Must do questions of Module 4

 Describe the ethical challenges related to the use of Information system?

 Explain in detail the computer crime and hacking as the biggest issue to the
information system?
 Define computer crime? State two example of crime in which computer are
target and two in which computer are used as instrument of crime?
 What are the major issues with computer crime and privacy on the internet?
What can you do about it, Explain
 Explain the term Hacking & cracking, Virus & worms?
 Piracy and privacy are the biggest issues created by the IT- do you agree?
Justify your answer.
 What is identity theft? Why is it such a big problem today? How does
phishing promote identity theft?
 What are the different types of identity theft? Explain with example.
 Write a short note on hacking- types of hacker and techniques of hacking?

Chapter 13 Security a.d Ethical Challenges 1

Security and Ethical
Challenges
Key Technological Trends that
raises Ethical Issues:
 Computing power doubles every 18 months
 Data storage cost is rapidly decline
 Advancement in data analysis
 Network Advancing
 Mobile device growth impact

Chapter 13 Security and Ethical Challenges 3

Ethical Responsibility
 As a business professional there are several
issues related to ethical responsibilities.
Manager has to address issues like:
 Should i monitor work activities of employees
(e.g. their emails)
 Should i allow employee to use work computers
for personal use?
 Should i sell personal information of my
customers

Chapter 13 Security and Ethical Challenges 4

Important aspects of security, ethical and
societal dimensions are
 IT has both beneficial
and detrimental
effects on society and
people
 Manage work
activities to
minimize the
detrimental effects
of IT
 Optimize the
beneficial effects

Chapter 13 Security and Ethical Challenges 5

Business Ethics
 Ethics questions that managers confront as part
of their daily business decision making include:
 Equity-All are equal and should be treated
fairly
 Rights-privacy of customers and employees

 Honesty-Security of company information

 Exercise of corporate power -workplace
safety

Chapter 13 Security and Ethical Challenges 6

Categories of Ethical Business
Issues

Chapter 13 Security and Ethical Challenges 7

Corporate Social Responsibility
Theories
1. Stockholder Theory
1. Managers are agents of the stockholders
2. Their only ethical responsibility is to increase the profits
of the business without violating the law or engaging in
fraudulent practices
2. Stakeholder Theory
1. Managers have an ethical responsibility to manage a firm
for the benefit of all its stakeholders
2. Stakeholders are all individuals and groups that have a
stake in, or claim on, a company

Chapter 13 Security and Ethical Challenges 8

3. Social contract theory
 States that companies have ethical responsibilities to all
members of society, which allows corporations to exist.
 The first condition requires company to enhance the
economic satisfaction of consumers and employees
without damaging environment, misusing political power
and subjecting employees to dehumanizing working
conditions.
 The second condition requires companies to avoid
fraudulent practices, show respect for their employees
as human beings, and avoid practices that systematically
worsen the position of any group in society

Chapter 13 Security and Ethical Challenges 9

Principles of Technology Ethics
 Proportionality - The good achieved by the technology must
outweigh the harm or risk; there must be no alternative that
achieves the same or comparable benefits with less harm or
risk
 Informed Consent - Those affected by the technology should
understand and accept the risks
 Justice
 The benefits and burdens of the technology should be
distributed fairly
 Those who benefit should bear their fair share of the risks,
and those who do not benefit should not suffer a significant
increase in risk
 Minimized Risk - Even if judged acceptable by the other three
guidelines, the technology must be implemented so as to
avoid all unnecessary risk
Chapter 13 Security and Ethical Challenges 10
AITP Standards of Professional
Conduct

Chapter 13 Security and Ethical Challenges 11

Responsible Professional
Guidelines
 A responsible professional
 Acts with integrity
 Increases personal competence
 Sets high standards of personal performance
 Accepts responsibility for his/her work
 Advances the health, privacy, and general
welfare of the public

Chapter 13 Security and Ethical Challenges 12

Business IT security Ethics
 Computer crime
 Privacy
 Working Conditions
 Individual
 Employment
 Heath

Chapter 13 Security and Ethical Challenges 13

Computer Crime
 Computer crime includes & is defined by AITP as
 Unauthorized use, access, modification, or
destruction of hardware, software, data, or
network resources
 The unauthorized release of information
 The unauthorized copying of software
 Denying an end user access to his/her own
hardware, software, data, or network resources
 Using or conspiring to use computer or
network resources illegally to obtain
information or tangible property
Chapter 13 Security and Ethical Challenges 14
Computer Crimes
Cyber Theft Unauthorised
use at work

Hacking Forms of Piracy

computer
Crime

Computer Computer
Worm Virus

Chapter 13 Security and Ethical Challenges 15

Unauthorized Use at Work
 Unauthorized use of computer systems and
networks is time and resource theft
 Doing private consulting
 Doing personal finances
 Playing video games
 Unauthorized use of the Internet or company
networks
 Sniffers – A network monitoring software
 Used to monitor network traffic or capacity
 Find evidence of improper use

