CHAPTER 1: ETHICS AND STANDARDS Network Security Ethics (NTC 1012) by HYGM
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
CHAPTER 1:
ETHICS AND STANDARDS
Network Security Ethics (NTC 1012) by HYGM
Objectives
Describing on what is ethics and network security aspects.
Explanations on the existing security and standard in network system.
prepared by HYGM
prepared by HYMG
Ethics In Network Security
- The word "ethics" is derived from the Greek word ethos (character), and from the Latin word mores (customs).
- Together, they combine to define how individuals choose to interact with one another.
- In philosophy, ethics defines what is good for the individual and for society and establishes the nature of duties that people owe themselves and one another.
ETHICS??
ETHICS - DEFINITION
The study of what it means to “do the right thing” based on moral guidelines that govern
the use of network resources and services
prepared by HYGM
ETHICS (cont)
- Though law often embodies ethical principals, law and ethics are far from co-extensive.
- Many acts that would be widely condemned as unethical are not prohibited by law -- lying or betraying the confidence of a friend, for example.
"Being ethical is doing what the law requires."
prepared by HYGM
Ethics and Internet
• Communication knows no physical boundariesInterconnected globe humming with electronic transmissions – a chattering planet nestled in provident silence of space
“every person everywhere”• The Internet has a number of striking features. It is
instantaneous, immediate, worldwide, decentralized, interactive, endlessly expandable in contents and outreach, flexible and adaptable to a remarkable degree
• Anyone with the necessary equipment and modest technical skill can be an active presence in cyberspace
prepared by HYMG
Security Concerns in Electronic Environment
not while data transfer over public / privatemedia only, but while storage as well.
Ethics and Internet
prepared by HYMG
Confidentiality Integrity Availability
prepared by HYMG
Classes of Ethical Problems
• Personal Intrusion• Privacy• Morality• Deception• Security• Access• Intellectual Property• Ownership and control• Technology and social responsibility
- Network ethics covers ethical issues faced by a computer professional as well as relationship with and responsibilities toward customers, clients, coworkers, employees, employers and other users.
- Most professions have highly detailed and enforceable codes for their respective memberships.
- In some cases these are spoken of as "professional ethics," or in the case of law, "legal ethics“.
- For example, the American Medical Association (http://www.ama-assn.org/) has the Principles of Medical Ethics and the American Bar Association (http://www.abanet.org/) has the Model Rules of Professional Conduct (http://www.law.cornell.edu/ethics/aba/index.htm).
Ethics In Network Security
prepared by HYMG
prepared by HYMG
- Other professions with codes include dentistry, social work, education, government service, engineering, journalism, real estate, advertising, architecture, banking, insurance, and human resources management.
- Some of these codes have been incorporated into the public law. All are likely to have some effect on judgments about professional conduct in litigation. Generally, failure to comply with a code of professional ethics may result in expulsion from the profession or some lesser sanction.
Ethics In Network Security
prepared by HYMG
Terminology
Code of Conduct
Policy
A set of rules outlining the responsibilities of a proper practices for an individual/organization.- Guidelines that help determine if a specific action is ethical/unethical.
Formal set of statements that define how the network resources are to be allocated among its clients network based.
prepared by HYMG
ACTIVITY
prepared by HYMG
Scenarios
• Preeti has walked away from a lab computer without logging off. Arjun sits down and, still logged in as Preeti, sends inflammatory e-mail messages out to a number of students and posts similar messages on the class newsgroup
• A secretary on the campus of a tax-supported university has been requested to give her staff password to her supervisor. The supervisor would like to check the secretarys e-mail when she is not at work to see if departmental-related mail is coming in. The secretary is not comfortable giving her password to her supervisor,but is afraid to say no.
prepared by HYMG
• Tina's e-mail is being diverted and sent out to her entire class. The messages are quite personal and Tina is very embarrassed
• Maria figures out that when she is logged into the server she can look at others' directories, make copies of files, and deposit new files. The operating system was designed to allow this functionality so that people could share their work. Mr. Farham objects when he observes Maria poking around in another student's directory. But Maria responds by saying, "If the system allows me to do it and there's no specific rule against it, what'sthe problem?"
