SlideShare ist ein Scribd-Unternehmen logo

MIS part 4_CH 11.ppt

Als PPT, PDF herunterladen
E
EndAlk15

Mis

Bildung
1 von 51
Chapter 11. Computers and Society: Security, Privacy, and Ethics Mesfin F (PhD) Mesfin.fikre@aau.edu.et 1
Objectives Describe the type of computer security risks Identify how to safeguard against computer risks Identify and safeguard hardware thefts Explain how SW companies protect against SW Piracy How to protect problem of system failure Identify safeguards against internet risks 2
Recognize issues related to information accuracy, rights, and conduct Discuss issues related to information privacy Discuss health related impacts of computer use Discuss ethical issues like information accuracy, intellectual rights, information privacy, content filtering, cookies etc 3
Contents 1. Computer security risks 1. Virus, worm, Trojan horses Vs Solutions? 2. Unauthorized access and use 3. Hardware theft 4. Software theft 5. Information theft 6. System failure 2. Internet security risks 1. Denial of service attack 2. Securing internet transactions (related to e- commerce payment) 3. Securing e-mail messages 3. Ethics and IT 1. Information accuracy 2. Intellectual copy rights 3. Information Privacy 4. E- profile 5. Cookies 6. Spyware 7. Spam 8. Employee monitoring 9. Content filtering 4. Health and IT 1. Computer addiction 4
1. Computer security risks • What is computer security risks? - Is an event or action that could cause a loss or damage to computer HW, SW, Data, Information, processing speed etc. - Can be planned—computer crime, illegal act involving a computer OR - It can be Accidental Common security risks are: Virus, worm, Trojan horses, Unauthorized access and use, Hardware theft, Software theft, Information theft, and System failure 5
1.1. Viruses, Worms, and Trojan Horses • Computer viruses—potentially damaging program that infects a computer and affects the way the computer works without user’s knowledge or attention. – Can damage file, program file, even operating system – Can spread through out the computer system • Worm—Copies itself repeatedly for example through out the memory, through out the NW – Uses memory space (RAM) • Decreases processing speed – Possibly will shut down the computer • Trojan horse—looks like legitimate program – Do not duplicate it self to other computers – Takes storage memory (hard disk) 6
1.2. Unauthorized Access and Use Unauthorized Access: • Is the use of a computer or NW without permission. • Cracker is someone who tries to access a computer or network illegally. – They may steal/use resources (eg US election…suspect) – Or they may damage some resources Unauthorized use: – Is the use of a computer or its data for unapproved or possibly illegal activities. – Computer Fraud is the common Example 7
Computer Fraud Is any fraud that requires computer technology to perpetrate. Examples include: • Unauthorized theft, use, access, modification, copying, or destruction of SW, HW, or data • Theft of assets covered up by altering computer records • Obtaining info/ tangible property illegally using computers 8
The rise of CF • Computer fraud can be much more difficult to detect than other types of fraud. – People who break into corporate dbs can steal, destroy, or alter data in little time, leaving little / no evidence. – Many instances of computer fraud go undetected. – A high percentage of fraud are not reported. – Law enforcement cannot keep up with growth of CF. 9
CF Classification 1. Input Fraud: is to alter computer input. It requires little skill; perpetrators need only understand how the system operates so that they cover tracks. 1,200=120 2. Processor F: includes unauthorized system use, including the theft of computer time and services. 3. Computer instruction F: tampering with company sw, copying sw illegally, using sw in an unauthorized manner, and developing sw to carry out an unauthorized activity. 4. Data F: Illegally using, copying, browsing, searching, or harming company data 10
Detecting Fraud and Abuse and Preventing • Make fraud less likely to occur • Reduce fraud losses: Have adequate insurance. • Increase the difficulty of committing fraud – Develop and implement a strong internal controls. • Improve detection methods – Install fraud detection software, -Implement a fraud hotline. 11
Safeguards against unauthorized access and use A. Firewalls B. Intrusion detection software C. Access controls D. Audit trials 12
13
B. Intrusion Detection Software • To provide extra protections against hackers, large companies sometimes use intrusion detection SW to identify possible security breaches. – Analyze NW traffic, assess system vulnerabilities, identify any unauthorized attempts, and notifies NW administrators of suspicious behavior patterns. – Example software(s): next slide – https://www.ibm.com/support/knowledgecenter/en/s sw_ibm_i_61/rzaub/rzaubexamples.htm 14
C. Access Controls • Defines who can access a computer, when they can access it, and for what actions. • Can be through: – Identification and Authentication • Through User Name and Password • Through Possessed objects • Through Biometric devices 15
