1. Chapter 11. Computers and Society:
Security, Privacy, and Ethics
Mesfin F (PhD)
Mesfin.fikre@aau.edu.et
1
2. Objectives
Describe the type of computer security risks
Identify how to safeguard against computer risks
Identify and safeguard hardware thefts
Explain how SW companies protect against SW
Piracy
How to protect problem of system failure
Identify safeguards against internet risks
2
3. Recognize issues related to information accuracy,
rights, and conduct
Discuss issues related to information privacy
Discuss health related impacts of computer use
Discuss ethical issues like information accuracy,
intellectual rights, information privacy, content
filtering, cookies etc
3
4. Contents
1. Computer security risks
1. Virus, worm, Trojan horses Vs Solutions?
2. Unauthorized access and use
3. Hardware theft
4. Software theft
5. Information theft
6. System failure
2. Internet security risks
1. Denial of service attack
2. Securing internet transactions (related to e- commerce payment)
3. Securing e-mail messages
3. Ethics and IT
1. Information accuracy
2. Intellectual copy rights
3. Information Privacy
4. E- profile
5. Cookies
6. Spyware
7. Spam
8. Employee monitoring
9. Content filtering
4. Health and IT
1. Computer addiction
4
5. 1. Computer security risks
• What is computer security risks?
- Is an event or action that could cause a loss or
damage to computer HW, SW, Data, Information,
processing speed etc.
- Can be planned—computer crime, illegal act involving
a computer OR
- It can be Accidental
Common security risks are: Virus, worm, Trojan horses,
Unauthorized access and use, Hardware theft,
Software theft, Information theft, and System failure
5
6. 1.1. Viruses, Worms, and Trojan Horses
• Computer viruses—potentially damaging
program that infects a computer and affects the
way the computer works without user’s knowledge
or attention.
– Can damage file, program file, even operating system
– Can spread through out the computer system
• Worm—Copies itself repeatedly for example
through out the memory, through out the NW
– Uses memory space (RAM)
• Decreases processing speed
– Possibly will shut down the computer
• Trojan horse—looks like legitimate program
– Do not duplicate it self to other computers
– Takes storage memory (hard disk)
6
7. 1.2. Unauthorized Access and Use
Unauthorized Access:
• Is the use of a computer or NW without permission.
• Cracker is someone who tries to access a computer
or network illegally.
– They may steal/use resources (eg US election…suspect)
– Or they may damage some resources
Unauthorized use:
– Is the use of a computer or its data for unapproved or
possibly illegal activities.
– Computer Fraud is the common Example
7
8. Computer Fraud
Is any fraud that requires computer technology to
perpetrate.
Examples include:
• Unauthorized theft, use, access, modification,
copying, or destruction of SW, HW, or data
• Theft of assets covered up by altering computer
records
• Obtaining info/ tangible property illegally using computers
8
9. The rise of CF
• Computer fraud can be much more difficult to
detect than other types of fraud.
– People who break into corporate dbs can steal,
destroy, or alter data in little time, leaving little / no
evidence.
– Many instances of computer fraud go undetected.
– A high percentage of fraud are not reported.
– Law enforcement cannot keep up with growth of CF.
9
10. CF Classification
1. Input Fraud: is to alter computer input. It requires
little skill; perpetrators need only understand how
the system operates so that they cover tracks.
1,200=120
2. Processor F: includes unauthorized system use,
including the theft of computer time and services.
3. Computer instruction F: tampering with company
sw, copying sw illegally, using sw in an unauthorized
manner, and developing sw to carry out an
unauthorized activity.
4. Data F: Illegally using, copying, browsing, searching,
or harming company data
10
11. Detecting Fraud and Abuse and Preventing
• Make fraud less likely to occur
• Reduce fraud losses: Have adequate insurance.
• Increase the difficulty of committing fraud
– Develop and implement a strong internal controls.
• Improve detection methods
– Install fraud detection software,
-Implement a fraud hotline.
11
14. B. Intrusion Detection Software
• To provide extra protections against hackers, large
companies sometimes use intrusion detection SW
to identify possible security breaches.
– Analyze NW traffic, assess system vulnerabilities,
identify any unauthorized attempts, and notifies NW
administrators of suspicious behavior patterns.
– Example software(s): next slide
– https://www.ibm.com/support/knowledgecenter/en/s
sw_ibm_i_61/rzaub/rzaubexamples.htm
14
15. C. Access Controls
• Defines who can access a computer, when they
can access it, and for what actions.
