MANAGEMENT INFORMATION SYSTEM

Third Year Information Technology

Part 21 Security and Ethical Challenges

Tushar B Kute,Sandip Institute of Technology and Research Centre, Nashikhttp://www.tusharkute.com

SECURITY AND ETHICAL CHALLENGES

SecurityEthics andSociety

Employment Privacy

Health

Individuality

Crime

WorkingConditions

OBJECTIVE OF INFORMATION SECURITY Confidentiality Availability Integrity

COMPUTER CRIME

Hacking

UnauthorizedUse at work

CyberTheft

Piracy

ComputerViruses

ETHICS IN INFORMATION SOCIETY

Responsibility Accepting potential costs, duties and

obligations for your decisions. Accountability

Determining who should take responsibility for decisions and actions.

Liability Legally placing responsibility with a person

or group.

FAIR INFORMATION PRACTICES PRINCIPLES

There should be no personal record systems whose existence is secret.

Individuals have rights of access, inspection, review and amendment to systems that contain information about them.

There must be no use of personal information for purpose other than those for which it was gathered without prior consent.

FAIR INFORMATION PRACTICES PRINCIPLES

Managers of the system are responsible and can be held accountable and liable for the damage done by system for their reliability and security.

Government have right to intervene in the information relationship among private parties.

PROPERTY RIGHTS: INTELLECTUAL PROPERTY

It is result of someone’s effort to create a product of value based on their experience, knowledge and education. In short, intellectual property is brain power. E.g. Copyrights, patents and trade secrets.

Accountability, liability and control. Data quality and system errors.

QUALITY OF LIFE

Online technology lost the face-to-face contact.

On-line love affairs. Work from home, impact to the family

life.

COMPUTER CRIME

Any wrong doing involves computer and internet usage.

Often defies detection The amount stolen or diverted can be

substantial The crime is “clean” and nonviolent The number of IT-related security

incidents is increasing dramatically Computer crime is now global

MANAGEMENT ACTIONS: A CORPORATE CODE OF ETHICS

The information rights to privacy and freedom.

The property rights to individuals ideas and efforts.

The accountability, liability and control issues involved in technology.

The system quality requirements of businesses and individuals.

The quality of life impact of technology.

CYBER CRIME

Conventional crime or an offence is a legal wrong that can be followed by criminal proceedings which may result into punishment.

Cyber Crime may be said to be those species where computer is an object or subject of the conduct constitutional crime.

Unlawful act wherein the computer is either a tool or target or both.

REASONS FOR CYBER CRIME

Capacity to store data in comparatively small space.

Easy to access. Complex Negligence. Loss of evidence.

CYBER CRIMINALS

Children and adolescents between the age group of 6 – 18 years.

Organized hackers. Professional hackers/crackers. Discontinued employees.

MODE AND MANNER OF COMMITTING CRIME

Denial of Service

Scans

Sniffer Programs

Spoofing

Trojan Horse

Back Doors

Malicious Applets

War Dialing

Logic Bombs

Buffer Overflow

Password Crackers

Social Engineering

Dumpster Driving

CLASSIFICATION

Against individuals Against individual property Against organization Against society at large

AGAINST INDIVIDUALS

Harassment via emails. Cyber stalking Defamation Email spoofing Cheating and fraud

AGAINST INDIVIDUAL PROPERTY

Computer vandalism Transmitting viruses. Intellectual property crimes Internet time thefts

AGAINST ORGANIZATION

Unauthorized access / control. Possession of unauthorized information Distribution of pirated software Cyber terrorism

AGAINST SOCIETY AT LARGE

Trafficking Financial crimes Polluting youth through indecent

exposure Sale of illegal articles Online gambling

STATUTORY PROVISIONS

Information technology act 2000 forced on 17th May 2000. legalizing- Indian penal code 1860 The Indian evidence act 1872 The banker’s book evidence act 1891 The reserve bank of India act 1934.

The IT act deals with the various cyber crimes in chapters IX and XI. The important sections are 43, 65, 66, 67.

Section 43 deals particularly with unauthorized access, unauthorized downloading, virus attacks or any contaminant, causes damage, disruption, denial of access, interference with the service availed by a person.

