Course Code Course Title Credit Hours

COMP-1111 Introduction to Information Technology 3(3+0)

Unit-5 Computer Security, Safety, Ethics and Privacy

 Computer Security Risks:

Today, people rely on technology to create, store, and manage their critical information.
Thus, it is important that computers and mobile devices, along with the data and programs they
store, are access available when needed. It also is important that users take measures to protect
or safeguard their computers, mobile devices, data, and programs from loss, damage, and
misuse. For example, organizations must ensure that sensitive data and information, such as
credit records, employee and customer data, and purchase information, is secure. Home users
must ensure that their credit card numbers are secure when they make online purchases.
A digital security risk is any event or action that could cause a loss of or damage to computer
or mobile device hardware, software, data, information, or processing capability. The more
common digital security risks include Internet and network attacks, unauthorized access and use,
hardware theft, software theft, information theft, and system failure. While some cracks to
digital security are accidental, many are planned. Some frauds do not disturb a computer or
device’s functionality; they only access data, information, or programs on the computer or mobile
device before signing out. Other frauds indicate some evidence of their presence either by
leaving a message or damaging data.
 Types of Computer Security Risks:
There are different types of security risks.
1. Computer Crime:
A planned crack to digital security often involves a measured act that is against the law. Any
illegal act involving the use of a computer or related devices generally is referred to as a computer
crime.
2. Hacker:
The term hacker, although originally a complimentary word for a computer supporter, now
has a critical meaning and refers to someone who accesses a computer or network illegally. Some
hackers claim the resolved of their security gaps is to improve security.
3. Cracker:
A cracker also is someone who accesses a computer or network illegally but has the intent of
destroying data, stealing information, or other action. Both hackers and crackers have advanced
computer and network skills.
4. Script Kiddie:
A script kiddie has the same intent as a cracker but does not have the technical skills and
knowledge. Script kiddies often use prewritten hacking and cracking programs to break into
computers and networks.
5. Corporate Secret Agent:
Some corporate secret agent has excellent computer and networking skills and are hired to
break into a specific computer and steal its registered data and information, or to help identify
security risks in their own organization.
6. Unethical Employees:
Unethical employees may break into their employers’ computers for a variety of reasons.
Some simply want to achievement a security weakness. Others seek financial gains from selling
confidential information.
 Information-Gathering Attacks:
Information-gathering is the practice of attacker gaining priceless details about targets. Systems
including computers, servers, and including communication links and inter networking devices,
are scanned, and explored for information like whether the target system is up and running,
details regarding the operating system and its version, etc.
1. Password Attacks:
The simplest way to achieve control of a system, or any user account, is through a password
attack. If the personal and behavioral details of the victim are known, the attacker starts with
guessing password.
2. Virus:
Computer viruses are the most common threat to the computer users. Computer viruses are
software designed to blow out from one computer to another through file transfer and e-mails.
Viruses effect the system security by changing the settings, accessing confidential data, displaying
unwanted advertisements, sending spam to contacts, and taking control of the web browser.
3. Spyware:
Spyware is software with common property of collecting personal information of users
without their knowledge. Spyware gets installed on a computer and gathers information about
the user’s online activities without their knowledge. Spyware contains record everything typed
on the keyboard, making it unsafe due to the high threat of identity attack.
4. Website Attacks:
Websites attacks are targeting browser components that are at risk of browser is repaired.
SQL injection attacks are intended to target any website or web application that uses an SQL
database such as MySQL, Oracle, etc. by taking advantage of the security flaws in the application’s
software. This attack is used to obtain and corrupt user’s sensitive data.
5. Mobile Phone Threats:
Mobile phone devices attack tools freely available on the Internet, and misusing these
problems makes the attacks too common and simple.
6. Wi-Fi Dropping:
Wi-Fi dropping is an attack used by network attackers to grab sensitive information of a target
system. It is the act of silently listening on an untranslated Wi-Fi network.
7. Insider Attacks:
One of the dominant all-time computer security threats faced by any organization is from its
own employees. Insider attacks are initiated by unhappy employees of an organization. Insider
usually has data as well as rights on the systems and networks that they attack, giving them an
advantage over external attackers.
8. Spam:
Spams are unwanted bulk e-mail messages that upset the user with unwanted and junk mails.
It gives burden for communications service providers, organizations and individuals alike. Spam
is considered an active vehicle for virus fraud and is a threat to computer privacy.
9. Cyber Crimes:
The term cybercrime refers to online or Internet-based illegal acts such as distributing
software or committing identity theft. Software used by cyber criminals sometimes is called crime
ware. Today, cybercrime is one of the Pakistan FIA’s top priorities.
 Ethics and Society:
As with any powerful technology, computers and mobile devices can be used for both good
and bad targets. The standards that determine whether an action is good or bad are known as
ethics.
 Technology Ethics:
Technology ethics are the moral guidelines that govern the use of computers, mobile devices,
information systems, and related technologies. Frequently discussed areas of computer ethics
are unauthorized use of computers, mobile devices, and networks; software theft (piracy);
information accuracy; property rights and information privacy.
 Information Accuracy:
Information accuracy is a concern today because many users access information maintained
by other people or companies, such as on the Internet. Do not assume that the information is on
the web that it is correct. In addition to concerns about the accuracy of computer input, some
individuals and organizations raise questions about the ethics of using computers to correct
output, primarily graphic output.
 Codes of Conduct:
A code of conduct is a written guideline that helps determine whether a specification is
ethical/ unethical or allowed/not allowed. An IT code of conduct focuses on acceptable use of
technology. Employers and schools often specify standards for the ethical use of technology in
an IT code of conduct and then distribute these standards to employees and students.
Sample IT Code of Conduct:
1. Technology may not be used to harm other people.
2. Employees may not interfere in others’ files.
3. Employees may use technology only for purposes in which they have been authorized.
4. Technology may not be used to steal.
5. Technology may not be used to bear false witness.
6. Employees may not copy or use software illegally.
7. Employees may not use others’ technology resources without authorization.
8. Employees may not use others’ property as their own.
9. Employees shall consider the social impact of programs and systems they design.
10. Employees always should use technology in a way that respect for fellow humans.