security, ethical and societal challenges of e-business based on james obriens mis managing...
TRANSCRIPT
Security, Ethical and Societal Challenges of E-
Business
Security, Ethical and Societal Challenges of E-
Business
Based on James O’Brien’s MIS Managing Information Technology in the
E-Business Enterprise 5th Edition 2002Prepared by M. Pineda for Competh 3rd Term SY 2003-2004
Aspects of Security, Ethical & Societal Dimensions of E-Business
Aspects of Security, Ethical & Societal Dimensions of E-Business
Employment Privacy
Health
IndividualityWorking Conditions
Crime
E-Business Security
Ethics & Society
Computer Crime, defined by the Assoc. of IT Professionals
(AITP)
Computer Crime, defined by the Assoc. of IT Professionals
(AITP) Unauthorized use, access, modification, and
destruction of hardware, software, data or network resources
Unauthorized release of information Unauthorized copying of software Denying an end-user access to his or her own
hardware, software, data or network resources Using or conspiring to use computer or network
resources to illegally obtain information or tangible property.
Hacking (illegal hackers, also called crackers)
Hacking (illegal hackers, also called crackers)
The obsessive use of computers Or the unauthorized access and use of
networked computer systems. Can monitor e-mail, web server access, or
file transfers to access to extract passwords or steal network files or to plant data that will cause a system to welcome intruders.
Hacking issueHacking issue
What to do with a hacker who commits only electronic breaking and entering, i.e. gets access to a computer system, reads some files, but neither steals nor damages anything.
Common Hacking TacticsCommon Hacking Tactics
Denial of service Scans Sniffer programs Spoofing Trojan Horse Back Doors Malicious Applets
War Dialing Logic Bombs Buffer Overflow Password Crackers Social Engineering Dumpster Diving
Cyber TheftCyber Theft
Computer crimes that involve the unauthorized network entry, fraudulent alteration of computer databases and the theft of money
Example:http://www.geocities.com/vienna/4345/vladimir.htm
Unauthorized Use at WorkUnauthorized Use at Work
Also called as Time & Resource Theft Unauthorized use of company-owned
computer networks by employees– private consulting, personal finances, playing video games, unauthorized use of the Internet on company networks,
Online activities specifically discouraged by corporate policies
Online activities specifically discouraged by corporate policies
Pornography Gambling Chat Shopping Sports Stock trading Job hunting
Source: Net managers Battle Online Trading Boom, Computerworld, July 5, 1999, p. 24. Copyright 1999 by Computerworld, Inc.
Software PiracySoftware Piracy Unauthorized copying of software is a major form of
software theft. Unauthorized copying is illegal because SOFTWARE is
intellectual property i.e. protected by copyright law and user licensing agreements.
Piracy of Intellectual PropertyPiracy of Intellectual Property
Other forms of copyrighted materials ---music, video, images, articles, books and other written works are especially vulnerable to copyright infringement.
Example: P2P networking technologies like Napster, Gnutella and Kazaa have made digital versions of copyrighted materials more vulnerable to unauthorized use.
Computer Viruses (or worms)Computer Viruses (or worms)
A program code that cannot work without being inserted into another program
Copy annoying or destructive routines into the networked computer systems of anyone who accesses computers infected with the virus or who uses copies of magnetic disks taken from infected computers.
I. DescriptionThe Melissa macro virus propagates in the form of an email message containing an infected Word document as an attachment. The transport message has most frequently been reported to contain the following Subject header
Subject: Important Message From <name> II. ImpactUsers who open an infected document in Word97 or Word2000 with macros enabled will infect the Normal.dot template causing any documents referencing this template to be infected with this macro virus. If the infected document is opened by another user, the document, including the macro virus, will propagate. Note that this could cause the user's document to be propagated instead of the original document, and thereby leak sensitive information. Indirectly, this virus could cause a denial of service on mail servers. Many large sites have reported performance problems with their mail servers as a result of the propagation of this virus.
