11

Chapter 9Chapter 9

Information Systems Information Systems Ethics, Computer Crime, Ethics, Computer Crime,

and Securityand Security

Information Systems TodayInformation Systems TodayLeonard Jessup and Joseph ValacichLeonard Jessup and Joseph Valacich

22

Chapter 9 ObjectivesChapter 9 Objectives

Understand how computer ethics Understand how computer ethics affects IS affects IS

Understand information privacy, Understand information privacy, accuracy, property, and accessibilityaccuracy, property, and accessibility

Understand types of computer crimeUnderstand types of computer crime Understand the terms virus, worm, Understand the terms virus, worm,

Trojan horse, and logic or time bombTrojan horse, and logic or time bomb Understand computer securityUnderstand computer security

33

Information Systems EthicsInformation Systems Ethics

Toffler’s three waves of changeToffler’s three waves of change AgricultureAgriculture Industrial RevolutionIndustrial Revolution Information AgeInformation Age

44

Information Systems EthicsInformation Systems Ethics

Computer LiteracyComputer Literacy Knowing how to use a computerKnowing how to use a computer

Digital DivideDigital Divide That gap between those with computer access That gap between those with computer access

and those who don’t have itand those who don’t have it Computer EthicsComputer Ethics

Standards of conduct as they pertain to the use Standards of conduct as they pertain to the use of information systemsof information systems

55

Information Systems EthicsInformation Systems Ethics

PrivacyPrivacy Protecting one’s personal informationProtecting one’s personal information

Identity theftIdentity theft Stealing of another’s social security number, Stealing of another’s social security number,

credit card number, or other personal credit card number, or other personal informationinformation

66

Information Systems EthicsInformation Systems Ethics

Information accuracyInformation accuracy Deals with authentication and fidelity of Deals with authentication and fidelity of

informationinformation

Information propertyInformation property Deals with who owns information about Deals with who owns information about

individuals and how information can be sold individuals and how information can be sold and exchangedand exchanged

77

88

Information Systems Information Systems EthicsEthics

Information accessibilityInformation accessibility Deals with what information a person has the Deals with what information a person has the

right to obtain about others and how the right to obtain about others and how the information can be usedinformation can be used

Issues in information accessibilityIssues in information accessibility CarnivoreCarnivore Electronic Communications Privacy Act Electronic Communications Privacy Act

(ECPA)(ECPA) Monitoring e-mailMonitoring e-mail

99

Information Systems Information Systems EthicsEthics

The need for a code of ethical The need for a code of ethical conductconduct Business ethicsBusiness ethics PlagiarismPlagiarism CybersquattingCybersquatting

1010

Computer CrimeComputer Crime Definition:Definition: the act of using a the act of using a

computer to commit an illegal actcomputer to commit an illegal act Authorized and unauthorized computer Authorized and unauthorized computer

accessaccess ExamplesExamples

Stealing time on company computersStealing time on company computers Breaking into government Web sitesBreaking into government Web sites Stealing credit card information Stealing credit card information

1111

Computer CrimeComputer Crime Federal and State LawsFederal and State Laws

Stealing or compromising dataStealing or compromising data Gaining unauthorized computer accessGaining unauthorized computer access Violating data belonging to banksViolating data belonging to banks Intercepting communicationsIntercepting communications Threatening to damage computer systemsThreatening to damage computer systems Disseminating virusesDisseminating viruses

1212

Computer CrimeComputer Crime Hacking and CrackingHacking and Cracking

Hacker – one who gains unauthorized Hacker – one who gains unauthorized computer access, but without doing damagecomputer access, but without doing damage

Cracker – one who breaks into computer Cracker – one who breaks into computer systems for the purpose of doing damagesystems for the purpose of doing damage

1313

Computer CrimeComputer Crime Who commits computer crime?Who commits computer crime?