• Can be through:
– Identification and Authentication
• Through User Name and Password
• Through Possessed objects
• Through Biometric devices
15
16. Through User Name and Password
• Do not use the following as a password:
– Your name, your telephone number, your ID
number, your birth date etc.
– Once you set a password, change it frequently
• Strong passwords
– Have more than 6 characters
– Are combination of different characters
(AS**&nb)
16
17. Possessed objects
• Is any item that you must carry to gain access
to a computer/computer facility
– Example ATM card, door key, car keys etc
– Disadvantage:
• Can be lost
• Can be copied / duplicated /stolen
17
18. Biometric mechanisms
• Are based on personal characteristics
– Are unique
– Cannot be duplicated, cannot be forgotten
– Example
• Finger print recognition, face recognition, eye
recognition etc
• Shortcomings;
– One can get lost/damage his finger/ face
– When one gets old etc
18
20. 1.3. Hardware Theft
• Is the act of stealing computer equipment
– Solution: physical access control (through door and
window locking)
• Mobile theft and protection/
• Laptop theft and protection
– It is a good business oppo
20
21. 1.4. Software theft
• When someone
– steals SW media (CD),
– intentionally erases SW program,
– illegally copies SW, also called software piracy
• Safeguarding ways;
– Putting original CDs safely
– Not allowing terminated IT people enter into the company
– Issue license agreement—to protect SW piracy ( a right to use
not the right to own)
21
22. 1.5. Information theft
• When some one steals personal/ confidential information
– Example-school plagiarism (2008/ 2012 EC) Asst & Thesis
– Solution: to encrypt data, the process of converting readable data into
unreadable characters to prevent unauthorized use.
22
Cryptography
Algo: RSA
23. 1.6. System failure
• Is the prolonged malfunction of a computer
• Solution:
– Backup on secondary storage medias
– Using online backup services (Internet hard disks)
– How to deal with failure of ATM and internet
banking ????
23
24. 2.1. Internet Security risks
• Information transmitted over NWs has a higher
degree of security risk than information kept on
a company’s premises.
• Example: Denial of service attack (DoS); to
disrupt access to the web
24
25. Computer Attacks and Abuse
• All computers connected to the Internet, mainly
those with important trade secrets or valuable IT
assets, are under constant attack from hackers,
foreign governments, terrorist groups, disaffected
employees, industrial spies, and competitors.
– These people attack computers looking for valuable
data or trying to harm the computer system.
25
26. Common attack techniques:
1. Hijacking
2. Spamming
3. Hacking
4. Spoofing
– E-mail spoofing
– Caller ID Spoofing
26
27. 1. Hijacking: is gaining control of a computer to carry
out illicit activities without the user’s knowledge.
27
28. 2. Hacking: is the unauthorized access, modification, or use of an
electronic device or some element of a computer system.
Most hackers break into systems using
known flaws in op systems or app
programs, or as a result of poor access
controls.
Russian hackers broke into
Citibank’s system and stole $10
million from custs.
During the Iraq war, Dutch hackers
stole confidential info, including
troop movements and weapons
info at 34 military sites. Their offer
to sell the info to Iraq was declined,
probably because Iraq feared it
was a setup.
28
29. 3. Spoofing-altering some part of an electronic
communication to make it look as if someone
else sent the communication in order to gain the
trust of the recipient.
29
30. E-mail Spoofing: Making a sender address and other parts of an e-mail
header appear as though the e-mail originated from a different source
30
masfinfw@gmail.com
mesfinfw@gmail.com
31. 2. Social engineering (SE)
• Techniques or psychological tricks used to get
people to comply with the perpetrator’s wishes in
order to gain physical or logical access to a
building, computer, server, or network.
• It is usually to get the information needed to
obtain confidential data.
31
32. Establishing the following policies and procedures—
and training people to follow them—can help
minimize SE:
1. Never let people follow you into a restricted
building.
2. Never login for someone else on a computer,
especially if you have administrative access.
3. Never give sensitive info over the phone or through
e-mail.
4. Never share passwords or user IDs.
5. Be cautious of anyone you do not know who is trying
to gain access through you.
32
33. evil twin
• wireless network with the same name (Service
Set Identifier) as a legitimate wireless access
point. Users are connected to the twin because
it has a stronger wireless signal or the twin
disrupts or disables the legitimate access point.
• Users are unaware that they connect to the evil
twin and the perpetrator monitors the traffic
looking for confidential information.
33
35. Trap door, or back door,
• is a set of computer instructions that allows a user
to bypass the system’s normal controls.
