Computer Literacy

Security issues and Ethics

in computer systems
Lecture Objectives
1. Discuss computer security issues-threats, risks and
attacks and how they can be avoided.

2. Describe the types of computer security risks

3. Discuss ethical issues concerning computer systems
4. Discuss issues surrounding information privacy
5. Discuss ways to prevent health-related disorders and
injuries due to computer use
Introduction
 Computer systems are vulnerable to many threats that can inflict
various types of damage resulting in significant losses of data
and/or the hardware and software components of a system.

 This damage can range from errors harming database integrity to

fires destroying entire computer centers.

 Losses can stem, for example, from the actions of supposedly

trusted employees defrauding a system, from outside hackers, or
from careless data entry clerks.

 The effects of various threats varies considerably some affect the

confidentiality or integrity of data while others affect the
availability of a system.
 Definition of key terms
 Security - Protection of information and property from theft,
corruption, or natural disaster, while allowing the information and
property to remain accessible and productive to its intended
users.

 Security also refers to safeguarding and protecting an organizations'

information technology assets.
Is my computer safe?
I’m concerned about it.
What do I need to do to use
it safely for work, home,
and school?
 Definition of key terms
 Information security: Is the process by which an organization
protects and secures its systems, media, and facilities that process
and maintain information vital to its operations.

 Computer security: This is the process that involves security of

computer system assets from damages. E.g. physical damage,
electric shock etc. allowing the information and property to
remain accessible and productive to its intended users.

 Threat: A threat is a potential violation of security.

 It is a person, a mechanism or an event that can potentially inflict
harm on the firm's information resources.
Definition of key terms
 Attacks - A vulnerability that has been compromised and
exploited to cause harm to a computer system

 Risk - Event or action that causes loss of or damage to a computer

system
 Examples include:
 System failure,
 Information theft,
 Computer viruses, worms and Trojan horses,
 Unauthorized access and use
 Hardware or Software theft
 Unauthorized alteration
 Ethics - Moral principles concerning computer use
 Objectives of Information security..
 Securing information is equivalent to ensuring that computers
keep your secrets, hold valid information, are ready to work when
you are, and keep records of your transactions.

 There are four objectives of information security:

1. Confidentiality
2. Integrity,
3. Availability
4. Non Repudiation
Objectives of Information security.
 The three objectives of confidentiality, integrity, and
availability can never be completely separated.

 Their definitions and solutions overlap among the three.

However, that is not a problem.

 We just need to keep the end goal in mind: that computers do

what we want, when we want because we are the business
owners of those computers.

 But they must do nothing for anyone else e.g. un authorized

user!
Objectives of Information security..
 Confidentiality: Involves keeping information away from
people who should not have it.

 Accomplishing this objective requires that we know what data

we are protecting and who should have access to it.

 It requires that we provide protection mechanisms for the data

while it is stored in the computer and while it is being
transferred over networks between computers.

 Key Point: Confidentiality mechanisms (like data encryption)

keep information from being read by unauthorized people.
 Objectives of Information security..
 Integrity: It ensures that the information stored in the computer
is never contaminated or changed in a way that is not
appropriate.

 Both confidentiality and availability contribute to integrity.

 Keeping data away from those who should not have it and
making sure that those who should have it can get it are fairly
basic ways to maintain the integrity of the data.

 Key Point: Integrity mechanisms ensure that information stored in

the computer is never contaminated or changed in a way that is not
appropriate.
 Objectives of Information security..
 Availability: Ensures that data stored in the computer can be
accessed by the people who should access it.

 Availability is a broad subject addressing things such as denial of

service and access control to ensure that data is available to those
authorized to access it.

 Key Point: Availability means ensuring that the data can be

accessed by all authorized people.
Objectives of Information security..
 Non repudiation: This involves ensuring that messages came
from the person whom the message claims sent it and that the
message has not been altered in transit.

 One of the beneficial side effects to these mechanisms is the

ability to prevent users who send messages from denying that
they were sent. This has significant value in many business
situations.

 For example, in a business-to-consumer (B to C) transaction,

consumers place orders. Sometimes, they change their minds and
decide they don't want what they ordered and will claim that they never
ordered merchandise or that the order was not what they requested. NR
mechanisms keep consumers honest and protect businesses in these
situations.
Principle areas of security
• Site Security; computer centers and rooms where IT processing
activities occur or where I.T resources are housed and stored.

• Resource Security; equipments and facilities, software and

systems, and databases of the enterprise

• Network Security; communication networks, including LANS,

WANS, Intranets, extranets etc

• Service Security; assurance that the I.T services of an enterprise

will always be available and accessible by authorized users.
Security Program
• The policies and protective measures that will be used, the
responsibilities of individuals involved in maintaining security,
as well as the responsibilities of those who abide by established
security policies.

• There is no such thing as a fully secure I.T facility. It should always be

assumed that if individuals are fully determined to maintain security at
any cost, they can probably find a way to break through an enterprise
I.T security protection [Senn, 2004 pg 577]

• Hence, security programs are designed to harden a potential I.T

target, making the level of effort greater than the value of breaking
into a system, network or facility
 Types of security breaches..
• Security programs seek to protect an enterprise from two
different forms of breaches;

1. Protection against intrusion

2. Protection against interception

• Intrusion: Forced and unauthorized entry into a system.