1414

Computer CrimeComputer Crime Types of computer crimeTypes of computer crime

Data diddlingData diddling: modifying data: modifying data Salami slicingSalami slicing: skimming small amounts of : skimming small amounts of

moneymoney PhreakingPhreaking: making free long distance calls: making free long distance calls CloningCloning: cellular phone fraud using scanners : cellular phone fraud using scanners CardingCarding: stealing credit card numbers online: stealing credit card numbers online PiggybackingPiggybacking: stealing credit card numbers : stealing credit card numbers

by spyingby spying Social engineeringSocial engineering: tricking employees to : tricking employees to

gain accessgain access Dumpster divingDumpster diving: finding private info in : finding private info in

garbage cansgarbage cans SpoofingSpoofing: stealing passwords through a false : stealing passwords through a false

login pagelogin page

1515

Computer CrimeComputer Crime Software piracySoftware piracy

North America – 25%North America – 25% Western Europe – 34%Western Europe – 34% Asia / Pacific – 51%Asia / Pacific – 51% Mid East / Africa – 55%Mid East / Africa – 55% Latin America – 58%Latin America – 58% Eastern Europe – 63%Eastern Europe – 63%

1616

Computer CrimeComputer Crime Computer viruses and destructive Computer viruses and destructive

codecode Virus – a destructive program that disrupts the Virus – a destructive program that disrupts the

normal functioning of computer systemsnormal functioning of computer systems Types:Types:

Worm: usually does not destroy files; copies itselfWorm: usually does not destroy files; copies itself Trojan horses: Activates without being detected; Trojan horses: Activates without being detected;

does not copy itselfdoes not copy itself Logic or time bombs: A type of Trojan horse that Logic or time bombs: A type of Trojan horse that

stays dormant for a period of time before activatingstays dormant for a period of time before activating

1717

Computer SecurityComputer Security Computer SecurityComputer Security – precautions taken – precautions taken

to keep computers and the information to keep computers and the information they contain safe from unauthorized they contain safe from unauthorized accessaccess

1818

Computer SecurityComputer Security Recommended SafeguardsRecommended Safeguards

Implement a security plan to prevent break-Implement a security plan to prevent break-insins

Have a plan if break-ins do occurHave a plan if break-ins do occur Make backups!Make backups! Only allow access to key employeesOnly allow access to key employees Change passwords frequentlyChange passwords frequently Keep stored information secureKeep stored information secure Use antivirus softwareUse antivirus software Use biometrics for access to computing Use biometrics for access to computing

resourcesresources Hire trustworthy employeesHire trustworthy employees

1919

Computer SecurityComputer Security EncryptionEncryption – the process of encoding – the process of encoding

messages before they enter the messages before they enter the network or airwaves, then decoding network or airwaves, then decoding them at the receiving end of the them at the receiving end of the transfertransfer

2020

Computer SecurityComputer Security How encryption worksHow encryption works

Symmetric secret key systemSymmetric secret key system Both sender and recipient use the same keyBoth sender and recipient use the same key Key management can be a problemKey management can be a problem

Public key technologyPublic key technology A private key and a public keyA private key and a public key

Certificate authorityCertificate authority A trusted middleman verifies that a Web site is a A trusted middleman verifies that a Web site is a

trusted site (provides public keys to trusted partners)trusted site (provides public keys to trusted partners) Secure socket layers (SSL)Secure socket layers (SSL)

2121

Computer SecurityComputer Security Other encryption approachesOther encryption approaches

Pretty good privacy (PGP)Pretty good privacy (PGP) Phil ZimmermanPhil Zimmerman

Clipper ChipClipper Chip

2222

Computer SecurityComputer Security Internet SecurityInternet Security

Firewall – hardware and software designed to Firewall – hardware and software designed to keep unauthorized users out of network keep unauthorized users out of network systemssystems

2323

Computer SecurityComputer Security Virus preventionVirus prevention

Install antivirus softwareInstall antivirus software Make backupsMake backups Avoid unknown sources of sharewareAvoid unknown sources of shareware Delete e-mails from unknown sourcesDelete e-mails from unknown sources If your computer gets a virus…If your computer gets a virus…

2424

Computer SecurityComputer Security How to maintain your privacy onlineHow to maintain your privacy online

Choose Web sites monitored by privacy Choose Web sites monitored by privacy advocatesadvocates

Avoid “cookies”Avoid “cookies” Visit sites anonymouslyVisit sites anonymously Use caution when requesting confirming e-Use caution when requesting confirming e-

mailmail

2525

Computer SecurityComputer Security Avoid getting conned in cyberspaceAvoid getting conned in cyberspace

Internet auctionsInternet auctions Internet accessInternet access International modem dialingInternational modem dialing Web crammingWeb cramming Multilevel marketing (pyramid schemes)Multilevel marketing (pyramid schemes) Travel/vacationsTravel/vacations Business opportunitiesBusiness opportunities InvestmentsInvestments Health-care productsHealth-care products