Professional Documents
Culture Documents
Ethical Challenges
IT Security, Ethics, and Society
IT has both beneficial
and detrimental effects
on society and people
Manage work
activities to minimize
the detrimental
effects of IT
Optimize the
beneficial effects
2
Business Ethics
Ethics questions that managers confront as part
of their daily business decision making include:
Equity
Rights
Honesty
Exercise of corporate power
3
Categories of Ethical Business
Issues
4
Corporate Social Responsibility
Theories
Stockholder Theory
Managers are agents of the stockholders
Their only ethical responsibility is to increase the profits of
the business without violating the law or engaging in
fraudulent practices
Social Contract Theory
Companies have ethical responsibilities to all members of
society, who allow corporations to exist
Stakeholder Theory
Managers have an ethical responsibility to manage a firm
for the benefit of all its stakeholders
Stakeholders are all individuals and groups that have a
stake in, or claim on, a company
5
Principles of Technology Ethics
Proportionality - The good achieved by the technology must
outweigh the harm or risk; there must be no alternative that
achieves the same or comparable benefits with less harm or
risk
Informed Consent - Those affected by the technology should
understand and accept the risks
Justice
The benefits and burdens of the technology should be
distributed fairly
Those who benefit should bear their fair share of the risks,
and those who do not benefit should not suffer a significant
increase in risk
Minimized Risk - Even if judged acceptable by the other three
guidelines, the technology must be implemented so as to avoid
all unnecessary risk
6
Responsible Professional
Guidelines
A responsible professional
Acts with integrity
Increases personal competence
Sets high standards of personal performance
Accepts responsibility for his/her work
Advances the health, privacy, and general
welfare of the public
7
Computer Crime
Computer crime includes
Unauthorized use, access, modification, or
destruction of hardware, software, data, or
network resources
The unauthorized release of information
The unauthorized copying of software
Denying an end user access to his/her own
hardware, software, data, or network resources
Using or conspiring to use computer or
network resources illegally to obtain
information or tangible property
8
Cybercrime Protection Measures
9
Hacking
Hacking is
The obsessive use of computers
The unauthorized access and use of networked
computer systems
Electronic Breaking and Entering
Hacking into a computer system and reading
files, but neither stealing nor damaging anything
Cracker
A malicious or criminal hacker who maintains
knowledge of the vulnerabilities found for private
advantage
10
Common Hacking Tactics
Denial of Service
Hammering a website’s equipment with too many requests for
information
Clogging the system, slowing performance, or crashing the site
Scans
Widespread probes of the Internet to determine types of
computers, services, and connections
Looking for weaknesses
Sniffer
Programs that search individual packets of data as they pass
through the Internet
Capturing passwords or entire contents
Spoofing
Faking an e-mail address or Web page to trick users into
passing along critical information like passwords or credit card
numbers
11
Common Hacking Tactics
Trojan House
A program that, unknown to the user, contains instructions that
exploit a known vulnerability in some software
Back Doors
A hidden point of entry to be used in case the original entry
point is detected or blocked
Malicious Applets
Tiny Java programs that misuse your computer’s resources,
modify files on the hard disk, send fake email, or steal
passwords
War Dialing
Programs that automatically dial thousands of telephone
numbers in search of a way in through a modem connection
Logic Bombs
An instruction in a computer program that triggers a malicious
act
12
Common Hacking Tactics
Buffer Overflow
Crashing or gaining control of a computer by sending too much
data to buffer memory
Password Crackers
Software that can guess passwords
Social Engineering
Gaining access to computer systems by talking unsuspecting
company employees out of valuable information, such as
passwords
Dumpster Diving
Sifting through a company’s garbage to find information to help
break into their computers
13
Cyber Theft
Many computer crimes involve the theft of
money
The majority are “inside jobs” that involve
unauthorized network entry and alternation of
computer databases to cover the tracks of the
employees involved
Many attacks occur through the Internet
Most companies don’t reveal that they have
been targets or victims of cybercrime
14
Unauthorized Use at Work
Unauthorized use of computer systems and
networks is time and resource theft
Doing private consulting
Doing personal finances
Playing video games
Unauthorized use of the Internet or company
networks
Sniffers
Used to monitor network traffic or capacity
Find evidence of improper use
15
Internet Abuses in the Workplace
General email abuses
Unauthorized usage and access
Copyright infringement/plagiarism
Newsgroup postings
Transmission of confidential data
Pornography
Hacking
Non-work-related download/upload
Leisure use of the Internet
Use of external ISPs
Moonlighting
16
Software Piracy
Software Piracy
Unauthorized copying of computer programs
Licensing
Purchasing software is really a payment
for a license for fair use
Site license allows a certain number of copies
17
Theft of Intellectual Property
