MODULE LIVING IN THE IT ERA – IT01

CHAPTER 9: INTRODUCTION TO CYBER SECURITY

Objectives:
a) Discuss the importance of Cybersecurity.
b) Identify the goals of Cybersecurity.
c) Discover the different types cyber-attacks and attackers.

Lesson 1: Cyber Security Overview

Cyber Security Introduction
"Cybersecurity is primarily about people, processes, and technologies working together
to encompass the full range of threat reduction, vulnerability reduction, deterrence,
international engagement, incident response, resiliency, and recovery policies and activities,
including computer network operations, information assurance, law enforcement, etc."
Cybersecurity is the protection of Internet-connected systems, including hardware, software, and
data from cyber attacks. It is made up of two words one is cyber and other is security. Cyber is
related to the technology which contains systems, network and programs or data. Whereas
security related to the protection which includes systems security, network security and
application and information security.
It is the body of technologies, processes, and practices designed to protect networks, devices,
programs, and data from attack, theft, damage, modification or unauthorized access. It may also
be referred to as information technology security.

We can also define cybersecurity as

the set of principles and practices
designed to protect our computing
resources and online information
against threats. Due to the heavy
dependency on computers in a
modern industry that store and
transmit an abundance of
confidential and essential
information about the people,
cybersecurity is a critical function and needed insurance of many businesses.

Page | 1
 MODULE LIVING IN THE IT ERA – IT01

Why is cybersecurity important?

We live in a digital era which understands that our private information is more vulnerable than
ever before. We all live in a world which is networked together, from internet banking to
government infrastructure, where data is stored on computers and other devices. A portion of
that data can be sensitive information, whether that be intellectual property, financial data,
personal information, or other types of data for which unauthorized access or exposure could
have negative consequences.
Cyber-attack is now an international concern and has given many concerns that hacks and other
security attacks could endanger the global economy. Organizations transmit sensitive data across
networks and to other devices in the course of doing businesses, and cybersecurity describes to
protect that information and the systems used to process or store it.
As the volume of cyber-attacks grows, companies and organizations, especially those that deal
information related to national security, health, or financial records, need to take steps to protect
their sensitive business and personal information.
History of Cyber Security
The origin of cybersecurity began with a research project. It only came into existence because of
the development of viruses.
How did we get here?

In 1969, Leonard Kleinrock, professor of UCLA and student, Charley Kline, sent the first
electronic message from the UCLA SDS Sigma 7 Host computer to Bill Duvall, a programmer, at
the Stanford Research Institute. This is a well-known story and a moment in the history of a digital
world. The sent message from the UCLA was the word "login." The system crashed after they
typed the first two letters "lo." Since then, this story has been a belief that the programmers
typed the beginning message "lo and behold." While factually believed that "login" was the
intended message. Those two letters of messages were changed the way we communicate with
one another.

Page | 2
 MODULE LIVING IN THE IT ERA – IT01

In 1970's, Robert (Bob) Thomas who was a researcher for BBN Technologies in Cambridge,
Massachusetts created the first computer worm (virus). He realized that it was possible for a
computer program to move across a network, leaving a small trail (series of signs) wherever it
went. He named the program Creeper, and designed it to travel between Tenex terminals on the
early ARPANET, printing the message "I'M THE CREEPER: CATCH ME IF YOU CAN."
An American computer programmer named Ray Tomlinson, the inventor of email, was also
working for BBN Technologies at the time. He saw this idea and liked it. He tinkered (an act of
attempting to repair something) with the program and made it self-replicating "the first
computer worm." He named the program Reaper, the first antivirus software which would
found copies of The Creeper and delete it.
Where are we now?
After Creeper and Reaper, cyber-crimes became more powerful. As computer software and
hardware developed, security breaches also increase. With every new development came an
aspect of vulnerability, or a way for hackers to work around methods of protection. In 1986, the
Russians were the first who implement the cyber power as a weapon. Marcus Hess, a German
citizen, hacked into 400 military computers, including processors at the Pentagon. He intended
to sell secrets to the KGB, but an American astronomer, Clifford Stoll, caught him before that
could happen.
In 1988, an American computer scientist, Robert Morris, wanted to check the size of the internet.
He wrote a program for testing the size of the internet. This program went through networks,
invaded Unix terminals, and copied itself. The program became the first famous network virus
and named as Moris worm or internet worm. The Morris worm could be infected a computer
multiple times, and each additional process would slow the machine down, eventually to the
point of being damaged. Robert Morris was charged under the Computer Fraud and Abuse Act.
The act itself led to the founding of the Computer Emergency Response Team. This is a non-profit
research centre for issues that could endanger the internet as a whole.
Nowadays, viruses were deadlier, more invasive, and harder to control. We have already
experienced cyber incidents on a massive scale, and 2018 isn't close to over. The above is to name
a few, but these attacks are enough to prove that cybersecurity is a necessity for corporations
and small businesses alike.