Through User Name and Password • Do not use the following as a password: – Your name, your telephone number, your ID number, your birth date etc. – Once you set a password, change it frequently • Strong passwords – Have more than 6 characters – Are combination of different characters (AS**&nb) 16
Possessed objects • Is any item that you must carry to gain access to a computer/computer facility – Example ATM card, door key, car keys etc – Disadvantage: • Can be lost • Can be copied / duplicated /stolen 17
Biometric mechanisms • Are based on personal characteristics – Are unique – Cannot be duplicated, cannot be forgotten – Example • Finger print recognition, face recognition, eye recognition etc • Shortcomings; – One can get lost/damage his finger/ face – When one gets old etc 18
19
1.3. Hardware Theft • Is the act of stealing computer equipment – Solution: physical access control (through door and window locking) • Mobile theft and protection/ • Laptop theft and protection – It is a good business oppo 20
1.4. Software theft • When someone – steals SW media (CD), – intentionally erases SW program, – illegally copies SW, also called software piracy • Safeguarding ways; – Putting original CDs safely – Not allowing terminated IT people enter into the company – Issue license agreement—to protect SW piracy ( a right to use not the right to own) 21
1.5. Information theft • When some one steals personal/ confidential information – Example-school plagiarism (2008/ 2012 EC) Asst & Thesis – Solution: to encrypt data, the process of converting readable data into unreadable characters to prevent unauthorized use. 22 Cryptography Algo: RSA
1.6. System failure • Is the prolonged malfunction of a computer • Solution: – Backup on secondary storage medias – Using online backup services (Internet hard disks) – How to deal with failure of ATM and internet banking ???? 23
2.1. Internet Security risks • Information transmitted over NWs has a higher degree of security risk than information kept on a company’s premises. • Example: Denial of service attack (DoS); to disrupt access to the web 24
Computer Attacks and Abuse • All computers connected to the Internet, mainly those with important trade secrets or valuable IT assets, are under constant attack from hackers, foreign governments, terrorist groups, disaffected employees, industrial spies, and competitors. – These people attack computers looking for valuable data or trying to harm the computer system. 25
Common attack techniques: 1. Hijacking 2. Spamming 3. Hacking 4. Spoofing – E-mail spoofing – Caller ID Spoofing 26
1. Hijacking: is gaining control of a computer to carry out illicit activities without the user’s knowledge. 27
2. Hacking: is the unauthorized access, modification, or use of an electronic device or some element of a computer system. Most hackers break into systems using known flaws in op systems or app programs, or as a result of poor access controls. Russian hackers broke into Citibank’s system and stole $10 million from custs. During the Iraq war, Dutch hackers stole confidential info, including troop movements and weapons info at 34 military sites. Their offer to sell the info to Iraq was declined, probably because Iraq feared it was a setup. 28
3. Spoofing-altering some part of an electronic communication to make it look as if someone else sent the communication in order to gain the trust of the recipient. 29
E-mail Spoofing: Making a sender address and other parts of an e-mail header appear as though the e-mail originated from a different source 30 masfinfw@gmail.com mesfinfw@gmail.com
2. Social engineering (SE) • Techniques or psychological tricks used to get people to comply with the perpetrator’s wishes in order to gain physical or logical access to a building, computer, server, or network. • It is usually to get the information needed to obtain confidential data. 31
Establishing the following policies and procedures— and training people to follow them—can help minimize SE: 1. Never let people follow you into a restricted building. 2. Never login for someone else on a computer, especially if you have administrative access. 3. Never give sensitive info over the phone or through e-mail. 4. Never share passwords or user IDs. 5. Be cautious of anyone you do not know who is trying to gain access through you. 32
evil twin • wireless network with the same name (Service Set Identifier) as a legitimate wireless access point. Users are connected to the twin because it has a stronger wireless signal or the twin disrupts or disables the legitimate access point. • Users are unaware that they connect to the evil twin and the perpetrator monitors the traffic looking for confidential information. 33
34
Trap door, or back door, • is a set of computer instructions that allows a user to bypass the system’s normal controls. Programmers create trap doors so they can modify programs during systems development and then remove them before the system is put into operation. • packet sniffers-Programs that capture data from information packets as they travel over the Internet or company networks. Captured data is sifted to find confidential or proprietary information. 35
36
