Chapter 11 Security and

Ethical Challenges
IT Security, Ethics, and Society
 IT has both beneficial
and detrimental effects
on society and people
 Manage work
activities to minimize
the detrimental
effects of IT
 Optimize the
beneficial effects

2
Business Ethics
 Ethics questions that managers confront as part
of their daily business decision making include:
 Equity
 Rights
 Honesty
 Exercise of corporate power

3
Categories of Ethical Business
Issues

4
Corporate Social Responsibility
Theories
 Stockholder Theory
 Managers are agents of the stockholders
 Their only ethical responsibility is to increase the profits of
the business without violating the law or engaging in
fraudulent practices
 Social Contract Theory
 Companies have ethical responsibilities to all members of
society, who allow corporations to exist
 Stakeholder Theory
 Managers have an ethical responsibility to manage a firm
for the benefit of all its stakeholders
 Stakeholders are all individuals and groups that have a
stake in, or claim on, a company
5
Principles of Technology Ethics
 Proportionality - The good achieved by the technology must
outweigh the harm or risk; there must be no alternative that
achieves the same or comparable benefits with less harm or
risk
 Informed Consent - Those affected by the technology should
understand and accept the risks
 Justice
 The benefits and burdens of the technology should be
distributed fairly
 Those who benefit should bear their fair share of the risks,
and those who do not benefit should not suffer a significant
increase in risk
 Minimized Risk - Even if judged acceptable by the other three
guidelines, the technology must be implemented so as to avoid
all unnecessary risk
6
Responsible Professional
Guidelines
 A responsible professional
 Acts with integrity
 Increases personal competence
 Sets high standards of personal performance
 Accepts responsibility for his/her work
 Advances the health, privacy, and general
welfare of the public

7
Computer Crime
 Computer crime includes
 Unauthorized use, access, modification, or
destruction of hardware, software, data, or
network resources
 The unauthorized release of information
 The unauthorized copying of software
 Denying an end user access to his/her own
hardware, software, data, or network resources
 Using or conspiring to use computer or
network resources illegally to obtain
information or tangible property

8
Cybercrime Protection Measures

9
Hacking
 Hacking is
 The obsessive use of computers
 The unauthorized access and use of networked
computer systems
 Electronic Breaking and Entering
 Hacking into a computer system and reading
files, but neither stealing nor damaging anything
 Cracker
 A malicious or criminal hacker who maintains
knowledge of the vulnerabilities found for private
advantage
10
Common Hacking Tactics
 Denial of Service
 Hammering a website’s equipment with too many requests for
information
 Clogging the system, slowing performance, or crashing the site
 Scans
 Widespread probes of the Internet to determine types of
computers, services, and connections
 Looking for weaknesses
 Sniffer
 Programs that search individual packets of data as they pass
through the Internet
 Capturing passwords or entire contents
 Spoofing
 Faking an e-mail address or Web page to trick users into
passing along critical information like passwords or credit card
numbers
11
Common Hacking Tactics
 Trojan House
 A program that, unknown to the user, contains instructions that
exploit a known vulnerability in some software
 Back Doors
 A hidden point of entry to be used in case the original entry
point is detected or blocked
 Malicious Applets
 Tiny Java programs that misuse your computer’s resources,
modify files on the hard disk, send fake email, or steal
passwords
 War Dialing
 Programs that automatically dial thousands of telephone
numbers in search of a way in through a modem connection
 Logic Bombs
 An instruction in a computer program that triggers a malicious
act

12
Common Hacking Tactics
 Buffer Overflow
 Crashing or gaining control of a computer by sending too much
data to buffer memory
 Password Crackers
 Software that can guess passwords
 Social Engineering
 Gaining access to computer systems by talking unsuspecting
company employees out of valuable information, such as
passwords
 Dumpster Diving
 Sifting through a company’s garbage to find information to help
break into their computers

13
Cyber Theft
 Many computer crimes involve the theft of
money
 The majority are “inside jobs” that involve
unauthorized network entry and alternation of
computer databases to cover the tracks of the
employees involved
 Many attacks occur through the Internet
 Most companies don’t reveal that they have
been targets or victims of cybercrime

14
Unauthorized Use at Work
 Unauthorized use of computer systems and
networks is time and resource theft
 Doing private consulting
 Doing personal finances
 Playing video games
 Unauthorized use of the Internet or company
networks
 Sniffers
 Used to monitor network traffic or capacity
 Find evidence of improper use

15
Internet Abuses in the Workplace
 General email abuses
 Unauthorized usage and access
 Copyright infringement/plagiarism
 Newsgroup postings
 Transmission of confidential data
 Pornography
 Hacking
 Non-work-related download/upload
 Leisure use of the Internet
 Use of external ISPs
 Moonlighting
16
Software Piracy
 Software Piracy
 Unauthorized copying of computer programs
 Licensing
 Purchasing software is really a payment
for a license for fair use
 Site license allows a certain number of copies