Page | 3
 MODULE LIVING IN THE IT ERA – IT01

For more knowledge about cybersecurity, please check the link provided:
https://www.youtube.com/watch?v=inWWhr5tnEA&ab_channel=Simplilearn

Lesson 2: Cyber Security Goals

Cyber Security Goals
The objective of Cybersecurity is to protect information from being stolen, compromised or
attacked. Cybersecurity can be measured by at least one of three goals-
1. Protect the confidentiality of data.
2. Preserve the integrity of data.
3. Promote the availability of data for authorized users.

These goals form the confidentiality, integrity, availability (CIA) triad, the basis of all security
programs. The CIA triad is a security model that is designed to guide policies for information
security within the premises of an organization or company. This model is also referred to as
the AIC (Availability, Integrity, and Confidentiality) triad to avoid the confusion with the Central
Intelligence Agency. The elements of the triad are considered the three most crucial components
of security.
The CIA criteria are one that most of the organizations and companies use when they have
installed a new application, creates a database or when guaranteeing access to some data. For
data to be completely secure, all of these security goals must come into effect. These are security
policies that all work together, and therefore it can be wrong to overlook one policy.
The CIA triad are-
1. Confidentiality
Confidentiality is roughly equivalent to privacy
and avoids the unauthorized disclosure of
information. It involves the protection of data,
providing access for those who are allowed to
see it while disallowing others from learning
anything about its content. It prevents essential
information from reaching the wrong people
while making sure that the right people can get
it. Data encryption is a good example to ensure
confidentiality.

Page | 4
 MODULE LIVING IN THE IT ERA – IT01

Tools for Confidentiality

Encryption
Encryption is a method of transforming information to
make it unreadable for unauthorized users by using an
algorithm. The transformation of data uses a secret key
(an encryption key) so that the transformed data can only
be read by using another secret key (decryption key). It
protects sensitive data such as credit card numbers by
encoding and transforming data into unreadable cipher
text. This encrypted data can only be read by decrypting
it. Asymmetric-key and symmetric-key are the two
primary types of encryption.
Access control
Access control defines rules and policies for limiting access to a system or to physical or virtual
resources. It is a process by which users are granted access and certain privileges to systems,
resources or information. In access control systems, users need to present credentials before
they can be granted access such as a person's name or a computer's serial number. In physical
systems, these credentials may come in many forms, but credentials that can't be transferred
provide the most security.
Authentication
An authentication is a process that ensures and confirms a user's identity or role that someone
has. It can be done in a number of different ways, but it is usually based on a combination of-
o something the person has (like a smart card or a radio key for storing secret keys),
o something the person knows (like a password),
o something the person is (like a human with a fingerprint).

Authentication is the necessity of every organizations because it enables organizations to keep

their networks secure by permitting only authenticated users to access its protected resources.
These resources may include computer systems, networks, databases, websites and other
network-based applications or services.
Authorization

Authorization is a security mechanism which gives permission to do or have something. It is used

to determine a person or system is allowed access to resources, based on an access control policy,
including computer programs, files, services, data and application features. It is normally
preceded by authentication for user identity verification. System administrators are typically

Page | 5
 MODULE LIVING IN THE IT ERA – IT01

assigned permission levels covering all system and user resources. During authorization, a system
verifies an authenticated user's access rules and either grants or refuses resource access.

Physical Security
Physical security describes measures designed to deny the unauthorized access of IT assets like
facilities, equipment, personnel, resources and other properties from damage. It protects these
assets from physical threats including theft, vandalism, fire and natural disasters.

