View
1.965
Download
2
Category
Preview:
Citation preview
[ T Y P E T H E C O M P A N Y A D D R E S S ]
ASSIGNMENT 2
MANAGEMENT
INFORMATION
SYSTEM
CYBER CRIME AND
ETHICAL & SOCIAL IMPACT OF
INFORMATION SYSTEMS
ZAHID NAZIR
Roll No. AB523655
MBA Executive
2nd Semester , Spring 2009
A L L A M A I Q B A L O P E N U N I V E R S I T Y , I S L A M A B A D
C O M M O N W E A L T H O F L E A R N I N G E X E C U T I V E M B A P R O G R A M M E
Zahid Nazir
Roll No. 523655
2
ETHICAL AND SOCIAL IMPACT OF INFORMATION SYSTEMS
There is no question that the use of information technology in business
presents major security challenges, poses serious ethical questions, and affect
society in significant way.
The use of information technologies in business has had major impacts on
society and thus raises ethical issues in the areas of crime, privacy, individuality,
employment, health and working conditions.
Business / IT
Security
Ethics
and Society
Privacy
Crime
Working
Conditions
Employment
Health
Individuality
Figure: Important aspects of the security, ethical and societal dimensions of the use of
information technology in business. Remember that information technologies can
support both beneficial and detrimental effects on society in each of the areas
shown.
However it should also realized that information technology has had beneficial
results as well as detrimental effects on society and people in each of these
areas. For example, computerizing a manufacturing process may have the
adverse effect of eliminating people’s jobs, but also have the beneficial result
Zahid Nazir
Roll No. 523655
3
of improving working conditions and producing products of higher quality at
less cost. So job as a manager or business professional should involve
managing your work activities and those of others to minimize the detrimental
effects of business applications of information technology and optimize their
beneficial effects. That would represent an ethically responsible use of
information technology.
Information
&
Technology
Ethical Issues
Social Issues
Political Issues
Individual
Society
Polity
Quality of Life
SystemQuality
Property Rights & Obligations
Information Rights & Obligations
Accountability& Control
The fig. above shows the relationship between ethical, social, and political issues in an information society.
ETHICAL RESPONSIBILITY OF BUSINESS PROFESSIONALS
As a business professional, one has a responsibility to promote ethical use of
information technology in the workplace. Whether one have managerial
responsibilities or not, one should accept the ethical responsibilities that come
with your work activities. That includes properly performing your role as a vital
human resource in the business systems you help to develop and use in your
organization. As a manager or business professional, it will be your
responsibility to make decisions about business activities and the use of
Zahid Nazir
Roll No. 523655
4
information technologies, which may have an ethical dimension that must be
considered.
For example, should you electronically monitor your employee’s work activities
and electronic mail? Should you let employee use their work computers for
private business or take home copies of software for their personal use?
Should you electronically access your employee’s personal records or
workstation files? Should you sell customer information extracted from
transaction processing system to other companies? These are few examples of
the type of decisions you will have to make that have a controversial ethical
dimension. Below are some ethical foundations in information technology.
TECHNOLOGY ETHICS
An important ethical dimension deals specifically with the ethics of the use of any form of technology. Below are the four principles of technology ethics.
Proportionality: The good achieved by the technology must outweigh
the harm of risk. Moreover, there must be no alternative that achieves the same or comparable benefits with less harm or risk.
Informed Consent: Those affected by the technology should understand
and accept the risks.
Justice: The benefits and burdens of the technology should be distributed fairly. Those who benefit should bear their fair share of the risks, and those who do not benefit should not suffer a significant increase in risk.
Minimized Risk: Even if judged acceptable by the other three guidelines, the technology must be implemented so as to avoid all unnecessary risk.
These principles can serve as basic ethical requirements that companies should
meet to help ensure the ethical implementation of information technologies
and information system in business.
Zahid Nazir
Roll No. 523655
5
One common example of technology ethics involves some of the health risks of
using computer workstations for extended periods in high volume data entry
job positions. Many organizations display ethical behavior by scheduling work
breaks and limiting the CRT exposure of data entry workers to minimize their
risk of developing a variety of work related health disorders, such as hand
injuries and overexposure to CRT radiation.
ETHICAL GUIDELINES
We have discussed few ethical principles that can serve as the basis for ethical
conduct by managers, end users and IS professionals. But what more specific
guidelines might help ethical use 0f information technology? Many companies
and organizations answer that question today with detailed policies for ethical
computer and internet usage by their employees. For example, most policies
specify that company computer workstations and networks are company
resources that must be used only for work related uses, whether using internal
networks or the internet.
Another way to answer this question is to examine statements of
responsibilities contained in codes of professional conduct for IS professionals.
A good example is the code of professional conduct of the Association of
Information Technology Professionals (AITP), an organization of professionals
in the computing field. Its code of conduct outlines the ethical considerations
inherent in the major responsibilities of an IS professional. Below is a portion
of AITP code of conduct.
AITP Standards 0f Professional Conduct
In recognition of my obligation to my employer I shall:
� Avoid conflicts of interest and ensure that my employer is aware of any potential conflicts.
� Protect the privacy and confidentiality of all information entrusted to me.
� Not misrepresent or withhold information that is germane to the situation.
� Not attempt to use the resources of my employer for personal gain or for any purpose without proper approval.
Zahid Nazir
Roll No. 523655
6
� Not exploit the weakness of a computer system for personal gain or personal satisfaction.
In recognition of my obligation to society I shall:
� Use my skill and knowledge to inform the public in all areas of my expertise.
� To the best of my ability, ensure that the products of my work are used in a socially responsible way.
� Support, respect and abide by the appropriate local, state, provincial and federal laws.
� Never misrepresent or withhold information that is germane to a problem or a situation of public concern, nor I will allow any such known information to remain unchallenged.
� Not use knowledge of a confidential or personal nature in any unauthorized manner to achieve personal gain.
Business and IT professionals would live up to their ethical responsibilities by
voluntarily following such guidelines. For example, one can be a responsible
professional by
1. Acting with integrity
2. Increasing your professional competence
3. Setting high standards of personal performance
4. Accepting responsibility for your work
5. Advancing the health, privacy and general welfare of the public.
Then one would be demonstrating ethical conduct, avoiding computer crime
and increasing the security of any information system one develop or use.
Computer crime or Cybercrime is becoming one of the Net’s growth
businesses. Today criminals are doing everything from stealing intellectual
property and committing fraud to unleashing viruses and committing acts of
cyber terrorism.
Cyber Crime is a growing threat to society caused by the criminal or
irresponsible actions of individuals who are taking advantage of the
widespread use and vulnerability of computers and the internet and other
Zahid Nazir
Roll No. 523655
7
networks. It thus presents a major challenge to the ethical use of information
technologies. Computer crime poses serious threats to the integrity, safety and
survival of most business systems, and thus makes the development of
effective security methods a top priority.
CYBER CRIME
“Cybercrimes are generally defined as any type of illegal activity that
makes use of the Internet, a private or public network, or an in-house
computer system.”
Cyber Crime has been an artifact of computer systems for a number of
decades. However, the phenomenon of Cyber Crime did not truly come into
being until the advent of the computer network. Information moving from
across physical distances was much easier to intercept than that on a
standalone system. Moreover, attaching a system to a network provided
would-be criminals an access point into other vulnerable systems attached to
the same network. But even in the early days of networked computing, Cyber
Crime was rare. The relative rarity of computers, combined with the highly
specialized knowledge needed to use them prevented widespread abuse. The
Cyber Crime problem emerged and grew as computing became easier and
less expensive.
The internet is growing rapidly. It has given rise to new opportunities in every
field we can think of – be it entertainment, business, sports or education.
There are two sides to a coin. Internet also has its own disadvantages. One of
the major disadvantages is Cyber Crime – illegal activity committed on the
internet. The internet, along with its advantages, has also exposed us to
security risks that come with connecting to a large network. Computers today
are being misused for illegal activities like e-mail espionage, credit card fraud,
spam’s, software piracy and so on, which invade our privacy and offend our
senses. Criminal activities in the cyberspace are on the rise.
Zahid Nazir
Roll No. 523655
8
Different definitions of Cyber Crime are:
Computer Crime is defined by the Association of Information Technology
Professionals (AITP) as
� The unauthorized use, access, modification, and destruction
of hardware, software, data, or network resources
� The unauthorized release of information
� The unauthorized copying of software
� Denying an end user access to his or her own hardware,
software, data, or network resources
� Using or conspiring to use computer or network resources
illegally to obtain information or tangible property
A simple yet sturdy definition of Cyber Crime would be “unlawful acts
wherein the computer is either a tool or a target or both”. Defining
Cyber Crime, as “acts that are punishable by the Information
Technology Act 2000” would be unsuitable as the Indian Penal Code also
covers many cyber crimes, such as e-mail spoofing, cyber defamation etc.
Although the term Cyber Crime is usually restricted to describing criminal
activity in which the computer or network is an essential part of the
crime, this term is also used to include traditional crimes in which
computers or networks are used to enable the illicit activity.
Source: Wikipedia
Cyber Crime is the latest and perhaps the most complicated problem in
the cyber world. “Cyber Crime may be said to be those species, of which,
genus is the conventional crime, and where either the computer is an
object or subject of the conduct constituting crime”
Source Parthasarathi Pati, an author
Zahid Nazir
Roll No. 523655
9
“Any criminal activity that uses a computer either as an instrumentality,
target or a means for perpetuating further crimes comes within the
ambit of Cyber Crime”.
A generalized definition of Cyber Crime may be “ unlawful acts wherein
the computer is either a tool or target or both”
Source Duggal Pawan, an author
All crimes performed or resorted to by abuse of electronic media or
otherwise, with the purpose of influencing the functioning of computer
or computer system. In short
COMPUTER CRIME is any crime where –
• Computer is a target.
• Computer is a tool of crime
• Computer is incidental to crime
Why learn about CYBER CRIME ?
Because
� Everybody is using COMPUTERS.
� From white collar criminals to terrorist organizations and
from Teenagers to Adults
� Conventional crimes like Forgery, extortion, kidnapping etc.
are being committed with the help of computers
� New generation is growing up with computers
� MOST IMPORTANT - Monetary transactions are moving on
to the IINTERNET
Zahid Nazir
Roll No. 523655
10
Who commits a Cyber Crime?
