Security, Ethical & Societal

Challenges of IT

...it is the glory of science to become

ever more and more precise in its
measurements, and it is the agony of
the scientist to discover that when his
measurements are really precise, what
he has measured is just to one side of
what he is after.
F. Fremont-Smith, 1956

OBJECTIVES

Information Security

Application Security and access control

Disaster Recovery Planning

Impact of IT on Health

Safety and Society

Ethical standards and moral codes on information

creation

Organization and dissemination

Information Technology in Society

IT has affected the entire strata of our society.

It has changed the way we think, shop, get ourselves

trained and entertained .

In Education and Healthcare

Expand access to Education

Prepare Individuals For The Workspace

Improve The quality of Education

Makes health care for all patients more efficient and

accurate

Assistance to Medical surgeons during critical operations

Clinics and hospitals use computers with standard software

packages to manage schedules for visiting wards etc.

In Governance

Stages Of E-Governance
Stage I:
Web Presence
Stage II:
Interactive
Presence
Stage III:
Transactional
Presence

In Business and Manufacturing

CAD allows engineers to design and test new products

CAM helps in production packages

Scientists and Engineers working in the design

department make very significant usage of high speed
computers and IT technologies.

Today many small and large businesses have achieved

their success primarily due to usage of IT technologies.

These days, computers and WWW have become a

powerful advertising media for companies.

Impacts of IT in health and safety

Information technology has helped in shaping both the business world and our
society in general.

impacts of information technology are profound. As more technology emerges, it

will have both positive and negative impacts.

Since we are always in contact with computers and smart phones it is important
to know what provokes health issues and how to prevent them.

the following are major issues:

8/20/16

1.Eye-Strain
2.Back and Neck ache
3.Repetitive Strain Injury(RSI)
4.Ozone irritation

Cyber-sickness:

8/20/16

increased addiction to social networks and internet games,

spending more time on computers and give up on their
normal offline life.
resulted into relation breakups,increases loneliness,health
issues.

Social implications
access to harmful information which corrupts peoples minds
and drives them to commit crime.
use of search engines to find information on how to create
harmful weapons ,how to commit wrong acts in society.

PLAGIARISM

Plagiarism means the use of close

replication of the language and
thoughts of another author in the form
as if ones own original work.

It is stealing a persons ideas or writing

Plagiarism by students, professors or

researchers is considered academic
dishonesty or academic fraud.

Information Security
information
security

Preserving authorized
restrictions on access
and disclosure,
including means for
protecting personal
privacy and proprietary
information

What is it

for
protecting
information and
information systems
from
unauthorized
access,
use,
disclosure,
disruption,
modification, or
destruction

Ensuring
timely and
reliable
access to and
use of
information.

Confidentiality

Information
Security

Availability

Guarding against
improper
information
modification or
destruction, and
includes ensuring
information nonrepudiation and
authenticity;

Integrity

The Need for IT Security,

governance

Security
Aligning
IT with
Business

Value/Cost

Keeping
IT Running
Managing
Complexity

Organizations require a structured approach for managing

these and other challenges.

Regulatory
Compliance

Why Information Security

Ensure Availability of Business

Take care of the risk of loss of Confidentiality, Integrity

and Availability of Information Assets

Protect Data and Information Systems

Brand and Reputation Loss

Increased Productivity through best practices

Higher levels of assurance

Competitive advantage

Enable Business Continuity and Disaster Recovery

Application Security
Info Security Landscape
Desktop

Transport

Network

Antivirus
Protection

Encryption
(SSL)

Firewalls /
IDS / IPS

Web Applications

Application
Servers

Firewall

Backend
Server

Databases
Web Servers

Understanding the Problem

Motives Behind
Application Hacking
Incidents

Web Hacking
Incidents by Industry

Click
Click icon
icon to
to add
add picture
picture

COMPUTER (Cyber) CRIME

Computer crime includes

Unauthorized

use, access, modification,

or destruction of hardware, software,
data, or network resources

The

unauthorized release of information

The

unauthorized copying of software

Denying

an end user access to his/her

own hardware, software, data, or
network resources

Using

or conspiring to use computer or

network resources illegally to obtain
information or tangible property

Types of cyber crime

HACKING

The obsessive
use of
computers

The
unauthorized
access and use
of networked
computer
systems

CRACKER

A malicious or criminal
hacker who maintains
knowledge of the
vulnerabilities found
for private advantage

White Hat
Also known as friendly hackers
are always using their
knowledge for good reasons
Black Hat

Grey Hat
Are borderline white/black hats.
They sometimes prank
unsuspecting users and cause
general mayhem. While they think
this kind of activity is harmless,
they may face long periods of jail
time if they ever get found out.

