Republic of the Philippines

CAVITE STATE UNIVERSITY

Silang Campus
Biga I, Silang, Cavite
 046 513-5706  046 513-3965
✉ [email protected]

DEPARTMENT OF INFORMATION TECHNOLGY

DCIT 65 – Social and Professional Issues

Module 3 – Week 5
IT Security and Incidents

Overview

This module discusses what are the ethical issues regarding data and information system that
are vulnerable to be attack or hacked. Included here the discussion of security attacks and
crime that may happen to anyone.

Objectives

After working on this module, you will be able to:

 observe what key trade-offs and ethical issues associated with the safeguarding of data
and information systems;
 interpret the most common types of computer security attacks;
 identify what is computer forensic, and what role does it play in responding to a
computer incident.

IT Security Incidents

Almost as soon as computers began to be used commercially, people began to exploit them for
illicit purposes. As the use of computer has spread, so too has computer crime. Computers
linked to the internet and other telecommunications networks or online systems are especially
vulnerable because they offer a multitude of access points. As PCs and Internet access
proliferate and more people become familiar with them, the potential population of abusers also
grows.

DCIT 65 SOCIAL AND PROFESSIONAL ISSUES - BSCS/BSIT P. MAGNO -SECOND SEMESTER AY 2020-2021
Confidential business data and private customer and employee information must be
safeguarded, and systems must be protected against malicious acts of theft or disruption.
Although the necessity of security is obvious, it must often be balanced against other business
needs and issues. Business managers, IT professionals, and IT users all face several ethical
decisions regarding IT security.

Computer crime is a crime that is executed using computers or networks of computers. It is

done to damage people’s or organizations’ reputation. Some are the ways of computer crimes
pose threats are as follows:
 Threat to an individual
 Threat to an organization
 Threat to groups
 Threat to a nation

Top 10 most valuable information to criminals

Rank Valuable Information Percent
1 Customer information 17%
2 Financial information 12%
3 Strategic plans 12%
4 Board member information 11%
5 Customer password 11%
6 Research and development (R&D) information 9%
7 Mergers and acquisition (M & A) information 8%
8 Intellectual property 6%
9 Non-patented 5%
10 Supplier information 5%

Top 10 biggest cyber threats to organizations

Rank Cyber Threats Percent
1 Phishing 22%
2 Malware 20%
3 Cyberattacks (to disrupt) 13%
4 Cyberattacks (to steal money) 12%
5 Fraud 10%
6 Cyberattacks (to steal IP) 8%
7 Spam 6%
8 Internal attacks 5%
9 Natural disaster 2%
10 Espionage 2%

DCIT 65 SOCIAL AND PROFESSIONAL ISSUES - BSCS/BSIT P. MAGNO -SECOND SEMESTER AY 2020-2021
Why Computer Incidents are so Prevalent?

 Increasing Complexity Increases Vulnerability

The number of possible entry points to a network expands continually as more devices
are added, increasing the possibility of security breaches.
 Higher Computer User Expectations
Time means money. The earlier the active computer users can resolve a problem, the
more productive they can be. As a result, computer support desks are under extreme
pressure to counter very instantly to user’s questions.
 Technological Advancement Introduce New Risks
With expanded business needs, globalization, collaborative working, and
new technological breakthroughs today, information is being shared on networks with
millions of other computers.
 Increase Reliance on Commercial Software with Known Vulnerabilities
Many companies are increasingly relying on commercial software with known
vulnerabilities. Even when vulnerabilities are exposed, many corporate IT
organizations prefer to use already installed software “as is” rather than implement
security fixes that will either make the software harder to use or eliminate software
harder to use or eliminate “nice to have” features suggested by current users or potential
customers, which will help sell the software.
 Bringing your own device (BYOD) policy
Employees access company data by using their devices such as mobiles, tablets, and
personal laptops to have all-time availability and connection with the work, which
generates a security threat.
 Delay in software updates
Most organizations do not understand the upcoming risks and delay software updates
for multiple reasons such as time shortage, extra cost involved, or just negligence,
making the organization’s computer vulnerable to attack.

Types of Exploits

In computing, an exploit is an attack on an information system that takes advantage of a

particular system vulnerability due to poor system design or implementation.

