Ethics and Security Management

8/9/2019 Ethics and Security Management

1/42

ABHILASHA VASRSHNEYABHILASHA VASRSHNEY

LECTURER , IT DEPARTMENTLECTURER , IT DEPARTMENT


2/42

y Identify ethical issues in how the use of informationtechnologies in business affectsy Employment

y

Individualityy Working Conditions

y Privacy

y Crime

y Health

y Solutions to societal problems

2GLA Group of Institutions


3/42

y Business Ethicsy Employee privacyy Security of company recordsy Workplace safety

y

Theories of Corporate Social Responsibilityy Stockholder Theoryy Social Contract Theoryy Stakeholder Theory

y Technology Ethicsy Proportionalityy Informed Consenty Justicey Minimized Risk



4/42

y Identify and describe clearly the facts

y Define the conflict or dilemma

y Identify the stakeholder

y Identify the options that you can reasonably take

y Identify the potential consequences for your options



5/42

y Golden Rule

y Immanuel Kants Categorical Imperative

y Utilitarian Principle

y Descartes' Rule of change

y Risk Aversion Principle

y No free lunch



6/42

y INFORMATION RIGHTS

y

PROPERTY RIGHTSy ACCOUTABILTY AND CONTROL

y SYSTEM QUALITY

y QUALITY OF LIFE



7/42

y PRIVACY:

The claim of individuals to be left alone , free from

surveillance or interference from other individuals,organizations, or the state.

y FAIR INFORMATION PRACTICES:y Set of principle originally set forth in 1973 that governs

the collection and use of information about individualsy Based on the notion of a mutuality of interest between

the record holder and the individual.


8/42

y Freedom of Information Act, 1966

y Privacy Act of 1974

y Electronic Communication Privacy Act of 1986

y Computer Security Act of 1987

y Fair Credit reporting Act of 1970

y Privacy Protection Act of 1980

y Right to Financial Privacy Act of 1978


9/42

y System is capable of monitoring, capturing , andstoring communications that pass through it.

y Help organizations determine who is visiting theirWeb Sites and how to better target their offerings.

y Web Sites can also capture information about visitorswithout their knowledge using cookie technology.

y Cookies: Tiny Files deposited on a computer hard drive when an

individual visits certain Web Sites. Used to identify the visitor and track visits to the Web

Site.


10/42

y There is an another Web Site monitoring tool known asWEBBUGS.

y WEBBUGS:Tiny Graphic Files embedded in e-mail messages and Web

pages that are designed to monitor online Internet userbehavior.They are tiny, colorless , and virtually visible , they can be

difficult for unsophisticated Internet users to detect.

y Spyware Secretly install itself on users computer.

Report the user movement on the internet to other computer


11/42

y Managing Cookies : Block or limit Cookies from beingplaced on the users computer. Example-MicrosoftInternet Explorer 5 and 6 Cookie Crusher.

y Blocking Ads : Control ads that pop up based on userprofiles and prevent ads from collecting or sendinginformation . Example : BHO Cop AdSubtract

y Encrypting e-mail or data : Scramble e-mail or datathat they cant be read. Example: Pretty Good

Privacy(PGP).y Anonymizers: Allow users to surf the Web without

being identified


12/42

y Intellectual Property is the intangible property createdby individuals or corporation.

y

Computerized information can be so easily copied ordistributed on networks.

y Intellectual property is subject to protections under -y Trade Secret

y

Copyright Lawy Patent Law


13/42

y Any intellectual work or product used for a businesspurpose that can be classified as belonging to thatbusiness , provided it is not based on information in

the public domain.y Grant a monopoly on the ideas behind a work product.

y Protects the actual ideas in a work product.

y To make this claim, creator or owner must take care to

bind employees and customers with nondisclosureagreements and to prevent the secret from falling intothe public domain.


14/42

Limitation:-

Although virtually all software programs of anycomplexity contain unique elements of some sort , it is

difficult to prevent the ideas in the work falling intothe public domain when the software is widelydistributed.


