PST SC015 Chapter 4 Comp. Ethics and Security 2017/2018

1
Chapter Four
4.1 Computer Ethics
4.1.1 Netiquette
4.1.2 Areas of computer ethics
4.2 Computer Security
4.2.1 Computer Security Risks
4.2.2 Security Measures
Computer Ethics and Security

2
4.1 Computer Ethics
Netiquette Netiquette is code of acceptable behaviors
users should follow while on the Internet
Area of
Computer
Ethics
Computer ethics are the moral guidelines that
govern the use of computers and information
system
Areas of Computer Ethics
1. Information Accuracy
2. Green Computing
3. Codes of Conduct
4. Information privacy
5. Intellectual Property

3
4.1.2 Computer Security
Computer Security Risk / Threat Security Measure / Safeguard
A computer security risk is any event
or action that could cause a loss of or
damage to computer hardware,
Types of computer security risk
1. Malicious code
2. Unauthorized access and used
3. Hardware theft
4. Software theft
5. Information theft
6. System failure
Ways to overcome security risks
Types of security measure
1. data backup
2. cryptography
3. Anti-virus
4. Anti-spyware
5. Firewall
6. Physical access control
7. Human aspects : awareness
8. Related security risks with its
measure

1
Chapter Four
4.1.1 Netiquette
At the end of this topic, students
should be able to:
a) Identify the rules of netiquette

• is code of acceptable behaviors users
should follow while on the Internet
• is short for net etiquette, refers to etiquette
on the internet
• is the term for politeness when using the
internet
• Good netiquette involves respecting other’s
privacy
• Golden Rule: Treat others as you would
like them to treat you. 2
Netiquette

Netiquette includes rules for all areas of
the Internet, including:
• World Wide Web
• E-mail
• Instant Messaging
• Chat Rooms
• File Transfer Protocol
• Newsgroups and Message boards.
3
Netiquette Areas

4
1. Keep Messages brief : Use proper grammar, spelling, and punctuation.
2. Be careful when using sarcasm and humor : it might be misinterpreted.
3. Be polite : Avoid offensive language.
4. Read the message before you send it.
5. Be clear : Make sure subject lines (email) or page title (web page) reflects your
content
6. Avoid sending or posting flames : which are abusive or insulting messages.
7. Do not participate in flame wars, which are exchanges of flames.
8. Identify yourself
9. Respect other’s privacy
Netiquette
Rules While Using E-mail, Chat Room and Newsgroup

5
10. Avoid sending spam, which is the Internet’s version of junk mail.
Spam is an unsolicited e-mail message or newsgroup posting sent
to many recipients or newsgroups at once.
11. Do not use all capital letters, which is the equivalent of
SHOUTING!
11. Clearly identify a spoiler , which is a message that reveals a
solution to a game or ending to a movie or program
12. Use emoticons to express emotion. Popular emoticons include;
:) Smile :| Indifference :o Surprised
:( Frown : Undecided
13. Use abbreviations and acronyms for phrases:
btw - by the way imho - in my humble opinion
fyi - for your information ttfn - ta ta for now
fwiw - for what it’s worth tyvm - thank you very much
Rules While Using E-mail, Chat Room and Newsgroup
Netiquette

6
14. Read the FAQ (Frequently Asked Questions) .
15. Do not assume material is accurate or up-to-date.
16. Never reads others e-mails.
Netiquette

1
Chapter Four
4.1.2 Areas of Computer Ethics
should be able to:
a) Define computer ethics
b) Describe areas of computer ethics

Define Computer Ethics
4
2
Computer ethics are the moral guidelines
that govern the use of computers and
information system.

4
2
Areas Description
Information
accuracy
is a concern : not all information on the web is
correct
Green computing involves reducing the electricity and environmental
waste while using a computer
Codes of conduct is a written guideline that helps determine wether a
specific computer action is ethical or unethical
Information
privacy
refers to the right of individuals and companies to
deny or restrict the collection and use if information
about them
Intellectual
property
Intellectual property - unique and original works
Intellectual property rights - are the rights to which
creators are entitled for their work

4
3
1.Information Accuracy
Information accuracy is a concern
● not all information on the web is correct

4
4
2. Green Computing
● involves reducing the electricity and
environmental waste while using a
computer

