8/13/2019 Ethical Hacking,NV
1/35
ETHICAL HACKING
Managing and Using InformationSystems: A Strategic Approach
ABHINAV PRAKASH-01SIDDHARTH JAIN-26
8/13/2019 Ethical Hacking,NV
2/35
Index
Introduction
Control of information
Theories of business ethics Emerging issues in the ethical governance
Security and control in India
Summary.
8/13/2019 Ethical Hacking,NV
3/35
Ethical
Hacking
Conforming to accepted professional standards of conduct
What is Ethical Hacking
Process of breaking into systems for:
Personal or Commercial Gains
Malicious IntentCausing sever damage to Information & Assets
Also CalledAttack & Penetration Testing,White-hat hacking, Red teaming
White-hat - Good GuysBlack-hatBad guys
8/13/2019 Ethical Hacking,NV
4/35
What is Ethical Hacking
It is Legal
Permission is obtained from the target
Part of an overall security program
Identify vulnerabilities visible from Internet at particularpoint of time
Ethical hackers possesses same skills, mindset and
tools of a hacker but the attacks are done in a non-
destructive manner
8/13/2019 Ethical Hacking,NV
5/35
Defacement Statistics for Indian Websites
Defacement Statistics of January
2010 (TLD)
Domains No of Defacements
.com 206
.org 22
.net 12
.in 327
others 3
Total 570
8/13/2019 Ethical Hacking,NV
6/35
Contd
Defacement Statistics of January 2010 (.in
ccTLD)
Domains No of Defacements
.in 192
.gov.in 27
.co.in 96
.ac.in 3
others 9
Total 327
8/13/2019 Ethical Hacking,NV
7/35
Real World Examples
Blockbuster was chastised by the Wall Street
Journal for its plan to sell customer movie
preference information for targeted marketing
campaigns. Information collected for one purpose shouldnt
be used for another purpose without an
individuals consent.
This example is not illegal but raises issues of
privacy and ethical handling of information.
8/13/2019 Ethical Hacking,NV
8/35
CONTROL OF INFORMATION
8/13/2019 Ethical Hacking,NV
9/35
Area Critical Questions
Privacy What information must a person reveal about ones self to others?What information should others be able to access about youwith
or without your permission? What safeguards exist for your
protection?
Accuracy Who is responsible for the reliability and accuracy of information?
Who will be accountable for errors?
Property Who owns information? Who owns the channels of distribution,
and how should they be regulated?
Accessibility What information does a person or an organization have a right to
obtain, under what conditions, and with what safeguards?
Masons areas of managerial concern.
8/13/2019 Ethical Hacking,NV
10/35
Privacy
Those who possess the best information and
know how to use it, win.
However, keeping this information safe and
secure is a high priority (see previous table ). Privacythe right to be left alone.
Managers must be aware of regulations that are
in place regarding the authorized collection,disclosure and use of personal information.
Safe harbor framework of 2000.
8/13/2019 Ethical Hacking,NV
11/35
Accuracy
Managers must establish controls to
insure that information is accurate.
Data entry errors must be controlled and
managed carefully.
Data must also be kept up to date.
Keeping data as long as it is necessary orlegally mandated is a challenge.
8/13/2019 Ethical Hacking,NV
12/35
Property
Mass quantities of data are now stored onclients.
Who owns this data and has rights to it is
are questions that a manager mustanswer.
Who owns the images that are posted in
cyberspace? Managers must understand the legal rights
and duties accorded to proper ownership.
8/13/2019 Ethical Hacking,NV
13/35
Accessibility
Access to information systems and the data thatthey hold is paramount.
Users must be able to access this data from anylocation (if it can be properly secured and doesnot violate any laws or regulations).
Major issue facing managers is how to createand maintain access to information for society atlarge. This access needs to be controlled to those who have
a right to see and use it (identity theft).
Also, adequate security measures must be in placeon their partners end.
8/13/2019 Ethical Hacking,NV
14/35
NORMATIVE THEORIES OF
BUSINESS ETHICS
8/13/2019 Ethical Hacking,NV
15/35
Introduction
Managers must assess initiatives from an ethicalview.
Most managers are not trained in ethics,philosophy, and moral reasoning. Difficult to determine or discuss social norms.
Three theories of business ethics are examinedto develop and apply to particular challengesthat they face (see Figure ):
Stockholder theory Stakeholder theory
Social contract theory
8/13/2019 Ethical Hacking,NV
16/35
Stockholder Theory
Stockholders advance capital to corporatemanagers who act as agents in advancingtheir ends.
Managers are bound to the interests of theshareholders (maximize shareholdervalue).
Managers duties:
Bound to employ legal, non-fraudulent means.
Must take long view of shareholder interest.
8/13/2019 Ethical Hacking,NV
17/35
Stakeholder Theory
Managers are entrusted with a fiduciaryresponsibility to all those who hold a stake in ora claim on the firm.
Stakeholders are
Any group that vitally affects the corp. survival andsuccess.
Any group whose interests the corp. vitally affects.
Management must enact and follow policies that
balance the rights of all stakeholders withoutimpinging upon the rights of any one particularstakeholder.
