Security and ethical challenges in mis
abir026
4,146 views
37 slides
Apr 03, 2014
Slide 1 of 37
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
About This Presentation
No description available for this slideshow.
Slide Content
Welcome to Our Presentation
Angry Birds
1
Angry Birds
1
2
IT Security, Ethics, and Society
Business Ethics
Categories of Ethical Business Issues
ComputerCrime
Hacking
Common Hacking Tactics
Cyber Theft
Unauthorized Use at Work
Internet Abuses in the Workplace
Software Piracy
Theft of Intellectual Property
Viruses and Worms
Top Five Virus Families of all Time
The Cost of Viruses, Trojans, Worms
Adware and Spyware
Spyware Problems
Privacy Issues
Opt-in Versus Opt-out
Protecting Your Privacy on the Internet
Health Issues
Security Management of IT
Security Management
Internetworked Security Defenses
Public/Private Key Encryption
Internetworked Security Defenses
Internet and Intranet Firewalls
Internetworked Security Defenses
Information System Controls 4
Business Ethics
Categories of Ethical Business Issues
ComputerCrime
Hacking
Common Hacking Tactics
Cyber Theft
Unauthorized Use at Work
Internet Abuses in the Workplace
Software Piracy
Theft of Intellectual Property
Viruses and Worms
Top Five Virus Families of all Time
The Cost of Viruses, Trojans, Worms
Adware and Spyware
Spyware Problems
Privacy Issues
Opt-in Versus Opt-out
Protecting Your Privacy on the Internet
Health Issues
Security Management of IT
Security Management
Internetworked Security Defenses
Public/Private Key Encryption
Internetworked Security Defenses
Internet and Intranet Firewalls
Internetworked Security Defenses
Information System Controls 4
IT has both beneficial
and detrimental effects
on society and people
Manage work
activities to minimize
the detrimental
effects of IT
Optimize the
beneficial effects
5
and detrimental effects
on society and people
Manage work
activities to minimize
the detrimental
effects of IT
Optimize the
beneficial effects
5
Ethics questions that managers confront as
part of their daily business decision making
include:
Equity
Rights
Honesty
Exercise of corporate power
6
part of their daily business decision making
include:
Equity
Rights
Honesty
Exercise of corporate power
6
7
Computer crime includes
Unauthorized use, access, modification, or
destruction of hardware, software, data, or network
resources
The unauthorized release of information
The unauthorized copying of software
Denying an end user access to his/her own
hardware, software, data, or network resources
Using or conspiring to use computer or network
resources illegally to obtain information or tangible
property
8
Unauthorized use, access, modification, or
destruction of hardware, software, data, or network
resources
The unauthorized release of information
The unauthorized copying of software
Denying an end user access to his/her own
hardware, software, data, or network resources
Using or conspiring to use computer or network
resources illegally to obtain information or tangible
property
8
Hacking is
The obsessive use of computers
The unauthorized access and use of networked
computer systems
Electronic Breaking and Entering
Hacking into a computer system and reading files, but
neither stealing nor damaging anything
Cracker
A malicious or criminal hacker who maintains
knowledge of the vulnerabilities found for
private advantage
9
The obsessive use of computers
The unauthorized access and use of networked
computer systems
Electronic Breaking and Entering
Hacking into a computer system and reading files, but
neither stealing nor damaging anything
Cracker
A malicious or criminal hacker who maintains
knowledge of the vulnerabilities found for
private advantage
9
Denial of Service
Hammering a website’s equipment with too many requests for
information
Clogging the system, slowing performance, or crashing the site
Scans
Widespread probes of the Internet to determine types of
computers, services, and connections
Looking for weaknesses
Sniffer
Programs that search individual packets of data as they pass through the
Internet
Capturing passwords or entire contents
Spoofing
Faking an e-mail address or Web page to trick users into passing along
critical information like passwords or credit card numbers
10
Hammering a website’s equipment with too many requests for
information
Clogging the system, slowing performance, or crashing the site
Scans
Widespread probes of the Internet to determine types of
computers, services, and connections
Looking for weaknesses
Sniffer
Programs that search individual packets of data as they pass through the
Internet
Capturing passwords or entire contents
Spoofing
Faking an e-mail address or Web page to trick users into passing along
critical information like passwords or credit card numbers
10
Trojan House
A program that, unknown to the user, contains instructions that exploit
a known vulnerability in some software
Back Doors
A hidden point of entry to be used in case the original entry point is
detected or blocked
Malicious Applets
Tiny Java programs that misuse your computer’s resources, modify
files on the hard disk, send fake email, or steal passwords
War Dialing
Programs that automatically dial thousands of telephone numbers in