2. Integrity
Integrity refers to the methods for ensuring that data is real, accurate and safeguarded from
unauthorized user modification. It is the property that information has not be altered in an
unauthorized way, and that source of the information is genuine.
Tools for Integrity
Backups

Backup is the periodic archiving of data. It is a process of

making copies of data or data files to use in the event when
the original data or data files are lost or destroyed. It is also
used to make copies for historical purposes, such as for
longitudinal studies, statistics or for historical records or to
meet the requirements of a data retention policy. Many
applications especially in a Windows environment,
produce backup files using the .BAK file extension.
Checksums
A checksum is a numerical value used to verify the integrity of a file or a data transfer. In other
words, it is the computation of a function that maps the contents of a file to a numerical value.
They are typically used to compare two sets of data to make sure that they are the same. A
checksum function depends on the entire contents of a file. It is designed in a way that even a
small change to the input file (such as flipping a single bit) likely to results in different output
value.

Data Correcting Codes

It is a method for storing data in such a way that small changes can be easily detected and
automatically corrected.

3. Availability

Page | 6
 MODULE LIVING IN THE IT ERA – IT01

Availability is the property in which information is accessible and modifiable in a timely fashion
by those authorized to do so. It is the guarantee of reliable and constant access to our sensitive
data by authorized people.

Tools for Availability

o Physical Protections
o Computational Redundancies
Physical Protections
Physical safeguard means to keep information available even in the event of physical challenges.
It ensure sensitive information and critical information technology are housed in secure areas.
Computational redundancies

It is applied as fault tolerant against accidental faults. It protects computers and storage devices
that serve as fallbacks in the case of failures.

For more knowledge about cybersecurity goals, please check the link provided;
https://www.youtube.com/watch?v=azLckMQtbs0&ab_channel=GrantCollins

Lesson 3: Types of Cyber Attacks and Attackers

Types of Cyber Attacks
A cyber-attack is an exploitation of computer systems and networks. It uses malicious
code to alter computer code, logic or data and lead to cybercrimes, such as information and
identity theft.
We are living in a digital era. Now a day, most of the people use computer and internet. Due to
the dependency on digital things, the illegal computer activity is growing and changing like any
type of crime.
Cyber-attacks can be classified into the following categories:
Web-based attacks
These are the attacks which occur on a website or
web applications. Some of the important web-based
attacks are as follows-
1. Injection attacks
It is the attack in which some data will be injected into
a web application to manipulate the application and fetch the required information.

Page | 7
 MODULE LIVING IN THE IT ERA – IT01

Example- SQL Injection, code Injection, log Injection, XML Injection etc.
2. DNS Spoofing
DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a DNS
resolver's cache causing the name server to return an incorrect IP address, diverting traffic to the
attacker?s computer or any other computer. The DNS spoofing attacks can go on for a long period
of time without being detected and can cause serious security issues.
3. Session Hijacking
It is a security attack on a user session over a protected network. Web applications create cookies
to store the state and user sessions. By stealing the cookies, an attacker can have access to all of
the user data.
4. Phishing
Phishing is a type of attack which attempts to steal sensitive information like user login
credentials and credit card number. It occurs when an attacker is masquerading as a trustworthy
entity in electronic communication.
5. Brute force
It is a type of attack which uses a trial and error method. This attack generates a large number of
guesses and validates them to obtain actual data like user password and personal identification
number. This attack may be used by criminals to crack encrypted data, or by security, analysts to
test an organization's network security.
6. Denial of Service
It is an attack which meant to make a server or network resource unavailable to the users. It
accomplishes this by flooding the target with traffic or sending it information that triggers a crash.
It uses the single system and single internet connection to attack a server. It can be classified into
the following-
Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is measured
in bit per second.
Protocol attacks- It consumes actual server resources, and is measured in a packet.
Application layer attacks- Its goal is to crash the web server and is measured in request per
second.
7. Dictionary attacks

This type of attack stored the list of a commonly used password and validated them to get original
password.