DCIT 65 SOCIAL AND PROFESSIONAL ISSUES - BSCS/BSIT P. MAGNO -SECOND SEMESTER AY 2020-2021
 Type of Computer Attacks
1. Viruses: A virus is a piece of programming code, usually disguised as something
else, that causes a computer to behave unexpectedly and often undesirably.
2. Worms: A worm is a harmful program that resides in the active memory of the
computer and duplicates itself without human intervention.
3. Trojan Horses: A Trojan horse is a program in which malicious code is hidden
inside a seemingly harmless program.
4. Botnets: A botnet is a large group of computers controlled from one or more
remote locations by hackers, without the knowledge or consent of their owners.
5. Distributed Denial-of-Service (DDos) Attacks: ADDoS happens when a
malicious hacker takes over computers on the Internet and cause them to flood a
target site with demand for data and other small tasks.
6. Rootkits: A rootkit is a set of programs that enables its user to gain
administrator-level access to a computer without the end user’s consent or
knowledge.
7. Spam: E-mail spam is the abuse of e-mail systems to send unsolicited e-mail to
large numbers of people.
8. Phishing: Phishing is the act of using e-mail fraudulently to try to get the
recipient to reveal personal data.

Types of Perpetrators
A person who carries out a harmful, illegal, or immoral act, is called perpetrators.
1. Hackers: They test the limitations of information systems out of intellectual
curiosity to see whether they can gain access and how far they can go.
2. Crackers: They break into other people’s networks and systems to cause harm
such as defacing Web pages, crashing computers, spreading harmful programs
or hateful messages, and writing scripts and automated programs that let other
people do the same things.
3. Malicious Insiders: They are extremely difficult to detect or stop because they
are often authorized to access the very systems they abuse.
4. Industrial Spies: They use illegal means to obtain trade secrets from
competitors of their sponsor.

DCIT 65 SOCIAL AND PROFESSIONAL ISSUES - BSCS/BSIT P. MAGNO -SECOND SEMESTER AY 2020-2021
 5. Cybercriminals: They are engaged in all forms of computer fraud: stealing and
reselling credit card numbers, personal identities, and cellphone IDs.
6. Hacktivists and Cyberterrorists: Hacktivism is a combination of the words
“hacking” and “activism.” This is done to achieve political or social goal.

Implementing Trustworthy Computing

Trustworthy computing is a method of computing that delivers secure, private, and reliable
computing experiences based on sound business practices. The security of any system or
network is a combination of technology, policy, and people. It requires a wide range of activities
to be effective.

Risk Assessment

This is the process of assessing security-related risks to an organization’s computers

and networks from both internal and external threats. Its goal is to identify which
investments of time and resources will best protect the organization from its most likely
and serious threats.
Step 1. Identify the set of IT assets about which the organization is most
concerned.
Step 2. Identify the loss events or the risks/threats that could occur.
Step 3. Assess the frequency of events or the likelihood of each potential threat.
Step 4. Determine the impact of each threat occurring.
Step 5. Determine how each threat can be minimize so that it becomes much
less likely to occur.
Step 6. Assess the feasibility of implementing the mitigation options.
Step 7. Perform a cost-benefit analysis to ensure that one’s efforts will be cost-
effective.
Step 8. Decide whether or not to implement a particular counter-measure.

Establishing a Security Policy

A security policy expresses an organizations’ security requirements, such as the controls

and sanctions need to meet requirements.
The policies that organizations should have are the following:

DCIT 65 SOCIAL AND PROFESSIONAL ISSUES - BSCS/BSIT P. MAGNO -SECOND SEMESTER AY 2020-2021
  Use of automated system
 Use of e-mail attachments
 The use of wireless devices to access corporate e-mail, store confidential data,
and run critical applications.

Educating Employees, Contractors, and Part-Time Workers

They must be educated about the importance of security so that they will be motivated to
understand and follow the security policies. Users must understand that they are a key part of
the security system and that they have certain responsibilities like:
 Guarding their passwords to protect against unauthorized access to their accounts
 Prohibiting others from using their passwords
 Applying strict access controls (file and directory permissions) to protect data from
disclosure or destruction
 Reporting all unusual activity to the organization’s IT security group.

