mis 21 security and ethical challenges
DESCRIPTION
The presentation of 'Management Information System' subject of TEIT under 'University of Pune' INDIA. Author and Teacher: Tushar B Kute http://www.tusharkute.com [email protected]TRANSCRIPT
MANAGEMENT INFORMATION SYSTEM
Third Year Information Technology
Part 21 Security and Ethical Challenges
Tushar B Kute,Sandip Institute of Technology and Research Centre, Nashikhttp://www.tusharkute.com
SECURITY AND ETHICAL CHALLENGES
SecurityEthics andSociety
Employment Privacy
Health
Individuality
Crime
WorkingConditions
OBJECTIVE OF INFORMATION SECURITY Confidentiality Availability Integrity
COMPUTER CRIME
Hacking
UnauthorizedUse at work
CyberTheft
Piracy
ComputerViruses
ETHICS IN INFORMATION SOCIETY
Responsibility Accepting potential costs, duties and
obligations for your decisions. Accountability
Determining who should take responsibility for decisions and actions.
Liability Legally placing responsibility with a person
or group.
FAIR INFORMATION PRACTICES PRINCIPLES
There should be no personal record systems whose existence is secret.
Individuals have rights of access, inspection, review and amendment to systems that contain information about them.
There must be no use of personal information for purpose other than those for which it was gathered without prior consent.
FAIR INFORMATION PRACTICES PRINCIPLES
Managers of the system are responsible and can be held accountable and liable for the damage done by system for their reliability and security.
Government have right to intervene in the information relationship among private parties.
PROPERTY RIGHTS: INTELLECTUAL PROPERTY
It is result of someone’s effort to create a product of value based on their experience, knowledge and education. In short, intellectual property is brain power. E.g. Copyrights, patents and trade secrets.
Accountability, liability and control. Data quality and system errors.
QUALITY OF LIFE
Online technology lost the face-to-face contact.
On-line love affairs. Work from home, impact to the family
life.
COMPUTER CRIME
Any wrong doing involves computer and internet usage.
Often defies detection The amount stolen or diverted can be
substantial The crime is “clean” and nonviolent The number of IT-related security
incidents is increasing dramatically Computer crime is now global
MANAGEMENT ACTIONS: A CORPORATE CODE OF ETHICS
The information rights to privacy and freedom.
The property rights to individuals ideas and efforts.
The accountability, liability and control issues involved in technology.
The system quality requirements of businesses and individuals.
The quality of life impact of technology.
CYBER CRIME
Conventional crime or an offence is a legal wrong that can be followed by criminal proceedings which may result into punishment.
Cyber Crime may be said to be those species where computer is an object or subject of the conduct constitutional crime.
Unlawful act wherein the computer is either a tool or target or both.
REASONS FOR CYBER CRIME
Capacity to store data in comparatively small space.
Easy to access. Complex Negligence. Loss of evidence.
CYBER CRIMINALS
Children and adolescents between the age group of 6 – 18 years.
Organized hackers. Professional hackers/crackers. Discontinued employees.
MODE AND MANNER OF COMMITTING CRIME
Denial of Service
Scans
Sniffer Programs
Spoofing
Trojan Horse
Back Doors
Malicious Applets
War Dialing
Logic Bombs
Buffer Overflow
Password Crackers
Social Engineering
Dumpster Driving
CLASSIFICATION
Against individuals Against individual property Against organization Against society at large
AGAINST INDIVIDUALS
Harassment via emails. Cyber stalking Defamation Email spoofing Cheating and fraud
AGAINST INDIVIDUAL PROPERTY
Computer vandalism Transmitting viruses. Intellectual property crimes Internet time thefts
AGAINST ORGANIZATION
Unauthorized access / control. Possession of unauthorized information Distribution of pirated software Cyber terrorism
AGAINST SOCIETY AT LARGE
Trafficking Financial crimes Polluting youth through indecent
exposure Sale of illegal articles Online gambling
STATUTORY PROVISIONS
Information technology act 2000 forced on 17th May 2000. legalizing- Indian penal code 1860 The Indian evidence act 1872 The banker’s book evidence act 1891 The reserve bank of India act 1934.
The IT act deals with the various cyber crimes in chapters IX and XI. The important sections are 43, 65, 66, 67.