4
5
1 Use computers and devices that comply with
*ENERGY STAR program
2 Do not leave the computer running overnight
3 Turn off the monitor, printer, and other devices when
not in use
4 Use LCD monitors instead of CRT monitors
5 Use paperless methods to communicate
* ENERGY STAR Program was created to help identify the best ways to save
energy. The little blue label says this product, this home, this building or factory
is doing the right things to save. And energystar.gov offers the most
comprehensive resource available for energy efficiency advice and information.
2. Green Computing : Suggestion

4
6
6 Recycle paper
7 Buy recycled paper
8 Recycle toner cartridges
9 Recycle old computers, printers and other
devices
10 Telecommute to save gas
11 use video conferencing and VoIP for meetings
2. Green Computing : Suggestion

4
7
3. Code of Conduct
● An IT code of conduct is a written
guideline that helps determine whether
a specific computer action is ethical or
unethical

4
8
1 Computers may not be used to harm other people
2 Employees may not interfere with others’ computer
network
3 Employees may not meddle in others’ computer files
4 Computers may not be used to steal
5 Computers may not to bear false witness
6 Employees may not copy or use software illegally
7 Employees may not use others’ computer resources
without authorization
3. Code of Conduct

4
9
7 Employees may not use others’ computer resources
without authorization
8 Employees may not use others’ intellectual property as
their own
9 Employees shall consider that social impact of
programs and system they design
10 Employees always should be use computers in way
that demonstrates consideration and respect for fellow
human
3. Code of Conduct

4
10
4. Information Privacy
● refers to the right of individuals and
companies to deny or restrict the
collection and use if information
about them
● Huge database store data online
● It is important to safeguard your
information

4
11
How to Safeguards Personal Information
1 Fill in only necessary information on rebate, warranty, and registration
forms
2 Do not reprint your telephone number or Social Security number on
personal checks
3 Have an unlisted or unpublished telephone numbers
4 if caller ID is available in your area, find out how to block your number
from displaying on the receiver’s system
5 Do not write your telephone number on charge or credit receipts
6 Ask merchants not to write credit card numbers, telephone numbers,
Social Security numbers and driver’s license numbers on the back of
your personal checks

4
12
7 Purchase goods with cash, rather than credit or checks
8 Avoid shopping club and buyer cards
9 If merchants ask personal questions, find out why they want to know
before releasing the information
10 Inform merchants that you do not want them to distribute your
personal information
11 Request in writing to be removed from mailing list
12 Obtain your credit report once a year from each of the three major
credit reporting agencies and correct any errors
13 Request a free copy of your medical records once a year from the
Medical Information Bureau

4
13
14 Limit the amount of information you provide to websites. Fill in only
required information.
15 Install a cookie manager to filter cookies.
16 Clear your history file when you are finished browsing.
17 Set up a free email account. Use this e-mail address for merchant
forms.
18 Turn off file and printer sharing on your Internet connection.
19 Install a personal firewall.
20 Sign up for email filtering through your Internet access provider or use
an anti-spam program such as Brightmall.
21 Do not reply to spam for any reason.

4
14
Terms Description
Cookie Are used to identify users by webcasting, e-
commerce and other web application.
Eg : store users’ password
Spam Unsolicited email sent to a consumer without
the consumer's prior request or consent
E-mail
filtering
Blocks email messages from designated
sources
Anti-spam
programs
attempt to remove spam before it reaches
your inbox
4. Information Privacy : Terms

4
15
Terms Description
Phishing An act of sending an email and claiming to be
legitimate organization but is not genuine or
fake.
Pharming Is a cyber attack: redirect users to a fake
website
Spoofing Technique that make their network or Internet
transmission appear legitimate to a victim
computer or network. Includes : email
spoofing, IP spoofing
4. Information Privacy : Terms

4
16
5. Intellectual Property
● Intellectual property (IP) - unique and
original works (Eg : ideas, inventions,
arts, writings, products, logos)
● Intellectual property rights - are the
rights to which creators are entitled for
their work

4
17
5. Intellectual Property : Importance
The importance Intellectual property
● to protect the original creation from
individuals
● to preserve features and process that
make thing work (inventor will therefore
benefits - get a profit, from their work)

4
18
5. Intellectual Property : Types
Types of IP Description
Patent A patent is an exclusive right granted for an invention,
which is a product or process that provides a new way of
doing something, or offers a new technical solution to a
problem
Trademark A trademark is a word, phrase, symbol, or design that
distinguishes the goods or services of one trader from its
competitors. It includes words, logos, pictures, names,
letters, numbers or a combination of these
Copyright A legal term that describe the right given to the creator for
their literary and artistic works.Copyrights protect
original works of authorship, such as literary works, music,
dramatic works, pantomimes and choreographic works,
sculptural, pictorial, and graphic works, sound recordings,
artistic works, architectural works, and computer software.