Programmers create trap doors so they can modify
programs during systems development and then
remove them before the system is put into
operation.
• packet sniffers-Programs that capture data from
information packets as they travel over the Internet
or company networks. Captured data is sifted to find
confidential or proprietary information.
35
37. 3.1. Ethics and society
• Computer ethics are the moral guidelines that
govern the use of computer information systems
• Areas include;
– Unauthorized use of computers and NWs
– SW theft (piracy)
– Information accuracy
– Intellectual property right
– Information privacy
– Virus ?? Is it ethical?
37
38. • Information accuracy: Do not assume that all
information on the web are accurate!
• Information Privacy : Refers to the right of
individuals/ companies to deny or restrict the
collection and use of information about them.
38
39. Cookies
It is a small text file that a web server stores on your
computer.
E-commerce and other web applications often rely
on cookies to identify and customize web pages.
(to personalize web sites)
To store passwords, so that they will not retype every
time
It typically contains data about you, such as user
name, view preferences etc
39
40. Privacy and Google services
• Why Google give me unlimited storage for life
and Apple charges for more than 5gb?
– Google doesn't give you anything for free. Nothing's
free. That's the general concept in life, but especially
with Google. If Google isn't charging you for a product
or service, it's because you're the product.
– The thing most people seem to completely gloss over
is that Google is not a “technology company” - they
are an advertising company.
https://www.quora.com/Why-can-Google-give-me-unlimited-storage-for-life-
and-Apple-charges-for-more-than-5gb
40
41. Spying (Spyware)
• Is a program placed on a computer without the
user’s knowledge that secretly collects information
about him/her.
• Can enter a computer as a virus or when a user
installs a new program
• Example:
– Keylogger software records computer activity, such as a
user’s keystrokes, e-mails sent and received, websites
visited, and chat session participation. Parents use the
software to monitor their children’s computer usage, and
businesses use it to monitor employee activity.
– Spyware: software that secretly monitors computer usage,
collects personal information about users, and sends it to
someone else, often without the computer user’s
permission.
41
43. Employee monitoring
• Involves the use of computers to observe, record,
and review an employee’s use of a computer,
including e-mail communications, web sites
visited, keyboard activity (to measure
productivity)
43
44. Content filtering
• Is the process of restricting access to certain
material on the web.
• Ban materials that violate some ethical
aspects/cultural aspects
44
ISP
45. RFID and Employee Id
– How would you feel if your organization/ University use
RFID tags embedded in student IDs to control building
access, manage computer access, or even automatically
track class attendance.
45
46. Asst….1
• As an IS expert in your firm, you have been asked to
help management decide whether to outsource
security or keep the security function within the
firm. Search the Web to find information to help
you decide whether to outsource security and to
locate security outsourcing services.
• Present a brief summary of the arguments for and
against outsourcing computer security for your
company.
• Select two firms that offer computer security
outsourcing services, and compare them and their
services.
• Prepare an electronic presentation for management
summarizing your findings.
46
47. • Your presentation should make the case on
whether or not your company should outsource
computer security. If you believe your company
should outsource, the presentation should
identify which security outsourcing service
should be selected and justify your selection.
47
48. Asst ….2
• Facebook makes its money through advertising. Facebook
represents a unique opportunity for advertisers to reach
highly targeted audiences based on their demographic
information, hobbies and personal preferences,
geographical regions, and other narrowly specified criteria
in a comfortable and engaging environment.
• Visit Facebook’s Web site and review the site’s privacy
policy. Then answer the following questions:
• To what user information does Facebook retain the rights?
• What is Facebook’s stance regarding information shared
via third-party applications developed for the Facebook
platform?
• Did you find the privacy policy to be clear and reasonable?
What would you change, if anything? 48
49. 1. Provide one example of how IT has created an ethical dilemma
that would not have existed before the advent IT
2. Find an example of a code of ethics or acceptable use policy
related to IT and highlight five points that you think are important.
3. Do some original research on the effort to combat patent trolls.
Write a two-page paper that discusses this legislation.
4. How are intellectual property protections different across the
world?
Pick two countries and do some original research, then compare
the patent and copyright protections offered in those countries to
those in Ethiopia. Write a two- to three-page paper describing the
differences.
49
50. 1.What privacy concerns could be raised by
collaborative technologies such as Waze?
2.Write an example of how Internet of Things
might provide a business with a competitive
advantage.
3.How do you think wearable technologies
could improve overall healthcare?
50
51. 4. Health concerns of computer use
• Computer addiction
• Back pain
• Eye strain
• etc
51