Sei sulla pagina 1di 75

UNIT NAME: ICT AND SOCIETY UNIT CODE: DICT 009

LESSON ONE: INTRODUCTION OF INFORMATION AND

COMMUNICATION TECHNOLOGY (ICT)

How our ancestor used to disperse information to others?

o In the early year of Tanah Melayu, when there was no television or radio. The ‘Beduk’ play an important role.

o The Headman of the village was the one who announced any news,

be it birth, death, time of prayers or even when the village was in danger.

o Different rhythms signified different events. The rhythm of the ‘Beduk’ to announce death was different from the rhythm used to announce prayers.

What is ICT? O ICT is the technology required for information processing, in particular, the use of electronic computers, communication devices and software applications to convert, store, protect, process, transmit and retrieve information from anywhere, anytime.

A.) Information

o Information refers to the knowledge obtained from reading, investigation, study or research.

o The tools to transmit information are the telephone, television and radio.

o We need information to make decisions and to predict the future. For

example, scientists can detect the formation of a tsunami using the

latest technology and warn the public to avoid disasters in the affected areas.

o Information is knowledge and helps us to fulfill our daily tasks. For

example, forecasting the stock exchange market.

B.) Communication

o Is an act of transmitting messages. It is a process whereby

information is exchanged between individuals using symbols, signs or verbal interactions.

o Previously, people communicated through sign or symbols,

performing drama and poetry. With the advent of technology, these ‘older’ forms of communication are less utilized as compared to the use of the internet, e-mail or video conferencing.

C.) Technology

o Is the use of scientific knowledge, experience and resources to

create processes and product that fulfill human needs.

o Aiding Communication - telephone and fax machines are the devices used in extending communication

o Spreading Information – To broadcast information such as news or

weather reports effectively. Radio, television, satellites and the World Wide Web (www) are powerful tools that can be used.

Timeline for the Development of Technology

YEAR

CREATION

3500

BC

Sumerians developed cuneiform writing

1500

BC

The Phoenicians developed the alphabet

105 BC

Tsai Lun of China invented paper

1454

The first printing began with the creation of printing machine.

1793

Telegraph line was invented

1876

The first telephone was introduced

1925

Television was made known to public

1941

Computer was created

1958

Photocopier machine was introduced

1963

Communication satellite was introduced

1969

The first internet known as ARPANET started

LESSON TWO: EVOLUTION OF COMPUTER

Before the era of computer begins, counting machine was invented to help people with business industry. The usage of counting machine, begin as early as 200 B.C. Evolution of computers can be traced at 7 stages:

a) The early years

b) First generation

c)

Second generation

d) Third generation

e) Fourth generation

f) Fifth generation

g) New era generation

A. The early years

Timelines of Counting Machine

Year

Invention

200

BC

Chinese Abacus (First counting machine)

500

BC

Egyptian Abacus

1620

John Napier invented Napier’s Bone (Multiplication table carves on bones)

1653

Blaise Pascal invented Pascaline

1673

Gottfried Wilhelm Von Leibniz invented Leibniz’s Rechner (which use first binary mathemathic calculating machine)

1801

Joseph Marie Jacquard invented weaving loom (using punch card technology)

1823

Charles Babbage invented mechanical calculator machine.

1941

Mark 1 was invented in Harvard University. The first computer which is slow, expensive and unreliable. It uses mechanical switches

B. First Generation (1940 – 1956)

1. Presper Eckert and William Mauchly built the ENIAC (Electronic Numerical

Integrator and Computer) in 1946.

3.

In 1951, Eckert and Machly build UNIVAC (Universal automatic computer)

which can calculate at the rate of 10 thousand additions per second.

4. New technology was needed in the invention of technology. These

technologies are

a) Vacuum tube – an electronic tube about the size of light bulbs. It was used

as the internal computer components. Thousands of them were used.

b) Punched card – used to store data

c) Magnetic tape – introduced in 1957. It is used to store data. Was a faster

and more compact method of storing data.

5. Problems:

a) The vacuum tubes generated great deal of heat causing many problems in

temperature regulation and climate control.

b) The tubes burnt out frequently.

c) People operating the computer did not know that the problem was in the

programming machine.

C. Second Generation (1956 – 1963)

1. The second generation computer scientists invented something new due

to lots of problem created by vacuum tubes.

2. The famous computer scientists during the second generation era were:

a) John Bardeen

b) Walter Houser Brattain

c) William Shockley

3. The creation of transistor sparks the production of second generation computers. Transistor is a small devices use to transfer electronic signal across a resistor.

4. The advantages of transistor:

a) Smaller than vacuum tubes

b) Need no warm up time

c) Consumed less energy

d) Generated much less heat

e) Faster

f) More reliable

D. Third Generation (1964 - 1971)

1. IBM 370 series were introduced in 1964. It came in several models and

sizes. It is used for business and scientific programs.

2.

Other computer models introduced were CDC 7600, BZ 500.

3. New hardware technology:

a) Silicone chip were manufactured in 1961 at the silicone valley.

5 Form 4 Lesson Notes Part 1 ICT & Society

b) Integrated circuit technology, which had reduced the size and cost of computers. It is a complete electronic circuit or a small chip of silicone which is also known as semiconductor.

c) The magnetic core memory was replaced by microchip. (The first 253 bit

Ram, basis for the development of the 1K bit Ram).

4. Advantages:

a) Silicone chips were reliable, compact and cheaper.

b) Sold hardware and software separately which created the software

industry.

c)

Customer service industry flourished (reservation and credit checks)

5.

Software technology:

a)

More sophisticated

b)

Several programs run at the same time

c)

Sharing computer resources

d)

Support interactive processing

E. Fourth Generation (1971 – Present)

1. It took only 55 years for the 4th generations to evolve.

2. The growth of the computer industry developed technologies of computer

inventions.

3.

There are many types of computer models such as

a)

Apple Macintosh

b)

IBM

c)

DELL

d)

ACER

4.

In 1971, Intel created first microprocessor

5.

In 1976, Steve Jobs built the first Apple computer

6.

In 1981, IBM introduced its first personal computer

7.

Among the famous inventors in fourth generations were:

a)

Bill Gates who invented Microsoft

b)

Michael Dell who invented Dell Computer

8.

Hardware technology invented in fourth generation were

a)

Silicone chip

b)

Microprocessor

a specialized chip developed for computer memory and logic

It is a large-scale integrated circuit which contained thousands of transistors.

The transistors on this one chip are capable of performing all of the functions of a computer’s central processing unit.

c)

Storage devices

9.

Advantages:

a)

100 times smaller than ENIAC (the first computer)

b)

Faster

c)

Reliable

d)

Greater storage capacity

e)

Personal and software industry boomed

F.

Fifth generation (present and beyond)

1.

New hardware technology:

a)

Silicone chips

b)

Processor

c)

Robotics

d)

Virtual reality

e)

Intelligent system

f)

Programs which translate languages

G.

New Era Computer

1.

Super Computers

- Fastest, most powerful, most expensive.

- Used in applications such as sending astronauts into space, testing safety and aerodynamic features on cars and aircraft, controlling missile guidance systems, and weather forecasting which required extreme accuracy and immense speed to perform the complex calculation.

2.

Mainframe computers

- Large, expensive, powerful computer that can handle hundreds or thousands of connected user simultaneously.

- Used in large organization to handle high volume processing of business transactions and routine paperwork.

3.

Mini computer

- Medium sized computer

- Usually used as servers, with several PCs or other devices networked to access the midrange computer’s resources.

4.

Personal computers

- Small computer system, designed to be used by one person at a time.

- Widely used in small and large businesses. Examples: tracking

merchandise, billing customer, manage company accounts.

5. Mobile computers – personal computer that you can carry from place to

place

LESSON THREE: USAGE OF ICT IN DAILY LIFE

Computer plays major roles in our daily lives. We need computers to assists us in completing various tasks and jobs. Among the sector where ICT is used widely are:

- education

- banking

- industry

- business

A.) Education

1. Today, most schools and higher education institution have computer in the

classroom for teachers and students.

2.

Computer is used in the sector of education because they can offer

a)

Enhanced learning

b)

Cognitive development

c)

Interactive experiences

3.

User who benefits are

a)

Teacher – Teacher uses computers to research for teaching materials,

participate in online forums and online conferences as well as to aid their teaching.

b) Students – Students use the computers as a reference tool. They use

computers to browse the internet to look for information

c) Researchers – Researchers use computers to collect and process data.

d) School administrators – They use computers for administrative purposes

to make sure that the entire operation runs smoothly.

B.) Banking

1. The computer is the nerve centre of the banking system around the world. It functions to control the entire banking system that also includes ‘Electronic Banking Services’.

2. Electronic Banking Services provide 24 hour services. The services include

a) ATM (Automatic Teller Machine)

b) Cash deposit

c) Electronic fund transfer

d) Direct deposit

e) Pay by phone system

f) Personal computer banking

g) Internet banking

a) Customers – Customers can make any transactions at the 24 hour service

centre or via online. These services allowed them to do transaction at anytime they want.

b) Business men – Businessmen can save their time by using the online services offered by banks. They can access company accounts for loan applications, business transactions and update on their cash flow at anytime

c.) Bank administrators – Bank administrators can oversee the entire banking activities such as reconciliations, inter-branch transaction (IBT), telegraphic transfer and others by referring to the banking system

C.) Industry

1. Computers are used to

a)

facilitate production planning and control systems,

b)

to support chain management

c)

to help in product design in the industrial sector

2.

User who benefits are

a)Workers – Workers use computers to analyze and collect research data for future reference.

b) Researchers – Researchers use computers to analyze and collect research

data for future reference.

c.)Administrators – Administrators use computers to oversee the entire operations in the plant or factory to detect specific errors or defects that occurred in the process.

D.) E-commerce

a. E-commerce helps in boosting the economy. It makes buying and selling activities easier, more efficient and faster. For this application, computers, internet and shared software are needed.

2. User who benefits are

a) Customers – Customers use computers to be connected online with

suppliers to purchase products. This method can save time and cost as they do not have to go any outlet.

b) Suppliers – Suppliers use computers to keep track of their transactions. All products are bar coded and can be read by the computer scanner to help in determining prices and managing inventory.

c) Employee s – Employees use computers and telephones to communicate with their customers for any enquiries. The system helps employees to get the latest updates on inventory to be informed to the customers.

E.) Other sector that benefits from the usage of ICT Benefit

- Architecture

Use computer graphic to experience with possible interiors to give client a visual image.

- Arts

Modern artists use computers to express their creativity

- Career

Job opportunities that are related to ICT such as computer engineers, graphic designer, software engineers and programmer offer more technical skill and knowledge

- Government

To forecast weather, process immigrant

- Healthcare

Computers are use to promote telemedicine. Researchers found it useful in information sharing. Doctors and medical practical are able to apply modern treatment such as laser treatment.

- Home

Computers are use for record keeping, writing letters, preparing budget and communicating with others

- Law enforcement

In maintaining national fingerprints floes, modeling DNA and others information

- Transportation

In rapid transit system and tracking railway system

- Travel

Computers are use to do room reservation. It helps tourists to plan their holiday well

LESSON FOUR: COMPUTERIZED AND NON-COMPUTERIZED SYSTEM

Evolution of man and machine

o The evolution of man and machine happened hundreds of years ago but

the evolution of the computerized system happened only less than a century ago.

o Many tasks can now be accomplished easily via the computerized system.