Page | 8
 MODULE LIVING IN THE IT ERA – IT01

8. URL Interpretation
It is a type of attack where we can change the certain parts of a URL, and one can make a web
server to deliver web pages for which he is not authorized to browse.
9. File Inclusion attacks
It is a type of attack that allows an attacker to access unauthorized or essential files which is
available on the web server or to execute malicious files on the web server by making use of the
include functionality.
10. Man in the middle attacks
It is a type of attack that allows an attacker to intercepts the connection between client and
server and acts as a bridge between them. Due to this, an attacker will be able to read, insert and
modify the data in the intercepted connection.

System-based attacks

These are the attacks which are intended to compromise a computer or a computer network.
Some of the important system-based attacks are as follows-

1. Virus
It is a type of malicious software program that spread throughout the computer files without the
knowledge of a user. It is a self-replicating malicious computer program that replicates by
inserting copies of itself into other computer programs when executed. It can also execute
instructions that cause harm to the system.

2. Worm
It is a type of malware whose primary function is to replicate itself to spread to uninfected
computers. It works same as the computer virus. Worms often originate from email attachments
that appear to be from trusted senders.
3. Trojan horse
It is a malicious program that occurs unexpected changes to computer setting and unusual
activity, even when the computer should be idle. It misleads the user of its true intent. It appears
to be a normal application but when opened/executed some malicious code will run in the
background.

Page | 9
 MODULE LIVING IN THE IT ERA – IT01

4. Backdoors
It is a method that bypasses the normal authentication process. A developer may create a
backdoor so that an application or operating system can be accessed for troubleshooting or other
purposes.
5. Bots
A bot (short for "robot") is an automated process that interacts with other network services.
Some bots program run automatically, while others only execute commands when they receive
specific input. Common examples of bots program are the crawler, chatroom bots, and malicious
bots.
Types of Cyber Attackers
In computer and computer networks, an attacker is the individual or organization who performs
the malicious activities to destroy, expose, alter, disable, steal or gain unauthorized access to or
make unauthorized use of an asset.
As the Internet access becomes more pervasive across the world, and each of us spends more
time on the web, there is also an attacker grows as well. Attackers use every tools and techniques
they would try and attack us to get unauthorized access.
There are four types of attackers which are described below-
Cyber Criminals
Cybercriminals are individual or group of people who use
technology to commit cybercrime with the intention of
stealing sensitive company information or personal data
and generating profits. In today's, they are the most
prominent and most active type of attacker.
Cybercriminals use computers in three broad ways to
do cybercrimes-
o Select computer as their target- In this, they
attack other people's computers to do
cybercrime, such as spreading viruses, data theft,
identity theft, etc.
o Uses the computer as their weapon- In this, they use the computer to do conventional
crime such as spam, fraud, illegal gambling, etc.
o Uses the computer as their accessory- In this, they use the computer to steal data
illegally.

Page | 10
 MODULE LIVING IN THE IT ERA – IT01

Hacktivists
Hacktivists are individuals or groups of hackers who carry out malicious activity to promote a
political agenda, religious belief, or social ideology. According to Dan Lohrmann, chief security
officer for Security Mentor, a national security training firm that works with states said
"Hacktivism is a digital disobedience. It's hacking for a cause." Hacktivists are not like
cybercriminals who hack computer networks to steal data for the cash. They are individuals or
groups of hackers who work together and see themselves as fighting injustice.
State-sponsored Attacker

State-sponsored attackers have particular objectives aligned with either the political, commercial
or military interests of their country of origin. These type of attackers are not in a hurry. The
government organizations have highly skilled hackers and specialize in detecting vulnerabilities
and exploiting these before the holes are patched. It is very challenging to defeat these attackers
due to the vast resources at their disposal.
Insider Threats
The insider threat is a threat to an organization's security or data that comes from within. These
type of threats are usually occurred from employees or former employees, but may also arise
from third parties, including contractors, temporary workers, employees or customers.
Insider threats can be categorized below-

Malicious-
Malicious threats are attempts by an insider to
access and potentially harm an organization's data,
systems or IT infrastructure. These insider threats
are often attributed to dissatisfied employees or ex-
employees who believe that the organization was
doing something wrong with them in some way, and
they feel justified in seeking revenge.
Insiders may also become threats when they are
disguised by malicious outsiders, either through
financial incentives or extortion.
Accidental-
Accidental threats are threats which are accidently done by insider employees. In this type of
threats, an employee might accidentally delete an important file or inadvertently share
confidential data with a business partner going beyond company?s policy or legal requirements.

