1. SECURITY ANDSECURITY AND
ETHICAL CHALLENGESETHICAL CHALLENGES
OF INFORMATIONOF INFORMATION
TECHNOLOGYTECHNOLOGY

2. Presented by:-Presented by:-
Anjali sharmaAnjali sharma
Khushboo ghanshaniKhushboo ghanshani

3. IT SECURITY & ETHICS
The use of IT in business has had major
impacts on society & thus raises ethical
issues ion the area of crime , privacy,
individuality, employment, health & working
conditions.
Hence IT has both negative & positive
impacts.
So the responsibility of a business
professional is to manage the high quality
products & maintaining it.

4. EthicalEthical Responsibility
Security
Ethics and
Society
Employment Privacy
Health Crime
Working
Conditions
Individuality

5. Need for Security
1. Reduce the risk of systems and
organizations ceasing operations.
2. Maintaining information confidentiality.
3. Ensure the integrity and reliability of
data resources.
4. Ensure the uninterrupted availability of
data resources and online operations.
5. Ensure compliance with policies & laws
regarding security & privacy.

6. SecuritySecurity
ManagementManagement

7. Goal of SecurityGoal of Security
ManagementManagement
– Minimize errors, fraud, and losses in the
e-business systems that interconnect
businesses with their customers,
suppliers, and other stakeholders

8. Security Measures
Encryption
Denial of Service
Defenses
Fire Walls
Monitor
E-mail
Virus
Defenses

9. Security Measures (cont..)
Security
Codes
Security
Monitors
Backup
Files
Biometric
Security Controls

10. Encryption
– Passwords, messages, files, and other
data is transmitted in scrambled form
and unscrambled for authorized users
– Involves using special mathematical
algorithms to transform digital data in
scrambled code
– Most widely used method uses a pair of
public and private keys unique to each
individual

11. Types of Encryption
Secret Key Algorithm , (symmetric
encryption):
Symmetric or private key, encryption is
based on a secret key that is shared by
both communicating parties. The sending
party uses the secret key as part of the
mathematical operation to encipher plain
text to cipher text. The receiving party
uses the same secret key to decipher the
cipher text to plain text.

12. Types of encrption
(contd..)
Public Key Algorithm (Asymmetric
Encryption):
It uses two different keys for each user;
one is private key known only to this one
user, the other is corresponding public
key, which is accessible to anyone. The
private & public keys are mathematically
related by the encryption algorithm. One
key is used for encryption and the other
for decryption, depending on the nature of
the communication service.

13. Firewalls
Serves as a
“gatekeeper”
system that
protects a company’s
intranets and other
computer networks
from intrusion
 Provides a filter and
safe transfer point
 Screens all network
traffic for proper
passwords or other
security codes

14. Advantages of Firewalls
Provides security to both inbound &
outbound traffic.
Response time is very high in case of
high end firewalls.
Software firewalls are usually
cheaper and preferred for individual
computers where as hardware
firewalls are for organizations and
are costly.

15. Disadvantages of
Firewalls
• Firewalls cannot protect the system
from insider attacks.
• Installation & maintenance costs
often become an overhead.
• Users surfing capabilities are
reduced.
• If the firewall is configured with
stringent rules, it constantly annoys
user with False positives.

16. Denial of Service
Defenses
 These assaults depend on
three layers of networked
computer systems
 Victim’s website
 Victim’s ISP
 Sites of “zombie” or slave
computers
 Defensive measures and
security precautions must be
taken at all three levels

17. Security Measures (cont..)
• E-mail Monitoring
“Spot checks just aren’t good enough anymore.
The tide is turning toward systematic
monitoring of corporate e-mail traffic using
content-monitoring software that scans for
troublesome words that might compromise
corporate security.”
• Virus Defenses
Protection may accomplished through
Centralized distribution and updating of antivirus
software
Outsourcing the virus protection responsibility to
ISPs or to telecommunications or security
management companies

18. Security Measures (cont..)
Security codes
Multilevel password system:-
Log onto the computer system, Gain
access into the system, Access
individual files
Backup Files
Duplicate files of data or programs
File retention measures
Sometimes several generations of files
are kept for control purposes

19. CYBER TERRORISM
• Cyber terrorism is the
convergence of terrorism
and cyberspace. It is
generally understood to
mean unlawful attacks
and threats of attack
against computers,
networks, and the
information stored
therein when done to
intimidate or coerce a
government or its people
in furtherance of
political or social
objectives.

20. Cyber Terrorism

21. Basic facts about cyber
terrorism
• Cyber attacks immediately follow
physical attacks
• Cyber attacks are increasing in
volume, sophistication, and
coordination
• Cyber attackers are attracted to
high-value targets
• Many, if not most, targets would
probably be commercial computer and
communications systems

22. What can we do..???
Go on the defensive now
– Educate senior management on risks of cyber
warfare
– Make infosec a top priority
– Beef up your security technology
– Insist on flawless execution: compliance to
security standards in all areas
Work with other companies, government
agencies
– NIPC
– IT ISAC
– SAINT