Computer Application in Management

STID1103

Chapter 11
Security and Ethics
Learning Objectives
After completing this chapter you will be able to:-

• Discuss the issues related to business/IT

security, ethics and society
• Discuss the issues related to ethical
responsibility of business professional and
ethical guidelines
• Explain about the computer crime
• Explain about the privacy issues
Introduction
• There is no question that the use of
information technology in businesses and
individuals present major security challenges,
poses serious ethical questions, and affects
society in significant ways.
• This chapter explores the threats to
businesses and individuals due to many types
of computer crime and unethical behavior.
• Lastly, this chapter examines a variety of
methods that businesses and individuals use
to manage the security and integrity of their
business systems.
 IT Security, Ethics and Society
• The use of IT in business has
had a major impact on society
and raises ethical issues in the
areas of :-
– Health
– Employment
– Privacy
– Crime
– Working conditions
– Individuality
• Ethics are principles that guide
your behavior towards people.
Business Ethics
• Business professionals have a responsibility to promote
ethical uses of IT in the workplace.
• Business ethics is concerned with the ethical questions
that managers confront as part of their daily business
decision making.
• Figure 11.1 outlines some of the basic categories of
ethical business issues include equity, rights, honesty,
and exercise of corporate power.
• IT has caused ethical controversy in the areas of
intellectual property rights, customer and employee
privacy, security of company information and workplace
safety.
Figure 11.1: Basic categories of
ethical business
Example: How can managers make
ethical decisions when confronted
with business issues
Several important alternatives based on theories of corporate
social responsibility can be used.
For example: -
– The stockholder theory – managers are agents of the
stockholders, and their only ethical responsibility is to increase the
profits of the business without violating the law or engaging in
fraudulent practices.
– The social contract theory - companies have ethical
responsibilities to all members of society, which allows corporations
to exist according to a social contract.
– The stakeholder theory – maintains that managers have an ethical
responsibility to manage a firm for the benefit of all its stakeholders
(all individuals and groups)
Technology Ethics
• Another important ethical dimension deals
specifically with the ethics of the use of any form of
technology is Technology Ethics.
• Four principles of technology ethics that can
serve as basic ethical requirements that companies
should meet to help evaluate the potential harms or
risks of the use of IT and IS in business are:
– Proportionality
– Informed Consent
– Justice
– Minimized Risk
Principles of Technology Ethics
• Proportionality
– The good achieved by the technology must outweigh the harm or risk.
– There must be no alternative that achieves the same or comparable
benefits with less harm or risk.
• Informed Consent
– Those affected by the technology should understand and accept the
risks.
• Justice
– The benefits and burdens of the technology should be distributed fairly.
– Those who benefit should bear their fair share of the risks, and those
who do not benefit should not suffer a significant increase in risk.
• Minimized Risk
– Even if judged acceptable by the other three guidelines, the technology
must be implemented so as to avoid all unnecessary risk.
Ethical Guidelines
• The four technology ethical principles (Proportionality,
Informed Consent, Justice and Minimized Risk) can
serve as the basis for ethical conduct by managers, end
users, and IS professionals.
• More specific guidelines include the details policies for
ethical computer and Internet usage by their employees.
• i.e. Most policies specify that company computers and
networks are company resources that must be used only
for work-related uses, whether using internal networks or
the Internet.
• Another example is the code of professional conduct of
the Association of IT Professionals (AITP) ~ an
organization of professionals in the computing field.
Figure 11.2: AITP Standards of
Professional Conduct
Responsible Professional Guidelines

• A responsible professional
– Acts with integrity
– Increases personal competence
– Sets high standards of personal performance
– Accepts responsibility for his/her work
– Advances the health, privacy, and general
welfare of the public
• Responsible professional should demonstrate
ethical conduct, avoid computer crime and
increase security of any information system
he/she develops.
Computer Crime/Cyber Crime
• Computer crime is the commission of illegal acts by using a
computer or against a computer system. Simply accessing a
computer system without authorization or with intent to do harm,
even by accident, is now a federal crime.
• Computer crime defined by Association of Information
Technology Professionals (AITP) includes
– The unauthorized use, access, modification, or destruction of
hardware, software, data, or network resources
– The unauthorized release of information.
– The unauthorized copying of software.
– Denying an end user access to his/her own hardware, software,
data, or network resources.
– Using or conspiring to use computer or network resources
illegally to obtain information or tangible property.
• The most frequent types of incidents comprise a greatest hits list of
cybercrime: Hacking, Cyber-Theft, Cyberterrorism, Unauthorized
Use at Work, Software Piracy, Theft of Intellectual Property,
Computer Viruses and Worms and Adware and Spyware.
Hacking
• Hacking is the obsessive use of computers or the
unauthorized access and use of networked computer
systems.
• Hacker is a person who hacks the computer system
• Hackers can hack into a computer system and reading
files, but neither stealing nor damaging anything or
monitor e-mail, access web server, transfer file or steal
network files, extract passwords, plant data that will
cause a system to welcome intruders.
• A cracker is a malicious or criminal hacker who
maintains knowledge of the vulnerabilities found and
exploit for private advantage, not revealing them to the
general public.
Cyber-Theft

• Many computer crimes involve the theft of money.

