Republic of the PhilippinesRepublic of the PhilippinesEULOGIO “AMANG” RODRIGUEZEULOGIO “AMANG” RODRIGUEZ

INSTITUTE OF SCIENCE AND TECHNOLOGYINSTITUTE OF SCIENCE AND TECHNOLOGYNagtahan, Sampaloc, ManilaNagtahan, Sampaloc, Manila

GRADUATE PROGRAMGRADUATE PROGRAMMASTER IN PUBLIC ADMINISTRATIONMASTER IN PUBLIC ADMINISTRATION

TOPIC: Security and Ethical ChallengesTOPIC: Security and Ethical Challenges

Management Information Management Information SystemsSystems

1Management Information Systems

Presented by:

LOUIE A. MEDINACELI

DR. LOURDES BANDOYProfessor

Sample 1:Digitally altered photosSample 1:Digitally altered photos

Sample 2:Digitally altered photosSample 2:Digitally altered photos

Sample 3:Digitally altered photosSample 3:Digitally altered photosThe New Version The Old Version

Sample 5:Digitally altered photosSample 5:Digitally altered photosOprah, one the most well known celebrities of our time has graced many magazine

covers. However in this TV Guide she is seen in a beautiful dress sitting on a pile of cash. You see it? The pile of cash is so fake right? You are right. See anything else? Take a look at the picture below. That’s not Oprah’s body. It’s Ann-Margaret.

Sample 1:Photoshop MistakesSample 1:Photoshop Mistakes

Missing leg. We love Veronica Kay, but the missing leg is not sexy.

Sample 2:Photoshop MistakesSample 2:Photoshop Mistakes

Where’s the belly button?

COMPUTER CRIMECOMPUTER CRIME

Cyber crime is becoming one of the Net’s growth businesses.  Today, criminals are doing everything from stealing intellectual property and committing fraud to unleashing viruses and committing acts of cyber terrorism.

HackingHackingHacking is the obsessive use of computers, or Hacking is the obsessive use of computers, or

the unauthorized access and use of the unauthorized access and use of networked computer systems. Hackers networked computer systems. Hackers usuallyusually

Steal or damage dataSteal or damage data Get unauthorized access to computer filesGet unauthorized access to computer files Monitor e-mails or web server accessMonitor e-mails or web server access May use remote services that allow one May use remote services that allow one

computer to execute programs on anothercomputer to execute programs on another Plant data that will cause system to Plant data that will cause system to

welcome intruderswelcome intrudersManagement Information Systems 9

Cyber TheftCyber Theft

Cyber theft involves theft of money by Cyber theft involves theft of money by unauthorized network entry and unauthorized network entry and fraudulent alteration of computer fraudulent alteration of computer databases.databases.

Management Information Systems 10

Unauthorized use at WorkUnauthorized use at Work

Unauthorized use of computer Unauthorized use of computer resources especially by employeesresources especially by employees

Playing video gamesPlaying video games Unauthorized use of internetUnauthorized use of internet Non-work related upload/downloadNon-work related upload/download Transmission of confidential dataTransmission of confidential data Moonlighting Moonlighting

Management Information Systems 11

Software PiracySoftware Piracy

Unauthorized copying of data is called Unauthorized copying of data is called software piracy or software theftsoftware piracy or software theft

Software is protected by copyright law Software is protected by copyright law and user license agreement that and user license agreement that allows only limited copies to be madeallows only limited copies to be made

Management Information Systems 12

Piracy of Intellectual PropertyPiracy of Intellectual Property

Materials other than software are also Materials other than software are also pirated by making multiple copiespirated by making multiple copies

Piracy of music, video, images, Piracy of music, video, images, articles, books etc.articles, books etc.

Dissemination of these material Dissemination of these material through internet websitesthrough internet websites

Management Information Systems 13

Computer security risksComputer security risks Virus-potentially damaging computer

programs that affects, or infects, a computer negatively by altering the way the computer works without the user’s knowledge or permission; may damage files, software including the operating system

Worms-a program that copies itself; could shut down the computer or network

Trojan horses-a program that hides within or looks like a legitimate program; does not replicate itself to other computers

Symptoms of Computer risksSymptoms of Computer risks

Screen displays unusual message or image

Music or unusual sound displays randomly Available memory is less than expected Existing programs and files disappear Files become corrupted Programs or files do not work properly Unknown programs or files mysteriously

appear System properties change

Symptoms of Computer risk(cont..)Symptoms of Computer risk(cont..)

Your computer functions slower than normal

Your computer responds slowly and freezes often

Your computer restarts itself often You see uncommon error messages,

distorted menus, and dialog boxes You notice applications on your computer

fail to work correctly You fail to print correctly

Safeguard from Computer risksSafeguard from Computer risks1. Never start a computer with a floppy disk in

drive A, unless it is an uninfected boot disk. Turn off message preview

2. Never open an e-mail attachment unless you are expecting it and it is from a trusted source. Turn off message preview

3. Set the macro security in programs so you can enable or disable macros. Only enable macros if the document is from a trusted source and you are expecting it.

4. Install an antivirus program on all of your computers. Obtain updates to the antivirus signature files on a regular basis.

Safeguard from Computer risksSafeguard from Computer risks5. Check all downloaded programs for viruses,

worms, or Trojan horses. These malicious-logic programs often placed in seemingly innocent programs, so they will affect a large number of users.

