Professional Ethics & Legal Aspects

Digital Archiving
Dr. Ahmed El-Awady
The Ten Commandments of Computer Ethics

1.Thou shalt not use a computer to harm other people.

2.Thou shalt not interfere with other people's computer work.
3.Thou shalt not snoop around in other people's computer files.
4.Thou shalt not use a computer to steal.
5.Thou shalt not use a computer to bear false witness.
6.Thou shalt not copy or use proprietary software for which you have not paid (without permission).
7.Thou shalt not use other people's computer resources without authorization or proper compensation.
8.Thou shalt not appropriate other people's intellectual output.
9.Thou shalt think about the social consequences of the program you are writing or the system you are designing.
10.Thou shalt always use a computer in ways that ensure consideration and respect for other humans
The most Basic Level of Computer Ethics is to sensitize people to the fact that computer technology has social
and ethical consequences

Examples………………….
 Why Ethics is important in ICT???

It helps keeping human and humanity in technology

By keeping ethics in ICT, the risk of dishonesty and security breaches can be reduced
The six characteristics of ethics

1- Trustworthiness
2- Respect
3- Responsibility
4- Fairness
5- Caring
6- Citizenship
What are the biggest ethical issues today ????

Harassment/ Trafficking and Discrimination,

in workplace, in street, in malls, & online

Toxic Environment in Workplace
 Reporting and Accident

When a friend is involved

When no friends are involved

Doctor- patient Confidentiality
 Computer Crimes

E.g. 57 million credit cards in Europe

 Intellectual Property (IP)

Four Pillars of Intellectual Property

1- Trademarks
2- Copyrights
3- Patent
4- Trade Secrets (Cocacola vs. Pepsi) (Rogers vs. Bell ….French and English)

IP is related to database management, e-commerce, and internet security and cyber-security

 Intellectual Property Rights
• Intellectual property rights are the legal rights to which
the creators of intellectual property—original creative
works—are entitled.
• Intellectual property rights indicate who has the right to
use, perform, or display a creative work and what can
legally be done with that work; how long the creator
retains rights to the property; and other related
restrictions.
• The three main types of intellectual property rights are
copyrights, trademarks, and patents.

13
14
 Copyright
• A copyright is a form of protection available to the creator of an original artistic,
musical, or literary work, such as a book, movie, software program, song, or
painting.
• It gives the copyright holder the exclusive right to publish, reproduce, distribute,
perform, or display the work.
• The copyright protection is recently extended to nonpublished works, so,
immediately after creating a work in some type of material form (such as on
paper, film, videotape, or a digital storage medium), the creator automatically
owns the copyright of that work.

15
 Copyright
• Copyright protects “original works of authorship fixed in a tangible medium of
expression.” Such works include literature, movies, art, screenplays, websites, music,
architectural works, and photographs.
• Contrary to what a lot of folks believe, copyright doesn’t protect ideas, themes,
concepts, discoveries, or inventions. There’s also no copyright protection available
for titles, short phrases, facts, or quotations.
• Finally, a copyright can be registered with the copy right office.

16
 Trademark
• Trademarks are the most valuable assets a business will likely
ever own.
• A trademark is typically a word, logo, phrase, symbol, or
character that’s used in connection with the advertising and sale
of products and services.
• Trademarks can also be sounds (the NBC chimes), colours (the
Kodak yellow), and even scents (sewing thread that smells like
plumeria blossoms).

17
 Trademark
• Business owners use trademarks to distinguish their products and services from
those offered by their competitors.
• Consumers use trademarks to identify and compare different products and
services and to make our buying decisions.
• Trademarks are also important because they embody the qualities and
characteristics of the products and services with which they’re used, while also
offering consumers an assurance of quality and consistency.
• Finally, trademarks may be registered with the Patent and Trademark Office
(PTO).

