CONTENT- MODULE 3: SOCIAL, ORGANIZATIONAL AND PERSONAL ISSUES

Objective #2: Computer Crimes

Computer crime.

Computer crime is an act performed by a hacker, or unauthorized individual, who illegally

browses or steals a company's or individuals private information. Computer crime is oftentimes
referred to as cybercrime and e-crime.

Types of computer crimes

1. Propaganda

Propaganda often presents facts selectively (thus lying by omission) to encourage a

particular reaction. It is a form of communication through email, online articles, websites
and other electronic methods, to bias users' attitudes toward supporting a cause. The
information shared is usually partially true. This information is bombarded using many
electronic methods to create the chosen result in users' attitudes.

2. Computer fraud

This is a criminal activity where someone uses a computer to defraud an individual or

organization of money or goods. This could take form in a number of ways, including
program fraud, hacking, e-mail hoaxes, auction and retail sales schemes, investment
schemes and people claiming to be experts on subject areas. Computer fraud can be
difficult to detect because the user committing the crime is very skilled.

3. Industrial Sabotage

This is when an individual(s) cause damage or willfully interfere with a hardware and
software. The “Dark Web” which has become a popular term in technology era, is one in
which unauthorized persons complete industrial sabotage. In this context, unauthorized
entities illegally and unethically obtaining confidential information from individuals or
companies for malicious intents.
4. Computer Viruses

Computer virus is a set of illicit instructions which contaminates other computer

programs in which it comes in contact. Computer viruses can be transmitted via computer
networks, E-mail, bulletin board and through the use of shared files e.g. Thumb
drive/USB flash drive. Computer viruses leads to data corruption. The term "computer
virus" is sometimes used as a catch-all phrase to include all types of malware, including
true viruses.

5. Malware

Malware is software designed to infiltrate or damage a computer system without the

owner's informed consent. The expression is a general term used by computer
professionals to mean a variety of forms of hostile, intrusive, or annoying software or
program code.

6. Electronic Eavesdropping

Electronic eavesdropping is the unauthorized real-time interception of a private

communication, such as a phone call, instant message or videoconference.

7. Cyber terrorism

Cyber terrorism refers to the use of Internet based attacks in terrorist activities, including
acts of deliberate, large-scale disruption of computer networks, especially of personal
computers attached to the Internet, by the means of tools such as computer viruses.
8. Hacking
This is the process of attempting to gain or successfully gaining, unauthorized access to
computer resources. Hacking can take any of the following forms: Website Hacking,
Network Hacking, Ethical Hacking, Email Hacking, Password Hacking, Online Banking
Hacking or Computer Hacking.

9. Identity theft
 This is a crime used to refer to fraud that involves someone pretending to be someone
else in order to steal money, gain access to resources on a computer system or internet; or
get other benefits. The person whose identity is used can suffer various consequences
when he or she is held responsible for the perpetrator's actions.

10. Spoofing

This is an internet attack, in which an unauthorized person or program successfully

pretends to be another, by falsifying data and thereby gaining an unlawful advantage.

An attacker alters his identity so that someone will believe that he/she is someone else.

E-mail spoofing is a term used to describe fraudulent e-mail activity in which the
sender’s address and other parts of the e-mail header are altered to appear as though the
e-mail originated from a different source. E-mail spoofing is a technique commonly used
for spam e-mail and phishing to hide the origin of an e-mail message. For example you
received an email with an Amazon header stating that you won a free gift certificate or
free money, and requires you to click on a link provided to redeem it.

11. Phishing

Is the criminally fraudulent process of attempting to acquire sensitive information such as

usernames, passwords and credit card details by masquerading as a trustworthy entity in
an electronic communication. Communications purporting to be from popular social web
sites, auction sites, online payment processors or IT Administrators are commonly used
to lure the unsuspecting. Phishing is typically carried out by e-mail or instant messaging,
and it often directs users to enter details at a fake website whose look and feel are almost
identical to the legitimate one.