Computer System

o A system is an arrangement of elements that when it is put together it

becomes an organized and established procedure. (In Latin-Greek, the term “system” means to combine, to set up, to place together)

o

A

system typically consists of components connected together in order to

facilitate the flow of information, matter or energy.

o A computer system consists of a set of hardware and software which processes data in a meaningful way.

A.) Education

1. Education is the science of teaching and learning of specific skills.

2. It also imparts knowledge, good judgment and wisdom.

B.) Banking System

Banking before ICT

Banking after ICT

Banking was done manually by taking deposits directly

All transactions are done by computers

Transactions can only be made during working hour

Transaction can be done at anytime and place

Takes time to approve any loan

Online services, phone banking system, credit cards are now available

applications

C.) Industry

Industry before ICT

Industry after ICT

Industry was slow because everything was done manually and totally depended on human labor.

Computers and telecommunications industry became very popular and profitable since production can be increased through an all day operator.

D.) Commerce

1. Commerce is an activity of exchanging and buying and selling of commodities in large scale involving transportation from place to place.

Commerce before ICT

Commerce after ICT

Trading was made using the barter system and it was then later developed into currency.

E-commerce plays an important role in the economic scene. It includes distribution, buying, selling and servicing products that are done electronically.

Advertisement was in the form of word of mouth, billboards and printed flyers.

 

Trading globally was extremely slow, late and expensive. Traders had to find ways to market global products in the global market

 

LESSON FIVE: IMPACT OF ICT ON THE SOCIETY

ICT development has changed every aspect of the human society. It has affected our life in many ways.

A.) Faster communication speed

1.

In the past, it took a long time for any news or messages to be sent. Now with the internet, news or messages are sent via e-mail to friends, business partners or to anyone efficiently.

2.

With the capability of bandwidth, broadband and connection speed on the internet, any information can travel fast and at an instant. It saves time and is inexpensive.

 

B.) Lower communication cost

1.

Using the Internet is cost-effective than the other mode of communication

such as telephone, mailing or Korea Service. It allows people to have access to large amounts of data at a very low cost.

2.

With the internet we do not have to pay for any basic services provided by

the Internet. Furthermore, the cost of connection to the internet is relatively

 

cheap.

 

C.) Reliable mode of communication

1.

Computers are reliable. With the Internet we can access and retrieved

information from anywhere and at anytime. This makes it a reliable mode of communication.

2.

However, the input to the computer is contributed by the human. If the

data pass through the computer is faulty, the result will be faulty as well. This is related to the form GIGO. GIGO is a short form for Garbage In Garbage Out. It refers to the quality of output produced according to the input. Normally bad input produces bad output.

D.) Effective sharing of information

1.

With the advancement of ICT, information can be shared by people all

around the world. People can share and exchange opinions, news and information through discussion groups, mailing lists and forums on the Internet. This enables knowledge sharing which will contribute to the development of a knowledge-based society.

2.

Some examples of popular discussion groups on the Internet are:

a) Google Groups (www.googlegroups.com)

b) Yahoo! Groups (www.yahoogroups.com)

c.) Classic discussion group

E.) Paperless environment

1. ICT technology has created the term paperless environment. This term means information can be stored and retrieved through the digital medium instead of paper. Online communication via email, online chat and instant messages also helps in creating the paperless environment.

F.) Borderless communication

1. Through the internet, information and communication can be borderless.

2. Internet offers fast information retrieval, interactivity, accessibility and

versatility. It has become a borderless source for services and information.

G.) Social problems

1. There are some negative effects of ICT. It has created social problems in

the society.

2. Nowadays, people tend to choose online communication rather than

having real time conversations.

3. People tend to become more individualistic and introvert theft, hacking,

pornography and online gambling. This will result in moral decadent and generate threat to the society.

H.) Health problems

1. A computer may harm user if they use it for long hours frequently.

2. Computers users are also exposed to bad posture, eyestrain, physical and

mental stress.

3. In order to solve the health problems, an ergonomic chair can reduced

back strain and a screen filter is to minimize eyestrain. Summary

1.

The advantages of ICT in the society:

a.

faster speed of communication

b.

lower communication cost

c.

reliable mode of communication d. effective sharing of information

e.

paperless environment

f. borderless communication

g.

urging for research and development of new products

h.

good competition among the producers

2.

The disadvantages of ICT in the society:

a.

social problems

b.

health problems

c.

changing peoples attitude and demand

LESSON SIX: COMPUTER ETHICS

A.) Ethics in general

1. We often see pirated CDs, software and VCD being sold at the night

market. Buying pirated software is an example of unethical activity in computer ethic.

2. A guideline is needed to stop the current technology products from being

exploited, for example by replicating originals CDs and selling them as

pirated software. This unethical behavior can be controlled by the code of conducts.

3. Under the Malaysia Copyright act 1987, any individual charge with piracy

will be fine up to 10,000 for each copy or up to 5 years imprisonment or both.

4. Computer ethics is a system of moral standards or values used as a

guideline for computer users. COMPUTER ETHICS

Ethics in general, is amoral philosophy where a person makes specific moral choice and sticks to it.

In computing, ethics are the moral guidelines to referred to when using the computer and computer networks.

Computer ethics is a system of moral standards or values used as computer guidelines for computer users.

DIFFERENCES BETWEEN ETHICS AND LAW

Ethics

Guidelines - as a guidelines to computer users

Moral standards - ethical behavior is judge by moral standards

Free to follow - computer users are free to follow or ignore the code ethics.

No punishments - no

Law

Control - as a rule to control computer users.

Judicial Standards - law is judge by judicial standards.

Must follow - computers user must follow the regulations and law.

Penalties, imprisonments and other punishments - penalties, imprisonments and other punishments for those who break the

punishment for anyone who violates ethics.

Universals - Universals can be applied anywhere, all over the world.

Produce ethical computer users - to

produce ethical computer

users.

Immoral - not honoring computer ethics means ignoring the moral elements (immoral)

law.

Depends on country - depends on country and state where the crime is committed

Prevent misusing of computers - to prevent misuse of computers

Crime - not honoring the law means committing a crime.

B.) The ten commandments of computer ethics

1. The United States Institute of Computer Ethics has come out with the Ten

Commandments of Computer Ethics.

2. These principles consider the effective code of conducts for the proper use

of information technology.

3. The ten commandments of computer ethics

i. You shall not use a computer to harm other people.

ii. You shall not interfere with other people’s computer work.

iii. You shall not snoop around in other people’s computer files.

iv. You shall not use a computer to steal.

v. You shall not use a computer to bear false witness.

vi. You shall not copy or use proprietary software for which you have not

paid.

vii. You shall not use other people’s computer resources without authorization or proper compensation.

viii. You shall not appropriate other people’s intellectual output.

ix. You shall think about the social consequences of the program you are

writing or the system you are designing.

x. You shall always use a computer in ways that ensure consideration and

respect for your fellow humans

C.) Guidelines on the e-mail and Internet usage

1. The Department of Public Services of Malaysia has provided guidelines on

the e-mail and Internet usage as reference to the staff.

2.

This guidance covers the usage of e-mail account, mailbox maintenance,

and

e- Mail preparation and delivery, mailing list and the Internet.

3. Some guidelines from the Department of Public Services of Malaysia:

a) Use only individual e-mail address to forward individual opinion.

b) Keep the identity name and password a secret to avoid the misuse of your

e-mail without your knowledge.

c) E-mail must be active to promptly reply the necessary actions needed for

any matters.

d) Ensure the total mail kept in the box is within the computer storage

capacity.

e) Scan files regularly to avoid the transmission of virus from one computer

to another.

f) Do not send e-mails that contain classified information which can be used

to tarnish other people or country.

g) Choose a suitable time to search Internet to save access time and cost.

h) Beware of prohibited sites which could affect one’s moral, organization or

nation.

i) Print only relevant documents that you think can be used in future to save cost.

D.) Unethical computer code of conducts

1.

Have you copied materials from the internet and claims that it is your own and submit them as an assignment? If you have, you are reaching the computer code of conducts. In other word, you are breaking the law of intellectual property by stealing someone else’s idea. Intellectual property refers to any products of human intellect that is unique and has a value in the market place. This covers ideas, inventions, unique names, computer program codes and many more.

2. Examples of unethical computer code of conducts include:

a) Modifying certain information on the internet, affecting the accuracy of

the information

b) Selling information to other parties without the owner’s permission

c) Use information without authorization.

16 Form 4 Lesson Notes Part 1 ICT & Society

d) Involvement in stealing software

e) Invasion of privacy

3.

With the advancement of ICT, it is easy for anyone to retrieve your information from the Internet. You may release that when you fill a form on the Internet, your information may be exposed and stolen.

4. Kevin David Mitnick was a famous hacker. He accessed computers without authorization. He deprived the privacy of many individuals by hacking into network of a few companies. He also managed to get valuable data unethically for his own usage.

E.) Ethical computer code of conducts

1. Have you ever ask for permission to download materials from the internet

such as music, articles, graphic and other material. If you have, you are following the computer code of conducts. There are many web sites with

restriction where the public is allowed to use their material. Users may have to pay royalty to the owner or quote the website in their assignment or project, in order to be able to use this material.

2. Examples of ethical computer code of conducts include:

a) Sending warning about viruses to other computer users

b) Asking permission before sending any business advertisements to others

c) Using information with authorization

Summary

1. Ethics refers to a standard of moral guideline that is used to determine

proper behavior.

2. There are two codes of conducts that can be referred to which are the Ten

Commandments of Computer Ethics by the United States Institute of Computer Ethics and the e-mails and Internet guidelines by the Department of Public Services of Malaysia.

3. Unethical computer code of conducts include modifying the accuracy of

the information, selling information to other parties without the owner’s permission, using information without authorization, involvement in stealing software and invasion privacy.

4. Ethical computer code of conducts include sending warning about viruses

to other computer users, asking permission before sending any business

advertisements to others and using information with authorization

LESSON SEVEN: THE DIFFERENCES BETWEEN ETHICS AND L AW S

A.) Definition of Ethics

1.

In general, ethics is a moral philosophy where a person makes a specific

moral choice and sticks to it.

2.

On the other hand, ethics in computing means moral guidelines to refer to when using the computer and computer networks. This includes the Internet.

B.) Definition of Law

1.

Law is a legal system comprising of rules and principles that govern the

affairs of a community and controlled by a political authority.

2.

Law differs from one country to another. In the era of technology, computer law is needed to clarify goods or actions that fall under the computer law. Computer law refers to all areas in law that requires an understanding of computer technology such as hardware, software and Internet.

3.

Examples of laws of computing in Malaysia include the Malaysian Communication and Multimedia Act, the computer Crime Act 1997 and the Telemedicine Act 1997.

C.) Why do we need ethics and law in computing?

1. Respecting Ownership

We must respect ownership by not stealing other people’s work either by duplicating or distributing it. Duplicating and distributing copies of audio tapes, video tapes and computer programs without permission and authorization from the individual or company that created the program are immoral and illegal.

