MIS James A. O'Brian Chap 13
-
Upload
murtaza-moiz -
Category
Documents
-
view
220 -
download
0
Transcript of MIS James A. O'Brian Chap 13
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 1/57
13 - 1Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Security and EthicalChallenges
Chapter
13
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 2/57
13 - 2Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
1. Identify several ethical issues in how theuse of information technologies inbusiness affects employment,
individuality, working conditions, privacy,crime, health, and solutions of societalproblems.
Learning Objectives
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 3/57
13 - 3Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Learning Objectives
2. Identify several types of securitymanagement strategies and defenses,and explain how they can be used toensure the security of business
applications of information technology.
3. Propose several ways that business
managers and professionals can help tolessen the harmful effects and increasethe beneficial effects of the use ofinformation technology.
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 4/57
13 - 4Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Why Study Challenges of IT?
• Information technology in businesspresents major security challenges, posesserious ethical questions, and affects
society in significant ways.
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 5/57
13 - 5Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
IT Security, Ethics and Society
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 6/57
13 - 6Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Ethical Responsibility
• Business professionals have aresponsibility to promote ethical uses ofinformation technology in the workplace.
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 7/5713 - 7Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Business Ethics
Definition:• Questions that managers must confront
as part of their daily business decision
making including:• Equity
• Rights
• Honesty• Exercise of Corporate Power
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 8/5713 - 8Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Ethical Business Issues Categories
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 9/5713 - 9Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Corporate Social Responsibility Theories
• Stockholder Theory – managers areagents of the stockholders, and their onlyethical responsibility is to increase theprofits of the business without violating the
law or engaging in fraudulent practices
• Social Contract Theory – companies have
ethical responsibilities to all members ofsociety, which allow corporations to existbased on a social contract
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 10/5713 - 10Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Corporate Social Responsibility Theories
• Stakeholder Theory – managers have anethical responsibility to manage a firm forthe benefit of all its stakeholders, which
are all individuals and groups that have astake in or claim on a company
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 11/5713 - 11Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Principles of Technology Ethics
• Proportionality – the good achieved by thetechnology must outweigh the harm or risk
• Informed Consent – those affected by thetechnology should understand and acceptthe risks
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 12/5713 - 12Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Principles of Technology Ethics
• Justice – the benefits and burdens of thetechnology should be distributed fairly
• Minimized Risk – even if judgedacceptable by the other three guidelines,the technology must be implemented so
as to avoid all unnecessary risk
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 13/5713 - 13Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
AITP Standards of Professional Conduct
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 14/5713 - 14Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Ethical Guidelines
• Acting with integrity
• Increasing professional competence
• Setting high standards of personal performance
• Accepting responsibility for one’s own work
• Advancing the health, privacy, and generalwelfare of the public
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 15/5713 - 15Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Computer Crime
• The unauthorized use, access, modification, anddestruction of hardware, software, data, or networkresources
• The unauthorized release of information
• The unauthorized copying of software
• Denying an end user access to his or her ownhardware, software, data, or network resources
• Using or conspiring to use computer or networkresources illegally to obtain information or tangibleproperty
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 16/5713 - 16Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Cyber Crime Safeguards
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 17/5713 - 17Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Hacking
Definition:• The obsessive use of computers, or the
unauthorized access and use of
networked computer systems
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 18/5713 - 18Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Common Hacking Tactics
• Denial of Service – hammering awebsite’s equipment with too many
requests for information, effectively
clogging the system, slowing performanceor even crashing the site
• Scans – widespread probes of the Internetto determine types of computers, services,and connections
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 19/5713 - 19Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Common Hacking Tactics
• Sniffer – programs that covertly searchindividual packets of data as they passthrough the Internet, capturing passwordsor entire contents
• Spoofing – faking an e-mail address or
Web page to trick users into passingalong critical information like passwords orcredit card numbers
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 20/5713 - 20Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Common Hacking Tactics