1
Chapter Four
4.2.1 Computer Security Risk
should be able to:
a) Define computer risks
b) Identify types of security risks

●A computer security risk is any event or
action that could cause a loss of or
damage to computer hardware,
software, data and information.
2
Computer Security Risk

3
Types of Computer Security Risk
Types Description
Malicious code Program that act without user’s knowledge and
deliberately alter the computer’s operation
Unauthorized
access and used
Unauthorized access : the use of a computer or
network without permission
Unauthorized use : is the use of a computer or its data
for unapproved or possibly illegal activities
Hardware theft The act of stealing computer equipment
Software theft Occurs when someone steal software media /
intentionally erase programs / illegally copies a
program / illegally registered and/or activates a
program
Information theft Occurs when someone steals personal or confidential
information
System failure Is the prolonged malfunction of a computer

4
4
Category Description
Hackers illegally accessed computers to learn more about them,
or to find security holes in the computer or the network
to which it’s attached
Crackers refers to a person who intentionally accesses a
computer, or network of computers, for evil reasons –
typically, with the intent of destroying and/or stealing
information
Script Kiddies have very limited computer skills and can be quite
immature
Perpetrator
● a person who carries out a harmful illegal or immoral activity
● a cyber crime is any intentional breach in computer security via the
Internet, or some other illegal act facilitated by the Internet

4
5
Terms Description
Corporate Spies have excellent network skills and are hired to break
into a specific computer and steal property data and
information, or to help identify security risks in their
own organization
Unethical
Employees
break into their employers’ computers for a variety of
reasons, some simply want to exploit a security
weakness and others seek financial gains from
selling confidential information
Cyber
Extortionist
use e-mails as vehicles for extortion
Cyberterrorist uses the internet or network to destroy or damage
computers for political reasons
Perpetrator

● Classified as malware (short for
malicious software)
● Malware : program that act without
user’s knowledge and deliberately
alter the computer’s operation
6
1. Malicious Code

7
1. Malicious Code : Type
Types Description
Virus Affects a computer negatively by altering the way computer
works
Worm Copies itself repeatedly, using up resources and possibly
shutting down the computer or network
Trojan
Horse
Programs that hides within or looks like a legitimate
program
Rootkit Program that hides in a computer and allows someone from
a remote location to take full control
Spyware Exploits infected computers for commercial gain or
information theft without user knowledge
Ad-ware Software that display advertisements

8
1. Malicious Code : Type
Types Description
Botnet is a group of compromised computers (known as
zombie) connected to a network
Denial of services
(DoS attack)
Disrupts computer access to Internet services
Back Door Is a program or set of instructions in a program
that allow users to bypass security control
Spoofing Is a technique intruders use to make their network
or internet transmission appear legitimate

● OS runs much slower than usual
● Available memory is less than expected
● Files become corrupted
● Screen displays unusual message or image
● Music or unusual sound plays randomly
● Existing programs and files disappear
● Programs or files do not work properly
● Unknown programs or files mysteriously appear
● System properties change
● OS does not start up
● OS shuts down unexpectedly 9
1. Malicious Code : Symptom

10
1. Malicious Code : Effect
Type Effect
Trojan Horse
Virus
Worm
● Affects computer negatively by
alter the computer’s operation to
cause damage to computer
Spyware
Ad-ware
Rootkits
Botnet
Denial of Services
Phishing
Spoofing
Pharming
● Enable access to a computer or
areas of its software without user
knowledge
● Purpose information theft
● Attack Network and Internet

● Never start a computer with removable media
inserted in the drives or plugged in the ports,
unless the media uninfected
● Never open an e-mail attachment unless you are
expecting it and it is from a trusted source
● Install an antivirus program on all of your
computers. Update the software and the virus
signature files regularly
● Scan all downloaded programs / removeable
media for viruses or other malware
● Install a personal firewall 11
1. Malicious Code : Tips for Preventing