2. Respecting privacy and confidentiality

We should respect other people’s privacy and confidentiality by refraining ourselves from reading their mails or files without their permission. If we do so, it is considered as violating an individual’s right to privacy and confidentiality

3. Respecting property

Property here means ownership. Since an individual data and information are considered as property, therefore, an act of tampering and changing electronic information is considered as vandalism and disrespect for other people’s property.

D.) Similarities between Ethics and Law

1. Both ethics and law are complimentary to each other and are made

a. to guide user from misusing computers

b. to create a healthy computer society, so that computers are used to

contribute to a better life. c to prevent any crime.

E.) Differences between ethics and laws

Ethics

 

Law

1.

Guideline

1.

Control

As a guideline to computer users

As a rule to control computer users.

2.

Moral standard

2.

Judicial standard

Ethical behavior is judged by moral standard.

Law is judged by judicial standards

3.

Free to follow

3.

Must follow

Computer users are free to follow or ignore the code of ethics

Computer users must follow the regulations and law

4.

No punishments

4.

Penalties, imprisonments and

No punishments for anyone who violates ethics

other punishments. Penalties, imprisonments and other punishments for those who break the law.

5.

Universal

5.

Depends on country

Universal, can be applied anywhere, all over the world

Depends on country and state where the crime is committed.

6.

Produce ethical computer user

6.

Prevent misusing of computers

To produce ethical computer users

To prevent misuse of computers

7.

Immoral

7.

Crime

Not honoring computer ethics means ignoring the moral elements (immoral).

Not honoring the law means committing a crime

F.) Unethical vs. law breaking conducts

Unethical

Law breaking

1.

Using the office computer to do

1.

Sending a computer virus via e-

personal thing

mail

2.

Reading your friend’s e-mail

2.

Hacking into your school

without his or her permission.

database to change your examination results

3.

Plagiarizing and using materials

3.

Selling pirated software in a night

from the Internet for your class assignments without giving credits to the original author.

market.

Summary

1. Ethics in computing means moral guidelines to refer to when using the

computer, computer networks and the Internet.

2. Computer law is a concept from existing law, which is applied to the

relatively new technologies of computer hardware and software, e-mail and Internet.

3. Ethical behavior is judged by moral standards while law is judged by

judicial standards.

LESSON EIGHT: INTELLECTUAL PROPERTY RIGHTS

It is important to have your creation patented to protect your rights. Reproducing other people’s inventions without their permission or piracy is illegal. We must respect the rights of others.

A.) Definition of Intellectual Property

1. Intellectual Property (IP) refers to works created by inventors, authors and

artists. Those works are unique and have value in the market value.

2. In our daily lives, we are surrounded by things that are protected by IP.

Your school bags, your shoes and even your socks are protected by Intellectual Property Rights. Nike, Bata or Adidas, for example, are all protected by a group of legal rights.

B.) Intellectual Property Law

1. Intellectual property and intellectual property right can be protected under

the Intellectual Property Law.

2. Intellectual Property Laws cover ideas, inventions, literary creations,

unique names, business models, industrial processes, computer program codes and more.

C.) Inventions Protected By Intellectual Property Laws

1. As businesses continue to expand globally, business owners must realize

the importance of getting professional advice on how to establish and safeguard their intellectual property rights.

2. This includes Trademarks, Service marks, Trade/Company names, Domain

names, Geographical indications, Copyrights, Patents.

3. Example of creation that are covered under the Intellectual Property Law

include architectural, audio visual, sound recording, Literary, musical and sculptural.

D.) Intellectual Property Protection

There are four types of Intellectual Property Protection. They are:

1. Patents for invention

Utility, design or plant patents that protect inventions and improvements to the existing inventions.

is a grant of a property right to the inventor. For example; Centrino is

It

a

processor which introduces efficient power management. The design

of the processor is patented by Intel.

2. Trademarks for brand identity

Words, names, symbols, devices and images that represent products, goods or services

Trademarks for brands, identity of goods and services allowed the distinction to be made between different traders. For example: Intel and AMD.

3. Designs for product appearance

The features of, in particular, the lines, contours, colors, shape, texture or material of the product itself or its ornaments.

The design for product appearance covered the whole or a part of a product resulting from the feature such as the lines, contours, colors, shape, texture or material. For example: Apple IMAC.

4. Copyright for material

Literary and artistic material, music, films, sound recordings and broadcast, including software and multimedia.

Copyrights protect the expression of idea in literary, artistic and musical works. For example, you can copyright the web content you have just designed.

Copyrights give the holder some exclusive rights to control the reproduction of works of authorship, such as books and music for a certain period of time.

Summary

1. Intellectual Property (IP) refers to work created by investors, authors and

artists.

2. Intellectual Property Rights are rights to which creators are entitled to for

their inventions, writings and works of art.

3. Intellectual Property Laws cover ideas, inventions, literary creations,

unique names, business models, industrial processes and computer program

codes from being manipulated by people other than the owner.

4.

Why do we need intellectual property law?

o

To appreciate other hard works and energy

o

To safeguard one property

o

To protect human relationship

LESSON NINE: PRIVACY IN COMPUTER USAGE

We should respect other people’s privacy by not invading their personal lives. People treasure privacy as there are some things that they do not wish to disclose to others. The same goes for privacy in ICT.

A.) What is privacy?

1. Privacy in IT refers to data and information privacy.

2. Data refers to a collection of raw unprocessed facts, figures and symbols.

Then, computer is used to process data into information. In general, data include texts, numbers, sounds, images and video.

3. Information privacy is described as the rights of individuals and companies

to deny or restrict the collection and use of information about them.

B.) Ways computer technology threaten our privacy

1. How does computer technology threaten the privacy of our data? It is

done through:

a. Cookies

o are used to identify users by web casting, e-commerce and other web

applications.

o

contain user information and are saved in the computer hard disk.

o

are used by some websites to store passwords and track how regularly we

visit a website, that’s how we become potential targets for web advertisers.

o enable web sites to collect information about your online activities and

store them for future use, then the collected details will be sold to any company that requests for it.

b.

Electronic profile

o

electronic profile is the combining of data in a database that can be sold to

the Internet by the company to the interested parties.

o this database is in a form such as magazine subscription or product

warranty cards that had been filled by online subscribers.

o the information in electronic profile includes personal details such as your age, address and marital status.

c.

Spyware

o

refers to a program that collects user information without user’s

knowledge.

o

can enter computers, sneaking in like a virus.

o

is a result of installing new programs.

o

Communicates information it collects to some outside source while we are

online.

2. Computer technology threatens our privacy through electronic profiling.

For example, when we fill out a form such as a magazine subscription, purchasing products or contest entry form on the Internet, this data is kept in the database. It will include age, address, marital status and other personal details.

3. Every time you click on an advertisement or register a software product

online, your information is entered into a database.

4. Computer technology can also threaten privacy through spam. Spam is

unsolicited e-mail messages, advertisements or newsgroup postings sent to

many recipients at once.

C.) Why do we need privacy?

1. We need privacy for anonymity.

2. For example, the internet creates an elaborate trail of data detailing a

person surfing on the web because all information is stored inside cookies.

We do not want our trail to be detected.

3.

We also need privacy for confidentiality. For example, online information

generated in the course of a business transaction is routinely used for a variety of other purposes without the individual’s knowledge or consent.

4. We do not want our private lives and habits exposed to third parties.

D.) Can privacy be protected?

Privacy can be protected by:

1. Privacy law

The privacy laws in KENYA emphasizes on the following:

a.

Security services to review the security policy

b.

Security Management to protect the resources

c.

Security Mechanism to implement the required security services

d.

Security objects, the important entities within the system environment.

2.

Utilities software

Example: anti-spam program, firewall, anti-spyware and anti-virus Summary

1. Privacy in IT refers to data and information privacy and the right of individuals and companies to restrict the collection and use of information to others.

2.

There are three ways computes technology can threaten our privacy:

a.

Cookies

b.

electronic profile

c.

spyware

3.

Privacy can be protected by privacy law and utilities software

Identification:

-present what the user has (e.g. smart card)

Verification: Not Verify the validity of the ID Valid (F) VALID (T) Identification: Access -present
Verification:
Not
Verify the
validity of the
ID
Valid
(F)
VALID
(T)
Identification:
Access
-present what the user is (e.g.
biometrics)
Denied
Authenticatio
n:
FALSE
Authenticate
who the user is
TRU
E
the user is (e.g. biometrics) Denied Authenticatio n: FALSE Authenticate who the user is TRU E

Access Granted

LESSON TEN: AUTHENTICATIONS

A.) What is authentication?

1. Authentication is a process where users verify that they are who they say

they are. The user who attempts to perform functions in a system is in fact the user who is authorized to do so.

2. For example, when you use an ATM card, the machine will verify the

validation of the card. Then, the machine will request for a pin number. This is where the authentication takes place.

B.) Methods of Authentication

3. There are two commonly used authentication methods, which are

biometric device and callback system.

4. Biometric device is a device that translates personal characteristics into a

digital code that is compared with a digital code stored in the database.

5. Callback system refers to the checking system that authenticates the

user.

C.) Biometric devices

The examples of biometric devices are

a.) Fingerprint recognition

o A dedicated fingerprint reader is attached to a computer and takes the

image data from the scanner and sends it to the database. The user is usually required to leave his finger on the reader for less than 5 seconds

during which time the identification or verification takes place. The data received is compared to the information stored within the database.

o In order to prevent fake fingers from being used, many biometrics

fingerprint systems also measure blood flow, or check for correctly arrayed ridges at the edges of the fingers.

o This authentication method is accurate and cost effective.

b.) Facial Recognition

o Facial recognition analyses the recorded information of distance between

eyes, nose, mouth and jaw edges of an individual's face images captured through a digital video camera.

o Facial recognition is widely used, touted as a fantastic system for

recognizing potential threats (whether terrorists, scam artists, or known criminals).

o But so far, it has been unproven in high level usage. It is currently used in

the verification only system with a good deal of success.

o The accuracy is fair and the cost involve for this method is reasonable.

c.) Hand Geometry Scanning

o Hand scanning involves the measurement and analysis of the shape of

one's hand.

o It is a fairly straight forward procedure and it is surprisingly accurate.

o Although it requires special hardware to use, it can be easily integrated into other devices or system.

o Unlike fingerprints, the human hand is not unique. Individual hand features are not descriptive enough for identification.

o It is possible to revise a method by combining various individual features and measurements of fingers and hands for verification purposes.

d.) Iris Scanning

o Iris scanning analyses the features that exist in the coloured tissues

surrounding the pupil which has more than 200 points that can be used for comparison, including rings, furrows and freckles.

o The scans use a regular video camera and can be done from further away

than a retina scan.

o It will work perfectly fine through glasses and in fact has the ability to

create an accurate enough measurement that it can be used for

identification purposes.

o The accuracy of this method is excellent while the cost involved is high.

e.) Retina Scanning

o Retina biometrics involves the scanning of retina and analyzing the layer of blood vessels at the back of the eye.

o Retina scanning involves using a low intensity light source and an optical

coupler and can read the patterns at a great level of accuracy.

o Retina scanning requires the user to remove glasses, place their eye close

to the device and focus on a certain point.

o Whether the accuracy can overweight the public discomfort is yet to be

seen.

o The accuracy in retina scanning is very good and the cost involves is fair.

f.) Voice Recognition

o Voice recognition system compares a person's live speech with their stored

voice pattern.

o Voice recognition biometrics requires users to speak into a microphone.

