LEGISLATION GUIDING COMPUTER USAGE

Legislation: It is a law or set of laws that has been decreed by a law making or governing body.
The relevant legislation used in many countries of the world includes:
1. Computer misuse act of 1990.It makes the following illegal
 Unauthorized access to computer data
 Unauthorized access with intent to commit or facilitate commission of further offences
 Unauthorized modification of computer data
2. Copyright, design and patent act of 1988.This act concerns issues of intellectual property which include
music, software etc. It is illegal to:
 Duplicate software
 Run pirated software
 Transmit software
3. Defamation act of 1996. It consists of a publication of opinions and untrue statements which adversely
affect the reputation of a person or group of persons.
4. Data protection act of 1998:This act is concern with the following:
 Information about living individuals which is processed both manually and mechanically
 It gives new rights to those individuals about whom information is recorded, and demands good
handling of information about the people
ETHICAL RULES GUIDING COMPUTER USAGE
Computer Ethics: it is the rules of courtesy (good manners) governing the use of computers. This course has
become so popular today because of the widespread application of computers as well as the rapid growth of
computer networks such as the internet.
Importance of Computer Ethics
a) Make people use computers in a special way
b) Limit the level of computer crime
c) Teach computer users how to avoid catastrophes resulting from computer abuse
d) Enable us fit adequately in our new world the information society
e) Facilitate the creation of new laws to suit our modern computerized world
f) Prevent us from being misled by certain irresponsible websites or users
g) Enable us respect the rights of other computer users
h) Prevent us from illegally accessing other people’s computer data
THE TEN COMMANDMENTS FOR COMPUTER ETHICS
1. Thou shalt not use a computer to harm other people.
2. Thou shalt not interfere with other people's computer work
 3. Thou shalt not snoop around in other people's files.
4. Thou shalt not use a computer to steal.
5. Thou shalt not use a computer to bear false witness.
6. Thou shalt not use or copy software for which you have not paid.
7. Thou shalt not use other people's computer resources without authorization.
8. Thou shalt not appropriate other people's intellectual output.
9. Thou shalt think about the social consequences of the program you write.
10. Thou shalt use a computer in ways that show consideration and respect.

COMPUTER RELATED CODES OF CONDUCT

Codes of ethics are brought up by professional bodies. Organizations such as: BCS, ACM, and IEEE also
have their own codes of professional practice.
BCS CODE of conduct and practice
BCS stands for British computer society: It consist of a series of statements which prescribes minimum
standard to be observed by all members. It has been grouped into principal duties which all members should
endeavor to discharge in pursuing their professional lives.
1. Duty to the profession
2. The public interest
3. Duty to employers and clients
4. Professional competence and integrity
ACM code of ethics and professional conduct
ACM stands for, Association for computing machinery. It consists of imperative statements that are grouped
into the following four sections to facilitate understanding:
1. General moral imperatives
2. More specific professional responsibilities
3. Organizational leadership imperative
4. Compliance with the code
IEEE Code of Ethics
IEEE stands for the institute of Electrical and Electronic Engineers: according to this code members are
required to:
1. Honest and realistic in stating claims
2. Improve the understanding of technology
3. Treat all persons fairly regardless of such factors as race
4. Avoid real or perceived conflict of interest
 Netiquette
The term netiquette is the short form of network etiquette. It refers to the rules of courtesy governing the use of
computer networks. Netiquette has a dual purpose of helping new network users (or newbies) minimize their
mistakes. Some important Netiquette rules include:
1. Do not give your sign on and password to someone else
2. Do not gain unauthorized entry to someone else computer or snoop around in other people’s files
3. Do not send your credit card numbers over the net unless they are specially encrypted
4. Do not use a computer to steal
5. Do not use a computer to flame or hurt someone else
6. Do not use or copy software for which you have not paid
7. Do not use other people’s computer resources without authorization
8. Do not claim other people’s intellectual output as your own
9. Do not leave a laboratory computer without signing off the net
10. Do use a computer in ways that show consideration and respect
Issues of Ethical Controversy
 Privacy
 Property
 Intellectual property rights
 Security
 Freedom of information
 Sexuality and pornography
 Gambling

COMPUTER CRIMES AND SECURITY

Computer crime: It is an illegal act that involves a computer or computer network. There are two main
categories of computer crimes:
a) Computer related crime (CRC): Which are crimes that target the computers or networks directly, for
example, malicious codes and denial of service attacks.
b) Computer assisted crime (CAC): Which are crimes that are facilitated by computers or computer
networks, for example, cyber stalking, fraud and identity theft, and phishing.
Types of computer crimes
1. Software piracy: It is the illegal copying, distribution or use of computer software. Some common types of
software piracy are:
 Making counterfeit copies of software for sale
 Renting software
 Installing software on a server without a network license
 Using personal software for commercial purposes
2.Cyberterrorism: This refers to an act of terrorism that is conducted on the internet by means of computer
resources.
3. Masquerading: It is when an unauthorized person uses someone else identity to access a computer.
4.Social Engineering: This is the name given to a category of computer crime in which someone manipulates
other people into revealing information that can be used to steal data or subvert systems.
5.Harassment: This is the process of sending threatening email messages to people on networks or bulletin
board systems
6. Hacking: It is when a technically sophisticated computer user skillfully breaks into another person’s
computer system without permission.
7. Cracking: It is when a relatively unskillful and impatient user illegally breaks into another person’s
computer system.
8. Theft of data and computer equipment: thieves can take your personal information by tapping into your
phone line outside your house and connecting directly into their own computer
9.Denial of Service (Dos): This is a malicious attempt to make a computer resource unavailable to its intended
users.
10. Sessions Hijacking: It is when an intruder takes over another user’s network session when he/she gets up
to go somewhere without terminating he/her session.
11. Data Diddling: It is the process of modifying data before or after they are entered into the computer
system
12. Computer fraud: This the use of computers to dishonestly misrepresent data for personal gain, there by
causing harm to some other person.
13. Drug Trafficking: Drug traffickers are increasing using the internet to sell their illegal substances through
encrypted e-mail and other internet technologies.
14. Phishing: Is the criminally fraudulent process of attempting to acquire sensitive information such as
usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic
communication.
15. Spamming: this is the act of sending unwanted bulk email for commercial purposes.
16. Scamming: it is a fraudulent business activity that is conducted on the internet. It is a notorious crime on
the internet because:
 Scammers can reach a large number of people online
  Scammers cannot be easily traced
 Scammers do not have any restrictions or laws that can limit their activities.
 It is very difficult to find out the truth
17. The writing and use of malware: Some computer users write or use destructive programs such as Trojan
horses, logic bombs, worms, viruses to create problems for other viruses.
a) Worms: These are programs that propagate from computer to computer on a network without
necessary modifying other programs on the machine.
b) Logic bombs: These are programs that lie dormant for an extended period of time until they are
triggered by a particular event to perform a function that is not the intended function of the program in
which they are contained.
c) Trojan horses: These are programs that hide their true intension and then to totally perform an
unexpected malicious act.
d) Viruses: These are programs than have been written to enter the computer infects its files and alter the
way the computer operates without the user’s permission.