● Use firewall : Firewall is a hardware / software that
protect a network’s resources from intrusion by
users on another network (Eg : Internet)
● Install an Intrusion Detection Software (IDS) : IDS
is used as an alternative for building a shield
around the network
● Set-up honeypots : designed to attract the hackers
to attack the system
● Install anti-virus
● Backup regularly (Human aspect awareness)
● Install anti-spyware 12
1. Malicious Code : Security Measure

● Unauthorized access : the use of a computer or
network without permission
Unauthorized use : is the use of a computer or its
data for unapproved or possibly illegal activities
13
2. Unauthorized Access and Use

● Use access control - defines who can access a
computer
➔ Identification : process to verifies the validity of a
user (Eg : username)
➔ Authentication : process to verifies the individuals
is the person he/she claims to be (Eg : password)
● Physical access control : lock the doors, windows, store
in locked drawer
● Digital access control : lock screen by using password
● Human aspect awareness : don’t click / open suspicious
web, email, spam (to avoid phishing and pharming) 14
2. Unauthorized Access and Use : Security
Measure

● Authentication : process where users verify their identity
➔ Biometric device : device that translates personal
characteristics into a digital code
➔ Callback system : the checking system that
authenticates the user
● Verification : the act of proving or disproving the
correctness of a system with respect to a certain formal
specification
➔ User identification : something you know (have to
remember) such as PIN number or password
➔ Possessed object : something you have (an object)
such as ATM card, credit card, smart card
15
2. Unauthorized Access and Use :
Authentication and Verification Technologies

● Hardware theft : is the act of stealing
computer equipment
● Hardware vandalism : is the act of
defacing or destroying computer
equipment
16
3. Hardware Theft

● Physical access awareness
➔lock room / cabinet / drawer
➔Install alarm system
● Digital access control
➔use password, possessed object,
biometric device
17
3. Hardware Theft : Security Measure

● Software theft occurs when someone
➔Steal software media
➔Intentionally erases programs
➔Illegally copies a program
➔Illegally registers and/or activates
a program
18
4. Software Theft

● Human aspect awareness : use license
agreement, lock software media in
drawer
● Physical access control : lock room
19
4. Software Theft : Security Measure

● Information theft occurs when someone
steals personal or confidential
information
20
5. Information Theft

● Cryptography : to avoid spoofing
● Physical access control : to avoid stealing
hardware
● Scan by using anti-virus regularly : to avoid
malware, spyware, adware, rootkits
● Install anti-spyware : to avoid malware, spyware,
adware, rootkits
● Use access control : such as identification and
authentication
● Human aspect awareness : don’t click / open
suspicious web, email, spam (to avoid phishing
and pharming)
21
5. Information Theft : Security Measure

● System failure is the prolonged
malfunction of a computer
● Factors that can lead to system failure :
➔Aging hardware
➔Natural disaster : such flood,
earthquake, fire
➔Electrical power problems : noise,
undervoltages and overvoltages
➔Errors in computer program 22
6. System Failure

● Data backup
● Human aspect awareness :
➔ Use AVR (Automatic Voltage Regulator) : to
maintain constant voltage and power line
➔ Use UPS (Uninterruptable Power Supply) :
provides emergency power to a load when the
input power source or mains power fails
➔ Surge protector : shields computer and other
electronic devices from sudden power in electrical
power, or transient voltage, that flow from the
power supply
➔ Put your computer in safe/lock place, schedule
maintenance
23
6. System Failure : Security Measure

1
Chapter Four
4.2.2 Security Measure
should be able to:
a) Identify different ways to overcome
security risks

2
Types of Security Measure
Types Description
Data Backup is a duplicate a file, program or disk (in another storage)
that can be used if the original is lost, damaged or
destroyed
Cryptography the technology study of encryption and decryption
process (for secure communication)
Antivirus program that protects computer against viruses.
Anti spyware
Program
a software to detect and remove unwanted spyware
programs.
Firewall is hardware / software that protects a network’s
resources from intrusion.
Physical
Access
Control
refers to the ability of people to physically gain access to
a computer system

● Internet and Network attack
● Unauthorized access and used
● Theft : Hardware / software / Information
● System failure
3
Security Measure
Common Security Risk

