Chapter 6

Ethics
and
Computer
Security
 Objectives:

 Describe the major ethical issues related to

information technology.
 Define the term digital security risks and describe
the types of cybercriminals.
 Describe various types of Internet and network
attack and ways to safeguard against these attack.
 Discuss techniques to prevent unauthorized
computer and use.
 Identify safeguards against hardware theft,
vandalism, and failure
2
2
6.1 Ethical Issues
 As with any powerful technology, computers
can be used for both good and bad intentions.
 The standard that determine whether an
action is good or bad is known as ethics.
 Technology ethics are the moral guidelines
that govern the use of computers, mobile
devices, information system and related
technologies .

3
 A. Information Accuracy

 Information accuracy today is a

concern because many users access
information maintained by other
people or companies, such as on the
Internet.
 Do not assume that because the
information is on the Web that it is
correct.
 Some individuals and organizations
raise questions about the ethics of
using computers to alter graphical
output such as a retouched photo.
4
B. Intellectual Property Rights

 Intellectual property (IP) refers to unique and original

works such as ideas, inventions, art, writings, processes,
company and product names, and logos.
 Intellectual property rights are the rights to which
creators are entitled for their work.
 A copyright gives authors and artists exclusive rights to
duplicate, publish, and sell their materials.
 A common infringement of copyright is piracy, where
people illegally copy software, movies, and music.

5
C. Codes of Conduct

 A code of conduct is a written guideline that helps

determine whether a specification is ethical/unethical or
allowed/not allowed.
 An IT code of conduct focuses on acceptable use of
technology.
 Employers and schools often specify standards for the
ethical use of technology in an IT code of conduct and
then distribute these standards to employees and
students

6
7
D. Green Computing

 Green computing involves reducing the electricity

and environmental waste while using a computer,
mobile devices and related technologies.
 Personal computers, display devices, and printers
should comply with guidelines of the ENERGY STAR
program – to help reduce the amount of electricity
used by computers and related devices.
 Power usage effectiveness (PUE) is a ratio 
measures how much power enters the computer
facility, or data center, against the amount of power
required to run the computers.
8
9
6.2 Digital Security Risk

 A digital security risk is any event or action that could

cause a loss of or damage to computer or mobile device
hardware, software, data, information, or processing
capability.
 The more common digital security risks include Internet
and network attacks, unauthorized access and use,
hardware theft, software theft, information theft, and
system failure.

10
11
6.2 Digital Security Risk

 An intentional breach of computer security often

involves a deliberate act  is against the law.
 Any illegal act involving a computer or related devices
generally is referred to as computer crime.
 Cybercrime refers to online or Internet-based illegal
acts such as distributing malicious software or
committing identity theft.
 Perpetrators of cybercrime typically fall into one of
these basic categories: hacker, cracker, script kiddie,
unethical employee, cyberextortionist, and
cyberterrorist.
12
6.2 Digital Security Risk
• A hacker is a person who gain access to a computer system or
Hacke network illegally.
• Hacker may want to test if a computer system is indeed
r foolproof.
• To challenge the security of the system

• Someone who accesses computer or network illegally but has the

Cracke intent of destroying data, stealing information, or other malicious
action
r • Both hackers and crackers have advanced computer and network
skills

• Same intent as a cracker but does not have the technical skills and
Script knowledge
Kiddie • Often use prewritten hacking and cracking programs to break into
computers
13
6.2 Digital Security Risk
• Break into their employers’ computers for variety of
reasons
Unethical • Seek financial gains from selling confidential
employees information
• Disgruntled employees may want revenge

• Use e-mail as a vehicle for extortion

Cyber- • Send an organization a threatening e-mail indicating they will
extortionis expose confidential information, exploit security flaw, or
launch an attack to compromise organization’s network – if
t NOT PAID a sum of money

• Use Internet or network to destroy or damage computers for

Cyber- political reasons
terrorist • Might target the nation’s air traffic control system, electricity-
generating companies, or telecommunications infrastructure
14
6.3 Internet & Network Attacks

Malware (short for malicious software)

 Consists of programs that act without a user’s
knowledge and deliberately alter the operations of
computers and mobile devices.
 Common types of malware
 Virus
 Worm
 Trojan Horse
 RootKit
 Spyware
 Adware
15
16
Safeguards against Internet and Network
Attacks

 Methods that protect computers, mobile devices,

and networks from attacks include the following:
 Use antivirus software.
 Be suspicious of unsolicited email attachments.
 Scan removable media for malware before using it.
 Implement firewall solutions.
 Back up regularly.

