Computer Ethics & Society

Chapter # 4
COMPUTER AND INTERNET
CRIME

E THICS IN INFORMATION TECHNOLOGY BY G EORGE W. R EYNOLDS

Overview

• The security of information technology used in

business is of utmost importance.
• Confidential business data and private customer and
employee information must be safeguarded, and
systems must be protected against malicious acts of
theft or disruption.
• Although the necessity of security is obvious, it must
often be balanced against other business needs and
issues.
Types of Exploits

• Virus is a piece of programming code, usually disguised as something

else, which causes a computer to behave in unexpected and usually
undesirable manner.

• Worm is a harmful program that resides in the active memory of

the computer and duplicates itself. Worms differ from viruses in
that they can propagate without human intervention.

• Trojan Horse is a program in which malicious code is hidden inside

a seemingly harmless program.

• Botnet is a large group of computers controlled from one or more

remote locations by hackers, without the knowledge or consent of
their owners. Botnets are frequently used to distribute spam and
malicious code.
Types of Exploits (Contd…..)

• Distributed Denial-of-Service (DDoS) Attacks is one in which a malicious

hacker takes over computers on the Internet and causes them to flood a
target site with demands for data and other small tasks.

• Rootkit is a set of programs that enables its user to gain administrator

level access to a computer without the end user’s consent or knowledge.

• Spam E-mail spam is the abuse of e-mail systems to send unsolicited e-

mail to large numbers of people. Most spam is a form of low-cost
commercial advertising.

• Phishing is the act of using e-mail fraudulently to try to get the recipient
to reveal personal data.

• Spear-phishing is a variation of phishing in which the phisher sends

fraudulent e-mails to a certain organization’s employees.
Types of Perpetrators
IMPLEMENTING TRUSTWORTHY COMPUTING
Contd……
Risk Assessment

• A risk assessment is the process of assessing

security-related risks to an organization’s
computers and networks from both internal
and external threats.
• The goal of risk assessment is to identify
which investments of time and resources will
best protect the organization from its most
likely and serious threats.
Risk Assessment Process
Establishing a Security Policy

• A security policy defines an organization’s security

requirements, as well as the controls and sanctions
needed to meet those requirements.
• A good security policy delineates responsibilities and the
behavior expected of members of the organization.
• A security policy out-lines what needs to be done but not
how to do it.
• The details of how to accomplish the goals of the policy
are provided in separate documents and procedure
guidelines.
Educating Employees, Contractors, and Part-Time Workers

Employees, contractors, and part-time workers must be

educated about the importance of security so that they will be
motivated to understand and follow the security policies.
For example, users must help protect an organization’s
information systems and data by doing the following:

• Guarding their passwords to protect against unauthorized

access to their accounts
• Prohibiting others from using their passwords
• Applying strict access controls (file and directory
permissions) to protect data from disclosure or destruction
• Reporting all unusual activity to the organization’s IT
security group
Prevention from threats

• Installing a Corporate Firewall

• Intrusion Prevention Systems

• Installing Antivirus Software on Personal Computers

• Implementing Safeguards against Attacks by Malicious

Insiders

• Conducting Periodic IT Security Audits

Detection

• Even when preventive measures are implemented, no organization

is completely secure from a determined attack.

• Thus, organizations should implement detection systems to catch

intruders in the act.

• Organizations often employ an intrusion detection system to

minimize the impact of intruders.

• An intrusion detection system is software and/or hardware that

monitors system and network resources and activities, and notifies
network security personnel when it identifies possible intrusions
from outside the organization or misuse from within the
organization.
 Computer Ethics & Society

Cont. Chapter # 4

Privacy

E THICS IN INFORMATION TECHNOLOGY BY G EORGE W. R EYNOLDS

Prepared by: Shahid Hussain

Introduction
• The use of information technology in business requires balancing the
needs of those who use the information that is collected against the rights
and desires of the people whose information is being used.
• On the one hand, information about people is gathered, stored, analyzed,
and reported because organizations can use it to make better decisions.
• Some of these decisions, including whether or not to hire a job candidate,
approve a loan, or offer a scholarship, can profoundly affect people’s lives.
• In addition, the global marketplace and intensified competition have
increased the importance of knowing consumers’ purchasing habits and
financial condition.
• Companies use this information to target marketing efforts to consumers
who are most likely to buy their products and services.
• Organizations also need basic information about customers to serve them
better. It is hard to imagine an organization having productive
relationships with its customers without having data about them.
• Thus, organizations want systems that collect and store key data from
every interaction they have with a customer.
Information Privacy

Information privacy is the combination of

• communications privacy (the ability to communicate with
others without those communications being monitored by
other persons or organizations) and

• data privacy (the ability to limit access to one’s personal data

by other individuals and organizations in order to exercise a
substantial degree of control over that data and its use).
Data & Information Privacy Guidelines
KEY PRIVACY ISSUES

1. Identity Theft
Identity theft occurs when someone steals key pieces of personal
information to impersonate a person. This information may include
such data as name, address, date of birth, Social Security number,
passport number, driver’s license number, and mother’s maiden name.

Four approaches are frequently used by identity thieves to capture the

personal data of their victims:

(1) Create a data breach to steal hundreds, thousands, or even millions

of personal records;
(2) Purchase personal data from criminals;
(3) Use phishing to entice users to willingly give up personal data; and
(4) Install spyware capable of capturing the keystrokes of victims.
Contd……

2. Consumer Profiling
• Companies openly collect personal information about Internet
users when they register at Web sites, complete surveys, fill
out forms, or enter contests online.
• Many companies also obtain information about Web surfers
through the use of cookies, text files that a Web site can
download to visitors’ hard drives so that it can identify visitors
on subsequent visits.
• Companies also use tracking software to allow their Web sites
to analyze browsing habits and deduce personal interests and
preferences.
Contd……

3. Treating Consumer Data Responsibly

• When dealing with consumer data, strong measures are required to
avoid customer relationship problems.
• The most widely accepted approach to treating consumer data
responsibly is for a company to adopt the Fair Information Practices
and the privacy guidelines.
• Under these guidelines, an organization collects only personal
information that is necessary to deliver its product or service.
• The company ensures that the information is carefully protected
and accessible only by those with a need to know, and that
consumers can review their own data and make corrections.
• The company informs customers if it intends to use customer
information for research or marketing, and it provides a means for
them to opt out.
Contd……

4. Workplace Monitoring
• Many organizations have developed a policy
on the use of IT in the workplace in order to
protect against employee abuses that reduce
worker productivity or expose the employer to
harassment lawsuits.
Contd……

5. Advanced Surveillance Technology

• A number of advances in information technology—such
as surveillance cameras, facial recognition software, and
satellite-based systems that can pinpoint a person’s
physical location—provide exciting new data-gathering
capabilities.
• However, these advances can also diminish individual
privacy and complicate the issue of how much
information should be captured about people’s private
lives.
• Camera Surveillance, Facial recognition systems and GPS
chips are some of the latest and advanced surveillance
technologies used in this respect.
Safeguarding your identity data