security & ethical challenges

Security and Ethical Security and Ethical ChallengesChallenges

Management Information Management Information SystemsSystems

1Management Information Systems

Reported by:

LOUIE A. MEDINACELIZEPPELIN B. MALPALAZUDIN T. MAZTURACLODUALDO G. MAGAAN, JR.

GILBERT S. DADOR, MBA Special Lecturer

Security challengesSecurity challengesComputer crimes that exist in the Computer crimes that exist in the

present society are:-present society are:- HackingHacking Cyber TheftCyber Theft Unauthorized use at workUnauthorized use at work Software PiracySoftware Piracy Piracy of intellectual propertyPiracy of intellectual property Computer viruses and wormsComputer viruses and worms

Management Information Systems 2

HackingHackingHacking is the obsessive use of computers, or Hacking is the obsessive use of computers, or

the unauthorized access and use of the unauthorized access and use of networked computer systems. Hackers networked computer systems. Hackers usuallyusually

Steal or damage dataSteal or damage data Get unauthorized access to computer filesGet unauthorized access to computer files Monitor e-mails or web server accessMonitor e-mails or web server access May use remote services that allow one May use remote services that allow one

computer to execute programs on anothercomputer to execute programs on another Plant data that will cause system to Plant data that will cause system to

welcome intruderswelcome intrudersManagement Information Systems 3

Cyber TheftCyber Theft

Cyber theft involves theft of money by Cyber theft involves theft of money by unauthorized network entry and unauthorized network entry and fraudulent alteration of computer fraudulent alteration of computer databases.databases.


Unauthorized use at WorkUnauthorized use at Work

Unauthorized use of computer Unauthorized use of computer resources especially by employeesresources especially by employees

Playing video gamesPlaying video games Unauthorized use of internetUnauthorized use of internet Non-work related upload/downloadNon-work related upload/download Transmission of confidential dataTransmission of confidential data Moonlighting Moonlighting


Software PiracySoftware Piracy

Unauthorized copying of data is called Unauthorized copying of data is called software piracy or software theftsoftware piracy or software theft

Software is protected by copyright law Software is protected by copyright law and user license agreement that and user license agreement that allows only limited copies to be madeallows only limited copies to be made


Piracy of Intellectual PropertyPiracy of Intellectual Property

Materials other than software are also Materials other than software are also pirated by making multiple copiespirated by making multiple copies

Piracy of music, video, images, Piracy of music, video, images, articles, books etc.articles, books etc.

Dissemination of these material Dissemination of these material through internet websitesthrough internet websites


Computer viruses and wormsComputer viruses and worms A virus is a program code that cannot work without A virus is a program code that cannot work without

being inserted into another programbeing inserted into another program A worm is a distinct program that can run unaidedA worm is a distinct program that can run unaided

These programs copy annoying or destructive routines These programs copy annoying or destructive routines into the networked computer systems of anyone into the networked computer systems of anyone who accesses computers affected with the virus or who accesses computers affected with the virus or who uses copies of magnetic disks taken from who uses copies of magnetic disks taken from infected computersinfected computers

They enter a computer through e-mail or file They enter a computer through e-mail or file attachments, or through illegal software. A virus attachments, or through illegal software. A virus usually copies itself into the OS, and then spreads to usually copies itself into the OS, and then spreads to main memory and thus hard disk and any inserted main memory and thus hard disk and any inserted external memory.external memory.


Privacy IssuesPrivacy Issues

Privacy on the internetPrivacy on the internet Computer MatchingComputer Matching Privacy LawsPrivacy Laws Computer libel and censorship Computer libel and censorship

(threats are spamming and flaming)(threats are spamming and flaming)


Other ChallengesOther Challenges

Employment challenges because a lot of Employment challenges because a lot of tasks have been automatedtasks have been automated

Computer monitoring causes intrusion in Computer monitoring causes intrusion in personal space for workerspersonal space for workers

Challenges in working conditions are caused Challenges in working conditions are caused by tasks which are monotonous in nature. by tasks which are monotonous in nature. But it also automates most of the work and But it also automates most of the work and gives way to more challenging jobsgives way to more challenging jobs

Challenges to individuality as they eliminate Challenges to individuality as they eliminate the human relationships between peoplethe human relationships between people


Health issuesHealth issues The use of IT in the workplace raises a variety

of health issues. Heavy use of computers is reportedly causing health problems such as:

· Job stress · Damaged arm and neck muscles · Eye strain · Radiation exposure · Death by computer-caused accidents


BenefitsBenefits

Medical diagnosisMedical diagnosis Crime controlCrime control Environmental monitoringEnvironmental monitoring Urban planningUrban planning Computer based trainingComputer based training Distance learningDistance learning


Ethical responsibility of business Ethical responsibility of business professionalsprofessionals

Business ethics are concerned withBusiness ethics are concerned with EquityEquity RightsRights HonestyHonesty Exercise of corporate powerExercise of corporate power


Categories of Ethical Business IssuesCategories of Ethical Business Issues


Theories of corporate social Theories of corporate social responsibilityresponsibility

The stockholders theory The stockholders theory holds that managers are holds that managers are agents of the stockholders and their only ethical agents of the stockholders and their only ethical responsibility is to increase the profits of the business responsibility is to increase the profits of the business without violating the law or engaging in fraudulent without violating the law or engaging in fraudulent activities.activities.

