Computer Crime, Ethics and Security

For K. S. School of Business management Management Information System - Ms. Dhumsi

Computer crime

1)

2) 3) 4)

5)

Computer crime is defined by Association of Information Technology Professionals as including The unauthorised use, access, modification & destruction of hardware, software, data or network resources. The unauthorised release of information, The unauthorised copying of Software, Denying an end user access to his/her own hardware, software, data or network resources, and Using or planning to use computer or network resources to illegally obtain information or tangible property.

Computer crime is increasing by criminal or irresponsible actions of individuals who take advantage of weaknesses of computer, internet and other networks. It is a serious threat to the integrity, safety and survival of E-Business System. Computer crimes like: Stealing or compromising data Gaining unauthorized computer access Violating data belonging to banks stopping communications Threatening to damage computer systems Disseminating viruses

Challenges in Working Conditions

Employment Working conditions Business security, Ethics and Society Privacy Individuality

Health

Crime

Hacking

It is the obsessive use of computer or the unauthorized access and use of networked computer system. Illegal hackers are called as Crackers also, apart from getting unauthorized access they also steal or damage data and programs.

Hacking Tactics
1) 2)

3)

4)

5) 6)

7)

Password Tracker: software that cracks the password. Scans : take advantage of loop wholes in the computer system or software program. Dumpster diving: finding private info in garbage cans. Spoofing: stealing passwords through a false login page/email address. It redirect a web link to an address different from the intended one. Social engineering: tricking employees to gain access. Denial of service: by making too many requests for information, an attacker blocks, slow down or crash the system. Sniffer : a program secretly monitors information travelling on network. It helps identify potential network trouble spot and criminal activities on network.

Cyber theft

Many computer crimes involve theft of money. Get unauthorized network entry and does alteration in database, track records etc in the office. Companies cant reveal theft information as the customers will be scared and there will be complains from them. Eg. Theft from citi-bank account. Unauthorized use of computer system and networks is also called time and resources theft. Eg. Playing games, personal shopping, personal business on office computer.

Other Computer Crimes

Identity theft - a fraud obtains key aspects of your personal information to take advantage of your name and take credit or service. Eg. Credit card number, license number.

Phishing setting up fake websites or sending emails that looks like true website and asking personal information from you. It may instruct to update information, respond to email etc. Evil twins are wireless networks that pretends to offer good Wi-Fi.
Pharming redirects users to a bogus webpage, even when a person types correct webpage address.

Click fraud internet advertisement pay per click. Click on ad shows intension to know more about the ad or intension to purchase.

Cyber Defamation: Defamation takes place with the help of computers and/or the Internet e.g. someone published defamatory matter about someone on a websites or sends e-mail containing defamatory information about a person.

Computer virus

Its a fraud software program that attaches itself to other software programs or data files in order to be executed usually without user knowledge or permission. Worms independent computer programs that copy themselves from one computer to other over a network. It destroys data, disrupt it or halt the operations of computer networks. Trojan horse software program that appears good but does something other than expected. Its not a virus but it gives way to viruses to enter in the computer. Key loggers records every key stroke made on the computer to steal serial numbers of software, to gain access to email account etc.

Melissa it prompts Microsoft outlook to send infected document to the first 50 entries in the users address book. It caused damage of around 600 millions in U.S. Sobig.F it was a worm. It spreads via email attachments and sends massive amounts of mails with false sender information.

Internet abuses at workplace

General email abuse spam, spread virus/worms. Unauthorized usage and access - sharing of password and access into network without permission. Copyright infringement using illegally or pirated software. Transmission of confidential data using internet to display or transmit trade secrets. Non work related uploads/ downloads use programs that allows transmission of movies, music etc. Leisure use of internet doing shopping, personal emails, chatting , gambling online, gaming, social networking. Moonlighting using office resources for personal business.

Computer ethics

Continue..

Information accessibility Deals with what information a person has the right to obtain about others and how the information can be used. Eg. Finance dept has right to get info of marketing dept to know their exp and all. Privacy Protecting ones personal information. Information accuracy Deals with authentication and reliability of information. Information property Deals with who owns information about individuals and how information can be sold and exchanged. Eg. Info relating to finance will be owned by finance dept.

Computer ethics at work

Business ethics to protect intellectual property rights, to have privacy of customer and employee information, securing companys confidential information etc.

If business ethics are taken care off then no computer crimes in the office will take place as all information are secure and there will be strict control to access it. Businesses are working for the benefit of their stakeholder so if such issues are happening in the office then it will affect the business of the firm and cost a lot.
Eg. Customer data is getting leakage then competitors might take benefit of it and you will lose upon your business.

Continue..

Technological ethics if the co. is to much dependent on computers then schedules of workers should be prepared in such a way that do not lead to health issues. Benefits of the system should be more than the risk involved in it. Workers should be aware about the risk involved in using the technology. Benefits and burdens of the technology should be distributed fairly. All unnecessary risks should be avoided.

Security of System
A Corporate Firewall

They are like gatekeepers. The firewall is placed between the firms private network and the public Internet to protect against unauthorized traffic.

Security of system

Encryption : The process of transforming plain text or data into coded text that cannot be read by anyone other than the sender and the intended receiver

Encryption Decryption

Pair of public key and private key which is unique to each individual.

Security of system
Public Key Encryption

A public key encryption system can be viewed as a series of public and private keys that lock data when they are transmitted and unlock the data when they are received. The sender locates the recipients public key in a directory and uses it to encrypt a message. The message is sent in encrypted form over the Internet or a private network. When the encrypted message arrives, the recipient uses his or her private key to decrypt the data and read the message.

Security of system

Antivirus Software Continuous updation is the key! Securing Wireless Networks A central authentication, server authenticates each user on the network. WiFi + VPN Digital Signature Used to verify the origin and contents of the message. Helps to associate a message with a sender (similar to traditional signatures). Biometric security Voice verification, hand geometry, retina scanning, face recognition etc. Backup files Duplicate file of data or programs.

System Control and Audits

Information System Controls attempt to ensure accuracy, validity and correctness of information. It is designed to monitor and maintain quality and security of input, processing, output and storage activities of an IS. Here control software indentifies incorrect or improper inputs that enters in your system. Auditing with internal or external auditors. Try to evaluate whether adequate security measures and mgmt policies have developed and implemented or not. Check of audit trail a document that allows transaction to be traced through all stages of information processing.

Security measures in case of internet use

Use of anti-virus and firewall software. Dont allow anyone to store credit card information. Send credit card numbers through secure sites. Hard to guess password. Different password in different sites. Dont open email attachments unless the sender is unknown.

Thank You