Principles of Information Systems, Sixth Edition

Security, Privacy, and Ethical Issues in Information Systems and

the Internet

Chapter 14

Principles of Information Systems, Sixth Edition

Principles and Learning Objectives

• Policies and procedures must be established to avoid computer waste and mistakes.

– Describe some examples of waste and mistakes in an IS environment, their causes, and possible solutions.

– Identify policies and procedures useful in eliminating waste and mistakes.

Principles of Information Systems, Sixth Edition

Principles and Learning Objectives

• Computer crime is a serious and rapidly growing area of concern requiring management attention.

– Explain the types and effects of computer crime.– Identify specific measures to prevent computer crime.– Discuss the principles and limits of an individual’s

right to privacy.

Principles of Information Systems, Sixth Edition

Principles and Learning Objectives

• Jobs, equipment, and working conditions must be designed to avoid negative health effects.

– List the important effects of computers on the work environment.

– Identify specific actions that must be taken to ensure the health and safety of employees.

– Outline criteria for the ethical use of information systems.

Principles of Information Systems, Sixth Edition

Social Issues in Information Systems

Principles of Information Systems, Sixth Edition

Computer Waste & Mistakes

Principles of Information Systems, Sixth Edition

Computer Waste

• Discard technology• Unused systems• Personal use of corporate time and technology

Principles of Information Systems, Sixth Edition

Preventing Computer Waste and Mistakes

• Establish Policies and Procedures• Implement Policies and Procedures• Monitor Policies and Procedures• Review Policies and Procedures

Principles of Information Systems, Sixth Edition

Preventing Computer-Related Waste and Mistakes

Principles of Information Systems, Sixth Edition

Implementing Policies and Procedures

Principles of Information Systems, Sixth Edition

Computer Crime

Principles of Information Systems, Sixth Edition

Number of Incidents Reported to CERT

Principles of Information Systems, Sixth Edition

Computer Crime and Security Survey

Principles of Information Systems, Sixth Edition

The Computer as a Tool to Commit Crime

• Social engineering• Dumpster diving• Identity theft• Cyberterrorism

Principles of Information Systems, Sixth Edition

Computers as Objects of Crime

• Illegal access and use– Hackers vs. crackers– Script bunnies– Insiders

Principles of Information Systems, Sixth Edition

Illegal Access and Use

Principles of Information Systems, Sixth Edition

Data Alteration and Destruction

• Virus– Application virus– System virus– Macro virus

• Worm• Logic bomb

Principles of Information Systems, Sixth Edition

Data Alteration and Destruction

Principles of Information Systems, Sixth Edition

Top Viruses – July 2002

Principles of Information Systems, Sixth Edition

Top Viruses – July 2002

Principles of Information Systems, Sixth Edition

Computers as Objects of Crime

• Information and equipment theft• Software and Internet piracy• Computer-related scams• International computer crime

Principles of Information Systems, Sixth Edition

Preventing Computer-Related Crime

• Crime prevention by state and federal agencies• Crime prevention by corporations

– Public Key Infrastructure (PKI)– Biometrics

• Antivirus programs

Principles of Information Systems, Sixth Edition

Preventing Computer-Related Crime

• Intrusion Detection Software• Managed Security Service Providers (MSSPs)• Internet Laws for Libel and Protection of

Decency

Principles of Information Systems, Sixth Edition

Preventing Crime on the Internet

• Develop effective Internet and security policies• Use a stand-alone firewall with network monitoring

capabilities• Monitor managers and employees• Use Internet security specialists to perform audits

Principles of Information Systems, Sixth Edition

Common Methods Used to Commit Computer Crimes

Principles of Information Systems, Sixth Edition

How to Protect Your Corporate Data from Hackers

Principles of Information Systems, Sixth Edition

Privacy

Principles of Information Systems, Sixth Edition

Privacy Issues

• Privacy and the Federal Government• Privacy at work• E-mail privacy• Privacy and the Internet

Principles of Information Systems, Sixth Edition

Using Antivirus Programs

Principles of Information Systems, Sixth Edition

Fairness and Information Use

Principles of Information Systems, Sixth Edition

Federal Privacy Laws and Regulations

• The Privacy Act of 1979• Gramm-Leach-Bliley Act• USA Patriot Act

Principles of Information Systems, Sixth Edition

Other Federal Privacy Laws

Principles of Information Systems, Sixth Edition

Other Federal Privacy Laws

Principles of Information Systems, Sixth Edition

The Work Environment

Principles of Information Systems, Sixth Edition

Health Concerns

• Repetitive stress injury (RSI)• Carpal tunnel syndrome (CTS)• Ergonomics

Principles of Information Systems, Sixth Edition

Avoiding Health and Environment Problems

• Maintain good posture and positioning.• Don’t ignore pain or discomfort.• Use stretching and strengthening exercises.• Find a good physician who is familiar with RSI and how

to treat it.

Principles of Information Systems, Sixth Edition

Medical Topics on the Internet

Principles of Information Systems, Sixth Edition

Ethical Issues in Information Systems

• The AITP Code of Ethics– Obligation to management– Obligation to fellow AITP members– Obligation to society

• The ACM Code of Professional Conduct– Acquire and maintain professional competence

Principles of Information Systems, Sixth Edition

AITP Code of Ethics

Principles of Information Systems, Sixth Edition

Summary

• Computer waste - the inappropriate use of computer technology and resources in both the public and private sectors

• Software and Internet piracy - represent the most common computer crime

• Ethics - determine generally accepted and discouraged activities within a company