll No. 523655

scanning has been implemented at the gateway, server and desktop levels. The
separate approaches adopted by Glaxo Wellcome and SmithKline Beecham are
being integrated in a common standard approach for GlaxoSmithKline.

ENHANCING BUSINESS PERFORMANCE

Virtually all GlaxoSmithKline’s major business processes rely heavily on the use
of information technology. Within R&D in both SmithKline Beecham and Glaxo
Wellcome there have been major programmes to capture key information, at
source, in electronic form and make it available wherever required. As a result
of these efforts, it was possible to make a number of regulatory drug
submissions during the past year solely in electronic form. New drug
submissions can be 50,000 to 250,000 pages in size and the ability to avoid
generating paper submissions gives rise to significant savings in time and cost.

As part of the project to implement standard systems for Manufacturing

Resource Planning in Glaxo Wellcome, eight sites, seven in the UK and one in
Jurong, Singapore, have been supported for the past year from a single
system. Further along the supply chain, SmithKline Beecham introduced
standard enterprise financial and commercial software into 108 locations. The
ability to consolidate mission critical operations in this way reflects the growing
availability and reliability of global data networks and ensures that common
processes and standards are implemented across sites, in addition to providing
lower operating costs.

Both Glaxo Wellcome and SmithKline Beecham have installed major systems in
the USA to analyse commercially available prescribing data. By better
understanding locally of how GlaxoSmithKline’s products are used in the
marketplace, it is possible to target promotional and detailing activities and
measure the market response. Information from these systems is transmitted
electronically to the field sales forces and their responses are then uploaded to
the system. With the growing availability of the required technology and

48
 Zahid Nazir
Roll No. 523655

infrastructure, sales force automation systems are being deployed in most

major commercial markets.

TRANSFORMING AND EXTENDING BUSINESS ACTIVITIES

Insights gained from genomics and proteomics are transforming the way that
disease targets are identified and validated. Information generated from a
variety of external sources needs to be integrated with internally generated
information in a rapid and flexible manner that relies heavily on information
technology support. The analysis of these databases also requires significant
amounts of processing power, taking full advantage of advances in computer
technology.

E-BUSINESS
Both Glaxo Wellcome and SmithKline Beecham recognized the growing
importance of e-business and had already put small dedicated teams in place.
Web based interfaces to major customers have been implemented in the USA.
Current projects span a broad range of key audiences including opinion leaders,
healthcare professionals, patients and the public.

IT GUIDELINES FOR GSK EMPLOYEES

GSK has issued guidelines for the acceptable use of IT resources. These
guidelines are outlined below:

GSK Acceptable Use Guidelines

This Guide applies to all telecommunications and computing facilities including,

but not limited to, telephones, desktop and laptop personal computers (PCs),
Personal Digital Assistants, workstations and mainframe computer terminals.

Under each category is the description of acceptable and unacceptable usages

of GSK IT Resources. References to PCs should be taken to include any of the
computing devices you use to perform work for GSK.

49
 Zahid Nazir
Roll No. 523655

PHYSICALLY PROTECTING HARDWARE

ACCEPTABLE UNACCEPTABLE
Do log out or lock (CTRL-ALT-DELETE Do Not store Confidential Data or Personally
highlight lock computer and hit Enter or Identifiable Information (PII) unencrypted on
Windows Key-L) your PC before you leave it mobile hardware devices (e.g. laptops, PDAs,
unattended. USB, etc).
Do log off (CTRL-ALT-DELETE highlight log
off and hit Enter) before allowing anyone
else to use your computer.
Do keep all hardware devices secure when Do Not label hardware devices in a manner
working from home and when travelling on that associates it with GSK.
company business.
Do retain backup copies of your information
when you do not store it on a file server or
shared drive that has a confirmed backup
process. If backing up confidential or
sensitive personally identifiable data it MUST
be encrypted.
Do record the make, model and serial Do Not connect personal hardware devices
number of all hardware devices in case it is to the GSK network.
lost or stolen. If a hardware device is lost or
stolen, report it immediately to Computer
Security Incident Response Central, Site
Security and/or the police
Do return all hardware, software and media
to your local IT support team for secure
disposal and be sure to erase all GSK data in
accordance with the Data Erasure Standards.
SOFTWARE AND LICENSE MANAGEMENT
ACCEPTABLE UNACCEPTABLE
Do install only IT approved software via the Do Not install software categorized as
use of the Application Installation Tool (AIT). hacking, sniffing or peer to peer (P2P) file
Please call your local IT Support staff for sharing software, such as Napster, Lime-wire
assistance if necessary. without written approval from Global IT Risk
Management.
Do maintain a valid software license for all Do Not install any software on GSK hardware
software. that has not been approved by GSK IT.
Do use free or open source software in
compliance with the Free and Open Source
Software IT Management Practice.

