affect employment, individuality, working condition, privacy, crime health etc. Identify several types of security management strategies and defenses. Propose several ways that business managers can help to lessen the harmful effects and increase the beneficial effects of the use of IT. Mirza Asher Baig COMPUTER CRIME IN E- BUSINESS Defined by Association of Information Technology Professional (AITP) as including: The unauthorized use, access, modification and destruction of HW, SW, data or network resources. The unauthorized release of information. The unauthorized copying of SW. Denying end-user access to his own HW, SW, data or network resources. Using or conspiring to use computer or network resource to illegally obtain infor- mation. Mirza Asher Baig COMPUTER CRIME
Mirza Asher Baig
Hacking obsessive use of computers or the unauthorized access and use of networked computer systems. Hackers frequently assault the Internet or other network to steal data and programs or modify the contents of files and web pages.
Mirza Asher Baig
Hacking Denial of service - hammering website's equipment with too many requests for information. Scans -probing the Internet to determine types of computer, services and connections. Sniffer - covert individual packet of data as they pass through the Internet. Spoofing - faking e-mail address or web page to trick users to pass critical information. Trojan horse - unknown program to users that contain instructions exploiting SW. Back doors - hidden ways to make re-entry easy and difficult to detect. Malicious applets - tiny programs (sometimes in Java) that misuses computer re- sources, modify files and steal password. War dialling - automatically dial thousands of telephone number in search modem connection. Logic bombs - instructions in a computer program that triggers a malicious act. Buffer overflow- crashing or gaining control of a computer by sending too much buffer to the memory. Password crackers - S W that can guess passwords. Social engineering - gaining access by talking to employee to reveal password. Dumpster diving - sifting through company's garbage to obtain information.
Mirza Asher Baig
Cyber theft Involves the theft of money with unauthorized network entry and fraudulent alteration of computer databases. For example, hackers use the Internet to electronically break into bank systems and transfer funds to their bank account.
Mirza Asher Baig
Unauthorized use of computer systems and networks The unauthorized use of computer systems and networks can be called time and resource theft. This includes using company-owned computer by employees for personal finances and playing games.
Mirza Asher Baig
SW piracy It is the unauthorized copying of S W which is illegal because SW is intellectual property that is protected by copyright law and user licensing agreement. Piracy of intellectual property does not only apply to SW. Other forms of copyrighted materials such as music, books, videos and images are also vulnerable to piracy.
Mirza Asher Baig
Computer viruses Virus technically is a program code that cannot work without being inserted into another program Worm is a distinct program that can run unaided. Computer viruses typically enter a computer system through e-mail and file attachments. Use of antivirus programs can help diagnose and remove computer viruses from infected files on hard disk.
Mirza Asher Baig
Privacy Issue Computer matching: matching of personal profiles from TPS database to brokers.
Spamming: the indiscriminate sending of unsolicited
has also been used by hackers to disseminate
Flaming: practice of sending extremely critical, (flame
e-mail) or newsgroup postings to Internet and
Mirza Asher Baig
OTHER CHALLENGES Employment challenges Health issues Cumulative trauma disorder (CTD) caused by repetitive keystroke jobs that weakens their fingers, wrist, arms, necks and back and carpal tunnel syndrome which is a painful, crippling ailment of the hand and wrist that require surgeries to cure. Ergonomics provides solution to some of these health problems.
Mirza Asher Baig
YOU AND ETHICAL RESPONSIBILITY Four basic ethical philosophies are: Egoism - what is best given for a given individual is right. Natural law - human should promote their own health and life, propagate, pursue knowledge of the world and God, pursue close relationships with others and submit to legitimate authority. Utilitarianism - those actions are right that produce the greatest good for the greatest number of people. Respect for persons - people should be treated as an end and not as a means to an end; actions are right if everyone adopts the moral rule presupposed by the action.
Mirza Asher Baig
E-BUSINESS SECURITY Like any other vital assets of organizations, the IS HW, SW, networks, and data resources need to be protected by security measures to ensure their quality and beneficial use.
Mirza Asher Baig
SECURITY MANAGEMENT Security management is the accuracy, integrity and safety of all e-business processes and resources. Its effectiveness can minimize error, frauds, and losses in e-business. Integration of various tools and methods must be acquired to protect company's e-business.
Mirza Asher Baig
ENCRYPTION Using special mathematical algorithms or keys to transform digital data into a scrambled code before they are transmitted and decode the data when they are received. E-mail could be scrambled and encoded using public key that is known to the sender and unscrambled using private key that is only known by the recipient.
Mirza Asher Baig
FIREWALLS Combination of HW and SW that control the security of a network. It can be a communication processor such as routers or servers with firewalls SW. Purpose: to protect a company's intranets and other network from intrusion by providing a filter and safe transfer points. Screens all network traffic for proper passwords or security codes and only allows authorized transmission in and out of the network. Denial of services is normally performed by criminal hackers via the Internet. These types of attacks depend on the three layers of networked computer systems; victim's websites, victim's ISP and "zombie" sites of cyber criminals.
Mirza Asher Baig
EMAIL MONITORING To scan troublesome words in email that may be harmful to organizations.
Mirza Asher Baig
OTHER SECURITY MEASURES Security codes: assigning of password Backup file: make duplicate copies of files and data Security monitor: implementation of SW to control and monitor computer systems and network Biometric security: devices that measure physical traits that make each individual unique, Computer failure controls: controls against power failure, electronic circuitry malfunctions, network problems and hidden programming errors. Fault tolerant system: redundant processors, peripherals and SW that provide fail-over capacity to back up components in the event of system failure. Disaster recovery: procedures that formalize the steps to be taken in the event of natural disaster.