The social contract theory The social contract theory states that companies states that companies have ethical responsibilities to all members of society, have ethical responsibilities to all members of society, which allow corporations to exist based on a social which allow corporations to exist based on a social contractcontract

The stakeholders theory The stakeholders theory states that managers have states that managers have ethical responsibility to manage a firm for the benefit ethical responsibility to manage a firm for the benefit of all of its stakeholders i.e. stockholders, employees, of all of its stakeholders i.e. stockholders, employees, customers, suppliers and local community.customers, suppliers and local community.


Principles of technology ethicsPrinciples of technology ethics

Proportionality of benefits to riskProportionality of benefits to risk Informed consent to risksInformed consent to risks Justice in distribution of risk with Justice in distribution of risk with

benefits derived to each sub unitbenefits derived to each sub unit Minimized risk by the selected optionMinimized risk by the selected option


Ethical guidelineEthical guideline

Acting with integrityActing with integrity Increasing your professional Increasing your professional

competencecompetence Setting high standards of personal Setting high standards of personal

performanceperformance Accepting responsibility for your workAccepting responsibility for your work Advancing the health, privacy, and Advancing the health, privacy, and

general welfare of the publicgeneral welfare of the public


Security management of ITSecurity management of IT EncryptionEncryption FirewallsFirewalls Denial of service Denial of service

attacksattacks E-mail monitoringE-mail monitoring Virus defenseVirus defense

Security codesSecurity codes Backup filesBackup files Security monitorsSecurity monitors Biometric securityBiometric security Computer failure Computer failure

controlscontrols Fault tolerant Fault tolerant

systemssystems Disaster recoveryDisaster recovery System controls and System controls and

auditsauditsManagement Information Systems 18

EncryptionEncryption

The concept of private key and public The concept of private key and public key can be extended to authentication key can be extended to authentication protocols. There are three types of protocols. There are three types of authentication protocols followed by authentication protocols followed by organizations.organizations.

1.1. Password Authentication protocolPassword Authentication protocol

2.2. Challenge Handshake authentication Challenge Handshake authentication ProtocolProtocol

3.3. Extensible Authentication ProtocolExtensible Authentication ProtocolManagement Information Systems 19

FirewallFirewall

Firewalls are used to restrict access to Firewalls are used to restrict access to one network from another network. one network from another network. Different types of firewalls exist.Different types of firewalls exist.

1.1. Packet FilteringPacket Filtering

2.2. Stateful firewallsStateful firewalls

3.3. Proxy FirewallsProxy Firewalls

4.4. Kernel Proxy firewallsKernel Proxy firewalls


Denial of Service DefensesDenial of Service DefensesThe Internet is extremely vulnerable to The Internet is extremely vulnerable to variety of assaults by criminal hackers, variety of assaults by criminal hackers, especially especially denial of service (DOS)denial of service (DOS)attacks. Denial of service assaults via the attacks. Denial of service assaults via the Internet depend on three layers of Internet depend on three layers of networked computer systems, andnetworked computer systems, andthese are the basic steps e-business these are the basic steps e-business companies and other organizations can companies and other organizations can take to protect their websites formtake to protect their websites formdenial of service and other hacking denial of service and other hacking attacksattacks..


e-Mail Monitoringe-Mail MonitoringInternet and other online e-mail systems Internet and other online e-mail systems are one of the favorite avenues of attack are one of the favorite avenues of attack by hackers for spreading computer viruses by hackers for spreading computer viruses or breaking into networked computers. E-or breaking into networked computers. E-mail is also the battleground for attempts mail is also the battleground for attempts by companies to enforce policies against by companies to enforce policies against illegal, personal, or damaging messages by illegal, personal, or damaging messages by employees, and the demands of someemployees, and the demands of some

employees and others, who see such employees and others, who see such policies as violations of privacy rights.policies as violations of privacy rights.