• Interception: Aimed at preventing the capture of data and

information transmitted over an enterprise network or other
communications link.
Results of Security Breach
• Destruction of Resources

• Corruption of Data and Applications

• Denial of Services

• Theft of Services

• Theft of Resources
 Sources of Security Breach
1. Employees

 Current or former employees are a common source of security

violation. Disgruntled individuals who are unhappy with the
enterprise policies may get even by attacking their employer’s I.T
assets.

 Alternatively, employees may take advantage of their positions or

their knowledge of an application or database by intercepting
information and using it in an unauthorized way.
 Sources of Security Breach
2. Hacker: A person who gains access to a system illegally.

Some people would like to call themselves hackers, referring not to

their ability to break into the computer and networks, but rather to
their technical skills at computer programming and making a
system perform in innovative and productive ways.

Criminal hackers who break into the systems also have good
technical skills but have chosen to apply them in undesirable (often
illegal) ways.

When they decide to damage, the results can be devastating.

Note. Not every hacker is a criminal!!
Sources of Security Breach (Continued)
 Terrorist: Someone who conducts a “deliberate”, politically
motivated attack against information, computer systems,
computer programs, and data, which results in violence
against non-combatant targets by sub-national groups or
clandestine agent.”

 Cyber terrorism: Terrorist attack on computer facilities in

companies that rely on IT to produce their services.
 Sources of Security Breach (Continued)
3. Computer Viruses
 Virus: A hidden program that alters without the user’s knowledge,
the way a computer operates or that modifies the data and programs
stored on the computer.

 Viruses are written by individuals intent on causing damage in a

system. It is a virus because it reproduces itself, passing from one
computer to another.

 All types of computers are vulnerable to viruses, but PCs are

particularly vulnerable because most were not designed with
computer security in mind. The next generation of PC is being
developed with much greater concern for virus detection and
security in general.
Sources of Security Breach (Continued)
How to protect Computer Systems?
 Installing Antivirus Program:- Computer programs that
attempt to identify, prevent and eliminate computer viruses and
other malicious software (malware).
 Installing Firewall:- This serves as a gatekeeper system that
protects a company's intranets and other computer networks from
intrusion by providing a filter and safe transfer point for access to
and from the Internet and other networks.
 Data Encryption:- This method is used to alter the information
in a form that it cannot be understood or followed by other people
during transmission.
 Data Backup:- Users should frequently duplicate (copy) the
information to different storage devices such as DVDs, external hard
disk to be able to recover their information in case of a disaster.
How to protect Computer Systems?
 ID and Passwords:- This is to restrict access to the computer
systems, only allowing authorized users. A password is a secret
code that combines characters and numbers that allow a user to
access a computer or a network.
Rules for creating Secure Passwords;
 Do not use your name or names of your close friends.
 Pick a mix of alphabetic and numeric characters. Never use an
all-numeric password (especially your phone number or social
security number).
 Pick long passwords. If your password is only a few letters long,
an attacker will find it easy to try all combinations.
How to protect Computer Systems?
 Access rights:- Access rights help to protect the IT system and
the data stored on the system by restricting who can do what.
Most company networks will be set up so that different users
have appropriate levels of access rights. For example a manager
of the company will have higher level access right than his
subordinate staffs.
 Audit Logs:- Network managers should ensure that their
system is able to create an audit log. An audit log will record
every important event in an 'audit file such as who logged on to
the system at what time and onto which computer, which files
were opened, altered, saved or deleted or log events such as
attempts to access proxy servers
 Security Measures
 General Security Policies and Procedures
 Change access passwords frequently

 Restrict system use

 Limit access to data

 Set up physical access controls

 Encrypt data

 Establish procedural controls

 Institute educational programs

 Log all transactions and user activities

Security Measures (Continued)
Security Measures (Continued)

 Virus Protection Software

 Encryption: The activity of converting data or information

into code
Security Measures (Continued)
 Firewall: firewall is software or hardware that checks
information coming from the Internet or a network, and then
either blocks it or allows it to pass through to your computer,
depending on your firewall settings

 It can block information from entering a network or from

getting out of that network, they can permit different users to
perform different kinds of operations, according to the user's
authorizations.
 Security Measures (Continued)

Just as a brick wall can create a physical barrier, a firewall creates a barrier between
the Internet and your computer
RELIABILITY
• As companies become dependent on I.T, they also become
dependent on the continued availability of their computers and
communications systems.

• With that dependence comes the expectation that the service

provider – whether an in-house IT professional or hired IT
service-will take the necessary precautions to ensure that service
cannot be interrupted.

• Reliability: The assurance that computers and communications

systems will do what they should when they should.
Reliability
Ensuring IT Service Reliability
 Fault-tolerant Computer: A computer designed with duplicate
components to ensure reliability.

 Uninterruptible Power Supply (UPS) System: A system that

ensures the continued flow of electricity when the primary source
of power fails.