50
 Zahid Nazir
Roll No. 523655

VIRUS / MALWARE
ACCEPTABLE UNACCEPTABLE
Do use caution when selecting websites to Do Not open email (including web-mail)
visit; this will help to avoid viruses, spyware attachments you are not expecting.
and adware from being installed by malicious
websites.
Do virus check anything prior to Do Not deliberately disable or prevent
downloading, even from a known source, as installed GSK Security software from running
it may be infected by a virus. (e.g. firewall, anti-virus, etc.).
Do contact the Help Desk, if you suspect the
presence of a virus on your computer.
PROTECTING ACCOUNTS AND PASSWORDS
ACCEPTABLE UNACCEPTABLE
Do manage and use accounts in accordance Do Not use easily guessable passwords;
with the Access Management IT including dictionary words (e.g. firetruck,
management Practice. password, superuser etc), sequences based
on keyboard layouts (e.g. qwerty),
incremental variations on previous
Password(s), birthdates, or names of your
children.
Do have a password that is at least (7) seven Do Not use your privileged account for non-
characters long. approved functions.
Do choose and use strong passwords (mix Do Not share/give passwords for user
letters, numbers and symbols (2g5!d#36lz), accounts after the initial logon. If a password
or passphrase (e.g. 14U2NV)). is disclosed or compromised, reset the
password immediately.
Do change all default or initial logon Do Not use your GSK ID and/or password for
passwords after the first login. access to personal or non-GSK Assets (e.g.
personal email account). In many cases this
information is stored on a server and could
be compromised.
Do Log out or Lock (CTRL-ALT-DELETE then
Enter) your PC when you leave it unattended
to prevent account misuse.
Do change your passwords regularly (e.g. 30
days for privileged accounts / 180 days for
non-privileged accounts).
INTERNET, EMAIL, INSTANT MESSAGING AND OTHER SOCIAL MEDIA TOOLS

ACCEPTABLE UNACCEPTABLE
INTRANET/INTERNET ACCESS

Do use caution to ensure each web page Do Not abuse GSK Internet access.

51
 Zahid Nazir
Roll No. 523655

browsed is free from potentially offensive,

obscene, discriminatory or inappropriate
material.
Do ensure all Internet access from a GSK PC
is through the GSK network or iPass.
Do limit personal use of the Internet.
E-MAIL & INSTANT MESSAGING (IM) Do Not use external Instant Messaging (IM)
clients. These clients that have not been
Do use secure email for sending content with approved by IT. These clients are not secured
confidential or Personally Identifiable to GSK standards or licensed for use in GSK.
Information (PII) externally.
Do consider deleting previous recipient Do Not send potentially harassing,
addresses prior to forwarding an email. inflammatory, or inappropriate content via
email.
Do report any inappropriate or harassing Do Not 'Autoforward' your GSK email
email to the Global IT Security mailbox. externally.
Do use caution and good judgment to ensure Do Not abuse any email 'delegate’ access
an email you forward does not contain provided to you by another employee.
potentially harassing or inappropriate Ensure this delegation is formalized and
content. agreed by both parties.
Do Not respond to Phishing activities, or any
attempt to acquire sensitive information,
such as usernames, passwords and credit
card details, by someone masquerading as a
trustworthy entity in an electronic
communication. If you are in doubt as to the
validity of a request, report it as a security
incident prior to responding in any way.
OTHER SOCIAL

Do host all internet forums, blogs or wikis
using GSK IT Approved Software that
provides for monitoring of the content and
participation.
Do be respectful to the company,
employees, customers, partners, and
competitors participating in blogs, wikis or
internet forums.
Do state that the opinions expressed on non-
company sponsored blogs, wikis or internet
forums are solely yours and are not
necessarily the opinions of GSK.
Do retain all electronic records created via an
Do Not identify yourself as a “GSK person”
when posting to external Blogs, Wikis, news
groups, message boards, etc. from the GSK
network unless specifically authorised.
Do Not post or transmit any Personally
Identifiable Information (PII), GSK
confidential or proprietary information via
internet forums, wikis or blogs.
Do Not use external Instant Messaging (IM)

52
 Zahid Nazir
Roll No. 523655

internet forum, wiki or blog in compliance to send file transfers, voice or streaming
with the GSK Records Retention Policy. video.
Do use caution when opening hyperlinks Do Not send any information that associates
received via Instant Messages (IM). you or colleagues with GSK when registering
with external Instant Messaging (IM)
directories.
Do restrict external contact lists to legitimate Do Not save Instant Messaging (IM) chats.
business contacts.
Do comply with copyrights for all
communications with external services such
as chat-rooms, newsgroups and bulletin
boards and carry a disclaimer, unless
specifically authorized by GSK.
Do contact GSK Corporate Communications
immediately if you become aware of
misinformation about GSK or its products
circulating on external services such as the
Internet.
PROTECTING GSK DATA & INFORMATION
ACCEPTABLE UNACCEPTABLE
INFORMATION