Page | 11
 MODULE LIVING IN THE IT ERA – IT01

Negligent-
These are the threats in which employees try to avoid the policies of an organization put in place
to protect endpoints and valuable data. For example, if the organization have strict policies for
external file sharing, employees might try to share work on public cloud applications so that they
can work at home. There is nothing wrong with these acts, but they can open up to dangerous
threats nonetheless.

For more knowledge about cyber-attacks, please check the link provided;
https://www.youtube.com/watch?v=NDcEOW8r0xc&ab_channel=RobotsNet

REFERENCES

https://www.javatpoint.com/cyber-security-introduction

https://www.javatpoint.com/history-of-cyber-security
https://www.javatpoint.com/cyber-security-goals
https://www.javatpoint.com/types-of-cyber-attacks
https://www.javatpoint.com/types-of-cyber-attackers

Page | 12
 MODULE LIVING IN THE IT ERA – IT01

CHAPTER 10: LEGAL AND ETHICAL USE OF TECHNOLOGY

Objectives:
a.) Discuss the foundation of computer ethics.
b.) Identify the future concerns in computer ethics and internet
privacy issues.
c.) Discover the ten commandments of computer ethics

Lesson 1: Introduction

Computer ethics is a part of practical philosophy

concerned with how computing professionals should make
decisions regarding professional and social conduct.
Margaret Anne Pierce, a professor in the Department of
Mathematics and Computers at Georgia Southern
University has categorized the ethical decisions related to
computer technology and usage into three primary
influences:
1. The individual's own personal code.
2. Any informal code of ethical conduct that exists in
the work place.
3. Exposure to formal codes of ethics.
Foundation

The term computer ethics was first coined by Walter Maner, a professor at Bowling
Green State University. Maner noticed ethical concerns that were brought up during his Medical
Ethics course at Old Dominion University became more complex and difficult when the use of
technology and computers became involved. The conceptual foundations of computer ethics are
investigated by information ethics, a branch of philosophical ethics promoted, among others, by
Luciano Florida.
History
The concept of computer ethics originated in the 1940s with MIT professor Norbert
Wiener, the American mathematician and philosopher. While working on anti-aircraft artillery
during World War II, Wiener and his fellow engineers developed a system of communication
between the part of a cannon that tracked a warplane, the part that performed calculations to
estimate a trajectory, and the part responsible for firing. Wiener termed the science of such
information feedback systems, "cybernetics," and he discussed this new field with its related

Page 1
 MODULE LIVING IN THE IT ERA – IT01

ethical concerns in his 1948 book, Cybernetics. In 1950, Wiener's second book, The Human Use
of Human Beings, delved deeper into the ethical issues surrounding information technology and
laid out the basic foundations of computer ethics.
A bit later during the same year, the world's first computer crime was committed. A programmer
was able to use a bit of computer code to stop his banking account from being flagged as
overdrawn. However, there were no laws in place at that time to stop him, and as a result he was
not charged. To make sure another person did not follow suit, an ethics code for computers was
needed.
In 1973, the Association for Computing Machinery (ACM) adopted its first code of ethics. SRI
International's Donn Parker, an author on computer crimes, led the committee that developed
the code.
In 1976, medical teacher and researcher Walter Maner noticed that ethical decisions are much
harder to make when computers are added. He noticed a need for a different branch of ethics
for when it came to dealing with computers. The term "computer ethics" was thus invented.
In 1976 Joseph Weizenbaum made his second significant addition to the field of computer ethics.
He published a book titled Computer Power and Human Reason, which talked about how artificial
intelligence is good for the world; however it should never be allowed to make the most
important decisions as it does not have human qualities such as wisdom. By far the most
important point he makes in the book is the distinction between choosing and deciding. He
argued that deciding is a computational activity while making choices is not and thus the ability
to make choices is what makes us humans.
At a later time during the same year Abbe Mowshowitz, a professor of Computer Science at the
City College of New York, published an article titled "On approaches to the study of social issues
in computing." This article identified and analyzed technical and non-technical biases in research
on social issues present in computing.
During 1978, the Right to Financial Privacy Act was adopted by the United States Congress,
drastically limiting the government's ability to search bank records.
During the next year Terrell Ward Bynum, the professor of Philosophy at Southern Connecticut
State University as well as Director of the Research Center on Computing and Society there,
developed curriculum for a university course on computer ethics. Bynum was also editor of the
journal Metaphilosophy. In 1983 the journal held an essay contest on the topic of computer ethics
and published the winning essays in its best-selling 1985 special issue, “Computers and Ethics.”

