Week – 6: Ethics,

Privacy, and Information

Security
 Ethical Issues
• Ethics refers to the principles of right and wrong that
individuals use to make choices to guide their behaviors.
• A code of ethics is a collection of principles that are intended
to guide decision making by members of the organization.
• Fundamental tenets of ethics include responsibility,
accountability and liability.
• Responsibility means that you accept the consequences of your decisions and actions.
• Accountability means a determination of who is responsible for actions that were taken.
• Liability is a legal concept meaning that individuals have the right to recover the damages done to
them by other individuals, organizations or systems.
 IT related ethical issues
• Privacy issues involve collecting, sorting, disseminating
information about the individuals.
• Accuracy issues involve the authenticity, fidelity, and accuracy
of information that is collected and processed.
• Property issues involve the ownership and value of
information.
• Accessibility issues revolve around who should have access to
information and whether they should have to pay for this
access.
 Framework of ethical issues
• Privacy issues:
• What information about oneself should an individual be required to reveal to others?
• What kind of surveillance can an employer use on its employee?
• What types of personal information can people keep to themselves and not be forced to reveal to
others?
• What information about individuals should be kept in database, and how secure is the data stored
there?
 Framework of ethical issues
• Accuracy issue:
• Who is responsible for the authenticity, fidelity and accuracy of the information collected?
• How can we ensure that the information will be processed properly and presented accurately to
users?
• How can we ensure that errors in databases, data transmissions, and data processing are
accidental and not intentional?
• Who is to be held accountable for errors in information, and how should the injured parties be
compensated?
 Framework of ethical issues
• Property issues:
• Who owns the information?
• What are the just and fair prices for its exchange?
• How should one handle software privacy?
• Under what circumstances can one use proprietary database?
• Can corporate computers be used for private purposes?
• How should access to channels be allocated?
 Framework of ethical issues
• Accessibility issues:
• Who is allowed to access the information?
• How much should companies charge for permitting accessibility to information?
• How can accessibility to computers be provided for employees with disabilities?
• Who will be provided with equipment needed for accessing information?
• What information does a person or an organization have a right or a privilege to obtain, under
what conditions and with what safeguards?
 Privacy codes and policies
• Privacy policies or privacy codes are an organization’s guidelines
with respect to protecting the privacy of customers, clients, and
employees.
• The opt-out model of informed consent permits the company to
collect personal information until the customer specifically
requests that the data not be collected.
• Privacy advocates prefer the opt-in model of informed consent,
whereby a business is prohibited from collecting any personal
information unless the customer specifically authorizes it.
 Threats to Information System
• Today’s interconnected, interdependent, wirelessly
networked business environment
• Government legislation
• Smaller, faster, cheaper computers and storage devices
• Decreasing skills necessary to be a computer hacker
• International organized crime taking over cybercrime
• Downstream liability
• Increased employee use of unmanaged devices
• Lack of management support
 Threats to Information Systems
• Unintentional acts
• Natural disasters
• Technical failures
• Management failures
• Deliberate acts
 Unintentional acts
• Human errors
• It is comprised by the regular workers working at different levels of the organization.
• The higher the level of employee, the greater the threat the employee poses to information
security because higher-level employees typically have greater access to corporate data and enjoy
greater privileges on organizational information systems.
• Moreover employees in 2 areas of the firm poses highest threats – human resources and
information systems.
• Human resources employees generally have access to sensitive personal information about all
employees.
• Information System employees have access not only to sensitive information of organization,
but they often control the means to create, store, transmit and modify the data.
• Social engineering is an attack whereby the perpetrator uses
social skills to trick or manipulate a legitimate employee into
providing confidential company information such as
passwords.
• Reverse social engineering, is an attack wherein the
employees approach the attacker.
• Technical failures:
• It includes problems with hardware and software.
• The most common hardware problem is a crash of a hard disk drive.
• A notable hardware problem occurred when Intel released a Pentium chip with a defect that
caused the chip to perform some mathematical calculations incorrectly.
• Natural disasters:
• Natural disasters include floods, earthquakes, hurricanes, tornados, lightning, and in, some cases,
fires.
• In many cases, acts of Gods can cause catastrophic loss of systems and data.
• To avoid such loss, companies must engage in proper planning for backup and recovery of
information systems and data .
• Management failures
• It involves a lack of funding for information security efforts and a lack of information security
efforts and a lack of interest in those efforts.
• Such lack of leadership will cause the information security of the organization to suffer.
• Deliberate acts:
• Espionage or trespass
• Information extortion
• Sabotage or vandalism
• Theft of equipment or information
• Identity theft
• Comprises to intellectual property
• Software attacks
 Types of software attacks
• Virus – Segment of computer code that performs malicious
actions by attaching to another computer program.
• Worm – Segment of computer code that performs malicious
actions and will replicate, or spread, by itself (without
requiring another computer).
• Trojan Horse – Software programs that hide in other
computer programs and reveal their designed behavior only
when they are achieved.
 Types of Software Attacks
• Back door: Typically a password, known only to the attacker,
that allows him or her to access a computer system at will,
without having to got through any security procedures (also
called trap door).
• Logic bomb: Segment of a computer code that is embedded
with an organization's existing computer programs and is
designed to activate and perform a destructive action at a
certain time or date.
• Alien software – It is clandestine software that is installed on your
computer through duplicitous methods. It is not as malicious as
viruses, worms, or trojan horses, but it does use up the valuable
information and resources.
• Adware software is designed to help pop-up advertisements
appear on your screen.
• Spyware is software that collects personal information about
users without their consent.
• Cookies are small amount of information that web sites store on
your computer, temporarily or more or less permanently.
• Cyberterrorism and cyberwarfare attackers use a target’s
computer systems, particularly via the Internet, to cause
physical, real world harm or severe disruption, usually with a
political agenda.
 What are companies doing?
• Online commerce industry were not willing to install the
safeguards that would make it harder to complete the
transactions. E.g., measures for actions adapted is OTP in
every financial transactions.
• Companies are developing software and services that can
deliver early warnings of trouble on internet. Unlike
traditional antivirus software, which is reactive, early-warning
systems are proactive, scanning the web for new viruses and
alerting companies to the danger.
• The new systems are emerging in response to ever more
effective virus writers. As virus writers are becoming more
experts, the gap between the time when they learn of
vulnerabilities and they exploit them is closing quickly.
Hackers are now producing new virun worms in a matter of
hours.
 Communication controls
• It secures the movement of data across the networks.
• Anti-malware systems:
• Also known as anti virus software, are the software packages that attempt to identify and
eliminate viruses, worms, and other malicious software.
• Whitelisting and blacklisting:
• Whitelisting is a process in which a company identifies the software that it allows to run and does
not try to recognize malware.
• Blacklisting is a process in which certain types of software that are not allowed to run in company
environment.
• Firewall:
• A system that prevents a specific type of information from moving between untrusted networks,
such as internet and private network.
• Virtual Private Networking:
• It is a private network that uses a public network to connect users.
• As such, VPNs integrate the global connectivity of the internet with the security of a private
network and thereby extend the reach of the firm’s networks.
• They are labelled “Virtual” because the connections (among organizations, between remote sites
of an organization, or an organization and its off-site employees) are created when a transmission
needs to be made and terminated when the transmission has been sent.
• There are several advantages:
• First they allow remote users to access the company network.
• They allow flexibility, i.e., without being constrained by the need for dedicated connections,
mobile users can access the organization’s network properly configured remote devices.
• Organizations can impose security policies through VPNs.
Thank You