Social & professional issues in IT

Current Topics In Computer
Technology
Social & Professional Issues In IT
Rohana K Amarakoon
B.Sc (SUSL), MBCS (UK), MBA (AUS-Reading)

Content
1. Why We Need Ethics & Culture
2. Social & Professional Issues (Vulnerability Disclosure)
3. Social & Professional Issues (SPAM)
4. Social & Professional Issues (E-MAIL SCAMS)
5. Social & Professional Issues (HACKING)
2PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)

Content
6. Social & Professional Issues (VIRUSES & WORMS)
7. Social & Professional Issues (Conflict of Interest)
8. Social & Professional Issues (Prevention)
9. Expected Outcomes

• Ethics
Company has a general sense of ethics that drives the policies it sets
• Moral
Accepted from an authority, usually cultural or religious
• Policy
Provides the framework in which a company’s employees are to act in response to
various situations
• Law
Is a separate matter from ethics
• Culture
Mixture of norms, standards, and expectations for members of a community

Evaluate Ethics of an Organization
• Formal Ethics
Opinion or perceptions officially written and share among employees.
• Informal Ethics
Describe a body of information that is either not written down or poorly
documented, but that nevertheless is consistently and powerfully held in an
organization.
• Ethical Leadership
Positive or Negative ethical Leadership.

2. Social & Professional Issues (Vulnerability
Disclosure)
VULNEERABILITY NON- DISCLOSURE
• Sign nondisclosure agreement
• Non will report vulnerability details to the outside (general public)
• Motivation – keep system away from intruders till the fixes are done

Disclosure)
VULNEERABILITY NON- DISCLOSURE
• Can you really control information? – Adopting nondisclosure policies
• Advantages
1. Nondisclosure empowers management
2. Control over information within the organization
• Four main reasons to consider this as bad
1. Leaked or simultaneously discovered
2. Not discovered publicly admins do not have Opportunity
3. No pressure for S/W vendors
4. Difficulty of selecting trusted individuals
• The black hat community – Vulnerability issues and organizations
They practice policy of nondisclosure

Disclosure)
VULNEERABILITY FULL-DISCLOSURE
• The process of broadly disseminating as much information as possible regarding
product or system vulnerabilities so that potential victim’s possess the same
information as the potential attackers
• Revealing of all vulnerability details including the technical details and scripts
prior to patches, which fix the vulnerabilities.

Disclosure)
VULNEERABILITY FULL-DISCLOSURE
• Potential victims are aware when
1. Implementing IDS
2. Shutting down some vulnerable services
3. System admins activities
4. Product reviews from programmers of the vendor
• Ethically handling system vulnerabilities – Who do you notify
• Performing full disclosure – How much do other know already?

Disclosure)
ETHICAL DUTY TO WARN
• Writers exposing system weaknesses – Should you disclose all information?
• Instilling public fear with full disclosures – Err on the side of caution
PATCH DEVELOPMENT
• Detecting and fixing product vulnerabilities
1. Taking the market advantage – Should you communicate?
2. Combining system fixes with security patches – Adding more risk?

Disclosure)
RESPONSIBLE DISCLOSURE PLANS
• The purpose of “responsible disclosure” is to allow customers of a vendor
product ample time to protect their systems from exploitation and attack.
• The primary goal is to minimize that period of time to reduce the occurrence of
attack
1. The Fisher Plan, Government disclosure – Is it necessary? (Dennis Fisher)
2. The responsible disclosure forum – Should one be created?

Disclosure)
RESPONSIBLILITY FOR VULNERABILITY REPORODUCTION
1. Vendor coordination
2. Determining a deadline for repair based on the severity of the vulnerability
3. Fix vulnerabilities within the set timeline
4. coordinating a public disclosure
5. Issue financial compensation to the discoverer

SPAM
spamming is the use of electronic messaging systems to send unsolicited messages
(spam), especially advertising, as well as sending messages repeatedly on the same
site.
Spam can be used to spread computer viruses, trojan horses or other malicious
software. The objective may be identity theft.
How to avoid SPAM emails
• Tuning the spam filter – False positive
• Research grade spam killers & blacklists – Do they work?

4. Social & Professional Issues (E-MAIL
SCAMS)
E-MAIL SCAMS
Email scam is an unsolicited email that claims the prospect of a bargain or
something for nothing. Some scam messages ask for business, others invite victims
to a website with a detailed pitch. Many individuals have lost their life savings due
to this type of fraud. Email scam is a form of email fraud.
MONITORY GAIN
• Help me move my money from my country – Government must set tone
• Free Credit Report e-mail – Can you tell the difference
• eBay and PayPal scams – You should be more aware ?

SCAMS)
What should you do if you’ve received a scam email?
• Do not click on any links in the scam email.
• Do not reply to the email or contact the senders in any way.
• If you have clicked on a link in the email, do not supply any information on the
website that may open.
• Do not open any attachments that arrive with the email.