What he speaks can be his password or an access phrase.

o Verification time is approximately 5 seconds. To prevent recorded voice

use, most voice recognition devices require the high and low frequencies of the sound to match, which is difficult for many recording instruments to recreate well. Also, some devices generate random number of sequences for verification.

o The accuracy in voice recognition is fair and the cost involved is very reasonable.

g.) Signature Verification System

o Signature Verification System recognizes the shape of your handwritten

signature, as well as measuring the pressure exerted and the motion used to write the signature.

o

Signature Verification System uses special pen and tablet.

o

After pre-processing the signature, several features are extracted.

o

The authenticity of a writer is determine by comparing an input signature

to a stored reference set (template) consisting of three signatures.

o The similarity between an input signature and the reference set is

computed using string matching and the similarity value is compared to a threshold.

o The accuracy in Signature Verification System is fair and the cost involved is excellent.

D.) Callback System

o The callback system is commonly used in the bank operation and business

transaction.

o For example, when you book for the taxi services, the operator will ask you

to hang up and she will call you back to confirm for the service required.

E.) Why is authentication important?

Authentication is important in order to safeguard against the unauthorized access and use.

Summary

1. Authentication is a process where users verify that they are who they say

they are.

2. There are 2 commonly used authentication methods, which are biometric

device and callback system.

3.

Biometric device is a device that translates personal characteristics into a

digital code that is compared with a digital code stored in the database.

4. Callback system refers to the checking system that authenticates the user

5. Authentication is important in order to safeguard against the unauthorized

access and use.

LESSON ELEVEN: VERIFICATION

A.)What is verification?

Verification is the act of proving or disproving the correctness of a system with respect to a certain formal specification

B.) Methods of verification

1. There are two methods, commonly used in verification, which are user

identification and processed object.

2. User identification refers to the process of validating the user.

3. Processed object refers to something the user has such as identification

card, security token and cell phone.

C.) User identification

The examples of validating process using the user identification are:

1. Key in the user name to log-in to a system and the system will verify

whether the user is valid or invalid user.

2. Show exam slip to verify that you are the valid candidate for the exam.

3. Show a passport before departure.

D.) Processed object

The examples of validating process using the processed object are:

1. The policeman will check on the driver’s license to identify the valid driver.

2. Employees have to swipe their security card to enter the building

3. Buy blouses at the mall using a credit card

Summary

1. Verification is the act of proving or disproving the correctness of a system

with respect to a certain formal specifications.

2. Two methods commonly used in verification are user identification and

processed object.

3. User identification refers to the process of validating the user. Processed

objects refer to something the user has such as identification card, security

token, key, badge and cell phone.

LESSON TWELVE: CONTROVERSIAL CONTENT

A.) Controversial content

A controversial content is information that causes disagreement in opinions

and may cause the disruption of peace because different people or culture will have different views about the contents

B.) Issues on controversial contents

o The issues on controversial contents are always focusing on pornography and slander. Malaysia considers pornography and slander as illegal.

o Pornographic and slanderous activities can be in the forms of plots and

actions displayed on video games, controversial rhythm or lyrics of music, controversial contents of books and controversial issues on religion and philosophy.

C.) Pornography

o Cute pictures of innocent babies can’t be considered as pornography by normal standards. However these pictures may attract pedophiles. Pedophiles are people who are sexually arouse by young children. They

exploit children for sexual pleasure. Sexual acts against children are a crime everywhere and must be curbed. These pictures are pornography to pedophiles.

o The definition of pornography is any form of media or material (like books

or photographs) that depicts erotic behaviour and is intended to cause sexual excitement.

o Pornography tends to exploit men, women and children in a distasteful

manner

D.) Slander

o Slander is a legal term for false and malicious statement (meaning knowing

that it is false or “reckless disregard” that it was false) about someone. Examples:

You wrote an e-mail that a fellow classmate was having an affair with a teacher, even though it was not true. You then sent it to five other friends.

Ahmad is a Muslim. One day, he received a “spam” e-mail stating that his favourite soda drink “Soda Moda” uses non-halal food colouring, but he does not know if the source of the content is credible or true. He decides to forward the e-mail to 50 of his friends.

Chin Wei spreads a rumour that a Government Minister is receiving bribes from an enemy government.

IMPACTS ON KENYAN SOCIETY

What can you conclude about the impact of controversial content on the Kenyan society?

Pornography

can lead to criminal acts such as exploitation of women and children

can lead to sexual addiction or perversion

can develop low moral value towards other men, women or children

can erode good religious, cultural and social beliefs and behaviour

Slander

can develop into a society that disregards honesty and truth

can develop bad habit of spreading untruths and rumours

can lead to unnecessary argument

can cause people to have negative attitudes towards another person

LESSON 13: THE PROCESS OF INTERNET FILTERING

INTERNET FILTERING

It is our responsibility to ensure that the teenagers are protected from these

corruptions of the mind by filtering access to the Internet. Internet filtering is

a

process that prevents or blocks access to certain materials on the Internet.

It

is our responsibility to ensure that the teenagers are protected from these

corruptions of the mind by filtering access to the Internet.

What is Internet filtering?

Internet filtering is a process that prevents or blocks access to certain materials on the Internet. Filtering is most commonly used to prevent children from accessing inappropriate material and to keep employees productive on the Internet.

CONTROLLING ACCESS TO THE INTERNET

Controlling access to the internet by means of filtering software has become a growing industry in Kenya and elsewhere. Its use has increase as the mandatory response to the current plague of society, namely internet pornography, politically incorrect site, hatred, violence, hate and in general anything viewed to be unpleasant or threatening.

The current preferred method of choice to limit access on the Internet is to filter content either by:

keyword blocking

site blocking

web rating systems

These methods require software to be installed at a client of server level.

KEYWORD BLOCKING

One of the strategies is by using the keyword blocking method. This method uses a list of banned words or objectionable terms.

As the page is downloading, the filter searches for any of these words. If the word is found, it will block the page completely, stop downloading the page, block the banned words and even shut down the browser.

SITE BLOCKING

software company maintains a list of ‘dubious Internet sites’

the software prevents access to any sites on this list

‘denial lists’ regularly updated

some software provides control over what categories of information you block

Who decides what goes on the ‘denial list’ and what criteria are they using?

Can you keep track of the whole of the Internet?

filters can use both site blocking and word blocking

WEB RATING SYSTEMS

Web sites are rated in terms of nudity, sex, violence and language. The Recreational Software Advisory Council (RSACI) is responsible for the rating of the websites on the content on the internet.

Ratings done either by the web page author or by the independent bureau.

Browsers set to only accept pages with certain levels of ratings.

LESSON F OURTEEN : CYBER L AW

The rapid development and implementation of the information and communication technology ICT can result in the abuse of the World Wide Web, a service which is provided by the internet. Information and database in the Internet needs to be protected and secured against abuses. The security and privacy of the data on the Internet is provided by Cyber Law.

A.) What is Cyber Law?

o Cyber Law refers to any laws relating to protecting the Internet and other laws relating to protecting the Internet and other online communication

technologies.

B.) Needs for Cyber Law

o In the recent years, many concerns and issues were raised on the integrity

and security of information, legal status of online transactions, privacy and confidentiality of information, intellectual property rights and security of government data placed on the Internet.

Integrity and Security

of Information

Legal Status of Online

Transactions

Security of

Government Data

Intellectual Property

Rights

Security of Government Data Intellectual Property Rights CYBER LAW Privacy and Confidentially of Information o These

CYBER LAW

Privacy and

Confidentially

of Information

o These concerns and issues clearly indicate why Cyber Laws are needed in

online activities.

The Kenyan government has proposed cyber laws to control the internet abuse. The proposal looks at matters of ICT abuse in the following angle:

By resolution 2009/22, the Economic and Social Council (ECOSOC), concerned about the serious threats posed by economic fraud and identity- related crime and by other illicit activities that those forms of crime support and concerned also about the use of new ICT technologies to perpetrate such crimes, reiterated the need to have effective domestic powers to detect and investigate, prosecute and punish as well as mechanisms for international cooperation to prevent and combat these forms of crime. In 2007, ECOSOC requested the United Nations Office on Drugs and Crime (UNODC) to provide legal expertise or other forms of technical assistance to Member States reviewing or updating their laws dealing with transnational fraud and identity related crime. Pursuant to that request, UNODC, in consultation with the United Nations Commission on International Trade Law, established a Core Group of Experts (CGE) on identity-related crime, bringing together on regular basis representatives from Governments, private sector, international and regional organizations and academia to pool experience, develop strategies, facilitate further research and agree on practical action against identity-related crime. The CGE’s work is aimed at assisting the UNODC to comply with ECOSOC’s request to collect, develop and disseminate:

a. material and guidelines on the typology of identity-related crime and on

relevant criminalization issues to assist Member States in establishing new

identity-based criminal offences and the modernization of existing offences;

b. Technical assistance material for training, such as manuals, compilations

of useful practices or guidelines or scientific, forensic or other reference

material for law enforcement officials and prosecution authorities in order to enhance their expertise and capacity.

c. A set of useful practices and guidelines to assist Member States in

establishing the impact of such crimes on victims;

d. A set of material and best practices on public-private partnerships to

prevent economic fraud and identity-related crime.

The Core Group of Experts has held five meetings; the first meeting was held in Courmayeur, Italy, on 29 and 30 November 2007; and the other five meetings were held in Vienna, Austria, on 2 and 3 June 2008; 20 to 22 January 2009 and most recently, 6-8 December 2010. The latter meeting included the input of a wider group of new experts co-opted into the group, including yours truly, who presented his assessment of identity-related crime in East Africa in General and East Africa in particular.

East Africa has a union of five countries – Burundi, Kenya, Rwanda, Tanzania and Uganda. The East African Community (EAC) is the regional intergovernmental organisation of the East African Union. The Treaty for Establishment of the East African Community was signed on 30 November

1999 and entered into force on 7 July 2000 following its ratification by the

original three Partner States – Kenya, Uganda and Tanzania. The Republic of Rwanda and the Republic of Burundi acceded to the EAC Treaty on 18 June

2007

and became full Members of the Community with effect from 1 July

2007.

Progressively, the East African Region is moving towards political, social and economic integration: it established a Customs Union in 2005, a Common Market in 2010; a Monetary Union remains an imminent possibility by 2012 and ultimately a Political Federation of the East African States.

The Union has a combined population of more than 125 million people, a land area of 1.82 million sq kilometers and a combined Gross Domestic Product of $73 billion (2009). Kenya, Tanzania and Uganda have the highest populations with each country exceeding 30 million (40 million for Kenya) and Burundi and Rwanda having 9 and 10 million respectively.

The countries of union countries differ significantly in terms of population, cultural, ethnic patterns, and in the availability of natural resources. However, according to the United Nations’ assessment, these countries have in common some of the lowest economic indicators and standards of living and face severe development challenges.

Kenya, Tanzania and Uganda share a similar legal system/tradition. They are all former colonies of Britain and their laws are largely descended from the English Common law. Burundi and Rwanda, on the other hand, are former colonies of Belgium and France and they both have civil law legal systems.