Section 43 deals particularly with unauthorized access, unauthorized downloading, virus attacks or any contaminant, causes damage, disruption, denial of access, interference with the service availed by a person.
IT ACT
Section 65- tampering with computer source documents. It provides imprisonment upto 3 years or fine.
Section 66- hacking the computer system It provides imprisonment upto 3 years or fine.
Section 67- publication of obscene material. It provides imprisonment upto 10 years and fine upto 2 lakhs.
PREVENTION OF CYBER CRIME
Precaution Prevention Protection Preservation Perseverance
PREVENTION OF CYBER CRIME
Avoid disclosing any information pertaining oneself.
Avoid sending any photographs online, particularly to strangers and chat with strangers.
Use latest and updated antivirus. Always keep backup volumes. Never send your credit card number to any
site. Always keep watch on the sites that children
are accessing. Use security programs for coockies.
PREVENTION OF CYBER CRIME
Website owners should watch traffic and check any irregularity on the site.
Use the firewalls.
HACKING
The process of achieving access to computer or computer network administrator. It is the most common activity amongst teenagers and young adults.
It is an offence if hackers steal private information of changes some financial data. All the types of unauthorized access can lead the hacker towards the prison for 20 years.
CYBER THEFT
It is the use of computers and communication systems to steal information in electronic format. E.g. bank money transfers.
Programs used- worm and trojan horses.
Reports- Microsoft platform strategy manager Matthew
Hardman said social networking sites like Facebook, are among the most commonly targeted because of their huge communities of user concluding by saying the malicious code may be hidden inside Facebook applications or links under the photographs.
SOLUTION OF CYBER THEFT
Antivirus Anti-spywares Firewalls Cryptography Cyber ethics Cyber laws
SOFTWARE PIRACY
It refers to the unauthorized duplication and use of computer software.
According to a survey done jointly by BSA and IDC the highest piracy rate comes from Armenia, with piracy rate of 93%. China and India are at No. 17 and No. 41 respectively, with 82% and 69% of recorded Software Piracy rates. The lowest piracy rate, according to survey, is observed in USA, at 20%. However, the statistics gave rise to a wide criticism citing lack of accuracy.
TERMS RELATED TO PIRACY
Cloning: Ideas can not be copy protected. Crack: modification of software in order to
remove encoded copy prevention. Cracker: Undertakes disabling the software
protection. Hack: Fix, or bug workaround. Hacker: One, who hacks. Hardware Locking: method of protecting
software from duplication by locking the license to specific piece of computer hardware.
TERMS RELATED TO PIRACY
KeyGen or Key Generator: a small program that will generate an unauthorized but working registration key or serial number for the piece of software.
Serials: This unique is used to unlock the version of the software.
Warez: Another term used for software crack.
SOFTWARE PIRACY
It is illegal to- Use a single licensed version on multiple
computer. Preloaded software on computers without
providing the appropriate licenses. Use a key generator to generate
registration key that turns an evaluation version to licensed version.
Use a stolen credit card to fraudulently purchase a software license.
Post licensed version of a software product on the Internet and make it available for downloading.
SOFTWARE PIRACY IN INDIA
The copyright of computer piracy is protected under the Indian copyright Act of 1957.
Copyright protection for software with an individual author lasts for the duration of the author’s life and continues 60 years after the author’s death.
According to nasscom, software piracy involves the use of reproduction or distribution without having received the expressed permission of the software author.
FORMS OF SOFTWARE PIRACY
End user piracy. Hard disk loading. Software counterfeiting. Internet piracy.
SOFTWARE COPYRIGHTS
Eligibility: The original software work does not have
to be published in order to receive copyright protection.
Punishment: Under the Indian copyright act, a software
pirate can be tried under both civil and criminal law. The minimum jail term for software copyright infringement is seven days, and maximum is three years. Fine from 50,000 to 2,00,000.
COPYRIGHT
It is set of exclusive rights granted by the law of jurisdiction to the author or creator of an original work, including right to copy, distribute and adapt to work.
It is applied for specific period of time, after which the work is said to enter in public domain.
Copyright infringement is the unauthorized or prohibited use of works under copyright, infringing the copyright owner’s exclusive rights, such as right to reproduce or perform the copyrighted work, or to make derivative work.
