Security and Ethical

Challenges of
Information Technology

Dr. Manish Sharma

Director General
Rakshpal Bahadur Group of Institutions
 Important Issues
• Cyber Crimes
• Privacy
• Individuality
• Health
• Employment
• Working Condition
 Ethical Issues

• Business Ethics
• Technology Ethics
 Ethical Philosophies
• Egoism
• Natural Law
• Utilitarianism
• Respect for person
 Egoism
• What is best for a given
individual is right.
 Natural Law
• Humans should promote their
own health and life, propagate,
pursue knowledge of the world
and God, pursue close
relationships with other people,
and submit to legitimate
authority.
 Utilitarianism
• Those actions are right that
produce the greatest good
for the greatest number of
people.
 Respect for persons
• People should be treated as en
end and not as a means to an
end; and actions are right if
everyone adopts the moral rule
presupposed by the action.
 Ethical values
• Ethical values are more
specific ethical concepts that
people hold, and are heavily
influenced by one’s cultural
background.
 Non-Western Values
• Kyosei (Japanese)
– Living and working together for the common good.
• Dharma (Hindu)
– The fulfillment of inherited duty.
• Santutthi (Buddhist)
– The importance of limited desires.
• Zakat (Muslim)
– That duty to give alms to the Muslim Poor.
 Western Values
• Individual Liberty
• Egalitarianism
• Political Participation
• Human Rights
 Common Values
• Respect for human dignity
• Respect for basic rights
• Good citizenship
 Issues in Business Ethics
(w.r.t. IT)
• Equity – Intellectual Property Rights
• Rights – Customer Privacy & Employee
Privacy
• Honesty – Security of Company Information
• Exercise of Corporate Power – Workplace
Safety
 Theories
• The stockholder theory
• The social contract theory
• The stakeholder theory
The stockholder theory
• Holds that managers are agents
of the stockholders, and their
only ethical responsibility is to
increase the profits of the
business without violating the
law or engaging in fraudulent
practices.
 The social contract theory
• States that companies have ethical responsibilities to
all members of society, which allow corporations to
exist based on a social contract.
• The first condition of the contract requires
companies to enhance the economic satisfaction of
consumers and employees. They must do that
without polluting the environment or depleting
natural resources, misusing political power, or
subjecting their employees to dehumanizing
working conditions.
• The second condition requires
companies to avoid fraudulent
practices, show respect for their
employees as human being, and
avoid practices that systematically
worsen the position of any group in
society.
 The stakeholder theory
• Maintains that managers have an ethical
responsibility to manage a firm for the
benefit of all its stakeholders, which are
all individuals and groups that have a
stake in or claim on a company.
• This usually includes the corporation’s
stockholders, employees, customers,
suppliers, and the local community.
• Sometimes the term is broadened to
include all groups who can affect or be
affected by the corporation, such as
competitors, government agencies,
special interest groups, and the media.
Balancing the claims of conflicting
stakeholders is obviously not an easy
task for managers.
 Ethical Guidelines
• Responsible end user
– Acting with integrity
– Increasing your professional competence,
– Setting high standards of personal
performance
– Accepting responsibility for your work, and
– Advancing the health, privacy, and general
welfare of the public
 Technology Ethics
• Proportionality
• Informed Consent
• Justice
• Minimized Risk
 Proportionality
• The good achieved by the technology
must outweigh the harm or risk.
Moreover, there must be no
alternative that achieves the same or
comparable benefits with less harm
or risk.
 Informed Consent
• Those affected by the
technology should understand
and accept the risks.
 Justice
• The benefits and burdens of the
technology should be distributed
fairly. Those who benefit should
bear their fair share of the risks,
and those who do not benefit
should not suffer a significant
increase in risk.
 Minimized Risk
• Even if judged acceptable by the
other three guidelines, the
technology must be implemented
so as to avoid all unnecessary
risk.
 Cyber Crimes
• Cyber Crime is defined by AITP as including:
– The unauthorized use, access, modification, and destruction
of hardware, software, data, or network resources
– The unauthorized release of information;
