Ethical Hacking,NV

8/13/2019 Ethical Hacking,NV

1/35

ETHICAL HACKING

Managing and Using InformationSystems: A Strategic Approach

ABHINAV PRAKASH-01SIDDHARTH JAIN-26


2/35

Index

Introduction

Control of information

Theories of business ethics Emerging issues in the ethical governance

Security and control in India

Summary.


3/35

Ethical

Hacking

Conforming to accepted professional standards of conduct

What is Ethical Hacking

Process of breaking into systems for:

Personal or Commercial Gains

Malicious IntentCausing sever damage to Information & Assets

Also CalledAttack & Penetration Testing,White-hat hacking, Red teaming

White-hat - Good GuysBlack-hatBad guys


4/35

What is Ethical Hacking

It is Legal

Permission is obtained from the target

Part of an overall security program

Identify vulnerabilities visible from Internet at particularpoint of time

Ethical hackers possesses same skills, mindset and

tools of a hacker but the attacks are done in a non-

destructive manner


5/35

Defacement Statistics for Indian Websites

Defacement Statistics of January

2010 (TLD)

Domains No of Defacements

.com 206

.org 22

.net 12

.in 327

others 3

Total 570


6/35

Contd

Defacement Statistics of January 2010 (.in

ccTLD)

Domains No of Defacements

.in 192

.gov.in 27

.co.in 96

.ac.in 3

others 9

Total 327


7/35

Real World Examples

Blockbuster was chastised by the Wall Street

Journal for its plan to sell customer movie

preference information for targeted marketing

campaigns. Information collected for one purpose shouldnt

be used for another purpose without an

individuals consent.

This example is not illegal but raises issues of

privacy and ethical handling of information.


8/35

CONTROL OF INFORMATION


9/35

Area Critical Questions

Privacy What information must a person reveal about ones self to others?What information should others be able to access about youwith

or without your permission? What safeguards exist for your

protection?

Accuracy Who is responsible for the reliability and accuracy of information?

Who will be accountable for errors?

Property Who owns information? Who owns the channels of distribution,

and how should they be regulated?

Accessibility What information does a person or an organization have a right to

obtain, under what conditions, and with what safeguards?

Masons areas of managerial concern.


10/35

Privacy

Those who possess the best information and

know how to use it, win.

However, keeping this information safe and

secure is a high priority (see previous table ). Privacythe right to be left alone.

Managers must be aware of regulations that are

in place regarding the authorized collection,disclosure and use of personal information.

Safe harbor framework of 2000.


11/35

Accuracy

Managers must establish controls to

insure that information is accurate.

Data entry errors must be controlled and

managed carefully.

Data must also be kept up to date.

Keeping data as long as it is necessary orlegally mandated is a challenge.


12/35

Property

Mass quantities of data are now stored onclients.

Who owns this data and has rights to it is

are questions that a manager mustanswer.

Who owns the images that are posted in

cyberspace? Managers must understand the legal rights

and duties accorded to proper ownership.


13/35

Accessibility

Access to information systems and the data thatthey hold is paramount.

Users must be able to access this data from anylocation (if it can be properly secured and doesnot violate any laws or regulations).

Major issue facing managers is how to createand maintain access to information for society atlarge. This access needs to be controlled to those who have

a right to see and use it (identity theft).

Also, adequate security measures must be in placeon their partners end.


14/35

NORMATIVE THEORIES OF

BUSINESS ETHICS


15/35

Introduction

Managers must assess initiatives from an ethicalview.

Most managers are not trained in ethics,philosophy, and moral reasoning. Difficult to determine or discuss social norms.

Three theories of business ethics are examinedto develop and apply to particular challengesthat they face (see Figure ):

Stockholder theory Stakeholder theory

Social contract theory


16/35

Stockholder Theory

Stockholders advance capital to corporatemanagers who act as agents in advancingtheir ends.

Managers are bound to the interests of theshareholders (maximize shareholdervalue).

Managers duties:

Bound to employ legal, non-fraudulent means.

Must take long view of shareholder interest.


17/35

Stakeholder Theory

Managers are entrusted with a fiduciaryresponsibility to all those who hold a stake in ora claim on the firm.

Stakeholders are

Any group that vitally affects the corp. survival andsuccess.

Any group whose interests the corp. vitally affects.

Management must enact and follow policies that

balance the rights of all stakeholders withoutimpinging upon the rights of any one particularstakeholder.


