Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
MANAGEMENT
INFORMATION
SYSTEM
CYBER CRIME AND
ETHICAL & SOCIAL IMPACT OF
INFORMATION SYSTEMS
ZAHID NAZIR
Roll No. AB523655
MBA Executive
2nd Semester , Spring 2009
Employment Privacy
Business / IT
Health Security
Ethics
and Society
Crime
Working
Individuality Conditions
Figure: Important aspects of the security, ethical and societal dimensions of the use of
information technology in business. Remember that information technologies can
support both beneficial and detrimental effects on society in each of the areas
shown.
However it should also realized that information technology has had beneficial
results as well as detrimental effects on society and people in each of these
areas. For example, computerizing a manufacturing process may have the
adverse effect of eliminating people’s jobs, but also have the beneficial result
2
Zahid Nazir
Roll No. 523655
Ethical Issues
Information
&
Technology System
Quality
Individual
Accountability
& Control Society
Polity
Quality of Life
The fig. above shows the relationship between ethical, social, and political
issues in an information society.
3
Zahid Nazir
Roll No. 523655
TECHNOLOGY ETHICS
An important ethical dimension deals specifically with the ethics of the use of
any form of technology. Below are the four principles of technology ethics.
These principles can serve as basic ethical requirements that companies should
meet to help ensure the ethical implementation of information technologies
and information system in business.
4
Zahid Nazir
Roll No. 523655
One common example of technology ethics involves some of the health risks of
using computer workstations for extended periods in high volume data entry
job positions. Many organizations display ethical behavior by scheduling work
breaks and limiting the CRT exposure of data entry workers to minimize their
risk of developing a variety of work related health disorders, such as hand
injuries and overexposure to CRT radiation.
ETHICAL GUIDELINES
We have discussed few ethical principles that can serve as the basis for ethical
conduct by managers, end users and IS professionals. But what more specific
guidelines might help ethical use 0f information technology? Many companies
and organizations answer that question today with detailed policies for ethical
computer and internet usage by their employees. For example, most policies
specify that company computer workstations and networks are company
resources that must be used only for work related uses, whether using internal
networks or the internet.
5
Zahid Nazir
Roll No. 523655
Not exploit the weakness of a computer system for personal gain or personal
satisfaction.
6
Zahid Nazir
Roll No. 523655
CYBER CRIME
“Cybercrimes are generally defined as any type of illegal activity that
makes use of the Internet, a private or public network, or an in-house
computer system.”
7
Zahid Nazir
Roll No. 523655
Source: Wikipedia
Cyber Crime is the latest and perhaps the most complicated problem in
the cyber world. “Cyber Crime may be said to be those species, of which,
genus is the conventional crime, and where either the computer is an
object or subject of the conduct constituting crime”
8
Zahid Nazir
Roll No. 523655
9
Zahid Nazir
Roll No. 523655
The perpetrators of these attacks vary considerably. At the low end are script
kiddies, who are usually unsophisticated users that download malicious
software from hacker web sites and follow the posted instructions to execute
an attack on some target. These attacks are often only annoyance attacks, but
they can be more severe. At the next level are hackers who are trying to prove
to their peers or to the world that they can compromise a specific system, such
as a government web site. Next are insiders, who are legitimate users of a
system that either access information that they should not have access to or
damage the system or data because they are disgruntled. Insiders are often
less knowledgeable then hackers, but they are often more dangerous because
they have legal access to resources that the hackers need to access illegally.
Next are organizational level attacks. In this case, the organization’s resources
are used to get information illegally or to cause damage or deny access to
other organizations to further the attacking organization’s gain. These can be
legitimate organizations, such as two companies bidding on the same contract
where one wants to know the other’s bid in order to make a better offer. They
could also be criminal organizations that are committing fraud or some other
illegal activity. At the highest level is the nation state that is trying to spy on or
10
Zahid Nazir
Roll No. 523655
cause damage to another state. This level used to be called “national lab”
attackers, because the attackers have a substantial amount of resources at
their disposal, comparable to those that are available to researchers at a
national lab, such as Los Alamos Laboratory or Lawrence Livermore
Laboratory. After the September 11, 2001 terrorist attacks on the World Trade
Center, the idea of nation state level cyber attacks being carried out by
terrorists became a big concern.
Who can be typically expected to indulge in a Cyber Crime?