In 1984, the United States Congress passed the Small Business Computer Security and Education
Act, which created a Small Business Administration advisory council to focus on computer
security related to small businesses.

Page 2
 MODULE LIVING IN THE IT ERA – IT01

In 1985, James Moor, Professor of Philosophy at DartMouth College in New Hampshire, published
an essay called "What is Computer Ethics?" In this essay Moor states, the computer ethics
includes the following: "(1) identification of computer-generated policy vacuums, (2) clarification
of conceptual muddles, (3) formulation of policies for the use of computer technology, and (4)
ethical justification of such policies."
During the same year, Deborah Johnson, Professor of Applied Ethics and Chair of the Department
of Science, Technology, and Society in the School of Engineering and Applied Sciences of the
University of Virginia, got the first major computer ethics textbook published. Johnson's textbook
identified major issues for research in computer ethics for more than 10 years after publication
of the first edition.

In 1988, Robert Hauptman, a librarian at St. Cloud University, came up with "information ethics",
a term that was used to describe the storage, production, access and dissemination of
information. Near the same time, the Computer Matching and Privacy Act was adopted and this
act restricted United States government programs identifying debtors.
In the year 1992, ACM adopted a new set of ethical rules called "ACM code of Ethics and
Professional Conduct" which consisted of 24 statements of personal responsibility.
Three years later, in 1995, Krystyna Górniak-Kocikowska, a Professor of Philosophy at Southern
Connecticut State University, Coordinator of the Religious Studies Program, as well as a Senior
Research Associate in the Research Center on Computing and Society, came up with the idea that
computer ethics will eventually become a global ethical system and soon after, computer ethics
would replace ethics altogether as it would become the standard ethics of the information age.

In 1999, Deborah Johnson revealed her view, which was quite contrary to Górniak-Kocikowska's
belief, and stated that computer ethics will not evolve but rather be our old ethics with a slight
twist.
Post 20th century, as a result to much debate of ethical guidelines, many organizations such as
ABET offer ethical accreditation to University or College applications such as "Applied and Natural
Science, Computing, Engineering and Engineering Technology at the associate, bachelor, and
master levels" to try and promote quality works that follow sound ethical and moral guidelines.
In 2018 The Guardian and The New York Times reported that Facebook took data from 87 million
Facebook users to sell to Cambridge Analytica.
In 2019 Facebook started a fund to build an ethics center at the Technical University of Munich,
located in Germany. This was the first time that Facebook funded an academic institute for
matters regarding computer ethics.

For more knowledge about computer ethics, please check the link provided;
https://www.youtube.com/watch?v=cFszY5bTx5s