Computer Security: It is the technique developed to protect computers and computer data from accidental or
intentional harm.
Security measures taken to protect computers from computer crime include:
1. Encryption: It is the process of converting messages, information, or data into a form unreadable by
anyone except the intended recipient.
2. Backup and Recovery
3. Firewalls
4. Antivirus software: These are programs that guard a computer system from viruses and other
damaging programs. Some of the major types of antivirus software are: Avast Antivirus, AVG
Antivirus, Norton Antivirus, and McAfee virus scan.
5. Passwords: They are confidential sequences of characters that give approved users access to
computers.
Characteristics of good passwords
a) They should contain a mixture of characters and symbols that are not real words
b) They should be change at least every three months
c) They should be different from each system that is used
d) They are not composed of exact sequences of letters on a keyboard
e) The password for each system you are authorized to use should remain secret
6. A password should not be shared with other end- users, or written down or used in plain sight of others.
 Other Security Measures Include:
a) Integrity: It keeps data safe from modification by people who are not authorized to use it
b) Confidentiality: It keeps data secret from people who are not authorized to see it
c) Authentification: This determines whether a given entity is really what it is declared to be
d) Authorization: This gives someone permission to use a particular system or data.

CHAPTER 2: THE SOCIAL, LEGAL, ETHICAL AND ECONOMIC

IMPLICATIONS OF THE USE OF COMPUTERS

C
2.1 Introduction
omputers have had many effects on individuals in society. They have impacted on the way individuals work,
socialize and run their lives. As a result of computers, an individual's values are now in constant flux. The moral
and ethical framework that guides an individual is constantly changing as is the economic and legal framework
within which lives are led.

2.2 Social and Economic Effects of Computers

The effects outlined below don’t fall under a specific category (positive or negative). These points are given just to lay
emphasis and create an awareness on those socio-economic effects of computers in our society.

i) Reduction of Manufacturing Jobs: the increasing sophistication of computers has allowed machines with robotic arms
to perform complex tasks with the dexterity that once required humans. These machines, over the long run, were cheaper
for companies to use than the human workers for whom the employers had provided benefits and retirement plans. This
has reduced a traditionally reliable source of employment for workers.

ii) Piracy of Copyrighted Materials: Before computers, piracy of movies and music was a small problem. The greatest
threat the music industry faced was the ability of stereo systems to record songs playing on the radio onto cassette tapes.
However, computers and the Internet provided a new venue through which a single digitized copy of a movie or song
could be infinitely distributed to other computers across the world. This caused a drop in music and video sales, and
created a small black market of cheap bootleg copies of these pirated items.

iii) Financial Engineering: Computers, and the computational power they represent, enabled the rise of the financial
entities known as hedge funds. These are companies of brokers who design sophisticated computer models to analyse
market data in real time to predict movement trends. The computers use these calculations to conduct instant transactions
electronically, generating higher market returns than brokers or portfolio managers ever saw before the computers'
deployment.

iv) Commerce or tertiary service industry, has been changed a great deal by the use of computers.

v)Databases: data was once kept in paper or card filing systems where it was very difficult to summarise and
manipulate. Once captured by a computer system data can be made available to anyone (legally or illegally)
and it can be processed to reveal information, patterns and trends that would remain hidden in paper-based
systems.

vi) Financial trading: money can be made by dealing in stocks and currencies. A tiny and brief change can be
exploited by a trading system that is fast enough to react to such changes and money can be made on the
difference. The faster a computer system the better the opportunities to make money in such trading so
financial organisations compete to have the fastest and most powerful systems.

vii) The automobile industry has lost labour as people have been replaced by robots. Much of this would have
been classed as semi-skilled or skilled manual labour. Without further education and training the people
displaced will find it hard to find comparable work.

vi) There is reduction in working hours as a result of automation of some tasks which can lead to reduction of salaries.

vii) The introduction of computers has led to retraining or reskilling as many employees have to be trained on how to use
a computer.

ix) Automation of tasks can lead to difficult jobs becoming easy so anyone can do them. As a result, a skilled employee
suddenly is the proud possessor of skills that no-one needs any more.

x) Automation of tasks has led to an increase in productivity thereby improving the profit of the organization.

The post office has become more of a bill paying center than a communication center as it is now faster and cheaper to
communicate online through emails and chats.