Disgruntled employees and ex-employees, spouses,
Insiders
lovers
Hackers Crack into networks with malicious intent
Pose serious threats to networks and systems
Virus Writers
worldwide
Use cyber tools as part of their services
For espionage activities
Foreign Intelligence: -
Can pose the biggest threat to the security of
another country
Terrorists Use to formulate plans, to raise funds, propaganda
The simple reason for this type of delinquent behavior pattern in children is
seen mostly due to the inquisitiveness to know and explore the things. Other
cognate reason may be to prove themselves to be outstanding amongst other
children in their group. Further the reasons may be psychological even.
Organized hackers:
11
Zahid Nazir
Roll No. 523655
Discontented employees:
This group include those people who have been either sacked by their
employer or are dissatisfied with their employer. To avenge they normally hack
the system of their employee.
12
Zahid Nazir
Roll No. 523655
Also known as Cyber terrorism is one distinct kind of crime in this category.
The growth of internet has shown that the medium of Cyberspace is being
used by individuals and groups to threaten the international governments as
also to terrorize the citizens of a country. This crime manifests itself into
terrorism when an individual "cracks" into a government or military maintained
website.
• Hacking • Phishing
• Denial of service attack • Spoofing
• Virus Dissemination • Cyber Stalking
• Software Piracy • Cyber Defamation
• Pornography • Threatening
• IRC Crime • Salami Attack
• Credit Card Fraud • Net Extortion
HACKING
“Hacking in simple terms means illegal intrusion into a computer system without
the permission of the computer owner/user.”
13
Zahid Nazir
Roll No. 523655
Computers that are not connected to the internet or to a wider network are
usually safe. Computers which form part of networks or those with external
links, such as attached modems, are a potential target.
Many hackers often have no specific fraudulent intent, but just enjoy the
challenge of breaking into a system. Company websites are an attractive target
for ‘cyber-vandals’ who change words around, add pictures or add their own
slogans to deface the sites.
14
Zahid Nazir
Roll No. 523655
TKMAXX, a large company trading online, were the recent victim of a hacker.
The retail outlet’s servers were accessed by hackers who then stole
approximately 45 million customers’ credit card details. Although the company
has argued that 75% of the details stolen were of no use to the criminals, that
still leaves 11 million that were. The knock on effect of the incident apart from
the money lost is the damage caused to the reputation of the company which
may be more costly than the money lost through the criminals hacking.
An attack could originate internally. Your company payroll details and other HR
information could be valuable and damaging information if in the wrong hands.
An attack that consumes the resources on your computer for things it was not
intended to be doing, thus preventing normal use of your network.
15
Zahid Nazir
Roll No. 523655
of useless traffic that can bring the network down. Some forms of attack have
special names such as The Ping Of Death and Teardrops.
This is an act by the criminal, who floods the bandwidth of the victim’s network
or fills his e-mail box with spam mail depriving him of the services he is entitled
to access or provide.
VIRUS DISSEMINATION
A computer virus is software or coding written for the sole purpose of infecting
a computer. The effects can range from the irritating but harmless, such as
humorous text or pictures being displayed on your monitor to the more
malicious sort that will delete all of the files on your hard disk. It is these types
of virus that can have the most damaging effects on a business and that is why
it is always necessary to have secure backups of all your data.
The most common method of spreading viruses is via email. Before email
appeared viruses were spread through the sharing of floppy disks. Other
methods such as disks and USB data sticks present a similar threat. However,
infection most commonly occurs through email.
16
Zahid Nazir
Roll No. 523655
A worm is a little different to a virus in that it is self replicating and does not
need a host medium. A typical virus will spread via email or by an infected file
but a worm can be released on to a computer and will spread via network
connections, within an office, to within a business, across a multinational
network and across the whole internet. It’s the same as a virus in that its aim is
to infect your computer and execute tasks which can range from humorous to
malicious damage.
The affects to your business from a virus or worm infection could range
from mildly annoying to extremely damaging. Hard drives can be
completely wiped, in effect leaving a business with no option but to
close. In this case a backup of your company information would be
invaluable.
A business being forced to close is the extreme case but the downtime
caused by infected equipment can cause setbacks and lost revenue
through the disruption
A virus may access your email address lists and send embarrassing or
offensive messages to clients and contacts, the effects of which could be
severe embarrassment and loss of all trade. This may also result in your
Internet Service Provider (ISP) blocking email that you send, including
legitimate mail.