17
Safeguards against Internet and
Network Attacks
 Antivirus software
 An antivirus software protects a computer against viruses
by identifying and removing any computer viruses found
in memory, on storage media, or on incoming files.

 Firewall
 A firewall is hardware and/or software that protects a
network’s resources from intrusion by users on another
network, such as the Internet.
 Organizations use firewalls to protect network resources
from outsiders and to restrict employees’ access to
sensitive data, such as payroll or personnel records.
18
6.4 Unauthorized Access & Use

 Unauthorized access is the use of a computer or

network without permission.
 Unauthorized use is the use of a computer or its data
for unapproved or possibly illegal activities.
 E.g. an employee using an organization’s computer to
send personal e-mail messages, perpetrator gaining
access to a bank computer and performing an
unauthorized transfer.

19
Safeguards against Unauthorized Access
and Use
Access Control
 An access control is a security measure that defines who
can access a computer, device, or network; when they can
access it; and what actions they can take while accessing
it.
Usernames, passwords, passphrase and PIN
 A username or user ID – unique combination of characters,
such as letters of the alphabet or numbers, that identifies
one specific user.
 A password is a private combination of characters
associated with the username that allows access to certain
computer resources.
20
Safeguards against Unauthorized
Access and Use
Usernames, passwords, passphrase and PIN
 Passphrase - A passphrase is a private combination of
words, often containing mixed capitalization and
punctuation, associated with a user name  allows access
to certain computer resources. It can be up to 100
characters in length.
 PIN (personal identification number) - sometimes called a
passcode, is a numeric password. Either assigned by a
company or selected by user.

21
Safeguards against Unauthorized
Access and Use
Possessed Objects
 Any item that you must possess, or carry with you, in order
to gain access to a computer or computer facility.
Examples of possessed objects are badges, cards, smart
cards, and keys.

Biometric Devices
 A biometric device authenticates a person’s identity by
translating a personal characteristic, such as a fingerprint,
into a digital code that is compared with a digital code
stored in a computer or mobile device verifying a physical
or behavioural characteristic. E.g. Fingerprint Reader, Face
recognition system, voice verification system and etc 22
 6.5 Software Theft
 Software theft occurs when someone steals software
media, intentionally erases programs, illegally registers
and/or activates a program, or illegally copies a program.
 Physically stealing software
▪ Physically stealing the media that contain the software or the
hardware that contains the media.
 Intentionally erasing software
▪ Dishonest programmers intentionally remove or disable the
programs they have written for the company after termination
 Illegally copying
▪ Software stolen from software manufacturers
▪ Software piracy is the unauthorized and illegal duplication of
copyrighted software
23
 Safeguards against Software Theft

 Keep original software

boxes and media in
secure location
 Escort terminated
employee off the
premise immediately
 Software manufacturers
issue users license
agreement – the right to
use the software

24
6.6 Information Theft

 Information theft occurs when someone steals

personal or confidential information.
 Both business and home users can fall victim to
information theft.
 E.g. an individual first gain unauthorized access to a
computer and then steal credit card numbers stored
in a firm’s accounting department

25
Safeguards against Information Theft

Encryption
 Is the process of converting data that is readable by
humans into encoded characters to prevent unauthorized
access
 To read the data, the recipient must decrypt or decode it
into readable form.

26
Safeguards against Information Theft

Digital signature
 is an encrypted code that a person, web site, or organization
attaches to an electronic message to verify the identity of
the message sender.
 It also can verify that the content of a message has not
changed.

Digital certificate
 Is a notice that guarantees a user or web site is legitimate.
 E-commerce applications commonly use digital certificates.

27
6.7 Hardware Theft and Vandalism,

 Hardware theft is the act of stealing computer

equipment.

 Hardware vandalism is the act of defacing or

destroying computer equipment.

28
Safeguards against Hardware Theft &
Vandalism
 Physical access controls
(e.g. locked doors, alarm)
 Physical security devices
(e.g. cables lock
equipment)
 Real time location
system (RTLS) – RFID
tags
 Password-protect
portable storage devices
29
Backing up – The ultimate safeguard

 To protect against data loss caused by

hardware/software or information theft, users should
back up computer and mobile device files regularly.
 A backup is a duplicate of a file, program, or media
that can be used if the original is lost, damaged, or
destroyed; and to back up a file means to make a copy
of it.
 In the case of system failure or the discovery of
corrupted files, you restore the files by copying the
backed up files to their original location on the
computer or mobile device.
30
The End.

31