18
 Patent
• Unlike copyrights (which protect artistic and literary works)
and trademarks (which protect a company’s logo and brand
names), a patent protects inventions by granting exclusive
rights of an invention to its inventor for a period of 20 years.
• Utility patents basically protect the way an invention
functions and works, while design patents protect the
ornamental appearance of an invention rather than its
utilitarian features.
• Once a patent is issued by the PTO, the invention cannot be
commercially made, used, distributed, or sold without the
patent owner’s permission.
• When the patent expires, the invention falls into the public
domain and anyone who wants to make or sell the invention
is free to do so.
19
 Key Intellectual Property Issues

• Issues that apply to intellectual property and information technology

– Plagiarism
– Reverse engineering
– Open-source code
– Competitive intelligence
– Trademark infringement
– Cybersquatting

20
 Plagiarism
• Stealing someone’s ideas or words and passing them off
as one’s own
• Many students:
– Do not understand what constitutes plagiarism
– Believe that all electronic content is in the public domain
• Plagiarism is also common outside academia. Popular
literary authors, musicians, journalists, and even software
developers have been accused of it

21
Plagiarism (cont’d.)

22
23
 Plagiarism (cont’d.)
• Plagiarism detection systems check submitted material against databases
of electronic content. They match text in different documents as a means of
identifying potential plagiarism

• Steps to fight student plagiarism

– Help students understand what constitutes plagiarism and why they need to cite
sources
– Show students how to document Web pages
– Tell students that instructors are aware of Internet plagiarism detection services
– Incorporate detection into an antiplagiarism program

24
Reverse Engineering

• Process of taking something apart in order to:

– Understand it
– Build a copy of it
– Improve it
• Originally applied to computer HW but is now
commonly applied to SW as well.
• Reverse engineering of software involves analyzing it to
create a new representation of the system in a different
form or at a higher level of abstraction.
• Example: Convert an application that ran on one
vendor’s database to run on another’s (for example,
from Access to Oracle).
25
 Reverse Engineering
• No one challenges the right to use this process to
convert applications developed in-house. After all,
those applications were developed and are owned
by the companies using them.
• It is quite another matter, however, to use this
process on a purchased software application
developed and licensed by outside parties. Most IT
managers would consider this action unethical
because the software user does not actually own
the right to the software.

26
 Reverse Engineering (cont’d.)

• Courts have ruled in favor of reverse engineering to enable interoperability

• Software license agreements increasingly forbid reverse engineering. As a
result of the increased legislation affecting reverse engineering, some
software developers are moving their reverse-engineering projects offshore
to avoid U.S. rules
• Ethics of using reverse engineering are debated
– Fair use if it provides useful function/interoperability
– Can uncover designs that someone else has developed at great cost and taken care to
protect

27
Open Source Code

• Program source code made available for use or

modification as users or other developers see fit

• Basic premise
– Many programmers can help software improve
– Can be adapted to meet new needs
– Bugs rapidly identified and fixed
– High reliability

28
 Open Source Code
Why would firms or individual developers create open
source code if they do not receive money for it?
• Some people share code to earn respect for solving a
common problem in an elegant way.
• Some people have used open source code that was
developed by others and feel the need to pay back.
• A firm may be required to develop software as part of
an agreement to address a client’s problem. It may
decide to license the code as open source and use it
either to promote the firm’s expertise or as an incentive
to attract other potential clients with a similar problem.

29
 Open Source Code

• A firm may develop open source code in the hope of earning software
maintenance fees if the end user’s needs change in the future.
• A firm may develop useful code but may be reluctant to license and
market it, and so might donate the code to the general public.

30
 Open Source License
• A software developer could attempt to make a program open source
simply by putting it into the public domain with no copyright.
• This would allow people to share the program and their improvements,
but it would also allow others to revise the original code and then
distribute the resulting software as their own proprietary product.
• Users who received the program in the modified form would no longer
have the freedoms associated with the original software.
• Use of an open source license avoids this scenario.

31
32
Trademark Infringement

• Trademark is logo, package design, phrase, sound, or word that

enables consumer to differentiate one company’s product from
another’s
• Trademark infringement is others using the same mark or a
confusingly similar mark on a product’s label
• Organizations frequently sue one another over the use of a trademark
in a Web site or domain name

33
Trademark Infringement
Examples

34
35
Globalization vs. Morals and Religions
 Mind Teaser Activity
After watching the Video, answer these questions!?
1. When electronic records must be transferred?
2. When should records be publicly accessible?
3. When must they be destroyed or archived?
4. What type of documents should be in each file?

Let’s wait and see

What is so uncomfortable about paperwork
and paper archives?
What are types of records?
 What is Digital Archiving????

Digital archiving is a repository of digital material that a company or

person desires to keep for a longer period of time.

It stores collections of digital information such as documents, video,

and pictures, in a digital format with the intention of providing long-
term access to the information.