17
Zahid Nazir
Roll No. 523655
SOFTWARE PIRACY
Retail revenue losses worldwide are ever increasing due to this crime
PORNOGRAPHY
18
Zahid Nazir
Roll No. 523655
IRC CRIME
Internet Relay Chat (IRC) is a form of real-time Internet Online chat or
synchronous conferencing. It is mainly designed for group communication in
discussion forums called channels, but also allows one-to-one communication
via private message, as well as chat and data transfers via Direct Client-to-
Client.
Internet Relay Chat (IRC) servers have chat rooms in which people from
anywhere the world can come together and chat with each other.
Credit card fraud is a wide-ranging term for theft and fraud committed using a
credit card or any similar payment mechanism as a fraudulent source of funds
19
Zahid Nazir
Roll No. 523655
There are two types of fraud within the identity theft category, application
fraud and account takeover. Application fraud occurs when criminals use
stolen or fake documents to open an account in someone else's name.
Criminals may try to steal documents such as utility bills and bank statements
to build up useful personal information. Alternatively, they may create
counterfeit documents.
20
Zahid Nazir
Roll No. 523655
PHISHING
The criminal can then use that sensitive information to steal what may be in the
account, sign up for credit cards, take out loans or sell your personal
information on the black market. The potential damage caused by a successful
phishing attempt could be enough to force the closure of the business.
21
Zahid Nazir
Roll No. 523655
You may also need to consider the potential effects of your company being
mimicked in emails sent out to your clients and customers, however if you do
not trade online or take confidential information via the internet, then your
clients would find it strange you should ask for personal details.
You should also be aware that apart from the danger of disclosing personal
information, bogus emails may also contain malware scripts that execute as
soon as the email is opened. If you do access a phishing site, you will be
vulnerable to drive by downloads of malicious code which will bypass any
firewall as you have effectively ‘trusted’ the website.
Figure: An example of a recent phishing attempt (The request to follow the link
to confirm bank details indicates the email is a scam – banks will never
request this!)
22
Zahid Nazir
Roll No. 523655
SPOOFING
The word "spoof" means to hoax, trick, or deceive. Therefore, in the IT world,
spoofing refers tricking or deceiving computer systems or other computer
users. This is typically done by hiding one's identity or faking the identity of
another user on the Internet.
Spoofing can take place on the Internet in several different ways. One common
method is through e-mail. E-mail spoofing involves sending messages from a
bogus e-mail address or faking the e-mail address of another user. Fortunately,
most e-mail servers have security features that prevent unauthorized users
from sending messages. However, spammers often send spam messages from
their own SMTP, which allows them to use fake e-mail addresses. Therefore, it
is possible to receive e-mail from an address that is not the actual address of
the person sending the message.
Another way spoofing takes place on the Internet is via IP spoofing. This
involves masking the IP address of a certain computer system. By hiding or
faking a computer's IP address, it is difficult for other systems to determine
where the computer is transmitting data from. Because IP spoofing makes it
difficult to track the source of a transmission, it is often used in denial-of-
service attacks that overload a server. This may cause the server to either crash
or become unresponsive to legitimate requests. Fortunately, software security
systems have been developed that can identify denial-of-service attacks and
block their transmissions.
23
Zahid Nazir
Roll No. 523655
While the Internet is a great place to communicate with others, it can also be
an easy place to fake an identity. Therefore, always make sure you know who
you are communicating with before giving out private information.
CYBER STALKING
Cyber stalking is a crime in which the attacker harasses a victim using electronic
communication, such as e-mail or instant messaging (IM), or messages posted
to a Web site or a discussion group. A cyber stalker relies upon the anonymity
afforded by the Internet to allow them to stalk their victim without being
detected. Cyber stalking messages differ from ordinary spam in that a cyber
stalker targets a specific victim with often threatening messages, while the
spammer targets a multitude of recipients with simply annoying messages.
CYBER DEFAMATION
Any derogatory statement, which is designed to injure a person's business or
reputation, constitutes cyber defamation. Defamation can be accomplished as
libel or slander. Cyber defamation occurs when defamation takes place with
the help of computers and / or the Internet. E.g. someone publishes
defamatory matter about someone on a website or sends e-mails containing
defamatory information to all of that person's friends.
THREATENING
The Criminal sends threatening email or comes in contact in chat rooms with
victim. (Any one disgruntled may do this against boss, friend or official)
24
Zahid Nazir
Roll No. 523655
SALAMI ATTACKS
This is basically related to finance and therefore the main victims of this crime
are the financial institutions. This attack has a unique quality that the alteration
is so insignificant that in a single case it would go completely unnoticed. E.g. a
bank employee inserts a programme whereby a meager sum of Rs 3 is
deducted from random customer’s account periodically and transferred to a
specific account for personal gains. Such a small amount will not be noticeable
at all.
