Security, Ethical and Societal Challenges of E-

Business

Security, Ethical and Societal Challenges of E-

Business

Based on James O’Brien’s MIS Managing Information Technology in the

E-Business Enterprise 5th Edition 2002Prepared by M. Pineda for Competh 3rd Term SY 2003-2004

Aspects of Security, Ethical & Societal Dimensions of E-Business

Aspects of Security, Ethical & Societal Dimensions of E-Business

Employment Privacy

Health

IndividualityWorking Conditions

Crime

E-Business Security

Ethics & Society

Computer Crime, defined by the Assoc. of IT Professionals

(AITP)

Computer Crime, defined by the Assoc. of IT Professionals

(AITP) Unauthorized use, access, modification, and

destruction of hardware, software, data or network resources

Unauthorized release of information Unauthorized copying of software Denying an end-user access to his or her own

hardware, software, data or network resources Using or conspiring to use computer or network

resources to illegally obtain information or tangible property.

Hacking (illegal hackers, also called crackers)

Hacking (illegal hackers, also called crackers)

The obsessive use of computers Or the unauthorized access and use of

networked computer systems. Can monitor e-mail, web server access, or

file transfers to access to extract passwords or steal network files or to plant data that will cause a system to welcome intruders.

Hacking issueHacking issue

What to do with a hacker who commits only electronic breaking and entering, i.e. gets access to a computer system, reads some files, but neither steals nor damages anything.

Common Hacking TacticsCommon Hacking Tactics

Denial of service Scans Sniffer programs Spoofing Trojan Horse Back Doors Malicious Applets

War Dialing Logic Bombs Buffer Overflow Password Crackers Social Engineering Dumpster Diving

Cyber TheftCyber Theft

Computer crimes that involve the unauthorized network entry, fraudulent alteration of computer databases and the theft of money

Example:http://www.geocities.com/vienna/4345/vladimir.htm

Unauthorized Use at WorkUnauthorized Use at Work

Also called as Time & Resource Theft Unauthorized use of company-owned

computer networks by employees– private consulting, personal finances, playing video games, unauthorized use of the Internet on company networks,

Online activities specifically discouraged by corporate policies

Online activities specifically discouraged by corporate policies

Pornography Gambling Chat Shopping Sports Stock trading Job hunting

Source: Net managers Battle Online Trading Boom, Computerworld, July 5, 1999, p. 24. Copyright 1999 by Computerworld, Inc.

Software PiracySoftware Piracy Unauthorized copying of software is a major form of

software theft. Unauthorized copying is illegal because SOFTWARE is

intellectual property i.e. protected by copyright law and user licensing agreements.

Piracy of Intellectual PropertyPiracy of Intellectual Property

Other forms of copyrighted materials ---music, video, images, articles, books and other written works are especially vulnerable to copyright infringement.

Example: P2P networking technologies like Napster, Gnutella and Kazaa have made digital versions of copyrighted materials more vulnerable to unauthorized use.

Computer Viruses (or worms)Computer Viruses (or worms)

A program code that cannot work without being inserted into another program

Copy annoying or destructive routines into the networked computer systems of anyone who accesses computers infected with the virus or who uses copies of magnetic disks taken from infected computers.

I. DescriptionThe Melissa macro virus propagates in the form of an email message containing an infected Word document as an attachment. The transport message has most frequently been reported to contain the following Subject header

Subject: Important Message From <name> II. ImpactUsers who open an infected document in Word97 or Word2000 with macros enabled will infect the Normal.dot template causing any documents referencing this template to be infected with this macro virus. If the infected document is opened by another user, the document, including the macro virus, will propagate. Note that this could cause the user's document to be propagated instead of the original document, and thereby leak sensitive information. Indirectly, this virus could cause a denial of service on mail servers. Many large sites have reported performance problems with their mail servers as a result of the propagation of this virus.