Scenarios
prepared by HYMG
•Alice had a report to write on acid rain. She used several sources -- books, magazines, newspaper articles, and an electronic encyclopedia. She listed all these sources in her bibliography at the end of the report. She found the encyclopedia to be the most convenient source because she could highlight portions of the text and paste them into her word processing document
• Nurli really enjoys music but doesn't have much money to buy new CDs. He notices that the public library has a lot of CDs and decides to check them out. Once Joy has the CDs at home he realizes that he can burn the CDs and keep copies for himself.
Scenarios
prepared by HYMG
Who Should Act?
• Government• Regulatory Authority• Organizations• Educators• Parents• Individuals
prepared by HYMG
Professional Bodies In Malaysia-Examples
Profession ProfessionalsDoctor - Persatuan Perubatan MalaysiaLawyer - Majlis Peguam MalaysiaEngineer - Lembaga Jurutera MalaysiaArchitect - Pertubuhan Arkitek MalaysiaAkauntan - Institut Perakaunan MalaysiaKaunselor - Persatuan Kaunseling Malaysia
prepared by HYMG
Standardization and Auditing
• Need for StandardizationE.g HIPAA, ISO 17799, BS7799
• Auditing• Policy of the organization
prepared by HYMG
Association for ComputingMachinery (ACM)
This Code, consisting of 24 imperatives formulated as statements of personal responsibility, identifies the elements of such a commitment
GENERAL MORAL IMPERATIVES• Contribute to society and human well-being• Avoid harm to others.• Be honest and trustworthy.• Be fair and take action not to discriminate• Honor property rights including copyrights and patent• Give proper credit for intellectual property• Respect the privacy of others• Honor confidentiality
prepared by HYMG
Users Responsibility
• That Which is Not Yours• Sharing that Which is Yours• Protecting that Which is Yours
prepared by HYMG
BREAK
prepared by HYMG
CHAPTER 1 ADDITIONAL:
INTERNET SECURITY AND LEGAL CHALLENGES
prepared by HYMG
Introduction
The law plays a critical part in IT security and organizations need to manage legal risks proactively to avoid legal liability.
Some of the key legal issues relate to digital evidence management, compliance with prevailing legislation and the need to take into account privacy rules and personal data protection.
Digital evidence management is a critical aspect of e-security management and the success of criminal prosecution is dependent on successful digital evidence management.
IT and Computer Security professionals need to work closely with law enforcement agencies closely.
prepared by HYMG
Computer Crime Legislation
In most countries there are laws against accessing, altering or preventing authorized access to electronically stored data without proper authorization.
This is because it deals with 3 pillars of protection and attack: confidentiality, integrity and availability.
Example of the laws available are US Digital Millennium Copyright Act, in Malaysia there are Communications and Multimedia Act 1998, Malaysian Communications and Multimedia Commission Act 1998, Digital Signature Act 1997, Computer Crimes Act 1997 and Telemedicine Act 1997
prepared by HYMG
Digital Evidence
Log Files: critical form of evidence to prove that a criminal intrusion has taken place – hearsay evidence and not admissible in court.
Assist system admin to determine who did what and when on a system.
Provide reliable and relevant evidence
Example of the convergence of the law and IT security.
prepared by HYMG
Legal Liability Avoidance
• IT security professionals working with their legal counterpart (lawyer & judge) must ensure that the organization they work for are not exposed to legal liabilities which will typically result in higher cost for the company. This is because it is a primary concern for all organization.
• Examples of legal liabilities: ‘pirated’ software, data leaking, staff misuse of IT facilities for hacking or virus spread and etc.
prepared by HYMG
• An explicit warning should strengthen the legal case against intruders because their continued use of the system after viewing the warning implies that they acknowledge the security policy and give permission to be monitored.