NET EXTORTION
Copying the company’s confidential data in order to extort said company for
huge amount.
PRIVACY ISSUES
Information Technology makes it technically and economically feasible to
collect, store, integrate, interchange and retrieve data and information quickly
and easily. This characteristic has an important beneficial effect on the
efficiency and effectiveness of computer based information systems. However
the power of information technology to store and retrieve information can
have a negative effect on the right to privacy of every individual. For example
confidential email messages by employees are monitored by many companies.
Personal information is being collected about individuals every time they visit a
site on the World Wide Web. Confidential information on individuals contained
in centralized computer database by credit bureaus, government agencies, and
private business firms has been stolen or misused, resulting in invasion of
privacy, fraud and other injustice. The unauthorized use of such information
has seriously damaged the privacy of individuals. Errors in such database could
seriously hurt the credit standing or reputation of an individual.
25
Zahid Nazir
Roll No. 523655
If one doesn’t take proper precautions, anytime you send an e-mail, access a
web site, post a message to a newsgroup or use the internet for banking and
shopping… whether you are online for business or pleasure, you are
vulnerable to anyone bent on collecting data about you without your
knowledge. Fortunately, by using tools like encryption and anonymous
remailers, and by being selective about the sites you visit and the information
you provide, you can minimize, if not completely eliminate, the risk of your
privacy being violated.
The internet is notorious for giving its users a feeling of anonymity, when in
actuality; they are highly visible and open to violations of their privacy. Most of
the internet, the World Wide Web, e-mail chat and newsgroups are still a wide
open, unsecured electronic frontier, with no touch rules on what information is
personal and private. Information about internet users is captured legitimately
and automatically each time you visit a website or newsgroup and recorded as
a “cookie file” on your hard disk. Then the web site owners or online auditing
26
Zahid Nazir
Roll No. 523655
services like Double Click may sell the information from cookie files and other
records of your internet use to third parties. To make matter worse, much of
the Net and Web are easy targets for the interception or theft by hackers of
private information furnished to websites by internet users.
One can protect its privacy in several ways. For example, sensitive e-mail can be
protected by encryption, if both e-mail parties use compatible encryption
software built into their e-mail programs. News group postings can be made
privately by sending them through anonymous remailers that protect your
identity when you add your comments to a discussion. You can ask your ISP not
to sell your name and personal information to mailing list providers and other
marketers. Finally you can decline to reveal personal data and interests on
online service and website user profile to limit your exposure to electronic
snooping.
Computer Matching
The opposite side of the privacy debate is the right of people to know about
matters other may want to keep private (freedom of information), the right of
people to express their opinions about such matters (freedom of speech), and
27
Zahid Nazir
Roll No. 523655
the right of people to publish those opinions (freedom of the press). Some of
the biggest battle grounds in the debate are the bulletin boards, e-mail boxes
and online files of the internet and public information networks such as
America Online and Microsoft network. The weapons being used in this battle
include spamming, flame mail, libel laws and censorship.
There have been many incidents of racist or defamatory messages on the Web
that have led to calls for censorship and lawsuits for libel. In addition the
presence of sexually explicit material at many World Wide Web locations has
triggered lawsuits and censorship actions by various groups and governments.
IMPACT OF IT ON EMPLOYMENT
The impact of information technologies on employment is a major ethical
concern and is directly related to the use of computers to achieve automation
of work activities. There can be no doubt that the use of information
technologies has created new jobs and increased productivity, while also
causing a significant reduction in some types of job opportunities. For example,
when computers are used for accounting systems or for the automated control
of machine tools, they are accomplishing tasks formerly performed by many
clerks and machinists. Also jobs created by information technology may require
different types of skills and education than do the jobs that are eliminated.
Therefore, individuals may become unemployed unless they can be retrained
for new positions or new responsibilities.
28
Zahid Nazir
Roll No. 523655
However, there can be no doubt that internet technologies have created a host
of new job opportunities. Many new jobs, including internet web masters, e-
commerce directors, systems analysts and user consultants have been created
to support e-business and e-commerce applications. Additional jobs have been
created because information technologies make possible the production of
complex industrial and technical goods and services that would otherwise be
impossible to produce. Thus jobs have been created by activities that are
heavily dependent on information technology, in such areas as space
exploration, microelectronics technology and telecommunications.