SCAMS)

HACKING
Hacking is the practice of modifying the features of a system, in order to
accomplish a goal outside of the creator's original purpose.
The person who is consistently engaging in hacking activities, and has accepted
hacking as a lifestyle and philosophy of their choice, is called a hacker.
Computer hacking is the most popular form of hacking nowadays, especially in the
field of computer security, but hacking exists in many other forms, such as phone
hacking, brain hacking, etc. and it's not limited to either of them.

HACKING
• Hacking for business warfare – Is it just part of the business?
• Giving it to the distributed denial of service “Hacktortionists” – Do you pay?
• Hacking for educations – Is it just about learning?
• OS attacks – Go after the bad guys?
• Cracking screen saver password – Should you or shouldn’t you?
• Spoofing – Does it serve a purpose?

http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

6. Social & Professional Issues (VIRUSES &
WORMS)
VIRUSES
A computer virus is a malware program that, when executed, replicates by
inserting copies of itself (possibly modified) into other computer programs, data
files, or the boot sector of the hard drive; when this replication succeeds, the
affected areas are then said to be "infected“.
WORMS
A computer worm is a standalone malware computer program that replicates itself
in order to spread to other computers. Often, it uses a computer network to spread
itself, relying on security failures on the target computer to access it. Unlike a
computer virus, it does not need to attach itself to an existing program.

6. Social & Professional Issues (VIRUSES &
WORMS)
VIRUSES & WORMS
• Virus development for profit – Is it appropriate?
• Bounty hunters for virus writers – A Deterrent?
• Acceptable virus tolerance level – Is there one?
• System crashes – Should you reformat the HD?
• Attacking attackers – Go on the offense?
• Bypassing alerts – Never a good idea

7. Social & Professional Issues (Conflict of
Interest)

Interest)
CONFLICTS OF INTEREST

Interest)

Interest)
• Crossing the audit line too far – Should you offer solutions?
• Disclosing Referral fees – Must you tell?
• Receiving gifts as an auditor – Should you decline?
• Relationships with Management – Will it affect the results?
• Using audit information – When is it okay?
• Divulging audit information to the Competition – What about your reputation?

ENCRYPTION
Encryption is the most effective way to achieve data security.
To read an encrypted file, you must have access to a secret key or password that
enables you to decrypt it.
Unencrypted data is called plain text ; encrypted data is referred to as cipher text

ENCRYPTION

ENCRYPTION
• Backup keys – Are they necessary?
• VPN encryption – Utilize for personal gain?
• Sending unencrypted documents – Should it ever occur?
• Victim of industrial espionage – Who’s responsible?
• Is industrial espionage ethical – Common behavior?
• Law enforcement & viewing irrelevant data – Do you have a contingency plan
• Selling encryption tools globally – Did you do the research?

ENSURING INFORMATION SECURITY IN THE PERSONAL LEVEL
• Lying to clients regarding corporate security – Is this ever a good idea?
• Handling evidence on Personnel – A difficult situation
• Security reprimands Contractors vs. Personnel – Treat equally?

CODING PRACTICES
• Bad code – Whose problem is it?
• Weak code – Is it ever OK?
• Correct use of memory – Fixed vs. Dynamic
• Ethical use of system resources – Are you using or abusing privileges?
• Redoing code due to management changes – Should you do it?
• Staying current with coding-practices – What if it is not in your schedule?
• Commenting code – When is it OK not doing it?
• Omitting code comments for job security – Should you play the game?
• Pseudocode – Is it worth your time?

CODE MAINTENANCE
• Modifying a secure design of a program – Is it ever appropriate?
• Affecting overall quality of a program – What is acceptable?
CODE REVIEW
• Lazy reviewers – Do you do it?
• Following standards – How strict you should be?
• Automated code review – Do you trust the software or yourself?

ETHICAL RESPONSIBILITY
• Confidentiality
• Availability
• Integrity
• Communication
INTERNET SERVICE PROVIDER CUSTOMER SERVICE
• Updates of ISP software – Should you download what you need?
• Pop-up advertising – Should ISP’s be responsible for blocking them?
• ISP – Updating your OS?
• ISP blocking email – Do you have a choice?

BUSINESS ETHICS OF OTHERS
• Personal & Professional business – When it is not separated?
• Overhead conversations – What should you report?
• Deliberately misconduct – Should you blow the whistle?
• Disgruntled employees – What if you think there is a reason to worry?
JOB PERFORMANCE OF OTHERS
• Skipping standard operation procedure – When your coworker does it
• Reporting errors – What about when it’s your first day?
• Warning unheard – When you raise an issue that is ignored?

Expected Outcomes
• Understand about the why social and professional issues in IT
• Understand about the nature and challenges to overcome the social and
professional issues in IT
• Get to know about what are the ways that individuals, organizations and
regulatory bodies could prevent such issues happen again and again
• Study about how we could work under proper environment and avoid social and
professional issues.

Thank You!

Social & professional issues in IT

More Related Content

What's hot (20)

Similar to Social & professional issues in IT (20)

More from Rohana K Amarakoon (20)

Recently uploaded (20)

Social & professional issues in IT