A digital archive can be an elaborate collection with a multi-tiered

storage system or located on hard drives.
How to classify documents?
• How do you classify your files on your desktop / laptop?
• Is it always easy to find your files??
How to classify documents?
Considerations for Digital Archiving:

• Obsolescence: With advances in technology, storage media comes and goes. Remember floppy
disks? Updating your digital archive is an important part of your digital archive policy.

• Metadata: This is a critical component when digital archiving. Without it, or enough of it, you will
have trouble finding the data you want when you try to retrieve it.

• Defining what is appropriate for a digital archive.

• Corruption of information.

• Loss of information (the hard drive, SD card, etc.).

• Authenticity and integrity of data.

• In-house or outsource? [Example: UWaterloo Turnitin servers outsourcing problem to save students’
reports]

• Security and access

Key Benefits of Digital Archiving:

• Less Storage Space than paper

• Locating information easier

• Preventing loss of data is easier with digital archives since they can be backed
up

• Easily managing data privacy

• Easily protecting rights of intellectual property

Digital Transformation Steps

IT System Infrastructure

Legal background

Web & Transparency

Digital Components

Process Re-engineering
Digital Transformation: Questions!
1. Is it okay to share photos of students on the
university website?
2. What equipment do you need?
3. How could there be “Transparency”
4. Intranet or internet connections for DA networks?
And Why?
5. Types of digital components
6. What process needs to be changed to allow for
digital archiving?
7. How to guarantee quality of DA?
Digital Transformation: Questions!
1. Is it okay to share photos of students on the
university website?
It’s illegal to post students’ photos without
consent!!!
2. How could there be “Transparency”
Publishing laws, regulations and bylaws / Jobs /
admission requirements and more to the public!
3. What equipment do you need?
Smart device connected to internet / fast scanner /
storage devices for backups…
Digital Transformation: Questions!
1. Intranet or internet connections for DA networks?
And Why?
Intranet is more secured!
2. Types of digital components
Documents / multimedia / databases / designs …
3. What process needs to be changed to allow for digital
archiving?
Varies of course
4. How to guarantee quality of DA?
A thorough audit process should be in place
 Activity

Tool Risk
USB stick

CD

External Hard Drive

APP

Software

Internal Computer Hard Drive

Cloud Storage
Is it challenging to choose the best way to archive data digitally??
Digital Archiving Risks & Threats!
Training and Development Center (TDC) -Ain Shams University READ
Training and Development Center (TDC) -Ain Shams University READ
 Case Study

@ UWaterloo, one day, I found banking information of medical

students coming to my email address for some new feature in the
payroll of the TAs

I stayed quiet, and was waiting until I see what the university would
do

See what happened>>>>>>>>

 Case Study

After I left Canada, the medical testing laboratory that my family used
to visit, which is the biggest chain labs in Canada, sent me an email
about information breach and that my family’s information are leaked
and hacked among millions of lab clients

!!!!!!!!!!

They paid millions of dollars then to solve the problem in the future
 Privacy Protection and the Law
• Systems collect and store key data from every
interaction with customers to make better decisions
• Many people object to data collection policies of
government and business
• Privacy
– Key concern of Internet users
– Top reason why nonusers still avoid the Internet
• Reasonable limits must be set to balance needs of
business against rights of consumers
• Today, in addition to protection from government
intrusion, people want and need privacy protection from
private industry
56
 Information Privacy

• Definition of privacy
– “The right to be left alone—the most comprehensive of rights, and the
right most valued by free people”
• Information privacy is a combination of:
1. Communications privacy
• Ability to communicate with others without being monitored by other
persons or organizations
2. Data privacy
• Ability to limit access to one’s personal data by other individuals and
organizations in order to have a large degree of control over that data
and its use
57
 PAPA Rights
• Society’s four basic rights in terms of information. coined the acronym
PAPA (privacy, accuracy, property, and accessibility)

58
 Data Collection Policies

• Opt-out policy
– Organization assumes that consumers approve of companies collecting
and storing their personal information
– Requires consumers to actively request to opt out
– Favored by data collectors

• Opt-in policy
– Organization must obtain specific permission from consumers before
collecting any data
– Favored by consumers

Ethics in Information Technology, Fourth Edition 59

 Key Privacy and
Anonymity Issues

• Identity theft
• Electronic discovery
• Consumer profiling
• Treating customer data responsibly
• Workplace monitoring
• Advanced surveillance technology