There is a growing convergence of technically savvy computer crackers with
financially motivated criminals. Historically, most computer crime on the
Internet has not been financially motivated: it was the result of either curious
or malicious technical attackers, called crackers. This changed as the Internet
became more commercialized. Financially motivated actors, spammers and
fraudsters, soon joined crackers to exploit this new potential goldmine. Cyber
Criminals have fully adopted the techniques of crackers and malicious code
authors. These are financially motivated people, who pursue their goals
considerably more aggressively than an average cracker. They have the
monetary means to buy the required expertise to develop very sophisticated
tools to accomplish their goals of spamming and scamming the public.
The perpetrators of these attacks vary considerably. At the low end are script
kiddies, who are usually unsophisticated users that download malicious
software from hacker web sites and follow the posted instructions to execute
an attack on some target. These attacks are often only annoyance attacks, but
they can be more severe. At the next level are hackers who are trying to prove
to their peers or to the world that they can compromise a specific system, such
as a government web site. Next are insiders, who are legitimate users of a
system that either access information that they should not have access to or
damage the system or data because they are disgruntled. Insiders are often
less knowledgeable then hackers, but they are often more dangerous because
they have legal access to resources that the hackers need to access illegally.
Next are organizational level attacks. In this case, the organization’s resources
are used to get information illegally or to cause damage or deny access to
other organizations to further the attacking organization’s gain. These can be
legitimate organizations, such as two companies bidding on the same contract
where one wants to know the other’s bid in order to make a better offer. They
could also be criminal organizations that are committing fraud or some other
illegal activity. At the highest level is the nation state that is trying to spy on or
Zahid Nazir
Roll No. 523655
11
cause damage to another state. This level used to be called “national lab”
attackers, because the attackers have a substantial amount of resources at
their disposal, comparable to those that are available to researchers at a
national lab, such as Los Alamos Laboratory or Lawrence Livermore
Laboratory. After the September 11, 2001 terrorist attacks on the World Trade
Center, the idea of nation state level cyber attacks being carried out by
terrorists became a big concern.
Who can be typically expected to indulge in a Cyber Crime?
Insiders Disgruntled employees and ex-employees, spouses,
lovers
Hackers Crack into networks with malicious intent
Virus Writers Pose serious threats to networks and systems
worldwide
Foreign Intelligence: -
�Use cyber tools as part of their services �For espionage activities �Can pose the biggest threat to the security of
another country
Terrorists Use to formulate plans, to raise funds, propaganda
Cyber Criminals can also be classified as follows:
Children and adolescents between the age group of 6 – 18 years:
The simple reason for this type of delinquent behavior pattern in children is
seen mostly due to the inquisitiveness to know and explore the things. Other
cognate reason may be to prove themselves to be outstanding amongst other
children in their group. Further the reasons may be psychological even.
Organized hackers:
These kinds of hackers are mostly organized together to fulfill certain
objective. The reason may be to fulfill their political bias, fundamentalism, etc.
The NASA as well as the Microsoft sites is always under attack by the hackers.
Zahid Nazir
Roll No. 523655
12
Professional hackers / crackers:
Their work is motivated by the color of money. These kinds of hackers are
mostly employed to hack the site of the rivals and get credible, reliable and
valuable information. Further they are even employed to crack the system of
the employer basically as a measure to make it safer by detecting the
loopholes.
Discontented employees:
This group include those people who have been either sacked by their
employer or are dissatisfied with their employer. To avenge they normally hack
the system of their employee.
TYPES OF CYBER CRIME
Computer crime is a multi-billion dollar problem. Our Law enforcement must
seek ways to keep the drawbacks from overshadowing the great promise of
the computer age. Cyber Crime is a menace that has to be tackled effectively
not only by the official but also by the users by co-operating with the law. The
founding fathers of internet wanted it to be a boon to the whole world and it is
upon us to keep this tool of modernization as a boon and not make it a bane to
the society.
Cyber Crimes can be divided into 3 major categories:
� Cybercrimes against Persons.
� Cybercrimes against Property.
� Cybercrimes against Government.
Cyber Crimes against Persons
Also known as Cyber harassment is a distinct Cyber Crime. Various kinds of
harassment can and do occur in cyberspace, or through the use of cyberspace.
Zahid Nazir
Roll No. 523655
13
Harassment can be sexual, racial, religious, or other. Persons perpetuating
such harassment are also guilty of Cyber Crimes.
Cyber Crimes against Property
Cyber-crimes is that of Cybercrimes against all forms of property. These crimes include computer vandalism (destruction of others' property), transmission of harmful programs.
Cyber Crimes against Government
Also known as Cyber terrorism is one distinct kind of crime in this category.
The growth of internet has shown that the medium of Cyberspace is being
used by individuals and groups to threaten the international governments as
also to terrorize the citizens of a country. This crime manifests itself into
terrorism when an individual "cracks" into a government or military maintained
website.
Different types of cyber crime are:
• Hacking
• Denial of service attack
• Virus Dissemination
• Software Piracy
• Pornography
• IRC Crime
• Credit Card Fraud
• Phishing
• Spoofing
• Cyber Stalking
• Cyber Defamation
• Threatening
• Salami Attack
• Net Extortion
HACKING
“Hacking in simple terms means illegal intrusion into a computer system without
the permission of the computer owner/user.”
Zahid Nazir
Roll No. 523655
14
A hacker is a person who breaks codes and passwords to gain unauthorized
entry to computer systems. For hackers, the challenge of breaking the codes is
irresistible and so precautions have to be taken.
Computers that are not connected to the internet or to a wider network are
usually safe. Computers which form part of networks or those with external
links, such as attached modems, are a potential target.
Many hackers often have no specific fraudulent intent, but just enjoy the
challenge of breaking into a system. Company websites are an attractive target
for ‘cyber-vandals’ who change words around, add pictures or add their own
slogans to deface the sites.
In some instances the hacker's purpose could be to commit fraud, to steal
commercially valuable data or to damage or delete the data in order to harm
the company. It is often carried out by corrupt employees or those with a
grudge. They may have insider knowledge of passwords and User IDs which
makes it easy for them.
How can it affect Business? The extent of hacking is difficult to assess as much of it is only discovered by
accident but the effects can vary greatly. The purpose could be to steal
sensitive data or to cause disruption to your business. There have been
numerous high profile cases of hacking some including the recent admission
from the Pentagon’s Chief Information Officer that the US Department of
Defense has been hacked on many occasions.
Zahid Nazir
Roll No. 523655
15
TKMAXX, a large company trading online, were the recent victim of a hacker.
The retail outlet’s servers were accessed by hackers who then stole
approximately 45 million customers’ credit card details. Although the company
has argued that 75% of the details stolen were of no use to the criminals, that
still leaves 11 million that were. The knock on effect of the incident apart from
the money lost is the damage caused to the reputation of the company which
may be more costly than the money lost through the criminals hacking.
In addition to client information, hackers can also steal your information on
suppliers, costing and contact details so apart from the criminal gangs stealing
data there is also the possibility of corporate sabotage.
An attack could originate internally. Your company payroll details and other HR
information could be valuable and damaging information if in the wrong hands.
DENIAL OF SERVICE ATTACK
Action(s) which prevent any part of an AIS from functioning in accordance with
its intended purpose Result of any action or series of actions that prevents any
part of an information system from functioning.
An attack that consumes the resources on your computer for things it was not
intended to be doing, thus preventing normal use of your network.
An attack on a network designed to render it - or an Internet resource -
unavailable. The target may be an organization’s e-mail services or its website
Denial of service is an attack on a site or service that overwhelms a Web site's
servers with requests or messages, thus preventing users making legitimate
requests.
A malicious attack on a computer or computer network that can take various
forms. The targeted computer network is overwhelmed with massive amounts
Zahid Nazir
Roll No. 523655
16
of useless traffic that can bring the network down. Some forms of attack have
special names such as The Ping Of Death and Teardrops.
This is an act by the criminal, who floods the bandwidth of the victim’s network
or fills his e-mail box with spam mail depriving him of the services he is entitled
to access or provide.
VIRUS DISSEMINATION
A computer virus is software or coding written for the sole purpose of infecting
a computer. The effects can range from the irritating but harmless, such as
humorous text or pictures being displayed on your monitor to the more
malicious sort that will delete all of the files on your hard disk. It is these types
of virus that can have the most damaging effects on a business and that is why
it is always necessary to have secure backups of all your data.
The most common method of spreading viruses is via email. Before email
appeared viruses were spread through the sharing of floppy disks. Other
methods such as disks and USB data sticks present a similar threat. However,
infection most commonly occurs through email.
Figure: Effects of a virus
Zahid Nazir
Roll No. 523655
17
Typically, a virus is sent as an attachment to an email and the virus is spread
when the attachment is opened. Often the message is sent to intrigue the
recipient using the ‘RE:’ format to imply the message is a reply. The most
famous example of this was the “I Love You” virus which caused worldwide
disruption. The virus, once opened scanned all your contacts and then sent the
virus to them purporting to come from you. This virus went round the globe in
a matter of hours and unfortunately, many viruses created since then use
similar methods. According to reports there are over 1 million viruses and
malicious codes currently in circulation.
A worm is a little different to a virus in that it is self replicating and does not
need a host medium. A typical virus will spread via email or by an infected file
but a worm can be released on to a computer and will spread via network
connections, within an office, to within a business, across a multinational
network and across the whole internet. It’s the same as a virus in that its aim is
to infect your computer and execute tasks which can range from humorous to
malicious damage.
How can it affect Business? � The affects to your business from a virus or worm infection could range
from mildly annoying to extremely damaging. Hard drives can be
completely wiped, in effect leaving a business with no option but to
close. In this case a backup of your company information would be
invaluable.
� A business being forced to close is the extreme case but the downtime
caused by infected equipment can cause setbacks and lost revenue
through the disruption
� A virus may access your email address lists and send embarrassing or
offensive messages to clients and contacts, the effects of which could be
severe embarrassment and loss of all trade. This may also result in your
Internet Service Provider (ISP) blocking email that you send, including
legitimate mail.
Zahid Nazir
Roll No. 523655
18
SOFTWARE PIRACY
� Theft of software through the illegal copying of genuine programs or the
counterfeiting and distribution of products intended to pass for the
original.
� Retail revenue losses worldwide are ever increasing due to this crime
� Can be done in various ways-
End user copying, Hard disk loading, Counterfeiting, Illegal downloads
from the internet etc.
PORNOGRAPHY
� Pornography is the first consistently successful ecommerce product.
� Deceptive marketing tactics and mouse trapping technologies
Pornography encourage customers to access their websites.
