MIS James A. O'Brian Chap 13

8/4/2019 MIS James A. O'Brian Chap 13

http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 1/57

13 - 1Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.

Security and EthicalChallenges

Chapter

13




1. Identify several ethical issues in how theuse of information technologies inbusiness affects employment,

individuality, working conditions, privacy,crime, health, and solutions of societalproblems.

Learning Objectives




Learning Objectives

2. Identify several types of securitymanagement strategies and defenses,and explain how they can be used toensure the security of business

applications of information technology.

3. Propose several ways that business

managers and professionals can help tolessen the harmful effects and increasethe beneficial effects of the use ofinformation technology.




Why Study Challenges of IT?

• Information technology in businesspresents major security challenges, posesserious ethical questions, and affects

society in significant ways.




IT Security, Ethics and Society




Ethical Responsibility

• Business professionals have aresponsibility to promote ethical uses ofinformation technology in the workplace.


http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 7/5713 - 7Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.

Business Ethics

Definition:• Questions that managers must confront

as part of their daily business decision

making including:• Equity

• Rights

• Honesty• Exercise of Corporate Power



Ethical Business Issues Categories



Corporate Social Responsibility Theories

• Stockholder Theory – managers areagents of the stockholders, and their onlyethical responsibility is to increase theprofits of the business without violating the

law or engaging in fraudulent practices

• Social Contract Theory – companies have

ethical responsibilities to all members ofsociety, which allow corporations to existbased on a social contract



Corporate Social Responsibility Theories

• Stakeholder Theory – managers have anethical responsibility to manage a firm forthe benefit of all its stakeholders, which

are all individuals and groups that have astake in or claim on a company



Principles of Technology Ethics

• Proportionality – the good achieved by thetechnology must outweigh the harm or risk

• Informed Consent – those affected by thetechnology should understand and acceptthe risks



Principles of Technology Ethics

• Justice – the benefits and burdens of thetechnology should be distributed fairly

• Minimized Risk – even if judgedacceptable by the other three guidelines,the technology must be implemented so

as to avoid all unnecessary risk



AITP Standards of Professional Conduct



Ethical Guidelines

• Acting with integrity

• Increasing professional competence

• Setting high standards of personal performance

• Accepting responsibility for one’s own work

• Advancing the health, privacy, and generalwelfare of the public



Computer Crime

• The unauthorized use, access, modification, anddestruction of hardware, software, data, or networkresources

• The unauthorized release of information

• The unauthorized copying of software

• Denying an end user access to his or her ownhardware, software, data, or network resources

• Using or conspiring to use computer or networkresources illegally to obtain information or tangibleproperty



Cyber Crime Safeguards



Hacking

Definition:• The obsessive use of computers, or the

unauthorized access and use of

networked computer systems



Common Hacking Tactics

• Denial of Service – hammering awebsite’s equipment with too many

requests for information, effectively

clogging the system, slowing performanceor even crashing the site

• Scans – widespread probes of the Internetto determine types of computers, services,and connections




• Sniffer – programs that covertly searchindividual packets of data as they passthrough the Internet, capturing passwordsor entire contents

• Spoofing – faking an e-mail address or

Web page to trick users into passingalong critical information like passwords orcredit card numbers




• Trojan Horse – a program that, unknownto the user, contains instructions thatexploit a known vulnerability in somesoftware

• Back Doors – a point hidden point of entry

to be used in case the original entry pointhas been detected or blocked





• Malicious Applets – tiny programs thatmisuse your computer’s resources, modify

files on the hard disk, send fake e-mail, orsteal passwords

• War Dialing – programs that automatically

dial thousands of telephone numbers insearch of a way in through a modemconnection





• Logic Bombs – an instruction in a computerprogram that triggers a malicious act

• Buffer Overflow – a technique for crashing orgaining control of a computer by sending toomuch data to the buffer in a computer’s memory

• Password Crackers – software that can guesspasswords





• Social Engineering – a tactic used to gainaccess to computer systems by talkingunsuspecting company employees out ofvaluable information such as passwords

• Dumpster Diving – sifting through a

company’s garbage to find information tohelp break into their computers




Cyber Theft

Definition:• Computer crime involving the theft of

money




Unauthorized Use

Definition:• Time and resource theft may range from

doing private consulting or personal

finances, or playing video games, tounauthorized use of the Internet oncompany networks




Internet Abuses in the Workplace




Piracy

• Software Piracy – unauthorized copying ofcomputer programs

• Piracy of Intellectual Property – unauthorized copying of copyrightedmaterial, such as music, videos, images,

articles, books and other written worksespecially vulnerable to copyrightinfringement




Virus vs. Worm

• Computer Virus – a program code thatcannot work without being inserted intoanother program

• Worm – distinct program that can rununaided




Privacy Issues

• Accessing individuals’ private e-mailconversations and computer records, andcollecting and sharing information aboutindividuals gained from their visits toInternet websites and newsgroups

