4. IT Security, Ethics, and Society
Business Ethics
Categories of Ethical Business Issues
Computer Crime
Hacking
Common Hacking Tactics
Cyber Theft
Unauthorized Use at Work
Internet Abuses in the Workplace
Software Piracy
Theft of Intellectual Property
Viruses and Worms
Top Five Virus Families of all Time
The Cost of Viruses, Trojans, Worms
Adware and Spyware
Spyware Problems
Privacy Issues
Opt-in Versus Opt-out
Protecting Your Privacy on the Internet
Health Issues
Security Management of IT
Security Management
Internetworked Security Defenses
Public/Private Key Encryption
Internetworked Security Defenses
Internet and Intranet Firewalls
Internetworked Security Defenses
Information System Controls 4
5. IT has both beneficial
and detrimental effects
on society and people
Manage work
activities to minimize
the detrimental
effects of IT
Optimize the
beneficial effects
5
6. Ethics questions that managers confront as
part of their daily business decision making
include:
Equity
Rights
Honesty
Exercise of corporate power
6
8. Computer crime includes
Unauthorized use, access, modification, or
destruction of hardware, software, data, or network
resources
The unauthorized release of information
The unauthorized copying of software
Denying an end user access to his/her own
hardware, software, data, or network resources
Using or conspiring to use computer or network
resources illegally to obtain information or tangible
property
8
9. Hacking is
The obsessive use of computers
The unauthorized access and use of networked
computer systems
Electronic Breaking and Entering
Hacking into a computer system and reading files, but
neither stealing nor damaging anything
Cracker
A malicious or criminal hacker who maintains
knowledge of the vulnerabilities found for
private advantage
9
10. Denial of Service
Hammering a website’s equipment with too many requests for
information
Clogging the system, slowing performance, or crashing the site
Scans
Widespread probes of the Internet to determine types of
computers, services, and connections
Looking for weaknesses
Sniffer
Programs that search individual packets of data as they pass through the
Internet
Capturing passwords or entire contents
Spoofing
Faking an e-mail address or Web page to trick users into passing along
critical information like passwords or credit card numbers
10
11. Trojan House
A program that, unknown to the user, contains instructions that exploit
a known vulnerability in some software
Back Doors
A hidden point of entry to be used in case the original entry point is
detected or blocked
Malicious Applets
Tiny Java programs that misuse your computer’s resources, modify
files on the hard disk, send fake email, or steal passwords
War Dialing
Programs that automatically dial thousands of telephone numbers in
search of a way in through a modem connection
Logic Bombs
An instruction in a computer program that triggers a malicious act
11
12. Buffer Overflow
Crashing or gaining control of a computer by sending too much data to
buffer memory
Password Crackers
Software that can guess passwords
Social Engineering
Gaining access to computer systems by talking unsuspecting company
employees out of valuable information, such as passwords
Dumpster Diving
Sifting through a company’s garbage to find information to help break
into their computers
12
13. Many computer crimes involve the theft of money
The majority are “inside jobs” that involve
unauthorized network entry and alternation of
computer databases to cover the tracks of the
employees involved
Many attacks occur through the Internet
Most companies don’t reveal that they have been
targets or victims of cybercrime
13
14. Unauthorized use of computer systems and
networks is time and resource theft
Doing private consulting
Doing personal finances
Playing video games
Unauthorized use of the Internet or company networks
Sniffers
Used to monitor network traffic or capacity
Find evidence of improper use
14
15. General email abuses
Unauthorized usage and access
Transmission of confidential data
Pornography
Hacking
Non-work-related download/upload
Leisure use of the Internet
Use of external ISPs
15
16. Software Piracy
Unauthorized copying of computer programs
Licensing
Purchasing software is really a payment
for a license for fair use
Site license allows a certain number of copies
16
A third of the software
industry’s revenues are lost to
piracy
17. Intellectual Property
Copyrighted material
Includes such things as
music, videos, images, articles, books, and software
Copyright Infringement is Illegal
Peer-to-peer networking techniques have made it easy to
trade pirated intellectual property
Publishers Offer Inexpensive Online Music
Illegal downloading of music and video is
down and continues to drop
17
18. A virus is a program that cannot work without being
inserted into another program
A worm can run unaided
These programs copy annoying or destructive routines
into networked computers
Copy routines spread the virus
Commonly transmitted through
The Internet and online services
Email and file attachments