Intellectual Property
Copyrighted material
Includes such things as music, videos,
images, articles, books, and software
Copyright Infringement is Illegal
Peer-to-peer networking techniques have
made it easy to trade pirated intellectual
property
Publishers Offer Inexpensive Online Music
Illegal downloading of music and video is
down and continues to drop
18
Viruses and Worms
A virus is a program that cannot work without
being inserted into another program
A worm can run unaided
These programs copy annoying or destructive
routines into networked computers
Copy routines spread the virus
Commonly transmitted through
The Internet and online services
Email and file attachments
Disks from contaminated computers
Shareware
19
Top Five Virus Families of all Time
My Doom, 2004
Spread via email and over Kazaa file-sharing network
Installs a back door on infected computers
Infected email poses as returned message or one that can’t be
opened correctly, urging recipient to click on attachment
Opens up TCP ports that stay open even after termination of the
worm
Upon execution, a copy of Notepad is opened, filled with
nonsense characters
Netsky, 2004
Mass-mailing worm that spreads by emailing itself to all email
addresses found on infected computers
Tries to spread via peer-to-peer file sharing by copying itself into
the shared folder
It renames itself to pose as one of 26 other common files along
the way
20
Top Five Virus Families of all Time
SoBig, 2004
Mass-mailing email worm that arrives as
an attachment
Examples: Movie_0074.mpg.pif, Document003.pif
Scans all .WAB, .WBX, .HTML, .EML, and .TXT files looking for
email addresses to which it can send itself
Also attempts to download updates for itself
Klez, 2002
A mass-mailing email worm that arrives with a randomly named
attachment
Exploits a known vulnerability in MS Outlook to auto-execute on
unpatched clients
Tries to disable virus scanners and then copy itself to all local
and networked drives with a random file name
Deletes all files on the infected machine and any mapped
network drives on the 13th of all even-numbered months
21
Top Five Virus Families of all Time
Sasser, 2004
Exploits a Microsoft vulnerability to spread from computer to
computer with no user intervention
Spawns multiple threads that scan local subnets for
vulnerabilities
22
The Cost of Viruses, Trojans,
Worms
Cost of the top five virus families
Nearly 115 million computers in 200 countries
were infected in 2004
Up to 11 million computers are believed to
be permanently infected
In 2004, total economic damage from virus
proliferation was $166 to $202 billion
Average damage per computer is between
$277 and $366
23
Adware and Spyware
Adware
Software that purports to serve a useful
purpose, and often does
Allows advertisers to display pop-up and
banner ads without the consent of the
computer users
Spyware
Adware that uses an Internet connection in the
background, without the user’s permission
or knowledge
Captures information about the user and sends
it over the Internet
24
Spyware Problems
Spyware can steal private information and also
Add advertising links to Web pages
Redirect affiliate payments
Change a users home page and search settings
Make a modem randomly call premium-rate
phone numbers
Leave security holes that let Trojans in
Degrade system performance
Removal programs are often not completely
successful in eliminating spyware
25
Privacy Issues
The power of information technology to store
and retrieve information can have a negative
effect on every individual’s right to privacy
Personal information is collected with every
visit to a Web site(www)
Confidential information stored by credit
bureaus, credit card companies, and the
government, has been stolen or misused
26
Opt-in Versus Opt-out
Opt-In
You explicitly consent to allow data to be
compiled about you
This is the default in Europe
Opt-Out
Data can be compiled about you unless you
specifically request it not be
This is the default in the U.S.
27
Privacy Issues
Violation of Privacy
Accessing individuals’ private email conversations and
computer records
Collecting and sharing information about individuals gained
from their visits to Internet websites
Computer Monitoring
Always knowing where a person is
Mobile and paging services are becoming more closely
associated with people than with places
Computer Matching
Using customer information gained from many sources to
market additional business services
Unauthorized Access of Personal Files
Collecting telephone numbers, email addresses, credit card
numbers, and other information to build customer profiles
28
Protecting Your Privacy on the
Internet
There are multiple ways to protect your privacy
Encrypt email
Send newsgroup postings through
anonymous remailers
Ask your ISP not to sell your name and
information to mailing list providers and
other marketers
Don’t reveal personal data and interests on
online service and website user profiles
29
Privacy Laws
Electronic Communications Privacy Act and Computer Fraud and
Abuse Act
Prohibit intercepting data communications messages, stealing or
destroying data, or trespassing in federal-related computer
systems
U.S. Computer Matching and Privacy Act
Regulates the matching of data held in federal agency files to
verify eligibility for federal programs
Other laws impacting privacy and how much a company spends on
compliance
Sarbanes-Oxley
Health Insurance Portability and Accountability Act (HIPAA)
Gramm-Leach-Bliley
USA Patriot Act
California Security Breach Law
30