2.3 SYSTEM SECURITY AND RELIABILITY

a) System Security: An (operating) system is responsible for controlling access to system resources, which will include
sensitive data. The system must therefore include a certain amount of protection for such data, and must in turn control
access to those parts of the system that administer this protection. System security is concerned with all aspects of these
arrangements. It is literally a means or method by which something is secured through a system of interworking
components and devices. Examples of how system security works:
i) Home security systems work on the simple concept of securing entry points into a home with sensors that
communicate with a control panel or command centre installed in a convenient location somewhere in the home.

ii) Control Panel: The control panel is the computer that arms and disarms the security systems, communicates with
each installed component, sounds the alarm when a security zone is breached, and communicates with an alarm
monitoring company.

iii) Door and Window Sensors: Door and window sensors are comprised of two parts installed adjacent to each other.
One part of the device is installed on the door or window and the other on the door frame or window sill. When a door or
window is closed, the two parts of the sensor are joined together, creating a security circuit.

b) System Reliability: Reliability is an attribute to a computer related component (hardware, or software, or network for
example) that consistently performs according to its specifications. It has long been considered one of three related
attributes that must be considered when making, buying or using a computer product or component. Thus reliability
requires features that help and avoid faults; not just to run quietly with uncorrupted data but to detect and correct faults
where possible e.g repeat an operation or isolate the fault and report it.

c) System Resilience: resilience is the long term capacity of a system to deal with change and continue to develop. The
term resilience is used differently by different communities. In general engineering systems, fast recovery from a
degraded system state is often termed as resilience.

d) Privacy and Integrity of Data

To ensure data is safe from hackers (e.g by passwords, firewalls) and data is protected from corruption.

i) Data Integrity is about ensuring that data are correct. Data might be wrong on input; or it may be corrupted
accidentally by hardware failure or deliberately by a hacker. Data must be accurate and reliable or else it isn’t any use.
Validation and verification are used to ensure that data are correct when entered.

ii) Data Privacy: as the amount the amount of stored data has increased it has become increasingly important to have
the means and the legal framework to keep it private. Government data: military, intelligence, diplomatic, economic…
Personal: address, phone number, salary…Commercial: products, services, prices, processes, performance, plans…

iii) Data Security: it is concerned with keeping data safe from events such as theft. Damage, flood or fire.

e) Safe working practices:

i) Use passwords that can’t be easily guessed and protect your passwords

ii) Minimize storage of sensitive information

iii) Beware of scams

iv) Protect information when using the internet and email

v) Make sure your computer is secured with an antivirus and all necessary security “patches” and updates.

vi) Secure laptop computers and mobile devices at all times; Lock them up and carry them with you.

vii) Shut down, log off, lock or put your computer or other devices to sleep before leaving them unattended and make
sure they require a secure password to start up or wakeup

viii) Don’t install or download unknown or unsolicited programs/apps.

ix) Secure your area before leaving it unattended

x) Make backup copies of files or data you are not willing to lose.

2.4 Ergonomics Design

a) Definition: The applied science of equipment design, as for the work place, intended to maximize productivity by
reducing operator fatigue and discomfort. In other words it is the study of people's efficiency in their working
environment.

b) Computer Setup:

1. Use a good chair with a dynamic chair back and sit back.
2. The eye-level should be the same as the level of the monitor. You should be able to see the contents in the
monitor without bending your neck.
3. No glare on screen, use an optical glass anti-glare filter where needed.
4. Sit at arm’s length from monitor as a good viewing distance.
5. Feet on floor or stable footrest.
6. Use a document holder, preferably in-line with the computer screen.
7. Wrists flat and straight in relation to forearms to use keyboard/mouse/input device.
8. Arms and elbows relaxed close to body.
9. Top of monitor casing 2-3" (5-8 cm) above eye level.
10. Use a negative tilt keyboard tray with an upper mouse platform or downward tiltable platform adjacent to
keyboard.
11. Center monitor and keyboard in front of you.
12. Use a stable work surface and stable (no bounce) keyboard tray.
 Figure 2.1: Ergonomic setup.

i) Using Keyboard

Keep the keyboard flat. The hands and the keyboard should be parallel and perpendicular. Do not use the built-
in tips that elevates the back of the keyboard.

Figure 2.2: image showing the right position of fingers on a keyboard

ii) Using Mouse

Switch hands for using the mouse periodically. Keep the hand and wrist straight.

Figure 2.3: images showing the right way to use a mouse

iii) Stretching:

 Stretch inside of your body - drink water often.

 Take a walk every once in a while - e.g. every 45 minutes or so.

c) Some Computer related diseases, symptoms and their possible remedies:

i) Repetitive Strain Injury (RSI)

Body movements are produced by contracting and relaxing muscles. The muscles are attached to bones by tendons.
Tendons are smooth, and in some parts of the body they glide back and forth inside tubes called synovial sheaths. RSI
results when repeated stress is placed on the tendons, muscles, or nerves of the body, causing inflammation or damage.
Definition: RSI is a health problem resulting from overusing a part of the body to perform a repetitive task, like typing
and clicking, thereby causing trauma to that part.

RSI is also called, cumulative trauma disorder (CTD), repetitive strain disorder, repetitive stress injury, repetitive stress
disorder, overuse syndrome, and musculoskeletal disorder.

Some of the most common types of RSI are:

a) Tendonitis - inflammation of the tendons
b) Tenosynovitis - inflammation of the synovial sheath
c) Carpal Tunnel Syndrome - results when the median nerve is compressed, either from the swelling of tendons and
sheaths or from repeated bending of the wrist

Some of the conditions that may lead to CTDs are:

i. Repetition- long or concentrated hours of typing or using a mouse
ii. Posture - long hours of sitting in the same position while typing, especially if it is in an uncomfortable or poorly
supported position, or if the wrists are bent
iii. Lack of rest - intensive hours at the keyboard with few breaks

Symptoms of CTDs:
- Tingling or numbness in the hands or fingers
- Pain in fingers, hands, wrists, or even shooting up into the arms or forearms
- Loss of strength or coordination in the hands
- Numbness or discomfort in the hands which wakes you up at night

ii) Carpal Tunnel Syndrome

Carpal tunnel syndrome (CTS) is a compression of the median nerve in the wrist. Symptoms include pain and
numbness in the hand (especially at night), clumsiness, paresthesia (pins and needles), and trophic changes
(such as muscle wasting). In a true CTS, these are felt where the median nerve goes: the palm side of the index
and middle fingers and part of the thumb and ring finger. Conservative treatment without surgical intervention
will usually give relief, especially if done early after onset.