Virus DefensesVirus DefensesMany companies are building defenses Many companies are building defenses against the spread of viruses by against the spread of viruses by centralizing the distribution and updating centralizing the distribution and updating of antivirus software, as a responsibility of antivirus software, as a responsibility of there IS departments. Other of there IS departments. Other companies are outsourcing the viruscompanies are outsourcing the virus

protection responsibility to their Internet protection responsibility to their Internet service providers or to service providers or to telecommunications or security telecommunications or security managementmanagement

companies.companies.Management Information Systems 23

Security CodesSecurity CodesTypically, a multilevel Typically, a multilevel password system password system is used for security management.is used for security management.First, an end user logs on to the First, an end user logs on to the computer system by entering his or her computer system by entering his or her unique identification code, or user ID.unique identification code, or user ID.

The end user is then asked to enter a The end user is then asked to enter a password in order to gain access into password in order to gain access into the system.the system.Next, to access an individual file, a Next, to access an individual file, a unique file name must be entered.unique file name must be entered.


Backup FilesBackup FilesBackup files, which are duplicate Backup files, which are duplicate files of data or programs, are files of data or programs, are another important security another important security measure.measure.· Files can be protected by file · Files can be protected by file retention measures that involve retention measures that involve storing copies of files from previous storing copies of files from previous periods.periods.· Several generations of files can be · Several generations of files can be kept for control purposes.kept for control purposes.


Security MonitorsSecurity MonitorsSystem System security monitors are programs that security monitors are programs that monitor the use of computer systems and networks monitor the use of computer systems and networks and protect themand protect them

from unauthorized use, fraud, and destruction.from unauthorized use, fraud, and destruction.Security monitor programs provide the security Security monitor programs provide the security measures needed to allow only authorized users to measures needed to allow only authorized users to access the networks.access the networks.Security monitors also control the use of the Security monitors also control the use of the hardware, software, and data resources of a hardware, software, and data resources of a

computer systemcomputer system..Security monitors can be used to monitor the use Security monitors can be used to monitor the use of computer networks and collect statistics on any of computer networks and collect statistics on any attempts at improper use.attempts at improper use.


Biometric SecurityBiometric SecurityThese are security measures provided by computer These are security measures provided by computer devices, which measure physical traits that make devices, which measure physical traits that make eacheach

individual unique. This includes:individual unique. This includes:Voice verificationVoice verificationFingerprintsFingerprintsHand geometryHand geometrySignature dynamicsSignature dynamicsKeystroke analysisKeystroke analysisRetina scanningRetina scanningFace recognitionFace recognitionGenetic pattern analysisGenetic pattern analysis


Computer Failure ControlsComputer Failure Controls Programs of preventative maintenance Programs of preventative maintenance

of hardware and management of of hardware and management of software updates are commonplacesoftware updates are commonplace

Using computers equipped with Using computers equipped with automatic and remote maintenance automatic and remote maintenance capabilitiescapabilities

Establishing standards for electrical Establishing standards for electrical supply, air conditioning, humidity supply, air conditioning, humidity control, and fire prevention standardscontrol, and fire prevention standards


Computer Failure ControlsComputer Failure Controls Arrange for a backup computer system Arrange for a backup computer system

capability with disaster recovery capability with disaster recovery organizations.organizations.

Scheduling and implementing major Scheduling and implementing major hardware or software changes to avoid hardware or software changes to avoid problems.problems.

Training and supervision of computer Training and supervision of computer operators.operators.

Using Using fault tolerant computer systems fault tolerant computer systems (fail-safe and fail-soft capabilities)(fail-safe and fail-soft capabilities)


Fault Tolerant SystemsFault Tolerant Systems


Disaster RecoveryDisaster RecoveryHurricanes, earthquakes, fires, floods, criminal and Hurricanes, earthquakes, fires, floods, criminal and terrorist acts, and human error can all severely terrorist acts, and human error can all severely damage an organization's computing resources, and damage an organization's computing resources, and thus the health of the organization itself. That is why thus the health of the organization itself. That is why it is important for organizations to develop disaster it is important for organizations to develop disaster recovery procedures and formalize them in a disaster recovery procedures and formalize them in a disaster recovery plan. It specifies which employees will recovery plan. It specifies which employees will participate in disaster recovery, and what their duties participate in disaster recovery, and what their duties will be; what hardware, software, and facilities will be will be; what hardware, software, and facilities will be used; and the priority of applications that will be used; and the priority of applications that will be processed. Arrangements with other companies for processed. Arrangements with other companies for use of alternative facilities as a disaster recovery site use of alternative facilities as a disaster recovery site and off site storage of an organization's databases and off site storage of an organization's databases are also part of an effective recovery effort.are also part of an effective recovery effort.


THANK YOU !!!

OPTICAL ILLUSION: if YOU LOOK at the PICTURE CAREFULLY, AFTER a FEW SECONDS, YOU CAN SEE the PHILIPPINES or the DIAMOND RING

security & ethical challenges

Education

networked computer systems

automated computer

software theft software

cyber theft unauthorized

unauthorized access

obsessive use of computers

heavy use of computers

computer files monitor