60
 Identity Theft

• Theft of key pieces of personal information to

impersonate a person, including name, address,
date of birth, social security number, passport
number, credit card number, driver’s license
number
• Fastest-growing form of fraud
• Consumers and organizations are paying
attention and become more practical in fighting
identity theft

61
 Identity Theft (cont’d.)
• Identity (ID) theft happens when someone steals your
personal information to commit fraud.
• The identity thief may use your information to
fraudulently apply for credit, file taxes, or get medical
services. These acts can damage your credit status and
cost you time and money to restore your good name.
• Four approaches used by identity thieves
1. Create a data breach
2. Purchase personal data
3. Use phishing
4. Install spyware to capture keystrokes of victims
62
 Data Breaching

• Data breach may be caused by crackers breaking

into the database or, more often, by carelessness
or failure to follow proper security procedures.

• For example, a laptop computer containing the

unencrypted Social Security Numbers SSN of
26.5 million U.S. experts was stolen from the
home of an analyst. The analyst violated existing
policy by removing the data from his workplace.

63
 Data Breaching

• Organizations are unwilling to announce data breaches to avoid bad

publicity and potential for lawsuits.

• Victims (people) whose personal data was compromised need to be

informed so that they can take protective measures.

64
 Identity Theft (cont’d.)
• Purchase of personal data
– Black market for:
• Credit card numbers in bulk—$.40 each
• Logon name and PIN for bank account—$10
• Identity information—including DOB, address,
SSN, and telephone number—$1 to $15

• Phishing
– Sending legitimately looking emails claiming to be
from reputable companies to encourage individuals
to reveal personal information on a fake Web site.

65
 Identity Theft (cont’d.)
• Spyware
– Keystroke-logging software downloaded to users’
computers without the knowledge of the user
– Collects:
• Account usernames
• Passwords
• Credit card numbers
– Operates even if infected computer is not online,
until the user connects to Internet then, data
captured by spyware is emailed directly to the spy
or is posted to a Web site where the spy can view it

66
 CASE
• An employee of a company was suspected of placing a
Trojan horse in the company network. The employment
had been terminated, and the suspicion was that the
employee had placed a Trojan horse to get back at the
company for firing him.
• The Trojan horse was detected and analysed by the
company’s IT department, and it was evident that it was
configured to send information to an IP address located
close to where the former employee lived.
• Since search warrants and tracing IP addresses are off
limits for companies, other actions had to be taken.

67
 CASE (cont.)
• After careful examination of how the Trojan horse got inserted into the
network, it seems as if it had been copied from a USB stick. It was also
possible to determine the unique identifier for the USB stick.
• A USB device that was issued by the company and used by the employee
was examined, and the unique identifier was the same as for the USB stick
that was used to distribute the malware.
• When the employee was confronted with the evidence, he admitted to
having injected the Trojan horse, and a civil lawsuit was filed.

68
 Digital Forensics

• Digital forensics is the practice of collecting,

analysing and reporting on digital data in a way that
is legally admissible.
• It can be used in the detection and prevention of
crime and in any dispute where evidence is stored
digitally.
69
 Digital Forensics

• The devices that are being examined will be used by someone and
very likely to contain personal data.
• A company may employ policies against personal use of company
resources. However, even if such a policy is in place, one can
assume to find personal information originating from social media,
online banking, or whatever.
• Any forensic examination is by definition a breach of someone’s
privacy. While that breach is sometimes necessary, it should not be
taken lightly by forensic examiner.

70
 Digital Forensics: Ethical Issues

• Raises many ethical issues for an organization

– Should an organization attempt to destroy
incriminating evidence?
– Should an organization attempt to bury
incriminating evidence in a mountain of trivial,
routine electronically stored data?
– To what degree must an organization be
cooperative and detailed in providing evidence?