Similar symptoms can also be due to nerve compression in the neck, shoulder or arm from such things as tight
neck or shoulder muscles (ie: thoracic outlet syndrome or pectoral muscle contracture) or poor neck mechanics
to name a few. These other problems are often mis-diagnosed as CTS. To help see if you have a true carpal
tunnel syndrome or not, use Phalen's test.
 Figure 2.4: Phalen's Test

Place the backs of both of your hands together and hold the wrists in forced flexion for a full minute. (Stop at
once if sharp pain occurs). If this produces numbness or "pins and needles" along the thumb side half of the
hand, you most likely have Median nerve entrapment (Carpal Tunnel Syndrome). Examination by a health care
professional familiar with these conditions is the way to be sure of the diagnosis and get proper treatment.

- Keyboards: Be sure to get the height right to prevent too much bend at the wrist and allow the forearm to
have some support. The arms should hang loose to prevent the shoulder muscles from cramping. Many
keyboards can tilt; unfortunately, most of them tilt the wrong way. If anything the keyboard should tilt to help
the wrist stay straight, which is to say raising the space bar end and lowering the "top"(the F1, F2 etc.) end.
Tilting the key board the other way, (space bar lower and "top" row higher) can set you up for carpel tunnel
syndrome.

Treatment Effective conservative treatment of CTS should include:

 Chiropractic manipulation of the wrist, forearm and hand

 Ice massage (10 to 12 minutes) several times a day
 minimizing any irritating activities
 wrist strengthening exercises
 wrist stretching exercises
 possible use of wrist brace or splint while sleeping
 applying sound ergonomic principles (see The Human Interface)

Seeing your Chiropractor for a check up to keep the joints mobile and mechanically well aligned is a great aid.
These treatments can minimize the formation of CTS as well as decreasing its pain and impact on your job and
lifestyle. While seeing your Chiropractor, ask for more details about what is best for you, personally, regarding
work habits, exercise and stretching to promote good health and in the prevention and /or management of
carpal tunnel syndrome.
iii) Computer Vision Syndrome

This comprises of problems related to seeing correctly like visual fatigue, dry itchy and sore eyes, blurred or double
vision, burning watery eyes and loss of colour in affected regions. To avoid eyestrain, take the following precautions:
o Exercise your eyes periodically focusing on objects at different distances
o Blink regularly
o Position the monitor to avoid glare
o Keep your monitor clean
o Service, repair or replace a monitor that flickers

2.5 Computer Crimes

a) Definition: Alternatively referred to as cybercrime, e – crime, electronic crime or Hi-tech crime. Computer crime is an
act performed by a knowledgeable computer user, sometimes referred to as a hacker that illegally browses or steals a
company’s or individual’s private information. In some cases, this group of individuals may be malicious and destroy or
otherwise corrupt the computer or data files.

b) Types of computer Crimes:

i) Child Pornography: This is material showing children in erotic poses or having sex. It is usually graphic
material in the form of drawings, photographs or video, but can be in writing as well. Child pornography that
involves real children is a record of child sexual abuse. Usually, these children are shown or described as being
in different stages of undress, with some clothes off, or completely naked.

ii) Cyber terrorism: Cyber terrorism can be defined as an act of terrorism (Hacking, threats and blackmailing towards a
business or person) committed through the use of cyberspace or computer resources. As such, a simple propaganda in the
Internet, that there will be bomb attacks during the holidays can be considered cyber terrorism

iii) Cyberbullying or Cyber stalking: Cyber stalking is a crime in which the attacker harasses a victim using electronic
communication, such as e-mail or instant messaging (IM), or messages posted to a web site or a discussion group. Cyber
stalking messages differ from ordinary spam in that a cyber-stalker targets a specific victim with often threatening
messages, while the spammer targets a multitude of recipients with simply annoying messages.

iv) Creating Malware: Writing, Creating or Distributing Malware (e.g Viruses and spyware.)

v)Denial of Service Attack: A denial or degradation of service (DoS) is an attack to a computer system that puts it out of
action by overloading it with data in a way that the system was never prepared to handle. A DoS attack makes the system
unavailable to its intended users. A distributed denial-of-service (DDoS) attack is one in which a multitude of
compromised systems attack a single target, thereby causing denial of service for users of the targeted system.

vi) Espionage: Spying on a person or business.

vii) Fraud: Manipulating data eg changing banking records to transfer money to an account. Computer Fraud is also
defined as any act using computers, the internet, internet devices, internet services, to defraud people, companies, or
government agencies of money, revenue, or internet access. There are many methods to perform these illegal activities.
Phishing, social engineering, viruses and DDos attacks are fairly well known tactics used to disrupt service or gain access
to another’s funds, but this list is not inclusive.

viii) Harvesting: Collect amount or other account related information on people.

ix) Identity Theft; pretending to be someone you are not.

x) Intellectual property theft: stealing another person or company intellectual property

xi) Phishing: Deceiving individuals to get private or personal information about that person.

xii) Salami Slicing: Stealing tiny amounts of money from each transaction

xiii) Spamming: Distributed unsolicited e-mail to dozens or hundreds of different addresses

xiv) Spoofing: Deceiving a system into thinking you are someone you really are not.

xv) Unauthorized access: Gaining access to systems you have no permission to access. This is when someone gains
access to a website, program, server, service, or other system using someone else’s account or other methods. For
example, if someone kept guessing a password or username for an account that was not theirs until they gained access it
is considered to be unauthorized.

xvi) Wiretapping: connecting a device to a phone to listen to conversations

c) Malware attacks

Malware (malicious software) is any software that could harm a computer system, interfere with a user's data, or make
the computer to perform actions without the owner's knowledge or permission. Examples are virus, worms, Trojan horse,
spyware and logic bombs.