Do use approved encryption technology for Do Not store GSK documents on personal
all confidential data in transit and at rest on equipment such as home PC’s, external hard
mobile computing devices. Contact your drives, PDAs or USB devices.
local IT Support staff for assistance if
necessary.
Do whenever possible, store GSK
Do Not forward GSK confidential data
information, on an Itmanaged file server or outside of the company, including personal
shared drive. email accounts and file upload (e.g., peer-
topeer) sites.
Do retain backup copies of your information Do Not store sensitive information in a public
when you do not store it on a file server or file share that can be accessed by
shared drive. If backing up confidential or unauthorized people.
sensitive personally identifiable data, it
MUST be encrypted.
PII (PERSONALITY IDENTIFIABLE)

Do limit access to PII only to employees with
a specific business need.
Do protect PII from loss, misuse,
unauthorized access, disclosure, alteration or
destruction.
Do Not store PII on a publicly accessible
medium.
Do Not transfer sensitive information across
borders (e.g. archiving data in US or UK),
without ensuring that data privacy

53
 Zahid Nazir
Roll No. 523655

Do obtain Data Privacy training (including agreements are in place.

relevant local laws and regulations), and
appropriate oversight and assistance as
necessary. For more information, refer to
GSK eLearning module “GSK Overview of
Privacy of Personally Identifiable Information
Policy”
RETENTION & DISPOSAL OF MEDIA

Do comply with GSK retention periods for Do Not retain data on your PC for longer than
any media, including email and paper record. specified in GSK’s retention period for that
type of data.
Do ensure that information is either Do Not destroy any information that may be
transferred to another GSK employee or subject to litigation or other record holds
destroyed to the Data Erasure Standards apply.
prior to re-deploying or transferring a
computer.
ENCRYPTION

Do encrypt sensitive or confidential data if it Do Not use encryption technology that has
needs to be emailed via the internet or not been approved by GSK IT. Contact your
mailed on CD to GSK suppliers/customers. local IT Support staff for assistance if
necessary.
Do encrypt sensitive or confidential data
backed up to CD or USB’s.
Do encrypt confidential data in transit and at
rest on mobile computing devices.
MANAGING VENDOR & THIRD PARTY RELATIONSHIP
ACCEPTABLE UNACCEPTABLE
Do ensure that all appropriate safeguards, Do Not disclose any details relating to GSK IT
such as confidentiality agreements, are in Resources without authorization of the
place and the third party is aware that the information owner.
information being accessed is confidential.

Do ensure that all computer systems storing Do Not use any system without complying
GSK information, including those managed with the terms and conditions on which
by third parties, comply with GSK access is supplied.
information security policies and guidelines.
Do document clearly GSK information
security expectations in purchasing
contracts, and regularly monitor that the
security controls are enforced.

54
 Zahid Nazir
Roll No. 523655

Do have any contracts with a significant IT

asset and dependency reviewed by Legal.
REPORTING OF ISSUES & VIOLATIONS
Do report any suspected security breaches immediately to Computer Security Incident.

Computer Security Incident Response Process

The Computer Security Incident Response (CSIR) process exists to mitigate risks to GSK’s
information assets by ensuring GSK is prepared to address computer related security events
in a standardised and efficient manner. The CSIR process is managed by Global IT Security
within Global IT Risk Management. All CSIR incidents are handled confidentially– complaints
are handled discreetly and information is only shared on a need-to-know basis.

ERGONOMICS
Ergonomics or human factors is concerned about the fit between people and
the things they do, the objects they use, the environments they work, and
travel. GSK is very concerned about the health of their employees. GSK has
developed a website for handling the ergonomics related issues. Objectives to
develop this site are:

 To design jobs to fit people

 Take into account size, strength and ability of a range of users
 Design tasks, workplace and tools to fit the users Benefits
 Efficiency, quality and job satisfaction

55
 Zahid Nazir
Roll No. 523655

CONCLUSION
Although information technology has some negative social and ethical impact
but on the other hand it has many more positive impacts. Application of
information technology (IT) can help businesses and governments to:
 Enhance productivity
 Improve efficiency
 Provide better service
 Increase competitiveness
 Reduce costs
 Transform into an e-business/e-government.

56
 Zahid Nazir
Roll No. 523655

 Facilitating access to information technology is an important way for

countries to promote economic development and growth.
 Providing market access to IT and IT services will help attract Foreign
Direct Investment (FDI).
 Many countries recognized this when they signed the Information
Technology Agreement (ITA) to eliminate customs duties on IT products,
which increase the cost of this important technology to businesses,
government and consumers.
 IT services enable a business or government to obtain the benefits of
information technology quickly and without making major investments to
purchase, install, and operate its own computer equipment and without
having to hire and retain a full IT staff.
 There is a growing trend for companies to purchase IT services instead of
owning and maintaining their own IT infrastructure, to ensure access to the
latest technology and applications and to concentrate on the operation of
their core business.
 Granting full market access and national treatment to IT services
provides businesses in all industry sectors access to the best information
technology (IT) services from around the world so that they can become
competitive on a global basis.
 Countries may consider creating market access barriers for IT services in
an attempt to protect and foster the development of a domestic IT services
industry. However, this would be counter productive, increasing the cost of
IT services to users while creating a domestic IT services industry that may not
be competitive on a global basis.

********************

57