Page 3
 MODULE LIVING IN THE IT ERA – IT01

Lesson 2: Future Concerns and Internet Privacy

Future Concerns
Computer crime, privacy, anonymity, freedom, and intellectual property fall under
topics that will be present in the future of computer ethics.
Ethical considerations have been linked to the Internet of Things (IoT) with many physical devices
being connected to the internet.
Virtual Crypto-currencies in regards to the balance of the current purchasing relationship
between the buyer and seller.
Autonomous technology such as self-driving cars forced to make human decisions. There is also
concern over how autonomous vehicles would behave in different countries with different
culture values.
Security risks have been identified with cloud-based technology with every user interaction being
sent and analyzed to central computing hubs. Artificial intelligence devices like the Amazon Alexa
and Google Home are collecting personal data from users while at home and uploading it to the
cloud. Apple’s Siri and Microsoft’s Cortana smartphone assistants are collecting user information,
analyzing the information, and then sending the information back to the user.
Internet privacy
Privacy is one of the major issues that has emerged since the internet has become part
of many aspects of daily life. Internet users hand over personal information in order to sign up or
register for services without realizing that they are potentially setting themselves up for invasions
of privacy.
Another example of privacy issues, with concern to Google, is tracking searches. There is a feature
within searching that allows Google to keep track of searches so that advertisements will match
your search criteria, which in turn means using people as products. Google was sued in 2018 due
to tracking user location without permission.
There is an ongoing discussion about what privacy and privacy enforcement measures imply.
With the increase in social networking sites, more and more people are allowing their private
information to be shared publicly. On the surface, this may be seen as someone listing private
information about them on a social networking site, but below the surface, it is the site that could
be sharing the information (not the individual). This is the idea of an opt-in versus opt- out
situation. There are many privacy statements that state whether there is an opt-in or an opt- out
policy. Typically an opt-in privacy policy means that the individual has to tell the company issuing
the privacy policy if they want their information shared or not. Opt-out means that their
information will be shared unless the individual tells the company not to share it.

Page 4
 MODULE LIVING IN THE IT ERA – IT01

A whole industry of privacy and ethical tools has grown over time, giving people the choice to
not share their data online. These are often open source software, which allows the users to
ensure that their data is not saved to be used without their consent.
Identifying issues
Identifying ethical issues as they arise, as well as defining how to deal with them, has traditionally
been problematic. In solving problems relating to ethical issues, Michael Davis proposed a unique
problem-solving method. In Davis's model, the ethical problem is stated, facts are checked, and
a list of options is generated by considering relevant factors relating to the problem. The actual
action taken is influenced by specific ethical standards.

For more knowledge about Future Concerns and Internet Privacy, please check the
link provided; https://www.youtube.com/watch?v=yG4JL0ZRmi4

Lesson 3: Ten Commandments of Computer Ethics

The Ten Commandments of Computer Ethics
were created in 1992 by the Washington,
D.C. based Computer Ethics Institute. The
commandments were introduced in the paper "In
Pursuit of a 'Ten Commandments' for Computer Ethics"
by Ramon C. Barquin as a means to create "a set of
standards to guide and instruct people in
the ethical use of computers." They follow the Internet Advisory Board's memo on ethics from
1987. The Ten Commandments of Computer Ethics copies the archaic style of the Ten
Commandments from the King James Bible.
The Ten Commandments of Computer Ethics

1. Thou shalt not use a computer to harm other people.

2. Thou shalt not interfere with other people's computer work.
3. Thou shalt not snoop around in other people's computer files.
4. Thou shalt not use a computer to steal.
5. Thou shalt not use a computer to bear false witness.
6. Thou shalt not copy or use proprietary software for which you have not paid (without
permission).
7. Thou shalt not use other people's computer resources without authorization or proper
compensation.
8. Thou shalt not appropriate other people's intellectual output.

Page 5
 MODULE LIVING IN THE IT ERA – IT01

9. Thou shalt think about the social consequences of the program you are writing or the
system you are designing.
10. Thou shalt always use a computer in ways that ensure consideration and respect for other
humans.
Exegesis
• Commandment 1
Simply put: Do not use the computer in ways that may harm other people.
Explanation: This commandment says that it is unethical to use a computer to harm another user.
It is not limited to physical injury. It includes harming or corrupting other users' data or files. The
commandment states that it is wrong to use a computer to steal someone's personal information.
Manipulating or destroying files of other users is ethically wrong. It is unethical to write programs,
which on execution lead to stealing, copying or gaining unauthorized access to other users' data.
Being involved in practices like hacking, spamming, phishing or cyber bullying does not conform
to computer ethics.
• Commandment 2
Simply put: Do not use computer technology to cause interference in other users' work.