3.1. Ethics and society • Computer ethics are the moral guidelines that govern the use of computer information systems • Areas include; – Unauthorized use of computers and NWs – SW theft (piracy) – Information accuracy – Intellectual property right – Information privacy – Virus ?? Is it ethical? 37
• Information accuracy: Do not assume that all information on the web are accurate! • Information Privacy : Refers to the right of individuals/ companies to deny or restrict the collection and use of information about them. 38
Cookies  It is a small text file that a web server stores on your computer. E-commerce and other web applications often rely on cookies to identify and customize web pages.  (to personalize web sites)  To store passwords, so that they will not retype every time It typically contains data about you, such as user name, view preferences etc 39
Privacy and Google services • Why Google give me unlimited storage for life and Apple charges for more than 5gb? – Google doesn't give you anything for free. Nothing's free. That's the general concept in life, but especially with Google. If Google isn't charging you for a product or service, it's because you're the product. – The thing most people seem to completely gloss over is that Google is not a “technology company” - they are an advertising company. https://www.quora.com/Why-can-Google-give-me-unlimited-storage-for-life- and-Apple-charges-for-more-than-5gb 40
Spying (Spyware) • Is a program placed on a computer without the user’s knowledge that secretly collects information about him/her. • Can enter a computer as a virus or when a user installs a new program • Example: – Keylogger software records computer activity, such as a user’s keystrokes, e-mails sent and received, websites visited, and chat session participation. Parents use the software to monitor their children’s computer usage, and businesses use it to monitor employee activity. – Spyware: software that secretly monitors computer usage, collects personal information about users, and sends it to someone else, often without the computer user’s permission. 41
42
Employee monitoring • Involves the use of computers to observe, record, and review an employee’s use of a computer, including e-mail communications, web sites visited, keyboard activity (to measure productivity) 43
Content filtering • Is the process of restricting access to certain material on the web. • Ban materials that violate some ethical aspects/cultural aspects 44 ISP
RFID and Employee Id – How would you feel if your organization/ University use RFID tags embedded in student IDs to control building access, manage computer access, or even automatically track class attendance. 45
Asst….1 • As an IS expert in your firm, you have been asked to help management decide whether to outsource security or keep the security function within the firm. Search the Web to find information to help you decide whether to outsource security and to locate security outsourcing services. • Present a brief summary of the arguments for and against outsourcing computer security for your company. • Select two firms that offer computer security outsourcing services, and compare them and their services. • Prepare an electronic presentation for management summarizing your findings. 46
• Your presentation should make the case on whether or not your company should outsource computer security. If you believe your company should outsource, the presentation should identify which security outsourcing service should be selected and justify your selection. 47
Asst ….2 • Facebook makes its money through advertising. Facebook represents a unique opportunity for advertisers to reach highly targeted audiences based on their demographic information, hobbies and personal preferences, geographical regions, and other narrowly specified criteria in a comfortable and engaging environment. • Visit Facebook’s Web site and review the site’s privacy policy. Then answer the following questions: • To what user information does Facebook retain the rights? • What is Facebook’s stance regarding information shared via third-party applications developed for the Facebook platform? • Did you find the privacy policy to be clear and reasonable? What would you change, if anything? 48
1. Provide one example of how IT has created an ethical dilemma that would not have existed before the advent IT 2. Find an example of a code of ethics or acceptable use policy related to IT and highlight five points that you think are important. 3. Do some original research on the effort to combat patent trolls. Write a two-page paper that discusses this legislation. 4. How are intellectual property protections different across the world? Pick two countries and do some original research, then compare the patent and copyright protections offered in those countries to those in Ethiopia. Write a two- to three-page paper describing the differences. 49
1.What privacy concerns could be raised by collaborative technologies such as Waze? 2.Write an example of how Internet of Things might provide a business with a competitive advantage. 3.How do you think wearable technologies could improve overall healthcare? 50
4. Health concerns of computer use • Computer addiction • Back pain • Eye strain • etc 51

