Ethics and Security in a Digital World

Security and Ethics in a Digital World
Module 4 Week 10
INFOSYS 110 Digital Systems
Module 4:
Be Prepared for a Rapidly Changing Future
Week10 Week11 Week12
Security and Ethics in a Cloud Computing and the Rise of the Robots –
Digital World Internet of Things Artificial Intelligence
Learning outcomes:
• By the end of this session you should be able to:
• Apply an ethical problem solving framework
• Categorise and identify different types of security threats
• Define risk and different ways in which an organisation might deal
with a specific risk
• Be able to implement good authentication practices
Agenda:
Ethics and Corporate Social Responsibility
Security Threats
Security Controls
Security Threats
Security Controls
Ethics
What are ethics?
• Standards of right and wrong.
• Study and development of ethical standards.
http://www.scu.edu/ethics/practicing/decision/whatisethics.html
Where do our ethics come from?

Why should we consider ethical issues?
The Facebook Fairy
“The age of PRIVACY is over.”
Mark Zuckerberg
Exercise: Google knows all
1. How does Google get the right to

right to your information?
2. Who are Google’s customers?
https://www.youtube.com/watch?v=R7yfV6RzE30
3. What is Google’s product?

Ethical Frameworks
• Utilitarian approach
• Do the most good/least harm
• Rights approach
• Best respect the rights of stakeholders
• Fairness approach
• Treat people equally
• Common good approach
• Best serve the overall community
Ethical Frameworks
Recognise
the issue
Get the facts
Evaluate
alternatives
Make a
choice
Reflect on
your decision
Corporate Social Responsibility:
Corporate Social Responsibility is about how a

business monitors and ensures its active compliance
with the law, ethical standards, and international norms.
CSR can go beyond compliance and result in activities

designed to make the world a better place, often beyond
the immediate interests of the business.
McWilliams, Abagail; Siegel, Donald (2001). "Corporate social responsibility: A theory of the firm perspective". Academy of Management Review 26: 117–127
The Pyramid of Corporate Social Responsibility:
Be a good corporate citizen

Philanthropic
Responsibilities Contribute resources to the community.
Make the world a better place.
Be ethical
Ethical Responsibilities Do what is just, right and fair.
Avoid harm.
Obey the law

Legal Responsibilities
Play by the rules of the game.
Economic Responsibilities
Be profitable
The foundation upon which all others rest.
The Pyramid of Corporate Social Responsibility: Toward the Moral Management of Organizational Stakeholders. Carroll, Archie B. Business Horizons; Jul/Aug91, Vol. 34 Issue 4, p39-48
Exercise: Spark and CSR
1. At what level of the CSR
pyramid does Spark operate?
2. What advantages does it get

from doing this?
3. What disadvantages are

associated with this?
http://www.sparknz.co.nz/sustainability/
Security Threats
Security Controls
What are some threats to a business?
http://www.youtube.com/watch?v=Y6tbUNjL0No
Information Security
The protection of information systems from
accidental or intentional misuse by persons
inside or outside an organisation.
The information needs to be protected from both

physical and digital threats.
Natural disasters
(floods, storms,
Internet earthquakes)
(virus
Human-made disasters
es, w
Malw s, etc.)
Den
Fire
Un user
ial o
orm
are
Power outages
au
(ha
Other accidents
tho s
f ser
cke
rise
vice
rs)
d
OUTSIDE
THREATS
INSIDE THREATS
EMPLOYEES OTHER INSIDERS HARDWARE THREATS
Operators Application programmers Consultants, contract labour, Terminals

cleaners
•Duplication of confidential •Programming of •Located in nonsecure
reports applications to function •Unauthorised access environment
•Initialising non-secure contrary to specifications •Theft
system •Copying PCS
•Theft of confidential material Systems programmer
•Fraudulent identification
•Bypassing security •Illegal leakage of authorised
Users mechanisms information
•Disabling security Systems software •Viruses, worms and other
•Data entry errors mechanisms malware
•Weak passwords •Installing non-secure •Failure of protection •Physical theft
•Lack of training systems mechanisms
•Information leakage Databases
•Installed unauthorised
software •Unauthorised access
•Copying
•Theft
Threats: Hackers
People very knowledgeable about
computers who use their knowledge
to invade other people’s computers
• White-hat hacker
• Black-hat hacker
Threats: Viruses
Virus: Software written with malicious intent to cause
annoyance or damage
• Denial-of-service attack (DoS)
• Trojan-horse virus
• Backdoor programs
• Polymorphic virus
http://vimeo.com/25118844
Threats: Social Engineering
Using one’s social skills to trick people into revealing access
credentials or other information valuable to the attacker
Threats: Phishing
Phishing : a technique to gain personal information for
the purpose of identity theft, usually by means of
fraudulent email
IS system attack process
Conduct
Attempt Social Scan & Map Execute
Recon- Cover Tracks
Engineering Target Attack
naissance
Security Threats
Security Controls
Develop an Information Security Plan
• Develop policies
• Communicate the policies
• Identify critical information
assets and risks
• Test and re-evaluate risks
• Obtain stakeholder support
What is Risk?
An incident or occurrence emanating from internal or external
sources that affects implementation of strategy or achievement of
objectives.
Positive or negative impacts (or both)
(http://www.coso.org/documents/coso_erm_executivesummary.pdf)
Risk Management Responses
• Mitigate:
– Implement effective internal controls
Mitigate Accept • Accept:
– Do nothing, accept likelihood of risk
• Transfer:
– Buy insurance, outsource
Transfer Avoid • Avoid:
– Do not engage in activity that produces
risk
Risk Management Responses
• Mitigate:
• Accept:
• Transfer:
• Avoid:
Types of controls
Physical Communications Access
Walls, doors,
locks Firewalls Authentication
Alarms,
motion Anti-virus Authorisation
detectors
Security
guards VPN Encryption
C.I.A. of Information Security
Confidentiality
Availability Integrity
Authentication
Something
the User
knows
Something
Something
that is
the User
part of the
has
User
http://www.datagenetics.com/blog/september32012/
Module 4:
Be Prepared for a Rapidly Changing Future
Week10 Week11 Week12
Security and Ethics in a Cloud Computing and the Rise of the Robots –
Digital World Internet of Things Artificial Intelligence

Ethics and Security in a Digital World

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ethics and Security in a Digital World

Uploaded by

Copyright:

Available Formats

Security and Ethics in a Digital World

Ethics and Corporate Social Responsibility

Where do our ethics come from?

1. How does Google get the right to

2. Who are Google’s customers?

3. What is Google’s product?

Get the facts

Corporate Social Responsibility is about how a

CSR can go beyond compliance and result in activities

Be a good corporate citizen

Obey the law

2. What advantages does it get

3. What disadvantages are

The information needs to be protected from both

EMPLOYEES OTHER INSIDERS HARDWARE THREATS

Operators Application programmers Consultants, contract labour, Terminals

Positive or negative impacts (or both)

You might also like