i) Virus: A virus is a computer program that can copy itself and infect a computer where it destroys files and disrupts the
operation of the computer. A virus can spread from one computer to another (in some form of executable code) when its
host is taken to the target computer.

ii) Worm: A worm is a self-replicating malicious program which uses a computer network to send copies of itself to
other computers (nodes) on the network and it may do so without any user intervention. Unlike a virus, it does not need
to attach itself to an existing program. Worms cause harm to the network by consuming bandwidth whereas viruses
corrupt or modify files on a targeted computer.
 iii) Trojan horse: A Trojan horse is malware that appears to perform a desirable function for the user prior to run or
install but instead facilitates unauthorized access of the user's computer system. Once a Trojan horse has been installed
on a target computer system, a hacker may have access to the computer remotely and perform various operations, limited
by user privileges on the target computer system and the design of the Trojan horse.

iv) Spyware: Spyware is software that monitors a computer user’s activity without their knowledge and reports it to a
central location. The purpose of spyware ranges from purportedly benign (enforcing copyrights, displaying targeted
advertisements) to very malicious (stealing passwords and credit card numbers).The most common way to get spyware
on your computer is to install it yourself when you are tricked into installing free software.

v) Logic bomb: A logic bomb also known as slag code, is a piece of computer code that executes a malicious task such
as clearing a hard drive or deleting specific files, when it is triggered by a specific event. It is secretly inserted into the
code of a computer's existing software, where it lies dormant until that event occurs. This event may be a specific date
and time or failure to input a command at a certain time.

vi) Software Key loggers: Software key loggers are software that record keystrokes entered by a user, usually to secretly
monitor and/or maliciously use this information. They can record instant messages, email, passwords and any other
information you type at any time using your keyboard. Software key loggers may also be embedded in spyware, allowing
your information to be transmitted to an unknown third party over the Internet.

2.6 Measures to combat computer crime:

The following measures can be used to combat computer crimes:
i. Physical deterrents such as locks, card access keys, or biometric devices can be used to prevent criminals from
gaining physical access to a machine on a network. Strong password protection both for access to a computer to a
computer system and a computer’s BIOS are effective countermeasures to against cybercriminals with physical
access to a machine.
ii. Use access control mechanisms that will ensure confidentiality, integrity and availability.
iii. Encrypt confidential data stored in computers or transmitted over communication networks.
iv. Install antivirus software and update it regularly
v. Install intrusion detection systems to help detect any unauthorized access to the system.
vi. Install firewalls to prevent unauthorized access to local networks.
vii. Network vulnerability testing performed by technicians or automated programs can be used to test on a full-scale
or targeted specifically to devices, systems, and passwords used on a network to assess their degree of secureness.
Furthermore network monitoring tools can be used to detect intrusions or suspicious traffic on both large and small
networks.
viii. Use bootable bastion host that executes a web browser in a known clean and secure operating environment. The
host is devoid of any malware, where data is never stored on a device and the media cannot be overwritten. The
 kernel and programs are guaranteed at each boot. Some solutions have been used to create secure hardware
browsers to protect users while accessing online banker.
ix. Regular backups and security: Just making something illegal or setting up regulations does not stop it happening.
Responsible computer users need to take reasonable steps to keep their data safe. This includes regular backups
and sufficient security with passwords.
x. Close down chat rooms: Some chat rooms have been closed down due to abuses, especially where children are
vulnerable. Some have moderators who help to prevent abuses. Advice about sensible use is important; especially
to never give personal contact details or arrange meetings without extreme caution.
xi. Reduce email spamming: This may be reduced by:
 never replying to anonymous emails
 setting filters on email accounts
 reporting spammers to ISPs, who are beginning to get together to blacklist email abusers
 governments passing laws to punish persistent spammers with heavy fines

2.7 Computer Systems Security

Computer system security is the process of preventing and detecting the unauthorized use of computer systems.
Prevention helps stop unauthorized users from accessing any part of the computer system by controlling access to the
system, while detection helps determine whether or not someone attempted to break into the system, if they were
successful, and what they may have done.
Computer security has three main goals, confidentiality, integrity and availability, which can be conveniently
summarized by the acronym "CIA":

i) Confidentiality ensures that information is not accessed by unauthorized persons. In other words, it ensures that
information is kept secret or private.
ii) Integrity ensures that information is not altered by unauthorized persons in a way that is not detectable by authorized
users. That means that there is an external consistency in the system - everything is as it is expected to be.
iii) Availability ensures that the system is accessible and useable upon appropriate demand by authorized users. In other
words, this means preventing denial-of-service.

Different mechanisms used to ensure the security of computer systems are authentication, encryption, firewalls, digital
signatures, etc.

a) Authentication
Authentication is the process of determining if someone is who they declare to be. In simple terms, it is proving
someone’s identity. Authentication can be obtained by the user providing something they know (password), something
they have (smart card) or something they are (biometrics).
i) Passwords: A password is a secret sequence of characters that is required to login to a system, thus preventing
unauthorized persons from gaining access to the system. When authentication is done through the use of a password,
knowledge of the password is assumed to guarantee that the user is authentic. Passwords can be guessed or cracked and
so if anyone is using a password to protect their system, the following guidelines will help make it more secure:

 Don’t choose an obvious password (like your name, date of birth or name of relative)
 Keep your password secret. Don’t share it!
 Change your password regularly but not too often.
 Make your password at least eight characters long.
 Do not use common or proper words of phrases - these can be found using a dictionary cracker.
 Use a mixture of upper and lower case letters and numbers.

ii) Smart Card: A smart card is a small card that holds user authentication information. When the card is inserted into a
card reader, electrical fingers wipe against the card. The information in the card is read and used to authenticate the
person. Cards can be stolen and so are not as reliable as biometrics.

iii) Biometrics: Biometrics is the science and technology of measuring and analysing biological data. In computer
security, it refers to the use of measurable biological characteristics such as fingerprints, eye retinas, iris patterns, facial
patterns, voice patterns, hand measurements and DNA, to identify a person. It is the safest authentication technique.

b) Encryption:

Encryption is the process of transforming a message using an algorithm into a form unreadable by anyone except the
intended recipient. The original message is known as plaintext, the algorithm is cipher and the encrypted text is cipher
text. To read an encrypted message, one must have access to a key that will enable them to decrypt it.
Encryption ciphers can be grouped into two: substitution and transposition ciphers.

