SECURITY AND ETHICAL

CHALLENGES
 “Security” means the policies, procedures & technical
measures used to prevent

 unauthorized access,
 alteration,
 theft,
 physical damage to information systems.
 To maintain information confidentiality

 To ensure integrity and reliability of data resources

 To ensure uninterrupted availability of data resources

 To ensure compliance with policies and laws regarding

security & privacy.
i) Confidentiality

 This is the attribute of preventing disclosure of

information to unauthorized individuals and systems.

Eg: Personal details for availing loans.

ii) Integrity

 It means the data cannot be modified without

authorization.

 Integrity is claimed to violated in the following situations

i) When an employee with malicious intent deletes
important files

ii) When an employee modify his own salary in a payroll

database.

iii) When an unauthorized user vandalizes a website.

iii) Availability

 It means that the computing systems used to store and

process the information.

 Computing systems used to store and process the

information and security controls used to protect must be
functionally correct.
Risks/Threats to Information systems

 “Information security threat” is a person, organization,

mechanism, or event that has potential to inflict harm on
the firm’s information resources.

 Threats can be internal and external and accidental or

intentional.
1) Accidents and Malfunctions

Causes of Accidents:

1. Operator Error
2. Hardware Malfunctions
3. Software bugs
4. Data Errors
5. Accidental disclosure of Information
6. Natural calamities.
2. Threat of Computer Crime
 Theft
i) Theft of Software & Equipment

ii) Unauthorized use of access codes & Financial

passwords

iii) Theft by entering fraudulent transaction data

iv) Internet Hoaxes for illegal gain

v) Theft by modifying software

3.Sabotage and vandalism
 Trap door
- A trap door is a set of instructions that permits a user to
bypass computer system’s standard security measures.
 Trojan Horse
- A Trojan horse is a program that appears to be valid but
contains hidden instructions that cause damage
 Logic Bomb
- A type of Trojan horse whose destructive actions occur
when a particular condition occurs.
 Virus
- A special type of Trojan horse that replicate itself and
spread like biological virus.
What is Ethics?????

 Ethics is a study of the principles and practices, which

guides to decide whether the action taken is morally right
or wrong.

 Ethics is about values and human behavior.

 The values and human behavior is primarily regulated by

various legal provisions and can be enforced through
courts.
Rights of the Individuals

 Right to healthy life and work safety

 Right to privacy

 Right to private intellectual property(Information &

Knowledge)

 Right to fair treatment & no discrimination

Ethical theories

1) Maximize the overall Good

 People should choose to act in ways that maximize the

overall good of society.

2) Maximize personal Good

 People should make choices that maximize their own

personal outcomes.
3) Treat others well

 This theory resembles the rule of acting toward other as

you would have them act toward you.
Technology Ethics

 Ethics involved in development of New Technology

 Technological growth
Unethical use of Information Technology

 People use personal computers in professional

environment to download music and movies at no charge.

 Organizations contact millions of people worldwide

through unsolicited e-mail(spam) at extremely low cost.

 Hackers break into databases of financial institutions and

steal customer information.

 Websites plant spywares or cookies on visitor’s hard

drive.
Principles of Technology Ethics
 Proportionality
The good achieved by the technology must outweigh the
harm/risk.

 Informed Consent
Those affected by technology should understand & accept
risk

 Justice
The benefit & burden of technology should be distributed
freely.
INFORMATION SYSTEM
CONTROLS
 “Controls” are constraints or restrictions imposed on a
user or system against the risk or to reduce damage caused
to the system.

 “Information system controls” are methods & devices

that attempt to ensure the accuracy, validity, and propriety
of information system activities.

 IS Controls are designed to monitor & maintain the quality

and security of the input, processing, output and storage
activities.
Type of Controls

 General controls are the overall controls that establish a

framework, for controlling the design, security throughout
an organization.

 While application controls are controls that are unique to

each application.
1. Application Controls
i) Input controls
ii) Processing controls
iii) Output controls
iv) Storage controls
v) General controls
2. Facility Controls
i) N/w Security controls
ii) Physical protection controls
iii) Biometric controls
a) Photo of face
b) Finger prints
I. Input Controls

 Input controls are the procedures that check data for

accuracy & completeness when they enter system.

A) Edit Checks
These are programmed routines that can be performed
to edit input data for errors before they are processed.

B) Control Totals
These are established before hand for input and
processing transactions.
II Processing Controls
 These are the routines for establishing that data are
complete and accurate during updating.

A) Check Points
These minimize the effect of processing errors or
failures, since processing can be restarted from last
checkpoint.

B) Computer Matching
It matches input data with information held on master data.
III Output Controls
 These are the measures that ensure that the results of
computer processing are accurate, complete and properly
distributed.

A) Control Totals
Control totals on output are usually compared with
control totals generated during input & processing
stages.
B) Report Distribution Logs
Documentation specifying that authorized recipients
have received their reports and other documents.
IV Storage Controls
 These are measures taken to protect the stored data
resources.

A) Passwords
Databases and files are protected from unauthorized
access by security programs that require proper
identification before they can be used.

B) Backup Files
These are duplicate files of data or programs