Empfohlen

Network security
Network securityNetwork security
Network securitymena kaheel
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptxJoselitoJMebolos
 
Topic 5.0 basic security part 1
Topic 5.0 basic security part 1Topic 5.0 basic security part 1
Topic 5.0 basic security part 1Atika Zaimi
 
Chapter 10.0
Chapter 10.0Chapter 10.0
Chapter 10.0Adebisi Tolulope
 
Computer crime
Computer crimeComputer crime
Computer crimeSurya Prasad
 
Hacking
Hacking Hacking
Hacking thajmohammed
 
Lecture 5.1.pptx
Lecture 5.1.pptxLecture 5.1.pptx
Lecture 5.1.pptxDibyesh1
 
DATA SECURITY AND CONTROL.ppt
DATA SECURITY AND CONTROL.pptDATA SECURITY AND CONTROL.ppt
DATA SECURITY AND CONTROL.pptWilsonWanjohi5
 

Empfohlen

Network security
Network securityNetwork security
Network securitymena kaheel
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptxJoselitoJMebolos
 
Topic 5.0 basic security part 1
Topic 5.0 basic security part 1Topic 5.0 basic security part 1
Topic 5.0 basic security part 1Atika Zaimi
 
Chapter 10.0
Chapter 10.0Chapter 10.0
Chapter 10.0Adebisi Tolulope
 
Computer crime
Computer crimeComputer crime
Computer crimeSurya Prasad
 
Hacking
Hacking Hacking
Hacking thajmohammed
 
Lecture 5.1.pptx
Lecture 5.1.pptxLecture 5.1.pptx
Lecture 5.1.pptxDibyesh1
 
DATA SECURITY AND CONTROL.ppt
DATA SECURITY AND CONTROL.pptDATA SECURITY AND CONTROL.ppt
DATA SECURITY AND CONTROL.pptWilsonWanjohi5
 
Computer security
Computer securityComputer security
Computer securityRoshanMaharjan13
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks ShellyAdeel Khurram
 
Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.rizwanshafique4321
 
Cyber Security Briefing
Cyber Security BriefingCyber Security Briefing
Cyber Security BriefingMarshall Frett Jr.
 
chapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdfchapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdfsatonaka3
 
Lecture 7---Security (1).pdf
Lecture 7---Security (1).pdfLecture 7---Security (1).pdf
Lecture 7---Security (1).pdfZeeshanMajeed15
 
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptxCRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptxNune SrinivasRao
 
Security Threats
Security ThreatsSecurity Threats
Security ThreatsYasmeen Shaikh
 
BCE L-3omputer security Basics.pptx
BCE L-3omputer security Basics.pptxBCE L-3omputer security Basics.pptx
BCE L-3omputer security Basics.pptxKirti Verma
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptxkishore golla
 
COMPUTER ETHICS.pptx
COMPUTER ETHICS.pptxCOMPUTER ETHICS.pptx
COMPUTER ETHICS.pptxsantosh26kumar2003
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptxAkshayKhade21
 
IS Unit II.pptx
IS Unit II.pptxIS Unit II.pptx
IS Unit II.pptxLAVANYAsrietacin
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx56ushodayareddy
 
SEMINAR ON CYBER SECURITY.pptx
SEMINAR ON CYBER SECURITY.pptxSEMINAR ON CYBER SECURITY.pptx
SEMINAR ON CYBER SECURITY.pptxGauravWankar2
 
4.1.2 area 2016
4.1.2 area 20164.1.2 area 2016
4.1.2 area 2016dilahkmpk
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingPrabhat kumar Suman
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2MLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
Chapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptxChapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptxJhaiJhai6
 
CHEST Proprioceptive neuromuscular facilitation.pptx
CHEST Proprioceptive neuromuscular facilitation.pptxCHEST Proprioceptive neuromuscular facilitation.pptx
CHEST Proprioceptive neuromuscular facilitation.pptxAneriPatwari
 
Faculty Profile prashantha K EEE dept Sri Sairam college of Engineering
Faculty Profile prashantha K EEE dept Sri Sairam college of EngineeringFaculty Profile prashantha K EEE dept Sri Sairam college of Engineering
Faculty Profile prashantha K EEE dept Sri Sairam college of EngineeringSri Sairam College Of Engineering Bengaluru
 

Weitere ähnliche Inhalte

Ähnlich wie MIS part 4_CH 11.ppt

Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks ShellyAdeel Khurram
 
Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.rizwanshafique4321
 
chapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdfchapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdfsatonaka3
 
Lecture 7---Security (1).pdf
Lecture 7---Security (1).pdfLecture 7---Security (1).pdf
Lecture 7---Security (1).pdfZeeshanMajeed15
 
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptxCRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptxNune SrinivasRao
 
BCE L-3omputer security Basics.pptx
BCE L-3omputer security Basics.pptxBCE L-3omputer security Basics.pptx
BCE L-3omputer security Basics.pptxKirti Verma
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptxkishore golla
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptxAkshayKhade21
 