Sender Recipient
Hello Encrypted text Hello
%fd$h

Encryption Decryption

Key Key

Figure 2.5: encryption and decryption process in a transmission medium

c) Firewall: A firewall is a system designed to prevent unauthorized access to or from a private network. Firewalls are
implemented in either hardware or software form, or a combination of both. They prevent unauthorized Internet users
from accessing private networks connected to the Internet. All messages entering or leaving the network must pass
through the firewall which examines each message and blocks those that do not meet the specified security criteria. Some
Operating Systems like Windows Vista, 7, 8 and Mac OS X, have built-in firewalls.
d) Intrusion Detection: Intrusion detection is the art and science of sensing when a system or network is being used
inappropriately or without authorization. An intrusion-detection system (IDS) monitors system and network resources
and activities and, using information gathered from these sources, notifies the authorities when it identifies a possible
intrusion.
e) Digital Signatures: A digital signature (not to be confused with a digital certificate) is a mathematical technique used
to validate the authenticity and integrity of a message, software or digital document.

The digital equivalent of a handwritten signature or stamped seal, but offering far more inherent security, a digital
signature is intended to solve the problem of tampering and impersonation in digital communications. Digital signatures
can provide the added assurances of evidence to origin, identity and status of an electronic document, transaction or
message, as well as acknowledging informed consent by the signer.

2.8 Professional, Ethical and Moral Obligations of Users and Managers

a) Moral Obligations:

i) Contribute to society and human well-being: This principle concerning the quality of life of all people affirms an
obligation to protect fundamental human rights and to respect the diversity of all cultures. An essential aim of computing
professionals is to minimize negative consequences of computing systems, including threats to health and safety. When
designing or implementing systems, computing professionals must attempt to ensure that the products of their efforts will
be used in socially responsible ways, will meet social needs, and will avoid harmful effects to health and welfare.

ii) Avoid harm to others: "Harm" means injury or negative consequences, such as undesirable loss of information, loss
of property, property damage, or unwanted environmental impacts. This principle prohibits use of computing technology
in ways that result in harm to any of the following: users, the general public, employees, and employers. Harmful actions
include intentional destruction or modification of files and programs leading to serious loss of resources or unnecessary
expenditure of human resources such as the time and effort required to purge systems of "computer viruses."

iii) Be honest and trustworthy: Honesty is an essential component of trust. Without trust an organization cannot
function effectively. The honest computing professional will not make deliberately false or deceptive claims about a
system or system design, but will instead provide full disclosure of all pertinent system limitations and problems. A
computer professional has a duty to be honest about his or her own qualifications, and about any circumstances that
might lead to conflicts of interest.

iv) Be fair and take action not to discriminate: The values of equality, tolerance, respect for others, and the principles
of equal justice govern this imperative. Discrimination on the basis of race, sex, religion, age, disability, national origin,
or other such factors is an explicit violation of ACM policy and will not be tolerated.
v) Honour property rights including copyrights and patent: Violation of copyrights, patents, trade secrets and the
terms of license agreements is prohibited by law in most circumstances. Even when software is not so protected, such
violations are contrary to professional behaviour. Copies of software should be made only with proper authorization.
Unauthorized duplication of materials must not be condoned.

vi) Give proper credit for intellectual property: Computing professionals are obligated to protect the integrity of
intellectual property. Specifically, one must not take credit for other's ideas or work, even in cases where the work has
not been explicitly protected by copyright, patent, etc.

vii) Honour confidentiality: The principle of honesty extends to issues of confidentiality of information whenever one
has made an explicit promise to honour confidentiality or, implicitly, when private information not directly related to the
performance of one's duties becomes available. The ethical concern is to respect all obligations of confidentiality to
employers, clients, and users unless discharged from such obligations by requirements of the law or other principles of
this Code.

b) Professional Obligations:

i) Strive to achieve the highest quality, effectiveness and dignity in both the process and products of
professional work: Excellence is perhaps the most important obligation of a professional. The computing
professional must strive to achieve quality and to be cognizant of the serious negative consequences that may
result from poor quality in a system.

ii) Acquire and maintain professional competence: Excellence depends on individuals who take
responsibility for acquiring and maintaining professional competence. A professional must participate in
setting standards for appropriate levels of competence, and strive to achieve those standards. Upgrading
technical knowledge and competence can be achieved in several ways: doing independent study; attending
seminars, conferences, or courses; and being involved in professional organizations.

iii) Know and respect existing laws pertaining to professional work: ACM members must obey existing
local, state, province, national, and international laws unless there is a compelling ethical basis not to do so.
Policies and procedures of the organizations in which one participates must also be obeyed. But compliance
must be balanced with the recognition that sometimes existing laws and rules may be immoral or inappropriate
and, therefore, must be challenged. Violation of a law or regulation may be ethical when that law or rule has
inadequate moral basis or when it conflicts with another law judged to be more important. If one decides to
violate a law or rule because it is viewed as unethical, or for any other reason, one must fully accept
responsibility for one's actions and for the consequences.
iv) Accept and provide appropriate professional review: Quality professional work, especially in the
computing profession, depends on professional reviewing and critiquing. Whenever appropriate, individual
members should seek and utilize peer review as well as provide critical review of the work of others.

v) Give comprehensive and thorough evaluations of computer systems and their impacts, including
analysis of possible risks:

Computer professionals must strive to be perceptive, thorough, and objective when evaluating, recommending,
and presenting system descriptions and alternatives. Computer professionals are in a position of special trust,
and therefore have a special responsibility to provide objective, credible evaluations to employers, clients,
users, and the public. When providing evaluations the professional must also identify any relevant conflicts of
interest, as stated in imperative 1.3

vi) Honour contracts, agreements, and assigned responsibilities.