General Observations about the Legal Framework on Identity- related Crime in East Africa

Generally, just like many other regions in the world, East Africa has its share of identity related crimes, ranging from the serious and transnational to the minor and localized offences. Money laundering and human trafficking remains a major concern for both East Africa’s governments and its international partners. New patterns of criminal activities have emerged in the last decade due to the widespread availability and use of the mobile phone and to a limited extent, the internet. This, among other things, have prompted the EA countries to move towards enacting cyberlaws that define computer and identity-related offences, including some related to identity. However, even though the Union has adopted a general agreement of principles on Cyberlaw and individual country commitments to the

enactment of new laws, the pace and flavour of the implementation has hardly been uniform.

International Law

From the records of the United Nations, the following is the status of the EA countries with respect to four major international instruments concerned with cyber crime and identity related crime:

• United Nations Convention against Transnational Organized Crime and the

Protocols thereto – Kenya has signed and acceded; Tanzania & Rwanda have ratified; Burundi and Uganda have signed

• United Nations Convention against Corruption – Burundi has acceded; all

the other EA states have ratified.

• Council of Europe Convention on Cybercrime – South Africa has for a long

time been the only African country to accede to the Convention, though to be fair to other countries, this being by definition a European regional convention, it has served only as a model for many non-European countries

and the failure to accede to it is not necessarily a reflection of a country’s attitude towards combating cybercrime.

• UNCITRAL Model Law on Electronic Commerce –This model law has been

the touchstone of principles and practices for many countries, including East African countries, in the formulation of cyberlaw legislation.

Municipal Law Because of their common English descent, most of the Constitutional, criminal and procedural laws of three of the East African countries – Kenya, Tanzania & Uganda - are similar. On August 27, Kenya promulgated a new Constitution which replaced the old Constitution negotiated by the country’s founding fathers with the former English colonialists in the 1960s. In the three countries, with the new Constitution of Kenya being the recent exception, the right to privacy has not been expressly legislated as a constitutional or statutory right. Rather, it has been expressed as a broad constitutional norm encompassed in the freedom from unlawful entry into one’s premises, the search and seizure of one’s property and effects and freedom from interference with one’s correspondence. As a corollary, there has been no express constitutional right to confidentiality and the protection of personal information. The practice on the right to privacy and confidentiality has been guided by the English Common law as applied through judicial opinions.

However, Kenya’s new Constitution expressly creates the right to privacy

(section 31) - Every person has the right to privacy, which includes the right not to have—

(a)

their person, home or property searched;

(b)

their possessions seized;

(c)

information relating to their family or private affairs unnecessarily

required or revealed; or

Identity-related offences

In the three countries, identity-related offences are captured in the general corpus of criminal law, in what may now be referred to as traditional statutory offences that punish identity-related crime. These include the following and their related offences:

o

Obtaining by false pretences

o

Forgery

o

Fraud

o

Impersonation and falsification of identity

o

Theft

The East African Cyberlaw Framework was an initiative of the East African Community with the support of UNCTAD, to develop a general framework on legislative approaches to cyberlaw. The framework was adopted in June 2010. It seeks to promote regional harmonisation in the legal response to the challenges raised by the increasing use and reliance on ICTs for commercial and administrative activities and outlines agreed features to be transposed into national legislation in order to address the various issues identified in respect of: Electronic transactions, electronic signature and authentication, data protection and privacy, consumer protection and computer crime.

On the subject of Data Protection and Privacy, the framework provides as

follows:

“For the purposes of the Framework, ‘data protection’ is used… to describe those obligations placed upon those entities that process information about living individuals, generally referred to as ‘personal data’. A data protection regime will also grant certain rights upon individual data subjects.

The application of data protection rules may be limited only to private sector entities or public bodies. A sectoral regulatory response may be appropriate to address specific uses and abuses of personal data, whether driven by domestic or foreign concerns, such as the financial services sector.

In terms of the entity responsible for the processing, the following minimum obligations represent international best practice in the area:

• To comply with certain ‘principles of good practice’ in respect of their

processing activities, including accountability, transparency, fair and lawful processing, processing limitation, data accuracy and data security.

• To supply the individual with a copy of any personal data being held and processed and provide an opportunity for incorrect data to be amended.

The cost of regulation will be a critical factor in data protection. The cost associated with a comprehensive or omnibus approach, specifically the

establishment of a dedicated regulatory authority, will generally be excessive for most developing countries, especially if borne by the private sector through licensing or notification fees. However, in terms of addressing privacy concerns vis-à-vis public sector infringements, an authority independent from government will generally be necessary in order to provide the necessary trust and assurance in its activities. The regulatory authority may not have an exclusively data protection remit, which mitigates the costs involved.

Whilst a self-regulatory or co-regulatory approach may be appealing in terms of minimising the public costs of regulation, its success depends on a sufficiently strong and active private sector, willing and able to fund the regulatory activity. It is also unlikely to be appropriate in terms of the public sector use of personal data.

The Task Force recognises the critical importance of data protection and privacy and recommends that further work needs to be carried out on this issue, to ensure that (a) the privacy of citizens is not eroded through the Internet; (b) that legislation providing for access to official information is appropriately taken into account; (c) the institutional implications of such reforms and (d) to take into account fully international best practice in the area.”

Status of implementation of cyberlaws Any person carrying out an inquiry into this subject soon enough becomes aware of the dearth of country information on crime statistics including the

typologies of cybercrimes and their differential distribution, the status of the implementation of international/regional country obligations, the text of laws and bills and even more importantly, victim data. As far as my best efforts could establish:

• Burundi is still at the stage of drafting its cyberlaws in conformity with the Framework;

• In Rwanda, a draft information and communication technology (ICT) bill

was prepared in 2009 covering e-signatures, consumer protection, privacy,

and content regulation. In early 2010, the country prepared a draft criminal law on cybercrime. Rwandan laws on digital copyright and e-contracting were passed in early 2010.

• In Uganda, the legislature passed the Electronic Transactions Act and the

Electronic Signatures Act in October 2010. The fate of the third bill, the Computer Misuse Act, could not be immediately established.

• In Tanzania, the Law Reform Commission to the Ministry of Justice and

Constitutional Affairs has proposed separate bills on Cyber crimes, regulation of electronic transactions and e-communications, privacy and data protection and the amendment of the Evidence statute.

• In Kenya, the Kenya Communications (Amendment) Act 2008 came into

force on January 2, 2010. This Act amended the Kenya Communications Act of 1998 to rename it the Kenya Information and Communications Act, 1998

and to introduce to it provisions on e-transactions, e-signatures, consumer protection, and computer crime.

Key provisions of Kenya Information & Communications Act, 1998 on Privacy/Identity Data Protection Ministerial regulations on privacy of telecommunication The KIC Act empowers the Minister for Information and Communications to make regulations with respect to ‘the privacy of telecommunication’. The contravention of the Minister’s regulation would attract a fine of USD 4,375 or imprisonment for a term of up to 3 years or to both imprisonment and fine. However, no special regulations have been made under this section.

Prohibition against unlawful interception and disclosure of a message The Act also makes it an offence for a telecommunications operator to intercept or disclose a message sent through the operator’s system or to disclose the statement or account of its subscriber. The prescribed punishment for the offence is a fine not exceeding USD 4375 or to imprisonment for a term of up to 3 years or to both imprisonment and fine.

Prohibition against disclosure of personal information through radio communication apparatus Except where the authority of the Minister for Internal Security has been given, the Act forbids any person from using radio communication apparatus with the intention of obtaining information on the contents, the sender or addressee of any message. It also forbids, expect in the course of legal proceedings, the disclosure by any person of any information as to the contents, sender or addressee of any message coming to him or her through

a radio communication. A conviction for contravening any of these provisions

will lead to a fine of up to USD 12,500 or imprisonment for up to 5 years or both fine and imprisonment.

• Theft of information – the legislation introduced an amendment to section

267 of Kenya’s Penal Code which defines things that are capable of being stolen for the purpose of the offence of stealing or theft. The amendment, now in subsection (9) of the Code, states that ‘Information is capable of being stolen’.

• Unauthorised access to computer data

• Access with intent to commit offences

• Unauthorised access to an interception of computer service - Knowingly

securing access to a computer system for the purpose of obtaining any computer service or intercepting any function or any data held in the system.

• Unauthorized modification of computer material - Knowingly doing an act

which causes an unauthorized modification of data held in any computer system.

• Damaging or denying access to a computer system

• Unauthorized disclosure of password - Knowingly disclosing any password,

access code, or any other means of gaining access to any program or data held in any computer system:

for any wrongful gain;

for any unlawful purpose; or

knowing that the disclosure is likely to cause prejudice to any person.

• Electronic fraud - With intent to procure an advantage, fraudulently causing loss of property to another person by an input, alteration deletion or suppression of data; or any interference with the functioning of a computer system.

• Knowingly creating, publishing or availing an electronic signature

certificate for any fraudulent or unlawful purpose.

• Unauthorized access to protected system - Securing or attempting to

secure access to a protected system in contravention of the law.

• Re-programming of mobile telephone - Not being a manufacturer of mobile

phone devices or an authorized agent of such manufacturer, knowingly or intentionally, changes or interferes with the operation of mobile telephone equipment identity.

With the widespread use of the mobile telephone in East Africa, (for

example, over half of the Kenyan population has access to a mobile phone),

a

new pattern of offences began to emerge.

o

Kidnappings – with the kidnappers using the convenience of the mobile

phone to get in touch with the victim’s family and make a ransom demand

o Hoax promotions/raffles – where a subscriber is called by a person

purporting to be from a mobile service provider or a company running a promotion and informed that they have won a prize in a draw and in order

for them to collect their money they need to pay – via mobile money transfer

an ‘administrative charge’

o

Or being falsely advised to dial a certain code ostensibly to register but the

effect of dialing that code transfer’s airtime to the criminal’s number

o A number of these crimes were being committed by convicts who had

unathorised access to mobile phones while in custody. In July 2009, Kenya’s President Mwai Kibaki directed the Ministry of Information and Communication to establish a databank of all mobile telephone subscribers. The directive was preceded by the President’s concern over a reported increase in phone-related crime.

Administrative/Institutional Framework for Combating Identity Related Crime:

In Kenya, the Police Service is the principal law enforcement agent. According to the department's website (www.kenyapolice.go.ke), it is organized into twelve 'Formations' based on both administrative functions

and crime typologies. Out of these twelve formations, the following deal with particular types of crimes:

• General Service Unit – for riots and offences of public order

• Criminal Investigation Department -

• Anti-stock Theft Unit – for livestock theft

• Traffic Police Department

• Tourism Police Unit

• Maritime Police Unit

• Diplomatic Police Unit

Three other police units are important in discussions of identity-related

offences even though their place within the administrative structure of the Police Service could not be immediately established:

• The Serious Crimes which deals with offences such as money laundering, kidnapping and organized crime;

• The Anti-Banking Fraud Unit;

• The Anti-Terrorism Unit.

Evidently, identity-related crime is not given any special treatment as a sub- category or thematic subject both from a criminal justice or law enforcement perspective. There is therefore no general conceptual framework or official public study on identity-related crimes. Moreover, information on these types of crimes is not necessarily disaggregated from the general crime statistics that are compiled and published by the Kenya Police.