Also known as crackers these are

the ones to watch out for, they send
and make viruses, destroy data,
and deface websites along with
other illegal activity and break into
peoples machines. This type of
hacker has a bad reputation.

Common Hacking Tactics

Denial of Service

Hammering a websites equipment with too many requests for

information

Clogging the system, slowing performance, or crashing the site

Scans

Widespread probes of the Internet to determine types of computers,

services, and connections

Looking for weaknesses

Sniffer

Programs that search individual packets of data as they pass through

the Internet

Capturing passwords or entire contents

Spoofing

Faking an e-mail address or Web page to trick users into passing along critical
information like passwords or credit card numbers

CONT

Trojan House

A program that, unknown to the user, contains instructions that exploit a known
vulnerability in some software

Back Doors

A hidden point of entry to be used in case the original entry point is detected or blocked

Malicious Applets

Tiny Java programs that misuse your computers resources, modify files on the hard disk,
send fake email, or steal passwords

War Dialing

Programs that automatically dial thousands of telephone numbers in search of a way in

through a modem connection

Logic Bombs

An instruction in a computer program that triggers a malicious act

CONT

Buffer Overflow

Password Crackers

Software that can guess passwords

Social Engineering

Crashing or gaining control of a computer by sending too much data

to buffer memory

Gaining access to computer systems by talking unsuspecting

company employees out of valuable information, such as passwords

Dumpster Diving

Sifting through a companys garbage to find information to help

break into their computers

CYBER THEFT

Many computer crimes involve the theft of

money

The majority are inside jobs that involve

unauthorized network entry and alternation
of computer databases to cover the tracks
of the employees involved

Many attacks occur through the Internet

Most companies dont reveal that they

have been targets or victims of cybercrime

Viruses and Worms

A virus is a program that cannot work without being inserted into

another program

A worm can run unaided

These programs copy annoying or destructive routines into

networked computers

Commonly transmitted through

The Internet and online services

Email and file attachments

Disks from contaminated computers

Shareware

Top Five Virus Families of all Time

My Doom,(2004)

PoisonIvy (2005)

Zeus (2007)

agent.btz (2008)

Conficker Virus (2009)

Spyware

Spyware

Adware that uses an Internet connection in the background, without

the users permission
or knowledge

Captures information about the user and sends it over the Internet

Spyware can steal private information and also

Add advertising links to Web pages

Redirect affiliate payments

Change a users home page and search settings

Make a modem randomly call premium-rate phone numbers

Leave security holes that let Trojans in

Degrade system performance

Removal programs are often not completely successful in

eliminating spyware

Security Management
The goal of security management is the accuracy, integrity,
and safety of all information system processes and
resources.

Information
System
Controls

Methods and devices

that attempt to ensure
the accuracy, validity,
and propriety of
information system
activities

Security Measures
Public/Private Key Encryption

Encryption

Data is transmitted
in scrambled form

It is unscrambled
by computer
systems for
authorized users
only

The most widely

used method uses
a pair of public and
private keys unique
to each individual

FIREWALLS

A gatekeeper system
that protects a
companys intranets
and other computer
networks from intrusion

Provides a filter and

safe transfer point for
access to/from the
Internet and other
networks

Important for
individuals who connect
to the Internet with DSL
or cable modems

Can deter hacking, but

cannot prevent it

Internet and Intranet

Firewalls

Email Monitoring

Use of content monitoring software that scans

for troublesome words that might compromise corporate security

Virus Defenses

Centralize the updating and distribution of antivirus software

Use a security suite that integrates virus protection with

firewalls, Web security,
and content blocking features

Security Codes

Multilevel password system

Encrypted passwords

Smart cards with microprocessors

Backup Files

Duplicate files of data or programs

Biometrics

Computer devices measure physical traits that make each

individual unique
Voice

recognition, fingerprints, retina scan

Computer Failure Controls

Prevents computer failures or minimizes its effects

Preventive maintenance

Arrange backups with a disaster recovery organization

Disaster Recovery Plan

Scope of This Plan

Enables the department to restore companys core

information systems in the event of a disaster.

Identifies areas of substantial risk and exposure to

disaster.

The fundamental business practice followed by the IT

department is essential to the recovery of department
operations. These key activities include:
Data

backup & restoration

Server

& systems administration

System

shutdown and startup

Identification

of critical Systems

Data Backup And Restoration

Full backups are performed each weekend with
incremental backups occurring each weeknight. Backup
tapes for each week are collected and stored in the
Server Room in a fire-proof safe. Each week the
collection is taken offsite. Long term archives are
removed from the rotation scheme with monthly
backups retained for one year and annual backups
retained for three years. Key servers across all
platforms are included in the backup schedule. Archival
copies of operating system and application software,
detail network documentation and a copy of this plan
are also stored offsite.