III. SolutionsBlock messages with the signature of this virus at your mail transfer agents or other central point of control.

CIH/Chernobyl VirusThe CIH virus infects executable files and is spread by executing an infected file. Since many files are executed during normal use of a computer, the CIH virus can infect many files quickly. There are several variants of the CIH virus. Some activate every month on the 26th, while other variants activate just on April 26th or June 26th. Once the CIH virus activates, the virus attempts to erase the entire hard drive and to overwrite the system BIOS. Some machines may require a new BIOS chip to recover if overwritten by the CIH virus. CIH only affects Win95/98 machines. Description

The CIH virus infects executable files and is spread by executing an infected file. Since many files are executed during normal use of a computer, the CIH virus can infect many files quickly. There are several variants of the CIH virus. Some activate every month on the 26th, while other variants activate just on April 26th or June 26th. Once the CIH virus activates, the virus attempts to erase the entire hard drive and to overwrite the system BIOS. Some machines may require a new BIOS chip to recover if overwritten by the CIH virus. CIH only affects Win95/98 machines.

Privacy IssuesPrivacy Issues

Impt. Privacy IssuesImpt. Privacy Issues

Accessing individuals’ private e-mail conversations and computer records

Collecting and sharing information about individuals gained from their visits to Internet websites and newsgroups

Impt. Privacy IssuesImpt. Privacy Issues Always knowing where a person is, esp. as mobile and

paging services become more closely associated with people rather than places

Using computer info gained from many sources to market additional business services

Collecting telephone numbers, e-mail addresses, credit card numbers & other personal info to build individual customer profiles.

Other Issues: Computer Libel & Censorship

Other Issues: Computer Libel & Censorship

SpammingSpamming

The indiscriminate sending of unsolicited e-mail messages (spam) to many Internet users.

Also used to spread computer viruses.

FlamingFlaming Practice of sending

extremely critical, derogatory and often vulgar e-mail messages, or newsgroup postings to other users on the internet or online services.

Challenges in the Working ConditionsChallenges in the Working Conditions

Employment issue Computer monitoring Individuality of employees

/people Health issues Human factors engineering

Ethical ResponsibilitiesEthical Responsibilities

Digital artwork by

Kiran Budhrani

Ethical PhilosophiesEthical Philosophies

EGOISM. What is best for a given individual is right.

NATURAL LAW. Humans should promote their own health and life, propagate, pursue knowledge of the world and God, pursue close relationships with other people, and submit to legitimate authority.

Ethical PhilosophiesEthical Philosophies

UTILITARIANISM. Those actions are right that produce the greatest good for the greatest number of people.

RESPECT FOR PERSONS. People should be treated as an end and not as a means to an end; and actions are right if everyone adopts the moral rule presupposed by the action.

Western & Non-Western ValuesWestern & Non-Western ValuesNon-Western Western Common Values

Kyosei (Japanese): living & working together for the common good.

Dharma (Hindu): the fulfillment of inherited duty.

Satuthi (Buddhist): the importance of limited desires.

Zakat (Muslim): the duty to give alms to the Muslim poor.

Individual libertyEgalitarianismPolitical participationHuman rights

Respect for human dignityRespect for basic rightsGood citizenship

Business EthicsBusiness Ethics

The stockholder theory The social contract theory The stakeholder theory

Ethical GuidelinesEthical Guidelines

Be a responsible end user by Acting with integrity, Increasing your professional competence, Setting high standards of personal performance, Accepting responsibility for your work, and Advancing the health, privacy and general

welfare of the public.

FOLLOW THE CODE OF ETHICS!FOLLOW THE CODE OF ETHICS!

The Association of Information Technology Professionals Code of Ethics http://www.aitp.org/organization/about/ethics/ethics.jsp

Computing and Information Systems (Code of Ethics Online) http://www.iit.edu/departments/csep/PublicWWW/codes/computer.html

What does your conscience say?What does your conscience say?