18/35

Social Contract Theory Consider the needs of a society with no

corporations or other complex businessarrangements.

What conditions would have to be met for themembers of a society to agree to allow a

corporation to be formed? Corporations are expected to create more value

to society that it consumes.

Social contract:

1. Social welfarecorporations must produce greaterbenefits than their associated costs.

2. Justicecorporations must pursue profits legally,without fraud or deception, and avoid actions thatharm society.


19/35

Three normative theories of business ethics.

Theory Definition Metrics

Stockholder Maximize stockholderwealth, in legal and non-

fraudulent manners.

Will this action maximize stockholder

value? Can goals be accomplished without

compromising company standards andwithout breaking laws?

Stakeholder Maximize benefits to allstakeholders while weighing

costs to competing interests.

Does the proposed action maximize

collective benefits to the company? Does

this action treat one of the corporate

stakeholders unfairly?

Social

contract

Create value for society in a

manner that is just and

nondiscriminatory.

Does this action create a net benefit for

society? Does the proposed action

discriminate against any group in particular,

and is its implementation socially just?


20/35

EMERGING ISSUES IN THE

ETHICAL GOVERNANCE OFINFORMATION SYSTEMS


21/35

Emerging Issues

Email, instant messaging, and the Internet havereplaced traditional communications but posetheir own set of issues. Many companies are turning to programs that monitor

employees online activities (web sites visited, etc.).

Two distinct spheres in which managers operatewhen dealing with ethical issues: Outward transactions of the business with a focus on

the customer.

Issues related to managing employees andinformation inside the corporation.


22/35

Many programs are available to

accomplish the monitoring. Employers can exert a higher level of

control over their employees.

Managers must be careful to create anatmosphere that is amenable to IS use.

Ethically, managers are obliged to

consider the welfare of their workers.


23/35

Some causal connections between identifiedareas of ethical concern.


24/35

1.Thou shalt not use a computer to harm other people.

2.Thou shalt not interfere with other peoples computer work.

3.Thou shalt not snoop around in other peoples computer files.

4.Thou shalt not use a computer to steal.

5.Thou shalt not use a computer to bear false witness.

6.Thou shalt not use or copy software for which you have not paid.

7.Thou shalt not use other peoples computer resources without authorization.8.Thou shalt not appropriate other peoples intellectual output.

9.Thou shalt think about the social consequences of the program you write.

10.Thou shalt use a computer in ways that show consideration and respect.

Ten Commandments of Computer Ethics


25/35

SECURITY

ANDCONTROLS IN INDIA


26/35

Security and Controls Ernst and Young survey suggests that most

companies rely on luck rather than proven IScontrols.

Companies turn to technical responses to dealwith security threats (worms, viruses, etc.).

Managers go to great lengths to make sure thattheir systems are secure. Firewalls, IDS systems, password systems, and more.

Future solutions will include hardware and

software. Managers must be involved in the decisions

about security and control.


27/35

Information technology act 2008

CERT-In has been formed as a national agency

to perform following functions-

1.Collection, analysis, and dissemination of

information on cyber incidents.2.Forecasts and alerts of cyber security incidents.

3.Emergency measures of handling cyber security

incidents.4. Issuing guidelines, advisories, etc. relating to

information security practices.


28/35

Services of CERT-In

CERT-In provides-

1.Proactive services in nature of advisories,

security alerts, security guidelines etc.

2.Reactive services so as to minimize

damage when the incident has happened.


29/35

Incidents handled by CERT-In

during 2008


30/35

Contd..


31/35

Contd..


32/35

Ethics and the Internet

The Internet crosses international boundariesposing challenges that are not readily resolved.

Different cultures, laws, customs, and habitsinsure that different countries police the Internetin very different ways.

Managers face challenges in navigating theirorganizations through the murky waters ofethical use of the Internet.

Example: Free speech and censorship.

India provides for free speech protection, but othercountries do not.

An Internet code of ethics by the IFIP is beingdebated.


33/35

SUMMARY


34/35

Summary

1. Ethics is important to the IS field particularly since new

technologies and innovations are arriving at an untoldpace.

2. IS professionals must seek to uphold the ethical handlingand dissemination of information adhering to

international, federal, state, and local laws concerningthe ethical handling of data under their supervision.

3. Improper handling and use of IS can lead not only tointernal organization problems but to legal problems aswell.

4. Dont jeopardize your future by the mishandling of IS


35/35

Ethical Hacking,NV

Documents

Transcript of Ethical Hacking,NV