SEMINAR ON CYBER SECURITY.pptx
SEMINAR ON CYBER SECURITY.pptxSEMINAR ON CYBER SECURITY.pptx
SEMINAR ON CYBER SECURITY.pptxGauravWankar2
 
4.1.2 area 2016
4.1.2 area 20164.1.2 area 2016
4.1.2 area 2016dilahkmpk
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2MLG College of Learning, Inc
 
Chapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptxChapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptxJhaiJhai6
 

Ähnlich wie MIS part 4_CH 11.ppt (20)

Computer security
Computer securityComputer security
Computer security
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks Shelly
 
Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.
 
Cyber Security Briefing
Cyber Security BriefingCyber Security Briefing
Cyber Security Briefing
 
chapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdfchapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdf
 
Lecture 7---Security (1).pdf
Lecture 7---Security (1).pdfLecture 7---Security (1).pdf
Lecture 7---Security (1).pdf
 
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptxCRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
 
Security Threats
Security ThreatsSecurity Threats
Security Threats
 
BCE L-3omputer security Basics.pptx
BCE L-3omputer security Basics.pptxBCE L-3omputer security Basics.pptx
BCE L-3omputer security Basics.pptx
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
 
COMPUTER ETHICS.pptx
COMPUTER ETHICS.pptxCOMPUTER ETHICS.pptx
COMPUTER ETHICS.pptx
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
IS Unit II.pptx
IS Unit II.pptxIS Unit II.pptx
IS Unit II.pptx
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
SEMINAR ON CYBER SECURITY.pptx
SEMINAR ON CYBER SECURITY.pptxSEMINAR ON CYBER SECURITY.pptx
SEMINAR ON CYBER SECURITY.pptx
 
4.1.2 area 2016
4.1.2 area 20164.1.2 area 2016
4.1.2 area 2016
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Chapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptxChapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptx
 

Kürzlich hochgeladen

CHEST Proprioceptive neuromuscular facilitation.pptx
CHEST Proprioceptive neuromuscular facilitation.pptxCHEST Proprioceptive neuromuscular facilitation.pptx
CHEST Proprioceptive neuromuscular facilitation.pptxAneriPatwari
 
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxGrade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxkarenfajardo43
 
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxUnraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxDhatriParmar
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptxmary850239
 
MS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdfMS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdfMr Bounab Samir
 
4.11.24 Poverty and Inequality in America.pptx
4.11.24 Poverty and Inequality in America.pptx4.11.24 Poverty and Inequality in America.pptx
4.11.24 Poverty and Inequality in America.pptxmary850239
 
Expanded definition: technical and operational
Expanded definition: technical and operationalExpanded definition: technical and operational
Expanded definition: technical and operationalssuser3e220a
 
Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17Celine George
 
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...Nguyen Thanh Tu Collection
 
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDecoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDhatriParmar
 
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptxDIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptxMichelleTuguinay1
 
How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17Celine George
 
Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1GloryAnnCastre1
 
Oppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmOppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmStan Meyer
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4JOYLYNSAMANIEGO
 
How to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseHow to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseCeline George
 

Kürzlich hochgeladen (20)

CHEST Proprioceptive neuromuscular facilitation.pptx
CHEST Proprioceptive neuromuscular facilitation.pptxCHEST Proprioceptive neuromuscular facilitation.pptx
CHEST Proprioceptive neuromuscular facilitation.pptx
 
Faculty Profile prashantha K EEE dept Sri Sairam college of Engineering
Faculty Profile prashantha K EEE dept Sri Sairam college of EngineeringFaculty Profile prashantha K EEE dept Sri Sairam college of Engineering
Faculty Profile prashantha K EEE dept Sri Sairam college of Engineering
 
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxGrade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
 
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptxINCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
 
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxUnraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx
 
MS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdfMS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdf
 
4.11.24 Poverty and Inequality in America.pptx
4.11.24 Poverty and Inequality in America.pptx4.11.24 Poverty and Inequality in America.pptx
4.11.24 Poverty and Inequality in America.pptx
 
Expanded definition: technical and operational
Expanded definition: technical and operationalExpanded definition: technical and operational
Expanded definition: technical and operational
 
Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17
 
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
 
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDecoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
 
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptxDIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
 
How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17
 
Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1
 
Oppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmOppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and Film
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4
 
How to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseHow to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 Database
 
Paradigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTAParadigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTA
 