These crime statistics published by the Kenya Police for various types of crime between 2006 and 2008 are presumably (because the report does not say so) reports of crime incidents recorded at police stations throughout the country and not necessarily actual convictions for the crimes.

The categories of crimes included in the table above are those that are related to identity crime. Though I have included them in the table, it is not clear from the statistics what ranges of crimes are covered by the expressions ‘other offences against persons’ or ‘other Penal Code offences’.

Identity crime typology and victim issues Based on decided cases and media reports, the most common types of

identity-related crimes in East Africa (whether committed in their traditional sense or with the aid of information and communications technology) include:

• Human trafficking

• Money laundering

• Terrorism

• Fraud, forgery, impersonation and theft

• Unlawful access to, modification, damage or theft of information in a computer system

• Unlawful modification of mobile phone equipment identity

Even far from the immediate loss and damage suffered that is the consequence of the direct consequence of identity crimes on the part of the victim, there are other challenges for victims of such crimes that relate to access to legal aid and justice:

• Because identity crime is not sufficiently mapped or studied by law

enforcement, there is inadequate information for both potential victims and victims on how to avoid and mitigate the effects of such offences.

• Inadequate legal framework – While laws on certain aspects of identity

related crime are lacking or insufficient, existing laws focus mostly on the punishment of the criminal and less on regulating the collection and management of personal information.

• The subject of the technical measures and minimum compliance standards

for protecting information, communications and commercial systems not captured in legislation

• East Africa’s governments have been challenged that they have not fully

complied with the minimum standards for the elimination of identity related

transnational crimes – human trafficking, money laundering, economic fraud, organized crime/terrorism.

• Poor crime reporting and crime mapping. Though prosecutions for identity related crimes are conducted, data on such cases is not compiled at the

provincial or national level, and any data compiled is not readily available to the public.

• Poor access to legal aid:

Poor victim access to knowledge on basic laws, prevention and self-help

High cost of professional legal aid

Poor forensic and prosecutorial knowledge and skills on the part of law

enforcement

• Difficulties of jurisdiction and mutual-legal assistance in dealing with transnational crimes

The following scenario extracted from the U.S. State Department Trafficking in Persons Report, June 200 is illustrative of the plight of victims of identity- related crimes:

‘Police reportedly arrested foreign trafficking victims for being in [the country] without valid identity documents; in most cases, they pled guilty to immigration violations and were quickly deported. The government did not provide legal alternatives to the removal of victims to countries where they would face hardship or retribution.’

The way forward:

• First, a baseline study on the incidence, typology and distribution of

identity-related crimes will need to be conducted in order to proved both aggregated and disaggregating regional and country-specific information. Such a study will provide the empirical information that will form the basis for understanding and decision making.

• There is need for improved tracking and reporting of identity-related crime by law enforcement and other government departments in the chain of justice and the sharing of this information with the public.

• Capacity building interventions for law enforcement and civil society

groups focusing on forensics, investigative and prosecutorial techniques,

preservation of evidence and the protection of and handling of victims.

• Information, education & awareness focusing on potential victims and

victims of identity-related crime will need to be developed for both victims and law enforcement agencies.

• Legislative reform – The East African member states will need to follow up on their obligations under the EA Cyberlaw Framework to prepare, sponsor

and pass legislation incorporating international best legislative standards on data protection and identity-related crime.

• Considering the important role of the private sector in the processing of

personal and financial information, in the development of technologies for protection of personal information and ensuring the security and

confidentiality of computer-based transactions and in its ability to assist law enforcement in the prevention, detection and punishment of identity-related crime and the protection of victims, it is imperative that countries consider a framework of co-operation between the public and private sectors in this regard.

• Finally, considering the trans-boundary nature of many identity-related

crimes, international legal obligations as well as mutual co-operation between countries in dealing with trans-located victims of identity-related crimes will need to be legislated or institutionalized.

OTHER EXAMPLES OF CYBER LAWS:

The Cyber Law Acts in Malaysia

o The Malaysian Government has already passed several Cyber Laws to

control and reduce the Internet abuse.

o These Cyber Laws include:

a. Digital Signature Act 1997

I. The Digital Signature Act 1997 secures electronic communication especially on the Internet.

ii. Digital Signature is an identity verification standard that uses encryption

techniques to protect against e-mail forgery. The encrypted code consists of the user’s name and a hash of all the parts of the messages. iii. By attaching the digital signature, one can ensure that nobody can eavesdrop, intersect or tamper with transmitted data.

b. Computer Crimes Act 1997

i. The computer crimes Act 1997 gives protection against the misuses of computers and computer criminal activities such as criminal activities unauthorized use of program, illegal transmission of data or messages over computers and hacking and cracking of computer systems and networks.

ii.

By implementing Computer Crimes Act 1997 users can protect their rights to privacy and build trust in the computer system. At the same time, the government can have control at a certain level over the Cyber Space to reduce Cyber Crime activities.

c.

Telemedicine Act 1997

i. The Telemedicine Act 1997 ensures that only qualified medical practitioners can practice the telemedicine and that their patients’ rights and interest are

protected.

ii. These acts provide the environment for the future development and

delivery of healthcare in Malaysia.

d. Communications and Multimedia Act 1998

i. The implementation of Communication and Telecommunication 1998

ensures that information is secure, the network is reliable and the service is affordable all over Malaysia.

ii. This act also ensures high level of user’s confidence in the information and

communication technology industry.

o Besides these Cyber Laws, there are three other Cyber Laws being drafted

i. Private Data Protection Bill

ii. Electronic Government Activities Bill

iii. Electronic Transactions Bill

iv. Security Protection Bill

Summary

1. Cyber law refers to any laws relating to protecting the Internet and other

online communication technologies.

2.

Cyber Law is needed to protect

i.

the integrity and security of information

ii

the legal status of online transactions

iii

the privacy and confidentially of information

iv

the intellectual property rights

v

government data

3.

Some examples of Cyber Laws in Malaysia

i

Digital Signature Act 1997 iii Computer Crimes Act 1997

ii

Telemedicine Act 1997

iv

Communications and Multimedia Act 1998

4.

Other Cyber Laws

i The security Protection Bill

iii

The Private Data Protection Bil

ii

The Electronic Transactions Bill

LESSON FIFTEEN: COMPUTER CRIMES

Nowadays, we found that many peoples are selling pirated computer software to customers at a much cheaper price than the original CDs. Do you think this is a criminal act or just a way of doing business?

COMPUTER CRIMES

1. A computer crime is defined as any criminal activity that is related to the

use of computers.

2. Any illegal act involving a computer is referred as a computer crime.

3. These activities include computer fraud, copyright infringement, and

computer theft and computer attack.

A. COMPUTER FRAUD

1. Computer fraud is defined as having an intention to take advantage over or causing loss to other people, mainly on monetary basis through the use of computers.

2. There are many forms of computer fraud which include e-mail hoaxes,

program fraud, investment schemes, sales promotion, and claims of expertise on certain field, health frauds, scams and hacking.

B. COPYRIGHT INFRINGEMENT

1. Copyright infringement is defined as a violation of the right secured by a

copyright.

2. Copyright infringement involves illegal copying or reproduction of

copyright materials by the black market groups.

3. The open commercial sale of pirated items is also illegal. Copyright

infringement involves illegal copying or reproduction of copyright

4. With the current technology, the most perfect copy of the original

copyright materials can be downloaded from the Internet.

5. For example, the widespread of illegal downloading activities and sharing of recorded music in MP3 format. Also the unauthorized copying of movies even after the losing down of the Nepster.

1.

Computer Theft is defined as the unauthorized use of another person’s

property with the intention to deny the owner the rightful possession of that property or its use.

2. Insurance companies and drug companies have access to private medical

records. These medical records can be used to determine the ability of employees to get an insurance policy. The drug companies may then sell and share the information with other companies.

3. Examples of computer theft include:

a) transfer of payments to the wrong accounts

b) tap into data transmission lines on database at no cost

c) divert goods to the wrong destination

D. COMPUTER ATTACK

1. Computer Attack may be defined as any activities taken to disrupt the equipment of computer systems, change processing control or corrupt stored data.

2. It is very hard to trace the authors of cyber threats. Therefore, the school authority will not know whether a virus entered their system from someone’s e-mail or is generated by school hackers.

3. Computer attack can be in the forms of:

a) Physical attack that disrupt the computer facility or its transmission lines

b) Electronic attack that uses the power of electromagnet energy to overload

computer circuitry.

c) A computer network attack uses a malicious code to exploit a weakness in software, or in the computer security practices of a computer user.

4. For example, the presence of technologically savvy young hackers in

schools that can produce damage to schools’ server.

5. They are capable of disabling filters and gate way software, or accessing

student information systems.

SUMMARY

1. Computer crime is any criminal activity that is related to the use of computers such as fraud, copyright infringement, and theft and computer attack.

2. Computer fraud includes health frauds, scams and hackers.

3. Copyright infringement includes the illegal downloading and sharing of

recorded music and unauthorized copying of movies online.

4.

Computer theft includes the unauthorized use of another person’s property with the intention to deny the owner the rightful possession of that property or its use.

5. Computer attack includes any activities taken to disrupt the equipment of

computer system, change processing control or corrupt data stored.

LESSON SIXTEEN: COMPUTER SECURITY

DEFINITION OF COMPUTER SECURITY

1.

Computer security means protecting our computer systems and the

information they contain against unwanted access, damage, destruction or

modification.

2.

We need to protect our computer from any intruder such as hackers,

crackers and script kiddies.

3.

We do not want strangers to read our email, use our computer to attack other systems, send forged e-mail from our computer, or examine personal information stored on our computer such as financial statements.

TYPES OF COMPUTER SECURITY

Three types of computer security are

a. hardware security

b. software security/ data security

c. network security

HARDWARE SECURITY

1. Hardware security refers to security measures used to protect the

hardware specifically the computer and its related documents.

2. The examples of security measures used to protect the hardware include

PC-locks, keyboard-lock, smart cards and biometric devices.

3. Besides these Cyber Laws, there are three other Cyber Laws being drafted

SOFTWARE AND DATA SECURITY

1. Software and data security refers to the security measures used to protect

the software and the loss of data files.

2. Examples of security measures used to protect the software are activation

code and serial number.

3. An example of security measure used to protect the loss of data files is the

disaster recovery plan method.

4.

The idea of this plan is to stored data, program and other important documents in a safe place that will not be affected by any major destruction.

NETWORK SECURITY

1. The transfer of data through network has become a common practice and

the need to implement network security has become significant.

2. Network security refers to security measures used to protect the network

system.

3. One example of network security measures is firewall. With firewall,

network resources can be protected from the outsiders.

PERSONAL COMPUTER SECURITY CHECKLIST

In order to make sure our computers are secured, here are the computers security checklists to follow.

a) Do not eat, drink or smoke near the computer.

b) Do not place the computer near open windows or doors.

c) Do not subject the computer to extreme temperatures.

d) Clean the equipment regularly.

e) Place a cable lock on the computer.

f) Use a surge protector.

g) Store disks properly in a lock container.

h) Maintain backup copies of all files.

i) Stores copies of critical files off sites.

j) Scan a floppy disk before you open it.

k) Do not open any unknown email received.