COMPUTER MONITORING
One of the most explosive ethical issue concerning workplace privacy and the
equality of working conditions in business is computer monitoring. That is,
computers are being used to monitor the productivity and behavior of millions
of employees while they work. Supposedly computer monitoring is done so
employers can collect productivity data about their employees to increase the
efficiency and quality of service. However, computer monitoring has been
criticized as unethical because it monitors individuals, not just work, and is
done continually, thus violating workers privacy and personal freedom. For
example, when you call to make a reservation, an airline reservation agent may
be timed on the exact number of seconds he or she took per caller, the time
between calls, and the number and length of breaks taken. In addition your
conversation may also be monitored.
29
Zahid Nazir
Roll No. 523655
CHALLENGES TO INDIVIDUALITY
A frequent criticism of information systems concerns their negative effect on
the individuality of people. Computer based systems are criticized as
impersonal systems that dehumanize and depersonalize activities that have
been computerized, since they eliminate the human relationship present in
noncomputer systems.
30
Zahid Nazir
Roll No. 523655
send warning notices to a customer whose account had already been paid,
despite repeated attempts by the customer to have the error corrected.
HEALTH ISSUES
The use of information technology in the workplace raises a variety of health
issues. Heavy use of computers is reportedly causing health problems like job
stress, damaged arm and neck muscles, eye strain, radiation exposure and
even death by computer-caused accidents. For example, computer monitoring
is blamed as a major cause of computer related job stress. Workers, unions and
government officials criticizes computer monitoring as putting so much stress
on employees that leads to health problems. Some of the health issues related
to computer use are:
31
Zahid Nazir
Roll No. 523655
from poor seating and the poor organization of equipment on the desk
(stretching for the telephone or files etc).
Your hand and wrist ache after working at the computer all day, and
they sometimes start feeling numb. Research in recent years has found
that things like typing and sewing rarely cause carpal tunnel. Wear splints
while you work to keep your wrists from bending too high or low, and
use a keyboard tray or adjust your chair so the keyboard and mouse are
below your elbows and your wrists are level.
High levels of stress can kill you, don’t make mistakes! Highly stressful
workers have a higher risk of developing heart diseases and even cancer.
So make sure that you can manage your stress. Start making something
to reduce it, don’t wait till computer stress will be the main problem in
your life. Taking frequent breaks is an important step in preventing
repetitive computer stress injuries.
ERGONOMICS
Solutions to some of these health problems are based on the science of
ergonomics, also called human factors engineering.
Biomechanical Biomechanical
Physical Anthropometric
Lighting
The Tools Work Surface
(Computer, The Workstation Furniture
Hardware and and Environment
Software Climate
The User/
Operator
Software Design
Change Training The Tasks (Job
Content and
Job Satisfaction
Context
Support Systems
Rest Breaks
Shift Work Fig: Ergonomic Factors in the Workplace. Good
Management Systems ergonomic design considers tools, tasks, the workstation
and Environment.
32
Zahid Nazir
Roll No. 523655
The goal of ergonomics is to design healthy work environments that are safe,
comfortable and pleasant for people to work in, thus increasing employee
morale and productivity. Ergonomics stresses the healthy design of the
workplace, workstations, computers and other machines, and even software
packages. Other health issues may require ergonomic solutions emphasizing
job design, rather than workplace design. For example, this may require
policies providing for work breaks from heavy VDT use every few hours, while
limiting the CRT (cathode ray tubes) exposure of pregnant workers. Ergonomic
job design can also provide more variety in job tasks for those workers who
spend most of their workday at computer workstations.
*************************
33
Zahid Nazir
Roll No. 523655
PRACTICAL STUDY
OF ORGANISATION
34
Zahid Nazir
Roll No. 523655
GALXOSMITHKLINE
COMPANY’S
S OVERVIEW
At GlaxoSmithKline,, we conduct our business with integrity and honesty, and
aspire to excellence in all we do. We know our people are vital to the success
of the business, and encourage everyone to achieve their maximum potential.
We offer a competitive benefits package and recognize the need for a healthy
balance between work and family life.
35
Zahid Nazir
Roll No. 523655
BUSINESS UNITS
The organizational structure of GlaxoSmithKline (GSK) is designed to make our
company a model for excellence in the pharmaceutical industry - a new
company that represents best practice in every way.
