Click here to load reader

  • date post

  • Category


  • view

  • download


Embed Size (px)

Transcript of IMchap13


Security and Ethical ChallengesI. CHAPTER OVERVIEW

This chapter discusses the threats against, and defenses needed for the performance and security of business information systems, as well as the ethical implications and societal impacts of information technology. Section I: Section II: Security, Ethical and Societal Challenges of IT Security Management of Information Technology

II. LEARNING OBJECTIVESLearning Objectives 1. Identify several ethical issues in how the use of information technologies in business affects employment, individuality, working conditions, privacy, crime, health, and solutions to societal problems. 2. Identify several types of security management strategies and defenses, and explain how they can be used to ensure the security of business applications of information technology. 3. Propose several ways that business managers and professionals can help to lessen the harmful effects and increase the beneficial effects of the use of information technology.

OBrien, Management Information Systems, 7/e IM - Chapter 13 pg. 1

III. TEACHING SUGGESTIONSFigure 13.2 outlines major aspects of the ethical and societal dimensions of information technology. It should be stressed to students that information technology could have both positive and negative effects on society. Instructors should spend some time discussing the different types of computer crimes, and why they are considered crimes at all. Figure 13.4 outlines the four principles of technology ethics proportionality, informed consent, justice, and minimized risk. Figure 13.7 gives a number of common examples of common hacking tactics used to assault ebusiness enterprises and other organizations through the use of the Internet and other networks. Figure 13.12 is related to a number of ergonomic factors that are found in the workplace. It stresses that good ergonomic design considers tools, tasks, the workstation, and the environment. The necessity of controls for information systems should be emphasized. The goal of security management is the accuracy, integrity, and safety of all e-business processes and resources. Stress to students that conducting security management is a complex task in all organizations. News accounts of computer errors and computer related crimes could be used to convince students of the importance of this topic. Examples of procedural and physical facility controls should also be discussed with your students, especially the importance of disaster recovery planning. Figure 13.21 can serve to provide an example of e-business system controls and audits. Note that they are designed to monitor and maintain the quality and security of the input, processing, output, and storage activities of an information system. Finally, Figure 13.22 is a good slide to use to discuss information systems controls as methods and devices that attempt to ensure the accuracy, validity, and propriety of information system activities. Figure 13.23 outlines important ways to protect yourself from cybercrime and other computer security threats.

OBrien, Management Information Systems, 7/e IM - Chapter 13 pg. 2

IV. LECTURE NOTES Section I: Security, Ethical, and Societal Challenges of ITIntroduction There is no question that the use of information technology in e-business operations presents major security challenges, poses serious ethical questions, and affects society in significant ways. Analyzing F-Secure, Microsoft, GM, and Verizon We can learn a lot from this case about the security and ethical issues in business that arise from the challenges caused by computer viruses. Take a few minutes to read it, and we will discuss it (see F-Secure, Microsoft, GM, and Verizon: The Business Challenge of Computer Viruses in Section IX). Business/IT Security, Ethics, and Society [Figure 13.2] The use of information technology in e-business has major impacts on society, and thus raises serious ethical issues in the areas such as: Crime Privacy Individuality Employment Health Working Conditions Note: Students should realize that information technology could have a beneficial effect as well as a negative effect in each of the areas listed above.

Ethical Responsibility of Business ProfessionalsAs a business end user, you have a responsibility to promote ethical uses of information technology in the workplace. These responsibilities include properly performing your role as a vital human resource in the e-business systems you help develop and use in your organizations. The AITP code provides guidelines for ethical conduct in the development and use of information technology. Endusers and IS professionals would live up to their ethical responsibilities by voluntarily following such guidelines. For example, you can be a responsible end user by: Acting with integrity Increasing your professional competence Setting high standards of personal performance Accepting responsibility for your work Advancing the health, privacy, and general welfare of the public Business Ethics: Business ethics is concerned with the numerous ethical questions that managers must confront as part of their daily business decision-making. Managers use several important alternatives when confronted with making ethical decisions on business issues. These include: Stockholder Theory Holds that managers are agents of the stockholders, and their only ethical responsibility is to increase the profits of the business, without violating the law or engaging in fraudulentOBrien, Management Information Systems, 7/e IM - Chapter 13 pg. 3


Social Contract Theory - States that companies have ethical responsibility to all members of society,which allow corporations to exist based on a social contract.

Stakeholder Theory - Maintains that managers have an ethical responsibility to manage a firm for the

benefit of all of its stakeholders, which are all individuals and groups that have a stake in or claim on a company.

Technology Ethics [Figure 13.4] Proportionality The good achieved by the technology must outweigh the harm or risk. Moreover, there must be no alternative that achieves the same or comparable benefits with less harm or risk. Informed Consent Those affected by the technology should understand and accept the risks. Justice The benefits and burdens of the technology should be distributed fairly. Those who benefit should bear their fair share of the risks, and those who do not benefit should not suffer a significant increase in risk. Minimized Risk Even it judged acceptable by the other three guidelines, the technology must be implemented so as to avoid all unnecessary risk. Ethical Guidelines: The Association of Information Technology Professionals (AITP), is an organization of professionals in the computing field. Its code of conduct outlines the ethical considerations inherent in the major responsibilities of an IS professional. Business and end users and IS professionals would live up to their ethical responsibilities by voluntarily following such guidelines as those outlined in the AITP standard. You can be a responsible end user by: Acting with integrity Increasing your professional competence Setting high standards of personal performance Accepting responsibility for your work Advancing the health, privacy, and general welfare of the public

Computer CrimeComputer crime is a growing threat to society by the criminal or irresponsible actions of computer individuals who are taking advantage of the widespread use and vulnerability of computers and the Internet and other networks. It thus presents a major challenge to the ethical use of information technologies. E-computer crime poses serious threats to the integrity, safety, and survival of most e-business systems, and thus makes the development of effective security methods a top priority. The Association of Information Technology professionals (ATIP) defines computer crime as including: The unauthorized use, access, modification, and destruction of hardware, software, data, or network resources. The unauthorized release of information The unauthorized copying of software Denying an end user access to his or her own hardware, software, data, or network resources Using or conspiring to use computer or network resources to illegally obtain information or tangible property. Penalties for violation of the U.S. Computer Fraud and Abuse Act include: 1 to 5 years in prison for a first offence 10 years for a second offence 20 years for three or more offencesOBrien, Management Information Systems, 7/e IM - Chapter 13 pg. 4

Fines ranging up to $250,000 or twice the value of stolen data Hacking: [Figure 13.7] Hacking is the obsessive use of computers, or the unauthorized access and use of networked computer systems. Illegal hackers (also called crackers) frequently assault the Internet and other networks to steal or damage data and programs. Hackers can: Monitor e-mail, Web server access, or file transfers to extract passwords or steal network files, or to plant data that will cause a system to welcome intruders. Use remote services that allow one computer on a network to execute programs on another computer to gain privileged access within a network. Use Telnet, an Internet tool for interactive use of remote computers, to discover information to plan other attacks. Cyber-Theft Many computer crimes involve the theft of money. In the majority of cases, they are inside jobs that involve unauthorized network entry and fraudulent alternation of computer databases to cover the tracks of the employees involved. Unauthorized Use at Work: The unauthorized use of a computer system is called time and resource theft. A common example is unauthorized use of company-owned computer networks by employees. This may range from doing private consulting or personal finances, or playing video games to unauthori