8/9/2019 Business Driven Management Systems
1/46
1
© 2014 by McGraw -Hil l Educa
t ion. This is proprietary mater ial solely for autho rized instructor
use. Not author ized for sale or dis t r ibut ion in any manner . This document m ay not be c opied,scann ed, duplic ated, forward ed, distr ib uted, or posted on a website, in whole or part.
CHAPTER FOUR
ETHICS AND
INFORMATIONSECURITY
MIS BUSINESSCONCERNS
8/9/2019 Business Driven Management Systems
2/46
2
CHAPTER OVERVIEW
SECTION 4.1 – Ethics
• Information Ethics
• Developing Information Management Policies
• Ethics in the Workplace
SECTION 4.2 – Information Security
• Protecting Intellectual Assets• The First Line of Defense - People
• The Second Line of Defense - Technology
8/9/2019 Business Driven Management Systems
3/46
3
© 2014 by McGraw -Hil l Educa
t ion. This is proprietary mater ial solely for autho rized instructor
use. Not author ized for sale or dis t r ibut ion in any manner . This document m ay not be c opied,scann ed, duplic ated, forward ed, distr ib uted, or posted on a website, in whole or part.
SECTION 4.1
Ethics
8/9/2019 Business Driven Management Systems
4/46
4
LEARNING OUTCOMES
1. Explain the ethical issues in the use of theinformation age
2. Identify the six epolicies an organizationshould implement to protect themselves
8/9/2019 Business Driven Management Systems
5/46
5
INFORMATION ETHICS
Ethics – The principles andstandards that guide our behaviortoward other people
Information ethics – Govern theethical and moral issues arisingfrom the development and use ofinformation technologies, as wellas the creation, collection,duplication, distribution, andprocessing of information itself
8/9/2019 Business Driven Management Systems
6/46
6
INFORMATION ETHICS
Business issues related to information ethics
• Intellectual property
• Copyright• Pirated software
• Counterfeit software
• Digital rights management
8/9/2019 Business Driven Management Systems
7/46
7
INFORMATION ETHICS
Privacy is a major ethical issue
• Privacy – The right to be left alone when
you want to be, to have control over yourown personal possessions, and not to beobserved without your consent
• Confidentiality – the assurance that
messages and information are availableonly to those who are authorized to viewthem
8/9/2019 Business Driven Management Systems
8/46
8
INFORMATION ETHICS
Individuals form the only ethicalcomponent of MIS
• Individuals copy, use , and distribute software
• Search organizational databases for sensitiveand personal information
• Individuals create and spread viruses
• Individuals hack into computer systems tosteal information
• Employees destroy and steal information
8/9/2019 Business Driven Management Systems
9/46
9
INFORMATION ETHICS
Acting ethically and legally are not always thesame
8/9/2019 Business Driven Management Systems
10/46
10
Information Does Not Have Ethics,
People Do Information does not care how it is used, it will
not stop itself from sending spam, viruses, orhighly-sensitive information
Tools to prevent information misuse
• Information management
• Information governance
• Information compliance
• Ediscovery
8/9/2019 Business Driven Management Systems
11/46
11
DEVELOPING INFORMATION
MANAGEMENT POLICIES Organizations strive to build a corporate culture
based on ethical principles that employees canunderstand and implement
8/9/2019 Business Driven Management Systems
12/46
12
Ethical Computer Use Policy
Ethical computer use policy – Contains general principles to guidecomputer user behavior
The ethical computer user policyensures all users are informed of therules and, by agreeing to use the
system on that basis, consent toabide by the rules
8/9/2019 Business Driven Management Systems
13/46
13
Information Privacy Policy
The unethical use of information typicallyoccurs “unintentionally” when it is used for new
purposes
Information privacy policy - Containsgeneral principles regarding informationprivacy
8/9/2019 Business Driven Management Systems
14/46
14
Acceptable Use Policy
Acceptable use policy (AUP) – Requires auser to agree to follow it to be provided accessto corporate email, information systems, and theInternet
Nonrepudiation – A contractual stipulation toensure that ebusiness participants do not deny
their online actions
Internet use policy – Contains generalprinciples to guide the proper use of the Internet
8/9/2019 Business Driven Management Systems
15/46
8/9/2019 Business Driven Management Systems
16/46
16
Email Privacy Policy
8/9/2019 Business Driven Management Systems
17/46
8/9/2019 Business Driven Management Systems
18/46
18
Social Media Policy
Social media policy – Outlines the corporate
guidelines or principlesgoverning employee onlinecommunications
8/9/2019 Business Driven Management Systems
19/46
19
WORKPLACE MONITORING
POLICY Workplace monitoring is a concern for many
employees
Organizations can be held financiallyresponsible for their employees’ actions
The dilemma surrounding employee monitoring
in the workplace is that an organization isplacing itself at risk if it fails to monitor itsemployees, however, some people feel thatmonitoring employees is unethical
8/9/2019 Business Driven Management Systems
20/46
20
WORKPLACE MONITORING
POLICY Information technology
monitoring – Tracks people’sactivities by such measures as
number of keystrokes, error rate,and number of transactionsprocessed
Employee monitoring policy – Explicitly state how, when, andwhere the company monitors itsemployees
8/9/2019 Business Driven Management Systems
21/46
21
WORKPLACE MONITORING
POLICY Common monitoring technologies include:
• Key logger or key trapper software
• Hardware key logger• Cookie
• Adware
• Spyware
• Web log
• Clickstream
8/9/2019 Business Driven Management Systems
22/46
23
8/9/2019 Business Driven Management Systems
23/46
23
LEARNING OUTCOMES
3. Describe the relationships and differencesbetween hackers and viruses
4. Describe the relationship between informationsecurity policies and an information securityplan
5. Provide an example of each of the threeprimary security areas: (1) authentication andauthorization, (2) prevention and resistance,and (3) detection and response
24
8/9/2019 Business Driven Management Systems
24/46
24
PROTECTING INTELLECTUAL ASSETS
Organizational information isintellectual capital - it must beprotected
Information security – Theprotection of information fromaccidental or intentional misuse by
persons inside or outside anorganization
Downtime – Refers to a period oftime when a system is unavailable
25
8/9/2019 Business Driven Management Systems
25/46
25
PROTECTING INTELLECTUAL
ASSETS Sources of Unplanned Downtime
26
8/9/2019 Business Driven Management Systems
26/46
26
PROTECTING
INTELLECTUAL ASSETS
How Much Will Downtime Cost Your Business?
