Published on February 27, 2014
Need For Ethical & Security Issue in IT
ETHICAL ISSUES Ethics in society holds each person responsible for his or her actions. Each person is accountable for everything he or she does. If anything that is illegal or immoral in the real world it is illegal in the computer world too. IT and computer personnel often have access to much confidential data and knowledge about individuals and companies networks and system that give them a great deal of information. This raises ethical questions.
Such As: • SHOULD YOU READ THE PRIVATE E-MAIL OF YOUR NETWORK USERS JUST BECAUSE YOU HAVE THE ACCESS? • IS IT RIGHT TO MONITOR THE WEBSITES VISITED BY NETWORK USERS?
Security Issue • Security issues related to computerized system involves protecting all parts of the computer system. This includes data, the software and the hardware. • The abuse of computers has also given birth to a new ages crimes that are addressed by the Information Technology act, 2000. Defining cyber crimes as “acts that are punishable by the information technology act” would be unsuitable as the Indian penal code also covers many cyber crimes, such as email spoofing and cyber deformation, sending threatening e mail etc. .
Security Threats • A network security threat is any potentially adverse occurrence that can harm or interrupt the systems using the network, or cause a monetary loss to an organization. • Once the threats are identified they are then ranked according to their occurrence. • For example, the average cost to clean up a virus that slips through a security system and infects an average number of computers is $150,000/virus
Types of Threats • Fabrication – An unauthorized party inserts counterfeit objects into the system – Attack on authenticity – Insertion of spurious messages in a network – Addition of records to a file
• Interruption – An asset of the system is destroyed of becomes unavailable or unusable – Attack on availability – Destruction of hardware – Cutting of a communication line – Disabling the file management system
• Interception – An unauthorized party gains access to an asset – Attack on confidentiality – Wiretapping to capture data in a network – Illicit copying of files or programs
• Modification – An unauthorized party not only gains access but tampers with an asset – Attack on integrity – Changing values in a data file – Altering a program so that it performs differently – Modifying the content of messages being transmitted in a network
• Disruptions are the loss or reduction in network service. • Some disruptions may also be caused by or result in the destruction data. • Natural (or manmade) may occur that destroy host computers or large sections of the network is often viewed as hackers gaining access to organizational data files and resources. However, most unauthorized access incidents involve employees.
SYSTEM GETS INFECTED THROUGH Viruses Worms Trojan Zombies
HACKING Hacking is the gaining of access(wanted or unwanted) to a computer and viewing, copying, or creating data(leaving a trace) without the intention of destroying data or maliciously harming the computer. Cases of hacking reported in 2011 was 157 and reported in 2012 was 435 thereby % variation in increase in cases over 2011 is 177.1%
Top Countries In Cyber Crime
Targets Of Cyber Criminals
SPAM Email spam, also known as junk email or unsolicited bulk email (UBE), is a subset of electronic spam involving nearly identical messages sent to numerous recipients by email. Clicking on links in spam email may send users to phishing web sites or sites that are hosting malware. Spam email may also include malware as scripts or other executable file attachments. Definitions of spam usually include the aspects that email is unsolicited and sent in bulk.
A HISTORICAL ARTIFACT: THE FIRST SPAM The first spam, (sent to Usenet news groups, not to email accounts, BTW). It was sent by lawyers… Grr! From: Laurence Canter (email@example.com) Subject: Green Card Lottery- Final One? Newsgroups: alt.brother-jed, alt.pub.coffeehouse.amethyst View: Complete Thread (4 articles) | Original Format Date: 1994-04-12 00:40:42 PST Green Card Lottery 1994 May Be The Last One! THE DEADLINE HAS BEEN ANNOUNCED. The Green Card Lottery is a completely legal program giving away a certain annual allotment of Green Cards to persons born in certain countries. The lottery program was scheduled to continue on a permanent basis. However, recently, Senator Alan J Simpson introduced a bill into the U. S. Congress which could end any future lotteries. THE 1994 LOTTERY IS SCHEDULED TO TAKE PLACE SOON, BUT IT MAY BE THE VERY LAST ONE. [continues]
Ankit Fadia The author of The Unofficial Guide to Ethical Hacking Said “ I could hack a stateowned bank’s website or government communications website which shows the vulnerability, thousands of Indian websites are being hacked each day”.
SECURITY MEASURES AND TECHNIQUES Encryption- Encryption is the process of making information indecipherable to protect it from unauthorized viewing or use, especially during transmission or when it is stored on a transportable magnetic medium. • Encryption is usually based on a key without which the information cannot be decoded or decrypted. • Someone intercepting it may not be able to understand or misuse it. • Institute of standards and technology has created an extremely complex encryption standard called DES(Data Encryption Standard) that provides virtually unlimited ways to secure computer files.
ACCESS CONTROL • Access to computer systems should be physically controlled by use of measures like entry passes and ID cards being checked by security staff. • Authorization is the act of granting the permission to a person or a group or a programme so that the required activity can be done. • Common means used to restrict access to computer systems and sensitive file is a password.
Users must not display there passwords at easily accessible places. System developers must ensure that passwords are never displayed on a screen. Password should also not be printed on reports. Password should to be held in in the system in an encrypted form, so that even if someone reaches the password table/file, all that be seen is garbage. System developers must ensure that short passwords are not permitted. System administrators must deactivate the usernames/passwords of employees who have resigned, have retired, have been transferred or have departed for any reason.
PROECTION FROM VIRUSES A computer virus is a programme that infects computer files and runs executable programmes by inserting in those files copies of it. This is usually done in such a manner that the copies will be executed when the file is loaded into memory. A virus cannot exist by itself It infects an executable file. When the file is executed, the virus gets transmitted. Virus spreads through CDs, pendrive, local area network and intenet.
FIREWALL A Firewall is a barrier to keep destructive forces away from a system. Its job is similar to physical firewall that keeps a fire spreading from one area to another. A firewall is simply a programme or a hardware device that filters the information coming through the internet connection into a computer system. Firewalls can be implemented in both hardware and software or a combination of both. Firewalls are frequently used to prevent unauthorized internet from accessing private networks connected to internet. users
ADULT TRIAL Adult Trial is a means of tracing all activities affecting a piece of information such as data recorded from a time in enters the system from the time in enters the system to the time it leaves. An adult trial documents the path from input to output and should provide information to reconstructed or verify the entire sequence either manually or through automated tracking procedures. Adult trial can often be used to identify the cause, timing and location of security breaches.
Ethical Issues for IT Security Professionals. ... yet your analysis of the client’s security needs show that sensitive information will be at risk if you ...
... Ethics for the Security ... We need to keep in mind though ... This would have a negative affect on our reputation as a ethical managed security ...
Ethical issues for IT security ... yet your analysis of the client's security needs shows that ... most ethical issues that IT and security ...
CIO Jeff Relkin examines these and other ethical ... ethical issues raised by IT capabilities, issues that all of us as technology professionals need ...
SECURITY AND ETHICAL ISSUES IN IT: ... the need of organization. ... Computer Security Issues & Trends, CSI 2000.  ...
Ethical Issues in Social Science Research in Developing Countries: ... security become important issues ... ethical issues in such countries need ...
Information security, ... ensuring that data is not lost when critical issues arise. ... Information security culture needs to be improved continuously.
The following notes define the broad ethical issues now being ... with Legal Issues in Electronic Information Systems. ... reasons of national security.
Four Ethical Issues of the Information ... The ethical issues involved ... welfare recipients Social Security numbers to some 117 banks to find ...