Topic 4: Explain the concepts of information systems

security and privacy in an organization

✓Identify security threats to organization

information and information systems
✓Describe techniques for data security and
privacy
✓Describe ethical issues related to the use
of information systems in an organization

212
 Security threats to organization information
and information systems

• A threat is an object, person, or other entity that

represents a constant danger to an asset. The
management should ensure that information is
given sufficient protection through policies, proper
training and proper equipment. Consistent
reviews and better information security can be
provided by recognizing and ranking the threats to
the information.

213
 Security threats to information
and information systems
• Information security is the protection of information
systems and hardware that use, store, and transmit
information. Security is quality or state of
information.
• The Information Technology System is affected by
a number of factors, which make it ineffective and
inefficient. The IT systems may be harmed by a
variety of factors which can also be referred to as
threats.
214
 Security threats to information
and information systems
The threats to Information Technology
systems can broadly be classified into the
following
• Security Threats from the use of IT Systems
• Security Threats against IT systems
• Viruses
• Computer Criminals.
215
 Security threats to information
and information systems
• Security Threats from the use of IT Systems.
Like a gun, a knife or a car is used by intruders/thieves
for communicating a crime, the IT equipment's may
also be used by a certain people to commit an illegal
act. Crimes such as using a computer to siphon money
from bank accounts or manipulating electricity bills are
examples of how IT systems can be used in committing
crimes
216
 Security threats to information and
information systems
• Security Threats against Information System
These threats covers the crimes committed against
the information technology equipment’s such as
computers, communication, etc. The crime may
include theft of:
(i)The theft of hardware can range from shoplifting
an accessory in a computer store who stealing
laptop or notebook from a car or cables in a
communication system.
217
Security threats to information
and information systems
(ii)The theft of Software can also range from
physical stealing the floppy diskettes or CD’s
of software to copying the software for illegal
purposes.
(iii)The theft of Data and Information may
include stealing or accessing confidential
corporate data, credit card numbers, stealing
personal records data.
218
 Security threats to information
and information systems
(iv)The theft of computer time and services is
another crime against IT system. Employees
using the computer of their employer for
playing games, taking print outs, internet
access for personal gains.

219
 Security threats to information
and information systems
• Viruses
Viruses and worms are forms of high-tech threats. A computer virus is a
type of malicious software that attaches itself to files or programs and
spreads when the infected files or programs are executed. It is designed to
destroy or corrupt data, systems, or both, and is created by ill-intentioned
programmers.
A computer worm, on the other hand, is a standalone malicious program
that replicates itself to spread to other computers, often through
networks. It can also replicate repeatedly in memory or onto storage
devices, such as hard drives or floppy disks, until no more space remains.
Examples of viruses include Jerusalem, Monkey, Natas, I Love You, and
Trojan.

220
 Security threats to information
and information systems
• Computer Criminals
The outsiders may comprise hackers, crackers and professional computers
criminals.
(i) Employees by virtual having knowledge and access to the organizational
system pose a greater threat to the computers and communication
system. Dishonest and disgruntled employees can play havoc with a
system.
(ii)Hackers are people who gain unauthorized access to the IT system for
the challenge. These are people enjoys the challenge of breaking into
computers without the knowledge of the user.

221
 Security threats to information
and information systems
(iii) Crackers are individuals who gain
unauthorized access to IT systems with the sole
purpose of carrying out malicious activities. They
deliberately bypass or remove protection
mechanisms in computer systems to perform
harmful actions such as destroying data, stealing
financial information, or pirating software. The
primary aim of crackers is to steal or destroy
information without the user's consent.
222
 Security threats to information
and information systems
iv)Professional Computer Criminals This is another
category of people who pose threat to the IT
Systems. They use IT systems for Illegal purpose.
The IT has been used by these professional
criminals for activities such as transfer funds, forge
documents, and for terrorism acts. For example
several cases have been registered for printing
forged currency, immigration papers, education
degrees, driving licenses etc.

223
 Techniques for data security and
privacy
The tools and techniques employed to tackle
cyber security concerns are:
i. Authentication is a key cybersecurity
technique used to verify a user's identity
through stored credentials. Common methods
include passwords and unique ID numbers,
such as those in SIM cards, which are
transmitted securely for identification.
224
 Techniques for data security and
privacy
ii. Encryption secures data by making it
unreadable without the correct decryption key.
Breaking encryption involves solving complex
mathematical problems, like factoring large
primes, which require significant computing
power and time.

