John Benedict Bation

Morell Begonia
Korina Andrea Del Castillo
Raphael Enriquez
Geraldine Francisco
Ma. Rica Tapang

Ethical, Privacy and Security

Issues
Objectives:
 To understand the different kinds of ethical
issues in Information Technology
 To know and understand how organizations
deal with them
 To understand the basic concepts of ethics
in IT Development
 Ethics Defined:
 Moral codes are the rules that establish the
boundaries of generally accepted behavior.
 Morality refers to social conventions about right
and wrong human conduct.
 Ethics. A branch of philosophy that deals with
what is considered to be right and wrong.
 A Code of Ethics is a collection of principles that
are intended to guide decision making by
members of an organization.
 Why Ethics are important:
 Protect an organization and its employees
from legal action.
 Create an organization that operates
consistently.
 Provide a livelihood for employees.
 Avoid unfavorable publicity.
 Gain the goodwill of the community.
Ethics in Information Technology
The increased use of information
technology has raised many ethical issues
for today’s IT professional.
 Licensing of IT professionals
 Internet communication
 Intellectual property
 Employee/employer issues
Ethics in Information Technology
 Today’s workers are subject to the monitoring of
their e-mail and Internet access while at work, as
employers and employees struggle to balance the
need of the employer to manage important
company assets and employees’ work time versus
the employees’ desire for privacy and self-
direction.
Ethics in Information Technology
 Millions of people have used Napster software
to download music at no charge and in
apparent violation of copyright laws.

 DoubleClick, an advertising network that tracks

users as they move around the Internet, was
sued after it revealed plans to match a mass
mailing marketing list with its anonymous
database of Internet users, thus revealing the
Web users’ identities.
Ethics in Information Technology
 Students around the world have been caught
downloading material from the Internet and
plagiarizing content for their term papers.

 Hackers engaged in acts of cyberterrorism

defaced hundreds of Web sites and left hate
messages after a collision between a United
States spy plane and a Chinese jet fighter.
 Other Ethical Issues raised:
 Who should have access to data?
 Who is responsible for maintaining
accuracy and security?
 To whom does data belong?
 Does the ability to capture data imply
a corresponding responsibility to
monitor its use?
 How much information is necessary
and relevant for decision making?
 The Four Categories of Ethical
Issues
Privacy Issues
 involves collecting, storing and
disseminating information about individuals.
 What is the safeguards when we want to
reveal secret info?
 What things can people keep to themselves
and not being cracked?
Accuracy Issues
 involves the authenticity, fidelity and
accuracy of information that is collected and
processed.
 The Four Categories of Ethical
Issues
Property Issues
 involves the ownership and value of information.
 Who owns the info?
 What are the just and fair prices for its exchange?

Accessibility Issues
 revolve around who should have access to
information and whether they should have to pay
for this access.
 What info does a person have a right to obtain?
 What will be the requirement and condition that
info can be delivered?
 Protecting Privacy
 Privacy. The right to be left alone and to be
free of unreasonable personal intrusions.
 Privacy Codes and Policies. An
organization’s guidelines with respect to
protecting the privacy of customers, clients,
and employees.
 International Aspects of Privacy. Privacy
issues that international organizations and
governments face when information spans
countries and jurisdictions.
 Compromises to Intellectual
Property
 Intellectual property. Property created
by individuals or corporations which is
protected under trade secret, patent, and
copyright laws.
 Trade secret. Intellectual work, such as a
business plan, that is a company secret and
is not based on public information.
 Patent. Document that grants the holder
exclusive rights on an invention or process
for 20 years.
 Compromises to Intellectual
Property (Continued)
 Copyright. Statutory grant that provides
creators of intellectual property with
ownership of the property for life of the
creator plus 70 years.
 Piracy. Copying a software program
without making payment to the owner.
Protecting Information Resources
 Risk. The probability that a threat will
impact an information resource.
 Risk management. To identify, control
and minimize the impact of threats.
 Risk analysis. To assess the value of each
asset being protected, estimate the
probability it might be compromised, and
compare the probable costs of it being
compromised with the cost of protecting it.
Protecting Information Resources
(Continued)
 Risk mitigation is when the organization
takes concrete actions against risk. It has
two functions:
 (1) implement controls to prevent identified
threats from occurring, and
 (2) developing a means of recovery should the
threat become a reality.
 Risk Mitigation Strategies
 Risk Acceptance. Accept the potential
risk, continue operating with no controls,
and absorb any damages that occur.
 Risk limitation. Limit the risk by
implementing controls that minimize the
impact of threat.
 Risk transference. Transfer the risk by
using other means to compensate for the
loss, such as purchasing insurance.
 Controls
 Controls evaluation. Identifies security
deficiencies and calculates the costs of
implementing adequate control measures.
 General controls. Established to protect the
system regardless of their application.
 Physical controls. Physical protection of computer
facilities and resources.
 Access controls. Restriction of unauthorized user
access to computer resources; use biometrics and
passwords controls for user identification.
 Controls (Continued)
 Communications (networks) controls. To
protect the movement of data across networks
and include border security controls,
authentication and authorization.
 Firewalls. System that enforces access-control policy
between two networks.
 Encryption. Process of converting an original message
into a form that cannot be read by anyone except the
intended receiver.
 Controls (Continued)
 Virtual Private Networking. Uses the
Internet to carry information within a
company and among business partners but
with increased security by uses of
encryption, authentication and access
control.
 Application controls. Controls that
protect specific applications and include:
input, processing and output controls.
 Netiquette

 "Netiquette" is network etiquette, the do's

and don'ts of online communication.

 Netiquette covers both common courtesy

online and the informal "rules of the road"
of cyberspace.
 Rules of Netiquette
 Rule 1: Remember the Human
 Rule 2: Adhere to the same standards of behavior online
that you follow in real life
 Rule 3: Know where you are in cyberspace
 Rule 4: Respect other people's time and bandwidth
 Rule 5: Make yourself look good online
 Rule 6: Share expert knowledge
 Rule 7: Help keep flame wars under control
 Rule 8: Respect other people's privacy
 Rule 9: Don't abuse your power
 Rule 10: Be forgiving of other people's mistakes
References
 http://
higheredbcs.wiley.com/legacy/college/rainer/0471736368/ppt/ch03.ppt

 http://www.misq.org/archivist/vol/no10/issue1/vol10no1mason.html

 http://www.slideshare.net/kusmulyono/ethical-issues-in-ict-presentatio
n#text-version

 http://www.albion.com/netiquette/corerules.html

 http://articles.techrepublic.com.com/5100-22_11-6091121.html