Presentation on theme: "1.8 Malpractice and Crime In this section you must be able to: Explain the consequences of malpractice and crime on information systems. Describe the possible."— Presentation transcript:
1.8 Malpractice and Crime In this section you must be able to: Explain the consequences of malpractice and crime on information systems. Describe the possible weak points within information technology systems. Describe the measures that can be taken to protect information technology systems against internal and external threats. Describe the particular issues surrounding access to, and use of the Internet, e.g. censorship, security, ethics.
Malpractice Malpractice is bad practice concerned with actions within the company or organisation caused by own staff not following procedures Malpractice is usually the breaking of rules that are set internally In legal terms, malpractice is equated with negligence For example, company procedures might require that people log off when they go away from their desks – not to do so wouldn’t just a crime, just bad practice.
Consequences of Malpractice Examples of malpractice or negligence could result in: Breaches of security – e.g. poor password procedure, incorrectly configured firewalls, disclosing details about security, etc. Poor quality products and service – e.g. if your software wasn’t tested properly Legal action for giving bad advice or inappropriate support For individual concerned it could result in dismissal or expulsion for gross misconduct
Crime Crime is concerned with illegal activities These are frequently caused by people from outside the organisation Illegal activities are defined by laws – these are set externally Examples would include breaches of the Data Protection, Computer Misuse, or Copyright, Designs and Patents Act
Consequences of Crime Computer crimes are looked at in 1.9: Hacking Fraud and Theft of money Theft of sensitive information Creation of viruses and logic bombs Misuse of copyrighted materials Misuse of personal data
Weak Points of Information Systems Weak points of IT systems include: Their susceptibility to worms, viruses, break-ins (i.e. unauthorised entry), software errors and hardware failures – technological weaknesses Human weaknesses – errors, greed, memory, laziness, malicious intent – operational weaknesses
Internal Threats to ICT Systems Internal threats come from, or occur, inside the organisation, e.g.: –Hardware failure –Faulty procedures –Natural disasters –Loss of data through failure to backup, etc. –Dishonesty of employees –Human error – e.g. in data entry
External Threats to ICT Systems External threats come from, or occur, outside the organisation, e.g.: –Failure of communications links, service providers, etc. –Hackers – either deliberately attempting to cause the company harm, or just inquisitive amateurs –Viruses –Denial of service attacks
The Internet The internet raises issues surrounding: Censorship – what should people be allowed to do and see? Security – how can the security threats posed by the internet be minimised? Ethics – how can ethical use of the internet be ensured?
Regulation of the Internet One of the biggest issues with the internet is to do with its regulation The internet isn’t really a single entity – it isn’t owned by any one company or country, and it isn’t even located in one country Technical standards appear to be generally well-defined and adhered to, including the use of domain names, protocols and coding/scripting Some would argue that content is less well regulated
Ethics and Crime The international nature of the internet poses several problems: What is illegal in one country might not be illegal in another – for example it is illegal to send junk mail from the EU or USA, so most of it now comes from China – but is it ethical? What constitutes offensive material in one culture might be acceptable in another – standards of decency might vary considerably between, say, Europe, Japan and the Islamic world
Censorship Generally there are two main reasons for censorship: –To protect vulnerable or impressionable people from harm – e.g. film certification –To stifle free speech and prevent criticism of the regime that’s doing the censoring Examples of internet censorship include: –Internet filtering in schools and other organisations –Google in China (and also Germany!)
Filtering the Internet E-mail and access to web-pages and services can sometimes be filtered There are two methods of filtering: –Black list filtering – in this case there is a list of sites that cannot be viewed or e-mail addresses that cannot be used –White list filtering – where only web-sites on the list can be viewed, and e-mail can only be sent to certain addresses (e.g. school e-mail!)
Why Filter? What sort of things should be filtered? –Pornography? –Racist material? –Material helpful to terrorists? –Web-pages with swear words on? –Sexist jokes? Should a filtered internet service aimed at schools block: –The Next web-site? –Video clips of people dying?
Privacy Issues Should teachers or employers look at your e- mails or what you’ve been doing on the internet? –Some would say that this is an invasion of privacy –Some would say that work or school facilities should only be used for work purpose and therefore your messages are their property –A school or employer might have a duty of care to protect individuals who: Might be bullying or being bullied Might be vulnerable or susceptible to abuse
Case Study You work in a school’s ICT department, and one Monday morning you turn on the printers and out comes some porn. What do you do? –Check the audit log to see which student it was! –It turns out to be a member of staff! –Do you check to see what else they’ve been looking at? –It turns out that they’ve been searching for “young girls in panties” –Do you tell anyone?