• Trojan Horse – a program that, unknownto the user, contains instructions thatexploit a known vulnerability in somesoftware
• Back Doors – a point hidden point of entry
to be used in case the original entry pointhas been detected or blocked
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 21/57
13 - 21Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Common Hacking Tactics
• Malicious Applets – tiny programs thatmisuse your computer’s resources, modify
files on the hard disk, send fake e-mail, orsteal passwords
• War Dialing – programs that automatically
dial thousands of telephone numbers insearch of a way in through a modemconnection
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 22/57
13 - 22Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Common Hacking Tactics
• Logic Bombs – an instruction in a computerprogram that triggers a malicious act
• Buffer Overflow – a technique for crashing orgaining control of a computer by sending toomuch data to the buffer in a computer’s memory
• Password Crackers – software that can guesspasswords
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 23/57
13 - 23Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Common Hacking Tactics
• Social Engineering – a tactic used to gainaccess to computer systems by talkingunsuspecting company employees out ofvaluable information such as passwords
• Dumpster Diving – sifting through a
company’s garbage to find information tohelp break into their computers
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 24/57
13 - 24Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Cyber Theft
Definition:• Computer crime involving the theft of
money
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 25/57
13 - 25Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Unauthorized Use
Definition:• Time and resource theft may range from
doing private consulting or personal
finances, or playing video games, tounauthorized use of the Internet oncompany networks
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 26/57
13 - 26Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Internet Abuses in the Workplace
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 27/57
13 - 27Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Piracy
• Software Piracy – unauthorized copying ofcomputer programs
• Piracy of Intellectual Property – unauthorized copying of copyrightedmaterial, such as music, videos, images,
articles, books and other written worksespecially vulnerable to copyrightinfringement
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 28/57
13 - 28Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Virus vs. Worm
• Computer Virus – a program code thatcannot work without being inserted intoanother program
• Worm – distinct program that can rununaided
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 29/57
13 - 29Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Privacy Issues
• Accessing individuals’ private e-mailconversations and computer records, andcollecting and sharing information aboutindividuals gained from their visits toInternet websites and newsgroups
• Always knowing where a person is,especially as mobile and paging servicesbecome more closely associated withpeople rather than places
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 30/57
13 - 30Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Privacy Issues
• Using customer information gained frommany sources to market additionalbusiness services
• Collecting telephone numbers, e-mailaddresses, credit card numbers, and other
personal information to build individualcustomer profiles
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 31/57
13 - 31Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Privacy on the Internet
• E-mail can be encrypted
• Newsgroup postings can be sent throughanonymous remailers
• ISP can be asked not to sell your name andpersonal information to mailing list providersand other marketers
• Decline to reveal personal data and interests ononline service and website user profiles
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 32/57
13 - 32Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Computer Matching
Definition:• Using physical profiles or personal data
and profiling software to match individuals
with data
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 33/57
13 - 33Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Privacy Laws
Definition:• Rules that regulate the collection and use
of personal data by businesses
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 34/57
13 - 34Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Censorship
• Spamming – indiscriminate sending ofunsolicited e-mail messages to manyInternet users
• Flaming – sending extremely critical,derogatory, and often vulgar e-mail
messages or newsgroup postings to otherusers on the Internet or online services
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 35/57
13 - 35Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Other Challenges
• Employment – significant reductions in jobopportunities as well as different types ofskills required for new jobs
• Computer Monitoring – computers used tomonitor the productivity and behavior of
employees as they work
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 36/57
13 - 36Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Other Challenges
• Working Conditions – jobs requiring askilled craftsman have been replaced by jobs requiring routine, repetitive tasks orstandby roles
• Individuality – dehumanize and
depersonalize activities becausecomputers eliminate human relationships
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 37/57
13 - 37Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Ergonomics
Definition:• Designing healthy work environments that
are safe, comfortable, and pleasant for
people to work in, thus increasingemployee morale and productivity
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 38/57
13 - 38Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Ergonomic Factors
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 39/57
13 - 39Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Societal Solutions
• Many of the detrimental effects ofinformation technology are caused byindividuals or organizations that are notaccepting the ethical responsibility fortheir actions.