SUMMARY

1. Computer security is a process of preventing and detecting unauthorized

use of the computer.

2. There are three types of computer, which are hardware security,

software/data security and network security.

Qn. Explain briefly the different threats to computer security:

Malicious code

Hacking

Nature/environment

Theft

LESSON SEVENTEEN: INTRODUCTION TO SECURITY THREATS

2. Computer threats can come from many ways either from human or natural disaster. For example, when someone is stealing your account information from a trusted bank, this threat is considered as a human threat. However, when your computer is soaked in heavy rain, then that is a natural disaster threat.

3. Generally, security threats include malicious code, hacking, natural

environment and theft.

A. MALICIOUS CODE

1. Malicious code is also known as a rouge program. It is a threat to

computing assets by causing undesired effects in the programmer’s part. The effect is caused by an agent, with the intention to cause damage.

2. The agent for malicious code is the writer of the code or any person who

causes its distributions.

3. There are various kinds of malicious code. They include

Virus

Virus is a program that can pass on the malicious code to other non-infected programs by modifying them.

To infect a computer, the virus needs to attaches itself to the program, usually files with .doc (document), .xls (spreadsheet), .exe (executable file) extensions.

It will then destroy or co-exists with the program.

Once the infected file is open; the virus will copy itself into that particular system and perform its functions.

Eventually, it can overtake the entire computing system and spread to other connected systems.

Trojan horse

A program which can perform useful but unexpected actions.

Must be installed by users or intruders before it can affect the system’s assets

An example of a Trojan horse is the login script that request for users’ login ID and password.

The user will then successfully pass the login process, but the Trojan horse will keep a copy of the information to be use for malicious purposes.

Logic bomb

Logic bomb is a malicious code that goes off when a specific condition occurs.

An example of a logic bomb is the time bomb. It goes off and causes threats at a specified time or date.

Trapdoor or backdoor

A feature in a program that allows someone to access the program and use it with special privileges.

Worm

A program that copies and spreads itself through a network.

Primary differences between worms and viruses

Worm Operates through the network While Virus Spreads through any medium. (Usually copied programs or data files)

Worm Spreads copies of itself as a standalone program While Virus Spread copies of itself as a program that attaches to other program.

B. HACKER

1. Hacking is a source of threat to security in computer. It is defined as

unauthorized access to the computer system by a hacker.

2. Hackers are persons who learn about the computer systems in detail. They

wrote program referred to as hacks. Hackers may use a modem or cable to hack the targeted computers.

3. Kevin Mitnick is the most notorious hacker ever caught. He had stolen

millions of dollars worth of software and credit card information on the net. He used new identities and cleverly concealed his locations. He spent 5 years in jail for his hacking activity.

C. NATURAL AND ENVIRONMENTAL THREATS

1. Computers are also threatened by natural or environmental disaster. Be it

at home, stores, offices and also automobiles.

2.

Examples of natural and environmental disasters:

a)

Flood

b)

Fire

c)

Earthquakes, storms and tornados

d)

Excessive heat

e)

Inadequate power supply

D.

THEFT

1.

Two types of computer theft:

a.

Computer is used to steal money, goods, information and resources.

b.

Actual stealing of computer, especially notebook and PDA. (This type of

stealing causes loss of the expensive item and also the valuable information.)

2.

Three approaches to prevent theft

a) Prevent access by using locks, smart card application and password

activation

b) Prevent portability of your computer by restricting all hardware from

physically being moved to other places.

c) Detect and guard all exits and record any hardware (such as disk or CD)

before being transported

SUMMARY

1. Security threats include malicious code, hacking, natural environment and

theft.

2. There are various types of malicious code that include virus, Trojan horse,

logic door, trapdoor or backdoor and worm.

3. Virus is a program that can pass malicious code to other non-infected program by modifying them.

4. Computers are also threatened by natural or environmental disaster such

as flood, fore, earthquakes, storms and tornados.

5. Computer theft includes stealing money, goods, and information and

computer resources.

LESSON EIGHTEEN: SECURITY MEASURES

1. Today, people rely on computer to create, store and manage critical information. It is important that the computer and the data they store are accessible and available when needed. It is also important that user take measures to protect their computers and data from lost, damage and misuse. How do we protect our computer from breaches of security and our security risk? 2. Security measures mean the precautionary measures taken to ward off possible danger or damage.

There are 6 types of security measures which are

data backup

cryptography

Antivirus,

Anti-Spyware

Firewall

Human aspects.

A.) Data backup

1. Data backup is a program of file duplication.

2. Backups of data applications are necessary so that they can be recovered

in case of an emergency.

3.

Depending on the importance of the information, daily, weekly or biweekly

backups from a hard disk can be performed.

B.) Cryptography

1. Cryptography is a process of hiding information by altering the actual

information into different representation, for example APA can be written as I?X.

2. Almost all cryptosystem depend on a key such as a password like the

numbers or a phase that can be used to encrypt or decrypt a message.

3. The traditional type of cryptosystem used on a computer network is called

a symmetric secret key system.

4. With this approach, the sender and the recipient use the same key, and

they have to keep the share key a secret from anyone else.

C.) Antivirus

1. User should install an Antivirus program and update it frequently.

2. An Antivirus program protects a computer against viruses by identifying and removing any computer viruses found in the computer memory, on storage media or incoming e-mail files

3. Identifying virus:

Two techniques are use to identify the virus:

a) Virus signature – also called a virus definition. It is a specific pattern of the virus code.

b) Inoculating a program file – the Antivirus program records information such as the file size and file creation date in a separate inculcation file. The Antivirus program then uses this information to detect if a virus tampers with the data describing the inoculated program file.

If an Antivirus program identifies an infected file, it attempts to remove its virus, worm or Trojan horse. If the Antivirus program cannot remove the infection, it often quarantines the infected file. Quarantine is a separate area of a hard disk that holds the infected file until the infection can be removed. This step ensures other files will not become infected.

4. An Antivirus program scans for programs that attempt to modify the boot

program, the operating system and other programs that normally are read

from but not modified.

5.

Many Antivirus programs automatically scan files downloaded from the

web, e-mail attachments and all types of removable media inserted into the

computer.

D.) Anti-Spyware

1. Spyware is a program placed on a computer without the user’s knowledge.

It secretly collects information about the user.

2. The Spyware program communicates information to the outside source.

3. An Anti-Spyware application program sometimes called tracking for threat

or a Spybot is used to remove Spyware.

4. Among the popular Anti-Spyware programs are:

o

Spybot Search and destroy

o

Ad-aware

o

Spyware Blaster

E.) Firewall

1. Firewall is a piece of hardware or software which functions in a networked

environment to prevent some communications forbidden by the security

policy.

2. The purpose of a firewall is to keep bad thing outside a protected firewall

implement a security policy. It might permit limited access from in or outside the network perimeters or from certain users or for certain activity.

3. There are three types of firewall

a. Screening routers

Simplest

Sees only addresses and service protocol type

Screen based on connection rules.

b. Proxy gateway

Complex

Sees full text of communication

Screen based on behaviour proxies

c. Guard

Most complex

Sees full text of communication

Screens based on interpretation of message content.

F.) Human Aspects 1. Human aspects refer to the user and also the intruder of

F.) Human Aspects

1. Human aspects refer to the user and also the intruder of a computer

system.

2. It is one of the hardest aspects to give protection to.

3. The most common problem is the lack of achieving a good information

security procedure.

4. There are three ways to protect computer from human aspect threat:

a. Organisation Self Awareness

Organisations need to be aware of the people they work with

Some threats also come from within the organization and not just from the outside.

b. Organisational User Self Awareness

Provide employee with adequate training and the importance of security and control.

Even a very high-tech protection system could not protect the system against incompetent users.

c. Individual User Self Awareness

Threat often comes in beautiful offers and packages.

Do not download or install software from unreliable sources.

Do not expose important information to strangers.

Summary 1. Data backup is a program of file duplication. 2. Security measures mean the

Summary

1. Data backup is a program of file duplication.

2. Security measures mean the precautionary measures taken to ward off

possible danger or damage.

3. Cryptography is a process of hiding information by altering the actual

information into different representation.

4. An Antivirus program protects a computer against viruses.

5. Spyware is a program placed on a computer without the user’s knowledge

and secretly collects information about the user.

6. Firewall prevents some communications forbidden by the security policy.

7. Human aspects refer to the user and also the intruder of a computer

system which is one of the hardest aspects to give protection to.

LESSON NINETEEN: RELATIONSHIP BETWEEN SECURITY THREATS

AND SECURITY MEASURES

Security threats may come in many forms. For example, when someone is invading our account information from a trusted bank, this act is considered as a security threat. Security measures can be used to prevent this invaders from getting the getting the account information. For example, the bank can use a firewall to prevent unauthorized access to its database.

A.) Security threats

1. Security threats causes data loss, computer damage and the misuse of content. These threats include malicious code, hacking, natural disaster and theft.

2. People need to apply some security measures to overcome these threats. The examples of security measures include data backup, cryptography, Antivirus, Anti-Spyware, firewall and human aspects.

B.) Malicious code threats Vs Antivirus and Anti-Spyware

1. Malicious code is a rogue program that threats computer assets by causing undesired effects in the programmer part. These threats include virus, Trojan horse, logic bomb, worm, trapdoor and back door.

2. Antivirus and Anti-Spyware can be used as security measure to protect the

computer from those threats.

3. These security measures provide protection to the computer by

a) Limiting connectivity

b) Allowing only authorized media for loading data and software

c) enforcing mandatory access controls

d) blocking the virus from the computer program

C.) Hacking VS Firewall

1. Hacking is an unauthorized access to the computer system done by a

hacker. We can use firewall or cryptography to prevent the hacker from accessing our computers.

2. A firewall permits limited access to unauthorized users or any activities

from the network environment. 54 Form 4 Lesson Notes Part 1 ICT & Society

3.

Cryptography is a process of hiding information by changing the actual

information into different representation, for example, an APA can be written as 7&*.

D.) Natural disaster VS data backup

1. The natural and environmental disaster may include flood, fire,

earthquakes, storms and tornados.

2. Natural disaster may threaten a computer’s hardware and software easily.

Computers are also sensitive to their operating environment such as excessive heat or the inadequacy of power supply.

3. The backup system is needed to backup all data and applications in the

computer. With the backup system, data can be recovered in case of an emergency.

E.) Theft VS human aspects

1. Computer theft can be of 2 kinds:

a) Can be used to steal money, goods, and information and computer resources. b) The actual stealing of computers, especially notebooks and PDAs.

2. These threats can be handled based on the human aspects.

3. There are 3 approaches that can be taken by individuals or organizations

to prevent theft which are:

a) Prevent access by using locks, smart card or password

b) prevent portability by restricting the hardware from being moved

c) detect and guard all exits and record any hardware transported.

F.) be suspicious of all results

1. There are many instances where non-programmers develop applications

which are not built with proper understanding of software engineering practices.

2. Data produced by such applications may not be correct and may risk

corrupting data received from other sources that are not compatible with the application. Summary

1. The relationship between the security threats and the security measures.

2. The appropriate security measures to use to protect the computer from

computer threats.