• Log in messages however may be an effective way to ensure that all the users of a system are aware of the company’s security policy.
Legal Liability Avoidance (cont)
prepared by HYMG
Personal Data Protection & Privacy
• Another example of the role of law in IT security is the area of personal data protection and the need to ensure privacy.
• IT security professionals typically have full access to the system and the capability to view the contents of user’s actions.
• The best way to carry out this kind of job is limiting what the security professional needs to know to only those things necessary to implement and enforce the security policy, debug problems etc.
prepared by HYMG
Personal Data Protection & Privacy (cont)
• Some law in certain countries may place a legal obligation on the part of administrators not to exceed the limits of what they monitor failing which it may raise legal liability issues on the part of the organization.
• Therefore should IT Security professionals become aware of any form illegal activity on the network or system, they may in turn have a legal obligation to ensure security and will need to investigate and report it, or stop the activity itself if it violates security policy.
prepared by HYMG
Incident Handling
• The collection of evidence during incident handling is a constant for IT Security professionals and they need to understand the role of law.
• This is because computer data is volatile and so easily modified and sensitive to damage, it maybe quite difficult to preserve the integrity of evidence in order for it to be successfully presented in court.
prepared by HYMG
Incident Handling (cont)
• The defense can easily cast doubt on the evidence by looking at when it is collected, who was in charge of it, where it was stored and so on.
• Very important here is that the quality of evidence will be critical and this would include factors such as the location of the program or data, its timestamp and accessibility.
prepared by HYMG
Incident Handling (cont)
• A better strategy in this matter is to copy logs and any other relevant files to read-only media like a CD.
• Data treated in this manner after a crime will carry a much greater weight in court than data from a system that was compromised and continued to be left in operation.
prepared by HYMG
Relationship with Law Enforcement Agencies
• When an incident takes place, IT professionals should carry out certain checks before calling the law enforcement officers to ensure that no obstacles are created during the investigation process.
• As a general practice, it is important to do one’s own investigation of before contacting the law enforcement agencies.
prepared by HYMG
Relationship with Law Enforcement Agencies(cont)
• This is because the IT professionals would have all the relevant information that is needed for an initial interview with the investigating agencies.
• They can save a lot of time investigating, should they trace any irregularities or inconsistency by looking at the logs and by asking the administrator of the machines to examine their logs initially. Example of this can be related to an attack on the organizations’ IT system.
prepared by HYMG
Problem Statement 1()
• As a newly employed System Administrator of Perunding NWS (M) Sdn Bhd, you are responsible for ensuring that all computers, servers, network devices, and any other types of computing devices that you support comply with all published standards. This includes educating your supported users about their role in securing their computing devices and data. Conduct a research on various Security & Standards in Network System to simplify your task.
prepared by HYMG
Problem Statement 1()
Security & Standard In Network System
DefinitionCategories/Types
Importance/BenefitsExample of standard
Ethical issuesEtc.
Physical security Network device SecurityWireless Network Security Operating System SecurityDatabase security
Related Documents
![Chapter 1: Qlik Sense Self-Service Model€¦ · Qlik Sense. Graphics Chapter 1 [ 4 ] Graphics Chapter 1 [ 5 ] Graphics Chapter 1 [ 6 ] Graphics Chapter 1 [ 7 ] Chapter 3: Security](https://static.cupdf.com/doc/110x72/603a754026637d7e176f5238/chapter-1-qlik-sense-self-service-model-qlik-sense-graphics-chapter-1-4-graphics.jpg)
![Chapter 1: Getting Started with Alteryx · Chapter 1 [ 42 ] Chapter 4: Writing Fast and Accurate. Chapter 1 [ 43 ] Chapter 1 [ 44 ]](https://static.cupdf.com/doc/110x72/5e903c60f316447eb43c0e7a/chapter-1-getting-started-with-alteryx-chapter-1-42-chapter-4-writing-fast.jpg)