IT ACT

Section 65- tampering with computer source documents. It provides imprisonment upto 3 years or fine.

Section 66- hacking the computer system It provides imprisonment upto 3 years or fine.

Section 67- publication of obscene material. It provides imprisonment upto 10 years and fine upto 2 lakhs.

PREVENTION OF CYBER CRIME

Precaution Prevention Protection Preservation Perseverance

PREVENTION OF CYBER CRIME

Avoid disclosing any information pertaining oneself.

Avoid sending any photographs online, particularly to strangers and chat with strangers.

Use latest and updated antivirus. Always keep backup volumes. Never send your credit card number to any

site. Always keep watch on the sites that children

are accessing. Use security programs for coockies.

PREVENTION OF CYBER CRIME

Website owners should watch traffic and check any irregularity on the site.

Use the firewalls.

HACKING

The process of achieving access to computer or computer network administrator. It is the most common activity amongst teenagers and young adults.

It is an offence if hackers steal private information of changes some financial data. All the types of unauthorized access can lead the hacker towards the prison for 20 years.

CYBER THEFT

It is the use of computers and communication systems to steal information in electronic format. E.g. bank money transfers.

Programs used- worm and trojan horses.

Reports- Microsoft platform strategy manager Matthew

Hardman said social networking sites like Facebook, are among the most commonly targeted because of their huge communities of user concluding by saying the malicious code may be hidden inside Facebook applications or links under the photographs.

SOLUTION OF CYBER THEFT

Antivirus Anti-spywares Firewalls Cryptography Cyber ethics Cyber laws

SOFTWARE PIRACY

It refers to the unauthorized duplication and use of computer software.

According to a survey done jointly by BSA and IDC the highest piracy rate comes from Armenia, with piracy rate of 93%. China and India are at No. 17 and No. 41 respectively, with 82% and 69% of recorded Software Piracy rates. The lowest piracy rate, according to survey, is observed in USA, at 20%. However, the statistics gave rise to a wide criticism citing lack of accuracy.

TERMS RELATED TO PIRACY

Cloning: Ideas can not be copy protected. Crack: modification of software in order to

remove encoded copy prevention. Cracker: Undertakes disabling the software

protection. Hack: Fix, or bug workaround. Hacker: One, who hacks. Hardware Locking: method of protecting

software from duplication by locking the license to specific piece of computer hardware.

TERMS RELATED TO PIRACY

KeyGen or Key Generator: a small program that will generate an unauthorized but working registration key or serial number for the piece of software.

Serials: This unique is used to unlock the version of the software.

Warez: Another term used for software crack.

SOFTWARE PIRACY

It is illegal to- Use a single licensed version on multiple

computer. Preloaded software on computers without

providing the appropriate licenses. Use a key generator to generate

registration key that turns an evaluation version to licensed version.

Use a stolen credit card to fraudulently purchase a software license.

Post licensed version of a software product on the Internet and make it available for downloading.

SOFTWARE PIRACY IN INDIA

The copyright of computer piracy is protected under the Indian copyright Act of 1957.

Copyright protection for software with an individual author lasts for the duration of the author’s life and continues 60 years after the author’s death.

According to nasscom, software piracy involves the use of reproduction or distribution without having received the expressed permission of the software author.

FORMS OF SOFTWARE PIRACY

End user piracy. Hard disk loading. Software counterfeiting. Internet piracy.

SOFTWARE COPYRIGHTS

Eligibility: The original software work does not have

to be published in order to receive copyright protection.

Punishment: Under the Indian copyright act, a software

pirate can be tried under both civil and criminal law. The minimum jail term for software copyright infringement is seven days, and maximum is three years. Fine from 50,000 to 2,00,000.

COPYRIGHT

It is set of exclusive rights granted by the law of jurisdiction to the author or creator of an original work, including right to copy, distribute and adapt to work.

It is applied for specific period of time, after which the work is said to enter in public domain.

Copyright infringement is the unauthorized or prohibited use of works under copyright, infringing the copyright owner’s exclusive rights, such as right to reproduce or perform the copyrighted work, or to make derivative work.

COPYRIGHT ACTS 1957

India has one of the modern copyright protection laws in the world.