Server & System Administration

Current practice for managing servers and desktop
systems across company include:

Ensuring high availability of servers

User support and desktop system support

Server maintenance is scheduled outside of normal

business hours

System Shutdown & Startup

Instructions for shutdown and startup of critical servers
will be located in the Server Room and attached to this
plan. These procedures cover the equipment in the
Server Room as well as network components for the
WAN/LAN. A copy of these procedures is also stored
offsite.

Critical Systems

ERP System

Windows Server Domain Controllers

Storage and Application Servers

DHCP/WINS/DNS Servers and Print Services

Network Communication components

(i.e. firewalls, routers, wireless access point, etc)

Voice Communications (PBX)

What is Ethics and its Value in

In very simple term ethics is
nothing more than your belief
IT?
towards the action and happening situations.

As the world is adopting the new technology the need of ethics

arises to sustain the proper growth and to minimize the risk of
wrong uses.

HISTORY

Information Technology gets its huge popularity after year 1995

when Microsoft Company initially launched the office programs for
computers.

Today whole world is relying on such office suites.

When popularity of IT field in Business grows, the ideology of

online business commenced. Today is more than 8,000 known ecommerce websites are exists in the world.

Today people are becoming rare who purchase things online.

Everyone is searching things for free and piracy word commenced
from here only.

Whenever we create an account or transact any payment online

the biggest concern is privacy.

To deal with such privacy problems solutions are 2 way

authentication, anti spyware and more on.

Categories of Ethical Business

Issues

Principles of Technology Ethics

Proportionality - The good achieved by the technology must

outweigh the harm or risk; there must be no alternative that
achieves the same or comparable benefits with less harm or risk

Informed Consent - Those affected by the technology should

understand and accept the risks

Justice

The benefits and burdens of the technology should be

distributed fairly

Those who benefit should bear their fair share of the

risks, and those who do not benefit should not suffer a
significant increase in risk

Minimized Risk - Even if judged acceptable by the other three

guidelines, the technology must be implemented so as to avoid
all unnecessary risk

CYBER LAW
Cyber law is the law governing the cyber space.
Also called Law of Internet.
Cyberspace is a very wide term and includes computers,
networks, software, data storage devices,Internet, websites,
emails,electronic devices such as cell phones, ATM machines
Cyber law of India encompasses laws relating to:
1. Cyber Crimes
2. Electronic and Digital Signatures
3. Intellectual Property
4. Data Protection and Privacy.

CYBER CRIME
Cyber crimes are unlawful acts where computer is used
either as a tool or a target or both.
The enormous growth in electronic commerce (ecommerce) and online share trading has led to a
phenomenal increase in incidents of cybercrime.
Cyber crimes can be basically divided into 3 categories:
1. Cybercrimes against persons
2. Cybercrimes against property
3. Cyber crimes against government

 Cybercrimes committed against persons : various crimes like

transmission of child-pornography, harassment of any one with the
use of a computer such as e-mail.
Cyber crime against property: crimes such as transmission of
harmful programmes, Siphoning of funds from financial institutions,
stealing secret information & data, computer vandalism.
Cybercrime against government: the medium of Cyberspace is
used by individuals and groups to threaten governments and also
to terrorize the citizens of a country. Cyber terrorism, cyber
extortion are kinds of crime in this category.

Data protection and privacy

Data Protection and Privacy Laws aim to achieve a fair balance
between the privacy rights of the individual and the interests of data
controllers such as banks, hospitals, email service providers etc.
These laws seek to address the challenges to privacy caused by
collecting, storing and transmitting data using new technologies.

INTELLECTUAL PROPERTY
Intellectual property refers to creations of human minds.
It is the result of creativity such as patents, copyrights etc.

Electronic signature
E- signatures are used to authenticate electronic records.
Also called Digital signatures.
Digital signatures satisfy 3 major legal requirements:
1.Signer authentication
2.Message authentication
3.Message integrity

8/20/16

Commencement of the IT Act,

2000
In the year 2000, when privacy concern was the big
issue for all the business firms. Indian Government
passed the very first cyber law which is named as the
Information Technology Act, 2000.

Information Technology Act

of India, 2000
The primary source of cyber law in India is the Information Technology Act, 2000
(IT Act).
The main purpose of the Act is to provide legal recognition to e-commerce and to
facilitate filing of electronic records with the government.
Information Technology Act,2000 consisted of 94 sections segregated into 13
chapters.
IT Amendment 2008 came as the new version of IT Act 2000 and focused more on
Information Security.
It added several new sections of offenses like Cyber Terrorism and Data Protection.

CASE STUDY