MIS part 4_CH 11.ppt

  • 1. Chapter 11. Computers and Society: Security, Privacy, and Ethics Mesfin F (PhD) Mesfin.fikre@aau.edu.et 1
  • 2. Objectives Describe the type of computer security risks Identify how to safeguard against computer risks Identify and safeguard hardware thefts Explain how SW companies protect against SW Piracy How to protect problem of system failure Identify safeguards against internet risks 2
  • 3. Recognize issues related to information accuracy, rights, and conduct Discuss issues related to information privacy Discuss health related impacts of computer use Discuss ethical issues like information accuracy, intellectual rights, information privacy, content filtering, cookies etc 3
  • 4. Contents 1. Computer security risks 1. Virus, worm, Trojan horses Vs Solutions? 2. Unauthorized access and use 3. Hardware theft 4. Software theft 5. Information theft 6. System failure 2. Internet security risks 1. Denial of service attack 2. Securing internet transactions (related to e- commerce payment) 3. Securing e-mail messages 3. Ethics and IT 1. Information accuracy 2. Intellectual copy rights 3. Information Privacy 4. E- profile 5. Cookies 6. Spyware 7. Spam 8. Employee monitoring 9. Content filtering 4. Health and IT 1. Computer addiction 4
  • 5. 1. Computer security risks • What is computer security risks? - Is an event or action that could cause a loss or damage to computer HW, SW, Data, Information, processing speed etc. - Can be planned—computer crime, illegal act involving a computer OR - It can be Accidental Common security risks are: Virus, worm, Trojan horses, Unauthorized access and use, Hardware theft, Software theft, Information theft, and System failure 5
  • 6. 1.1. Viruses, Worms, and Trojan Horses • Computer viruses—potentially damaging program that infects a computer and affects the way the computer works without user’s knowledge or attention. – Can damage file, program file, even operating system – Can spread through out the computer system • Worm—Copies itself repeatedly for example through out the memory, through out the NW – Uses memory space (RAM) • Decreases processing speed – Possibly will shut down the computer • Trojan horse—looks like legitimate program – Do not duplicate it self to other computers – Takes storage memory (hard disk) 6
  • 7. 1.2. Unauthorized Access and Use Unauthorized Access: • Is the use of a computer or NW without permission. • Cracker is someone who tries to access a computer or network illegally. – They may steal/use resources (eg US election…suspect) – Or they may damage some resources Unauthorized use: – Is the use of a computer or its data for unapproved or possibly illegal activities. – Computer Fraud is the common Example 7
  • 8. Computer Fraud Is any fraud that requires computer technology to perpetrate. Examples include: • Unauthorized theft, use, access, modification, copying, or destruction of SW, HW, or data • Theft of assets covered up by altering computer records • Obtaining info/ tangible property illegally using computers 8
  • 9. The rise of CF • Computer fraud can be much more difficult to detect than other types of fraud. – People who break into corporate dbs can steal, destroy, or alter data in little time, leaving little / no evidence. – Many instances of computer fraud go undetected. – A high percentage of fraud are not reported. – Law enforcement cannot keep up with growth of CF. 9
  • 10. CF Classification 1. Input Fraud: is to alter computer input. It requires little skill; perpetrators need only understand how the system operates so that they cover tracks. 1,200=120 2. Processor F: includes unauthorized system use, including the theft of computer time and services. 3. Computer instruction F: tampering with company sw, copying sw illegally, using sw in an unauthorized manner, and developing sw to carry out an unauthorized activity. 4. Data F: Illegally using, copying, browsing, searching, or harming company data 10
  • 11. Detecting Fraud and Abuse and Preventing • Make fraud less likely to occur • Reduce fraud losses: Have adequate insurance. • Increase the difficulty of committing fraud – Develop and implement a strong internal controls. • Improve detection methods – Install fraud detection software, -Implement a fraud hotline. 11
  • 12. Safeguards against unauthorized access and use A. Firewalls B. Intrusion detection software C. Access controls D. Audit trials 12
  • 13. 13
  • 14. B. Intrusion Detection Software • To provide extra protections against hackers, large companies sometimes use intrusion detection SW to identify possible security breaches. – Analyze NW traffic, assess system vulnerabilities, identify any unauthorized attempts, and notifies NW administrators of suspicious behavior patterns. – Example software(s): next slide – https://www.ibm.com/support/knowledgecenter/en/s sw_ibm_i_61/rzaub/rzaubexamples.htm 14
  • 15. C. Access Controls • Defines who can access a computer, when they can access it, and for what actions. • Can be through: – Identification and Authentication • Through User Name and Password • Through Possessed objects • Through Biometric devices 15