"computer programme" means a set of instructions expressed in words, codes, schemes or in any other form, including a machine readable medium, capable of causing a computer to perform a particular task or achieve a particular result;

EXCLUSIVE RIGHTS GIVEN IN COPYRIGHT ACT

To reproduce the work in any material form including the storing of it in any medium by electronic means.

To issue copies of the work to the public not being copies already in the circulation.

To perform the work in the public or communicate it to the public.

To make any cinematographic film or sound recording in respect of work.

To make any translation of the work. To make any adaptation of the work. To sell or give on commercial rental or offer for sale

or for commercial rental any copy of the program.

BERNE CONVENTION

WIPO COPYRIGHT TREATY

The World Intellectual Property Organization Copyright Treaty, abbreviated as the WIPO Copyright Treaty, is an international treaty on copyright law adopted by the member states of the World Intellectual Property Organization (WIPO) in 1996.

It provides additional protections for copyright deemed necessary due to advances in information technology since the formation of previous copyright treaties before it.

UNIVERSAL COPYRIGHT PREVENTION

The UCC was developed by United Nations Educational, Scientific and Cultural Organization as an alternative to the Berne Convention for those states which disagreed with aspects of the Berne Convention, but still wished to participate in some form of multilateral copyright protection.

These states included developing countries and the Soviet Union, which thought that the strong copyright protections granted by the Berne Convention overly benefited Western developed copyright-exporting nations, and the United States and most of Latin America.

PATENT

A patent is a set of exclusive rights granted by a state (national government) to an inventor or their assignee for a limited period of time in exchange for a public disclosure of an invention.

Under the World Trade Organization's (WTO) Agreement on Trade-Related Aspects of Intellectual Property Rights, patents should be available in WTO member states for any inventions, in all fields of technology, and the term of protection available should be the minimum twenty years.

PATENTS

In many countries, certain subject areas such as business methods and mental acts are excluded from patents.

The exclusive rights granted to a patentee in most countries is the right to prevent others from making, using, selling or distributing the patented invention without permission.

PATENTS FORCED IN 2000

US Patent

HEALTH ISSUES

Eye disease Bad postures Hurting Hands Computer stress injuries

COMPUTER ERGONOMICS

REAL WORLD PICTURE

COMPUTER ERGONOMICS

COMPUTER ERGONOMICS

COMPUTER ERGONOMICS1. Use a good chair with a dynamic chair back and sit back.2. The eye-level should be the same as the level of the monitor.

You should be able to see the contents in the monitor without bending your neck.

3. No glare on screen, use an optical glass anti-glare filter where needed.

4. Sit at arms length from monitor as a good viewing distance.5. Feet on floor or stable footrest.6. Use a document holder, preferably in-line with the computer

screen.7. Wrists flat and straight in relation to forearms to use

keyboard/mouse/input device.8. Arms and elbows relaxed close to body.9. Top of monitor casing 2-3" (5-8 cm) above eye level.10. Use a negative tilt keyboard tray with an upper mouse

platform or downward tiltable platform adjacent to keyboard.11. Center monitor and keyboard in front of you.12. Use a stable work surface and stable (no bounce) keyboard

tray.

USE OF KEYBOARD

USE OF MOUSE

USE OF MOUSE

THE ACM CODE OF PROFESSIONAL CONDUCT

Strive to achieve the highest quality, effectiveness, and dignity in both the process and products of professional work

Acquire and maintain professional competence

Know and respect existing laws pertaining to professional work

Accept and provide appropriate professional review

Give comprehensive and thorough evaluations of computer systems and their impacts, including analysis of possible risks

THE ACM CODE OF PROFESSIONAL CONDUCT (CONTINUED)

Honor contracts, agreements, and assigned responsibilities

Improve public understanding of computing and its consequences

Access computing and communication resources only when authorized to do so

REFERENCES

http://en.wikipedia.org Arpita Gopal, Chandrani Singh, “e-World Emerging

Trends in Information Technology” , 1st Edition, Excel Books.

http://www.nasscom.in

Tushar B Kute,Sandip Institute of Technology and Research Centre, Nashikhttp://www.tusharkute.com