• Always knowing where a person is,especially as mobile and paging servicesbecome more closely associated withpeople rather than places




Privacy Issues

• Using customer information gained frommany sources to market additionalbusiness services

• Collecting telephone numbers, e-mailaddresses, credit card numbers, and other

personal information to build individualcustomer profiles




Privacy on the Internet

• E-mail can be encrypted

• Newsgroup postings can be sent throughanonymous remailers

• ISP can be asked not to sell your name andpersonal information to mailing list providersand other marketers

• Decline to reveal personal data and interests ononline service and website user profiles




Computer Matching

Definition:• Using physical profiles or personal data

and profiling software to match individuals

with data




Privacy Laws

Definition:• Rules that regulate the collection and use

of personal data by businesses




Censorship

• Spamming – indiscriminate sending ofunsolicited e-mail messages to manyInternet users

• Flaming – sending extremely critical,derogatory, and often vulgar e-mail

messages or newsgroup postings to otherusers on the Internet or online services




Other Challenges

• Employment – significant reductions in jobopportunities as well as different types ofskills required for new jobs

• Computer Monitoring – computers used tomonitor the productivity and behavior of

employees as they work




Other Challenges

• Working Conditions – jobs requiring askilled craftsman have been replaced by jobs requiring routine, repetitive tasks orstandby roles

• Individuality – dehumanize and

depersonalize activities becausecomputers eliminate human relationships




Ergonomics

Definition:• Designing healthy work environments that

are safe, comfortable, and pleasant for

people to work in, thus increasingemployee morale and productivity




Ergonomic Factors




Societal Solutions

• Many of the detrimental effects ofinformation technology are caused byindividuals or organizations that are notaccepting the ethical responsibility fortheir actions.

• Like other powerful technologies,information technology possesses thepotential for great harm or great good forall human kind.




Security Management

• The goal of securitymanagement is theaccuracy, integrity,and safety of all

information systemprocesses andresources.




Internetworked Security Defenses

• Encryption – data transmitted inscrambled form and unscrambled bycomputer systems for authorized usersonly

• Firewalls – a gatekeeper system thatprotects a company’s intranets and other

computer networks from intrusion byproviding a filter and safe transfer point foraccess to and from the Internet and othernetworks




Public/Private Key Encryption




Internet and Intranet Firewalls




Denial of Service Defenses

• At the zombie machines – set and enforcesecurity policies

• At the ISP – monitor and block trafficspikes

• At the victim’s website – create backupservers and network connections




Internetworked Security Defenses

• E-mail Monitoring – use of contentmonitoring software that scans fortroublesome words that mightcompromise corporate security

• Virus Defenses – centralize thedistribution and updating of antivirussoftware




Other Security Measures

• Security Codes – multilevel password systemused to gain access into the system

• Backup Files – duplicate files of data or

programs

• Security Monitors – software that monitors the

use of computer systems and networks andprotects them from unauthorized use, fraud, anddestruction




Other Security Measures

• Biometrics – computer devices thatmeasure physical traits that make eachindividual unique

• Computer Failure Controls – devices usedto prevent computer failure or minimize itseffects




Fault Tolerant Systems

• Systems that have redundant processors,peripherals, and software that provide a:

• Fail-over capability to back up components inthe event of system failure

• Fail-safe capability where the computer

system continues to operate at the samelevel even if there is a major hardware orsoftware failure




Disaster Recover

• Formalized procedures to follow in theevent a disaster occurs including:

• Which employees will participate

• What their duties will be• What hardware, software, and facilities will be

used

• Priority of applications that will be processed

• Use of alternative facilities

• Offsite storage of an organization’sdatabases

I f i S C l




Information Systems Controls

Definition:• Methods and devices that attempt to

ensure the accuracy, validity, and

propriety of information system activities

I f i S C l




Information Systems Controls

A di i IT S i




Auditing IT Security

• IT security audits review and evaluatewhether proper and adequate securitymeasures and management policies havebeen developed and implemented.

• This typically involves verifying theaccuracy and integrity of the softwareused, as well as the input of data andoutput produced by business applications.

S it M t f I t t U




Security Management for Internet Users

S




Summary

• The vital role of information technologiesand systems in society raises seriousethical and societal issues in terms of theirimpact on employment, individuality,working conditions, privacy, health, andcomputer crime.

S




Summary

• Business and IT activities involve manyethical considerations. Basic principles oftechnology and business ethics can serveas guidelines for business professionalswhen dealing with ethical business issuesthat may arise in the widespread use ofinformation technology in business and

society.

S




Summary

• One of the most important responsibilitiesof the management of a company is toassure the security and quality of its IT-enabled business activities.

• Security management tools and policiescan ensure the accuracy, integrity, and

safety of the information systems andresources of a company, and thusminimize errors, fraud, and security lossesin their business activities.



End of Chapter

Chapter

13

MIS James A. O'Brian Chap 13

Documents

Transcript of MIS James A. O'Brian Chap 13