Honouring one's commitments is a matter of integrity and honesty. For the computer professional this includes
ensuring that system elements perform as intended. Also, when one contracts for work with another party, one
has an obligation to keep that party properly informed about progress toward completing that work.

However, performing assignments "against one's own judgment" does not relieve the professional of
responsibility for any negative consequences.

v) Improve public understanding of computing and its consequences.

Computing professionals have a responsibility to share technical knowledge with the public by encouraging
understanding of computing, including the impacts of computer systems and their limitations. This imperative
implies an obligation to counter any false views related to computing.

c) Ethical Obligations:

i) Articulate social responsibilities of members of an organizational unit and encourage full acceptance
of those responsibilities: Because organizations of all kinds have impacts on the public, they must accept
responsibilities to society. Organizational procedures and attitudes oriented toward quality and the welfare of
society will reduce harm to members of the public, thereby serving public interest and fulfilling social
responsibility. Therefore, organizational leaders must encourage full participation in meeting social
responsibilities as well as quality performance.
ii) Manage personnel and resources to design and build information systems that enhance the quality of
working life: Organizational leaders are responsible for ensuring that computer systems enhance, not degrade,
the quality of working life. When implementing a computer system, organizations must consider the personal
and professional development, physical safety, and human dignity of all workers. Appropriate human-
computer ergonomic standards should be considered in system design and in the workplace.

iii) Acknowledge and support proper and authorized uses of an organization's computing and
communication resources: Because computer systems can become tools to harm as well as to benefit an
organization, the leadership has the responsibility to clearly define appropriate and inappropriate uses of
organizational computing resources. While the number and scope of such rules should be minimal, they should
be fully enforced when established.

iv) Ensure that users and those who will be affected by a system have their needs clearly articulated
during the assessment and design of requirements; later the system must be validated to meet
requirements: Current system users, potential users and other persons whose lives may be affected by a
system must have their needs assessed and incorporated in the statement of requirements. System validation
should ensure compliance with those requirements.

v) Articulate and support policies that protect the dignity of users and others affected by a computing
system: Designing or implementing systems that deliberately or inadvertently demean individuals or groups is
ethically unacceptable. Computer professionals who are in decision making positions should verify that
systems are designed and implemented to protect personal privacy and enhance personal dignity.

vi) Create opportunities for members of the organization to learn the principles and limitations of
computer systems: This complements the imperative on public understanding. Educational opportunities are
essential to facilitate optimal participation of all organizational members. Opportunities must be available to all
members to help them improve their knowledge and skills in computing, including courses that familiarize
them with the consequences and limitations of particular types of systems. In particular, professionals must be
made aware of the dangers of building systems around oversimplified models, the improbability of anticipating
and designing for every possible operating condition, and other issues related to the complexity of this
profession.

2.9 Legislation

Legislation (or "statutory law") is law which has been promulgated (or "enacted") by a legislature or other
governing body or the process of making it.
i) The Computer Misuse Act (1990)

This Act makes it an offence to access any computer to which you do not have an authorized right to use. It introduces
three criminal offences:

1. Accessing computer material without permissione.g looking at someone else's files.

2. Accessing computer material without permission with intent to commit further criminal offences, e.ghacking into
the bank's computer and wanting to increase the amount in your account.
3. Altering computer data without permission, eg writing a virus to destroy someone else's data, or actually
changing the money in an account.

ii) The Data Protection Act

The Act is aimed at protecting the rights of individuals to privacy. It protects personal data from being misused. Personal
data is data that can identify an individual and allow an opinion to be expressed about them. Data such as a person’s
name and address is not considered personal data but their date of birth and salary would be. The eight basic principles of
the Data Protection Act are:

1. If an organization holds data on individuals, it must be registered under the act.

2. Personal data should be processed fairly and lawfully
3. Personal data should not be disclosed in anyway other than lawfully and within the registered purpose.
4. Personal data should be adequate and relevant and not excessive for the required purpose.
5. Personal data should be kept accurate and kept up to date
6. Data must be processed in accordance with the right of the data subject
7. Appropriate security measures must be taken against unauthorized access
8. Data should not be transferred to countries that do not have suitable data protection laws.

iii) Copyright, Design and Patent law

This Act is designed to protect all types of intellectual property and ensure that authors or creators of a piece of work
receive both credit and compensation.

a) Copyright is a legal concept, giving the creator of original work exclusive rights to control its distribution for a
certain time period. Something that is copyrighted is not to be reproduced, published or copied without permission from
the copyright holder. Ideas are not protected by copyright; only the specific presentation of the idea is copyrightable.

Software licenses can be:

- Single user - licensed for installation on one computer
- Multi-user - the license allows you to install the software on a named number of computers
- Site-license - the license lets you install the software onto an unlimited number of computers, as long as they are on one
distinct site such as a school

b) Design is the appearance or construction of something. A design is not immediately protected. It must be registered
with the appropriate institution,

c) A Patent is a grant to inventors that give them exclusive monopoly over their invention. It gives them the right to stop
others from producing, selling or using their invention. Unlike copyrights, patents protect the ideas or design of the
invention rather than any tangible form of the invention.

iv) Health and Safety Act

The original Act and its many added regulations cover the range of hazards an employee may face like handling
hazardous material. Some of the regulations that apply to the computing industry are:

a) Display Screen Equipment Regulations

They cover the precautions that must be taken when an employee uses a visual display unit. The regulation covers items
such as the chair which must be adjustable, the desk which must be at the appropriate height, the monitor which must be
adjustable and the lighting which must be appropriate.

b) Moving and Handling Regulations

These regulations lay down the rules for safe moving of heavy objects. All employees involved in such activities must
receive proper training on avoiding injury when moving heavy objects.

c) Control of Substances Hazardous to Health (COSHH)

These regulations cover the safe storage and use of hazardous materials. This includes items such as laser printer toners
and anyone involved in replacing such items must be made aware of the potentially toxic nature of toners.