225
 Techniques for data security and
privacy
• There are two main types of encryption:
symmetric encryption, where the
same key is used for both encryption
and decryption, and asymmetric
encryption, which uses a public key for
encryption and a private key for
decryption.

226
Example: Asymmetric encryption is used in secure
communication like online banking and sending
sensitive emails, ensuring that only the intended
recipient can read the information, even if the
message is intercepted.
• In summary, encryption is a way to protect data
by turning it into unreadable code, and it’s
commonly used in two forms: symmetric
encryption (same key for both locking and
unlocking) and asymmetric encryption (two keys:
one public and one private).

227
 Techniques for data security and
privacy
iii. Digital signatures work using the same math
algorithms as asymmetric encryption. They allow a
user to prove they have a private key by encrypting
information with it. Anyone can verify the user’s
identity by using the public key to decrypt the
information. This process is the opposite of how public
key encryption works, as it assumes only the
authorized user has the private key. Digital signatures
help confirm that a message or document truly comes
from the person it claims to be from.
228
Example: Imagine you’re sending a contract to someone,
and you want to prove it’s really from you and hasn’t been
tampered with. A digital signature is like an electronic
stamp that guarantees it’s from you and hasn’t been altered.
1.Signing the Document:
You use your private key (a secret password only you
know) to "sign" the document, proving it’s from you.
2.Sending the Document:
You send the signed document to your friend, business
partner, or recipient.
3.Verifying the Signature:
The recipient uses your public key (available to anyone) to
check if the document truly came from you and hasn’t been
changed since you signed it.
229
 Techniques for data security and
privacy
iv. Anti-virus
Computer viruses are harmful programs that execute
unwanted actions without the user's consent. Anti-
virus software performs two main functions: it prevents
viruses from installing on a system and scans for viruses
that may already be present. While most viruses target
the Windows operating system due to its popularity,
Apple and Linux users can also be affected by viruses
specifically designed for those platforms.
230
 Techniques for data security and
privacy
(v) Firewall
Is a security system that blocks unauthorized
access to a computer while it's connected to the
internet. It prevents hackers from gaining access
either directly or through other networks. Most
operating systems come with a built-in firewall that
is turned on by default. If the default firewall isn't
strong enough or interferes with legitimate
activities, users can opt for commercial firewalls
for better protection.
231
 Techniques for data security and
privacy
• A firewall acts like a barrier between
your computer and the internet,
allowing safe data to pass while blocking
harmful traffic.
• Built-in firewalls are usually sufficient
for basic protection, but more advanced
options are available if needed.
232
Fraud and associated cybercrimes

Fraud is a broad term that includes words

like scam, con, swindle, extortion, hoax, and
cheat, among others. It can be committed
against both individuals and businesses.
Cybercrime, a type of fraud, refers to any
illegal activity involving computers and
networks (such as hacking) and also includes
traditional crimes that are carried out online,
like fraud committed through the Internet.
233
Fraud and associated cybercrimes
• A cyber attack is an attempt to commit a
cybercrime. Visiting harmful websites without
protection can lead to malware infections. To
stay safe, you should always have antivirus
software and a firewall. Be cautious and avoid
cybercriminals who try to exploit you for
financial gain.

234
 Types of Cybercrime
Common Types of Cybercrime and How
to Deal with Them.
Cybercrimes involve the use of
computers, the internet, or computer
technology to commit illegal activities.
Here are some common types of
cybercrime:

235
Types of Cybercrime
• Identity Theft
Stealing someone’s personal information to commit
fraud, open accounts, or gain unauthorized access to
their financial resources.
• Example: A criminal using stolen information like
your Social Security number or credit card details to
open new accounts in your name.

236
 Types of Cybercrime

• Social Engineering
Manipulating people into divulging confidential
information, typically by exploiting trust or curiosity.
Example: A hacker posing as an IT technician to
convince an employee to provide their login credentials.