15/42

y A statutory grant that protects creators of intellectualproperty against copying by others for any purposeduring the life of author plus an additional 70 years

after the death of the author.y Encourage creativity and authorship by ensuring that

creative people receive the monetary and otherbenefits.

y

It does not protect ideas just their expression in atangible medium.


16/42

y It grant the owner of a patent an exclusive monopolyto the ideas behind an invention for 20 years.

y Patents are different from copyrights in that theyprotect the ideas themselves and not merely theexpression of ideas.

y There are 4 types of inventions for which patents aregranted under patent law:

y Machines.y

Man-Made products.y Compositions of Matter .y Processing Methods.


17/42

y The key concepts in patent law are Originality,Novelty, and Invention.

y The strength of patent protection is that it grants a

monopoly on the underlying concepts and ideas ofsoftware .

y The difficulty is passing stringent criteria of non-obviousness, originality, as well as years to receive

protection.


18/42

y Cyber Theft

y Intellectual Property Protections

y

Software Piracyy Illegal File Sharing



19/42

y If a person is injured by a machine partly controlled bysoftware, who should be hold accountable , and

therefore liable?y Responsibility means that as free moral agents:

individuals , organizations, and societies areresponsible for the actions they take.

y

Accountability means that individuals, organizations ,and societies should be held accountable to others forthe consequences of their actions.


20/42

y Liability is a feature of political systems in which abody of law is in place that permits individuals to

recover the damages done to them by other actors,systems, or organizations.

y Exercising control means governing the Internet andE-commerce.


21/42

y Correcting bugs may be very expensive and is noteconomically feasible.

y Three principal sources of poor system performance

arey Software bugs and Errors

yHardware or Facility failures caused bynatural or other causes

yPoor input data quality


22/42

y Balancing Power- decentralized decision making

y Maintaining Boundaries: Family, work and Leisure

y

Equity and Access: Increasing racial and social classcleavages

y Employment: Reengineering Job Loss

y Health Risk



23/42

23

yAssociation of Information TechnologyProfessionals (AITP) definition includesy The unauthorized use, access, modification, and

destruction of hardware, software, data, or networkresources

y Unauthorized release of information

y Unauthorized copying of software

GLA Group of Institutions


24/42

24

y Hackingy The obsessive use of

computers, or the

unauthorized access anduse of networkedcomputer systems

y Cyber Thefty Involves unauthorized

network entry and thefraudulent alteration ofcomputer databases

Who commits computer crime?


25/42

25

y Unauthorized use at worky Also called time and resource theft

y May range from doing private consulting or personalfinances, to playing video games, to unauthorized use of

the Internet on company networksy Piracy of intellectual property

y Other forms of intellectual property covered bycopyright lawsy Music

y Videos

y Images

y Articles

y Books

y

Other written works


26/42

26

y Software Piracyy Unauthorized copying of software

y Software is intellectual property protected by copyright lawand user licensing agreements

y Computer viruses and wormsy Virus

y A program that cannot work without being inserted intoanother program

y

Wormy A distinct program that can run unaided


27/42

27

y IT makes it technically and economically feasible tocollect, store, integrate, interchange, and retrieve dataand information quickly and easily.y B

enefit increases efficiency and effectivenessy But, may also have a negative effect on individuals right

to privacy



28/42

28

y Privacy on the Internety Users of the Internet are highly visible and open to

violations of privacy

y

Unsecured with no real rulesy Cookies capture information about you every time you

visit a site

y That information may be sold to third parties



29/42

29

y Privacy on the Internet (continued)y Protect your privacy by

y Encrypting your messages

y Post to newsgroups through anonymous remailers

y Ask your ISP not to sell your information to mailing listproviders and other marketers

y Decline to reveal personal data and interests online

y Privacy lawsy

Attempt to enforce the privacy of computer-based filesand communications

y Electronic Communications Privacy Act

y Computer Fraud and Abuse ActGLA Group of Institutions


30/42

30

y Computer Libel and Censorshipy The opposite side of the privacy debate

y Right to know (freedom of information)

y Right to express opinions (freedom of speech)

y Right to publish those opinions (freedom of the press)

y Spamming

y Flaming



31/42

31

y Employmenty New jobs have been created and productivity has

increased, yet there has been a significant reduction insome types of jobs as a result of IT.