search of a way in through a modem connection
Logic Bombs
An instruction in a computer program that triggers a malicious act
11
A program that, unknown to the user, contains instructions that exploit
a known vulnerability in some software
Back Doors
A hidden point of entry to be used in case the original entry point is
detected or blocked
Malicious Applets
Tiny Java programs that misuse your computer’s resources, modify
files on the hard disk, send fake email, or steal passwords
War Dialing
Programs that automatically dial thousands of telephone numbers in
search of a way in through a modem connection
Logic Bombs
An instruction in a computer program that triggers a malicious act
11
Buffer Overflow
Crashing or gaining control of a computer by sending too much data to
buffer memory
Password Crackers
Software that can guess passwords
Social Engineering
Gaining access to computer systems by talking unsuspecting company
employees out of valuable information, such as passwords
Dumpster Diving
Sifting through a company’s garbage to find information to help break
into their computers
12
Crashing or gaining control of a computer by sending too much data to
buffer memory
Password Crackers
Software that can guess passwords
Social Engineering
Gaining access to computer systems by talking unsuspecting company
employees out of valuable information, such as passwords
Dumpster Diving
Sifting through a company’s garbage to find information to help break
into their computers
12
Many computer crimes involve the theft of money
The majorityare “inside jobs” that involve
unauthorized network entry and alternation of
computer databases to cover the tracks of the
employees involved
Many attacks occur through the Internet
Most companies don’t reveal that they have been
targets or victims of cybercrime
13
The majorityare “inside jobs” that involve
unauthorized network entry and alternation of
computer databases to cover the tracks of the
employees involved
Many attacks occur through the Internet
Most companies don’t reveal that they have been
targets or victims of cybercrime
13
Unauthorized use of computer systems and
networks is time and resource theft
Doing private consulting
Doing personal finances
Playing video games
Unauthorized use of the Internet or company networks
Sniffers
Used to monitor network traffic or capacity
Find evidence of improper use
14
networks is time and resource theft
Doing private consulting
Doing personal finances
Playing video games
Unauthorized use of the Internet or company networks
Sniffers
Used to monitor network traffic or capacity
Find evidence of improper use
14
General email abuses
Unauthorized usage and access
Transmission of confidential data
Pornography
Hacking
Non-work-related download/upload
Leisure use of the Internet
Use of external ISPs
15
Unauthorized usage and access
Transmission of confidential data
Pornography
Hacking
Non-work-related download/upload
Leisure use of the Internet
Use of external ISPs
15
Software Piracy
Unauthorized copying of computer programs
Licensing
Purchasing software is really a payment
for a license for fair use
Site license allows a certain number of copies
16
A third of the software
industry’s revenues are lost to
piracy
Unauthorized copying of computer programs
Licensing
Purchasing software is really a payment
for a license for fair use
Site license allows a certain number of copies
16
A third of the software
industry’s revenues are lost to
piracy
Intellectual Property
Copyrighted material
Includes such things as
music, videos, images, articles, books, and software
Copyright Infringement is Illegal
Peer-to-peer networking techniques have made it easy to
trade pirated intellectual property
Publishers Offer Inexpensive Online Music
Illegal downloading of music and video is
down and continues to drop
17
Copyrighted material
Includes such things as
music, videos, images, articles, books, and software
Copyright Infringement is Illegal
Peer-to-peer networking techniques have made it easy to
trade pirated intellectual property
Publishers Offer Inexpensive Online Music
Illegal downloading of music and video is
down and continues to drop
17
A virus is a program that cannot work without being
inserted into another program
A worm can run unaided
These programs copy annoying or destructive routines
into networked computers
Copy routines spread the virus
Commonly transmitted through
The Internet and online services
Email and file attachments
Disks from contaminated computers
Shareware
18
inserted into another program
A worm can run unaided
These programs copy annoying or destructive routines
into networked computers
Copy routines spread the virus
Commonly transmitted through
The Internet and online services
Email and file attachments
Disks from contaminated computers
Shareware
18
My Doom, 2004
Spread via email and over Kazaafile-sharing network
Installs a back door on infected computers
Infected email poses as returned message or one that can’t be opened
correctly, urging recipient to click on attachment
Opens up TCP ports that stay open even after termination of the worm
Upon execution, a copy of Notepad is opened, filled with nonsense
characters
Netsky, 2004
Mass-mailing worm that spreads by emailing itself to all email