2.10 Codes of Ethics and Professional Conduct

A code of ethics and professional conduct sets the standards for what is expected of a professional. They are promises by
professions to regulate themselves in the general interest of the society. Code of ethics for information technology
professionals encourage them to behave ethically and responsibly with the tools and information they have in their
control. Examples are the British Computing Society (BCS) code of ethics, the Association for Computing Machinery
(ACM) code of ethics, and the Institute of Electrical and Electronics Engineer (IEEE) code of ethics.

a) ACM Code of Ethics

1. General Moral Imperatives
An ACM member will…
1.1. Contribute to society and human well-being.
1.2. Avoid harm to others.
1.3. Be honest and trustworthy.
1.4. Be fair and take action not to discriminate.
1.5. Honour copyrights and patents.
1.6. Give proper credit for intellectual property.
1.7. Respect rights to limit access to computing and communication systems.
1.8. Respect the privacy of others.
1.9. Honour confidentiality.

2. More Specific Professional Responsibilities.

An ACM Computing Professional will . . .
2.1. Strive to achieve the highest quality, effectiveness and dignity in both the process and products of professional work.
2.2. Acquire and maintain professional competence.
2.3. Know and respect existing laws pertaining to professional work.
2.4. Accept and provide appropriate professional review.
2.5. Give comprehensive and thorough evaluations of computer systems and their impacts, including analysis of possible
risks.
2.6. Honour contracts, agreements, and assigned responsibilities.
2.7. Improve public understanding of computing and its consequences.
2.8. Access computing and communications resources only when authorized to do so.

b) IEEE Code of Ethics

Members of the IEEE, in recognition of the importance of their technologies in affecting the quality of life throughout
the world, and in accepting a personal obligation to their profession, its members and the communities they serve,
commit themselves to the highest ethical and professional conduct and agree:

1. To accept responsibility in making decisions consistent with the safety, health and welfare of the public, and to
disclose promptly factors that might endanger the public or the environment;
2. To avoid real or perceived conflicts of interest whenever possible, and to disclose them to affected parties when they
do exist;
3. To be honest and realistic in stating claims or estimates based on available data;
4. To reject bribery in all its forms;
5. To improve the understanding of technology, its appropriate application, and potential consequences;
6. To maintain and improve our technical competence and to undertake technological tasks for others only if qualified by
training or experience, or after full disclosure of pertinent limitations;
7. To seek, accept, and offer honest criticism of technical work, to acknowledge and correct errors, and to credit properly
the contributions of others;
8. To treat fairly all persons regardless of such factors as race, religion, gender, disability, age, or national origin;
9. To avoid injuring others, their property, reputation, or employment by false or malicious action;

2.11 Netiquette
Netiquette is short for network etiquette. It is a set of rules about acceptable behaviour when communicating over the
Internet. Some basic rules of netiquette are:
i) Avoid flaming i.e. using obscene or inappropriate language in your emails or posts
ii) Avoid using capital letters in your emails/comments, it is considered like YOU ARE SHOUTING and it is
harder to read.
iii) Avoid sloppiness i.e. avoid spelling and grammatical errors. Re-read and edit your emails/comments before you
send/post
iv) Do not send huge file attachments unless they are requested
v) Always fill the subject field of an email before you send
vi) Do not format your emails with colored text or background colour. They may cause them hard to read.

REVISION QUESTIONS:
1. Describe the background to the increasing problems of data privacy, distinguish between data privacy and integrity of
data?

2. Describe three ways where data privacy might be compromised.

3. Describe four ways in which integrity of data can be compromised. Suggest a solution to each problem.

4. Discuss the ways to secure a stand-alone computer. Why are the risks to privacy and integrity increased when a
computer is networked? What steps can be taken to protect networked computers from attacks on privacy and integrity.

5. What do you understand by access control?

6. State what you understand by the following terms.

i) Digital inclusion ii) Digital divide.

7. (i) List and explain TWO main threats to the safety of data.
(ii) How does the Data Protection Act define the following terms?
(a) Personal data (b) Data (c) Data subject

8.(i) Systems need protection from hazards such as flood and fire. Describe two other hazards that may impede a
computer system.
(ii) Explain three reasons why wireless communication is not preferred by some organisations.
 9. Computers can be held responsible for a whole raft of health problems
(a) State and briefly explain two types of computer work related disorders
(b) Briefly explain how each can be prevented

10. Give two examples of computer crimes and two methods of preventing the stated crimes. (Q1(ii),

11.(a) Define the term computer virus and computer anti-virus.

(b) Briefly explain how the following malwares work: Trojan Horse, Worm, Boot sector Virus

12.(a) Explain the meaning of the term “Data Security”.

(b) Describe how encryption will help to protect information or a message which is sent across a network.

Suggested answers to some of the Questions:

2. Unauthorized access (hacking), Accidental disclosure e.g leaving the screen open), deliberate disclosure e.g selling to
journalists

3.Data may be corrupted :hardware failure; use e.g UPS and RAIDS and backup servers, a virus; anti-virus software,
unauthorized access; security measures including ID, password, biometric devices, code pads, USB dongle, card reader,
levels of permission(in line with ‘pay grade’), malicious action or mistake; need good manuals and training and security
procedures.

5. The limitation and control of access to a system through identification and authentication.
Or The process of limiting access to a system only to authorized users. This can be achieved through identification and
authentication.
6.(i) Digital inclusion: Digital inclusion is commonly defined as the incorporation of information technologies into the
community in order to promote education and improve the quality of life.
In other words, it is the ability of individuals and groups to access and use information and communication technologies.
Digital inclusion is necessary as we move towards a technology based society to ensure that all individuals can
participate fully in the economic, educational, civic and social activities of their community.
ii) Digital divide: The digital divide refers to the gap between those who have and those who lack access to computers
and the Internet

end