III. SolutionsBlock messages with the signature of this virus at your mail transfer agents or other central point of control.
CIH/Chernobyl VirusThe CIH virus infects executable files and is spread by executing an infected file. Since many files are executed during normal use of a computer, the CIH virus can infect many files quickly. There are several variants of the CIH virus. Some activate every month on the 26th, while other variants activate just on April 26th or June 26th. Once the CIH virus activates, the virus attempts to erase the entire hard drive and to overwrite the system BIOS. Some machines may require a new BIOS chip to recover if overwritten by the CIH virus. CIH only affects Win95/98 machines. Description
The CIH virus infects executable files and is spread by executing an infected file. Since many files are executed during normal use of a computer, the CIH virus can infect many files quickly. There are several variants of the CIH virus. Some activate every month on the 26th, while other variants activate just on April 26th or June 26th. Once the CIH virus activates, the virus attempts to erase the entire hard drive and to overwrite the system BIOS. Some machines may require a new BIOS chip to recover if overwritten by the CIH virus. CIH only affects Win95/98 machines.
Privacy IssuesPrivacy Issues
Impt. Privacy IssuesImpt. Privacy Issues
Accessing individuals’ private e-mail conversations and computer records
Collecting and sharing information about individuals gained from their visits to Internet websites and newsgroups
Impt. Privacy IssuesImpt. Privacy Issues Always knowing where a person is, esp. as mobile and
paging services become more closely associated with people rather than places
Using computer info gained from many sources to market additional business services
Collecting telephone numbers, e-mail addresses, credit card numbers & other personal info to build individual customer profiles.
Other Issues: Computer Libel & Censorship
Other Issues: Computer Libel & Censorship
SpammingSpamming
The indiscriminate sending of unsolicited e-mail messages (spam) to many Internet users.
Also used to spread computer viruses.
FlamingFlaming Practice of sending
extremely critical, derogatory and often vulgar e-mail messages, or newsgroup postings to other users on the internet or online services.
Challenges in the Working ConditionsChallenges in the Working Conditions
Employment issue Computer monitoring Individuality of employees
/people Health issues Human factors engineering
Ethical ResponsibilitiesEthical Responsibilities
Digital artwork by
Kiran Budhrani
Ethical PhilosophiesEthical Philosophies
EGOISM. What is best for a given individual is right.
NATURAL LAW. Humans should promote their own health and life, propagate, pursue knowledge of the world and God, pursue close relationships with other people, and submit to legitimate authority.
Ethical PhilosophiesEthical Philosophies
UTILITARIANISM. Those actions are right that produce the greatest good for the greatest number of people.
RESPECT FOR PERSONS. People should be treated as an end and not as a means to an end; and actions are right if everyone adopts the moral rule presupposed by the action.
Western & Non-Western ValuesWestern & Non-Western ValuesNon-Western Western Common Values
Kyosei (Japanese): living & working together for the common good.
Dharma (Hindu): the fulfillment of inherited duty.
Satuthi (Buddhist): the importance of limited desires.
Zakat (Muslim): the duty to give alms to the Muslim poor.
Individual libertyEgalitarianismPolitical participationHuman rights
Respect for human dignityRespect for basic rightsGood citizenship
Business EthicsBusiness Ethics
The stockholder theory The social contract theory The stakeholder theory
Ethical GuidelinesEthical Guidelines
Be a responsible end user by Acting with integrity, Increasing your professional competence, Setting high standards of personal performance, Accepting responsibility for your work, and Advancing the health, privacy and general
welfare of the public.
FOLLOW THE CODE OF ETHICS!FOLLOW THE CODE OF ETHICS!
The Association of Information Technology Professionals Code of Ethics http://www.aitp.org/organization/about/ethics/ethics.jsp
Computing and Information Systems (Code of Ethics Online) http://www.iit.edu/departments/csep/PublicWWW/codes/computer.html
What does your conscience say?What does your conscience say?