GSK is a company with the size and scale to invest in the tools we need to
succeed, and to drive that success going forward. To achieve that goal, GSK is
organized as a flexible company, capable of responding quickly to a rapidly
changing marketplace. Organized globally to coordinate activities and gain the
benefits of size and scale, the company is built on smaller,
smaller, customer-focused
customer
units, dedicated to delivering medicines that relieve the suffering of patients
around the world.
The new and innovative model for R&D, the focused structure of our
pharmaceutical business throughout the world and the organization of our
global services such as IT and Procurement are some of the highlights in the
approach which will lead our success.
36
Zahid Nazir
Roll No. 523655
But the driving force behind GlaxoSmithKline's Consumer Healthcare bus business
is science. With four dedicated consumer healthcare R&D centers and
consumer healthcare regulatory affairs, the business takes scientific innovation
as seriously as marketing excellence and offers leading
leading-edge
edge capability in both.
The functions aim to achieve compliance with legal, financial and regulatory
frameworks within and outside the corporation; protecting, supporting and
motivating GSK people and the communities in which they work. They utilize a
responsive business infrastructure - combining account management and
shared services approaches - to work with GSK's diverse businesses. The
Corporate functions count among their audiences; employees, communities,
media, governments, analysts, institutions and shareholders worldwide.
37
Zahid Nazir
Roll No. 523655
Global capabilities:
Six IT departments provide core services that are required by each of the
business units and by GSK at large. These IT departments are:
38
Zahid Nazir
Roll No. 523655
GSK PHARMACEUTICALS
You would be forgiven for thinking that a company the size of GlaxoSmithKline
- with over 100,000 employees around the world - is only ever concerned with
the bottom line. But the truth is that every member of our organization is
equally dedicated to helping
helpi people around the world Live ive longer, Feel
F better
and Do more.
39
Zahid Nazir
Roll No. 523655
40
Zahid Nazir
Roll No. 523655
demand that the whole process is condensed into as short a time as possible.
GSK uses the scale
cale of a huge company to reach its goal of applying science to
improve patient health. Equally important is its flexibility, allowing teams of
scientists the freedom to take an entrepreneurial approach, and enabling them
to move quickly, on the basis of iinformed decisions.
GSK IN TIME
GSK employees are each expected to strive for improvement in these key
competencies and align themselves with the supportive behaviors.
People with Passion - People are enabled and motivated to do their best
work.
41
Zahid Nazir
Roll No. 523655
42
Zahid Nazir
Roll No. 523655
We asked some of our current employees, and here's what they said:
****************
43
Zahid Nazir
Roll No. 523655
GSK leads the industry in value, volume and prescription market shares. We are
proud of our consistency and stability in sales, profits and growth. Some of our
key brands include Augmentin, Panadol, Seretide, Betnovate, Zantac and
Calpol in medicine and renowned consumer healthcare brands include Horlicks,
Aquafresh, Macleans and ENO.
In addition, we are also deeply involved with our communities and undertake
various Corporate Social Responsibility initiatives including working with the
National Commission for Human Development (NCHD) for whom we were one
of the largest corporate donors. We consider it our responsibility to nurture the
environment we operate in and persevere to extend our support to our
community in every possible way. GSK participates in year round charitable
activities which include organizing medical camps, supporting welfare
organizations and donating to/sponsoring various developmental concerns and
hospitals. Furthermore, GSK maintains strong partnerships with non-
44
Zahid Nazir
Roll No. 523655
Mission Statement
Excited by the constant search for innovation, we at GSK undertake our quest
with the enthusiasm of entrepreneurs. We value performance achieved with
integrity. We will attain success as a world class global leader with each and
every one of our people contributing with passion and an unmatched sense of
urgency.
GSK IT
Sometimes the greatest revolutions in business are the quiet ones. IT at GSK is
leading a quiet revolution that is fundamentally changing the way we use
information. Combining business intelligence and marketing savvy with project
leadership capabilities, we enable the rest of the business to perform the
complex tasks involved in delivering life-enhancing solutions.
45
Zahid Nazir
Roll No. 523655
And that's just for starters - we also enable 30,000 salespeople to call on
healthcare professionals every day, and help in the production and delivery of
over 4 billion product packs in a single year.
GMS IT Mission
Our purpose
To improve GMS performance through optimised IT solutions and services
Our long-term aspiration
To build an enviable reputation for excellence
Our value proposition
We integrate IT and business processes to enable GMS to operate more
reliably, faster and at lower cost
Our core values
Integrity
Relationships
Results
46
Zahid Nazir
Roll No. 523655
STRATEGIC ROLE OF IT
The past year has seen major growth in the number of internal websites. These
allow information to be shared across the company on a global basis and are
supported by internal search engines analogous to those used externally on
the Internet. The ability to provide shared access to information has enabled
the growing use of ‘virtual teams’, that work collaboratively, spanning multiple
geographies and time zones, often subject to stringent time constraints.
