COMPUTER ETHICS AND

SECURITY
Computer Security Risks and Threats

• Information Theft
• Hardware Theft
• Malicious Code
• Unauthorized access and use
• Software Theft
• Systems Failure
• Etc…..
What is a Security Threat?

• Security Threat is defined as a risk that which can potentially harm

computer systems and organizations.
• The cause could be physical such as someone stealing a computer that
contains vital data.
• The cause could also be non-physical such as a virus attack. We will
define a threat as a potential attack from a hacker that can allow them
to gain unauthorized access to a computer system.

Physical Threats
 Physical Threats

A physical threat is a potential cause of an incident that may result in loss or physical damage to the computer systems.
The physical threats can be classified into 3:
1) Internal
2) External
3) Human
Internal Threats
A physical threat is a potential cause of an incident that may result in loss or physical damage to the computer systems.

External Threats
These threats include Lightning, floods, earthquakes, etc.

Human Threats
These threats include theft, vandalism of the infrastructure and/or hardware, disruption, accidental or intentional errors.

Mitigation of Physical Threats

MITIGATION OF PHYSICAL THRETS

Internal Control measures

Fire threats could be prevented by the use of automatic fire detectors and
extinguishers that do not use water to put out a fire. The unstable power supply
can be prevented by the use of voltage controllers. An air conditioner can be used
to control the humidity in the computer room.
External Control measures
Lightning protection systems can be used to protect computer systems against
such attacks. Lightning protection systems are not 100% perfect, but to a certain
extent, they reduce the chances of Lightning causing damage. Housing computer
systems in high lands are one of the possible ways of protecting systems against
floods.
Human Control measures
Threats such as theft can be prevented by use of locked doors and restricted
access to computer rooms.

Logical Threats
Logical Computer Threats / Non Physical

• A non-physical computer threat is a potential cause of an incident that

may result in;

• Loss or corruption of system data

• Disrupt business operations that rely on computer systems
• Loss of sensitive information
• Illegal monitoring of activities on computer systems
• Cyber Security Breaches

Malware
Malware

Malware (Malicious Software )

This is any software designed to cause

damage to a single computer, server, or
computer network." In other words,
software is identified as malware based on
its intended use, rather than a particular
technique or technology used to build it.

We have different types of malware

including Virus, Trogan, bots etc…

Virus
 Virus

A computer virus is a malicious code that self replicates by copying itself

to another program, computer boot sector or document and changes how a
computer works.
The virus requires someone to knowingly or unknowingly spread the
infection without the knowledge or permission of a user or system
administrator.

Virus is destructive to data and software .

Threats and Attacks Methods

 Threats and Attack Methods

Sources of Computer Virus

• Downloading Programs. Such programs include some freeware software
• Pirated or Cracked Software
• Email Attachments
• Internet, visiting unsecure website
• Booting Data from Unknown CDs
• Bluetooth connections to unknown devices
• Unpatched Software.

Trojan
 Trojan

• Trojan blocks computer security systems and opening doors for other
malwares.
• This type of malware disguises itself as a legitimate software.
• A Trojan can be hidden in legitimate software that was tempered with.
• Trojans can be employed by cyber-thieves and hackers trying to gain
access to users' systems.
• Trojan act discreetly and create backdoors in the computer system to
let other types of malware in.
• A Trojan is not capable of replicating itself like a virus does.

Warms
 Worms

• Replicates itself taking computer resources and impairing computer

functions etc
• Functions which be affected by worms are Computer Speed and
computer screen freezing .
• It uses the computer networks and security holes to replicates itself
• It scans the network of another computer that has a specific security
hole and copies itself .
• It uses up computer processing time and bandwidth during replication.
• Carry payloads that do considerable damage.

Spyware and Adware

Spyware and Adware

Spyware
• A malicious attack that observes user’s activities and report it to the third party
• is unwanted software that infiltrates your computing device, stealing your
internet usage data and sensitive information. Spyware is classified as a type of
malware — malicious software designed to gain access to or damage your
computer, often without your knowledge.

• Adware
• Presents ads in pop up and pop under window.
• The term adware is frequently used to describe a form of malware (malicious
software) which presents unwanted advertisements to the user of a computer.
The advertisements produced by adware are sometimes in the form of a pop-up
or sometimes in an "unclosable window".

Spam
 Spam

• Spam is any kind of unwanted, unsolicited digital communication often

an email that gets set out in bulk.
• Spam is a huge waste of time and resources.
• Hackers use botnets to send spam email.
• Spam is often referred to as junk email.
• Software providers invest resources creating email applications that try
to filter out most of the spam.
• If there’s an inbox, spammers will find a way to clog it. Spam can also be
found on Internet forums, text messages, blog comments, and social
media. Email spam, however, is by far the most prevalent, and often the
most threatening to consumers.