• Like other powerful technologies,information technology possesses thepotential for great harm or great good forall human kind.
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 40/57
13 - 40Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Security Management
• The goal of securitymanagement is theaccuracy, integrity,and safety of all
information systemprocesses andresources.
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 41/57
13 - 41Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Internetworked Security Defenses
• Encryption – data transmitted inscrambled form and unscrambled bycomputer systems for authorized usersonly
• Firewalls – a gatekeeper system thatprotects a company’s intranets and other
computer networks from intrusion byproviding a filter and safe transfer point foraccess to and from the Internet and othernetworks
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 42/57
13 - 42Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Public/Private Key Encryption
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 43/57
13 - 43Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Internet and Intranet Firewalls
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 44/57
13 - 44Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Denial of Service Defenses
• At the zombie machines – set and enforcesecurity policies
• At the ISP – monitor and block trafficspikes
• At the victim’s website – create backupservers and network connections
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 45/57
13 - 45Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Internetworked Security Defenses
• E-mail Monitoring – use of contentmonitoring software that scans fortroublesome words that mightcompromise corporate security
• Virus Defenses – centralize thedistribution and updating of antivirussoftware
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 46/57
13 - 46Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Other Security Measures
• Security Codes – multilevel password systemused to gain access into the system
• Backup Files – duplicate files of data or
programs
• Security Monitors – software that monitors the
use of computer systems and networks andprotects them from unauthorized use, fraud, anddestruction
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 47/57
13 - 47Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Other Security Measures
• Biometrics – computer devices thatmeasure physical traits that make eachindividual unique
• Computer Failure Controls – devices usedto prevent computer failure or minimize itseffects
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 48/57
13 - 48Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Fault Tolerant Systems
• Systems that have redundant processors,peripherals, and software that provide a:
• Fail-over capability to back up components inthe event of system failure
• Fail-safe capability where the computer
system continues to operate at the samelevel even if there is a major hardware orsoftware failure
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 49/57
13 - 49Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Disaster Recover
• Formalized procedures to follow in theevent a disaster occurs including:
• Which employees will participate
• What their duties will be• What hardware, software, and facilities will be
used
• Priority of applications that will be processed
• Use of alternative facilities
• Offsite storage of an organization’sdatabases
I f i S C l
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 50/57
13 - 50Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Information Systems Controls
Definition:• Methods and devices that attempt to
ensure the accuracy, validity, and
propriety of information system activities
I f i S C l
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 51/57
13 - 51Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Information Systems Controls
A di i IT S i
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 52/57
13 - 52Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Auditing IT Security
• IT security audits review and evaluatewhether proper and adequate securitymeasures and management policies havebeen developed and implemented.
• This typically involves verifying theaccuracy and integrity of the softwareused, as well as the input of data andoutput produced by business applications.
S it M t f I t t U
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 53/57
13 - 53Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Security Management for Internet Users
S
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 54/57
13 - 54Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Summary
• The vital role of information technologiesand systems in society raises seriousethical and societal issues in terms of theirimpact on employment, individuality,working conditions, privacy, health, andcomputer crime.
S
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 55/57
13 - 55Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Summary
• Business and IT activities involve manyethical considerations. Basic principles oftechnology and business ethics can serveas guidelines for business professionalswhen dealing with ethical business issuesthat may arise in the widespread use ofinformation technology in business and
society.
S
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 56/57
13 - 56Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
Summary
• One of the most important responsibilitiesof the management of a company is toassure the security and quality of its IT-enabled business activities.
• Security management tools and policiescan ensure the accuracy, integrity, and
safety of the information systems andresources of a company, and thusminimize errors, fraud, and security lossesin their business activities.
8/4/2019 MIS James A. O'Brian Chap 13
http://slidepdf.com/reader/full/mis-james-a-obrian-chap-13 57/57
End of Chapter
Chapter
13