  • 16. Through User Name and Password • Do not use the following as a password: – Your name, your telephone number, your ID number, your birth date etc. – Once you set a password, change it frequently • Strong passwords – Have more than 6 characters – Are combination of different characters (AS**&nb) 16
  • 17. Possessed objects • Is any item that you must carry to gain access to a computer/computer facility – Example ATM card, door key, car keys etc – Disadvantage: • Can be lost • Can be copied / duplicated /stolen 17
  • 18. Biometric mechanisms • Are based on personal characteristics – Are unique – Cannot be duplicated, cannot be forgotten – Example • Finger print recognition, face recognition, eye recognition etc • Shortcomings; – One can get lost/damage his finger/ face – When one gets old etc 18
  • 19. 19
  • 20. 1.3. Hardware Theft • Is the act of stealing computer equipment – Solution: physical access control (through door and window locking) • Mobile theft and protection/ • Laptop theft and protection – It is a good business oppo 20
  • 21. 1.4. Software theft • When someone – steals SW media (CD), – intentionally erases SW program, – illegally copies SW, also called software piracy • Safeguarding ways; – Putting original CDs safely – Not allowing terminated IT people enter into the company – Issue license agreement—to protect SW piracy ( a right to use not the right to own) 21
  • 22. 1.5. Information theft • When some one steals personal/ confidential information – Example-school plagiarism (2008/ 2012 EC) Asst & Thesis – Solution: to encrypt data, the process of converting readable data into unreadable characters to prevent unauthorized use. 22 Cryptography Algo: RSA
  • 23. 1.6. System failure • Is the prolonged malfunction of a computer • Solution: – Backup on secondary storage medias – Using online backup services (Internet hard disks) – How to deal with failure of ATM and internet banking ???? 23
  • 24. 2.1. Internet Security risks • Information transmitted over NWs has a higher degree of security risk than information kept on a company’s premises. • Example: Denial of service attack (DoS); to disrupt access to the web 24
  • 25. Computer Attacks and Abuse • All computers connected to the Internet, mainly those with important trade secrets or valuable IT assets, are under constant attack from hackers, foreign governments, terrorist groups, disaffected employees, industrial spies, and competitors. – These people attack computers looking for valuable data or trying to harm the computer system. 25
  • 26. Common attack techniques: 1. Hijacking 2. Spamming 3. Hacking 4. Spoofing – E-mail spoofing – Caller ID Spoofing 26
  • 27. 1. Hijacking: is gaining control of a computer to carry out illicit activities without the user’s knowledge. 27
  • 28. 2. Hacking: is the unauthorized access, modification, or use of an electronic device or some element of a computer system. Most hackers break into systems using known flaws in op systems or app programs, or as a result of poor access controls. Russian hackers broke into Citibank’s system and stole $10 million from custs. During the Iraq war, Dutch hackers stole confidential info, including troop movements and weapons info at 34 military sites. Their offer to sell the info to Iraq was declined, probably because Iraq feared it was a setup. 28
  • 29. 3. Spoofing-altering some part of an electronic communication to make it look as if someone else sent the communication in order to gain the trust of the recipient. 29
  • 30. E-mail Spoofing: Making a sender address and other parts of an e-mail header appear as though the e-mail originated from a different source 30 masfinfw@gmail.com mesfinfw@gmail.com
  • 31. 2. Social engineering (SE) • Techniques or psychological tricks used to get people to comply with the perpetrator’s wishes in order to gain physical or logical access to a building, computer, server, or network. • It is usually to get the information needed to obtain confidential data. 31
  • 32. Establishing the following policies and procedures— and training people to follow them—can help minimize SE: 1. Never let people follow you into a restricted building. 2. Never login for someone else on a computer, especially if you have administrative access. 3. Never give sensitive info over the phone or through e-mail. 4. Never share passwords or user IDs. 5. Be cautious of anyone you do not know who is trying to gain access through you. 32
  • 33. evil twin • wireless network with the same name (Service Set Identifier) as a legitimate wireless access point. Users are connected to the twin because it has a stronger wireless signal or the twin disrupts or disables the legitimate access point. • Users are unaware that they connect to the evil twin and the perpetrator monitors the traffic looking for confidential information. 33
  • 34. 34
  • 35. Trap door, or back door, • is a set of computer instructions that allows a user to bypass the system’s normal controls. Programmers create trap doors so they can modify programs during systems development and then remove them before the system is put into operation. • packet sniffers-Programs that capture data from information packets as they travel over the Internet or company networks. Captured data is sifted to find confidential or proprietary information. 35
  • 36. 36