Disks from contaminated computers
Shareware
18
19. My Doom, 2004
Spread via email and over Kazaa file-sharing network
Installs a back door on infected computers
Infected email poses as returned message or one that can’t be opened
correctly, urging recipient to click on attachment
Opens up TCP ports that stay open even after termination of the worm
Upon execution, a copy of Notepad is opened, filled with nonsense
characters
Netsky, 2004
Mass-mailing worm that spreads by emailing itself to all email
addresses found on infected computers
Tries to spread via peer-to-peer file sharing by copying itself into the
shared folder
It renames itself to pose as one of 26 other common files along the
way
19
20. SoBig, 2004
Mass-mailing email worm that arrives as
an attachment
▪ Examples: Movie_0074.mpg.pif, Document003.pif
Scans all .WAB, .WBX, .HTML, .EML, and .TXT files looking for
email addresses to which it can send itself
Also attempts to download updates for itself
Klez, 2002
A mass-mailing email worm that arrives with a randomly named
attachment
Exploits a known vulnerability in MS Outlook to auto-execute on
unpatched clients
Tries to disable virus scanners and then copy itself to all local and
networked drives with a random file name
Deletes all files on the infected machine and any mapped network
drives on the 13th of all even-numbered months
20
21. Sasser, 2004
Exploits a Microsoft vulnerability to spread from
computer to computer with no user intervention
Spawns multiple threads that scan local subnets for
vulnerabilities
21
22. Cost of the top five virus families
Nearly 115 million computers in 200 countries
were infected in 2004
Up to 11 million computers are believed to
be permanently infected
In 2004, total economic damage from virus
proliferation was $166 to $202 billion
Average damage per computer is between
$277 and $366
22
23. Adware
Software that purports to serve a useful
purpose, and often does
Allows advertisers to display pop-up and banner
ads without the consent of the computer users
Spyware
Adware that uses an Internet connection in the
background, without the user’s permission
or knowledge
Captures information about the user and sends it
over the Internet
23
24. Spyware can steal private information and also
Add advertising links to Web pages
Redirect affiliate payments
Change a users home page and search settings
Make a modem randomly call premium-rate phone
numbers
Leave security holes that let Trojans in
Degrade system performance
Removal programs are often not completely
successful in eliminating spyware
24
25. The power of information technology to store
and retrieve information can have a negative
effect on every individual’s right to privacy
Personal information is collected with every
visit to a Web site
Confidential information stored by credit
bureaus, credit card companies, and the
government has been stolen or misused
25
26. Opt-In
You explicitly consent to allow data to be compiled
about you
This is the default in Europe
Opt-Out
Data can be compiled about you unless you
specifically request it not be
This is the default in the U.S.
26
27. There are multiple ways to protect your privacy
Encrypt email
Send newsgroup postings through anonymous
remailers
Ask your ISP not to sell your name and information to
mailing list providers and
other marketers
Don’t reveal personal data and interests on
online service and website user profiles
27
28. Cumulative Trauma Disorders (CTDs)
Disorders suffered by people who sit at a
PC or terminal and do fast-paced repetitive
keystroke jobs
Carpal Tunnel Syndrome
Painful, crippling ailment of the hand
and wrist
Typically requires surgery to cure
28
29. The Internet was developed for inter-
operability, not impenetrability
Business managers and professionals alike
are responsible for the security, quality, and
performance of business information systems
Hardware, software, networks, and data
resources must be protected by a variety
of security measures
29
30. The goal of security
management is the
accuracy, integrity,
and safety of all
information system
processes and
resources
30
31. Encryption
Data is transmitted in scrambled form
It is unscrambled by computer systems for
authorized users only
The most widely used method uses a pair of public
and private keys unique to each individual
31
33. Firewalls
A gatekeeper system that protects a company’s
intranets and other computer networks from
intrusion
Provides a filter and safe transfer point for
access to/from the Internet and other networks
Important for individuals who connect to the
Internet with DSL or cable modems
Can deter hacking, but cannot prevent it
33
35. Email Monitoring
Use of content monitoring software that scans
for troublesome words that might compromise
corporate security
Virus Defenses
Centralize the updating and distribution of
antivirus software
Use a security suite that integrates virus protection
with firewalls, Web security,
and content blocking features
35
36. Methods and
devices that
attempt to
ensure the
accuracy, validit
y, and propriety
of information
system activities
36