17
Theft of Intellectual Property
 Intellectual Property
 Copyrighted material
 Includes such things as music, videos,
images, articles, books, and software
 Copyright Infringement is Illegal
 Peer-to-peer networking techniques have
made it easy to trade pirated intellectual
property
 Publishers Offer Inexpensive Online Music
 Illegal downloading of music and video is
down and continues to drop
18
Viruses and Worms
 A virus is a program that cannot work without
being inserted into another program
 A worm can run unaided
 These programs copy annoying or destructive
routines into networked computers
 Copy routines spread the virus
 Commonly transmitted through
 The Internet and online services
 Email and file attachments
 Disks from contaminated computers
 Shareware

19
Top Five Virus Families of all Time
 My Doom, 2004
 Spread via email and over Kazaa file-sharing network
 Installs a back door on infected computers
 Infected email poses as returned message or one that can’t be
opened correctly, urging recipient to click on attachment
 Opens up TCP ports that stay open even after termination of the
worm
 Upon execution, a copy of Notepad is opened, filled with
nonsense characters
 Netsky, 2004
 Mass-mailing worm that spreads by emailing itself to all email
addresses found on infected computers
 Tries to spread via peer-to-peer file sharing by copying itself into
the shared folder
 It renames itself to pose as one of 26 other common files along
the way
20
Top Five Virus Families of all Time
 SoBig, 2004
 Mass-mailing email worm that arrives as
an attachment
 Examples: Movie_0074.mpg.pif, Document003.pif
 Scans all .WAB, .WBX, .HTML, .EML, and .TXT files looking for
email addresses to which it can send itself
 Also attempts to download updates for itself
 Klez, 2002
 A mass-mailing email worm that arrives with a randomly named
attachment
 Exploits a known vulnerability in MS Outlook to auto-execute on
unpatched clients
 Tries to disable virus scanners and then copy itself to all local
and networked drives with a random file name
 Deletes all files on the infected machine and any mapped
network drives on the 13th of all even-numbered months
21
Top Five Virus Families of all Time
 Sasser, 2004
 Exploits a Microsoft vulnerability to spread from computer to
computer with no user intervention
 Spawns multiple threads that scan local subnets for
vulnerabilities

22
The Cost of Viruses, Trojans,
Worms
 Cost of the top five virus families
 Nearly 115 million computers in 200 countries
were infected in 2004
 Up to 11 million computers are believed to
be permanently infected
 In 2004, total economic damage from virus
proliferation was $166 to $202 billion
 Average damage per computer is between
$277 and $366

23
Adware and Spyware
 Adware
 Software that purports to serve a useful
purpose, and often does
 Allows advertisers to display pop-up and
banner ads without the consent of the
computer users
 Spyware
 Adware that uses an Internet connection in the
background, without the user’s permission
or knowledge
 Captures information about the user and sends
it over the Internet
24
Spyware Problems
 Spyware can steal private information and also
 Add advertising links to Web pages
 Redirect affiliate payments
 Change a users home page and search settings
 Make a modem randomly call premium-rate
phone numbers
 Leave security holes that let Trojans in
 Degrade system performance
 Removal programs are often not completely
successful in eliminating spyware

25
Privacy Issues
 The power of information technology to store
and retrieve information can have a negative
effect on every individual’s right to privacy
 Personal information is collected with every
visit to a Web site(www)
 Confidential information stored by credit
bureaus, credit card companies, and the
government, has been stolen or misused

26
Opt-in Versus Opt-out
 Opt-In
 You explicitly consent to allow data to be
compiled about you
 This is the default in Europe
 Opt-Out
 Data can be compiled about you unless you
specifically request it not be
 This is the default in the U.S.

27
Privacy Issues
 Violation of Privacy
 Accessing individuals’ private email conversations and
computer records
 Collecting and sharing information about individuals gained
from their visits to Internet websites
 Computer Monitoring
 Always knowing where a person is
 Mobile and paging services are becoming more closely
associated with people than with places
 Computer Matching
 Using customer information gained from many sources to
market additional business services
 Unauthorized Access of Personal Files
 Collecting telephone numbers, email addresses, credit card
numbers, and other information to build customer profiles
28
Protecting Your Privacy on the
Internet
 There are multiple ways to protect your privacy
 Encrypt email
 Send newsgroup postings through
anonymous remailers
 Ask your ISP not to sell your name and
information to mailing list providers and
other marketers
 Don’t reveal personal data and interests on
online service and website user profiles

29
Privacy Laws
 Electronic Communications Privacy Act and Computer Fraud and
Abuse Act
 Prohibit intercepting data communications messages, stealing or
destroying data, or trespassing in federal-related computer
systems
 U.S. Computer Matching and Privacy Act
 Regulates the matching of data held in federal agency files to
verify eligibility for federal programs
 Other laws impacting privacy and how much a company spends on
compliance
 Sarbanes-Oxley
 Health Insurance Portability and Accountability Act (HIPAA)
 Gramm-Leach-Bliley
 USA Patriot Act
 California Security Breach Law

30