Ethics in Information Technology, Fourth Edition 71

 Digital Forensics: Examiner Guidelines

• Follow local regulations and law

• Do not harm humans actively
• Do not watch bad things happen
• Do not perform undercover research
• Avoid irrelevant information and treat it as confidential
• Be honest about your errors
• Be objective
• Examine all evidence in the scope of the task
• Never withhold any evidence
• Never put yourself in a conflict of interest situation
72
 Consumer Profiling

• Outside of the Web environment, each time a consumer uses a credit

card, redeems frequent flyer points, fills out a warranty card, answers
a phone survey, buys groceries using a store loyalty card, or orders
from a mail-order catalog, the data is added to a storehouse of
personal information about that consumer
• Data can be sold or shared with third parties

73
 Ethical Boundaries With Customer Profiling
• To develop customer profiles, businesses must collect information about
their customers.
• How businesses collect that information, however, is an ethical dilemma,
and businesses do not all agree where the ethical boundary lies. Some
businesses collect customer information using surveys and order-form
questionnaires. Other businesses use software programs that track what
sites customers visit online.
• Some businesses have privacy policies that guarantee that an individual's
personal information will not be sold, while others have websites expressly
for the purpose of gathering and sharing customer information.

74
 Consumer Profiling
• Companies openly collect personal information about
Internet users when they register at Web sites,
complete surveys, fill out forms, or enter contests
online
• Cookies
Text files that a Web site can download to visitors’ hard
drives so that it can identify visitors later
• Tracking software
Analyzes browsing habits and deduce personal
interests and preferences and creates user profile

75
 Consumer Profiling (cont’d.)
• Aggregating consumer data
– Databases contain a huge amount of consumer
behavioral data (what they like, how they behave,
what motivates them to buy)
– Marketing firms provide this data to companies so
that they can customize their products and services
to individual consumer preferences
– Advertisers use the data to more effectively target
and attract customers to their messages
– A group of Web sites served by a single advertising
network is called a collection of affiliated Web sites

76
 Consumer Profiling (cont’d.)

• To limit or stop the deposit of cookies on HD

– Set the browser not to accept cookies
– Manually delete them from the hard drive
– Download and install a cookie-management
program
– Use anonymous browsing programs that don’t
accept cookies, for example
www.anonymizer.com offers anonymous surfing
services

77
 Consumer Profiling (cont’d.)
• Personalization software
 Recommend the number, frequency, and mixture
of their ad placements according to user profile
 Evaluate how visitors react to new ads.

• Types of personalization software

1. Rules-based
2. Collaborative filtering
3. Demographic filtering

78
 Workplace Monitoring

• Employers monitor workers to protect against

employee abuses that reduce worker
productivity or expose employer to harassment
lawsuits
• Public-sector employees have far greater privacy
rights than in the private industry
• Privacy supporters want legislations in order to
keep employers from invading the privacy rights
of their employees

Ethics in Information Technology, Fourth Edition 79

 Advanced Surveillance Technology
• Camera surveillance
– Many cities plan to expand surveillance systems
– Supporters argue that people should not have any
expectation of privacy in a public place
– Critics concerned about potential for abuse

• Global positioning system (GPS) chips

– Placed in many devices
– Precisely locate users
– Vendors, banks and airlines have services based on
knowledge of consumer location
Example: Sending consumers digital coupons for stores that are
nearby, providing the location of the nearest ATM, and updating
travelers on flight and hotel information
Ethics in Information Technology, Fourth Edition 80
 Non-Disclosure Agreement
• NDA is a legal contract between at least two parties that outlines
confidential material, knowledge, or information that the parties wish to
share with one another for certain purposes but wish to restrict access to
or by third parties. Ex: Doctor–patient confidentiality and bank–client
confidentiality.
• It is a contract through which the parties agree not to disclose information
covered by the agreement.
• An employee can be required to sign an NDA or NDA-like agreement with
employer, protecting trade secrets.
• A non-disclosure agreement (NDA) may be classified as unilateral,
bilateral, or multilateral.

81
No Digital Archiving System will be good enough without cyber security
Why Computer Incidents Are So Prevalent

• Increased computing environment complexity increases

vulnerability
• Personal computers connect to networks with millions
of other computers capable of sharing information
• Workers in many organizations operate in a cloud
computing environment in which software and data
storage are services provided via the cloud

84
 Types of Attacks

• Computers as well as smartphones can be target

• Types of attacks
– Virus
– Worm
– Trojan horse
– Distributed denial of service
– Rootkit
– Spam
– Phishing
– Social engineering
85
Viruses

• Pieces of programming code

• Often attached to executable files, so that when the
infected file is opened, the virus executes
• Deliver a “payload” which cause unexpected and
undesirable behavior
• Spread by actions of the “infected” computer user
• Infected e-mail document attachments
• Downloads of infected programs
• Visits to infected Web sites

86
 Worms

• Standalone SW that does not

require a host program or
human help to propagate
• Reside in active memory of a
computer
• Duplicate themselves
• Whereas a virus requires a
host program to run, worms
can run by themselves.