12. Hardware Theft and Vandalism

Hardware theft is the act of physically stealing computer equipment without

authorization.
 Physically defacing or destroying computer equipment is known as hardware
vandalism.

13. Piracy

Software piracy is the illegally using, copying and reselling of software without the
authorization or permission of the software creator. The unauthorized copying may be
done for personal use or business use.

14. Information Theft

This is when criminals (unauthorized persons), popularly known as hackers, use the
Internet or other computer networks to break into a particular computer system in order to
access forbidden information or to cause some damage. Many companies and
organizations that have networked computers use various security measures, such as
firewalls, encryption and authentication methods to protect their computer systems.

15. Spam

Spam is the abuse of electronic messaging systems (including most broadcast mediums,
digital delivery systems) to send unsolicited bulk messages extensively. Spams,
especially those associated with emails, often contain viruses which may cause hacking
to take place, damaging computer systems or corrupting files.
Objective #3: Explain how Information Technology System components can be
threats, vulnerabilities, countermeasures, attacks and compromises to
organizations.

Threat: A threat refers to a new or newly discovered incident that has the potential to bring harm
to a computer system or a company overall.

Threats posed by the Internet such as:

 Providing access to the Internet to employees the organization is exposed to lawsuits

Business organizations should ensure that their employees are staying informed of
current trends in cybersecurity, so they can quickly identify new threats. They should
subscribe to blogs and podcasts that cover these issues. Employees can also attend
workshops and join professional associations so they can benefit from breaking news

feeds, conferences, and webinars.

Organizational heads may designate a central group of employees who are responsible for
risk management and determine the appropriate funding level for this activity. When it
comes to designing and implementing a risk assessment framework, it is critical to
prioritize the most important breaches that need to be addressed. Although frequency
may differ in each organization, this level of assessment must be done on a regular,
recurring basis.

 Viruses and hacking

Viruses are categorized as threats because they could cause harm to an organization,
through exposure to an automated attack, as opposed to one executed by humans. These
threats may be uncontrollable and often difficult or impossible to identify in advance.
Still, certain measures help persons to assess threats regularly, so that they can be better
prepared when a situation does happen.

Organizations can perform regular threat assessments to determine the best approaches to
protecting a system against a specific threat, along with assessing different types of
threats. They can also carry out prototype testing, by modeling real-world threats in order
to discover vulnerabilities.
 Encryption as a two-edged sword

Encryption itself is supposedly a good thing, as the sole purpose for it was to protect
information and computer systems from hackers and unauthorized access. Essentially,
encryption safeguards a user’s identity and privacy. When using encryption, users can
somehow rest assured that phone calls, email messages, online purchases, and other
online activities are safely protected from any potential intruder.

Unfortunately, while encryption was designed for good intentions, it does have a dark
side. Apart from the political issues surrounding the dilemma, cybercriminals have also
used strong encryption methods to develop unbreakable crypto-ransomware variants,
which they use to force victims to pay a ransom fee or lose access to their files. In other
words, they gain access to persons information and resources, blocks them from
accessing or using such information or resources and then in turn, require the owner to
either make payments to regain ownership or worst case does not get back access at all.

 Difficulties experienced by organizations in the disposal of obsolete equipment

There are many methods used by organizations used to dispose of obsolete computer
equipment. These included employee giveaways, donations to charity or disposal to disposal
sites. Obsolete computers are considered toxic waste in many states and must be disposed of
properly.

Federal Environmental Protection Agency (EPA) classifies computer equipment as

hazardous waste—in particular, the cathode ray tubes (CRTs) found in computer monitors.
The latter classification is based on the high concentration of lead found in all cathode ray
tubes. It is important that organizations properly dispose of obsolete equipment, as they are
considered as hazardous waste and should be sent to permitted hazardous waste facility.