Chapter 13 Security and Ethical Challenges 16

 . Network monitoring software called sniffers is
frequently used to monitor network traffic to
evaluate network capacity
 e.g. Newyork times fired 23 workers because of
distributing racist jokes on company’s email
system
 xerox fired 40 employees for spending eight
hours a day on pornography sites

Chapter 13 Security and Ethical Challenges 17

Internet Abuses in the Workplace
 General email abuses
 Unauthorized usage and access
 Copyright infringement/plagiarism
 Newsgroup postings
 Transmission of confidential data
 Pornography
 Hacking
 Non-work-related download/upload
 Leisure use of the Internet
 Use of external ISPs
 Moonlighting-using org resources for private
benefit
Chapter 13 Security and Ethical Challenges 18
Hacking
 Hacking is
 The obsessive use of computers
 The unauthorized access and use of networked
computer systems
 Electronic Breaking and Entering
 Hacking into a computer system and reading
files, but neither stealing nor damaging anything
 Cracker
 A malicious or criminal hacker who maintains
knowledge of the vulnerabilities found for
private advantage
Chapter 13 Security and Ethical Challenges 19
Common Hacking Tactics
 Denial of Service
 Hammering a website’s equipment with too many requests for
information
 Clogging the system, slowing performance, or crashing the site
 Scans
 Widespread probes of the Internet to determine types of computers,
services, and connections
 Small programs that scan the network and try to find the user with less
security and hence target the data
 Sniffer
 Programs that search individual packets of data as they pass through
the Internet
 Capturing passwords or entire contents
 Trojan House
 A program that, unknown to the user, contains instructions that exploit a
known vulnerability in some software

Chapter 13 Security and Ethical Challenges 20

Common Hacking Tactics
 Malicious Applets
 Tiny Java programs that misuse your computer’s resources,
modify files on the hard disk, send fake email, or steal
passwords
 War Dialing
 Programs that automatically dial thousands of telephone
numbers in search of a way in through a modem connection
 Password Crackers
 Software that can guess passwords

Chapter 13 Security and Ethical Challenges 21

Types of Hacker
 White Hat Hackers- Hacking for the non malicious
activity, for instance testing the system’s security, with
contractual agreement.
 Black Hat Hackers- Violate the security beyound the
personal gain.
 Grey Hat Hackers- They hack the system to make the
administrator know that their system can be hacked and
they would offer to repair for small fee.
 Blue Hat Hackers- the outside hackers whose services
are been used prior to system launch to check the
redundancy of the system.
 Script Kiddie Hackers – These are the non expert hacker
who use pre- packaged hacking tools usually with little
understanding of hacking tools.
22
 Cyber Theft
 Many computer crimes involve the theft of
money
 The majority are “inside jobs” that involve
unauthorized network entry and alternation of
computer databases to cover the tracks of the
employees involved
 Many attacks occur through the Internet
 Most companies don’t reveal that they have
been targets or victims of cybercrime
 First russian hacker vladimir levin . $11 million
by gatecrashing citibank mainframe
Chapter 13 Security and Ethical Challenges 23
Piracy
1. Software Piracy

2. Piracy of Intellectual Property

A third of the software

industry’s revenues are
lost to piracy

Chapter 13 Security and Ethical Challenges 24

Software Piracy
 Unauthorized copying of computer programs
 Other method is to go for shareware which is
public domain software.
 60 percent of Indian use pirated software.
 But pirated software's are always vulnerable to
external attacks. This risk is increasing as more
and more personal equipments are used (smart
phones) for office work.

Chapter 13 Security and Ethical Challenges 25

Types of software piracy
1. Creating copy and selling it
2. Creating copy and giving it to some one
3. Creating copy to serve as a back up
4. Soft lifting- buying a single software and
loading on several computers.
5. Unrestricted client access
6. Buying the original software- bought the right to
use the software not to further sell to others.
7. Renting original software
8. OEM Infringement –OEM( Original equipment
manufacturing)

26
Piracy of Intellectual Property
 Intellectual Property
 Copyrighted material-
 Includes such things as music, videos,
images, articles, books, and software.
 Patent- Made to protect the mechanical
Invention.

 Trade Secret- Some formula, Process, Design

or commercial method info. Not given to other
to maintain competitive advantage.