8/13/2019 Ethical Hacking,NV
18/35
Social Contract Theory Consider the needs of a society with no
corporations or other complex businessarrangements.
What conditions would have to be met for themembers of a society to agree to allow a
corporation to be formed? Corporations are expected to create more value
to society that it consumes.
Social contract:
1. Social welfarecorporations must produce greaterbenefits than their associated costs.
2. Justicecorporations must pursue profits legally,without fraud or deception, and avoid actions thatharm society.
8/13/2019 Ethical Hacking,NV
19/35
Three normative theories of business ethics.
Theory Definition Metrics
Stockholder Maximize stockholderwealth, in legal and non-
fraudulent manners.
Will this action maximize stockholder
value? Can goals be accomplished without
compromising company standards andwithout breaking laws?
Stakeholder Maximize benefits to allstakeholders while weighing
costs to competing interests.
Does the proposed action maximize
collective benefits to the company? Does
this action treat one of the corporate
stakeholders unfairly?
Social
contract
Create value for society in a
manner that is just and
nondiscriminatory.
Does this action create a net benefit for
society? Does the proposed action
discriminate against any group in particular,
and is its implementation socially just?
8/13/2019 Ethical Hacking,NV
20/35
EMERGING ISSUES IN THE
ETHICAL GOVERNANCE OFINFORMATION SYSTEMS
8/13/2019 Ethical Hacking,NV
21/35
Emerging Issues
Email, instant messaging, and the Internet havereplaced traditional communications but posetheir own set of issues. Many companies are turning to programs that monitor
employees online activities (web sites visited, etc.).
Two distinct spheres in which managers operatewhen dealing with ethical issues: Outward transactions of the business with a focus on
the customer.
Issues related to managing employees andinformation inside the corporation.
8/13/2019 Ethical Hacking,NV
22/35
Many programs are available to
accomplish the monitoring. Employers can exert a higher level of
control over their employees.
Managers must be careful to create anatmosphere that is amenable to IS use.
Ethically, managers are obliged to
consider the welfare of their workers.
8/13/2019 Ethical Hacking,NV
23/35
Some causal connections between identifiedareas of ethical concern.
8/13/2019 Ethical Hacking,NV
24/35
1.Thou shalt not use a computer to harm other people.
2.Thou shalt not interfere with other peoples computer work.
3.Thou shalt not snoop around in other peoples computer files.
4.Thou shalt not use a computer to steal.
5.Thou shalt not use a computer to bear false witness.
6.Thou shalt not use or copy software for which you have not paid.
7.Thou shalt not use other peoples computer resources without authorization.8.Thou shalt not appropriate other peoples intellectual output.
9.Thou shalt think about the social consequences of the program you write.
10.Thou shalt use a computer in ways that show consideration and respect.
Ten Commandments of Computer Ethics
8/13/2019 Ethical Hacking,NV
25/35
SECURITY
ANDCONTROLS IN INDIA
8/13/2019 Ethical Hacking,NV
26/35
Security and Controls Ernst and Young survey suggests that most
companies rely on luck rather than proven IScontrols.
Companies turn to technical responses to dealwith security threats (worms, viruses, etc.).
Managers go to great lengths to make sure thattheir systems are secure. Firewalls, IDS systems, password systems, and more.
Future solutions will include hardware and
software. Managers must be involved in the decisions
about security and control.
8/13/2019 Ethical Hacking,NV
27/35
Information technology act 2008
CERT-In has been formed as a national agency
to perform following functions-
1.Collection, analysis, and dissemination of
information on cyber incidents.2.Forecasts and alerts of cyber security incidents.
3.Emergency measures of handling cyber security
incidents.4. Issuing guidelines, advisories, etc. relating to
information security practices.
8/13/2019 Ethical Hacking,NV
28/35
Services of CERT-In
CERT-In provides-
1.Proactive services in nature of advisories,
security alerts, security guidelines etc.
2.Reactive services so as to minimize
damage when the incident has happened.
8/13/2019 Ethical Hacking,NV
29/35
Incidents handled by CERT-In
during 2008
8/13/2019 Ethical Hacking,NV
30/35
Contd..
8/13/2019 Ethical Hacking,NV
31/35
Contd..
8/13/2019 Ethical Hacking,NV
32/35
Ethics and the Internet
The Internet crosses international boundariesposing challenges that are not readily resolved.
Different cultures, laws, customs, and habitsinsure that different countries police the Internetin very different ways.
Managers face challenges in navigating theirorganizations through the murky waters ofethical use of the Internet.
Example: Free speech and censorship.
India provides for free speech protection, but othercountries do not.
An Internet code of ethics by the IFIP is beingdebated.
8/13/2019 Ethical Hacking,NV
33/35
SUMMARY
8/13/2019 Ethical Hacking,NV
34/35
Summary
1. Ethics is important to the IS field particularly since new
technologies and innovations are arriving at an untoldpace.
2. IS professionals must seek to uphold the ethical handlingand dissemination of information adhering to
international, federal, state, and local laws concerningthe ethical handling of data under their supervision.
3. Improper handling and use of IS can lead not only tointernal organization problems but to legal problems aswell.
4. Dont jeopardize your future by the mishandling of IS
8/13/2019 Ethical Hacking,NV
35/35
Top Related