– The unauthorized copying of software
– Denying an end user access to his or her own hardware,
software, data, or network resources;
– Using or conspiring to use computer or network resources to
illegally obtain information or tangible property.
This definition was promoted by the AITP in a Model Computer
Crime Act, and is reflected in many computer crime laws.
 Hacking
• Hacking is the obsessive use of
computers, or the unauthorized access
and use of networked computer systems.
Illegal hackers are also known as
crackers.
 Common Hacking Tactics
• Denial of Services – This is becoming a
common networking prank. By
hammering a website’s equipment with
too many requests for information, an
attacker can effectively clog the system,
slowing performance or even crashing
the site. This method of overloading
computers is sometimes used to cover up
an attack.
• Scans – Widespread probes of the
Internet to determine types of computers,
services, and connections. That way the
bad guys can take advantage of
weaknesses in a particular make of
computer or software program.
• Sniffer – Programs that covertly
search individual packets of data as
they pass through the Internet,
capturing passwords or the entire
contents.
• Spoofing – Faking an E-mail address
or Web page to trick users into
passing along critical information
like passwords or credit card
numbers.
• Trojan Horse – A program that,
unknown to the user, contains
instructions that exploit a known
vulnerability in some software.
• Back Doors – In case the original entry
point has been detected, having a few
hidden ways back makes reentry easy-
and difficult to detect.
• Malicious Applets – Tiny programs,
sometimes written in the popular
Java computer language, that misuse
your computer’s resources, modify
files on the hard disk, send fake E-
mail, or steal passwords.
• War Dialing – Programs that
automatically dial thousands of telephone
numbers in search of a way in through a
modern connection.
• Logic Bombs - An instruction in a
computer program that triggers a
malicious act.
• Buffer Overflow – A technique for
crashing or gaining control of a computer
by sending too much data to the buffer in
a computer’s memory.
• Passwords Crackers – Software that can
guess passwords.
• Social Engineering – A tactic used to gain
access to computer systems by talking
unsuspecting company employees out of
valuable information such as passwords.
• Dumpster Diving – Sifting through a
company’s garbage to find information to help
break into their computers. Sometimes the
information is used to make a stab at social
engineering more credible.
 Privacy Issues
• Violation of Privacy – Accessing
individuals’ private E-mail conversations
and computer records, and collecting and
sharing information about individuals
gained from their visits to Internet
websites and newsgroups.
• Computer Monitoring – Always knowing
where a person is, especially as mobile
and paging services become more closely
associated with people rather than places.
• Computer Matching - Using customer
information gained from many sources to
market additional business services.
• Unauthorized Personal Files – Collecting
telephone numbers, E-mail addresses,
credit card numbers, and other personal
information to build individual customer
profiles.
 Computer Libel and Censorship

• Spamming – is the indiscriminate sending

of unsolicited E-mail messages to many
Internet users.
• Flaming - is the practice of sending
extremely critical, derogatory, and often
vulgar E-mail messages, or newsgroup
postings to other users on the Internet or
online services.
ERP
Enterprise Resource Planning
ERP is a cross-functional enterprise
system that serves as a framework to
integrate and automate many of the
business processes that must be
accomplished within the
manufacturing, logistics, distribution,
accounting, finance, and human
resources functions of a business.
 Companies are finding major business
value in installing ERP software in
two major ways:
– ERP creates a framework for integrating and
improving their back-offices systems that results
in major improvements in customer services,
production, and distribution efficiency.
– ERP provides vital cross-functional information
quickly on business performance to managers to
significantly improve their ability to make better
business decisions across the enterprise.
Major Application Areas of ERP

• Human Resources
• Accounting and Finance
• Integrated Logistics
• Production Planning
• Sales, Distribution, Order Management