Chapter 8: SECURITY AND ETHICAL CHALLENGES Flashcards
As a business professional, you have a responsibility to promote ethical uses of information technology in the workplace. Whether or not you have managerial responsibilities, you should accept the ethical responsibilities that come with your work
activities. That includes properly performing your role as a vital human resource in the business systems you help develop and use in your organization. As a manager or business professional, it will be your responsibility to make decisions about business activities and the use of information technologies that may have an ethical dimension that must be considered.
Ethical Responsibility of Business Professionals
is concerned with the numerous ethical questions that managers must confront as part of their daily business decision making
Business ethics
Enumeration:
Ethics questions that managers meet as part of their daily business decision making include:
- Equity
- Rights
- Honesty
- Exercise of corporate power
Enumeration:
THEORIES OF CORPORATE SOCIAL RESPONSIBILITY
- STOCK HOLDER THEORY
- SOCIAL CONTRACT THEORY
- STAKEHOLDER THEORY
holds that managers are agents of the stockholders, and their only ethical responsibility is to increase the profits of the business without violating the law or engaging in fraudulent practices.
STOCK HOLDER THEORY
state that companies have ethical responsibilities to all members of society, which allows corporations to exist according to a social contract.
SOCIAL CONTRACT THEORY
that managers have an ethical responsibility to manage a firm for the benefit of all its stakeholders, that is, all individuals and groups that have a stake in, or claim on, a company.
STAKEHOLDER THEORY
Enumeration:
Principles of Technology Ethics
- Proportionality of benefits to risk
- Informed consent to risk
- Justice in distribution of risk with benefits derived to each sub unit
- Minimized risk by the selected option
The good achieved by the technology must outweigh the harm or risk. Moreover, there must be no alternative that achieves the same or comparable benefits with less harm or risk
Proportionality
Those affected by the technology should understand and accept the risks.
Informed Consent
The benefits and burdens of the technology should be distributed fairly. Those who benefit should bear their fair share of the risks, and those who do not benefit should not suffer a significant increase in risk.
Justice
Even if judged acceptable by the other three guidelines, the technology must be implemented so as to avoid all unnecessary risk.
Minimized Risk
Enumeration:
ETHICAL GUIDELINES
- Acting with integrity
- Increasing your professional competence
- Setting high standards of personal performance
- Accepting responsibility for your work
- Advancing the health, privacy, and general welfare of the public
Enumeration:
AITP Standards of Professional Conduct
In recognition of my obligation to my employer I shall:
- Avoid conflicts of interest and ensure that my employer is aware of any potential conflicts.
- Protect the privacy and confidentiality of all information entrusted to me.
- Not misrepresent or withhold information that is germane to the situation.
- Not attempt to use the resources of my employer for personal gain or for any purpose
without proper approval. - Not exploit the weakness of a computer system for personal gain or personal satisfaction.
Enumeration:
AITP Standards of Professional Conduct
In recognition of my obligation to society I shall:
- Use my skill and knowledge to inform the public in all areas of my expertise.
- To the best of my ability, ensure that the products of my work are used in a socially
responsible way. - Support, respect, and abide by the appropriate local, state, provincial, and federal laws.
- Never misrepresent or withhold information that is germane to a problem or a situation
of public concern, nor will I allow any such known information to remain unchallenged. - Not use knowledge of a confidential or personal nature in any unauthorized manner to achieve personal gain.
It is becoming one of the Net’s growth businesses
Cyber-crime
a growing threat to society, is caused by the criminal or irresponsible actions of individuals who are taking advantage of the widespread use and vulnerability of computers and the Internet and other networks. It presents a major challenge to the ethical use of information technologies
Computer crime
also poses serious threats to the integrity, safety, and survival of most business systems and thus makes the development of effective security methods a top priority
Computer crime
Enumeration:
Computer crime is defined by the Association of Information Technology Professionals (AITP) as including :
- the unauthorized use, access, modification, and destruction of hardware, software, data, or network resources;
- the unauthorized release of information;
- the unauthorized copying of software;
- denying an end user access to his or her own hardware, software, data, or network resources; and
- using or conspiring to use computer or network resources to obtain information or tangible property illegally.
This definition was promoted by the AITP in a Model Computer Crime Act and is reflected in many computer crime laws.
Computer crime
in computerese, is the obsessive use of computers or the unauthorized access and use of networked computer systems. Hackers can be outsiders or company employees who use the Internet and other networks to steal or damage data and programs. One of the issues in hacking is what to do about a hacker who commits only electronic breaking and entering, that is, gets access to a computer system and reads some files but neither steals nor damages anything.
Hacking
have at their fingertips a dozen dangerous tools, from “scans” that ferret
out weaknesses in Web site software programs to “sniffers” that snatch passwords
Cyber-thieves
A ________ (also called a black hat or darkside hacker) is a malicious or criminal hacker. Usually a ________ is a person who maintains knowledge of the vulnerabilities he or she finds and exploits them for private advantage, not revealing them to either the general public or the manufacturer for correction.
cracker
Enumeration:
Common Hacking Tactics
- Denial of Service
- Scans
- Sniffer
- Spoofing
- Trojan Horse
- Back Doors
- Malicious Applets
- War Dialing
- Logic Bombs
- Buffer Overflow
- Password Crackers
- Social Engineering
- Dumpster Diving
This is becoming a common networking prank. By hammering a Web site’s equipment
with too many requests for information, an attacker can effectively clog the system,
slowing performance or even crashing the site. This method of overloading computers is sometimes used to cover up an attack.
Denial of Service
Widespread probes of the Internet to determine types of computers, services, and connections. That way the bad guys can take advantage of weaknesses in a particular make of computer or software program.
Scans
Programs that covertly search individual
packets of data as they pass through the Internet, capturing passwords or the entire contents.
Sniffer
Faking an e-mail address or Web page to trick users into passing along critical information like passwords or credit card numbers.
Spoofing
A program that, unknown to the user,
contains instructions that exploit a known vulnerability in some software
Trojan Horse
In case the original entry point has been
detected, having a few hidden ways back makes reentry easy—and difficult to detect.
Back Doors
Tiny programs, sometimes written in the popular Java computer language, that misuse
your computer’s resources, modify files on the hard disk, send fake e-mail, or steal passwords.
Malicious Applets
Programs that automatically dial thousands of telephone numbers in search of a way in through a modem connection.
War Dialing
An instruction in a computer program
that triggers a malicious act.
Logic Bombs
A technique for crashing or gaining control of a computer by sending too much data to the buffer in a computer’s memory.
Buffer Overflow
Software that can guess passwords.
Password Crackers
A tactic used to gain access to computer systems by talking unsuspecting company employees out of valuable information such as passwords.
Social Engineering
Sifting through a company’s garbage to find information to help break into their computers. Sometimes the information is used to make a stab at social engineering more credible.
Dumpster Diving
They can monitor e-mail, Web server access, or file transfers to extract passwords,
steal network files, or plant data that will cause a system to welcome intruders
Hackers
They may also use remote services that allow one computer on a network to execute programs on another computer to gain privileged access within a network.
Hackers
an Internet tool for interactive use of remote computers, can help hackers discover information to plan other attacks
Telnet
The term cracker was coined by ______________ to provide an alternative to abusing the existing word hacker for this meaning. This term’s use is limited (as is “black hat”) mostly to some areas of the computer and security field and, even there, is considered controversial.
Richard Stallman
Many computer crimes involve the theft of money. In the majority of cases, they are inside jobs that involve unauthorized network entry and fraudulent alteration of computer databases to cover the tracks of the employees involved.
CYBER-THEFT