Explanation: Computer software can be used in ways that disturb other users or disrupt their
work. Viruses, for example, are programs meant to harm useful computer programs or interfere
with the normal functioning of a computer. Malicious software can disrupt the functioning of
computers in more ways than one. It may overload computer memory through excessive
consumption of computer resources, thus slowing its functioning. It may cause a computer to
function wrongly or even stop working. Using malicious software to attack a computer is
unethical.
• Commandment 3
Simply put: Do not spy on another person's computer data.
Explanation: We know it is wrong to read someone's personal letters. On the same lines, it is
wrong to read someone else's email messages or files. Obtaining data from another person's
private files is nothing less than breaking into someone's room. Snooping around in another
person's files or reading someone else's personal messages is the invasion of his privacy. There
are exceptions to this. For example, spying is necessary and cannot be called unethical when it is
done against illegitimate use of computers. For example, intelligence agencies working on
cybercrime cases need to spy on the internet activity of suspects.
• Commandment 4
Simply put: Do not use computer technology to steal information.

Page 6
 MODULE LIVING IN THE IT ERA – IT01

Explanation: Stealing sensitive information or leaking confidential information is as good as

robbery. It is wrong to acquire personal information of employees from an employee database
or patient history from a hospital database or other such information that is meant to be
confidential. Similarly, breaking into a bank account to collect information about the account or
account holder is wrong. Illegal electronic transfer of funds is a type of fraud. With the use of
technology, stealing of information is much easier. Computers can be used to store stolen
information.
• Commandment 5
Simply put: Do not contribute to the spread of misinformation using computer technology.

Explanation: Spread of information has become viral today, because of the Internet. This also
means that false news or rumors can spread speedily through social networking sites or emails.
Being involved in the circulation of incorrect information is unethical. Mails and pop-ups are
commonly used to spread the wrong information or give false alerts with the only intent of selling
products. Mails from untrusted sources advertising certain products or spreading some hard-to-
believe information, are not uncommon. Direct or indirect involvement in the circulation of false
information is ethically wrong. Giving wrong information can hurt other parties or organizations
that are affected by that particular theme.
• Commandment 6
Simply put: Refrain from copying software or buying pirated copies. Pay for software unless it is
free.
Explanation: Like any other artistic or literary work, software is copyrighted. A piece of code is
the original work of the individual who created it. It is copyrighted in his/her name. In case of a
developer writing software for the organization she works for, the organization holds the
copyright for it. Copyright holds true unless its creators announce it is not. Obtaining illegal copies
of copyrighted software is unethical and also encourages others to make copies illegally.
• Commandment 7
Simply put: Do not use someone else's computer resources unless authorized to.

Explanation: Multi-user systems have user specific passwords. Breaking into some other user's
password, thus intruding his/her private space is unethical. It is not ethical to hack passwords for
gaining unauthorized access to a password-protected computer system. Accessing data that you
are not authorized to access or gaining access to another user's computer without her permission
is not ethical.
• Commandment 8

Page 7
 MODULE LIVING IN THE IT ERA – IT01

Simply put: It is wrong to claim ownership on a work which is the output of someone else's
intellect.
Explanation: Programs developed by a software developer are her property. If he is working with
an organization, they are the organization's property. Copying them and propagating them in
one's own name is unethical. This applies to any creative work, program or design. Establishing
ownership on a work which is not yours is ethically wrong.
• Commandment 9
Simply put: Before developing a software, think about the social impact it can have.

Explanation: Looking at the social consequences that a program can have, describes a broader
perspective of looking at technology. A computer software on release, reaches millions. Software
like video games and animations or educational software can have a social impact on their users.
When working on animation films or designing video games, for example, it is the programmer's
responsibility to understand his target audience/users and the effect it may have on them. For
example, a computer game for kids should not have content that can influence them negatively.
Similarly, writing malicious software is ethically wrong. A software developer/development firm
should consider the influence their code can have on the society at large.
• Commandment 10
Simply put: In using computers for communication, be respectful and courteous with the fellow
members.

Explanation: The communication etiquette we follow in the real world applies to communication
over computers as well. While communicating over the Internet, one should treat others with
respect. One should not intrude others' private space, use abusive language, make false
statements or pass irresponsible remarks about others. One should be courteous while
communicating over the web and should respect others' time and resources. Also, one should be
considerate with a novice computer user.

For more knowledge about ten commandments of computer ethics, please check the
link provided; https://www.youtube.com/watch?v=fVYH-O_Il0g

REFERENCES

https://en.wikipedia.org/wiki/Computer_ethics
https://en.wikipedia.org/wiki/Ten_Commandments_of_Computer_Ethics

Page 8