6. If the anti-virus program flags an e-mail attachment as infected, delete the attachment immediately.

7. Before using any removable storage devices, use the antivirus program to check for infection.

8. Create a recovery disk and write protect it.9. Install a personal firewall program

Unauthorized Access and UseUnauthorized Access and Use Unauthorized access- the use of a

computer or network without permission Cracker- someone who tries to access a

computer or network illegally Hacker- break into a computer by

connecting to it and then logging in as a legitimate user

Safeguard from unauthorized Safeguard from unauthorized accessaccess

1. Acceptable use policy (AUP)- outlines the activities for which the computer and network may and may not be used

2. Firewalls-deny network access to outsiders and restrict employees’ access to sensitive data like payroll or personnel records

3. Intrusion detection software-automatically analyzes all network traffic, assess system vulnerabilities, identifies any unauthorized access (intrusions) and notifies

Safeguard from unauthorized Safeguard from unauthorized access (continuation)access (continuation)

5. Access control-is a security measure that defines who can access a computer, when they can access it, and what actions they can take while accessing the computer

and audit trails- or log, that records in a file both successful and unsuccessful access attempts

a. User names-a unique combination of characters like letters of the alphabet, that identifies one specific user

b. and passwords-a private combination of characters associated with the user name that allows access to certain computer resources

c. Possessed objects-any items that you must carry to gain access to a computer or computer facility (badges, cards, smart cards, keys)

d. Biometric devices-grant access to programs using biometric identifies like finger prints, face recognition, voice recognition

e. Callback system-user connects to a computer only after the computer calls that user back at a previously established telephone number

FingerprintReader

Face Recognition System

Other ChallengesOther Challenges

Employment challenges because a lot of Employment challenges because a lot of tasks have been automatedtasks have been automated

Computer monitoring causes intrusion in Computer monitoring causes intrusion in personal space for workerspersonal space for workers

Challenges in working conditions are caused Challenges in working conditions are caused by tasks which are monotonous in nature. by tasks which are monotonous in nature. But it also automates most of the work and But it also automates most of the work and gives way to more challenging jobsgives way to more challenging jobs

Challenges to individuality as they eliminate Challenges to individuality as they eliminate the human relationships between peoplethe human relationships between people

Management Information Systems 23

BenefitsBenefits

Medical diagnosisMedical diagnosis Crime controlCrime control Environmental monitoringEnvironmental monitoring Urban planningUrban planning Computer based trainingComputer based training Distance learningDistance learning

Management Information Systems 24

Health Concerns of Computer Use

Hand Exercises to Reduce Tendonitis

Computer and Health RisksComputer and Health Risks

1. Repetitive strain injury (RSI)-a disorder of the muscles, nerves, tendons, ligaments and joints

2. Computer vision syndrome-sore, tired, burning, itching or dry eyes; blurred or double vision, etc.

3. Lower back pain, muscle fatigue and emotional fatigue

ErgonomicsErgonomics

applied science devoted to incorporating comfort, efficiency and safety into the design of items in the workplace

Computer addictionComputer addiction

when the computer consumes someone’s entire social life

EncryptionEncryption

The concept of private key and public The concept of private key and public key can be extended to authentication key can be extended to authentication protocols. There are three types of protocols. There are three types of authentication protocols followed by authentication protocols followed by organizations.organizations.

1.1. Password Authentication protocolPassword Authentication protocol

2.2. Challenge Handshake authentication Challenge Handshake authentication ProtocolProtocol

3.3. Extensible Authentication ProtocolExtensible Authentication ProtocolManagement Information Systems 33

FirewallFirewall

Firewalls are used to restrict access to Firewalls are used to restrict access to one network from another network. one network from another network. Different types of firewalls exist.Different types of firewalls exist.

1.1. Packet FilteringPacket Filtering

2.2. Stateful firewallsStateful firewalls

3.3. Proxy FirewallsProxy Firewalls

4.4. Kernel Proxy firewallsKernel Proxy firewalls

Management Information Systems 34

Ethical responsibility of business Ethical responsibility of business professionalsprofessionals

Business ethics are concerned withBusiness ethics are concerned with EquityEquity RightsRights HonestyHonesty Exercise of corporate powerExercise of corporate power

Management Information Systems 35

Theories of corporate social Theories of corporate social responsibilityresponsibility

The stockholders theory The stockholders theory holds that managers are holds that managers are agents of the stockholders and their only ethical agents of the stockholders and their only ethical responsibility is to increase the profits of the business responsibility is to increase the profits of the business without violating the law or engaging in fraudulent without violating the law or engaging in fraudulent activities.activities.

The social contract theory The social contract theory states that companies states that companies have ethical responsibilities to all members of society, have ethical responsibilities to all members of society, which allow corporations to exist based on a social which allow corporations to exist based on a social contractcontract

The stakeholders theory The stakeholders theory states that managers have states that managers have ethical responsibility to manage a firm for the benefit ethical responsibility to manage a firm for the benefit of all of its stakeholders i.e. stockholders, employees, of all of its stakeholders i.e. stockholders, employees, customers, suppliers and local community.customers, suppliers and local community.

Management Information Systems 36

Principles of technology ethicsPrinciples of technology ethics

Proportionality of benefits to riskProportionality of benefits to risk Informed consent to risksInformed consent to risks Justice in distribution of risk with Justice in distribution of risk with

benefits derived to each sub unitbenefits derived to each sub unit Minimized risk by the selected optionMinimized risk by the selected option

Management Information Systems 37

Ethical guidelineEthical guideline

Acting with integrityActing with integrity Increasing your professional Increasing your professional

competencecompetence Setting high standards of personal Setting high standards of personal

performanceperformance Accepting responsibility for your workAccepting responsibility for your work Advancing the health, privacy, and Advancing the health, privacy, and

general welfare of the publicgeneral welfare of the public

Management Information Systems 38

Mistakes are part of being human. Appreciate your mistakes for what they are; precious life lesson that can only be learned the hard way. Thank you