addresses found on infected computers
Tries to spread via peer-to-peer file sharing by copying itself into the
shared folder
It renames itself to pose as one of 26 other common files along the
way
19
Spread via email and over Kazaafile-sharing network
Installs a back door on infected computers
Infected email poses as returned message or one that can’t be opened
correctly, urging recipient to click on attachment
Opens up TCP ports that stay open even after termination of the worm
Upon execution, a copy of Notepad is opened, filled with nonsense
characters
Netsky, 2004
Mass-mailing worm that spreads by emailing itself to all email
addresses found on infected computers
Tries to spread via peer-to-peer file sharing by copying itself into the
shared folder
It renames itself to pose as one of 26 other common files along the
way
19
SoBig, 2004
Mass-mailing email worm that arrives as
an attachment
▪Examples: Movie_0074.mpg.pif, Document003.pif
Scans all .WAB, .WBX, .HTML, .EML, and .TXT files looking for
email addresses to which it can send itself
Also attempts to download updates for itself
Klez, 2002
A mass-mailing email worm that arrives with a randomly named
attachment
Exploits a known vulnerability in MS Outlook to auto-execute on
unpatchedclients
Tries to disable virus scanners and then copy itself to all local and
networked drives with a random file name
Deletes all files on the infected machine and any mapped network
drives on the 13th of all even-numbered months
20
Mass-mailing email worm that arrives as
an attachment
▪Examples: Movie_0074.mpg.pif, Document003.pif
Scans all .WAB, .WBX, .HTML, .EML, and .TXT files looking for
email addresses to which it can send itself
Also attempts to download updates for itself
Klez, 2002
A mass-mailing email worm that arrives with a randomly named
attachment
Exploits a known vulnerability in MS Outlook to auto-execute on
unpatchedclients
Tries to disable virus scanners and then copy itself to all local and
networked drives with a random file name
Deletes all files on the infected machine and any mapped network
drives on the 13th of all even-numbered months
20
Sasser, 2004
Exploits a Microsoft vulnerability to spread from
computer to computer with no user intervention
Spawns multiple threads that scan local subnets for
vulnerabilities
21
Exploits a Microsoft vulnerability to spread from
computer to computer with no user intervention
Spawns multiple threads that scan local subnets for
vulnerabilities
21
Cost of the top five virus families
Nearly 115 million computers in 200 countries
were infected in 2004
Up to 11 million computers are believed to
be permanently infected
In 2004, total economic damage from virus
proliferation was $166 to $202 billion
Average damage per computer is between
$277 and $366
22
Nearly 115 million computers in 200 countries
were infected in 2004
Up to 11 million computers are believed to
be permanently infected
In 2004, total economic damage from virus
proliferation was $166 to $202 billion
Average damage per computer is between
$277 and $366
22
Adware
Software that purports to serve a useful
purpose, and often does
Allows advertisers to display pop-up and banner
ads without the consent of the computer users
Spyware
Adware that uses an Internet connection in the
background, without the user’s permission
or knowledge
Captures information about the user and sends it
over the Internet
23
Software that purports to serve a useful
purpose, and often does
Allows advertisers to display pop-up and banner
ads without the consent of the computer users
Spyware
Adware that uses an Internet connection in the
background, without the user’s permission
or knowledge
Captures information about the user and sends it
over the Internet
23
Spyware can steal private information and also
Add advertising links to Web pages
Redirect affiliate payments
Change a users home page and search settings
Make a modem randomly call premium-rate phone
numbers
Leave security holes that let Trojans in
Degrade system performance
Removal programs are often not completely
successful in eliminating spyware
24
Add advertising links to Web pages
Redirect affiliate payments
Change a users home page and search settings
Make a modem randomly call premium-rate phone
numbers
Leave security holes that let Trojans in
Degrade system performance
Removal programs are often not completely
successful in eliminating spyware
24
The power of information technology to store
and retrieve information can have a negative
effect on every individual’s right to privacy
Personal information is collected with every
visit to a Web site
Confidential information stored by credit
bureaus, credit card companies, and the
government has been stolen or misused
25
and retrieve information can have a negative
effect on every individual’s right to privacy
Personal information is collected with every
visit to a Web site
Confidential information stored by credit
bureaus, credit card companies, and the
government has been stolen or misused
25
Opt-In
You explicitly consent to allow data to be compiled
about you
This is the default in Europe
Opt-Out
Data can be compiled about you unless you
specifically request it not be
This is the default in the U.S.