47
Zahid Nazir
Roll No. 523655
scanning has been implemented at the gateway, server and desktop levels. The
separate approaches adopted by Glaxo Wellcome and SmithKline Beecham are
being integrated in a common standard approach for GlaxoSmithKline.
Virtually all GlaxoSmithKline’s major business processes rely heavily on the use
of information technology. Within R&D in both SmithKline Beecham and Glaxo
Wellcome there have been major programmes to capture key information, at
source, in electronic form and make it available wherever required. As a result
of these efforts, it was possible to make a number of regulatory drug
submissions during the past year solely in electronic form. New drug
submissions can be 50,000 to 250,000 pages in size and the ability to avoid
generating paper submissions gives rise to significant savings in time and cost.
Both Glaxo Wellcome and SmithKline Beecham have installed major systems in
the USA to analyse commercially available prescribing data. By better
understanding locally of how GlaxoSmithKline’s products are used in the
marketplace, it is possible to target promotional and detailing activities and
measure the market response. Information from these systems is transmitted
electronically to the field sales forces and their responses are then uploaded to
the system. With the growing availability of the required technology and
48
Zahid Nazir
Roll No. 523655
Insights gained from genomics and proteomics are transforming the way that
disease targets are identified and validated. Information generated from a
variety of external sources needs to be integrated with internally generated
information in a rapid and flexible manner that relies heavily on information
technology support. The analysis of these databases also requires significant
amounts of processing power, taking full advantage of advances in computer
technology.
E-BUSINESS
Both Glaxo Wellcome and SmithKline Beecham recognized the growing
importance of e-business and had already put small dedicated teams in place.
Web based interfaces to major customers have been implemented in the USA.
Current projects span a broad range of key audiences including opinion leaders,
healthcare professionals, patients and the public.
49
Zahid Nazir
Roll No. 523655
50
Zahid Nazir
Roll No. 523655
VIRUS / MALWARE
ACCEPTABLE UNACCEPTABLE
Do use caution when selecting websites to Do Not open email (including web-mail)
visit; this will help to avoid viruses, spyware attachments you are not expecting.
and adware from being installed by malicious
websites.
Do virus check anything prior to Do Not deliberately disable or prevent
downloading, even from a known source, as installed GSK Security software from running
it may be infected by a virus. (e.g. firewall, anti-virus, etc.).
Do contact the Help Desk, if you suspect the
presence of a virus on your computer.
PROTECTING ACCOUNTS AND PASSWORDS
ACCEPTABLE UNACCEPTABLE
Do manage and use accounts in accordance Do Not use easily guessable passwords;
with the Access Management IT including dictionary words (e.g. firetruck,
management Practice. password, superuser etc), sequences based
on keyboard layouts (e.g. qwerty),
incremental variations on previous
Password(s), birthdates, or names of your
children.
Do have a password that is at least (7) seven Do Not use your privileged account for non-
characters long. approved functions.
Do choose and use strong passwords (mix Do Not share/give passwords for user
letters, numbers and symbols (2g5!d#36lz), accounts after the initial logon. If a password
or passphrase (e.g. 14U2NV)). is disclosed or compromised, reset the
password immediately.
Do change all default or initial logon Do Not use your GSK ID and/or password for
passwords after the first login. access to personal or non-GSK Assets (e.g.
personal email account). In many cases this
information is stored on a server and could
be compromised.
Do Log out or Lock (CTRL-ALT-DELETE then
Enter) your PC when you leave it unattended
to prevent account misuse.
Do change your passwords regularly (e.g. 30
days for privileged accounts / 180 days for
non-privileged accounts).
INTERNET, EMAIL, INSTANT MESSAGING AND OTHER SOCIAL MEDIA TOOLS
ACCEPTABLE UNACCEPTABLE
INTRANET/INTERNET ACCESS
Do use caution to ensure each web page Do Not abuse GSK Internet access.
51
Zahid Nazir
Roll No. 523655
Do host all internet forums, blogs or wikis Do Not identify yourself as a “GSK person”
using GSK IT Approved Software that when posting to external Blogs, Wikis, news
provides for monitoring of the content and groups, message boards, etc. from the GSK
participation. network unless specifically authorised.