Chapter 13 Security and Ethical Challenges 27

Viruses and Worms
 A virus is a program that cannot work without being
inserted into another program.
 Virus are also call parasitic programs.
 Benign are the harmless virus. There purpose is just to
annoy.
 These programs copy annoying or destructive routines
into networked computers
 Copy routines spread the virus
 Commonly transmitted through
 The Internet and online services
 Email and file attachments
 Disks from contaminated computers
 Shareware-software that is available for free charge
28
Types of Virus
 Macro Virus – They are written in the language
of the application and OS therefore can when
application is run it allows the virus to spread
among the OS.
 Network Virus- It spreads in the LAN and
multiply through shared resources.
 Logic Bombs- Virus that get activated when
certain condition is met , for instance clicking.
 Boot sector Virus – Hidden in the boot sector,
does not harm the file but the hard drives.
 Multipartite Viruses – It spread through infected
media and hide in the memory.
29
Virus Problems Virus Prevention
 Loss of productivity  Legislation
 Screen msg & Lockup  Awareness of user
 Unreliable application’  Use of anti virus
 Loss of user confidence  Use of a scanner
 Corrupted file  Check summers
 Loss of data
 System crash

Chapter 13 Security and Ethical Challenges 30

Types of Worms
 Email Worms- Spread via email in the form of
attachment or link on the email.
 Instant Messaging worm –
 Internet worm – Scan the network for using local
operating system for vulnerable machine.
 IRC worm(Internet Relay chat) – It spreads via
URL or infected file which the user need to save
and run in the system to function.
 File sharing network worms- Copies in to a
shared folder most likely located on a local
machine. The worm will save itself under a
harmless name and multiplies when shared.
Chapter 13 Security and Ethical Challenges 31
Virus
 It’s a program code that
cannot work without
being inserted in to
another program.
 It can spread itself from
one file to another file
with in the same
computer.
 It always corrupt or
modify file on a target
computer.
 Effect: Corrupt files, lost data,
system crash, loss of productivity
Chapter 13 Security and Ethical Challenges
Worm
 It’s a program that can
self propagate, rely less
on human behaviour over
spreading.
 It is designed to copy
itself from one computer
to another in a network.
 It cause atleast some
harm to the network,
even if only consuming
bandwidth.
 Effects: Destroy crucial file in the
system, Slowing down computer
performance in large degree,
Causing some crucial program
from stop working. 32
Adware and Spyware
 Adware
 Software that purports to serve a useful
purpose, and often does
 Allows advertisers to display pop-up and
banner ads without the consent of the
computer users
 Spyware
 Adware that uses an Internet connection in
the background, without the user’s permission
or knowledge
 Captures information about the user and
sends it over the Internet
Chapter 13 Security and Ethical Challenges 33
Spyware Problems
 Spyware can steal private information and also
 Add advertising links to Web pages
 Redirect affiliate payments
 Change a users home page and search settings
 Make a modem randomly call premium-rate
phone numbers
 Leave security holes that let Trojans in
 Degrade system performance
 Removal programs are often not completely
successful in eliminating spyware

Chapter 13 Security and Ethical Challenges 34

Privacy Issues
 The power of information technology to store
and retrieve information can have a negative
effect on every individual’s right to privacy
 Personal information is collected with every
visit to a Web site
 Confidential information stored by credit
bureaus, credit card companies, and the
government has been stolen or misused

Chapter 13 Security and Ethical Challenges 35

 Confidentail emails of employees are monitored by many
companies. Many websites contain personal information
of individuals. This may be sold, stolen and misused.
 Everytime you are online, for whatever purpose you are
vulnerable to data collected about you without your
knowledge. WWW is notorious for making you feel as
no one is observing you. Wherein the reality is that you
are highly visible.
 E.g. information about internet user is captured
legitimately. The moment he visits a website or
newsgroup ‘cookie file’ is created on your hard disk. This
information is captured and sold to other parties


Chapter 13 Security and Ethical Challenges 36

Privacy Issues
 Violation of Privacy
 Accessing individuals’ private email conversations and
computer records
 Collecting and sharing information about individuals gained
from their visits to Internet websites
 Computer Monitoring
 Always knowing where a person is
 Mobile and paging services are becoming more closely
associated with people than with places
 Computer Matching
 Using personal information of individual gained from many
sources to market additional business services .
 Unauthorized Access of Personal Files
 Collecting telephone numbers, email addresses, credit card
numbers, and other information to build customer profiles
Chapter 13 Security and Ethical Challenges 37
Identity Theft- Stealing someone’s personal information and using it
fraudulently

 Phishing- Fake website which actually looks like

legitimate website and ask for confidential
details eg: SBI look alike website.
 Evil Twin- The look alike of public wifi network
but actually are bogus network. Eg: Non
password protected free wifi network available to
public place.
 Pharrming- It redirects to the bogus website
even though the use types in the correct website
address.(Fraudulent access to internet protocol
usage)
Chapter 13 Security and Ethical Challenges 38
Risk of privacy Via Internet
 Cookies-
 It is a small piece of data sent from a website and stored on the
user's computer by the user's web browser while the user is
browsing.
 Some times they are used for tacking purpose
 Internet service providers(ISPs)
 All the data to and fro from the customer must pass through ISP.
 ISP is generally prevented from participating in such activities
due to legal, ethical, business or technical issues.
 Data logging
 Recording of all data generated by a device (such as a lab
instrument), or the data passing through a particular point in a
networked computer system.
 This may include recording the number of times computer is in
use and which website is commonly visited.