Prevention

Implementing layered-security solution will give difficulty to an attacker to break-in into a

computer until giving-up eventually.
These are the layers of protective measures:
 Installing a corporate firewall – A firewall stands as guard between an
organization’s internal network and the Internet. It also limits network access
based on the organization’s access policy.
 Intrusion prevention systems (IPSs) – These work to prevent an attack by
blocking viruses, malformed packets, and other threats from getting into
the protected network.
 Installing Antivirus Software on Personal Computers – Antivirus software scans
for a specific sequence of bytes, known as a virus signature, that indicates the
presence of specific viruses. If it finds a virus, the antivirus software informs
the user, and it may clean, delete, or quarantine any files, directories, or disks
affected by the malicious codes.
 Implementing safeguards againstattacks by malicious insiders –
Organizations need to define employee roles carefully and separate

DCIT 65 SOCIAL AND PROFESSIONAL ISSUES - BSCS/BSIT P. MAGNO -SECOND SEMESTER AY 2020-2021
 key responsibilities properly so that a single person is not responsible for
accomplishing a task that has high security.
 Addressing the most critical internet security threats – The actions required
to address these issues include installing a known patch to the software and
keeping applications and operating systems up to date. Those responsible for
computer security must make it a priority to prevent attacks using these
vulnerabilities.
 Conducting periodic IT security audits – Security audit is a prevention tool
that evaluates whether an organization has a well-considered security policy in
place and if it is being followed (e.g., password policy, system access, and level
of authority).

Detection

An intrusion detection system is a software and/or hardware that monitors system and
network resources and activities. It also notifies network security personnel when it
identifies possible intrusions from outside the organization or misuse from within the
organization.

Response

A response plan should be developed well in advance of any incident and be approved
by both the organization’s legal department and senior management.

Sample response plan:

 Incident notification – It defines who to notify and who not to notify

 Protection of evidence and activity logs – It documents all details of a security
incident as it works to resolve the incident
 Incident containment – It acts quickly to contain an attack and to keep a bad
situation from becoming even worse
 Eradication – Before the IT security begins the eradication effort, it must collect
and log all possible criminal evidence from the system. Then it must verify that all
necessary backups are current, complete, and free of any virus.
 Incident follow-up – An essential part of follow-up is to determine how the
organization’s security was compromised so that it does not happen again.

DCIT 65 SOCIAL AND PROFESSIONAL ISSUES - BSCS/BSIT P. MAGNO -SECOND SEMESTER AY 2020-2021
 Computer Forensics

Computer forensics is a branch of forensic science which deals with the application of
investigative analysis techniques on computers in order to retrieve and preserve
evidence in a way that is legally admissible. This means that a major aspect of the
science of computer forensics lies in the ability of the forensics expert to present findings
in a way that is acceptable and usable by a court of law.

Commercial organizations have used computer forensics to help with all kinds of cases,
including:

 Intellectual Property theft

 Employment disputes
 Invoice fraud, often enabled by phishing emails
 Forgeries
 Inappropriate email and internet use in the workplace
 Regulatory compliance

Activity 4
e-Journal 2 - Preventing Crimes in Internet

Use the following guide questions in writing your e-Journal.

1. In the table of valuable information attacked by criminals, why do you think is the customer
information has the highest percentage and ranks number 1?
2. You always use computer in almost every day how do you protect yourself from computer and
internet crimes?
3. Do you believe that there will be more crimes to come in the future? What will it be? Be
realistic with your answer.

References

Computer Forensics: A Beginner’s Guide. What is Computer Forensics?. Retrieved from

https://www.forensiccontrol.com/what-is-computer-forensics

Kessel, P. (2019). Is cybersecurity about more than protection? EY Global

Information Security Survey 2018-19. Retrieved from

DCIT 65 SOCIAL AND PROFESSIONAL ISSUES - BSCS/BSIT P. MAGNO -SECOND SEMESTER AY 2020-2021
 https://www.ey.com/Publication/vwLUAssets/ey-global-information-security-survey-2018-
19/$FILE/ey-global-information-security-survey-2018-19.pdf

George W. Reynolds. (2014). Ethics in Information Technology. 5th

Edition.

https://www.ey.com/Publication/vwLUAssets/ey-global-information-security-survey-2018-
19/$FILE/ey-global-information-security-survey-2018-19.pdf

https://www.ey.com/Publication/vwLUAssets/ey-global-information-security-survey-2018-
19/$FILE/ey-global-information-security-survey-2018-19.pdf

DCIT 65 SOCIAL AND PROFESSIONAL ISSUES - BSCS/BSIT P. MAGNO -SECOND SEMESTER AY 2020-2021