26
You explicitly consent to allow data to be compiled
about you
This is the default in Europe
Opt-Out
Data can be compiled about you unless you
specifically request it not be
This is the default in the U.S.
26
There are multiple ways to protect your privacy
Encrypt email
Send newsgroup postings through anonymous
remailers
Ask your ISP not to sell your name and information to
mailing list providers and
other marketers
Don’t reveal personal data and interests on
online service and website user profiles
27
Encrypt email
Send newsgroup postings through anonymous
remailers
Ask your ISP not to sell your name and information to
mailing list providers and
other marketers
Don’t reveal personal data and interests on
online service and website user profiles
27
Cumulative Trauma Disorders (CTDs)
Disorders suffered by people who sit at a
PC or terminal and do fast-paced repetitive
keystroke jobs
Carpal Tunnel Syndrome
Painful, crippling ailment of the hand
and wrist
Typically requires surgery to cure
28
Disorders suffered by people who sit at a
PC or terminal and do fast-paced repetitive
keystroke jobs
Carpal Tunnel Syndrome
Painful, crippling ailment of the hand
and wrist
Typically requires surgery to cure
28
The Internet was developed for inter-
operability, not impenetrability
Business managers and professionals alike
are responsible for the security, quality, and
performance of business information systems
Hardware, software, networks, and data
resources must be protected by a variety
of security measures
29
operability, not impenetrability
Business managers and professionals alike
are responsible for the security, quality, and
performance of business information systems
Hardware, software, networks, and data
resources must be protected by a variety
of security measures
29
The goal of security
management is the
accuracy, integrity,
and safety of all
information system
processes and
resources
30
management is the
accuracy, integrity,
and safety of all
information system
processes and
resources
30
Encryption
Data is transmitted in scrambled form
It is unscrambled by computer systems for
authorized users only
The most widely used method uses a pair of public
and private keys unique to each individual
31
Data is transmitted in scrambled form
It is unscrambled by computer systems for
authorized users only
The most widely used method uses a pair of public
and private keys unique to each individual
31
32
Firewalls
A gatekeeper system that protects a company’s
intranets and other computer networks from
intrusion
Provides a filter and safe transfer point for
access to/from the Internet and other networks
Important for individuals who connect to the
Internet with DSL or cable modems
Can deter hacking, but cannot prevent it
33
A gatekeeper system that protects a company’s
intranets and other computer networks from
intrusion
Provides a filter and safe transfer point for
access to/from the Internet and other networks
Important for individuals who connect to the
Internet with DSL or cable modems
Can deter hacking, but cannot prevent it
33
34
Email Monitoring
Use of content monitoring software that scans
for troublesome words that might compromise
corporate security
Virus Defenses
Centralize the updating and distribution of
antivirus software
Use a security suite that integrates virus protection
with firewalls, Web security,
and content blocking features
35
Use of content monitoring software that scans
for troublesome words that might compromise
corporate security
Virus Defenses
Centralize the updating and distribution of
antivirus software
Use a security suite that integrates virus protection
with firewalls, Web security,
and content blocking features
35
Methods and
devices that
attempt to
ensure the
accuracy, validit
y, and propriety
of information
system activities
36
devices that
attempt to
ensure the
accuracy, validit
y, and propriety
of information
system activities
36
37
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 4,146
- Slides 37
- Age 4270 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
37 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
40 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
36 views
14
Fertility awareness methods for women in the society
Isaiah47
33 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
32 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
34 views