 Off-site Backup Facility: A backup computer center located away

from a company’s main facility.
 QUALITY OF LIFE ISSUES

• Information Technology has impacted our quality of life in a

number of ways…

• Isolation. A research conducted at Stanford University shows

that as people spend more time online, they have less time for
real-life relationships with family and friends.

• An average internet user who spends 3 hours a day online, spends

less time sleeping and also spends less time physically socializing
with friends.
QUALITY OF LIFE ISSUES - Isolation

Indeed, according
to research studies
, an hour spent
using the internet
reduces face-to-
face contact with
friends,
coworkers and
family.
 QUALITY OF LIFE ISSUES CONT’D
• Gambling
• Gambling is already widely spread in the developed countries but
information technology makes it almost unavoidable.

• For some people instead of driving in jam to meet friends for

gambling, logging onto their gambling site is what they do when
they have free time. This might be something done just on
weekends or it could be a daily occurrence.

• Some gamblers win big and others don’t but either way, this is their
chosen form of entertainment and for some, an addiction could
develop.. Despite efforts to curb gambling on the web, bettors in US
generated an estimated 70% of global online gambling revenues.
QUALITY OF LIFE ISSUES CONT’D
 Information Technology misuse can result in;
 Explosion of pornography
 Online pornographers use pop-up ads and internet search
engines to troll for new customers
 This means that children may be exposed to porn when
involved in innocent online searches
 Parents may use online blocking software like Cybersitter,
Cyber Patrol, or Net Nanny to prevent this
QUALITY OF LIFE ISSUES CONT’D
 Information Technology misuse can result in;
 Environmental problems
 Manufacturing computers and circuits can cause pollution
 Computer component manufacturing employees may be exposed to
toxic substances
 Used computers/monitors contain chromium, cadmium, lead,
mercury, PVC, and brominated flame retardants –all toxic
substances that must be disposed of properly..
QUALITY OF LIFE ISSUES CONT’D

 Information technology misuse can result in Workplace

problems;
 Misuse of technology
 Fussing with computers
can waste time
 Information overload
 ECONOMIC AND POLITICAL ISSUES

 Technology may affect the gap between the rich and the poor
 Most jobs require employees who are tech-savvy
 People who are not tech-savvy won’t qualify for those jobs
 Technology is being used to replace employees in traditional
jobs, traditionally filled by untrained workers

 Internet is not controlled

 This means that information moves freely on the internet
 Nondemocratic governments can’t control internet political
activism.
 Internet is only loosely policed, so criminals take advantage
ETHICS

 Ethics: The standards of conduct and moral behavior that people

are expected to follow.

 Companies today are challenged by many questions of ethics

arising from the wide spread use of information technology.

 These issues are not limited to I.T professionals but involve

everyone in the company who provides data to, or uses
information from the company's I.T systems.
 Ethics and IT Usage in Business

 Among the urgent issues that businesses must confront today are
the following;
 E-mail Privacy
 Software Licenses
 Software Copyrights
 Hardware Access
 Intellectual Property Ownership
 File Access
 Data Ownership
 Reality check
 Both users and developers of information technology tend to focus
primarily on I.T’s capabilities for assisting them in a particular
business situation.

 They are also caught up in the power of I.T that their first inclination is
to ask “Can I.T help solve a problem?” or “can I.T do this.” And if the
capabilities are affirmed, their position is implicitly, “if the system can
do it and payoff is right, then lets do it.”

 From an ethical standpoint, a more appropriate question to ask before

developing an I.T system is “should the system do this?” if the answer is
yes, then the systems capabilities can be determined. When ethics come
first, implementing IT takes on a completely different perspective
 DIGITAL PIRACY

 Like data and information, software is a valuable component of a

business system: It is the element that overseas processing and
transforms data into useful form.

 Since commercial software is often perceived expensive, it is

often pirated. So, is digital content

 Piracy is the making of illegal copies of copyrighted information.

 Digital Piracy is the illegal copying of digital products &

Information.
 Digital Piracy
Protecting Against Software Piracy
 Software Piracy: The making of illegal copies of software.
Methods to avoid piracy
1. Software Copyright Protection
 Copyright: Legal protection of original works against
unauthorized use, including duplication.
2. Copy Protection: A software protection scheme that defeats
attempts to copy a program or makes the copies software
unreliable.
3. Software Site Licensing
 Site License: An agreement under which a software purchaser
pays a fee to the manufacturer to make a specified number of
copies of a particular program.
Summary

 The issues discussed in this

chapter affect everyone, either
directly or indirectly. The most
important points to make from
these discussions are simple…

 Be aware of possible misuses

and take responsibility for
safeguarding the IT resources
under your control!
Chapter review questions

1. Explain the purpose of hardening an IT resource that might

encounter security threats.

2. How does denial of services attacks differ from theft of

services attack?

3. Why do companies have an obligation to ensure continued

access to computer and communications systems once they
have been made available to users.

4. How does copy protection differ from copyright protection?

Good Luck…!
 If u have any questions,
feel free to ask. ..