These hazardous waste facility in turn, must maintain record of the obsolete equipment to
refrain from getting in conflict with the law.
Objective #4: Describe legal and ethical considerations related to the handling and
management of enterprise information assets

Including:
 Laws
Refers to a system of rules, normally enforced through authorized institutions or government
bodies. Laws serves as primary social mediator in relations between people. The main
difference between laws and ethics is that laws carry the authority of a governing body, and
ethics do not. Ethics in turn are based on cultural values, while some ethical standards are
universal.

 Policies

Information security professionals in organizations, help to maintain security through the

creation and administration of policies. Policies are the guidelines that describe acceptable
and unacceptable employee behaviors in the workplace. Policies in cases, function as
organizational laws, complete with penalties, judicial practices, and sanctions to require
compliance. Because these policies function as laws, they must be crafted and implemented
with the same care to ensure that they are complete, appropriate, and fairly applied to
everyone in the workplace. The difference between a policy and a law, however, is that
ignorance of a policy is an acceptable defense.

 Procedures

A procedure is a specified series of actions, steps or measures which have to be executed in

a repetitive manner in order to always obtain the same or expected pattern result under the
same circumstances (for example, emergency procedures).

Policies and procedures are a set of documents that describe an organization's policies for
operation and the procedures necessary to fulfill the policies. They are often initiated because
of some external requirement, such as environmental compliance or other governmental
regulations. The easiest way to start writing policies and procedures is to interview the users
of the policies and procedures and create a flow chart, task map or work flow of the process
from start to finish. This information can then be represented in a written format. The policy
users can then review this and confirm that the written word matches the flow chart.

 Guidelines
A statement or other indication of policy or procedure by which to determine a course of
action:

 Misuse of information

Misuse of information technology systems may raise concerns about an individual's

trustworthiness, willingness, and ability to protect classified information and systems. It may
be part of a more general pattern of inability or unwillingness to follow rules that should also
be evaluated under the Personal Conduct guideline.

 Manipulation of Information to Give False Representations

This is a method that is used when persons tamper with information, by making changes to
the information delivered based on their interest. The information that is altered normally
misleads the party that accesses or utilizes such information. This gives an impression that is
false from the perspective of the sender and may lead to legal sanctions.

Information that is normally provided, often contain limited facts, as the bulk of the factual
information is often omitted purposefully. This brings about deceit and false representation to
the persons coming in contact with such information. The type of communication that is
created as a result of such deceitful intent is called a deceptive message. This management of
given information by a sender in order to provide a receiver with a perception of that same
information believed to be false by the sender is referred to as information manipulation.
 Identity theft

Is a crime used to refer to fraud that involves someone pretending to be someone else in
order to personal information, such as credit card, banking information or other malicious
access to information. The person whose identity is used can suffer various consequences
when he or she is held responsible for the perpetrator's actions. In many countries specific
laws make it a crime to use another person's identity for personal gain.

 Invasion of privacy

 The wrongful intrusion into a person's private activities by other individuals or by the
government.
 The wrongful intrusion by individuals or the government into private affairs with which
the public has no concern.

 Pharming

Refers to a scamming practice or online fraud, in which malicious code is installed on a

personal computer or server, misdirecting users to fraudulent web sites without their
knowledge or consent.

Pharming (pronounced farming) is a hacker's attack aiming to redirect a website's traffic

to another, bogus website. Pharming can be conducted either by changing the hosts file
on a victim’s computer or by exploitation of a vulnerability in DNS server software. DNS
servers are computers responsible for resolving Internet names into their real addresses
— they are the "signposts" of the Internet.
 References

Dhaypule, T. (2014, July 1). Cyber Terrorism. Retrieved from

https://www.slideshare.net/tejesh002/cyber-terrorism-36520078

Kumar, S. (2016, February 9). Phishing ppt. Retrieved from

https://www.slideshare.net/kranthi0987/phishing-ppt

Masood, S. (2017, Jan 6). Hacking. Retrieved from

https://www.slideshare.net/shariquevicky/hacking-70755233

Warren, E. (1962, November 12). Legal, Ethical, and Professional Issues in Information

Security. Retrieved from

https://www.cengage.com/resource_uploads/downloads/1111138214_259148.pdf