• The majority are “inside jobs” that involve unauthorized
network entry and alternation of computer databases to
cover the tracks of the employees involved.
• Many attacks occur through the Internet.
• Most companies don’t reveal that they have been targets
or victims of cybercrime because they fear scaring
customers and provoking complaints by shareholders.
Cyberterrorism

• Cyber-terrorism is the leveraging of an organization’s or

government’s computer and information via internet to
cause physical, real-world harm or severe disruption of
infrastructure.
• It is a form of hacking or information warfare.
Unauthorized Use at Work

• Unauthorized use of computer systems and

networks is time and resource theft
– Doing private consulting
– Doing personal finances
– Playing video games
– Unauthorized use of the Internet or company networks
• Sniffers
– Used to monitor network traffic or capacity
– Find evidence of improper use
– Sniffing exposes the security problem of an unsecured
physical connection to the network.
Software Piracy
• Software Piracy is unauthorized copying of computer
programs.
• Unauthorized copying is illegal because software is
protected by copyright law and user licensing
agreement.
• Purchasing software is really a payment for a license for
fair use by an individual end user.
• Site license legally allows a certain number of copies for
use by their employees at a particular location.
• Shareware is a software that allows to make copies of
software for others.
• Public domain software is a software that is not
copyrighted.
Theft of Intellectual Property
• Intellectual property refers to creations of the mind for which exclusive rights
are recognized.
• It protects the intangible creative work that is embodied in physical form
such as musical, literary, and artistic works; discoveries and inventions; and
words, phrases, symbols, and designs.
• Intellectual Property theft occurs in the form of infringements of copyrighted
material such as music, videos, images, articles, books, and other written
works.
– i.e. digitized version on the internet can easily be captured by computer
systems, shared on the internet or disseminated by email attachment.
– Peer-to-peer networking techniques have made it easy to trade pirated
intellectual property
– To reduce the theft of the intellectual property (i.e. Illegal downloading of
music and video) publishers has offered inexpensive online music.
• Whereas, plagiarism is the process or practice of using another
person's ideas or work and pretending that it is your own.
• Common types of intellectual property rights include copyright,
trademarks, and patents.
Types of Intellectual Property
• Copyright
– A form of protection granted for original works of authorship
fixed in a tangible medium of expression.
– It covers both published and unpublished works such as
books, computer software and music.
• Trademarks
– A recognizable sign, design or expression which
distinguishes products or services of a particular trader from
the similar products or services of other traders such as
industrial design.
• Patents
– The rights for inventor to exclude others from making, using,
selling, and importing an invention or implementation of an
idea for a limited period of time such as the new gadgets.
Computer Viruses and Worms
• A virus is a program code that cannot work without being
inserted into another program.
• A worm is a distinct program that can run unaided or a
virus that spreads itself, not just from file to file but from
computer to computer via Internet and online services
such as e-mail or file attachment.
• These programs copy annoying or destructive routines
into networked computer systems of anyone who
accesses infected computers.
• A computer virus or worm can spread destruction,
display humorous messages, or destroy the contents of
storage devices.
Adware and Spyware
• Adware (Advertising-supported Software) is a software that
automatically displays or downloads advertising material such as
banners or pop-ups when a user is online without the consent of the
computer user.
• Adware can also collect information about the users. This type of
adware is called spyware and is defined as any software that
employs users’ Internet connection without their knowledge.
– Spyware can collect almost any type of data, including personal
information like internet surfing habits, user logins, and bank or
credit account information.
– Spyware can also interfere with a user's control of a computer by
installing additional software or redirecting web browsers. Some
spyware can change computer settings, which can result in slow
Internet connection speeds, unauthorized changes in browser
settings, or changes to software settings.
• It is important to understand that not all adware programs are
spyware.
Figure 11.3: Protecting Yourself from
Computer Crime
Privacy Issues
• The power of information technology to store
and retrieve information can have a negative
effect on every individual’s right to privacy.
• Example
– Violation of Privacy
– Identity Theft
– Computer Monitoring/Stalking
– Fraud
– Computer Matching
– Unauthorized Access of Personal Files
Privacy Issues
• Violation of Privacy
– Accessing individuals’ private email conversations and
computer records
– Collecting and sharing information about individuals
gained from their visits to Internet websites
• Identity theft
– stealing someone's identity to gain access to resources
or obtain credit and other benefits in that person's name.
• Computer Monitoring/Stalking
– unwanted or obsessive attention by an individual or
group toward another person.
– Always knowing where a person is (twitter ,fb)
Privacy Issues
• Fraud
– intentional deception (trick) made for personal gain or
to damage another individual.
• Computer Matching
– Using customer information gained from many
sources to market additional business services
• Unauthorized Access of Personal Files
– Collecting telephone numbers, email addresses,
credit card numbers, and other information to build
customer profiles.
– Destruction of personal files
Protecting Your Privacy on the Internet

• There are multiple ways to protect your privacy

– Do not post personal information on the internet
• Don’t reveal personal data and interests on online service
and website user profiles
– Encrypt email.
– Send newsgroup postings through anonymous
emailers.
– Ask your ISP not to sell your name and information to
mailing list providers and other marketers.
– Maintain the current updates and patches for your OS.
– Install, use, and maintain current versions of firewalls
and antivirus soft wares.
– Conduct transactions only with reputable businesses.
Privacy Laws in Malaysia
The Personal Data Protection Act 2010 (‘PDPA’) is an Act
that regulates the processing of personal data in regards to
commercial transactions.
It was gazetted in June 2010. On November 15, 2013, the
Personal Data Protection Act 2010 (PDPA) came into force
in Malaysia with the objective of protecting the personal
data of individuals with respect to commercial transactions.
This Act applies to any person who collects and processes
personal data in regards to commercial transactions.