chapter 8: laws, ethics, and safeties in information technology usage
TRANSCRIPT
Chapter 8: Laws, Ethics, and Safeties
in Information Technology Usage
Contents
Information Technology Laws
Ethics in IT Usage
Computer Crimes
Safety Protections in IT Usage
Future Trends in Safety Protections
Act on Computer Crime B.E.2550
4 sections (Generalization and Definitions)
The act consists of 30 sections and divided into 3 major parts
Part 1 Crime involved with Computers (13 sections)
Part 2 Competent Official (13 sections)
Generalization and Definitions
Section 1 This act is called the “Act on Computer Crime B.E.2550”
Section 2 Enforcement: within thirty days from publication in the Government GazetteSection 3 Definitions: “Computer system”, “Computer data”, “Traffic data”, “Service provider”, “User”, “Competent official”, and “Minister”
Section 4 The execution of the act by the Ministry of Information and Communication Technology
Part 1 Crime involved with
computersIllegally access computer system/
computer data
Illegally disclose another person data
Illegally intercept and transmit in computer system
Damages, destroys, alters, modifies, or adds to whole or part of computer data of another person with authorization
Part 1 Crime involved with computers
(cont.)
The action without authorization causes suspension, deceleration, obstruction, or interference with computer system of another person
Forging or altering its sources, sends computer data or electronic mail to interfere normal usage
Disposes or disseminate specific designed program for the commission of the offence
Part 1 Crime involved with computers
(cont.)
Input, into computer system, forged computer data cause injury to another person or the public/ nation security or public panic/ terrorism
Any service provider intentionally supports or consents to commit the offence under his control
Part 1 Crime involved with computers
(cont.)
Inputs to which the public can access photograph of another person in a manner likely to impair reputation, to expose, or to shame of other person
Covering the committing an offence outside the Kingdom by Thai people, or an alien
Part 2 Competent Official
Authority of an official
Investigate the authorization
Exercising an official power
Responsibility of service provider
Performance of the duties under the Act
Electronic Transactions Act B.E.2544
The Act shall apply to all civil and commercial transactions performed by using data message, except the transactions prescribed by a Royal Decree to be excluded from this Act wholly or partly.
Electronic Transactions Act B.E.2544
Definitions “transaction” “electronics” “electronics transaction” “information” “data message” “electronic signature” “information system” “electronic data interchange” “originator”
“addressee” “intermediary” “information” “certificate” “signatory” “relying party” “State agency” “Commission” “Minister”
Electronic Transactions Act B.E.2544
Chapter 1 Electronic Transactions
Chapter 2 Electronic Signature
Chapter 3 Service Business Relating to Electronic Transactions
Chapter 4 Electronic Transactions in the Public Sector
Chapter 5 Electronic Transactions Commission
Chapter 6 Penalties
Intellectual Property
Intellectual Property (IP) refers to creations of the mind which includes literary, artistic and scientific works performances of performing artists,
phonograms and broadcasts inventions in all fields of human endeavor scientific discoveries industrial designs trademarks, service marks, commercial
names and designation
Intellectual Property
Intellectual Property Law in Thailand Thai law provides protection for various
types of intellectual property. The protection against unfair
competition and all other rights resulting from intellectual activity in the industrial, scientific, literary or artistic fields.
IP: Patents, Trade marks, Designs, Copyright
COPYRIGHT ACT B.E. 2537
Definitions “author” “copyright” “literary work” “computer program” “dramatic work” “artistic work” “musical work” “audiovisual work” “cinematographic work”
“sound recording” “performer” “broadcasting
work” “reproduction” “adaptation” “communication to
public” “publication”
COPYRIGHT ACT B.E. 2537
The Copyright work by virtue of this Act means a work of authorship in the form of literary, dramatic, artistic, musical, audiovisual, cinematographic, sound recording, sound and video broadcasting work or any other work in the literary, scientific or artistic domain whatever may be the mode or form of its expression. Copyright protection shall not extend to ideas or procedures, processes or systems or methods of use or operation or concept, principles, discoveries or scientific or mathematical theories.