27
8/9/2019 Business Driven Management Systems
27/46
27
Security Threats Caused by
Hackers and Viruses Hacker – Experts in technology who use their
knowledge to break into computers and computernetworks, either for profit or just motivated by thechallenge
• Black-hat hacker
• Cracker
• Cyberterrorist• Hactivist
• Script kiddies or script bunnies
• White-hat hacker
28
8/9/2019 Business Driven Management Systems
28/46
28
Security Threats Caused by
Hackers and Viruses Virus - Software written with malicious intent to
cause annoyance or damage
• Backdoor program• Denial-of-service attack (DoS)
• Distributed denial-of-service attack (DDoS)
• Polymorphic virus
• Trojan-horse virus• Worm
29
8/9/2019 Business Driven Management Systems
29/46
29
Security Threats Caused by Hackers
and Viruses
How Computer Viruses Spread
30
8/9/2019 Business Driven Management Systems
30/46
30
Security Threats Caused by
Hackers and Viruses Security threats to ebusiness include
• Elevation of privilege
• Hoaxes• Malicious code
• Packet tampering
• Sniffer• Spoofing
• Splogs
• Spyware
31
8/9/2019 Business Driven Management Systems
31/46
31
THE FIRST LINE OF DEFENSE - PEOPLE
Organizations must enable employees, customers,and partners to access information electronically
The biggest issue surrounding information securityis not a technical issue, but a people issue
• Insiders
• Social engineering
• Dumpster diving
32
8/9/2019 Business Driven Management Systems
32/46
32
THE FIRST LINE OF DEFENSE - PEOPLE
The first line of defense an organization shouldfollow to help combat insider issues is to develop
information security policies and an informationsecurity plan
• Information security policies
• Information security plan
33
8/9/2019 Business Driven Management Systems
33/46
33
THE SECOND LINE OF DEFENSE -
TECHNOLOGY
There are three primary information technologysecurity areas
34
8/9/2019 Business Driven Management Systems
34/46
34
Authentication and Authorization
Identity theft – The forging ofsomeone’s identity for the purpose
of fraud
Phishing – A technique to gainpersonal information for thepurpose of identity theft, usually by
means of fraudulent email
Pharming – Reroutes requests forlegitimate websites to false
websites
35
8/9/2019 Business Driven Management Systems
35/46
Authentication and Authorization
Authentication – A method for confirming users’identities
Authorization – The process of giving someonepermission to do or have something
The most secure type of authentication involves
1. Something the user knows2. Something the user has
3. Something that is part of the user
36
8/9/2019 Business Driven Management Systems
36/46
Something the User Knows Such As a User ID
and Password
This is the most common way toidentify individual users and
typically contains a user ID and apassword
This is also the most ineffective
form of authentication Over 50 percent of help-desk
calls are password related
37
8/9/2019 Business Driven Management Systems
37/46
Smart cards and tokens are moreeffective than a user ID and apassword
• Tokens – Small electronic devices thatchange user passwords automatically
• Smart card – A device that is around the
same size as a credit card, containingembedded technologies that can storeinformation and small amounts ofsoftware to perform some limited
processing
Something the User Knows Such As a User ID
and Password
38
8/9/2019 Business Driven Management Systems
38/46
Something That Is Part Of The User Such As a
Fingerprint or Voice Signature
This is by far the best and most effectiveway to manage authentication
• Biometrics – The identification of a userbased on a physical characteristic, such as afingerprint, iris, face, voice, or handwriting
Unfortunately, this method can be costly
and intrusive
39
8/9/2019 Business Driven Management Systems
39/46
Prevention and Resistance
Downtime can cost an organization anywherefrom $100 to $1 million per hour
Technologies available to help prevent andbuild resistance to attacks include
1. Content filtering
2. Encryption
3. Firewalls
40
8/9/2019 Business Driven Management Systems
40/46
Prevention and Resistance
Content filtering - Preventsemails containing sensitive
information from transmittingand stops spam and virusesfrom spreading
41
8/9/2019 Business Driven Management Systems
41/46
Prevention and Resistance
If there is an information security breach andthe information was encrypted, the personstealing the information would be unable to
read it
• Encryption
• Public key encryption (PKE)
• Certificate authority
• Digital certificate
42
8/9/2019 Business Driven Management Systems
42/46
Prevention and Resistance
43
8/9/2019 Business Driven Management Systems
43/46
Prevention and Resistance
One of the most commondefenses for preventing asecurity breach is a firewall
Firewall – Hardware and/orsoftware that guards a privatenetwork by analyzing the
information leaving andentering the network
44
8/9/2019 Business Driven Management Systems
44/46
Prevention and Resistance
Sample firewall architecture connecting systems located inChicago, New York, and Boston
8/9/2019 Business Driven Management Systems
45/46
46
8/9/2019 Business Driven Management Systems
46/46
LEARNING OUTCOME REVIEW
Now that you have finished the chapterplease review the learning outcomes in
your text
Top Related