87
Trojan Horses
• Malicious code hidden inside seemingly harmless
programs
• Users are tricked into installing them
• Delivered via email attachment, downloaded from a
Web site, or contracted via a removable media device
• Trojans are found in image files, audio files or games.
It differs from a virus because it binds itself to non-
executable files
• Logic bomb: Executes when triggered by certain
event, such as typing a specific series of keystrokes or
by a specific time or date
88
 Rootkits

• Set of programs that enables its user to gain

administrator-level access to a computer without
the end user’s consent or knowledge
• Attacker can gain full control of the system and
even hide the presence of the rootkit
• Fundamental problem in detecting a rootkit is that
the operating system currently running cannot be
trusted to provide valid test results

89
 Spam

• Abuse of email systems to send unsolicited email to large

numbers of people
– Low-cost commercial advertising for questionable products
– Method of marketing also used by many legitimate
organizations

90
 Phishing

• Legitimate-looking emails lead users to fake Web

sites to try to get the recipient to reveal personal
data

• Smishing
– Phishing via short text messages
• Vishing
– Phishing via voice mail messages

Ethics in Information Technology, Fourth Edition 91

92
 Social Engineering

• Social engineering involves psychologically manipulating people

into revealing information or taking inappropriate actions.
• Very often victims have no idea they have done something wrong
until the fraud is later exposed.
• Social engineering attacks are highly targeted on a small number of
potential victims.
• While phishing schemes typically rely on email, attachments and
webpages to capture private data, social engineering might use
these, the phone or any number of different methods.

93
 • Dumpster Diving is investigating a person or business’s trash
to find information to be used to attack a computer network.
Dumpster • Dumpster divers locate financial statements, government
records, medical bills, résumés, and the like simply through
Diving exploring the victim’s rubbish.
• Once in hand, the information is used to piece together identity
profiles, making social engineering more likely to succeed.
Types of Attackers

• Attackers include:
– Adventure seekers wanting a challenge
– Common criminals looking for financial gain
– Industrial spies trying to gain an advantage
– Terrorists seeking to cause destruction
• Different objectives and access to varying resources
• Willing to take different levels of risk to accomplish an objective

Ethics in Information Technology, Fourth Edition 95

 Hacktivists and Cyberterrorists

• Hacktivist
– Hacking to gather information in order to achieve a political or social goal

• Cyberterrorist
– Attacks computers or networks in an attempt to threaten or force a
government to advance certain political or social objectives
– Seeks to cause harm rather than gather information
– Destroys infrastructure components of financial utilities and emergency
response units

Ethics in Information Technology, Fourth Edition 96

Cybersecurity Tracks

97
 Cybersecurity Tracks
• Defensive Track: Uses a reactive approach to security that
focuses on prevention, detection, and response to attacks. It
uses more traditional methods to keep networks safe from
cyber crime. The tactics rely on a thorough understanding of a
system environment and how to analyze it to detect potential
network flaws. This analysis influences the development and
deployment of preventive and protective measures that
discourage or outright stop cyber attacks.

• Offensive Track: Deploys a proactive approach to security

through the use of ethical hacking to mimic cyber attacks.
This method exploits security vulnerabilities and can eliminate
the guesswork of what may happen during an attack.
98
 Ethical Hacking

• Ethical hacking involves an authorized attempt to gain

unauthorized access to a computer system, application, or
data. Carrying out an ethical hack involves duplicating
strategies and actions of malicious attackers. This practice
helps to identify security vulnerabilities which can then be
resolved before a malicious attacker has the opportunity to
exploit them.
• Also known as “white hats,” ethical hackers are security
experts that perform these assessments. The proactive work
they do helps to improve an organization’s security posture.
With prior approval from the organization or owner of the IT
asset, the mission of ethical hacking is opposite from
malicious hacking. 99
Key Protocol Concepts of Ethical Hacking
Hacking experts follow four key protocol concepts:

• Stay legal. Obtain proper approval before accessing and

performing a security assessment.
• Define the scope. Determine the scope of the assessment so that
the ethical hacker’s work remains legal and within the
organization’s approved boundaries.
• Report vulnerabilities. Notify the organization of all vulnerabilities
discovered during the assessment. Provide remediation advice for
resolving these vulnerabilities.
• Respect data sensitivity. Depending on the data sensitivity,
ethical hackers may have to agree to a non-disclosure agreement,
required by the assessed organization.