Fair Use
reproduction for use in the library or another library
reasonable reproduction in part of a work for another person for the benefit of research or study
research or study of the computer program use for the benefit of the owner of the copy of the computer program
comment, criticism or introduction of the work with an acknowledgement of the ownership of the copyright in the computer program
Fair Use
reporting of the news through mass media with an acknowledgement of the ownership of copyright in the computer program
making copies of a computer program for a reasonable quantity by a person who has legitimately bought or obtained the program from another person so as to keep them for maintenance or prevention of loss
use of the computer program as part of questions and answer in an examination
Fair Use
reproduction, adaptation, exhibition or display for the benefit of judicial proceedings or administrative proceedings by authorized officials or for reporting the result of such proceedings
adapting the computer program as necessary for use
making copies of the computer program so as to keep them for the reference or research for public interest
Ethics in IT Usage
Information Privacy
Information Accuracy
Information Property
Data Accessibility
Computer Crimes
Illegally access computer system/computer data
Spyware
Sniffer
Phishing/
Spoofing
Spyware is an application that follows or tracks the user’s data.
Advertising pop up window without the user’s request
Track or hack password to simulate the user’s account/login account
Block the user’s account
Spyware
Sniffer is a computer software or hardware that can intercept and log traffic passing over a digital network and stole/hack username/password for access to the system or data.
Sniffer
Phishing/Spoofing
Phishing is the attempt to acquire security information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.
Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting public.
Phishing emails may contain links to websites (malware).
Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
Phishing/Spoofing
Destroy/Obstruct the computer system/computer data
Malicious code: Virus computer, Worm, Trojan, Exploit, Hoax
Denial of Service (DoS) Virus spreading to interrupt the network
traffic Flooding packet switching/Fault torrent Destroy by delete user account or user
data Shutdown server Brake on the defect of system software
Spam mailHacking toolMalign data postingMalicious editing data/photo
to injure another person or disseminate without permission
Computer Crimes (cont.)
Safety Protections in IT Usage
1 )Spyware protection
Do not click hyperlink or advertising pop up
Beware to download unknown software Unsubscribed the untrusted e-mail
2 )Sniffer protection
Safety Protections in IT Usage
Secure Socket Layer (SSL) Secure Shell (SSH) Virtual Private Network (VPN) Pretty Good Privacy (PGP)
3 )Phishing protection
Safety Protections in IT Usage
Check/Confirm information with the bank when received banking e-mail
Do not open the untrusted e-mail
4 )Virus computer protection
Install scan virus software into computer system
Check and repair the missing of the operating system
Carefully check and open only reliable e-mail
Safety Protections in IT Usage
5 )Denial of Service (DoS) protectionUse filtering packet on router to filter
dataInstall TCP SYN Flooding software for
hacking protectionDo not open unused port, such as FTPUsing Tripwire programInstall Hot spares server Install backup network system
Safety Protections in IT Usage
6 )Spam e-mail or Bomb e-mail protectionDo not subscribe untrusted
newsletter/website Determine the number of maximum
sending e-mails per timeDetermine the maximum size of e-mail
for sending and receivingDetermine keyword for blocking
unwanted e-mail by specify keywords/subjects
Check the existing of an e-mail before sending
Safety Protections in IT Usage
7 )Illegally access protectionUsing firewall Check authorization for login the
systemCheck the permission card Record check in and check out Keep tracking the using behavior in the
systemDetermine the different authorization
level for each user
Safety Protections in IT Usage
Regulate the encryption of notebook computer in the organization
Encryption the data in smartphone as same as doing in notebook computer
Law reform for personal data protection
Protect the exploit program or worms to enter the gap of the smartphone system
Future Trends in Safety Protections
The increasing of the attack to Voice of IP (VoIP)
The dangerous gap of Zero-Day in operating system or software
Increase the importance of Network Access Control (NAC) in the organization
Future Trends in Safety Protections