Do be respectful to the company, Do Not post or transmit any Personally
employees, customers, partners, and Identifiable Information (PII), GSK
competitors participating in blogs, wikis or confidential or proprietary information via
internet forums. internet forums, wikis or blogs.
Do state that the opinions expressed on non-
company sponsored blogs, wikis or internet
forums are solely yours and are not
necessarily the opinions of GSK.
Do retain all electronic records created via an Do Not use external Instant Messaging (IM)
52
Zahid Nazir
Roll No. 523655
internet forum, wiki or blog in compliance to send file transfers, voice or streaming
with the GSK Records Retention Policy. video.
Do use caution when opening hyperlinks Do Not send any information that associates
received via Instant Messages (IM). you or colleagues with GSK when registering
with external Instant Messaging (IM)
directories.
Do restrict external contact lists to legitimate Do Not save Instant Messaging (IM) chats.
business contacts.
Do comply with copyrights for all
communications with external services such
as chat-rooms, newsgroups and bulletin
boards and carry a disclaimer, unless
specifically authorized by GSK.
Do contact GSK Corporate Communications
immediately if you become aware of
misinformation about GSK or its products
circulating on external services such as the
Internet.
PROTECTING GSK DATA & INFORMATION
ACCEPTABLE UNACCEPTABLE
INFORMATION
Do use approved encryption technology for Do Not store GSK documents on personal
all confidential data in transit and at rest on equipment such as home PC’s, external hard
mobile computing devices. Contact your drives, PDAs or USB devices.
local IT Support staff for assistance if
necessary.
Do whenever possible, store GSK
Do Not forward GSK confidential data
information, on an Itmanaged file server or outside of the company, including personal
shared drive. email accounts and file upload (e.g., peer-
topeer) sites.
Do retain backup copies of your information Do Not store sensitive information in a public
when you do not store it on a file server or file share that can be accessed by
shared drive. If backing up confidential or unauthorized people.
sensitive personally identifiable data, it
MUST be encrypted.
PII (PERSONALITY IDENTIFIABLE)
Do limit access to PII only to employees with Do Not store PII on a publicly accessible
a specific business need. medium.
Do protect PII from loss, misuse, Do Not transfer sensitive information across
unauthorized access, disclosure, alteration or borders (e.g. archiving data in US or UK),
destruction. without ensuring that data privacy
53
Zahid Nazir
Roll No. 523655
Do comply with GSK retention periods for Do Not retain data on your PC for longer than
any media, including email and paper record. specified in GSK’s retention period for that
type of data.
Do ensure that information is either Do Not destroy any information that may be
transferred to another GSK employee or subject to litigation or other record holds
destroyed to the Data Erasure Standards apply.
prior to re-deploying or transferring a
computer.
ENCRYPTION
Do encrypt sensitive or confidential data if it Do Not use encryption technology that has
needs to be emailed via the internet or not been approved by GSK IT. Contact your
mailed on CD to GSK suppliers/customers. local IT Support staff for assistance if
necessary.
Do encrypt sensitive or confidential data
backed up to CD or USB’s.
Do encrypt confidential data in transit and at
rest on mobile computing devices.
MANAGING VENDOR & THIRD PARTY RELATIONSHIP
ACCEPTABLE UNACCEPTABLE
Do ensure that all appropriate safeguards, Do Not disclose any details relating to GSK IT
such as confidentiality agreements, are in Resources without authorization of the
place and the third party is aware that the information owner.
information being accessed is confidential.
Do ensure that all computer systems storing Do Not use any system without complying
GSK information, including those managed with the terms and conditions on which
by third parties, comply with GSK access is supplied.
information security policies and guidelines.
Do document clearly GSK information
security expectations in purchasing
contracts, and regularly monitor that the
security controls are enforced.
54
Zahid Nazir
Roll No. 523655
ERGONOMICS
Ergonomics or human factors is concerned about the fit between people and
the things they do, the objects they use, the environments they work, and
travel. GSK is very concerned about the health of their employees. GSK has
developed a website for handling the ergonomics related issues. Objectives to
develop this site are:
55
Zahid Nazir
Roll No. 523655
CONCLUSION
Although information technology has some negative social and ethical impact
but on the other hand it has many more positive impacts. Application of
information technology (IT) can help businesses and governments to:
Enhance productivity
Improve efficiency
Provide better service
Increase competitiveness
Reduce costs
Transform into an e-business/e-government.
56
Zahid Nazir
Roll No. 523655
********************
57