Ethics and Information Security: Presented by
Ethics and Information Security: Presented by
Ethics and Information Security: Presented by
Presented By:
Maham Iqbal
Farwa Iqbal
Fatima Mohisn
Contents
• Ethics & Information Ethics
• Ethical Issues
Ethics & Information Ethics
• Ethics: the principles and standards
that guide our behavior towards
people.
• Governs the ethical and moral issues
of information technology
Ethical Issues
• Copyright: legal protection afforded an
expression of idea, song and book etc.
• Intellectual property: includes copyright,
trademarks and patents.
• Pirated software: is the unauthorized
use, duplication, distribution of
copyrighted software.
• Counterfeit software: manufactured to
look like a real thing
Ethical Issues
Major Ethical Issue
• Privacy: it is the right to be left alone
when you want to be, to have control
over your own personal possessions and
not to be observed without your
consent.
• Confidentiality: the assurance that
messages and information remain
available to authorized users.
Individuals: An Ethical component
of IT
• Individuals copy, use and distribute
software
• Search organizational databases for
personal information
• Create and spread viruses in IT systems
• Hack into computers systems to steal
information
• Destroy proprietary information such as
customer lists and reports.
Information Does Not Have Ethics,
People Do
• It does not know how it is used.
• It will not stop itself from spreading
viruses or revealing details.
• Acting ethically and legally are not
always same
Developing Information
Management Policies
Ethical Computer Use Policy
• Examples of unethical computer use
Cyber bullying
Click-fraud
Ethical Computer Use Policy
• It contains general principles to guide
computer user behavior.
• Example: it might refrain the user to
play games in working hours.
• The users should be informed of the
rules, by agreeing to use the system
on the basis, consent to abide by
them.
Ethical Computer Use Policy
• BYOD policy: allows employees to use their own
personal devices to access enterprise data and
applications.
• Provides
Unlimited access for personal devices
Access only to non sensitive systems and data
Access, but with IT control over personal
devices
Access, but preventing local storage of data on
personal devices
Information Privacy Policy
• It contains general principles of
information privacy
• Example:
Acceptable Use Policy
• It requires a user to agree to follow
to be provided access to email, IS and
internet.
• Nonrepudiation