237
 Types of Cybercrime
• Ransomware:
Malicious software that locks or encrypts a victim's
data, demanding a ransom (usually in cryptocurrency)
to unlock it.
Example: A company’s files are encrypted, and hackers
demand a large sum of money to provide the decryption
key.
238
 Types of Cybercrime
• DDoS attacks Distributed Denial of Service (DDoS)
DDoS attacks are used to make an online service
unavailable and bring it down, by bombarding or
overwhelming it with traffic from multiple locations
and sources. Large networks of infected computers,
called Botnets are developed by planting malware on
the victim computers. The idea is normally to draw
attention to the DDOS attack, and allow the hacker to
hack into a system. Extortion and blackmail could be
the other motivations.
239
Types of Cybercrime

DDoS Attacks:
• Overloading a website or server with traffic to make it
crash and stop functioning.
• Example: A group of cybercriminals coordinates a
DDoS attack against an e-commerce site, preventing
customers from accessing the site during a major sale.
240
 Types of Cybercrime
• Botnets are networks of computers that have
been infected and are controlled by attackers.
These infected computers (called bots) can be
used to send spam, launch attacks on other
computers, or carry out other harmful activities.
Attackers can also use botnets to create larger
networks of compromised computers. There are
botnet removal tools available to help detect
and remove these infections from your system.
241
Types of Cybercrime
• Online Fraud
Committing financial fraud through the internet,
often by tricking individuals or companies into
giving away money or property.
Example: A scammer posting fake advertisements
for non-existent products or services to get
payments.
242
 Types of Cybercrime
• Spam refers to unwanted emails and
messages, often sent in bulk using
automated tools called spambots.
• Phishing is when cybercriminals try to
trick you into providing personal
information by offering fake deals, like
business proposals, lottery winnings, or
promises of easy money. These scams may
also include offers for unsecured loans.
243
Types of Cybercrime
• Phishing
Fraudulent attempts to obtain sensitive
information (like passwords or credit card details)
by pretending to be a trustworthy entity, often via
emails or fake websites.
Example: Receiving an email that looks like it's
from your bank, asking you to click a link and
enter your account details.
244
 Types of Cybercrime

•It's important to avoid engaging with

suspicious emails or offers, as they
can lead to financial and emotional
harm. Always be cautious and never
share personal information with
untrusted sources.

245
 Describe ethical issues related to the
use of information systems in an
organization
Ethics is a branch of philosophy that deals with
what is considered to be right and wrong.
There many ways in which ethics can be defined
such as Moral codes or standard codes of conduct
of a particular profession or agreement among
people to do the right and to avoid wrong.

As the world is adopting new technology the need

of ethics arises to sustain the proper growth and
to minimize the risk of wrong uses. 246
The following are the techniques for avoiding
security threats;

247
 Describe ethical issues related to the
use of information systems in an
organization
The following are Ethics issues in Information system.
Provide Accurate Information: Always provide truthful,
accurate, and clear information to prevent misinformation and
harm.
Respect User Privacy: Safeguard personal and sensitive data,
ensuring it is not misused or shared without proper consent.
Avoid Online Piracy: Example: Using illegal streaming
websites to watch movies or downloading software without
paying for a license is considered online piracy.

248
• Monitor Social Reputation: Example A company tracks
online reviews of its products on platforms like Facebook and
Twitter and responds to customer feedback in a polite and
transparent manner.
• Protect Public Websites: Example A government agency
ensures that its website is secure from cyberattacks by
regularly updating security protocols and encrypting sensitive
data.
• Prevent Digital Hacking: Example A bank installs firewalls
and uses multi-factor authentication to ensure that only
authorized users can access customer accounts and sensitive
financial information.

249
• Certify Payment Websites: Example An e-commerce website complies
with PCI DSS standards to protect customers' credit card information when
making online purchases.
• Avoid Fraudulent Activities: Example A financial institution prevents
fraudulent activities by ensuring that transaction records are accurate and
not tampered with, avoiding deceptive practices.
• Provide Accurate Information: Example A healthcare provider ensures
that patient information shared with the public (such as health tips) is
based on the latest, credible medical research.
• Respect User Privacy: Example: A social media company ensures that
users' personal information, such as email addresses and phone numbers,
are not shared with third-party advertisers without consent.

250
 Describe ethical issues related to the
use of information systems in an
organization
•Never give misguided Information.
•Never steal information online for
reproduction.
•Never create false evidence using IT.
•Utilizing the IT in a manner to get benefits
only.

251
Topic 5: Apply electronic commerce skills in business
operations

✓Explain e-commerce, e-business, strategic

business operations
✓Explain benefits and limitations of e-
commerce in business operations
✓Compare e-commerce from e-business
✓Perform business operations (market
research, advertising, online publishing,
trading and customer support ) by using
e-commerce
252