  • 37. 3.1. Ethics and society • Computer ethics are the moral guidelines that govern the use of computer information systems • Areas include; – Unauthorized use of computers and NWs – SW theft (piracy) – Information accuracy – Intellectual property right – Information privacy – Virus ?? Is it ethical? 37
  • 38. • Information accuracy: Do not assume that all information on the web are accurate! • Information Privacy : Refers to the right of individuals/ companies to deny or restrict the collection and use of information about them. 38
  • 39. Cookies  It is a small text file that a web server stores on your computer. E-commerce and other web applications often rely on cookies to identify and customize web pages.  (to personalize web sites)  To store passwords, so that they will not retype every time It typically contains data about you, such as user name, view preferences etc 39
  • 40. Privacy and Google services • Why Google give me unlimited storage for life and Apple charges for more than 5gb? – Google doesn't give you anything for free. Nothing's free. That's the general concept in life, but especially with Google. If Google isn't charging you for a product or service, it's because you're the product. – The thing most people seem to completely gloss over is that Google is not a “technology company” - they are an advertising company. https://www.quora.com/Why-can-Google-give-me-unlimited-storage-for-life- and-Apple-charges-for-more-than-5gb 40
  • 41. Spying (Spyware) • Is a program placed on a computer without the user’s knowledge that secretly collects information about him/her. • Can enter a computer as a virus or when a user installs a new program • Example: – Keylogger software records computer activity, such as a user’s keystrokes, e-mails sent and received, websites visited, and chat session participation. Parents use the software to monitor their children’s computer usage, and businesses use it to monitor employee activity. – Spyware: software that secretly monitors computer usage, collects personal information about users, and sends it to someone else, often without the computer user’s permission. 41
  • 42. 42
  • 43. Employee monitoring • Involves the use of computers to observe, record, and review an employee’s use of a computer, including e-mail communications, web sites visited, keyboard activity (to measure productivity) 43
  • 44. Content filtering • Is the process of restricting access to certain material on the web. • Ban materials that violate some ethical aspects/cultural aspects 44 ISP
  • 45. RFID and Employee Id – How would you feel if your organization/ University use RFID tags embedded in student IDs to control building access, manage computer access, or even automatically track class attendance. 45
  • 46. Asst….1 • As an IS expert in your firm, you have been asked to help management decide whether to outsource security or keep the security function within the firm. Search the Web to find information to help you decide whether to outsource security and to locate security outsourcing services. • Present a brief summary of the arguments for and against outsourcing computer security for your company. • Select two firms that offer computer security outsourcing services, and compare them and their services. • Prepare an electronic presentation for management summarizing your findings. 46
  • 47. • Your presentation should make the case on whether or not your company should outsource computer security. If you believe your company should outsource, the presentation should identify which security outsourcing service should be selected and justify your selection. 47
  • 48. Asst ….2 • Facebook makes its money through advertising. Facebook represents a unique opportunity for advertisers to reach highly targeted audiences based on their demographic information, hobbies and personal preferences, geographical regions, and other narrowly specified criteria in a comfortable and engaging environment. • Visit Facebook’s Web site and review the site’s privacy policy. Then answer the following questions: • To what user information does Facebook retain the rights? • What is Facebook’s stance regarding information shared via third-party applications developed for the Facebook platform? • Did you find the privacy policy to be clear and reasonable? What would you change, if anything? 48
  • 49. 1. Provide one example of how IT has created an ethical dilemma that would not have existed before the advent IT 2. Find an example of a code of ethics or acceptable use policy related to IT and highlight five points that you think are important. 3. Do some original research on the effort to combat patent trolls. Write a two-page paper that discusses this legislation. 4. How are intellectual property protections different across the world? Pick two countries and do some original research, then compare the patent and copyright protections offered in those countries to those in Ethiopia. Write a two- to three-page paper describing the differences. 49
  • 50. 1.What privacy concerns could be raised by collaborative technologies such as Waze? 2.Write an example of how Internet of Things might provide a business with a competitive advantage. 3.How do you think wearable technologies could improve overall healthcare? 50
  • 51. 4. Health concerns of computer use • Computer addiction • Back pain • Eye strain • etc 51