Phishing
 Phishing

• “Phishing is the simplest kind of cyberattack and, at the same time, the most dangerous
and effective. That is because it attacks the most vulnerable and powerful computer on
the planet: the human mind,” Adam Kujawa, Director of Malwarebytes Labs .
• Phishing emails trick users into giving up sensitive information such as website login
credentials ,credit card information by way of social engineering and email spoofing.
• Spoofed emails mimic an email from a legitimate sender demanding some sort of
action.
• Common phishing ploys include:
• A request for payment of an outstanding invoice.
• A request to reset your password or verify your account.
• Verification of purchases you never made.
• A request for updated billing information.
• By tricking us into giving up valuable information, cybercriminals are able to hack the
online services we use.

Other Threats
Other Threats

• Denial of Service Attack (DoS)

In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which
the perpetrator seeks to make a machine or network resource unavailable to its
intended users by temporarily or indefinitely disrupting services of a host
connected to the Internet.

Distributed Denial of Service Attacks.

A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt
normal traffic of a targeted server, service or network by overwhelming the
target or its surrounding infrastructure with a flood of Internet traffic. DDoS
attacks achieve effectiveness by utilizing multiple compromised computer
systems as sources of attack traffic.
Brute force Attack

• A brute force attack is an attempt to crack a password or username or find a

hidden web page, or find the key used to encrypt a message, using a trial and
error approach and hoping, eventually, to guess correctly. This is an old attack
method, but it's still effective and popular with hackers.
• An attacker decides on their intended target
• They use a computer program that’s configured to attempt entry by trying
usernames, along with millions of password combinations. (They may also
attempt one password with many usernames.)
• Once the correct username and password combination is found, the attacker is
able to access the secure data.
• Brute force attacks are used to break through security measures so they can
reach the intended data target. While this may seem like something only
hackers can use to their advantage, many security firms use brute force attacks
to help test their clients’ systems.
Unauthorized access to computer systems
resources
• Unauthorized access is when someone gains access to a website, program,
server, service, or other system using someone else's account or other methods.
For example, if someone kept guessing a password or username for an account
that was not theirs until they gained access, it is considered unauthorized
access.

• Unauthorized access could also occur if a user attempts to access an area of a

system they should not be accessing. When attempting to access that area, they
would be denied access and possibly see an unauthorized access message.

• Some system administrators set up alerts to let them know when there is an
unauthorized access attempt, so that they may investigate the reason. These
alerts can help stop hackers from gaining access to a secure or confidential
system. Many secure systems may also lock an account that has had too many
failed login attempts.

Security Measures
 Security Measures

• Firewalls
• Anti Virus
• Anti Spyware
• User Identification and Authentication
• Data Backup
• Human Aspects (Awareness)
• Electrical Protection
• Intrusion Detection Systems (IDS)

Control Measures
Control Measures

• Secure buy-in from Senior leadership. Balance security budget vs. amount of
risk your company executives are willing to assume.

• Continuous employee education on cyber security

• Monitor network traffic for suspicious activity – can you “see” in & outbound
encrypted messages?

• Upgrade and patch software immediately and promptly. This must be done
frequently as patches are released by the software vendor.

• Implement robust Endpoint security to protect your business from zero-day

malware & user mistakes.
Control Measures

• Upgrade Authentication inside and out – including mobility & IoT policies.
• Harden external facing web applications.
• Know where sensitive data resides, then develop data protection
strategy to include encryption monitoring.
• Develop and implement real-time monitoring strategy and analysis of log
files and wire data.
• Implement rigorous application development testing and code reviews.
• Perform annual penetration assessments and vulnerability assessments.
• Prepare for the worst-case scenario. Develop emergency incident
response (IR) plans or Disaster recovery plans .
 To protect against viruses, Trojans, worms, etc. an organization can use anti-virus software. In additional to
the anti-virus software, an organization can also have control measures on the usage of external storage
devices and visiting the website that is most likely to download unauthorized programs onto the user’s
computer.

Unauthorized access to computer system resources can be prevented by the use of authentication methods.
The authentication methods can be, in the form of user ids and strong passwords, smart cards or biometric,
etc.

Security Risk
Intrusion-detection/prevention Recommended
systems can be used to protect Security
against denial measure/
of service step
attacks.There are
other measures too that can be put in place to avoid denial of service attacks.
Malicious code (Virus , Worm, Trojan) Antivirus , Anti Spyware , Firewall, Human aspect
awareness
Unauthorized access and use Physical access control, human Aspect awareness

Hardware Theft Physical access awareness

Software theft Physical Access Awareness , Human Aspect Awareness

Information Theft Cryptography, Physical access control, Antivirus ,Anti

spyware
System failure Data back up , Schedule maintaince
COMPUTER ETHICS
 Computer Ethics

• Computer are the moral guide lines that govern the use of
computers and information systems
Areas to cover on Computer Ethics
Information Accuracy
Green Computing
Codes of Conduct
Information Privacy
Intellectual property
 Unethical Activities involving Computers and
internet