Chapter 13 Security and Ethical Challenges 39

Protecting Your Privacy on the
Internet
 There are multiple ways to protect your privacy
 Encrypt email
 Send newsgroup postings through
anonymous remailers
 Ask your ISP not to sell your name and
information to mailing list providers and
other marketers
 Don’t reveal personal data and interests on
online service and website user profiles

Chapter 13 Security and Ethical Challenges 40

Cloud Computing
 Cloud: a metaphor for internet
 Computing :designing, developing and building
hardware and software systems
 Cloud computing:
 Storing data or application on a remote server
 Processing data or application on a remote
server
 Accessing data or application via internet.
 The idea of Cloud computing is reusability of the
IT capabilities.
 Cloud computing is use of remote of internet to
store, manage, process data rather than a local
server or your own PC.
Characteristics of Cloud Computing
 On demand self service
 Ubiquitous network access
 Location independent resource pooling
 Rapid elasticity
 Measured service

Chapter 13 Security and Ethical Challenges 43

Models of cloud computing
Cloud computing

Service Model Deployment Model

-Iaas -Public Cloud
-Paas -Private Cloud
-Saas -Hybrid Cloud

Chapter 13 Security and Ethical Challenges 44

Service Models

Chapter 13 Security and Ethical Challenges 45

Different Cloud service providers

Chapter 13 Security and Ethical Challenges 46

Cloud Computing
Pros Cons
 Reduces IT cost  Worry of security Risk
 Easy access  Its considered as outside
 Flexible Network vendor which work for
 No maintenance cost other companies as well
involved  Fear of cloud malfunction

Chapter 13 Security and Ethical Challenges 47

Mobile Computing
 Mobile Computing is a technology that allows
transmission of data, voice & video via a
computer or any wireless device without having
to be connected to a fixed location.
 Also Called Human Computer Interaction.

 This concept involves:

 Mobile communication
 Mobile hardware
 Mobile software

Chapter 13 Security and Ethical Challenges 48

E -Commerce
 Electronic commerce is purchasing, selling, and
exchange of goods and service over the
computer network(such as internet).
 E commerce is broken in to 4 category:
 B2B
 B2C
 C2C
 C2B
 B2G
 C2G
 G2C
 G2C
Chapter 13 Security and Ethical Challenges 49
M-Commerce

Chapter 13 Security and Ethical Challenges 50

Chapter 13 Security and Ethical Challenges 51
 The HAPIfork is
an electronic fork
that helps you
monitor and track
your eating
habits. It also
alerts you with
the help of
indicator lights
and gentle
vibrations when
you are eating too
fast.
Chapter 13 Security and Ethical Challenges 52
 SMART TOOTH BRUSH
Checks regularity
Monitor brushing
Track forgotten tooth

Chapter 13 Security and Ethical Challenges 53

Smart Egg Tray: Egg tray syncs with your smart
phone to tell you how many eggs you have got at home.(upto 14 eggs )
and when they are getting bad.

Chapter 13 Security and Ethical Challenges 54

Glucose Monitoring : A cellular-powered
glucose meter transmits each test result to a secure server and
provides instant feedback and coaching to patients. This equips
doctors, nurses, diabetes educators with real-time clinical data.

Chapter 13 Security and Ethical Challenges 55

Internet Of Things (IOT)
 The interconnection via the internet of
computing devices embedded in everyday
objects, enabling them send and receive data.

 IOT is the network of devices, vehicles, and

home appliances that contain electronics,
software, actuators, and connectivity which
allows these things to connect , interact and
exchange data.
 IOT is also called industrial Internet.

Chapter 13 Security and Ethical Challenges 56

 The gathered data and send the data over the
internet for analysis. The data might signal the
need to take action, such as :
 Replacing the part which is close to wear out.
 Restocking the product on the store self.
 Starting the watering system for the field.
 Slowing down of turbine.

Chapter 13 Security and Ethical Challenges 57

Features of IOT
 Connect – Connect all the necessary daily object around
you to IOT platform.
 Device Virtualization
 High Speed messaging
 End point management
 Analyse – Analyse the data collected & use it to build
business intelligence solution.
 Stream Processing
 Data Enrichment
 Event Store
 Integrate – Integrate various models to improve user
experience.
 Enterprise connectivity
 Rest API’s
 Command & Control
58