COPYRIGHT ACTS 1957
India has one of the modern copyright protection laws in the world.
"computer programme" means a set of instructions expressed in words, codes, schemes or in any other form, including a machine readable medium, capable of causing a computer to perform a particular task or achieve a particular result;
EXCLUSIVE RIGHTS GIVEN IN COPYRIGHT ACT
To reproduce the work in any material form including the storing of it in any medium by electronic means.
To issue copies of the work to the public not being copies already in the circulation.
To perform the work in the public or communicate it to the public.
To make any cinematographic film or sound recording in respect of work.
To make any translation of the work. To make any adaptation of the work. To sell or give on commercial rental or offer for sale
or for commercial rental any copy of the program.
BERNE CONVENTION
WIPO COPYRIGHT TREATY
The World Intellectual Property Organization Copyright Treaty, abbreviated as the WIPO Copyright Treaty, is an international treaty on copyright law adopted by the member states of the World Intellectual Property Organization (WIPO) in 1996.
It provides additional protections for copyright deemed necessary due to advances in information technology since the formation of previous copyright treaties before it.
UNIVERSAL COPYRIGHT PREVENTION
The UCC was developed by United Nations Educational, Scientific and Cultural Organization as an alternative to the Berne Convention for those states which disagreed with aspects of the Berne Convention, but still wished to participate in some form of multilateral copyright protection.
These states included developing countries and the Soviet Union, which thought that the strong copyright protections granted by the Berne Convention overly benefited Western developed copyright-exporting nations, and the United States and most of Latin America.
PATENT
A patent is a set of exclusive rights granted by a state (national government) to an inventor or their assignee for a limited period of time in exchange for a public disclosure of an invention.
Under the World Trade Organization's (WTO) Agreement on Trade-Related Aspects of Intellectual Property Rights, patents should be available in WTO member states for any inventions, in all fields of technology, and the term of protection available should be the minimum twenty years.
PATENTS
In many countries, certain subject areas such as business methods and mental acts are excluded from patents.
The exclusive rights granted to a patentee in most countries is the right to prevent others from making, using, selling or distributing the patented invention without permission.
PATENTS FORCED IN 2000
US Patent
HEALTH ISSUES
Eye disease Bad postures Hurting Hands Computer stress injuries
COMPUTER ERGONOMICS
REAL WORLD PICTURE
COMPUTER ERGONOMICS
COMPUTER ERGONOMICS
COMPUTER ERGONOMICS1. Use a good chair with a dynamic chair back and sit back.2. The eye-level should be the same as the level of the monitor.
You should be able to see the contents in the monitor without bending your neck.
3. No glare on screen, use an optical glass anti-glare filter where needed.
4. Sit at arms length from monitor as a good viewing distance.5. Feet on floor or stable footrest.6. Use a document holder, preferably in-line with the computer
screen.7. Wrists flat and straight in relation to forearms to use
keyboard/mouse/input device.8. Arms and elbows relaxed close to body.9. Top of monitor casing 2-3" (5-8 cm) above eye level.10. Use a negative tilt keyboard tray with an upper mouse
platform or downward tiltable platform adjacent to keyboard.11. Center monitor and keyboard in front of you.12. Use a stable work surface and stable (no bounce) keyboard
tray.
USE OF KEYBOARD
USE OF MOUSE
USE OF MOUSE
THE ACM CODE OF PROFESSIONAL CONDUCT
Strive to achieve the highest quality, effectiveness, and dignity in both the process and products of professional work
Acquire and maintain professional competence
Know and respect existing laws pertaining to professional work
Accept and provide appropriate professional review
Give comprehensive and thorough evaluations of computer systems and their impacts, including analysis of possible risks
THE ACM CODE OF PROFESSIONAL CONDUCT (CONTINUED)
Honor contracts, agreements, and assigned responsibilities
Improve public understanding of computing and its consequences
Access computing and communication resources only when authorized to do so
REFERENCES
http://en.wikipedia.org Arpita Gopal, Chandrani Singh, “e-World Emerging
Trends in Information Technology” , 1st Edition, Excel Books.
http://www.nasscom.in
Tushar B Kute,Sandip Institute of Technology and Research Centre, Nashikhttp://www.tusharkute.com