● A backup is a duplicate a file, program or disk that
can be used if the original is lost, damaged or
destroyed
● To backup file means to make a copy of it
● Offsite backups are stored in a location separate
from the computer site
● Common security risk :
➔ Hardware theft
➔ Software theft
➔ Information theft
➔ System failure 4
Security Measure
1.Data Backup

● to protect information on the internet and networks,
organizations and individuals use a variety of encryption
techniques (written or generated codes that allows
information to be kept secret)
● Cryptography is the study of encryption and decryption
process (for secure communication)
➔ Encryption : converting readable data (plaintext) into
unreadable characters (ciphertext)
➔ Decryption - converting unreadable data (plaintext)
to its original data (plain text)
➔ Unauthorized access and used
6
Security Measure
2. Cryptography

7
Security Measure
2. Cryptography : Diagram

● Use to safeguard computer system from viruses and other
malware
● Antivirus program - program that protects computer
against viruses by identifying and removing any
computer viruses found in memory, on storage media or
incoming files
● Popular antivirus program - Kaspersky antivirus, Avast
antivirus, CA antivirus, McAfee antivirus, AVG antivirus
➔ Malicious code
➔ Internet and network attack 9
Security Measure
3. Antivirus

● Is a type of software that is designed to detect and
remove unwanted spyware programs.
● Spyware is a type of malware that is installed on a
computer without the user's knowledge in order to
collect information about them.
● Eg : Bitdefender, Norton Security, Spy Sweeper
➔ Internet and network attack
11
Security Measure
4. Anti Spyware

● Firewall is hardware / software that protects a network’s
resources from intrusion. Eg : Windows firewall, Norton
Personal Firewall
● Ensure all the network device and system protect by the firewall
system that already installed by network administrator
➔ Unauthorized access and used
➔ Internet and network attack
13
Security Measure
5. Firewall

14
Security Measure
4. Comparison Firewall, IDS and
Honeypot
Firewall Intrusion Detection
Software (IDS)
Honeypot
● Analyzes all
network traffic
● assesses system
vulnerabilities
● Identifies any
unauthorized
intrusion
● Notifies network
administrators of
suspicious
behaviour pattern or
system breaches
● Vulnerable
computer that is set
up to entice the
hackers to attack
the system

● cabinets with lock, locked doors and
windows - to protect software media from
being stolen
● installing alarm system for additional
security
● attach physical security devices such as
cables that lock equipment to desk
● issue users license agreement to protect
software from piracy 16
Security Measure
6. Physical Access Control

● Hardware theft
● Software theft
● Information theft
● System failure
17
Security Measure
6. Physical Access Control : Common Security
Risk

● cabinets with lock, locked doors and windows - to
protect software media from being stolen
● installing alarm system for additional security
● attach physical security devices such as cables that
lock equipment to desk
● issue users license agreement to protect software
from piracy
● Expose employees or staff to computer security
through continuously security training and courses
● Make a systematic routine check to update (security
patches, virus definition) a computer system
● proper handling of computer and information
18
Security Measure
7. Human Aspect Awareness

● Internet and network attack
● Malicious code
● Hardware theft
● Software theft
● Information theft
● System failure
19
Security Measure
7. Human Aspect Awareness : Common Security Risk

20
Security Measure
8. Relate Security Risks With Its Measure
Security Risk / Threat Recommended Security Measure/ Safeguard
Malicious code (Virus,
Worm, Trojan)
Install and scan by using Anti-virus regularly,
install and scan by using Anti-spyware, install and
turn on Firewall, Human aspect awareness
Unauthorized access and
use
Physical access control, Use access control
Human aspect awareness
Hardware theft Physical access control, Human aspect awareness
Software theft Physical access control, Human aspect awareness
Information theft Cryptography, Physical access control
Install and scan by using Anti-virus regularly, install
and scan by using Anti-spyware,
Human aspect awareness
System failure Data backup regularly, Human aspect awareness

PST SC015 Chapter 4 Comp. Ethics and Security 2017/2018

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à PST SC015 Chapter 4 Comp. Ethics and Security 2017/2018

Similaire à PST SC015 Chapter 4 Comp. Ethics and Security 2017/2018 (20)

Plus de Fizaril Amzari Omar

Plus de Fizaril Amzari Omar (20)

Dernier

Dernier (20)

PST SC015 Chapter 4 Comp. Ethics and Security 2017/2018