� Anybody including children can log on to the internet and access
websites with pornographic contents with a click of a mouse.
� Publishing, transmitting any material in electronic form which is
lascivious or appeals to the prurient interest is an offence under the
provisions of I.T. Act.
� Pedophiles: Pedophilia, or sexual attraction to children by an adult, is a sickness that does not discriminate by race, class, or age. The internet allows Pedophiles i.e.
� Instant access to other predators worldwide;
� Open discussion of their sexual desires; ways to lure victims;
Zahid Nazir
Roll No. 523655
19
� Mutual support of their adult child sex philosophies;
� Instant access to potential child victims worldwide;
� Disguised identities for approaching children, even to the point of
presenting as a member of teen groups;
� Ready access to "teen chat rooms" to find out how and why to target as
potential victims;
� Shared ideas about Means to identify and track down home contact
information;
� Ability to build a long-term "Internet" relationship with a potential victim,
prior to attempting to engage the child in physical contact.
IRC CRIME
Internet Relay Chat (IRC) is a form of real-time Internet Online chat or
synchronous conferencing. It is mainly designed for group communication in
discussion forums called channels, but also allows one-to-one communication
via private message, as well as chat and data transfers via Direct Client-to-
Client.
Internet Relay Chat (IRC) servers have chat rooms in which people from
anywhere the world can come together and chat with each other.
� Criminals use it for meeting coconspirators.
� Hackers use it for discussing their exploits / sharing the techniques
� Pedophiles use chat rooms to allure small children
� Cyber Stalking - In order to harass a woman her telephone number is
given to others as if she wants to befriend males
CREDIT CARD FRAUD
Credit card fraud is a wide-ranging term for theft and fraud committed using a
credit card or any similar payment mechanism as a fraudulent source of funds
Zahid Nazir
Roll No. 523655
20
in a transaction. The purpose may be to obtain goods without paying, or to
obtain unauthorized funds from an account. Credit card fraud is also an adjunct
to identity theft.
There are two types of fraud within the identity theft category, application
fraud and account takeover. Application fraud occurs when criminals use
stolen or fake documents to open an account in someone else's name.
Criminals may try to steal documents such as utility bills and bank statements
to build up useful personal information. Alternatively, they may create
counterfeit documents.
Account takeover involves a criminal trying to take over another person's
account, first by gathering information about the intended victim, then
contacting their bank or credit issuer — masquerading as the genuine
cardholder — asking for mail to be redirected to a new address. The criminal
then reports the card lost and asks for a replacement to be sent. The
replacement card is then used fraudulently.
Some merchants added a new practice to protect consumers and self
reputation, where they ask the buyer to send a copy of the physical card and
statement to ensure the legitimate usage of a card.
Skimming is the theft of credit card information used in an otherwise
legitimate transaction. It is typically an "inside job" by a dishonest employee of
a legitimate merchant, and can be as simple as photocopying of receipts.
Common scenarios for skimming are restaurants or bars where the skimmer
has possession of the victim's credit card out of their immediate view. The
skimmer will typically use a small keypad to unobtrusively transcribe the 3 or 4
digit Card Security Code which is not present on the magnetic strip.
Zahid Nazir
Roll No. 523655
21
Credit Card Skimmer
PHISHING
Phishing is a form of Identity Theft that involves sending out emails
indiscriminately which act as ‘bait’ and they then see how many unsuspecting
users they can ‘hook’. Attacks are those that use spoof emails and fraudulent
websites to trick people into giving out personal financial data. Phishers hijack
brand names of banks, web retailers and credit card companies and send out
wave after wave of emails that ask the recipient to click on a link to update
their details on what turns out to be a fake website. The message appears to
be credible because the email and related website often incorporate the
company logo making them look identical to the email or website
communications of the legitimate company.
The majority of phishing emails are sent by computers covertly controlled by
criminals.
How can it affect Business?
The criminal can then use that sensitive information to steal what may be in the
account, sign up for credit cards, take out loans or sell your personal
information on the black market. The potential damage caused by a successful
phishing attempt could be enough to force the closure of the business.
Zahid Nazir
Roll No. 523655
22
You may also need to consider the potential effects of your company being
mimicked in emails sent out to your clients and customers, however if you do
not trade online or take confidential information via the internet, then your
clients would find it strange you should ask for personal details.
You should also be aware that apart from the danger of disclosing personal
information, bogus emails may also contain malware scripts that execute as
soon as the email is opened. If you do access a phishing site, you will be
vulnerable to drive by downloads of malicious code which will bypass any
firewall as you have effectively ‘trusted’ the website.
Figure: An example of a recent phishing attempt (The request to follow the link
to confirm bank details indicates the email is a scam – banks will never request this!)
Zahid Nazir
Roll No. 523655
23
SPOOFING
The word "spoof" means to hoax, trick, or deceive. Therefore, in the IT world,
spoofing refers tricking or deceiving computer systems or other computer
users. This is typically done by hiding one's identity or faking the identity of
another user on the Internet.
Spoofing can take place on the Internet in several different ways. One common
method is through e-mail. E-mail spoofing involves sending messages from a
bogus e-mail address or faking the e-mail address of another user. Fortunately,
most e-mail servers have security features that prevent unauthorized users
from sending messages. However, spammers often send spam messages from
their own SMTP, which allows them to use fake e-mail addresses. Therefore, it
is possible to receive e-mail from an address that is not the actual address of
the person sending the message.
Another way spoofing takes place on the Internet is via IP spoofing. This
involves masking the IP address of a certain computer system. By hiding or
faking a computer's IP address, it is difficult for other systems to determine
where the computer is transmitting data from. Because IP spoofing makes it
difficult to track the source of a transmission, it is often used in denial-of-
service attacks that overload a server. This may cause the server to either crash
or become unresponsive to legitimate requests. Fortunately, software security
systems have been developed that can identify denial-of-service attacks and
block their transmissions.
Finally, spoofing can be done by simply faking an identity, such as an online
username. For example, when posting on an Web discussion board, a user may
pretend he is the representative for a certain company, when he actually has
no association with the organization. In online chat rooms, users may fake their
age, gender, and location.
Zahid Nazir
Roll No. 523655
24
While the Internet is a great place to communicate with others, it can also be
an easy place to fake an identity. Therefore, always make sure you know who
you are communicating with before giving out private information.
CYBER STALKING
Cyber stalking is a crime in which the attacker harasses a victim using electronic
communication, such as e-mail or instant messaging (IM), or messages posted
to a Web site or a discussion group. A cyber stalker relies upon the anonymity
afforded by the Internet to allow them to stalk their victim without being
detected. Cyber stalking messages differ from ordinary spam in that a cyber
stalker targets a specific victim with often threatening messages, while the
spammer targets a multitude of recipients with simply annoying messages.
Corporate cyber stalking, an organization stalks an individual. Corporate cyber
stalking (which is not the same thing as corporate monitoring of e-mail) is
usually initiated by a high-ranking company official with a grudge, but may be
conducted by any number of employees within the organization. Less
frequently, corporate cyber stalking involves an individual stalking a
corporation.
CYBER DEFAMATION
Any derogatory statement, which is designed to injure a person's business or
reputation, constitutes cyber defamation. Defamation can be accomplished as
libel or slander. Cyber defamation occurs when defamation takes place with
the help of computers and / or the Internet. E.g. someone publishes
defamatory matter about someone on a website or sends e-mails containing
defamatory information to all of that person's friends.
THREATENING
The Criminal sends threatening email or comes in contact in chat rooms with
victim. (Any one disgruntled may do this against boss, friend or official)
Zahid Nazir
Roll No. 523655
25
SALAMI ATTACKS
This is basically related to finance and therefore the main victims of this crime
are the financial institutions. This attack has a unique quality that the alteration
is so insignificant that in a single case it would go completely unnoticed. E.g. a
bank employee inserts a programme whereby a meager sum of Rs 3 is
deducted from random customer’s account periodically and transferred to a
specific account for personal gains. Such a small amount will not be noticeable
at all.
NET EXTORTION
Copying the company’s confidential data in order to extort said company for
huge amount.
PRIVACY ISSUES
Information Technology makes it technically and economically feasible to
collect, store, integrate, interchange and retrieve data and information quickly
and easily. This characteristic has an important beneficial effect on the
efficiency and effectiveness of computer based information systems. However
the power of information technology to store and retrieve information can
have a negative effect on the right to privacy of every individual. For example
confidential email messages by employees are monitored by many companies.
Personal information is being collected about individuals every time they visit a
site on the World Wide Web. Confidential information on individuals contained
in centralized computer database by credit bureaus, government agencies, and
private business firms has been stolen or misused, resulting in invasion of
privacy, fraud and other injustice. The unauthorized use of such information
has seriously damaged the privacy of individuals. Errors in such database could
seriously hurt the credit standing or reputation of an individual.
Zahid Nazir
Roll No. 523655
26
Important privacy issues are being debated in business and government, as
internet technologies accelerate the ubiquity of global telecommunication
connections in business and society. For example:
Accessing individual’s private e-mail conversations and computer
records, and collecting and sharing information about individuals gained
from their visits to internet websites and newsgroups (violation of
privacy).
Always knowing where a person is, especially as mobile and paging
services become more closely associated with people rather than places
(computer monitoring).
Using customer information gained from many sources to market
additional business services (computer matching).
Collecting telephone numbers, e-mail addresses, credit card numbers and
other personal information to build individual customer profiles
(unauthorized personal files).
Privacy on the Internet
If one doesn’t take proper precautions, anytime you send an e-mail, access a
web site, post a message to a newsgroup or use the internet for banking and
shopping… whether you are online for business or pleasure, you are
vulnerable to anyone bent on collecting data about you without your
knowledge. Fortunately, by using tools like encryption and anonymous
remailers, and by being selective about the sites you visit and the information
you provide, you can minimize, if not completely eliminate, the risk of your
privacy being violated.
The internet is notorious for giving its users a feeling of anonymity, when in
actuality; they are highly visible and open to violations of their privacy. Most of
the internet, the World Wide Web, e-mail chat and newsgroups are still a wide
open, unsecured electronic frontier, with no touch rules on what information is
personal and private. Information about internet users is captured legitimately
and automatically each time you visit a website or newsgroup and recorded as
a “cookie file” on your hard disk. Then the web site owners or online auditing
Zahid Nazir
Roll No. 523655
27
services like Double Click may sell the information from cookie files and other
records of your internet use to third parties. To make matter worse, much of
the Net and Web are easy targets for the interception or theft by hackers of
private information furnished to websites by internet users.
One can protect its privacy in several ways. For example, sensitive e-mail can be
protected by encryption, if both e-mail parties use compatible encryption
software built into their e-mail programs. News group postings can be made
privately by sending them through anonymous remailers that protect your
identity when you add your comments to a discussion. You can ask your ISP not
to sell your name and personal information to mailing list providers and other
marketers. Finally you can decline to reveal personal data and interests on
online service and website user profile to limit your exposure to electronic
snooping.
Computer Matching
Computer profiling and mistakes in the computer matching of personal data
are other controversial threats to privacy. Individuals have been mistakenly
arrested and jailed and people have been denied credit because their physical
profiles or personal data have been used by profiling software to match them
incorrectly or improperly with the wrong individuals. Another threat is the
unauthorized matching of computerized information about you extracted from
the database of sales transaction processing system and sold to information
brokers or other companies. A more recent threat is the unauthorized
matching and sale of information about you collected from the internet
websites and newsgroups visited. You are then subjected to a barrage of
unsolicited promotional material and sales contacts as well as having your
privacy violated.
Computer Libel and Censorship
The opposite side of the privacy debate is the right of people to know about
matters other may want to keep private (freedom of information), the right of
people to express their opinions about such matters (freedom of speech), and
Zahid Nazir
Roll No. 523655
28
the right of people to publish those opinions (freedom of the press). Some of
the biggest battle grounds in the debate are the bulletin boards, e-mail boxes
and online files of the internet and public information networks such as
America Online and Microsoft network. The weapons being used in this battle
include spamming, flame mail, libel laws and censorship.
Spamming is the indiscriminate sending of unsolicited e-mail messages (spam)
to many internet users. Spamming is the favorite tactic of mass mailers of
unsolicited advertisements, or junk e-mails. Spamming has also been used by
cyber criminals to spread computer viruses or infiltrate many computer
systems.
Flaming is the practice of sending extremely critical, derogatory and often
vulgar e-mail messages (flame mail) or newsgroup postings to other users on
the internet or online services. Flaming is especially prevalent on some of the
internet’s special interest newsgroups.
There have been many incidents of racist or defamatory messages on the Web
that have led to calls for censorship and lawsuits for libel. In addition the
presence of sexually explicit material at many World Wide Web locations has
triggered lawsuits and censorship actions by various groups and governments.
IMPACT OF IT ON EMPLOYMENT
The impact of information technologies on employment is a major ethical
concern and is directly related to the use of computers to achieve automation
of work activities. There can be no doubt that the use of information
technologies has created new jobs and increased productivity, while also
causing a significant reduction in some types of job opportunities. For example,
when computers are used for accounting systems or for the automated control
of machine tools, they are accomplishing tasks formerly performed by many
clerks and machinists. Also jobs created by information technology may require
different types of skills and education than do the jobs that are eliminated.
Therefore, individuals may become unemployed unless they can be retrained
for new positions or new responsibilities.
Zahid Nazir
Roll No. 523655
29
However, there can be no doubt that internet technologies have created a host
of new job opportunities. Many new jobs, including internet web masters, e-
commerce directors, systems analysts and user consultants have been created
to support e-business and e-commerce applications. Additional jobs have been
created because information technologies make possible the production of
complex industrial and technical goods and services that would otherwise be
impossible to produce. Thus jobs have been created by activities that are
heavily dependent on information technology, in such areas as space
exploration, microelectronics technology and telecommunications.
COMPUTER MONITORING
One of the most explosive ethical issue concerning workplace privacy and the
equality of working conditions in business is computer monitoring. That is,
computers are being used to monitor the productivity and behavior of millions
of employees while they work. Supposedly computer monitoring is done so
employers can collect productivity data about their employees to increase the
efficiency and quality of service. However, computer monitoring has been
criticized as unethical because it monitors individuals, not just work, and is
done continually, thus violating workers privacy and personal freedom. For
example, when you call to make a reservation, an airline reservation agent may
be timed on the exact number of seconds he or she took per caller, the time
between calls, and the number and length of breaks taken. In addition your
conversation may also be monitored.
Computer monitoring has been criticized as an invasion of the privacy of
employees because in many cases they do not know that they are being
monitored or don’t know how the information is being used. Critics also say
that an employee’s right of due process may be harmed by the improper use of
collected data to make personal decisions. Since computer monitoring
increases the stress on employees who must work under constant electronic
surveillance, it has also been blamed for causing health problems among
monitored workers. Finally, computer monitoring has been blamed for robbing
workers of the dignity of their work. In effect, computer monitoring creates an
Zahid Nazir
Roll No. 523655
30
“electronic sweatshop” where workers are forced to work at a hectic pace
under poor working conditions.
CHALLEGNES IN WORKING CONDITIONS
Information technology has eliminated monotonous or obnoxious tasks in the
office and the factory that formerly had to be performed by people. For
example, word processing and desktop publishing make producing office
documents a lot easier to do, while robots have taken over repetitive welding
and spray painting jobs in the automotive industry. In many instances, this
allows people to concentrate on more challenging and interesting
assignments, upgrades the skill level of the work to be performed, and creates
challenging jobs requiring highly developed skills in the computer industry and
within computer using organizations. Thus information technology can be said
to upgrade the quality of work because it can upgrade the quality of working
conditions and the content of work activities.
CHALLENGES TO INDIVIDUALITY
A frequent criticism of information systems concerns their negative effect on
the individuality of people. Computer based systems are criticized as
impersonal systems that dehumanize and depersonalize activities that have
been computerized, since they eliminate the human relationship present in
noncomputer systems.
Another aspect of the loss of individuality is the regimentation of the individual
that seems to be required by some computer based systems. These systems do
not seem to possess any flexibility. They demand strict adherence to detailed
procedures if the system is to work. The negative impact of IT on individuality is
reinforced by horror stories that describe how inflexible and uncaring some
organizations with computer based processes are when it comes to rectifying
their own mistakes. Many of us are familiar with stories of how computerized
customer billing and accounting system continued to demand payment and
Zahid Nazir
Roll No. 523655
31
send warning notices to a customer whose account had already been paid,
despite repeated attempts by the customer to have the error corrected.
However, many business applications of IT are designed to minimize
depersonalization and regimentation. For example, many e-commerce systems
are designed to stress personalization and community features to encourage
repeated visits to e-commerce websites. Thus, the widespread use of personal
computers and the internet has dramatically improved the development of
people oriented and personalized information systems.
HEALTH ISSUES
The use of information technology in the workplace raises a variety of health
issues. Heavy use of computers is reportedly causing health problems like job
stress, damaged arm and neck muscles, eye strain, radiation exposure and
even death by computer-caused accidents. For example, computer monitoring
is blamed as a major cause of computer related job stress. Workers, unions and
government officials criticizes computer monitoring as putting so much stress
on employees that leads to health problems. Some of the health issues related
to computer use are:
Eye problems are probably the major problems experienced by
computer users. These include fatigue, blurred vision and dry eyes. These
symptoms are also aggravated by external factors, such as poor lighting,
improperly designed work-stations and viewing the screen up too close.
Other problems are stress, depression and electromagnetic radiation
hazards. Do not forget that it is better to stay away from the back of
monitors, where the electromagnetic field is stronger and against which
walls did not give any protection. The monitor screen surface should be
approximately 18-24 inches away from upper body. It is good to have a
suitable monitor screen without any wave.
Bad posture is enemy number two. Long periods of time at the
computer while blogging, working or reading often leads to pain in the
lumbar region of the back. Neck and shoulder problems also result
Zahid Nazir
Roll No. 523655
32
from poor seating and the poor organization of equipment on the desk
(stretching for the telephone or files etc).
Your hand and wrist ache after working at the computer all day, and
they sometimes start feeling numb. Research in recent years has found
that things like typing and sewing rarely cause carpal tunnel. Wear splints
while you work to keep your wrists from bending too high or low, and
use a keyboard tray or adjust your chair so the keyboard and mouse are
below your elbows and your wrists are level.
High levels of stress can kill you, don’t make mistakes! Highly stressful
workers have a higher risk of developing heart diseases and even cancer.
So make sure that you can manage your stress. Start making something
to reduce it, don’t wait till computer stress will be the main problem in
your life. Taking frequent breaks is an important step in preventing
repetitive computer stress injuries.
ERGONOMICS
Solutions to some of these health problems are based on the science of
ergonomics, also called human factors engineering.
The User/
Operator
The Workstation
and Environment
The Tools
(Computer,
Hardware and
Software
The Tasks (Job
Content and
Context
Biomechanical
Physical
Biomechanical
Anthropometric
Lighting
Work Surface
Furniture
Climate
Software Design
Change Training
Job Satisfaction
Support Systems
Rest Breaks
Shift Work
Management SystemsFig: Ergonomic Factors in the Workplace. Good
ergonomic design considers tools, tasks, the workstation
and Environment.
Zahid Nazir
Roll No. 523655
33
The goal of ergonomics is to design healthy work environments that are safe,
comfortable and pleasant for people to work in, thus increasing employee
morale and productivity. Ergonomics stresses the healthy design of the
workplace, workstations, computers and other machines, and even software
packages. Other health issues may require ergonomic solutions emphasizing
job design, rather than workplace design. For example, this may require
policies providing for work breaks from heavy VDT use every few hours, while
limiting the CRT (cathode ray tubes) exposure of pregnant workers. Ergonomic
job design can also provide more variety in job tasks for those workers who
spend most of their workday at computer workstations.
*************************
Zahid Nazir
Roll No. 523655
34
PRACTICAL STUDY
OF ORGANISATION
GALXOSMITHKLINECOMPANY’S OVERVIEW
At GlaxoSmithKline, we conduct our business with integrity and honesty, and aspire to excellence in all we do. We know our people are vital to the of the business, and encourage everyone to achieve their maximum potential. We offer a competitive benefits package and recognize the need for a healthy balance between work and family life.
GlaxoSmithKline welcomes the talent of people from diversprovide the expertise, dedication and imagination to propel us toward a prosperous future. We look for individuals with daring spirits and inquisitive minds who seek a broad range of opportunities for personal and professional growth, and whose efforts are realized in the improved health of people worldwide.
GlaxoSmithKline is an exciting organization, which offers a variety of career opportunities. Our recruitment process aims to achieve the highest level of candidate care by listening to customer.
35
GALXOSMITHKLINES OVERVIEW
, we conduct our business with integrity and honesty, and aspire to excellence in all we do. We know our people are vital to the of the business, and encourage everyone to achieve their maximum potential. We offer a competitive benefits package and recognize the need for a healthy balance between work and family life.
welcomes the talent of people from diversprovide the expertise, dedication and imagination to propel us toward a prosperous future. We look for individuals with daring spirits and inquisitive minds who seek a broad range of opportunities for personal and professional
whose efforts are realized in the improved health of people
is an exciting organization, which offers a variety of career opportunities. Our recruitment process aims to achieve the highest level of candidate care by listening to your interests, and treating you like a valued
Zahid Nazir
Roll No. 523655
GALXOSMITHKLINE
, we conduct our business with integrity and honesty, and aspire to excellence in all we do. We know our people are vital to the success of the business, and encourage everyone to achieve their maximum potential. We offer a competitive benefits package and recognize the need for a healthy
welcomes the talent of people from diverse backgrounds to provide the expertise, dedication and imagination to propel us toward a prosperous future. We look for individuals with daring spirits and inquisitive minds who seek a broad range of opportunities for personal and professional
whose efforts are realized in the improved health of people
is an exciting organization, which offers a variety of career opportunities. Our recruitment process aims to achieve the highest level of
your interests, and treating you like a valued
The organizational structure of company a model for excellence in the pharmaceutical industry company that represents best practice in every way.
GSK is a company with the size and scale to invest in the tools we need to succeed, and to drive that successorganized as a flexible company, capable of responding quickly to a rapidly changing marketplace. Organized globally to coordinate activities and gain the benefits of size and scale, the company is built on smalunits, dedicated to delivering medicines that relieve the suffering of patients around the world.
The new and innovative model for R&D, the focused structure of our pharmaceutical business throughout the world and the organization of global services such as IT and Procurement are some of the highlights in the approach which will lead our success.
GSK CONSUMER HEALTHC
GlaxoSmithKline is a leader in the worldwide consumer healthcare market. With nearly $6 billion in sales, over markets, the consumer healthcare business brings an added dynamic dimension to GSK.
Operating in the fiercely competitive environment of retail and consumer marketing GlaxoSmithKline Consumer Healthcare brings oral the-counter medicines and nutritional healthcare products to millions of people.
36
BUSINESS UNITS
The organizational structure of GlaxoSmithKline (GSK) is designed to make our company a model for excellence in the pharmaceutical industry company that represents best practice in every way.
is a company with the size and scale to invest in the tools we need to succeed, and to drive that success going forward. To achieve that goal, GSK is organized as a flexible company, capable of responding quickly to a rapidly changing marketplace. Organized globally to coordinate activities and gain the benefits of size and scale, the company is built on smaller, customerunits, dedicated to delivering medicines that relieve the suffering of patients
The new and innovative model for R&D, the focused structure of our pharmaceutical business throughout the world and the organization of global services such as IT and Procurement are some of the highlights in the approach which will lead our success.
GSK CONSUMER HEALTHCARE
is a leader in the worldwide consumer healthcare market. With nearly $6 billion in sales, over ten million brands and present in 130 markets, the consumer healthcare business brings an added dynamic
Operating in the fiercely competitive environment of retail and consumer marketing GlaxoSmithKline Consumer Healthcare brings oral
counter medicines and nutritional healthcare products to millions of
Zahid Nazir
Roll No. 523655
is designed to make our company a model for excellence in the pharmaceutical industry - a new
is a company with the size and scale to invest in the tools we need to going forward. To achieve that goal, GSK is
organized as a flexible company, capable of responding quickly to a rapidly changing marketplace. Organized globally to coordinate activities and gain the
ler, customer-focused units, dedicated to delivering medicines that relieve the suffering of patients
The new and innovative model for R&D, the focused structure of our pharmaceutical business throughout the world and the organization of our global services such as IT and Procurement are some of the highlights in the
is a leader in the worldwide consumer healthcare market. ten million brands and present in 130
markets, the consumer healthcare business brings an added dynamic
Operating in the fiercely competitive environment of retail and consumer marketing GlaxoSmithKline Consumer Healthcare brings oral healthcare, over-
counter medicines and nutritional healthcare products to millions of
Brand names such as Panadol, Aquafresh toothpaste, Lucozade, Nicorette and Niquitin smoking cessation products are household names around the world. In one year GSK Consumer Healthcare produces billion tablets to relieve stomach upsets, six billion tablets of pain relief tablets and 600 million tubes of toothpaste.
But the driving force behind is science. With four dedicated consumer healthcare R&D centers and consumer healthcare regulatory affairs, the business takes scientific innovation as seriously as marketing excellence and offers leading
GSK CORPORATE FUNC
The Corporate business unit within leadership, processes, policies, standards and services in the core business areas of Corporate Communications & Global Community Partnerships, Corporate Ethics & Compliance, Finafunctions work individually and in crosscorporate functions and businesses within GSK.
The functions aim to achieve compliance with legal, financial and regulatory frameworks within and motivating GSK people and the communities in which they work. They utilize a responsive business infrastructure shared services approaches Corporate functions count among their audiences; employees, communities, media, governments, analysts, institutions and shareholders worldwide.
37
Brand names such as Panadol, Aquafresh toothpaste, Lucozade, Nicorette and Niquitin smoking cessation products are household names around the world. In
ar GSK Consumer Healthcare produces - among many others billion tablets to relieve stomach upsets, six billion tablets of pain relief tablets and 600 million tubes of toothpaste.
But the driving force behind GlaxoSmithKline's Consumer Healthcare busis science. With four dedicated consumer healthcare R&D centers and consumer healthcare regulatory affairs, the business takes scientific innovation as seriously as marketing excellence and offers leading-edge capability in both.
GSK CORPORATE FUNCTIONS
The Corporate business unit within GlaxoSmithKline, is responsible for leadership, processes, policies, standards and services in the core business areas of Corporate Communications & Global Community Partnerships, Corporate Ethics & Compliance, Finance, Human Resources and Legal. The functions work individually and in cross-functional teams across different corporate functions and businesses within GSK.
The functions aim to achieve compliance with legal, financial and regulatory outside the corporation; protecting, supporting and
motivating GSK people and the communities in which they work. They utilize a responsive business infrastructure - combining account management and shared services approaches - to work with GSK's diverse Corporate functions count among their audiences; employees, communities, media, governments, analysts, institutions and shareholders worldwide.
Zahid Nazir
Roll No. 523655
Brand names such as Panadol, Aquafresh toothpaste, Lucozade, Nicorette and Niquitin smoking cessation products are household names around the world. In
among many others - nine billion tablets to relieve stomach upsets, six billion tablets of pain relief tablets
Consumer Healthcare business is science. With four dedicated consumer healthcare R&D centers and consumer healthcare regulatory affairs, the business takes scientific innovation
edge capability in both.
, is responsible for leadership, processes, policies, standards and services in the core business areas of Corporate Communications & Global Community Partnerships,
nce, Human Resources and Legal. The functional teams across different
The functions aim to achieve compliance with legal, financial and regulatory outside the corporation; protecting, supporting and
motivating GSK people and the communities in which they work. They utilize a combining account management and
to work with GSK's diverse businesses. The Corporate functions count among their audiences; employees, communities, media, governments, analysts, institutions and shareholders worldwide.
GSK INFORMATION TECH
In GSK, Information Technology is a business unit, one that is clos
with all parts of the company, all around the world. It is organized to take best advantage of global scale when that is appropriate, while supporting GSK people and businesses locally so they have the IT tools they need to succeed.
Six IT departments provide core services that are required by each of the business units and by GSK at large. These IT departments are:
• Cross Functional Process Design
changes have a significant, positive impact on the performance of the business processes.
• Global eBusiness - Develops GSK's commercial capabilities in eBusiness.• Global Strategy & Applications
ensures the IT architecture is coordinated in concert with business strategies.
• Project and Portfolio Management
projects, manages project issues as they progress and works with project management groups to build skills and capabilities.
• Systems and Communications Services
cost effective, flexible, computing and communications infrastructure required by GSK.
• Risk Management & Security
risks resulting from external or internal use of information technology and computerized information.
IT is supported by six core service teams: Audit, Communications, Finance & Alliances, Human Resources, Legal and P
38
GSK INFORMATION TECHNOLOGY
n GSK, Information Technology is a business unit, one that is clos
with all parts of the company, all around the world. It is organized to take best advantage of global scale when that is appropriate, while supporting GSK people and businesses locally so they have the IT tools they need to succeed.
Global capabilities:
Six IT departments provide core services that are required by each of the business units and by GSK at large. These IT departments are:
Cross Functional Process Design - Ensures that all proposed systems changes have a significant, positive impact on the performance of the business processes.
Develops GSK's commercial capabilities in eBusiness.Global Strategy & Applications - Drives the overall IT strategy of GSK and ensures the IT architecture is coordinated in concert with business
Project and Portfolio Management - Builds processes for approving projects, manages project issues as they progress and works with project management groups to build skills and capabilities.Systems and Communications Services - Builds, deploys and operates the cost effective, flexible, computing and communications infrastructure
Risk Management & Security - Identifies and addresses security and other risks resulting from external or internal use of information technology and computerized information.
IT is supported by six core service teams: Audit, Communications, Finance & Alliances, Human Resources, Legal and Procurement.
Zahid Nazir
Roll No. 523655
n GSK, Information Technology is a business unit, one that is closely integrated
with all parts of the company, all around the world. It is organized to take best advantage of global scale when that is appropriate, while supporting GSK people and businesses locally so they have the IT tools they need to succeed.
Six IT departments provide core services that are required by each of the business units and by GSK at large. These IT departments are:
Ensures that all proposed systems changes have a significant, positive impact on the performance of the
Develops GSK's commercial capabilities in eBusiness. Drives the overall IT strategy of GSK and
ensures the IT architecture is coordinated in concert with business
Builds processes for approving projects, manages project issues as they progress and works with the project management groups to build skills and capabilities.
Builds, deploys and operates the cost effective, flexible, computing and communications infrastructure
ifies and addresses security and other risks resulting from external or internal use of information technology
IT is supported by six core service teams: Audit, Communications, Finance &
GLOBAL MANUFACTURING
GSK has 85 manufacturing sites in 37 countries with over 35,000 employees. The sites within the GSK manufacturing network:
� supply products to 191 global markets for GSK� produce over 1,200 different brands� manufacture almost 4 billion packs per year� produce over 28,000 different finished packs per year� supply around 6,900 tons of bulk active each year� manage about 2,000 new product launches globally each year
Production of nutritional products is in excess of 300bottles, 350 million Ribena tetra packs and 20 million Lucozade carbonated cans per year. The annual output of Horlicks is 50 million kilograms, equivalent to about 1,000 million servings. In oral care, the volume of toothpaste manufactured annually exceeds 600 million tubes.
You would be forgiven for thinking that a company the size of GlaxoSmithKline - with over 100,000 employees around the world the bottom line. But the truth is that every member of our organization is equally dedicated to helpiand Do more.
39
GLOBAL MANUFACTURING AND SUPPLY
GSK has 85 manufacturing sites in 37 countries with over 35,000 employees. The sites within the GSK manufacturing network:
supply products to 191 global markets for GSK produce over 1,200 different brands
acture almost 4 billion packs per year produce over 28,000 different finished packs per yearsupply around 6,900 tons of bulk active each yearmanage about 2,000 new product launches globally each year
Production of nutritional products is in excess of 300 million Lucozade/Ribena bottles, 350 million Ribena tetra packs and 20 million Lucozade carbonated cans per year. The annual output of Horlicks is 50 million kilograms, equivalent to about 1,000 million servings. In oral care, the volume of toothpaste
ufactured annually exceeds 600 million tubes.
GSK PHARMACEUTICALS
You would be forgiven for thinking that a company the size of GlaxoSmithKline with over 100,000 employees around the world - is only ever concerned with
the bottom line. But the truth is that every member of our organization is equally dedicated to helping people around the world Live longer, F
Zahid Nazir
Roll No. 523655
AND SUPPLY
GSK has 85 manufacturing sites in 37 countries with over 35,000 employees.
produce over 28,000 different finished packs per year supply around 6,900 tons of bulk active each year manage about 2,000 new product launches globally each year
million Lucozade/Ribena bottles, 350 million Ribena tetra packs and 20 million Lucozade carbonated cans per year. The annual output of Horlicks is 50 million kilograms, equivalent to about 1,000 million servings. In oral care, the volume of toothpaste
You would be forgiven for thinking that a company the size of GlaxoSmithKline is only ever concerned with
the bottom line. But the truth is that every member of our organization is ive longer, Feel better
We have a diverse portfolio of brands, as well as a health pipeline of new exciting compounds. Every year
GlaxoSmithKline invests approx. $5 billion into research and development. GlaxoSmithKline is a leader in four major therapeutic areas central nervous system, respiratory and gastroAnnual Results, GSK had sales of $37.2 billion and profit before tax of 11.1 billion. Pharmaceutical sales accounted 24.8 billion with new products representing 22% of total pharmaceutical sales.
This continued success is achieved by being a responsible leader, committed to working with healthcare professionals, listening to patients and responding to a changing environment.
RESEARCH AND DEVELOP
We live in an exciting moment in the history of biomedical science. Disease is giving up its secrets to the intelligence and dedication of scientists aided by technological marvels that might have been thegeneration ago. We have every reason to believe that ahead of us lies accelerating progress against many of the afflictions of humankind.
At GlaxoSmithKline, scientists in Research and Development are committed to capturing this moment. They bring to it their own very considerable abilities, the resources of a parent company devoted to the scientific enterprise, and the urgency of knowing that their highest purpose is the relief of human suffering. In pursuit of this purposeothers who share their talents, whether as prospective corporate colleagues or as collaborators in industry, academe, and government.
Creating a new medicine is a complex business, costing over $324 miltypically taking between 12 and 15 years. Regulatory hurdles are increasingly stringent, yet escalating costs, medical need and the pressure of competition
40
We have a diverse portfolio of brands, as well as a health pipeline of new exciting compounds. Every year
GlaxoSmithKline invests approx. $5 billion into research and development. GlaxoSmithKline is a leader in four major therapeutic areas central nervous system, respiratory and gastro-intestinal. Based on 2004 Annual Results, GSK had sales of $37.2 billion and profit before tax of 11.1 billion.
es accounted 24.8 billion with new products representing 22% of total pharmaceutical sales.
This continued success is achieved by being a responsible leader, committed to working with healthcare professionals, listening to patients and responding to
ging environment.
RESEARCH AND DEVELOPMENT (R&D)
We live in an exciting moment in the history of biomedical science. Disease is giving up its secrets to the intelligence and dedication of scientists aided by technological marvels that might have been the stuff of science fiction only a generation ago. We have every reason to believe that ahead of us lies accelerating progress against many of the afflictions of humankind.
At GlaxoSmithKline, scientists in Research and Development are committed to this moment. They bring to it their own very considerable abilities,
the resources of a parent company devoted to the scientific enterprise, and the urgency of knowing that their highest purpose is the relief of human suffering. In pursuit of this purpose, they desire to make of GlaxoSmithKline a magnet for others who share their talents, whether as prospective corporate colleagues or as collaborators in industry, academe, and government.
Creating a new medicine is a complex business, costing over $324 miltypically taking between 12 and 15 years. Regulatory hurdles are increasingly stringent, yet escalating costs, medical need and the pressure of competition
Zahid Nazir
Roll No. 523655
We have a diverse portfolio of brands, as well as a health pipeline of new
GlaxoSmithKline invests approx. $5 billion into research and development. GlaxoSmithKline is a leader in four major therapeutic areas - anti infectives,
intestinal. Based on 2004 Annual Results, GSK had sales of $37.2 billion and profit before tax of 11.1 billion.
es accounted 24.8 billion with new products representing
This continued success is achieved by being a responsible leader, committed to working with healthcare professionals, listening to patients and responding to
MENT (R&D)
We live in an exciting moment in the history of biomedical science. Disease is giving up its secrets to the intelligence and dedication of scientists aided by
stuff of science fiction only a generation ago. We have every reason to believe that ahead of us lies accelerating progress against many of the afflictions of humankind.
At GlaxoSmithKline, scientists in Research and Development are committed to this moment. They bring to it their own very considerable abilities,
the resources of a parent company devoted to the scientific enterprise, and the urgency of knowing that their highest purpose is the relief of human suffering.
, they desire to make of GlaxoSmithKline a magnet for others who share their talents, whether as prospective corporate colleagues or
Creating a new medicine is a complex business, costing over $324 million and typically taking between 12 and 15 years. Regulatory hurdles are increasingly stringent, yet escalating costs, medical need and the pressure of competition
demand that the whole process is condensed into as short a time as possible. GSK uses the scale of a huge company to reach its goal of applying science to improve patient health. Equally important is its flexibility, allowing teams of scientists the freedom to take an entrepreneurial approach, and enabling them to move quickly, on the basis of i
Once a compound has been identified as a potential drug candidate, it goes through an exacting, rigorous process to prove that the new drug is both safe and effective. Any potential new project not meeting the criteria at any stage is dropped from the company portfolio to make way for other, more promising candidates.
GSK IN TIME
� Every second, more than 30 doses of vaccines are distributed by GSK worldwide.
� Every minute, more than 1,100 prescriptions are written for GSK products worldwide.
� Every hour, GSK spends more than $450,000 to find new medicines.
� Every day, more than 200 million people around the world use a GSK brand toothbrush or toothpaste.
� Every year, GlaxoSmithKline donates more than $138 million in cash and products
GSK employees are each expected to strive for improvement in these key competencies and align themselves with the supportive behaviors.
Performance with Integrityand individual trustworthiness.
People with Passionwork.
41
demand that the whole process is condensed into as short a time as possible. cale of a huge company to reach its goal of applying science to
improve patient health. Equally important is its flexibility, allowing teams of scientists the freedom to take an entrepreneurial approach, and enabling them to move quickly, on the basis of informed decisions.
Once a compound has been identified as a potential drug candidate, it goes through an exacting, rigorous process to prove that the new drug is both safe and effective. Any potential new project not meeting the criteria at any stage is
opped from the company portfolio to make way for other, more promising
Every second, more than 30 doses of vaccines are distributed by GSK worldwide. Every minute, more than 1,100 prescriptions are written for GSK
worldwide. Every hour, GSK spends more than $450,000 to find new
Every day, more than 200 million people around the world use a GSK brand toothbrush or toothpaste. Every year, GlaxoSmithKline donates more than $138 million in cash and products to communities around the world.
GSK employees are each expected to strive for improvement in these key competencies and align themselves with the supportive behaviors.
Performance with Integrity - Delivering on promises with organizational trustworthiness.
People with Passion - People are enabled and motivated to do their best
Zahid Nazir
Roll No. 523655
demand that the whole process is condensed into as short a time as possible. cale of a huge company to reach its goal of applying science to
improve patient health. Equally important is its flexibility, allowing teams of scientists the freedom to take an entrepreneurial approach, and enabling them
Once a compound has been identified as a potential drug candidate, it goes through an exacting, rigorous process to prove that the new drug is both safe and effective. Any potential new project not meeting the criteria at any stage is
opped from the company portfolio to make way for other, more promising
Every second, more than 30 doses of vaccines are distributed by
Every minute, more than 1,100 prescriptions are written for GSK
Every hour, GSK spends more than $450,000 to find new
Every day, more than 200 million people around the world use a
Every year, GlaxoSmithKline donates more than $138 million in cash
GSK employees are each expected to strive for improvement in these key competencies and align themselves with the supportive behaviors.
Delivering on promises with organizational
People are enabled and motivated to do their best
Zahid Nazir
Roll No. 523655
42
Innovation & Entrepreneurship - Competitive advantage through well-executed ingenuity.
Sense of Urgency - A nimble, focused, resilient and fast-learning organization.
Everyone Committed, Everyone Contributing- All employees have an opportunity to make a meaningful contribution, and to succeed based on merit.
Accountability for Achievement - Clear expectations; focus on the critical few. Performance matters, and will be rewarded.
Alignment with GSK Interests - One team, in single-minded pursuit of our mission, reflecting a common spirit and integrated strategies.
Develop Self and Others - A norm of career-long learning agility across the organization. Employees continuously learn and develop their professional potential. Leaders have key roles as teachers, coaches and champions of development.
WHAT IS DIVERSITY AT GSK?
At GSK, we are committed to creating an inclusive environment for our employees, customers, and stakeholders.
For employees, it means creating an environment where we value and draw on the differing knowledge, perspectives, experiences, and styles resident in our global community.
For customers, it means understanding who they are, what their changing needs are, and how GSK can help them do more, feel better, and live longer.
For stakeholders, it means understanding what they prefer, what they require, and how GSK can work most effectively with them.
What makes GSK a great place to work?
We asked some of our current employees, and here's what they said:
"There are lots of local companies that would welcome someone of my background and experience. Here, I get the added bonus of knowing that I am contributing to better lives around the world"
"The company offers a competitive salary and excellent benefits. If you analyze the whole package, you'll find that most companies can't beat it"
"Through friendly and supportive teams, individual innovation is encouraged and rewarded."
"When you have a project there means things get done"
"It's the people within the company that makes it great"
****************
43
What makes GSK a great place to work?
of our current employees, and here's what they said:
"There are lots of local companies that would welcome someone of my background and experience. Here, I get the added bonus of knowing that I am contributing to better lives around the world"
offers a competitive salary and excellent benefits. If you analyze the whole package, you'll find that most companies can't beat it"
"Through friendly and supportive teams, individual innovation is encouraged and rewarded."
"When you have a project there is a real sense of ownership which means things get done"
"It's the people within the company that makes it great"
****************
Zahid Nazir
Roll No. 523655
of our current employees, and here's what they said:
"There are lots of local companies that would welcome someone of my background and experience. Here, I get the added bonus of knowing that I am contributing to better lives around the world"
offers a competitive salary and excellent benefits. If you analyze the whole package, you'll find that most companies can't beat it"
"Through friendly and supportive teams, individual innovation is
is a real sense of ownership which
"It's the people within the company that makes it great"
Zahid Nazir
Roll No. 523655
44
GALXOSMITHKLINE PAKISTAN LIMITED
Overview
GlaxoSmithKline Pakistan Limited was created on January 1st 2002 through the
merger of SmithKline and French of Pakistan Limited, Beecham Pakistan
(Private) Limited and Glaxo Wellcome (Pakistan) Limited- standing today as the
largest pharmaceutical company in Pakistan
As a leading international pharmaceutical company we make a real difference
to global healthcare and specifically to the developing world. We believe this is
both an ethical imperative and key to business success. Companies that
respond sensitively and with commitment by changing their business practices
to address such challenges will be the leaders of the future. GSK Pakistan
operates mainly in two industry segments: Pharmaceuticals (prescription drugs
and vaccines) and consumer healthcare (over-the-counter- medicines, oral care
and nutritional care).
GSK leads the industry in value, volume and prescription market shares. We are
proud of our consistency and stability in sales, profits and growth. Some of our
key brands include Augmentin, Panadol, Seretide, Betnovate, Zantac and
Calpol in medicine and renowned consumer healthcare brands include Horlicks,
Aquafresh, Macleans and ENO.
In addition, we are also deeply involved with our communities and undertake
various Corporate Social Responsibility initiatives including working with the
National Commission for Human Development (NCHD) for whom we were one
of the largest corporate donors. We consider it our responsibility to nurture the
environment we operate in and persevere to extend our support to our
community in every possible way. GSK participates in year round charitable
activities which include organizing medical camps, supporting welfare
organizations and donating to/sponsoring various developmental concerns and
hospitals. Furthermore, GSK maintains strong partnerships with non-
Zahid Nazir
Roll No. 523655
45
government organizations such as Concern for Children, which is also
extremely involved in the design, implementation and replication of models for
the sustainable development of children with specific emphasis on primary
healthcare and education.
Mission Statement
Excited by the constant search for innovation, we at GSK undertake our quest with the enthusiasm of entrepreneurs. We value performance achieved with integrity. We will attain success as a world class global leader with each and every one of our people contributing with passion and an unmatched sense of urgency.
Our mission is to improve the quality of human life by enabling people to do more, feel better and live longer.
Quality is at the heart of everything we do- from the discovery of a molecule to the development of a medicine.
GSK IT
Sometimes the greatest revolutions in business are the quiet ones. IT at GSK is
leading a quiet revolution that is fundamentally changing the way we use
information. Combining business intelligence and marketing savvy with project
leadership capabilities, we enable the rest of the business to perform the
complex tasks involved in delivering life-enhancing solutions.
Ours is a complex enterprise, involving a computer network that supports over
80,000 internal users and thousands more externally. More specifically, our
employees:
Zahid Nazir
Roll No. 523655
46
� Send 300,000 email and instant messages per day
� Spend 100 million minutes in audio conferencing each year
� Enrol in 40,000 training sessions (mostly online) every month
And that's just for starters - we also enable 30,000 salespeople to call on healthcare professionals every day, and help in the production and delivery of over 4 billion product packs in a single year.
All of this is accomplished thanks to our dedicated team of 3,500 people, based in 68 countries at over 100 sites. Together, we offer the business a rapid response, intellectual integrity, and rigorous accounting of results.
Accordingly, we've created a culture of process management rather than bureaucracy. Here, you'll learn from those around you, developing yourself and others in the process, all the while continually striving to find new and better ways of doing things.
GMS IT MissionOur purposeTo improve GMS performance through optimised IT solutions and services
Our long-term aspirationTo build an enviable reputation for excellence
Our value propositionWe integrate IT and business processes to enable GMS to operate more reliably, faster and at lower cost
Our core values
Integrity
Relationships
Results
Zahid Nazir
Roll No. 523655
47
STRATEGIC ROLE OF IT
Information technology plays three strategic roles in GlaxoSmithKline:
� it facilitates communication and access to information on a global basis.
� it supports key business processes at the local, regional, functional and global levels.
� it enables the transformation and extension of key business activities. SUPPORT FOR THE MERGER PROCESS
Information technology played a key part in providing the planning information
for the merger, much of which was derived from the existing systems in Glaxo
Wellcome and SmithKline Beecham. Of major importance was ensuring that
the new company had the IT systems in place to function effectively as soon as
the merger was complete. From the first day of GlaxoSmithKline, the 80,000
employees in 58 countries with e-mail accounts were able to contact their
colleagues electronically. Employees could also use short codes for dialing
between sites, search on-line phone directories, and access both companies’
intranet sites. Cross-site links to key business applications were provided.
GLOBAL COMMUNICATIONS
The past year has seen major growth in the number of internal websites. These
allow information to be shared across the company on a global basis and are
supported by internal search engines analogous to those used externally on
the Internet. The ability to provide shared access to information has enabled
the growing use of ‘virtual teams’, that work collaboratively, spanning multiple
geographies and time zones, often subject to stringent time constraints.
Information is also exchanged electronically with a broad array of suppliers,
customers and partners. Hence, protection against unauthorized access to key
systems, and the growing risks posed by computer viruses, is a major issue.
Intruder detection software has been added to company firewalls and virus
Zahid Nazir
Roll No. 523655
48
scanning has been implemented at the gateway, server and desktop levels. The
separate approaches adopted by Glaxo Wellcome and SmithKline Beecham are
being integrated in a common standard approach for GlaxoSmithKline.
ENHANCING BUSINESS PERFORMANCE
Virtually all GlaxoSmithKline’s major business processes rely heavily on the use
of information technology. Within R&D in both SmithKline Beecham and Glaxo
Wellcome there have been major programmes to capture key information, at
source, in electronic form and make it available wherever required. As a result
of these efforts, it was possible to make a number of regulatory drug
submissions during the past year solely in electronic form. New drug
submissions can be 50,000 to 250,000 pages in size and the ability to avoid
generating paper submissions gives rise to significant savings in time and cost.
As part of the project to implement standard systems for Manufacturing
Resource Planning in Glaxo Wellcome, eight sites, seven in the UK and one in
Jurong, Singapore, have been supported for the past year from a single
system. Further along the supply chain, SmithKline Beecham introduced
standard enterprise financial and commercial software into 108 locations. The
ability to consolidate mission critical operations in this way reflects the growing
availability and reliability of global data networks and ensures that common
processes and standards are implemented across sites, in addition to providing
lower operating costs.
Both Glaxo Wellcome and SmithKline Beecham have installed major systems in
the USA to analyse commercially available prescribing data. By better
understanding locally of how GlaxoSmithKline’s products are used in the
marketplace, it is possible to target promotional and detailing activities and
measure the market response. Information from these systems is transmitted
electronically to the field sales forces and their responses are then uploaded to
the system. With the growing availability of the required technology and
Zahid Nazir
Roll No. 523655
49
infrastructure, sales force automation systems are being deployed in most
major commercial markets.
TRANSFORMING AND EXTENDING BUSINESS ACTIVITIES
Insights gained from genomics and proteomics are transforming the way that
disease targets are identified and validated. Information generated from a
variety of external sources needs to be integrated with internally generated
information in a rapid and flexible manner that relies heavily on information
technology support. The analysis of these databases also requires significant
amounts of processing power, taking full advantage of advances in computer
technology.
E-BUSINESS
Both Glaxo Wellcome and SmithKline Beecham recognized the growing
importance of e-business and had already put small dedicated teams in place.
Web based interfaces to major customers have been implemented in the USA.
Current projects span a broad range of key audiences including opinion leaders,
healthcare professionals, patients and the public.
IT GUIDELINES FOR GSK EMPLOYEES
GSK has issued guidelines for the acceptable use of IT resources. These
guidelines are outlined below:
GSK Acceptable Use Guidelines
This Guide applies to all telecommunications and computing facilities including,
but not limited to, telephones, desktop and laptop personal computers (PCs),
Personal Digital Assistants, workstations and mainframe computer terminals.
Under each category is the description of acceptable and unacceptable usages
of GSK IT Resources. References to PCs should be taken to include any of the
computing devices you use to perform work for GSK.
Zahid Nazir
Roll No. 523655
50
PHYSICALLY PROTECTING HARDWARE
ACCEPTABLE UNACCEPTABLE
Do log out or lock (CTRL-ALT-DELETE highlight lock computer and hit Enter or Windows Key-L) your PC before you leave it unattended.
Do Not store Confidential Data or Personally Identifiable Information (PII) unencrypted on mobile hardware devices (e.g. laptops, PDAs, USB, etc).
Do log off (CTRL-ALT-DELETE highlight log off and hit Enter) before allowing anyone else to use your computer. Do keep all hardware devices secure when working from home and when travelling on company business.
Do Not label hardware devices in a manner that associates it with GSK.
Do retain backup copies of your information when you do not store it on a file server or shared drive that has a confirmed backup process. If backing up confidential or sensitive personally identifiable data it MUST be encrypted. Do record the make, model and serial number of all hardware devices in case it is lost or stolen. If a hardware device is lost or stolen, report it immediately to Computer Security Incident Response Central, Site Security and/or the police
Do Not connect personal hardware devices to the GSK network.
Do return all hardware, software and media to your local IT support team for secure disposal and be sure to erase all GSK data in accordance with the Data Erasure Standards.
SOFTWARE AND LICENSE MANAGEMENT
ACCEPTABLE UNACCEPTABLE
Do install only IT approved software via the use of the Application Installation Tool (AIT). Please call your local IT Support staff for assistance if necessary.
Do Not install software categorized as hacking, sniffing or peer to peer (P2P) file sharing software, such as Napster, Lime-wire without written approval from Global IT Risk Management.
Do maintain a valid software license for all software.
Do Not install any software on GSK hardware that has not been approved by GSK IT.
Do use free or open source software in compliance with the Free and Open Source Software IT Management Practice.
Zahid Nazir
Roll No. 523655
51
VIRUS / MALWARE
ACCEPTABLE UNACCEPTABLE
Do use caution when selecting websites to visit; this will help to avoid viruses, spyware and adware from being installed by malicious websites.
Do Not open email (including web-mail) attachments you are not expecting.
Do virus check anything prior to downloading, even from a known source, as it may be infected by a virus.
Do Not deliberately disable or prevent installed GSK Security software from running (e.g. firewall, anti-virus, etc.).
Do contact the Help Desk, if you suspect the presence of a virus on your computer.
PROTECTING ACCOUNTS AND PASSWORDS
ACCEPTABLE UNACCEPTABLE
Do manage and use accounts in accordance with the Access Management IT management Practice.
Do Not use easily guessable passwords; including dictionary words (e.g. firetruck, password, superuser etc), sequences based on keyboard layouts (e.g. qwerty), incremental variations on previous Password(s), birthdates, or names of your children.
Do have a password that is at least (7) seven characters long.
Do Not use your privileged account for non-approved functions.
Do choose and use strong passwords (mix letters, numbers and symbols (2g5!d#36lz), or passphrase (e.g. 14U2NV)).
Do Not share/give passwords for user accounts after the initial logon. If a password is disclosed or compromised, reset the password immediately.
Do change all default or initial logon passwords after the first login.
Do Not use your GSK ID and/or password for access to personal or non-GSK Assets (e.g. personal email account). In many cases this information is stored on a server and could be compromised.
Do Log out or Lock (CTRL-ALT-DELETE then Enter) your PC when you leave it unattended to prevent account misuse.
Do change your passwords regularly (e.g. 30 days for privileged accounts / 180 days for non-privileged accounts).
INTERNET, EMAIL, INSTANT MESSAGING AND OTHER SOCIAL MEDIA TOOLS
ACCEPTABLE UNACCEPTABLE
INTRANET/INTERNET ACCESS
Do use caution to ensure each web page
Do Not abuse GSK Internet access.
Zahid Nazir
Roll No. 523655
52
browsed is free from potentially offensive,
obscene, discriminatory or inappropriate
material.
Do ensure all Internet access from a GSK PC is through the GSK network or iPass. Do limit personal use of the Internet. E-MAIL & INSTANT MESSAGING (IM)
Do use secure email for sending content with confidential or Personally Identifiable Information (PII) externally.
Do Not use external Instant Messaging (IM) clients. These clients that have not been approved by IT. These clients are not secured to GSK standards or licensed for use in GSK.
Do consider deleting previous recipient addresses prior to forwarding an email.
Do Not send potentially harassing, inflammatory, or inappropriate content via email.
Do report any inappropriate or harassing email to the Global IT Security mailbox.
Do Not 'Autoforward' your GSK email externally.
Do use caution and good judgment to ensure an email you forward does not contain potentially harassing or inappropriate content.
Do Not abuse any email 'delegate’ access provided to you by another employee. Ensure this delegation is formalized and agreed by both parties. Do Not respond to Phishing activities, or any attempt to acquire sensitive information, such as usernames, passwords and credit card details, by someone masquerading as a trustworthy entity in an electronic communication. If you are in doubt as to the validity of a request, report it as a security incident prior to responding in any way.
OTHER SOCIAL
Do host all internet forums, blogs or wikis using GSK IT Approved Software that provides for monitoring of the content and participation.
Do Not identify yourself as a “GSK person” when posting to external Blogs, Wikis, news groups, message boards, etc. from the GSK network unless specifically authorised.
Do be respectful to the company, employees, customers, partners, and competitors participating in blogs, wikis or internet forums.
Do Not post or transmit any Personally Identifiable Information (PII), GSK confidential or proprietary information via internet forums, wikis or blogs.
Do state that the opinions expressed on non-company sponsored blogs, wikis or internet forums are solely yours and are not necessarily the opinions of GSK. Do retain all electronic records created via an Do Not use external Instant Messaging (IM)
Zahid Nazir
Roll No. 523655
53
internet forum, wiki or blog in compliance with the GSK Records Retention Policy.
to send file transfers, voice or streaming video.
Do use caution when opening hyperlinks received via Instant Messages (IM).
Do Not send any information that associates you or colleagues with GSK when registering with external Instant Messaging (IM) directories.
Do restrict external contact lists to legitimate business contacts.
Do Not save Instant Messaging (IM) chats.
Do comply with copyrights for all communications with external services such as chat-rooms, newsgroups and bulletin boards and carry a disclaimer, unless specifically authorized by GSK. Do contact GSK Corporate Communications immediately if you become aware of misinformation about GSK or its products circulating on external services such as the Internet.
PROTECTING GSK DATA & INFORMATION
ACCEPTABLE UNACCEPTABLE
INFORMATION
Do use approved encryption technology for all confidential data in transit and at rest on mobile computing devices. Contact your local IT Support staff for assistance if necessary.
Do Not store GSK documents on personal equipment such as home PC’s, external hard drives, PDAs or USB devices.
Do whenever possible, store GSK information, on an Itmanaged file server or shared drive.
Do Not forward GSK confidential data outside of the company, including personal email accounts and file upload (e.g., peer-topeer) sites.
Do retain backup copies of your information when you do not store it on a file server or shared drive. If backing up confidential or sensitive personally identifiable data, it MUST be encrypted.
Do Not store sensitive information in a public file share that can be accessed by unauthorized people.
PII (PERSONALITY IDENTIFIABLE)
Do limit access to PII only to employees with
a specific business need.
Do Not store PII on a publicly accessible medium.
Do protect PII from loss, misuse, unauthorized access, disclosure, alteration or destruction.
Do Not transfer sensitive information across borders (e.g. archiving data in US or UK), without ensuring that data privacy
Zahid Nazir
Roll No. 523655
54
Do obtain Data Privacy training (including relevant local laws and regulations), and appropriate oversight and assistance as necessary. For more information, refer to GSK eLearning module “GSK Overview of Privacy of Personally Identifiable Information Policy”
agreements are in place.
RETENTION & DISPOSAL OF MEDIA
Do comply with GSK retention periods for any media, including email and paper record.
Do Not retain data on your PC for longer than specified in GSK’s retention period for that type of data.
Do ensure that information is either transferred to another GSK employee or destroyed to the Data Erasure Standards prior to re-deploying or transferring a computer.
Do Not destroy any information that may be subject to litigation or other record holds apply.
ENCRYPTION
Do encrypt sensitive or confidential data if it needs to be emailed via the internet or mailed on CD to GSK suppliers/customers.
Do Not use encryption technology that has not been approved by GSK IT. Contact your local IT Support staff for assistance if necessary.
Do encrypt sensitive or confidential data backed up to CD or USB’s.
Do encrypt confidential data in transit and at rest on mobile computing devices.
MANAGING VENDOR & THIRD PARTY RELATIONSHIP
ACCEPTABLE UNACCEPTABLE
Do ensure that all appropriate safeguards, such as confidentiality agreements, are in place and the third party is aware that the information being accessed is confidential.
Do Not disclose any details relating to GSK IT Resources without authorization of the information owner.
Do ensure that all computer systems storing GSK information, including those managed by third parties, comply with GSK information security policies and guidelines.
Do Not use any system without complying with the terms and conditions on which access is supplied.
Do document clearly GSK information security expectations in purchasing contracts, and regularly monitor that the security controls are enforced.
Zahid Nazir
Roll No. 523655
55
Do have any contracts with a significant IT asset and dependency reviewed by Legal.
REPORTING OF ISSUES & VIOLATIONS
Do report any suspected security breaches immediately to Computer Security Incident. Computer Security Incident Response Process The Computer Security Incident Response (CSIR) process exists to mitigate risks to GSK’s information assets by ensuring GSK is prepared to address computer related security events in a standardised and efficient manner. The CSIR process is managed by Global IT Security within Global IT Risk Management. All CSIR incidents are handled confidentially– complaints are handled discreetly and information is only shared on a need-to-know basis.
ERGONOMICS
Ergonomics or human factors is concerned about the fit between people and
the things they do, the objects they use, the environments they work, and
travel. GSK is very concerned about the health of their employees. GSK has
developed a website for handling the ergonomics related issues. Objectives to
develop this site are:
� To design jobs to fit people
� Take into account size, strength and ability of a range of users
� Design tasks, workplace and tools to fit the users Benefits
� Efficiency, quality and job satisfaction
Zahid Nazir
Roll No. 523655
56
CONCLUSION
Although information technology has some negative social and ethical impact
but on the other hand it has many more positive impacts. Application of
information technology (IT) can help businesses and governments to:
� Enhance productivity
� Improve efficiency
� Provide better service
� Increase competitiveness
� Reduce costs
� Transform into an e-business/e-government.
Zahid Nazir
Roll No. 523655
57
� Facilitating access to information technology is an important way for
countries to promote economic development and growth.
� Providing market access to IT and IT services will help attract Foreign
Direct Investment (FDI).
� Many countries recognized this when they signed the Information
Technology Agreement (ITA) to eliminate customs duties on IT products,
which increase the cost of this important technology to businesses,
government and consumers.
� IT services enable a business or government to obtain the benefits of
information technology quickly and without making major investments to
purchase, install, and operate its own computer equipment and without
having to hire and retain a full IT staff.
� There is a growing trend for companies to purchase IT services instead of
owning and maintaining their own IT infrastructure, to ensure access to the
latest technology and applications and to concentrate on the operation of
their core business.
� Granting full market access and national treatment to IT services
provides businesses in all industry sectors access to the best information
technology (IT) services from around the world so that they can become
competitive on a global basis.
� Countries may consider creating market access barriers for IT services in
an attempt to protect and foster the development of a domestic IT services
industry. However, this would be counter productive, increasing the cost of
IT services to users while creating a domestic IT services industry that may not
be competitive on a global basis.
********************
Recommended