• Use of pirated software

• Downloading copyrighted materials eg music
• Spread wrong information about people (flaming)
• Spread virus or other malware
• Hacking
• Copying of other peoples information
 Code of Conduct

• An IT code of conduct is a written guideline that helps determine whether a specific computer action is
ethical or unethical.
IT Code Of Conduct
1) Computers may not be used to harm other people
2) Employees may not interfere with others’ computer work .
3) Employees may not meddle in others’ computer files
4) Computers may not be used to steal
5) Computers may not be used to bear false witness.
6) Employees may not copy or use software illegally
7) Employees may not use others’ computer resources without authorization
8) Employees may not use others intellectual property as their own
9) Employees shall consider the social impact of programs and systems they design
10) Employees always should use the computers in a way that demonstrates consideration and respect
for fellow humans
Information Accuracy

• Information Accuracy is concerned with assuring the authenticity and fidelity of information,
identifying those responsible for the informational errors that harm people .
• Accuracy is to be ensuring that the information is correct and without any mistake.
Information accuracy is important because may the life of people depend in it like the
medical information at the hospitals, so the information must be accurate.

• The quality of information measured by accuracy, timeliness, completeness, relevance and

if it is easy to understood by the users, so the accuracy important for quality of information.
And the accuracy represents all organization actions. To get accurate information we need
the right value.

• If someone gave inaccurate information, it is difficult to find who made the mistake. There
are many reasons for inaccurate information. The most common case is when the user enter
wrong value. Also inaccurate information may accrue by typographical mistake. To avoid this
mistakes the organization must find who has experience and skills for data entry and it must
use the programs which discover the typographical mistake..
 Information Privacy

• Information privacy refers to the right of the individuals and companies to deny or restrict the
collection and use of information about them .
• Huge databases store data online
• It is important to safeguard your information .
Information privacy relates to different data types, including:

• Internet privacy (online privacy): All personal data shared over the Internet is subject to privacy
issues. Most websites publish a privacy policy that details the website's intended use of collected online
and/or offline collected data.
• Financial privacy: Financial information is particularly sensitive, as it may easily used to commit
online and/or offline fraud.
• Medical privacy: All medical records are subject to stringent laws that address user access privileges.
By law, security and authentication systems are often required for individuals that process and store
medical records.
•
 Intellectual Property

• Intellectual Property _unique and original works ( that is ideas ,

inventions, art , writing, product logos)
• IP rights are the rights to which creators are entitled for their work.

The Importance of IP
• to protect the original creation from individuals .
• To preserve features and process that make thing work (inventor will
therefore benefits –get a profit from their work).
Type Of Intellectual Property

• A patent is an exclusive right granted for an invention which is a product or a

process that provides a new way of doing something or offers a new technical
solution to a problem.
• A trade-mark is a sign which distinguishes the goods and services of one trader
from those of another. A mark includes words logos pictures names letters
numbers or a combination of these
• A copyright exclusive rights given to author / artist for their materials( literally
works , musical works , artistic works , films , sound recordings broadcast and
derivative works )
• Industrial Design
• Geographic Indication
• Layout design
 Netiquette (Internet Etiquette)

• Netiquette is the code of acceptable behaviours users should follow while

on the internet, that is the conduct expected of individuals while online.
• Good netiquette involves respecting other’s privacy and not doing anything
online that will annoy or frustrate other people.

• Netiquette Includes rules for all aspects of the Internet , including

1) WWW
2) Instant messaging
3) Chat Rooms
4) File Transfer protocol
5) News group and Message Boards
 Netiquette Golden Rule

Treat others as you would like them to treat you

In email, chat rooms and new groups .

 Keep messages brief: Use proper grammar , spelling and punctuation

 Be careful when using sarcasm and humour, as it might be misinterpreted
 Be polite . Avoid offensive language
 Read the message before you send it
 Be clear. Make sure subject lines(email) or page title (web page) reflects your content
 Avoid sending or posting flames, which are abusive or insulting messages .
 Do not participate in flame wars , which are exchanges of the flames
 Avoid sending spam, which is the internet’s version of junk mail.
 Do not use all capital letters, which is the equivalent of SHOUTING
 Clearly Identify a spoiler, which is a message that reveals a solution to a game or ending to a movie or program
 Use emoticons to express emotion. Popular emoticons include
: ) smile : | indifference :o surprised : ( frown :\ undecided
 Use abbreviations and acronym for phrases .
GREEN COMPUTING
 Green Computing

• Green Computing involves reducing the electricity and environmental waste while using a computer.
• It is the Designing , Manufacturing and disposing of computers, servers with no impact on the environment
Green Computing Suggestions
1) Use computers and devices that comply with the energy Star programme
2) Do not leave the computer running overnight
3) Turn of the monitor, printer, and other devices when not in use
4) Use LCD monitors instead of CRT monitors
5) Use paperless methods to communicate
6) Recycle paper
7) Buy recycled paper
8) Recycle toner cartridges
9) Recycle old computers , printers and other devices
10) Use video conference and VoIP for meetings