Security and Ethical

Challenges of E-Business

Mirza Asher Baig

Learning Objectives

 Identify several ethical issues in IT that

affect employment, individuality, working
condition, privacy, crime health etc.
 Identify several types of security
management strategies and defenses.
 Propose several ways that business
managers can help to lessen the
harmful effects and increase the
beneficial effects of the use of IT.
Mirza Asher Baig
COMPUTER CRIME IN E-
BUSINESS
Defined by Association of Information Technology
Professional (AITP) as including:
 The unauthorized use, access, modification
and destruction of HW, SW, data or network
resources.
 The unauthorized release of information.
 The unauthorized copying of SW.
 Denying end-user access to his own HW, SW,
data or network resources.
 Using or conspiring to use computer or
network resource to illegally obtain infor-
mation.
Mirza Asher Baig
COMPUTER CRIME

Mirza Asher Baig

Hacking
 obsessive use of computers or the
unauthorized access and use of
networked computer systems.
 Hackers frequently assault the Internet
or other network to steal data and
programs or modify the contents of files
and web pages.

Mirza Asher Baig

 Hacking
 Denial of service - hammering website's equipment with too many requests for
information.
 Scans -probing the Internet to determine types of computer, services and connections.
 Sniffer - covert individual packet of data as they pass through the Internet.
 Spoofing - faking e-mail address or web page to trick users to pass critical information.
 Trojan horse - unknown program to users that contain instructions exploiting SW.
 Back doors - hidden ways to make re-entry easy and difficult to detect.
 Malicious applets - tiny programs (sometimes in Java) that misuses computer re-
sources, modify files and steal password.
 War dialling - automatically dial thousands of telephone number in search modem
connection.
 Logic bombs - instructions in a computer program that triggers a malicious act.
 Buffer overflow- crashing or gaining control of a computer by sending too much buffer to
the memory.
 Password crackers - S W that can guess passwords.
 Social engineering - gaining access by talking to employee to reveal password.
 Dumpster diving - sifting through company's garbage to obtain information.

Mirza Asher Baig

Cyber theft
 Involves the theft of money with
unauthorized network entry and
fraudulent alteration of computer
databases.
 For example, hackers use the Internet to
electronically break into bank systems
and transfer funds to their bank account.

Mirza Asher Baig

Unauthorized use of computer
systems and networks
 The unauthorized use of computer
systems and networks can be called
time and resource theft. This includes
using company-owned computer by
employees for personal finances and
playing games.

Mirza Asher Baig

SW piracy
 It is the unauthorized copying of S W
which is illegal because SW is
intellectual property that is protected by
copyright law and user licensing
agreement.
 Piracy of intellectual property does not
only apply to SW. Other forms of
copyrighted materials such as music,
books, videos and images are also
vulnerable to piracy.

Mirza Asher Baig

Computer viruses
 Virus technically is a program code that
cannot work without being inserted into
another program
 Worm is a distinct program that can run
unaided.
 Computer viruses typically enter a
computer system through e-mail and file
attachments.
 Use of antivirus programs can help
diagnose and remove computer viruses
from infected files on hard disk.

Mirza Asher Baig

Privacy Issue
 Computer matching: matching of personal profiles from
TPS database to brokers.

 Spamming: the indiscriminate sending of unsolicited

has also been used by hackers to disseminate

 Flaming: practice of sending extremely critical, (flame

e-mail) or newsgroup postings to Internet and

Mirza Asher Baig

OTHER CHALLENGES
 Employment challenges
 Health issues
 Cumulative trauma disorder (CTD) caused by
repetitive keystroke jobs that weakens their
fingers, wrist, arms, necks and back and carpal
tunnel syndrome which is a painful, crippling
ailment of the hand and wrist that require
surgeries to cure.
 Ergonomics provides solution to some of these
health problems.

Mirza Asher Baig

YOU AND ETHICAL RESPONSIBILITY
Four basic ethical philosophies are:
 Egoism - what is best given for a given individual is
right.
 Natural law - human should promote their own health
and life, propagate, pursue knowledge of the world
and God, pursue close relationships with others and
submit to legitimate authority.
 Utilitarianism - those actions are right that produce
the greatest good for the greatest number of people.
 Respect for persons - people should be treated as
an end and not as a means to an end; actions are
right if everyone adopts the moral rule presupposed
by the action.

Mirza Asher Baig

E-BUSINESS SECURITY
 Like any other vital assets of
organizations, the IS HW, SW, networks,
and data resources need to be protected
by security measures to ensure their
quality and beneficial use.

Mirza Asher Baig

SECURITY MANAGEMENT
 Security management is the accuracy,
integrity and safety of all e-business
processes and resources.
 Its effectiveness can minimize error,
frauds, and losses in e-business.
 Integration of various tools and methods
must be acquired to protect company's
e-business.

Mirza Asher Baig

ENCRYPTION
 Using special mathematical algorithms
or keys to transform digital data into a
scrambled code before they are
transmitted and decode the data when
they are received.
 E-mail could be scrambled and encoded
using public key that is known to the
sender and unscrambled using private
key that is only known by the recipient.

Mirza Asher Baig

FIREWALLS
 Combination of HW and SW that control the security of a
network.
 It can be a communication processor such as routers or
servers with firewalls SW.
 Purpose: to protect a company's intranets and other
network from intrusion by providing a filter and safe
transfer points.
 Screens all network traffic for proper passwords or
security codes and only allows authorized transmission in
and out of the network.
 Denial of services is normally performed by criminal
hackers via the Internet. These types of attacks depend
on the three layers of networked computer systems;
victim's websites, victim's ISP and "zombie" sites of cyber
criminals.

Mirza Asher Baig

EMAIL MONITORING
 To scan troublesome words in email that
may be harmful to organizations.

Mirza Asher Baig

OTHER SECURITY MEASURES
 Security codes: assigning of password
 Backup file: make duplicate copies of files and data
 Security monitor: implementation of SW to control
and monitor computer systems and network
 Biometric security: devices that measure physical
traits that make each individual unique,
 Computer failure controls: controls against power
failure, electronic circuitry malfunctions, network
problems and hidden programming errors.
 Fault tolerant system: redundant processors,
peripherals and SW that provide fail-over capacity to
back up components in the event of system failure.
 Disaster recovery: procedures that formalize the
steps to be taken in the event of natural disaster.

Mirza Asher Baig