100
 Skills and Certifications
• An ethical hacker should have a wide range of computer skills.
They often specialize, becoming subject matter experts (SME) on a
particular area within the ethical hacking domain.

• All ethical hackers should have:

 Expertise in scripting languages.
 Proficiency in operating systems.
 A thorough knowledge of networking.
 A solid foundation in the principles of information security.

• Well-known websites include:

– https://www.cybrary.it/
– https://www.pluralsight.com

101
What is Turnitin and iThenticate???

UWaterloo students’ reports problem

To Whom you are giving the access?

Two Factor Authentication (2FA)

Multi-Factor Authentication (MFA)

 @ University

There is Power of student Number

Do you recognize yours???

Do you recognize your national ID number???

E-Soldier
I-Robot, Do you trust your I-Phone?
Crypto-Currencies

Are they Ethical????

Corona Virus
 Drones

Video Gamers…………..
Brain USB (Neuralink)
Privacy
Digital Governance
 The Importance of Integrity

• Integrity is a cornerstone of ethical behaviour

• People with integrity:
– Act in accordance with a personal code of principles
– Extend to all people the same respect and consideration
– Apply the same moral standards in all situations

• Lack of integrity emerges if you apply moral standards

differently according to situation or people involved
• Many ethical dilemmas are not as simple as right
versus wrong
Ethics in Information Technology, Fourth Edition 118
Morality
 Morals

• One’s personal beliefs about right and wrong

• Morals may vary according to:
– Religion
– Cultural group
– Age
– Life experiences
– Education
– Gender

Ethics in Information Technology, Fourth Edition 120

 The Difference Between
Morals, Ethics, and Laws
• Morals: one’s personal beliefs about right and wrong

• Ethics: standards or codes of behavior expected of an individual by a

group

• Law: system of rules that tells us what we can and cannot do

– Laws are enforced by a set of institutions
– Legal acts conform to the law

Ethics in Information Technology, Fourth Edition 121

Freedom of Speech

What are the limitations???

Social Media
Search Engines
Search engine is a service that allows Internet users
to search for content via WWW.
User enters keywords or key phrases and receives a
list of Web content results in the form of websites,
images, videos or other online data.
The list of content returned is known as a search
engine results page (SERP).
SERP

Title tag
Meta description tag
(or first para of text if no
meta added)
Keywords
 Search Engine Optimization (SEO)

SEO focuses on maximizing the number

of visitors to website by ensuring that the
site appears high on the list of results
returned by a search engine.
It is the process of affecting the visibility
of a website in a search engine unpaid
results, called natural/organic results.
 Search Engine Optimization (SEO)

A range of techniques are employed in SEO. These techniques include

two broad categories:
◦ techniques that SE recommends as part of good design
◦ techniques that SE does not approve of
White hat SEO is centered on organic and long-term
strategies that increase ranking over time. This is a
comparatively slower process, but it promises stable
growth.
Optimizing a Web site primarily involves editing its content
and coding to both increase its relevance to specific
keywords and to remove barriers to the indexing activities
of search engines.
White hat SEO is most effective when incorporated into
initial design and development phases.
Webmasters such as Google and Bing published guidelines
to ethical SEO techniques.
White vs. Black Hat Techniques
Penalties
Websites that use black hat SEO methods suffer several types of
penalties:
● Black Listing
● Suspension
● Algorithm de-prioritization
 IT Specialists

• Partial list of IT specialists

– System analysts
– Software engineers
– Database administrators
– Testers
– Local area network (LAN) administrators

132
 Professional Codes of Conduct

• State the principles and core values that are essential to the work of an
occupational group

• Most codes of conducts include:

– What the organization aspires to become
– Rules and principles by which members of the organization are expected
to abide

• Many codes also include commitment to continuing education for those

who practice the profession

133
Professional Relationships That Must Be Managed

134
 Discrimination
Work Discrimination
You suddenly find yourself getting yelled at or written up
for your work, and there have been no obvious change to
the quality of your work at any time during your career
with that company

Age Discrimination
• Direct comments, harassing behavior or jokes
• Example: employees are being promoted or hired due
to their young age, while older, more experienced
employees are being overlooked again and again

135
Qs ?????????????