LESSON TWENTY: SECURITY PROCEDURES

Home alarm systems do prevent burglars from breaking in. Similarly computers should have alarm systems to guard them from any attacks such as viruses and data corruption. We can assume that the house is like the computer while the alarm system is the security procedures that we take to ensure its safety. It shows that the alarm system is the tool that prevents the burglar from entering the house. Similarly, by taking extra safety precautions, we can avoid any virus attacks and file corruptions in our computers.

A.) Data protection

1. We need to protect the data in the computer as it may somehow get lost or corrupted due to some viruses or mishap like fire, flood, lightning, machine failures and even human errors.

2. There are a few ways to protect the information namely:

Make backup files

o

Keeping the duplicated files in external storage such as in the floppy disk and thumb drive.

o

Do backup frequently to prevent data from getting lost due to hardware or system failure.

Detect the virus and clean the computer

o

A computer virus is able to infect the way the computer works

o

With an Anti-Virus program, viruses can be destroyed and eliminated quickly and efficiently.

o

Viruses can be detected when we run an Anti-Virus program

o

We can also delete the infected files and documents.

o

Don‘t forget to do routine Anti-Virus checks, updates and backup files to prevent from future virus attack.

Warn others on virus attacks

o We can warn others on virus attacks or new viruses by sending e- mail to them.

B.) Detecting illegal access to system

1. The computer system is able to detect any illegal access to the system by

a user who does not have any authorization.

2. Basically, a corporation will simply use tcpwrappers and tripwire to detect

any illegal access to their system.

a)Tcpwrappers

Tcpwrappers will control access at the application level, rather than at the

application level, rather than at the socket level like iptables and ipchains. The system will run tcpwrappers to log access to fttp, tftp, rch, rlogin, rexe and telnet.

o

Tcpwrappers stop the attempted connection

o

examines its configuration files

o

Will decide whether to accept or reject the request.

b)Tripwire

Tripwire will detect and report on any changes in the thousands of strategic system files. The system will run tripwire to determine if system files have changed.

3.

User’s access will be reviewed periodically by computer operations. On

going internal audits will be made to ensure detection of violations of security and unauthorized modifications to software and data.

C.) Preventing illegal access to systems

1. There are things that cannot be taken inside the airplane. It is for the

purpose of security procedures. It is the same as computer systems. It would not allow any unauthorized users to simply access the systems.

2. Ways to prevent illegal access to systems

a) Run anypassword to make password cracking difficult. It’s a password

software tool to sort out this problem. And thus you can store all your passwords in one secure place, which is protected with a strong encryption algorithm.

b) Run tcpwrappers to check if the name for an ip address can be provided

by DNC

c) Use a callback system to prevent unauthorized use of stolen passwords.

D.) Preventing illegal root access

1.

To prevent any illegal root access, we should have Sudo. So that people

can perform on some machines without getting access to the entire root if

that is not require. In addition, with Sudo we do not have to give up the root passwords.

2. Sudo stands for (Superuser do) and is a program in UNIX, Linux and similar

operating systems such as Mac OS X that allows users to run programs in the form of another user (normally in the form of the system’s superuser).

3. Sudo allows a permitted user to execute a command as the superuser or

another user, as specified in the sudoers file.

E.) Patch

1. Patch is a name of an UNIX utility. It applies a script generated by the different program to a set of files that allows changes from one file to be directly applied to another file.

2. Patch supplies small updates to software, provided that the source code is

available.

3. Resources are not enough to patch all security holes that we can hear

about through the bugtraq list.

4. Bugtraq is a full disclosure mailing list dedicated to the issues of computer security. On-topic discussions are new discussions about vulnerabilities, methods of exploitation and how to fix them. It is a high volume mailing list and almost all new vulnerabilities are discussed there.

Summary

There are a few ways to protect information. They are

o

Make backup files

o

Detect the virus and clean the computer

o

Warn others on virus attack

Qn. Describe the impact of ICT on society.

LESSON TWENTY-ONE: COMPUTER APPLICATIONS IN THE SOCIETY

The computer has changed the society today as much as industrial revolution changed society in 18 th and 19 th century. People interact directly with computer in education, finance, government, health care, science, publishing, tourism, and industry.

Computers help them to do their work faster and more efficient by using the software application that consists of special program for specific task.

SOFTWARE APPLICATIONS Software applications are used for many reasons. Such as to: o enhance the

SOFTWARE APPLICATIONS

Software applications are used for many reasons. Such as to:

o

enhance the learning process

o

to help in business activities,

o

to assist the graphics and multimedia project

o

To facilitate communication.

Area

Examples of software applications

Home and

Integrated software, Personal finance, Legal, Tax Preparation,

Education

Clip Art/Image Gallery, Home Design/Landscaping and

Reference

Business

Word Processing, Spreadsheet, Database, Presentation

Graphics, Personal Information Manager, Software Suite,

Project Management and Accounting

Graphics

Computer-aided design (CAD), Desktop Publishing,

and

Paint/Image Editing, Video and Audio Editing, Multimedia

Multimedia

Authoring and Web Page Authoring

Communicat

E-mail, Web Browsers, Chat Rooms, Newsgroups, Instant

ion

Messaging, Groupware and Video Conferencing

These software applications come in packages.

SOFTWARE APPLICATIONS PACKAGES

Software Application

Examples of Popular Packages

Word Processing

Microsoft Word and Lotus Word Pro

Spreadsheet

Microsoft Excel and Lotus 1-2-3

Database

Microsoft Access and Microsoft Visual FoxPro

Presentation Graphics

Microsoft Power Point and Lotus Freelance Graphics

Personal Information Manager

Microsoft Outlook and Palm Desktop

Software Suite

Microsoft Office and Lotus SmartSuite

Project Management

Microsoft Project and Corel CATALYST

Accounting

MYOB and Peachtree Complete Accounting

A) HOME & EDUCATION

1. Today, computers are used in schools, colleges & universities in order to

promote better education by using computers.

2. Some of the software applications that usually used in schools &

universities include Microsoft Office, Adobe Photoshop, Macromedia Flash, AutoCAD, and Macromedia Dreamweaver & Macromedia Director.

3. Computer for Higher Education

o Open Distance Learning (ODL) or On-line learning can be implemented as computers are the main medium in delivering the knowledge from one location to the other locations.

o This type of learning consists of online forum, discussion, quizzes,

test questions & many more. The example of the Open Distance Learning institution is the Open University of Malaysia. (www.oum.edu.my)

B) BUSINESS

1 People use finance or accounting software to balance check books, pay

bills, track personal income & expenses, manage investments & evaluate their financial plans.

2. Accounting software helps companies to record & report their financial

transactions. One example of these software applications includes MYOB, Intuit Quick Books & Peachtree Complete Accounting.

3

Computers in Banking

o

In the banking sector. Many financial institutions offer online banking.

People can access their financial records from anywhere in world. Example of online banking is Maybank2u.

(www.maybank2u.com)

4 Industry

o By using the CAM system, computers record actual labour, material, machine & computer time used to manufacture a particular product.

o Computer process this data & automatically update inventory, production, payroll & accounting records on the company’s networks.

o Examples of companies using this system are Proton

(www.proton.com.my) & Perodua (www.perodua.com.my).

C) GRAPHIC & MULTIMEDIA

1. Computers are crucial in publishing especially in the process of making

work available to the public

2. Special software applications are used to assist graphic designers to

develop graphics, texts, photographs & composing songs

3. Computer- Aided Design, Desktop Publishing, Paint/ Image Editing, Video &

audio editing & Multimedia Authoring are among the popular applications software.

D) COMMUNICATION

1. A government provides society with direction by making & administering policies. Most government offices or agencies have website in order to provide citizen with up-to-date or latest information.

2. Examples of software applications used for communication include email, web browser, newsgroups, instant messaging & video conferencing.

3. People can access government websites to:

Check information on taxes (www.hasil.org.my)

Apply for permit & licenses (www.jpj.gov.my)

Check for MyKad (www.jpn.gov.my)

Pay parking tickets & check summons (www.jpj.gov.my)

Renew vehicle registration (www.jpj.gov.my)

Register online for IPTA/IPTS application (www.moe.gov.my)

4. Computers in Tourism

Today, people will go online to get all related information about traveling. They can visit websites to get information on destinations, prices, hotels, flights & car rentals.

5. Computers in the Healthcare

In the medical field, computers are very important in running the operations. Medical staffs use computers for various purposes, namely:

i. Maintaining patient records ii. Monitoring patients’ vital sign

iii. Assisting doctors, nurses & technicians with medical tests by using

computer & computerized devices.

iv. Using medical software to help with researching & diagnosing health

conditions.

6. Science

o In the scientific world, computers are used in all fields of science from

biology to astronomy to meteorology and others. These are thing that can be done by computer, namely; i. Collecting, analyzing & modeling data ii. Serving as medium of communication with colleagues around the world

iii.

Contributing to new inventions or breakthrough in surgery, medicine

&

treatment.

iv.

Imitating functions of the central nervous system, retina of the eye

&

others by tiny computers.

v. Allowing a deaf person to listen through cochlear implant

SUMMARY

1.

Computers help people to do their work faster & more efficient by using

the software applications that consist of special programs for specific tasks.

2. Software applications are used for many reasons such as to enhance the

learning process, to help in business activities, to assist the graphic &

multimedia projects & to facilitate communication.

3. Examples of software applications include integrated software, personal

finance, legal, word processing, spreadsheet, computer-aided design (CAD), desktop publishing, email, web browser & chat rooms

LESSON TWENTY-TWO: COMPUTER USER

At the end of the lesson, student should be able to:

• describe the various types of computer users in society.

COMPUTER USERS IN SOCIETY The 5 categories of computer users are:

• Home users

• Small office/ house office (SOHO) users

• Mobile users

• Power users

• Large business users

HOME USERS

The computer is a basic necessity. Each home user spends time on computer for different reasons:

• Business

• Entertainment

• Communication

• Education

SMALL OFFICE/HOME OFFICE (SOHO)

These SOHO users:

• Use desktop or notebook computers as well as telephone, hand- phone and PDAs in completing their tasks and communicating

• Work as a small company or works as an individual at home

MOBILE USER Mobile users:

• include real estate agents, insurance agents, metre readers and journalists

• use notebook computers, internet-enabled PDAs or smart phones

• Work with basic business software such as word processing and spreadsheet business software

• use presentation graphics software to create and deliver

presentations to a large audience by connecting a mobile computer or device to a video projector

POWER USER

Power user:

• include engineers, scientists, architects and virtual reality animators

• use computers with extremely fast processor, bigger storage and customized software

• Work with mini computers that uses design to meet the organizational needs

• use software such as CAD, CAM and MATLAB

LARGE BUSINESS USER Large business users:

• Bank, insurance company, hypermarket

• use computers for basic business activities

• have e-commerce that allows customers and vendors to interact and

do business transaction online therefore customers, vendors and other interested parties can access information on the web

• have e-mail and web browsers to enable communications among employees, vendors and customers

• provide kiosks in public locations

CURRENT AND FUTURE DEVELOPMENT

LESSON TWENTY-THREE: HOW TO CONDUCT A STUDY

At the end of this lesson, students should be able to:

• Outline the basic steps of doing study There are five basic steps to follow when we do study:

Step 1- Get an overview of the topic: