[ T Y P E T H E C O M P A N Y A D D R E S S ]

ASSIGNMENT 2

MANAGEMENT

INFORMATION

SYSTEM

CYBER CRIME AND

ETHICAL & SOCIAL IMPACT OF

INFORMATION SYSTEMS

ZAHID NAZIR

Roll No. AB523655

MBA Executive

2nd Semester , Spring 2009

A L L A M A I Q B A L O P E N U N I V E R S I T Y , I S L A M A B A D

C O M M O N W E A L T H O F L E A R N I N G E X E C U T I V E M B A P R O G R A M M E

Zahid Nazir

Roll No. 523655

2

ETHICAL AND SOCIAL IMPACT OF INFORMATION SYSTEMS

There is no question that the use of information technology in business

presents major security challenges, poses serious ethical questions, and affect

society in significant way.

The use of information technologies in business has had major impacts on

society and thus raises ethical issues in the areas of crime, privacy, individuality,

employment, health and working conditions.

Business / IT

Security

Ethics

and Society

Privacy

Crime

Working

Conditions

Employment

Health

Individuality

Figure: Important aspects of the security, ethical and societal dimensions of the use of

information technology in business. Remember that information technologies can

support both beneficial and detrimental effects on society in each of the areas

shown.

However it should also realized that information technology has had beneficial

results as well as detrimental effects on society and people in each of these

areas. For example, computerizing a manufacturing process may have the

adverse effect of eliminating people’s jobs, but also have the beneficial result

Zahid Nazir

Roll No. 523655

3

of improving working conditions and producing products of higher quality at

less cost. So job as a manager or business professional should involve

managing your work activities and those of others to minimize the detrimental

effects of business applications of information technology and optimize their

beneficial effects. That would represent an ethically responsible use of

information technology.

Information

&

Technology

Ethical Issues

Social Issues

Political Issues

Individual

Society

Polity

Quality of Life

SystemQuality

Property Rights & Obligations

Information Rights & Obligations

Accountability& Control

The fig. above shows the relationship between ethical, social, and political issues in an information society.

ETHICAL RESPONSIBILITY OF BUSINESS PROFESSIONALS

As a business professional, one has a responsibility to promote ethical use of

information technology in the workplace. Whether one have managerial

responsibilities or not, one should accept the ethical responsibilities that come

with your work activities. That includes properly performing your role as a vital

human resource in the business systems you help to develop and use in your

organization. As a manager or business professional, it will be your

responsibility to make decisions about business activities and the use of

Zahid Nazir

Roll No. 523655

4

information technologies, which may have an ethical dimension that must be

considered.

For example, should you electronically monitor your employee’s work activities

and electronic mail? Should you let employee use their work computers for

private business or take home copies of software for their personal use?

Should you electronically access your employee’s personal records or

workstation files? Should you sell customer information extracted from

transaction processing system to other companies? These are few examples of

the type of decisions you will have to make that have a controversial ethical

dimension. Below are some ethical foundations in information technology.

TECHNOLOGY ETHICS

An important ethical dimension deals specifically with the ethics of the use of any form of technology. Below are the four principles of technology ethics.

Proportionality: The good achieved by the technology must outweigh

the harm of risk. Moreover, there must be no alternative that achieves the same or comparable benefits with less harm or risk.

Informed Consent: Those affected by the technology should understand

and accept the risks.

Justice: The benefits and burdens of the technology should be distributed fairly. Those who benefit should bear their fair share of the risks, and those who do not benefit should not suffer a significant increase in risk.

Minimized Risk: Even if judged acceptable by the other three guidelines, the technology must be implemented so as to avoid all unnecessary risk.

These principles can serve as basic ethical requirements that companies should

meet to help ensure the ethical implementation of information technologies

and information system in business.

Zahid Nazir

Roll No. 523655

5

One common example of technology ethics involves some of the health risks of

using computer workstations for extended periods in high volume data entry

job positions. Many organizations display ethical behavior by scheduling work

breaks and limiting the CRT exposure of data entry workers to minimize their

risk of developing a variety of work related health disorders, such as hand

injuries and overexposure to CRT radiation.

ETHICAL GUIDELINES

We have discussed few ethical principles that can serve as the basis for ethical

conduct by managers, end users and IS professionals. But what more specific

guidelines might help ethical use 0f information technology? Many companies

and organizations answer that question today with detailed policies for ethical

computer and internet usage by their employees. For example, most policies

specify that company computer workstations and networks are company

resources that must be used only for work related uses, whether using internal

networks or the internet.

Another way to answer this question is to examine statements of

responsibilities contained in codes of professional conduct for IS professionals.

A good example is the code of professional conduct of the Association of

Information Technology Professionals (AITP), an organization of professionals

in the computing field. Its code of conduct outlines the ethical considerations

inherent in the major responsibilities of an IS professional. Below is a portion

of AITP code of conduct.

AITP Standards 0f Professional Conduct

In recognition of my obligation to my employer I shall:

� Avoid conflicts of interest and ensure that my employer is aware of any potential conflicts.

� Protect the privacy and confidentiality of all information entrusted to me.

� Not misrepresent or withhold information that is germane to the situation.

� Not attempt to use the resources of my employer for personal gain or for any purpose without proper approval.

Zahid Nazir

Roll No. 523655

6

� Not exploit the weakness of a computer system for personal gain or personal satisfaction.

In recognition of my obligation to society I shall:

� Use my skill and knowledge to inform the public in all areas of my expertise.

� To the best of my ability, ensure that the products of my work are used in a socially responsible way.

� Support, respect and abide by the appropriate local, state, provincial and federal laws.

� Never misrepresent or withhold information that is germane to a problem or a situation of public concern, nor I will allow any such known information to remain unchallenged.

� Not use knowledge of a confidential or personal nature in any unauthorized manner to achieve personal gain.

Business and IT professionals would live up to their ethical responsibilities by

voluntarily following such guidelines. For example, one can be a responsible

professional by

1. Acting with integrity

2. Increasing your professional competence

3. Setting high standards of personal performance

4. Accepting responsibility for your work

5. Advancing the health, privacy and general welfare of the public.

Then one would be demonstrating ethical conduct, avoiding computer crime

and increasing the security of any information system one develop or use.

Computer crime or Cybercrime is becoming one of the Net’s growth

businesses. Today criminals are doing everything from stealing intellectual

property and committing fraud to unleashing viruses and committing acts of

cyber terrorism.

Cyber Crime is a growing threat to society caused by the criminal or

irresponsible actions of individuals who are taking advantage of the

widespread use and vulnerability of computers and the internet and other

Zahid Nazir

Roll No. 523655

7

networks. It thus presents a major challenge to the ethical use of information

technologies. Computer crime poses serious threats to the integrity, safety and

survival of most business systems, and thus makes the development of

effective security methods a top priority.

CYBER CRIME

“Cybercrimes are generally defined as any type of illegal activity that

makes use of the Internet, a private or public network, or an in-house

computer system.”

Cyber Crime has been an artifact of computer systems for a number of

decades. However, the phenomenon of Cyber Crime did not truly come into

being until the advent of the computer network. Information moving from

across physical distances was much easier to intercept than that on a

standalone system. Moreover, attaching a system to a network provided

would-be criminals an access point into other vulnerable systems attached to

the same network. But even in the early days of networked computing, Cyber

Crime was rare. The relative rarity of computers, combined with the highly

specialized knowledge needed to use them prevented widespread abuse. The

Cyber Crime problem emerged and grew as computing became easier and

less expensive.

The internet is growing rapidly. It has given rise to new opportunities in every

field we can think of – be it entertainment, business, sports or education.

There are two sides to a coin. Internet also has its own disadvantages. One of

the major disadvantages is Cyber Crime – illegal activity committed on the

internet. The internet, along with its advantages, has also exposed us to

security risks that come with connecting to a large network. Computers today

are being misused for illegal activities like e-mail espionage, credit card fraud,

spam’s, software piracy and so on, which invade our privacy and offend our

senses. Criminal activities in the cyberspace are on the rise.

Zahid Nazir

Roll No. 523655

8

Different definitions of Cyber Crime are:

Computer Crime is defined by the Association of Information Technology

Professionals (AITP) as

� The unauthorized use, access, modification, and destruction

of hardware, software, data, or network resources

� The unauthorized release of information

� The unauthorized copying of software

� Denying an end user access to his or her own hardware,

software, data, or network resources

� Using or conspiring to use computer or network resources

illegally to obtain information or tangible property

A simple yet sturdy definition of Cyber Crime would be “unlawful acts

wherein the computer is either a tool or a target or both”. Defining

Cyber Crime, as “acts that are punishable by the Information

Technology Act 2000” would be unsuitable as the Indian Penal Code also

covers many cyber crimes, such as e-mail spoofing, cyber defamation etc.

Although the term Cyber Crime is usually restricted to describing criminal

activity in which the computer or network is an essential part of the

crime, this term is also used to include traditional crimes in which

computers or networks are used to enable the illicit activity.

Source: Wikipedia

Cyber Crime is the latest and perhaps the most complicated problem in

the cyber world. “Cyber Crime may be said to be those species, of which,

genus is the conventional crime, and where either the computer is an

object or subject of the conduct constituting crime”

Source Parthasarathi Pati, an author

Zahid Nazir

Roll No. 523655

9

“Any criminal activity that uses a computer either as an instrumentality,

target or a means for perpetuating further crimes comes within the

ambit of Cyber Crime”.

A generalized definition of Cyber Crime may be “ unlawful acts wherein

the computer is either a tool or target or both”

Source Duggal Pawan, an author

All crimes performed or resorted to by abuse of electronic media or

otherwise, with the purpose of influencing the functioning of computer

or computer system. In short

COMPUTER CRIME is any crime where –

• Computer is a target.

• Computer is a tool of crime

• Computer is incidental to crime

Why learn about CYBER CRIME ?

Because

� Everybody is using COMPUTERS.

� From white collar criminals to terrorist organizations and

from Teenagers to Adults

� Conventional crimes like Forgery, extortion, kidnapping etc.

are being committed with the help of computers

� New generation is growing up with computers

� MOST IMPORTANT - Monetary transactions are moving on

to the IINTERNET

Zahid Nazir

Roll No. 523655

10

Who commits a Cyber Crime?

There is a growing convergence of technically savvy computer crackers with

financially motivated criminals. Historically, most computer crime on the

Internet has not been financially motivated: it was the result of either curious

or malicious technical attackers, called crackers. This changed as the Internet

became more commercialized. Financially motivated actors, spammers and

fraudsters, soon joined crackers to exploit this new potential goldmine. Cyber

Criminals have fully adopted the techniques of crackers and malicious code

authors. These are financially motivated people, who pursue their goals

considerably more aggressively than an average cracker. They have the

monetary means to buy the required expertise to develop very sophisticated

tools to accomplish their goals of spamming and scamming the public.

The perpetrators of these attacks vary considerably. At the low end are script

kiddies, who are usually unsophisticated users that download malicious

software from hacker web sites and follow the posted instructions to execute

an attack on some target. These attacks are often only annoyance attacks, but

they can be more severe. At the next level are hackers who are trying to prove

to their peers or to the world that they can compromise a specific system, such

as a government web site. Next are insiders, who are legitimate users of a

system that either access information that they should not have access to or

damage the system or data because they are disgruntled. Insiders are often

less knowledgeable then hackers, but they are often more dangerous because

they have legal access to resources that the hackers need to access illegally.

Next are organizational level attacks. In this case, the organization’s resources

are used to get information illegally or to cause damage or deny access to

other organizations to further the attacking organization’s gain. These can be

legitimate organizations, such as two companies bidding on the same contract

where one wants to know the other’s bid in order to make a better offer. They

could also be criminal organizations that are committing fraud or some other

illegal activity. At the highest level is the nation state that is trying to spy on or

Zahid Nazir

Roll No. 523655

11

cause damage to another state. This level used to be called “national lab”

attackers, because the attackers have a substantial amount of resources at

their disposal, comparable to those that are available to researchers at a

national lab, such as Los Alamos Laboratory or Lawrence Livermore

Laboratory. After the September 11, 2001 terrorist attacks on the World Trade

Center, the idea of nation state level cyber attacks being carried out by

terrorists became a big concern.

Who can be typically expected to indulge in a Cyber Crime?

Insiders Disgruntled employees and ex-employees, spouses,

lovers

Hackers Crack into networks with malicious intent

Virus Writers Pose serious threats to networks and systems

worldwide

Foreign Intelligence: -

�Use cyber tools as part of their services �For espionage activities �Can pose the biggest threat to the security of

another country

Terrorists Use to formulate plans, to raise funds, propaganda

Cyber Criminals can also be classified as follows:

Children and adolescents between the age group of 6 – 18 years:

The simple reason for this type of delinquent behavior pattern in children is

seen mostly due to the inquisitiveness to know and explore the things. Other

cognate reason may be to prove themselves to be outstanding amongst other

children in their group. Further the reasons may be psychological even.

Organized hackers:

These kinds of hackers are mostly organized together to fulfill certain

objective. The reason may be to fulfill their political bias, fundamentalism, etc.

The NASA as well as the Microsoft sites is always under attack by the hackers.

Zahid Nazir

Roll No. 523655

12

Professional hackers / crackers:

Their work is motivated by the color of money. These kinds of hackers are

mostly employed to hack the site of the rivals and get credible, reliable and

valuable information. Further they are even employed to crack the system of

the employer basically as a measure to make it safer by detecting the

loopholes.

Discontented employees:

This group include those people who have been either sacked by their

employer or are dissatisfied with their employer. To avenge they normally hack

the system of their employee.

TYPES OF CYBER CRIME

Computer crime is a multi-billion dollar problem. Our Law enforcement must

seek ways to keep the drawbacks from overshadowing the great promise of

the computer age. Cyber Crime is a menace that has to be tackled effectively

not only by the official but also by the users by co-operating with the law. The

founding fathers of internet wanted it to be a boon to the whole world and it is

upon us to keep this tool of modernization as a boon and not make it a bane to

the society.

Cyber Crimes can be divided into 3 major categories:

� Cybercrimes against Persons.

� Cybercrimes against Property.

� Cybercrimes against Government.

Cyber Crimes against Persons

Also known as Cyber harassment is a distinct Cyber Crime. Various kinds of

harassment can and do occur in cyberspace, or through the use of cyberspace.

Zahid Nazir

Roll No. 523655

13

Harassment can be sexual, racial, religious, or other. Persons perpetuating

such harassment are also guilty of Cyber Crimes.

Cyber Crimes against Property

Cyber-crimes is that of Cybercrimes against all forms of property. These crimes include computer vandalism (destruction of others' property), transmission of harmful programs.

Cyber Crimes against Government

Also known as Cyber terrorism is one distinct kind of crime in this category.

The growth of internet has shown that the medium of Cyberspace is being

used by individuals and groups to threaten the international governments as

also to terrorize the citizens of a country. This crime manifests itself into

terrorism when an individual "cracks" into a government or military maintained

website.

Different types of cyber crime are:

• Hacking

• Denial of service attack

• Virus Dissemination

• Software Piracy

• Pornography

• IRC Crime

• Credit Card Fraud

• Phishing

• Spoofing

• Cyber Stalking

• Cyber Defamation

• Threatening

• Salami Attack

• Net Extortion

HACKING

“Hacking in simple terms means illegal intrusion into a computer system without

the permission of the computer owner/user.”

Zahid Nazir

Roll No. 523655

14

A hacker is a person who breaks codes and passwords to gain unauthorized

entry to computer systems. For hackers, the challenge of breaking the codes is

irresistible and so precautions have to be taken.

Computers that are not connected to the internet or to a wider network are

usually safe. Computers which form part of networks or those with external

links, such as attached modems, are a potential target.

Many hackers often have no specific fraudulent intent, but just enjoy the

challenge of breaking into a system. Company websites are an attractive target

for ‘cyber-vandals’ who change words around, add pictures or add their own

slogans to deface the sites.

In some instances the hacker's purpose could be to commit fraud, to steal

commercially valuable data or to damage or delete the data in order to harm

the company. It is often carried out by corrupt employees or those with a

grudge. They may have insider knowledge of passwords and User IDs which

makes it easy for them.

How can it affect Business? The extent of hacking is difficult to assess as much of it is only discovered by

accident but the effects can vary greatly. The purpose could be to steal

sensitive data or to cause disruption to your business. There have been

numerous high profile cases of hacking some including the recent admission

from the Pentagon’s Chief Information Officer that the US Department of

Defense has been hacked on many occasions.

Zahid Nazir

Roll No. 523655

15

TKMAXX, a large company trading online, were the recent victim of a hacker.

The retail outlet’s servers were accessed by hackers who then stole

approximately 45 million customers’ credit card details. Although the company

has argued that 75% of the details stolen were of no use to the criminals, that

still leaves 11 million that were. The knock on effect of the incident apart from

the money lost is the damage caused to the reputation of the company which

may be more costly than the money lost through the criminals hacking.

In addition to client information, hackers can also steal your information on

suppliers, costing and contact details so apart from the criminal gangs stealing

data there is also the possibility of corporate sabotage.

An attack could originate internally. Your company payroll details and other HR

information could be valuable and damaging information if in the wrong hands.

DENIAL OF SERVICE ATTACK

Action(s) which prevent any part of an AIS from functioning in accordance with

its intended purpose Result of any action or series of actions that prevents any

part of an information system from functioning.

An attack that consumes the resources on your computer for things it was not

intended to be doing, thus preventing normal use of your network.

An attack on a network designed to render it - or an Internet resource -

unavailable. The target may be an organization’s e-mail services or its website

Denial of service is an attack on a site or service that overwhelms a Web site's

servers with requests or messages, thus preventing users making legitimate

requests.

A malicious attack on a computer or computer network that can take various

forms. The targeted computer network is overwhelmed with massive amounts

Zahid Nazir

Roll No. 523655

16

of useless traffic that can bring the network down. Some forms of attack have

special names such as The Ping Of Death and Teardrops.

This is an act by the criminal, who floods the bandwidth of the victim’s network

or fills his e-mail box with spam mail depriving him of the services he is entitled

to access or provide.

VIRUS DISSEMINATION

A computer virus is software or coding written for the sole purpose of infecting

a computer. The effects can range from the irritating but harmless, such as

humorous text or pictures being displayed on your monitor to the more

malicious sort that will delete all of the files on your hard disk. It is these types

of virus that can have the most damaging effects on a business and that is why

it is always necessary to have secure backups of all your data.

The most common method of spreading viruses is via email. Before email

appeared viruses were spread through the sharing of floppy disks. Other

methods such as disks and USB data sticks present a similar threat. However,

infection most commonly occurs through email.

Figure: Effects of a virus

Zahid Nazir

Roll No. 523655

17

Typically, a virus is sent as an attachment to an email and the virus is spread

when the attachment is opened. Often the message is sent to intrigue the

recipient using the ‘RE:’ format to imply the message is a reply. The most

famous example of this was the “I Love You” virus which caused worldwide

disruption. The virus, once opened scanned all your contacts and then sent the

virus to them purporting to come from you. This virus went round the globe in

a matter of hours and unfortunately, many viruses created since then use

similar methods. According to reports there are over 1 million viruses and

malicious codes currently in circulation.

A worm is a little different to a virus in that it is self replicating and does not

need a host medium. A typical virus will spread via email or by an infected file

but a worm can be released on to a computer and will spread via network

connections, within an office, to within a business, across a multinational

network and across the whole internet. It’s the same as a virus in that its aim is

to infect your computer and execute tasks which can range from humorous to

malicious damage.

How can it affect Business? � The affects to your business from a virus or worm infection could range

from mildly annoying to extremely damaging. Hard drives can be

completely wiped, in effect leaving a business with no option but to

close. In this case a backup of your company information would be

invaluable.

� A business being forced to close is the extreme case but the downtime

caused by infected equipment can cause setbacks and lost revenue

through the disruption

� A virus may access your email address lists and send embarrassing or

offensive messages to clients and contacts, the effects of which could be

severe embarrassment and loss of all trade. This may also result in your

Internet Service Provider (ISP) blocking email that you send, including

legitimate mail.

Zahid Nazir

Roll No. 523655

18

SOFTWARE PIRACY

� Theft of software through the illegal copying of genuine programs or the

counterfeiting and distribution of products intended to pass for the

original.

� Retail revenue losses worldwide are ever increasing due to this crime

� Can be done in various ways-

End user copying, Hard disk loading, Counterfeiting, Illegal downloads

from the internet etc.

PORNOGRAPHY

� Pornography is the first consistently successful ecommerce product.

� Deceptive marketing tactics and mouse trapping technologies

Pornography encourage customers to access their websites.

� Anybody including children can log on to the internet and access

websites with pornographic contents with a click of a mouse.

� Publishing, transmitting any material in electronic form which is

lascivious or appeals to the prurient interest is an offence under the

provisions of I.T. Act.

� Pedophiles: Pedophilia, or sexual attraction to children by an adult, is a sickness that does not discriminate by race, class, or age. The internet allows Pedophiles i.e.

� Instant access to other predators worldwide;

� Open discussion of their sexual desires; ways to lure victims;

Zahid Nazir

Roll No. 523655

19

� Mutual support of their adult child sex philosophies;

� Instant access to potential child victims worldwide;

� Disguised identities for approaching children, even to the point of

presenting as a member of teen groups;

� Ready access to "teen chat rooms" to find out how and why to target as

potential victims;

� Shared ideas about Means to identify and track down home contact

information;

� Ability to build a long-term "Internet" relationship with a potential victim,

prior to attempting to engage the child in physical contact.

IRC CRIME

Internet Relay Chat (IRC) is a form of real-time Internet Online chat or

synchronous conferencing. It is mainly designed for group communication in

discussion forums called channels, but also allows one-to-one communication

via private message, as well as chat and data transfers via Direct Client-to-

Client.

Internet Relay Chat (IRC) servers have chat rooms in which people from

anywhere the world can come together and chat with each other.

� Criminals use it for meeting coconspirators.

� Hackers use it for discussing their exploits / sharing the techniques

� Pedophiles use chat rooms to allure small children

� Cyber Stalking - In order to harass a woman her telephone number is

given to others as if she wants to befriend males

CREDIT CARD FRAUD

Credit card fraud is a wide-ranging term for theft and fraud committed using a

credit card or any similar payment mechanism as a fraudulent source of funds

Zahid Nazir

Roll No. 523655

20

in a transaction. The purpose may be to obtain goods without paying, or to

obtain unauthorized funds from an account. Credit card fraud is also an adjunct

to identity theft.

There are two types of fraud within the identity theft category, application

fraud and account takeover. Application fraud occurs when criminals use

stolen or fake documents to open an account in someone else's name.

Criminals may try to steal documents such as utility bills and bank statements

to build up useful personal information. Alternatively, they may create

counterfeit documents.

Account takeover involves a criminal trying to take over another person's

account, first by gathering information about the intended victim, then

contacting their bank or credit issuer — masquerading as the genuine

cardholder — asking for mail to be redirected to a new address. The criminal

then reports the card lost and asks for a replacement to be sent. The

replacement card is then used fraudulently.

Some merchants added a new practice to protect consumers and self

reputation, where they ask the buyer to send a copy of the physical card and

statement to ensure the legitimate usage of a card.

Skimming is the theft of credit card information used in an otherwise

legitimate transaction. It is typically an "inside job" by a dishonest employee of

a legitimate merchant, and can be as simple as photocopying of receipts.

Common scenarios for skimming are restaurants or bars where the skimmer

has possession of the victim's credit card out of their immediate view. The

skimmer will typically use a small keypad to unobtrusively transcribe the 3 or 4

digit Card Security Code which is not present on the magnetic strip.

Zahid Nazir

Roll No. 523655

21

Credit Card Skimmer

PHISHING

Phishing is a form of Identity Theft that involves sending out emails

indiscriminately which act as ‘bait’ and they then see how many unsuspecting

users they can ‘hook’. Attacks are those that use spoof emails and fraudulent

websites to trick people into giving out personal financial data. Phishers hijack

brand names of banks, web retailers and credit card companies and send out

wave after wave of emails that ask the recipient to click on a link to update

their details on what turns out to be a fake website. The message appears to

be credible because the email and related website often incorporate the

company logo making them look identical to the email or website

communications of the legitimate company.

The majority of phishing emails are sent by computers covertly controlled by

criminals.

How can it affect Business?

The criminal can then use that sensitive information to steal what may be in the

account, sign up for credit cards, take out loans or sell your personal

information on the black market. The potential damage caused by a successful

phishing attempt could be enough to force the closure of the business.

Zahid Nazir

Roll No. 523655

22

You may also need to consider the potential effects of your company being

mimicked in emails sent out to your clients and customers, however if you do

not trade online or take confidential information via the internet, then your

clients would find it strange you should ask for personal details.

You should also be aware that apart from the danger of disclosing personal

information, bogus emails may also contain malware scripts that execute as

soon as the email is opened. If you do access a phishing site, you will be

vulnerable to drive by downloads of malicious code which will bypass any

firewall as you have effectively ‘trusted’ the website.

Figure: An example of a recent phishing attempt (The request to follow the link

to confirm bank details indicates the email is a scam – banks will never request this!)

Zahid Nazir

Roll No. 523655

23

SPOOFING

The word "spoof" means to hoax, trick, or deceive. Therefore, in the IT world,

spoofing refers tricking or deceiving computer systems or other computer

users. This is typically done by hiding one's identity or faking the identity of

another user on the Internet.

Spoofing can take place on the Internet in several different ways. One common

method is through e-mail. E-mail spoofing involves sending messages from a

bogus e-mail address or faking the e-mail address of another user. Fortunately,

most e-mail servers have security features that prevent unauthorized users

from sending messages. However, spammers often send spam messages from

their own SMTP, which allows them to use fake e-mail addresses. Therefore, it

is possible to receive e-mail from an address that is not the actual address of

the person sending the message.

Another way spoofing takes place on the Internet is via IP spoofing. This

involves masking the IP address of a certain computer system. By hiding or

faking a computer's IP address, it is difficult for other systems to determine

where the computer is transmitting data from. Because IP spoofing makes it

difficult to track the source of a transmission, it is often used in denial-of-

service attacks that overload a server. This may cause the server to either crash

or become unresponsive to legitimate requests. Fortunately, software security

systems have been developed that can identify denial-of-service attacks and

block their transmissions.

Finally, spoofing can be done by simply faking an identity, such as an online

username. For example, when posting on an Web discussion board, a user may

pretend he is the representative for a certain company, when he actually has

no association with the organization. In online chat rooms, users may fake their

age, gender, and location.

Zahid Nazir

Roll No. 523655

24

While the Internet is a great place to communicate with others, it can also be

an easy place to fake an identity. Therefore, always make sure you know who

you are communicating with before giving out private information.

CYBER STALKING

Cyber stalking is a crime in which the attacker harasses a victim using electronic

communication, such as e-mail or instant messaging (IM), or messages posted

to a Web site or a discussion group. A cyber stalker relies upon the anonymity

afforded by the Internet to allow them to stalk their victim without being

detected. Cyber stalking messages differ from ordinary spam in that a cyber

stalker targets a specific victim with often threatening messages, while the

spammer targets a multitude of recipients with simply annoying messages.

Corporate cyber stalking, an organization stalks an individual. Corporate cyber

stalking (which is not the same thing as corporate monitoring of e-mail) is

usually initiated by a high-ranking company official with a grudge, but may be

conducted by any number of employees within the organization. Less

frequently, corporate cyber stalking involves an individual stalking a

corporation.

CYBER DEFAMATION

Any derogatory statement, which is designed to injure a person's business or

reputation, constitutes cyber defamation. Defamation can be accomplished as

libel or slander. Cyber defamation occurs when defamation takes place with

the help of computers and / or the Internet. E.g. someone publishes

defamatory matter about someone on a website or sends e-mails containing

defamatory information to all of that person's friends.

THREATENING

The Criminal sends threatening email or comes in contact in chat rooms with

victim. (Any one disgruntled may do this against boss, friend or official)

Zahid Nazir

Roll No. 523655

25

SALAMI ATTACKS

This is basically related to finance and therefore the main victims of this crime

are the financial institutions. This attack has a unique quality that the alteration

is so insignificant that in a single case it would go completely unnoticed. E.g. a

bank employee inserts a programme whereby a meager sum of Rs 3 is

deducted from random customer’s account periodically and transferred to a

specific account for personal gains. Such a small amount will not be noticeable

at all.

NET EXTORTION

Copying the company’s confidential data in order to extort said company for

huge amount.

PRIVACY ISSUES

Information Technology makes it technically and economically feasible to

collect, store, integrate, interchange and retrieve data and information quickly

and easily. This characteristic has an important beneficial effect on the

efficiency and effectiveness of computer based information systems. However

the power of information technology to store and retrieve information can

have a negative effect on the right to privacy of every individual. For example

confidential email messages by employees are monitored by many companies.

Personal information is being collected about individuals every time they visit a

site on the World Wide Web. Confidential information on individuals contained

in centralized computer database by credit bureaus, government agencies, and

private business firms has been stolen or misused, resulting in invasion of

privacy, fraud and other injustice. The unauthorized use of such information

has seriously damaged the privacy of individuals. Errors in such database could

seriously hurt the credit standing or reputation of an individual.

Zahid Nazir

Roll No. 523655

26

Important privacy issues are being debated in business and government, as

internet technologies accelerate the ubiquity of global telecommunication

connections in business and society. For example:

Accessing individual’s private e-mail conversations and computer

records, and collecting and sharing information about individuals gained

from their visits to internet websites and newsgroups (violation of

privacy).

Always knowing where a person is, especially as mobile and paging

services become more closely associated with people rather than places

(computer monitoring).

Using customer information gained from many sources to market

additional business services (computer matching).

Collecting telephone numbers, e-mail addresses, credit card numbers and

other personal information to build individual customer profiles

(unauthorized personal files).

Privacy on the Internet

If one doesn’t take proper precautions, anytime you send an e-mail, access a

web site, post a message to a newsgroup or use the internet for banking and

shopping… whether you are online for business or pleasure, you are

vulnerable to anyone bent on collecting data about you without your

knowledge. Fortunately, by using tools like encryption and anonymous

remailers, and by being selective about the sites you visit and the information

you provide, you can minimize, if not completely eliminate, the risk of your

privacy being violated.

The internet is notorious for giving its users a feeling of anonymity, when in

actuality; they are highly visible and open to violations of their privacy. Most of

the internet, the World Wide Web, e-mail chat and newsgroups are still a wide

open, unsecured electronic frontier, with no touch rules on what information is

personal and private. Information about internet users is captured legitimately

and automatically each time you visit a website or newsgroup and recorded as

a “cookie file” on your hard disk. Then the web site owners or online auditing

Zahid Nazir

Roll No. 523655

27

services like Double Click may sell the information from cookie files and other

records of your internet use to third parties. To make matter worse, much of

the Net and Web are easy targets for the interception or theft by hackers of

private information furnished to websites by internet users.

One can protect its privacy in several ways. For example, sensitive e-mail can be

protected by encryption, if both e-mail parties use compatible encryption

software built into their e-mail programs. News group postings can be made

privately by sending them through anonymous remailers that protect your

identity when you add your comments to a discussion. You can ask your ISP not

to sell your name and personal information to mailing list providers and other

marketers. Finally you can decline to reveal personal data and interests on

online service and website user profile to limit your exposure to electronic

snooping.

Computer Matching

Computer profiling and mistakes in the computer matching of personal data

are other controversial threats to privacy. Individuals have been mistakenly

arrested and jailed and people have been denied credit because their physical

profiles or personal data have been used by profiling software to match them

incorrectly or improperly with the wrong individuals. Another threat is the

unauthorized matching of computerized information about you extracted from

the database of sales transaction processing system and sold to information

brokers or other companies. A more recent threat is the unauthorized

matching and sale of information about you collected from the internet

websites and newsgroups visited. You are then subjected to a barrage of

unsolicited promotional material and sales contacts as well as having your

privacy violated.

Computer Libel and Censorship

The opposite side of the privacy debate is the right of people to know about

matters other may want to keep private (freedom of information), the right of

people to express their opinions about such matters (freedom of speech), and

Zahid Nazir

Roll No. 523655

28

the right of people to publish those opinions (freedom of the press). Some of

the biggest battle grounds in the debate are the bulletin boards, e-mail boxes

and online files of the internet and public information networks such as

America Online and Microsoft network. The weapons being used in this battle

include spamming, flame mail, libel laws and censorship.

Spamming is the indiscriminate sending of unsolicited e-mail messages (spam)

to many internet users. Spamming is the favorite tactic of mass mailers of

unsolicited advertisements, or junk e-mails. Spamming has also been used by

cyber criminals to spread computer viruses or infiltrate many computer

systems.

Flaming is the practice of sending extremely critical, derogatory and often

vulgar e-mail messages (flame mail) or newsgroup postings to other users on

the internet or online services. Flaming is especially prevalent on some of the

internet’s special interest newsgroups.

There have been many incidents of racist or defamatory messages on the Web

that have led to calls for censorship and lawsuits for libel. In addition the

presence of sexually explicit material at many World Wide Web locations has

triggered lawsuits and censorship actions by various groups and governments.

IMPACT OF IT ON EMPLOYMENT

The impact of information technologies on employment is a major ethical

concern and is directly related to the use of computers to achieve automation

of work activities. There can be no doubt that the use of information

technologies has created new jobs and increased productivity, while also

causing a significant reduction in some types of job opportunities. For example,

when computers are used for accounting systems or for the automated control

of machine tools, they are accomplishing tasks formerly performed by many

clerks and machinists. Also jobs created by information technology may require

different types of skills and education than do the jobs that are eliminated.

Therefore, individuals may become unemployed unless they can be retrained

for new positions or new responsibilities.

Zahid Nazir

Roll No. 523655

29

However, there can be no doubt that internet technologies have created a host

of new job opportunities. Many new jobs, including internet web masters, e-

commerce directors, systems analysts and user consultants have been created

to support e-business and e-commerce applications. Additional jobs have been

created because information technologies make possible the production of

complex industrial and technical goods and services that would otherwise be

impossible to produce. Thus jobs have been created by activities that are

heavily dependent on information technology, in such areas as space

exploration, microelectronics technology and telecommunications.

COMPUTER MONITORING

One of the most explosive ethical issue concerning workplace privacy and the

equality of working conditions in business is computer monitoring. That is,

computers are being used to monitor the productivity and behavior of millions

of employees while they work. Supposedly computer monitoring is done so

employers can collect productivity data about their employees to increase the

efficiency and quality of service. However, computer monitoring has been

criticized as unethical because it monitors individuals, not just work, and is

done continually, thus violating workers privacy and personal freedom. For

example, when you call to make a reservation, an airline reservation agent may

be timed on the exact number of seconds he or she took per caller, the time

between calls, and the number and length of breaks taken. In addition your

conversation may also be monitored.

Computer monitoring has been criticized as an invasion of the privacy of

employees because in many cases they do not know that they are being

monitored or don’t know how the information is being used. Critics also say

that an employee’s right of due process may be harmed by the improper use of

collected data to make personal decisions. Since computer monitoring

increases the stress on employees who must work under constant electronic

surveillance, it has also been blamed for causing health problems among

monitored workers. Finally, computer monitoring has been blamed for robbing

workers of the dignity of their work. In effect, computer monitoring creates an

Zahid Nazir

Roll No. 523655

30

“electronic sweatshop” where workers are forced to work at a hectic pace

under poor working conditions.

CHALLEGNES IN WORKING CONDITIONS

Information technology has eliminated monotonous or obnoxious tasks in the

office and the factory that formerly had to be performed by people. For

example, word processing and desktop publishing make producing office

documents a lot easier to do, while robots have taken over repetitive welding

and spray painting jobs in the automotive industry. In many instances, this

allows people to concentrate on more challenging and interesting

assignments, upgrades the skill level of the work to be performed, and creates

challenging jobs requiring highly developed skills in the computer industry and

within computer using organizations. Thus information technology can be said

to upgrade the quality of work because it can upgrade the quality of working

conditions and the content of work activities.

CHALLENGES TO INDIVIDUALITY

A frequent criticism of information systems concerns their negative effect on

the individuality of people. Computer based systems are criticized as

impersonal systems that dehumanize and depersonalize activities that have

been computerized, since they eliminate the human relationship present in

noncomputer systems.

Another aspect of the loss of individuality is the regimentation of the individual

that seems to be required by some computer based systems. These systems do

not seem to possess any flexibility. They demand strict adherence to detailed

procedures if the system is to work. The negative impact of IT on individuality is

reinforced by horror stories that describe how inflexible and uncaring some

organizations with computer based processes are when it comes to rectifying

their own mistakes. Many of us are familiar with stories of how computerized

customer billing and accounting system continued to demand payment and

Zahid Nazir

Roll No. 523655

31

send warning notices to a customer whose account had already been paid,

despite repeated attempts by the customer to have the error corrected.

However, many business applications of IT are designed to minimize

depersonalization and regimentation. For example, many e-commerce systems

are designed to stress personalization and community features to encourage

repeated visits to e-commerce websites. Thus, the widespread use of personal

computers and the internet has dramatically improved the development of

people oriented and personalized information systems.

HEALTH ISSUES

The use of information technology in the workplace raises a variety of health

issues. Heavy use of computers is reportedly causing health problems like job

stress, damaged arm and neck muscles, eye strain, radiation exposure and

even death by computer-caused accidents. For example, computer monitoring

is blamed as a major cause of computer related job stress. Workers, unions and

government officials criticizes computer monitoring as putting so much stress

on employees that leads to health problems. Some of the health issues related

to computer use are:

Eye problems are probably the major problems experienced by

computer users. These include fatigue, blurred vision and dry eyes. These

symptoms are also aggravated by external factors, such as poor lighting,

improperly designed work-stations and viewing the screen up too close.

Other problems are stress, depression and electromagnetic radiation

hazards. Do not forget that it is better to stay away from the back of

monitors, where the electromagnetic field is stronger and against which

walls did not give any protection. The monitor screen surface should be

approximately 18-24 inches away from upper body. It is good to have a

suitable monitor screen without any wave.

Bad posture is enemy number two. Long periods of time at the

computer while blogging, working or reading often leads to pain in the

lumbar region of the back. Neck and shoulder problems also result

Zahid Nazir

Roll No. 523655

32

from poor seating and the poor organization of equipment on the desk

(stretching for the telephone or files etc).

Your hand and wrist ache after working at the computer all day, and

they sometimes start feeling numb. Research in recent years has found

that things like typing and sewing rarely cause carpal tunnel. Wear splints

while you work to keep your wrists from bending too high or low, and

use a keyboard tray or adjust your chair so the keyboard and mouse are

below your elbows and your wrists are level.

High levels of stress can kill you, don’t make mistakes! Highly stressful

workers have a higher risk of developing heart diseases and even cancer.

So make sure that you can manage your stress. Start making something

to reduce it, don’t wait till computer stress will be the main problem in

your life. Taking frequent breaks is an important step in preventing

repetitive computer stress injuries.

ERGONOMICS

Solutions to some of these health problems are based on the science of

ergonomics, also called human factors engineering.

The User/

Operator

The Workstation

and Environment

The Tools

(Computer,

Hardware and

Software

The Tasks (Job

Content and

Context

Biomechanical

Physical

Biomechanical

Anthropometric

Lighting

Work Surface

Furniture

Climate

Software Design

Change Training

Job Satisfaction

Support Systems

Rest Breaks

Shift Work

Management SystemsFig: Ergonomic Factors in the Workplace. Good

ergonomic design considers tools, tasks, the workstation

and Environment.

Zahid Nazir

Roll No. 523655

33

The goal of ergonomics is to design healthy work environments that are safe,

comfortable and pleasant for people to work in, thus increasing employee

morale and productivity. Ergonomics stresses the healthy design of the

workplace, workstations, computers and other machines, and even software

packages. Other health issues may require ergonomic solutions emphasizing

job design, rather than workplace design. For example, this may require

policies providing for work breaks from heavy VDT use every few hours, while

limiting the CRT (cathode ray tubes) exposure of pregnant workers. Ergonomic

job design can also provide more variety in job tasks for those workers who

spend most of their workday at computer workstations.

*************************

Zahid Nazir

Roll No. 523655

34

PRACTICAL STUDY

OF ORGANISATION

GALXOSMITHKLINECOMPANY’S OVERVIEW

At GlaxoSmithKline, we conduct our business with integrity and honesty, and aspire to excellence in all we do. We know our people are vital to the of the business, and encourage everyone to achieve their maximum potential. We offer a competitive benefits package and recognize the need for a healthy balance between work and family life.

GlaxoSmithKline welcomes the talent of people from diversprovide the expertise, dedication and imagination to propel us toward a prosperous future. We look for individuals with daring spirits and inquisitive minds who seek a broad range of opportunities for personal and professional growth, and whose efforts are realized in the improved health of people worldwide.

GlaxoSmithKline is an exciting organization, which offers a variety of career opportunities. Our recruitment process aims to achieve the highest level of candidate care by listening to customer.

35

GALXOSMITHKLINES OVERVIEW

, we conduct our business with integrity and honesty, and aspire to excellence in all we do. We know our people are vital to the of the business, and encourage everyone to achieve their maximum potential. We offer a competitive benefits package and recognize the need for a healthy balance between work and family life.

welcomes the talent of people from diversprovide the expertise, dedication and imagination to propel us toward a prosperous future. We look for individuals with daring spirits and inquisitive minds who seek a broad range of opportunities for personal and professional

whose efforts are realized in the improved health of people

is an exciting organization, which offers a variety of career opportunities. Our recruitment process aims to achieve the highest level of candidate care by listening to your interests, and treating you like a valued

Zahid Nazir

Roll No. 523655

GALXOSMITHKLINE

, we conduct our business with integrity and honesty, and aspire to excellence in all we do. We know our people are vital to the success of the business, and encourage everyone to achieve their maximum potential. We offer a competitive benefits package and recognize the need for a healthy

welcomes the talent of people from diverse backgrounds to provide the expertise, dedication and imagination to propel us toward a prosperous future. We look for individuals with daring spirits and inquisitive minds who seek a broad range of opportunities for personal and professional

whose efforts are realized in the improved health of people

is an exciting organization, which offers a variety of career opportunities. Our recruitment process aims to achieve the highest level of

your interests, and treating you like a valued

The organizational structure of company a model for excellence in the pharmaceutical industry company that represents best practice in every way.

GSK is a company with the size and scale to invest in the tools we need to succeed, and to drive that successorganized as a flexible company, capable of responding quickly to a rapidly changing marketplace. Organized globally to coordinate activities and gain the benefits of size and scale, the company is built on smalunits, dedicated to delivering medicines that relieve the suffering of patients around the world.

The new and innovative model for R&D, the focused structure of our pharmaceutical business throughout the world and the organization of global services such as IT and Procurement are some of the highlights in the approach which will lead our success.

GSK CONSUMER HEALTHC

GlaxoSmithKline is a leader in the worldwide consumer healthcare market. With nearly $6 billion in sales, over markets, the consumer healthcare business brings an added dynamic dimension to GSK.

Operating in the fiercely competitive environment of retail and consumer marketing GlaxoSmithKline Consumer Healthcare brings oral the-counter medicines and nutritional healthcare products to millions of people.

36

BUSINESS UNITS

The organizational structure of GlaxoSmithKline (GSK) is designed to make our company a model for excellence in the pharmaceutical industry company that represents best practice in every way.

is a company with the size and scale to invest in the tools we need to succeed, and to drive that success going forward. To achieve that goal, GSK is organized as a flexible company, capable of responding quickly to a rapidly changing marketplace. Organized globally to coordinate activities and gain the benefits of size and scale, the company is built on smaller, customerunits, dedicated to delivering medicines that relieve the suffering of patients

The new and innovative model for R&D, the focused structure of our pharmaceutical business throughout the world and the organization of global services such as IT and Procurement are some of the highlights in the approach which will lead our success.

GSK CONSUMER HEALTHCARE

is a leader in the worldwide consumer healthcare market. With nearly $6 billion in sales, over ten million brands and present in 130 markets, the consumer healthcare business brings an added dynamic

Operating in the fiercely competitive environment of retail and consumer marketing GlaxoSmithKline Consumer Healthcare brings oral

counter medicines and nutritional healthcare products to millions of

Zahid Nazir

Roll No. 523655

is designed to make our company a model for excellence in the pharmaceutical industry - a new

is a company with the size and scale to invest in the tools we need to going forward. To achieve that goal, GSK is

organized as a flexible company, capable of responding quickly to a rapidly changing marketplace. Organized globally to coordinate activities and gain the

ler, customer-focused units, dedicated to delivering medicines that relieve the suffering of patients

The new and innovative model for R&D, the focused structure of our pharmaceutical business throughout the world and the organization of our global services such as IT and Procurement are some of the highlights in the

is a leader in the worldwide consumer healthcare market. ten million brands and present in 130

markets, the consumer healthcare business brings an added dynamic

Operating in the fiercely competitive environment of retail and consumer marketing GlaxoSmithKline Consumer Healthcare brings oral healthcare, over-

counter medicines and nutritional healthcare products to millions of

Brand names such as Panadol, Aquafresh toothpaste, Lucozade, Nicorette and Niquitin smoking cessation products are household names around the world. In one year GSK Consumer Healthcare produces billion tablets to relieve stomach upsets, six billion tablets of pain relief tablets and 600 million tubes of toothpaste.

But the driving force behind is science. With four dedicated consumer healthcare R&D centers and consumer healthcare regulatory affairs, the business takes scientific innovation as seriously as marketing excellence and offers leading

GSK CORPORATE FUNC

The Corporate business unit within leadership, processes, policies, standards and services in the core business areas of Corporate Communications & Global Community Partnerships, Corporate Ethics & Compliance, Finafunctions work individually and in crosscorporate functions and businesses within GSK.

The functions aim to achieve compliance with legal, financial and regulatory frameworks within and motivating GSK people and the communities in which they work. They utilize a responsive business infrastructure shared services approaches Corporate functions count among their audiences; employees, communities, media, governments, analysts, institutions and shareholders worldwide.

37

Brand names such as Panadol, Aquafresh toothpaste, Lucozade, Nicorette and Niquitin smoking cessation products are household names around the world. In

ar GSK Consumer Healthcare produces - among many others billion tablets to relieve stomach upsets, six billion tablets of pain relief tablets and 600 million tubes of toothpaste.

But the driving force behind GlaxoSmithKline's Consumer Healthcare busis science. With four dedicated consumer healthcare R&D centers and consumer healthcare regulatory affairs, the business takes scientific innovation as seriously as marketing excellence and offers leading-edge capability in both.

GSK CORPORATE FUNCTIONS

The Corporate business unit within GlaxoSmithKline, is responsible for leadership, processes, policies, standards and services in the core business areas of Corporate Communications & Global Community Partnerships, Corporate Ethics & Compliance, Finance, Human Resources and Legal. The functions work individually and in cross-functional teams across different corporate functions and businesses within GSK.

The functions aim to achieve compliance with legal, financial and regulatory outside the corporation; protecting, supporting and

motivating GSK people and the communities in which they work. They utilize a responsive business infrastructure - combining account management and shared services approaches - to work with GSK's diverse Corporate functions count among their audiences; employees, communities, media, governments, analysts, institutions and shareholders worldwide.

Zahid Nazir

Roll No. 523655

Brand names such as Panadol, Aquafresh toothpaste, Lucozade, Nicorette and Niquitin smoking cessation products are household names around the world. In

among many others - nine billion tablets to relieve stomach upsets, six billion tablets of pain relief tablets

Consumer Healthcare business is science. With four dedicated consumer healthcare R&D centers and consumer healthcare regulatory affairs, the business takes scientific innovation

edge capability in both.

, is responsible for leadership, processes, policies, standards and services in the core business areas of Corporate Communications & Global Community Partnerships,

nce, Human Resources and Legal. The functional teams across different

The functions aim to achieve compliance with legal, financial and regulatory outside the corporation; protecting, supporting and

motivating GSK people and the communities in which they work. They utilize a combining account management and

to work with GSK's diverse businesses. The Corporate functions count among their audiences; employees, communities, media, governments, analysts, institutions and shareholders worldwide.

GSK INFORMATION TECH

In GSK, Information Technology is a business unit, one that is clos

with all parts of the company, all around the world. It is organized to take best advantage of global scale when that is appropriate, while supporting GSK people and businesses locally so they have the IT tools they need to succeed.

Six IT departments provide core services that are required by each of the business units and by GSK at large. These IT departments are:

• Cross Functional Process Design

changes have a significant, positive impact on the performance of the business processes.

• Global eBusiness - Develops GSK's commercial capabilities in eBusiness.• Global Strategy & Applications

ensures the IT architecture is coordinated in concert with business strategies.

• Project and Portfolio Management

projects, manages project issues as they progress and works with project management groups to build skills and capabilities.

• Systems and Communications Services

cost effective, flexible, computing and communications infrastructure required by GSK.

• Risk Management & Security

risks resulting from external or internal use of information technology and computerized information.

IT is supported by six core service teams: Audit, Communications, Finance & Alliances, Human Resources, Legal and P

38

GSK INFORMATION TECHNOLOGY

n GSK, Information Technology is a business unit, one that is clos

with all parts of the company, all around the world. It is organized to take best advantage of global scale when that is appropriate, while supporting GSK people and businesses locally so they have the IT tools they need to succeed.

Global capabilities:

Six IT departments provide core services that are required by each of the business units and by GSK at large. These IT departments are:

Cross Functional Process Design - Ensures that all proposed systems changes have a significant, positive impact on the performance of the business processes.

Develops GSK's commercial capabilities in eBusiness.Global Strategy & Applications - Drives the overall IT strategy of GSK and ensures the IT architecture is coordinated in concert with business

Project and Portfolio Management - Builds processes for approving projects, manages project issues as they progress and works with project management groups to build skills and capabilities.Systems and Communications Services - Builds, deploys and operates the cost effective, flexible, computing and communications infrastructure

Risk Management & Security - Identifies and addresses security and other risks resulting from external or internal use of information technology and computerized information.

IT is supported by six core service teams: Audit, Communications, Finance & Alliances, Human Resources, Legal and Procurement.

Zahid Nazir

Roll No. 523655

n GSK, Information Technology is a business unit, one that is closely integrated

with all parts of the company, all around the world. It is organized to take best advantage of global scale when that is appropriate, while supporting GSK people and businesses locally so they have the IT tools they need to succeed.

Six IT departments provide core services that are required by each of the business units and by GSK at large. These IT departments are:

Ensures that all proposed systems changes have a significant, positive impact on the performance of the

Develops GSK's commercial capabilities in eBusiness. Drives the overall IT strategy of GSK and

ensures the IT architecture is coordinated in concert with business

Builds processes for approving projects, manages project issues as they progress and works with the project management groups to build skills and capabilities.

Builds, deploys and operates the cost effective, flexible, computing and communications infrastructure

ifies and addresses security and other risks resulting from external or internal use of information technology

IT is supported by six core service teams: Audit, Communications, Finance &

GLOBAL MANUFACTURING

GSK has 85 manufacturing sites in 37 countries with over 35,000 employees. The sites within the GSK manufacturing network:

� supply products to 191 global markets for GSK� produce over 1,200 different brands� manufacture almost 4 billion packs per year� produce over 28,000 different finished packs per year� supply around 6,900 tons of bulk active each year� manage about 2,000 new product launches globally each year

Production of nutritional products is in excess of 300bottles, 350 million Ribena tetra packs and 20 million Lucozade carbonated cans per year. The annual output of Horlicks is 50 million kilograms, equivalent to about 1,000 million servings. In oral care, the volume of toothpaste manufactured annually exceeds 600 million tubes.

You would be forgiven for thinking that a company the size of GlaxoSmithKline - with over 100,000 employees around the world the bottom line. But the truth is that every member of our organization is equally dedicated to helpiand Do more.

39

GLOBAL MANUFACTURING AND SUPPLY

GSK has 85 manufacturing sites in 37 countries with over 35,000 employees. The sites within the GSK manufacturing network:

supply products to 191 global markets for GSK produce over 1,200 different brands

acture almost 4 billion packs per year produce over 28,000 different finished packs per yearsupply around 6,900 tons of bulk active each yearmanage about 2,000 new product launches globally each year

Production of nutritional products is in excess of 300 million Lucozade/Ribena bottles, 350 million Ribena tetra packs and 20 million Lucozade carbonated cans per year. The annual output of Horlicks is 50 million kilograms, equivalent to about 1,000 million servings. In oral care, the volume of toothpaste

ufactured annually exceeds 600 million tubes.

GSK PHARMACEUTICALS

You would be forgiven for thinking that a company the size of GlaxoSmithKline with over 100,000 employees around the world - is only ever concerned with

the bottom line. But the truth is that every member of our organization is equally dedicated to helping people around the world Live longer, F

Zahid Nazir

Roll No. 523655

AND SUPPLY

GSK has 85 manufacturing sites in 37 countries with over 35,000 employees.

produce over 28,000 different finished packs per year supply around 6,900 tons of bulk active each year manage about 2,000 new product launches globally each year

million Lucozade/Ribena bottles, 350 million Ribena tetra packs and 20 million Lucozade carbonated cans per year. The annual output of Horlicks is 50 million kilograms, equivalent to about 1,000 million servings. In oral care, the volume of toothpaste

You would be forgiven for thinking that a company the size of GlaxoSmithKline is only ever concerned with

the bottom line. But the truth is that every member of our organization is ive longer, Feel better

We have a diverse portfolio of brands, as well as a health pipeline of new exciting compounds. Every year

GlaxoSmithKline invests approx. $5 billion into research and development. GlaxoSmithKline is a leader in four major therapeutic areas central nervous system, respiratory and gastroAnnual Results, GSK had sales of $37.2 billion and profit before tax of 11.1 billion. Pharmaceutical sales accounted 24.8 billion with new products representing 22% of total pharmaceutical sales.

This continued success is achieved by being a responsible leader, committed to working with healthcare professionals, listening to patients and responding to a changing environment.

RESEARCH AND DEVELOP

We live in an exciting moment in the history of biomedical science. Disease is giving up its secrets to the intelligence and dedication of scientists aided by technological marvels that might have been thegeneration ago. We have every reason to believe that ahead of us lies accelerating progress against many of the afflictions of humankind.

At GlaxoSmithKline, scientists in Research and Development are committed to capturing this moment. They bring to it their own very considerable abilities, the resources of a parent company devoted to the scientific enterprise, and the urgency of knowing that their highest purpose is the relief of human suffering. In pursuit of this purposeothers who share their talents, whether as prospective corporate colleagues or as collaborators in industry, academe, and government.

Creating a new medicine is a complex business, costing over $324 miltypically taking between 12 and 15 years. Regulatory hurdles are increasingly stringent, yet escalating costs, medical need and the pressure of competition

40

We have a diverse portfolio of brands, as well as a health pipeline of new exciting compounds. Every year

GlaxoSmithKline invests approx. $5 billion into research and development. GlaxoSmithKline is a leader in four major therapeutic areas central nervous system, respiratory and gastro-intestinal. Based on 2004 Annual Results, GSK had sales of $37.2 billion and profit before tax of 11.1 billion.

es accounted 24.8 billion with new products representing 22% of total pharmaceutical sales.

This continued success is achieved by being a responsible leader, committed to working with healthcare professionals, listening to patients and responding to

ging environment.

RESEARCH AND DEVELOPMENT (R&D)

We live in an exciting moment in the history of biomedical science. Disease is giving up its secrets to the intelligence and dedication of scientists aided by technological marvels that might have been the stuff of science fiction only a generation ago. We have every reason to believe that ahead of us lies accelerating progress against many of the afflictions of humankind.

At GlaxoSmithKline, scientists in Research and Development are committed to this moment. They bring to it their own very considerable abilities,

the resources of a parent company devoted to the scientific enterprise, and the urgency of knowing that their highest purpose is the relief of human suffering. In pursuit of this purpose, they desire to make of GlaxoSmithKline a magnet for others who share their talents, whether as prospective corporate colleagues or as collaborators in industry, academe, and government.

Creating a new medicine is a complex business, costing over $324 miltypically taking between 12 and 15 years. Regulatory hurdles are increasingly stringent, yet escalating costs, medical need and the pressure of competition

Zahid Nazir

Roll No. 523655

We have a diverse portfolio of brands, as well as a health pipeline of new

GlaxoSmithKline invests approx. $5 billion into research and development. GlaxoSmithKline is a leader in four major therapeutic areas - anti infectives,

intestinal. Based on 2004 Annual Results, GSK had sales of $37.2 billion and profit before tax of 11.1 billion.

es accounted 24.8 billion with new products representing

This continued success is achieved by being a responsible leader, committed to working with healthcare professionals, listening to patients and responding to

MENT (R&D)

We live in an exciting moment in the history of biomedical science. Disease is giving up its secrets to the intelligence and dedication of scientists aided by

stuff of science fiction only a generation ago. We have every reason to believe that ahead of us lies accelerating progress against many of the afflictions of humankind.

At GlaxoSmithKline, scientists in Research and Development are committed to this moment. They bring to it their own very considerable abilities,

the resources of a parent company devoted to the scientific enterprise, and the urgency of knowing that their highest purpose is the relief of human suffering.

, they desire to make of GlaxoSmithKline a magnet for others who share their talents, whether as prospective corporate colleagues or

Creating a new medicine is a complex business, costing over $324 million and typically taking between 12 and 15 years. Regulatory hurdles are increasingly stringent, yet escalating costs, medical need and the pressure of competition

demand that the whole process is condensed into as short a time as possible. GSK uses the scale of a huge company to reach its goal of applying science to improve patient health. Equally important is its flexibility, allowing teams of scientists the freedom to take an entrepreneurial approach, and enabling them to move quickly, on the basis of i

Once a compound has been identified as a potential drug candidate, it goes through an exacting, rigorous process to prove that the new drug is both safe and effective. Any potential new project not meeting the criteria at any stage is dropped from the company portfolio to make way for other, more promising candidates.

GSK IN TIME

� Every second, more than 30 doses of vaccines are distributed by GSK worldwide.

� Every minute, more than 1,100 prescriptions are written for GSK products worldwide.

� Every hour, GSK spends more than $450,000 to find new medicines.

� Every day, more than 200 million people around the world use a GSK brand toothbrush or toothpaste.

� Every year, GlaxoSmithKline donates more than $138 million in cash and products

GSK employees are each expected to strive for improvement in these key competencies and align themselves with the supportive behaviors.

Performance with Integrityand individual trustworthiness.

People with Passionwork.

41

demand that the whole process is condensed into as short a time as possible. cale of a huge company to reach its goal of applying science to

improve patient health. Equally important is its flexibility, allowing teams of scientists the freedom to take an entrepreneurial approach, and enabling them to move quickly, on the basis of informed decisions.

Once a compound has been identified as a potential drug candidate, it goes through an exacting, rigorous process to prove that the new drug is both safe and effective. Any potential new project not meeting the criteria at any stage is

opped from the company portfolio to make way for other, more promising

Every second, more than 30 doses of vaccines are distributed by GSK worldwide. Every minute, more than 1,100 prescriptions are written for GSK

worldwide. Every hour, GSK spends more than $450,000 to find new

Every day, more than 200 million people around the world use a GSK brand toothbrush or toothpaste. Every year, GlaxoSmithKline donates more than $138 million in cash and products to communities around the world.

GSK employees are each expected to strive for improvement in these key competencies and align themselves with the supportive behaviors.

Performance with Integrity - Delivering on promises with organizational trustworthiness.

People with Passion - People are enabled and motivated to do their best

Zahid Nazir

Roll No. 523655

demand that the whole process is condensed into as short a time as possible. cale of a huge company to reach its goal of applying science to

improve patient health. Equally important is its flexibility, allowing teams of scientists the freedom to take an entrepreneurial approach, and enabling them

Once a compound has been identified as a potential drug candidate, it goes through an exacting, rigorous process to prove that the new drug is both safe and effective. Any potential new project not meeting the criteria at any stage is

opped from the company portfolio to make way for other, more promising

Every second, more than 30 doses of vaccines are distributed by

Every minute, more than 1,100 prescriptions are written for GSK

Every hour, GSK spends more than $450,000 to find new

Every day, more than 200 million people around the world use a

Every year, GlaxoSmithKline donates more than $138 million in cash

GSK employees are each expected to strive for improvement in these key competencies and align themselves with the supportive behaviors.

Delivering on promises with organizational

People are enabled and motivated to do their best

Zahid Nazir

Roll No. 523655

42

Innovation & Entrepreneurship - Competitive advantage through well-executed ingenuity.

Sense of Urgency - A nimble, focused, resilient and fast-learning organization.

Everyone Committed, Everyone Contributing- All employees have an opportunity to make a meaningful contribution, and to succeed based on merit.

Accountability for Achievement - Clear expectations; focus on the critical few. Performance matters, and will be rewarded.

Alignment with GSK Interests - One team, in single-minded pursuit of our mission, reflecting a common spirit and integrated strategies.

Develop Self and Others - A norm of career-long learning agility across the organization. Employees continuously learn and develop their professional potential. Leaders have key roles as teachers, coaches and champions of development.

WHAT IS DIVERSITY AT GSK?

At GSK, we are committed to creating an inclusive environment for our employees, customers, and stakeholders.

For employees, it means creating an environment where we value and draw on the differing knowledge, perspectives, experiences, and styles resident in our global community.

For customers, it means understanding who they are, what their changing needs are, and how GSK can help them do more, feel better, and live longer.

For stakeholders, it means understanding what they prefer, what they require, and how GSK can work most effectively with them.

What makes GSK a great place to work?

We asked some of our current employees, and here's what they said:

"There are lots of local companies that would welcome someone of my background and experience. Here, I get the added bonus of knowing that I am contributing to better lives around the world"

"The company offers a competitive salary and excellent benefits. If you analyze the whole package, you'll find that most companies can't beat it"

"Through friendly and supportive teams, individual innovation is encouraged and rewarded."

"When you have a project there means things get done"

"It's the people within the company that makes it great"

****************

43

What makes GSK a great place to work?

of our current employees, and here's what they said:

"There are lots of local companies that would welcome someone of my background and experience. Here, I get the added bonus of knowing that I am contributing to better lives around the world"

offers a competitive salary and excellent benefits. If you analyze the whole package, you'll find that most companies can't beat it"

"Through friendly and supportive teams, individual innovation is encouraged and rewarded."

"When you have a project there is a real sense of ownership which means things get done"

"It's the people within the company that makes it great"

****************

Zahid Nazir

Roll No. 523655

of our current employees, and here's what they said:

"There are lots of local companies that would welcome someone of my background and experience. Here, I get the added bonus of knowing that I am contributing to better lives around the world"

offers a competitive salary and excellent benefits. If you analyze the whole package, you'll find that most companies can't beat it"

"Through friendly and supportive teams, individual innovation is

is a real sense of ownership which

"It's the people within the company that makes it great"

Zahid Nazir

Roll No. 523655

44

GALXOSMITHKLINE PAKISTAN LIMITED

Overview

GlaxoSmithKline Pakistan Limited was created on January 1st 2002 through the

merger of SmithKline and French of Pakistan Limited, Beecham Pakistan

(Private) Limited and Glaxo Wellcome (Pakistan) Limited- standing today as the

largest pharmaceutical company in Pakistan

As a leading international pharmaceutical company we make a real difference

to global healthcare and specifically to the developing world. We believe this is

both an ethical imperative and key to business success. Companies that

respond sensitively and with commitment by changing their business practices

to address such challenges will be the leaders of the future. GSK Pakistan

operates mainly in two industry segments: Pharmaceuticals (prescription drugs

and vaccines) and consumer healthcare (over-the-counter- medicines, oral care

and nutritional care).

GSK leads the industry in value, volume and prescription market shares. We are

proud of our consistency and stability in sales, profits and growth. Some of our

key brands include Augmentin, Panadol, Seretide, Betnovate, Zantac and

Calpol in medicine and renowned consumer healthcare brands include Horlicks,

Aquafresh, Macleans and ENO.

In addition, we are also deeply involved with our communities and undertake

various Corporate Social Responsibility initiatives including working with the

National Commission for Human Development (NCHD) for whom we were one

of the largest corporate donors. We consider it our responsibility to nurture the

environment we operate in and persevere to extend our support to our

community in every possible way. GSK participates in year round charitable

activities which include organizing medical camps, supporting welfare

organizations and donating to/sponsoring various developmental concerns and

hospitals. Furthermore, GSK maintains strong partnerships with non-

Zahid Nazir

Roll No. 523655

45

government organizations such as Concern for Children, which is also

extremely involved in the design, implementation and replication of models for

the sustainable development of children with specific emphasis on primary

healthcare and education.

Mission Statement

Excited by the constant search for innovation, we at GSK undertake our quest with the enthusiasm of entrepreneurs. We value performance achieved with integrity. We will attain success as a world class global leader with each and every one of our people contributing with passion and an unmatched sense of urgency.

Our mission is to improve the quality of human life by enabling people to do more, feel better and live longer.

Quality is at the heart of everything we do- from the discovery of a molecule to the development of a medicine.

GSK IT

Sometimes the greatest revolutions in business are the quiet ones. IT at GSK is

leading a quiet revolution that is fundamentally changing the way we use

information. Combining business intelligence and marketing savvy with project

leadership capabilities, we enable the rest of the business to perform the

complex tasks involved in delivering life-enhancing solutions.

Ours is a complex enterprise, involving a computer network that supports over

80,000 internal users and thousands more externally. More specifically, our

employees:

Zahid Nazir

Roll No. 523655

46

� Send 300,000 email and instant messages per day

� Spend 100 million minutes in audio conferencing each year

� Enrol in 40,000 training sessions (mostly online) every month

And that's just for starters - we also enable 30,000 salespeople to call on healthcare professionals every day, and help in the production and delivery of over 4 billion product packs in a single year.

All of this is accomplished thanks to our dedicated team of 3,500 people, based in 68 countries at over 100 sites. Together, we offer the business a rapid response, intellectual integrity, and rigorous accounting of results.

Accordingly, we've created a culture of process management rather than bureaucracy. Here, you'll learn from those around you, developing yourself and others in the process, all the while continually striving to find new and better ways of doing things.

GMS IT MissionOur purposeTo improve GMS performance through optimised IT solutions and services

Our long-term aspirationTo build an enviable reputation for excellence

Our value propositionWe integrate IT and business processes to enable GMS to operate more reliably, faster and at lower cost

Our core values

Integrity

Relationships

Results

Zahid Nazir

Roll No. 523655

47

STRATEGIC ROLE OF IT

Information technology plays three strategic roles in GlaxoSmithKline:

� it facilitates communication and access to information on a global basis.

� it supports key business processes at the local, regional, functional and global levels.

� it enables the transformation and extension of key business activities. SUPPORT FOR THE MERGER PROCESS

Information technology played a key part in providing the planning information

for the merger, much of which was derived from the existing systems in Glaxo

Wellcome and SmithKline Beecham. Of major importance was ensuring that

the new company had the IT systems in place to function effectively as soon as

the merger was complete. From the first day of GlaxoSmithKline, the 80,000

employees in 58 countries with e-mail accounts were able to contact their

colleagues electronically. Employees could also use short codes for dialing

between sites, search on-line phone directories, and access both companies’

intranet sites. Cross-site links to key business applications were provided.

GLOBAL COMMUNICATIONS

The past year has seen major growth in the number of internal websites. These

allow information to be shared across the company on a global basis and are

supported by internal search engines analogous to those used externally on

the Internet. The ability to provide shared access to information has enabled

the growing use of ‘virtual teams’, that work collaboratively, spanning multiple

geographies and time zones, often subject to stringent time constraints.

Information is also exchanged electronically with a broad array of suppliers,

customers and partners. Hence, protection against unauthorized access to key

systems, and the growing risks posed by computer viruses, is a major issue.

Intruder detection software has been added to company firewalls and virus

Zahid Nazir

Roll No. 523655

48

scanning has been implemented at the gateway, server and desktop levels. The

separate approaches adopted by Glaxo Wellcome and SmithKline Beecham are

being integrated in a common standard approach for GlaxoSmithKline.

ENHANCING BUSINESS PERFORMANCE

Virtually all GlaxoSmithKline’s major business processes rely heavily on the use

of information technology. Within R&D in both SmithKline Beecham and Glaxo

Wellcome there have been major programmes to capture key information, at

source, in electronic form and make it available wherever required. As a result

of these efforts, it was possible to make a number of regulatory drug

submissions during the past year solely in electronic form. New drug

submissions can be 50,000 to 250,000 pages in size and the ability to avoid

generating paper submissions gives rise to significant savings in time and cost.

As part of the project to implement standard systems for Manufacturing

Resource Planning in Glaxo Wellcome, eight sites, seven in the UK and one in

Jurong, Singapore, have been supported for the past year from a single

system. Further along the supply chain, SmithKline Beecham introduced

standard enterprise financial and commercial software into 108 locations. The

ability to consolidate mission critical operations in this way reflects the growing

availability and reliability of global data networks and ensures that common

processes and standards are implemented across sites, in addition to providing

lower operating costs.

Both Glaxo Wellcome and SmithKline Beecham have installed major systems in

the USA to analyse commercially available prescribing data. By better

understanding locally of how GlaxoSmithKline’s products are used in the

marketplace, it is possible to target promotional and detailing activities and

measure the market response. Information from these systems is transmitted

electronically to the field sales forces and their responses are then uploaded to

the system. With the growing availability of the required technology and

Zahid Nazir

Roll No. 523655

49

infrastructure, sales force automation systems are being deployed in most

major commercial markets.

TRANSFORMING AND EXTENDING BUSINESS ACTIVITIES

Insights gained from genomics and proteomics are transforming the way that

disease targets are identified and validated. Information generated from a

variety of external sources needs to be integrated with internally generated

information in a rapid and flexible manner that relies heavily on information

technology support. The analysis of these databases also requires significant

amounts of processing power, taking full advantage of advances in computer

technology.

E-BUSINESS

Both Glaxo Wellcome and SmithKline Beecham recognized the growing

importance of e-business and had already put small dedicated teams in place.

Web based interfaces to major customers have been implemented in the USA.

Current projects span a broad range of key audiences including opinion leaders,

healthcare professionals, patients and the public.

IT GUIDELINES FOR GSK EMPLOYEES

GSK has issued guidelines for the acceptable use of IT resources. These

guidelines are outlined below:

GSK Acceptable Use Guidelines

This Guide applies to all telecommunications and computing facilities including,

but not limited to, telephones, desktop and laptop personal computers (PCs),

Personal Digital Assistants, workstations and mainframe computer terminals.

Under each category is the description of acceptable and unacceptable usages

of GSK IT Resources. References to PCs should be taken to include any of the

computing devices you use to perform work for GSK.

Zahid Nazir

Roll No. 523655

50

PHYSICALLY PROTECTING HARDWARE

ACCEPTABLE UNACCEPTABLE

Do log out or lock (CTRL-ALT-DELETE highlight lock computer and hit Enter or Windows Key-L) your PC before you leave it unattended.

Do Not store Confidential Data or Personally Identifiable Information (PII) unencrypted on mobile hardware devices (e.g. laptops, PDAs, USB, etc).

Do log off (CTRL-ALT-DELETE highlight log off and hit Enter) before allowing anyone else to use your computer. Do keep all hardware devices secure when working from home and when travelling on company business.

Do Not label hardware devices in a manner that associates it with GSK.

Do retain backup copies of your information when you do not store it on a file server or shared drive that has a confirmed backup process. If backing up confidential or sensitive personally identifiable data it MUST be encrypted. Do record the make, model and serial number of all hardware devices in case it is lost or stolen. If a hardware device is lost or stolen, report it immediately to Computer Security Incident Response Central, Site Security and/or the police

Do Not connect personal hardware devices to the GSK network.

Do return all hardware, software and media to your local IT support team for secure disposal and be sure to erase all GSK data in accordance with the Data Erasure Standards.

SOFTWARE AND LICENSE MANAGEMENT

ACCEPTABLE UNACCEPTABLE

Do install only IT approved software via the use of the Application Installation Tool (AIT). Please call your local IT Support staff for assistance if necessary.

Do Not install software categorized as hacking, sniffing or peer to peer (P2P) file sharing software, such as Napster, Lime-wire without written approval from Global IT Risk Management.

Do maintain a valid software license for all software.

Do Not install any software on GSK hardware that has not been approved by GSK IT.

Do use free or open source software in compliance with the Free and Open Source Software IT Management Practice.

Zahid Nazir

Roll No. 523655

51

VIRUS / MALWARE

ACCEPTABLE UNACCEPTABLE

Do use caution when selecting websites to visit; this will help to avoid viruses, spyware and adware from being installed by malicious websites.

Do Not open email (including web-mail) attachments you are not expecting.

Do virus check anything prior to downloading, even from a known source, as it may be infected by a virus.

Do Not deliberately disable or prevent installed GSK Security software from running (e.g. firewall, anti-virus, etc.).

Do contact the Help Desk, if you suspect the presence of a virus on your computer.

PROTECTING ACCOUNTS AND PASSWORDS

ACCEPTABLE UNACCEPTABLE

Do manage and use accounts in accordance with the Access Management IT management Practice.

Do Not use easily guessable passwords; including dictionary words (e.g. firetruck, password, superuser etc), sequences based on keyboard layouts (e.g. qwerty), incremental variations on previous Password(s), birthdates, or names of your children.

Do have a password that is at least (7) seven characters long.

Do Not use your privileged account for non-approved functions.

Do choose and use strong passwords (mix letters, numbers and symbols (2g5!d#36lz), or passphrase (e.g. 14U2NV)).

Do Not share/give passwords for user accounts after the initial logon. If a password is disclosed or compromised, reset the password immediately.

Do change all default or initial logon passwords after the first login.

Do Not use your GSK ID and/or password for access to personal or non-GSK Assets (e.g. personal email account). In many cases this information is stored on a server and could be compromised.

Do Log out or Lock (CTRL-ALT-DELETE then Enter) your PC when you leave it unattended to prevent account misuse.

Do change your passwords regularly (e.g. 30 days for privileged accounts / 180 days for non-privileged accounts).

INTERNET, EMAIL, INSTANT MESSAGING AND OTHER SOCIAL MEDIA TOOLS

ACCEPTABLE UNACCEPTABLE

INTRANET/INTERNET ACCESS

Do use caution to ensure each web page

Do Not abuse GSK Internet access.

Zahid Nazir

Roll No. 523655

52

browsed is free from potentially offensive,

obscene, discriminatory or inappropriate

material.

Do ensure all Internet access from a GSK PC is through the GSK network or iPass. Do limit personal use of the Internet. E-MAIL & INSTANT MESSAGING (IM)

Do use secure email for sending content with confidential or Personally Identifiable Information (PII) externally.

Do Not use external Instant Messaging (IM) clients. These clients that have not been approved by IT. These clients are not secured to GSK standards or licensed for use in GSK.

Do consider deleting previous recipient addresses prior to forwarding an email.

Do Not send potentially harassing, inflammatory, or inappropriate content via email.

Do report any inappropriate or harassing email to the Global IT Security mailbox.

Do Not 'Autoforward' your GSK email externally.

Do use caution and good judgment to ensure an email you forward does not contain potentially harassing or inappropriate content.

Do Not abuse any email 'delegate’ access provided to you by another employee. Ensure this delegation is formalized and agreed by both parties. Do Not respond to Phishing activities, or any attempt to acquire sensitive information, such as usernames, passwords and credit card details, by someone masquerading as a trustworthy entity in an electronic communication. If you are in doubt as to the validity of a request, report it as a security incident prior to responding in any way.

OTHER SOCIAL

Do host all internet forums, blogs or wikis using GSK IT Approved Software that provides for monitoring of the content and participation.

Do Not identify yourself as a “GSK person” when posting to external Blogs, Wikis, news groups, message boards, etc. from the GSK network unless specifically authorised.

Do be respectful to the company, employees, customers, partners, and competitors participating in blogs, wikis or internet forums.

Do Not post or transmit any Personally Identifiable Information (PII), GSK confidential or proprietary information via internet forums, wikis or blogs.

Do state that the opinions expressed on non-company sponsored blogs, wikis or internet forums are solely yours and are not necessarily the opinions of GSK. Do retain all electronic records created via an Do Not use external Instant Messaging (IM)

Zahid Nazir

Roll No. 523655

53

internet forum, wiki or blog in compliance with the GSK Records Retention Policy.

to send file transfers, voice or streaming video.

Do use caution when opening hyperlinks received via Instant Messages (IM).

Do Not send any information that associates you or colleagues with GSK when registering with external Instant Messaging (IM) directories.

Do restrict external contact lists to legitimate business contacts.

Do Not save Instant Messaging (IM) chats.

Do comply with copyrights for all communications with external services such as chat-rooms, newsgroups and bulletin boards and carry a disclaimer, unless specifically authorized by GSK. Do contact GSK Corporate Communications immediately if you become aware of misinformation about GSK or its products circulating on external services such as the Internet.

PROTECTING GSK DATA & INFORMATION

ACCEPTABLE UNACCEPTABLE

INFORMATION

Do use approved encryption technology for all confidential data in transit and at rest on mobile computing devices. Contact your local IT Support staff for assistance if necessary.

Do Not store GSK documents on personal equipment such as home PC’s, external hard drives, PDAs or USB devices.

Do whenever possible, store GSK information, on an Itmanaged file server or shared drive.

Do Not forward GSK confidential data outside of the company, including personal email accounts and file upload (e.g., peer-topeer) sites.

Do retain backup copies of your information when you do not store it on a file server or shared drive. If backing up confidential or sensitive personally identifiable data, it MUST be encrypted.

Do Not store sensitive information in a public file share that can be accessed by unauthorized people.

PII (PERSONALITY IDENTIFIABLE)

Do limit access to PII only to employees with

a specific business need.

Do Not store PII on a publicly accessible medium.

Do protect PII from loss, misuse, unauthorized access, disclosure, alteration or destruction.

Do Not transfer sensitive information across borders (e.g. archiving data in US or UK), without ensuring that data privacy

Zahid Nazir

Roll No. 523655

54

Do obtain Data Privacy training (including relevant local laws and regulations), and appropriate oversight and assistance as necessary. For more information, refer to GSK eLearning module “GSK Overview of Privacy of Personally Identifiable Information Policy”

agreements are in place.

RETENTION & DISPOSAL OF MEDIA

Do comply with GSK retention periods for any media, including email and paper record.

Do Not retain data on your PC for longer than specified in GSK’s retention period for that type of data.

Do ensure that information is either transferred to another GSK employee or destroyed to the Data Erasure Standards prior to re-deploying or transferring a computer.

Do Not destroy any information that may be subject to litigation or other record holds apply.

ENCRYPTION

Do encrypt sensitive or confidential data if it needs to be emailed via the internet or mailed on CD to GSK suppliers/customers.

Do Not use encryption technology that has not been approved by GSK IT. Contact your local IT Support staff for assistance if necessary.

Do encrypt sensitive or confidential data backed up to CD or USB’s.

Do encrypt confidential data in transit and at rest on mobile computing devices.

MANAGING VENDOR & THIRD PARTY RELATIONSHIP

ACCEPTABLE UNACCEPTABLE

Do ensure that all appropriate safeguards, such as confidentiality agreements, are in place and the third party is aware that the information being accessed is confidential.

Do Not disclose any details relating to GSK IT Resources without authorization of the information owner.

Do ensure that all computer systems storing GSK information, including those managed by third parties, comply with GSK information security policies and guidelines.

Do Not use any system without complying with the terms and conditions on which access is supplied.

Do document clearly GSK information security expectations in purchasing contracts, and regularly monitor that the security controls are enforced.

Zahid Nazir

Roll No. 523655

55

Do have any contracts with a significant IT asset and dependency reviewed by Legal.

REPORTING OF ISSUES & VIOLATIONS

Do report any suspected security breaches immediately to Computer Security Incident. Computer Security Incident Response Process The Computer Security Incident Response (CSIR) process exists to mitigate risks to GSK’s information assets by ensuring GSK is prepared to address computer related security events in a standardised and efficient manner. The CSIR process is managed by Global IT Security within Global IT Risk Management. All CSIR incidents are handled confidentially– complaints are handled discreetly and information is only shared on a need-to-know basis.

ERGONOMICS

Ergonomics or human factors is concerned about the fit between people and

the things they do, the objects they use, the environments they work, and

travel. GSK is very concerned about the health of their employees. GSK has

developed a website for handling the ergonomics related issues. Objectives to

develop this site are:

� To design jobs to fit people

� Take into account size, strength and ability of a range of users

� Design tasks, workplace and tools to fit the users Benefits

� Efficiency, quality and job satisfaction

Zahid Nazir

Roll No. 523655

56

CONCLUSION

Although information technology has some negative social and ethical impact

but on the other hand it has many more positive impacts. Application of

information technology (IT) can help businesses and governments to:

� Enhance productivity

� Improve efficiency

� Provide better service

� Increase competitiveness

� Reduce costs

� Transform into an e-business/e-government.

Zahid Nazir

Roll No. 523655

57

� Facilitating access to information technology is an important way for

countries to promote economic development and growth.

� Providing market access to IT and IT services will help attract Foreign

Direct Investment (FDI).

� Many countries recognized this when they signed the Information

Technology Agreement (ITA) to eliminate customs duties on IT products,

which increase the cost of this important technology to businesses,

government and consumers.

� IT services enable a business or government to obtain the benefits of

information technology quickly and without making major investments to

purchase, install, and operate its own computer equipment and without

having to hire and retain a full IT staff.

� There is a growing trend for companies to purchase IT services instead of

owning and maintaining their own IT infrastructure, to ensure access to the

latest technology and applications and to concentrate on the operation of

their core business.

� Granting full market access and national treatment to IT services

provides businesses in all industry sectors access to the best information

technology (IT) services from around the world so that they can become

competitive on a global basis.

� Countries may consider creating market access barriers for IT services in

an attempt to protect and foster the development of a domestic IT services

industry. However, this would be counter productive, increasing the cost of

IT services to users while creating a domestic IT services industry that may not

be competitive on a global basis.

********************