y Computer Monitoringy Concerns workplace privacy

y Monitors individuals, not just worky Is done continually. May be seen as violating workers privacy

& personal freedomy Workers may not know that they are being monitored or how

the information is being usedy May increase workers stress levely May rob workers of the dignity of their work



32/42

32

y Working Conditionsy IT has eliminated many monotonous, obnoxious tasks,

but has created others

y

Individualityy Computer-based systems criticized as impersonal

systems that dehumanize and depersonalize activities

y Regimentation



33/42

33

y Repetitive Stress Injury

y Carpal Tunnel Syndrome

y Computer Vision Syndrome

y Techno stressy Some solutions

y Ergonomics (human factors engineering)



34/42

34

y Encryptiony Passwords, messages, files, and other data is transmitted

in scrambled form and unscrambled for authorizedusers

y Involves using special mathematical algorithms totransform digital data in scrambled code

y Most widely used method uses a pair of public andprivate keys unique to each individual


35/42

35

y Firewallsy Serves as a gatekeeper system that protects a

companys intranets and other computer networks fromintrusiony Provides a filter and safe transfer point

y Screens all network traffic for proper passwords or othersecurity codes


36/42

36

y Denial of Service Defensesy These assaults depend on three layers of networked

computer systemsy Victims website

y Victims ISP

y Sites of zombie or slave computers

y Defensive measures and security precautions must betaken at all three levels


37/42

37

y E-mail Monitoringy Spot checks just arent good enough anymore. The tide

is turning toward systematic monitoring of corporate e-mail traffic using content-monitoring software thatscans for troublesome words that might compromisecorporate security.

y Virus Defensesy Protection may accomplished through

y Centralized distribution and updating of antivirus softwarey Outsourcing the virus protection responsibility to ISPs or to

telecommunications or security management companies


38/42

38

y Security codesy Multilevel password system

y Log onto the computer system

y Gain access into the system

y Access individual files

y Backup Filesy Duplicate files of data or programs

y File retention measures

y Sometimes several generations of files are kept forcontrol purposes


39/42

39

y Security Monitorsy Programs that monitor the use of computer systems and

networks and protect them from unauthorized use,fraud, and destruction

y Biometric Securityy Measure physical traits that make each individual

uniquey Voice

y Fingerprints

y Hand geometry

y Signature dynamics

y Keystroke analysis

y Retina scanning

y Face recognition and Genetic pattern analysis


40/42

40

y Computer Failure Controlsy Preventive maintenance of hardware and management

of software updates

y Backup computer system

y Carefully scheduled hardware or software changes

y Highly trained data center personnel


41/42

41

y Fault Tolerant Systemsy Computer systems that have redundant processors,

peripherals, and softwarey Fail-over

y Fail-safe

y Fail-soft

y Disaster Recoveryy Disaster recovery plan

y Which employees will participate and their dutiesy What hardware, software, and facilities will be used

y Priority of applications that will be processed


42/42

42

y Information System Controlsy Methods and devices that attempt to ensure the

accuracy, validity, and propriety of information systemactivities

y Designed to monitor and maintain the quality andsecurity of input, processing, and storage activities

y Auditing Business Systemsy Review and evaluate whether proper and adequate

security measures and management policies have beendeveloped and implemented

y Testing the integrity of an applications audit trail

Date post:	30-May-2018
Category:	Documents
Upload:	avayant-kumar-singh
View:	218 times
Download:	0 times

Ethics and Security Management

Documents