- 1. Security & Ethical Challenges
2. Learning Objectives
- Identify ethical issues in how the use of information
technologies in business affects employment, individuality, working
conditions, privacy, crime, health, and solutions to societal
problems.
3. Ethical Responsibility
- The use of IT presents major security challenges
4. Ethical Responsibility (continued)
-
- Basic categories of ethical issues
-
-
- Security of company records
5. Ethical Responsibility (continued)
-
-
-
- Good must outweigh any harm or risk
-
-
-
- Must be no alternative that achieves the same or comparable
benefits with less harm or risk
6. Ethical Responsibility (continued)
- Technology Ethics (continued)
-
-
-
- Those affected should understand and accept the risks
-
-
-
- Benefits and burdens should be distributed fairly
-
-
-
- Even if judged acceptable by the other three guidelines, the
technology must be implemented so as to avoid all unnecessary
risk
7. Computer Crime
- Association of Information Technology Professionals (AITP)
definition includes
-
- The unauthorized use, access, modification, and destruction of
hardware, software, data, or network resources
-
- Unauthorized release of information
-
- Unauthorized copying of software
8.
-
- The obsessive use of computers, or the unauthorized access and
use of networked computer systems
-
- Involves unauthorized network entry and the fraudulent
alteration of computer databases
Computer Crime Who commits computer crime? 9. Computer Crime
(continued)
-
- Also called time and resource theft
-
- May range from doing private consulting or personal finances,
to playing video games, to unauthorized use of the Internet on
company networks
10. Computer Crime (continued)
- Piracy of intellectual property
-
- Other forms of intellectual property covered by copyright
laws
-
- Unauthorized copying of software
-
-
- Software is intellectual property protected by copyright law
and user licensing agreements
11. Computer Crime (continued)
- Computer viruses and worms
-
-
- A program that cannot work without being inserted into another
program
-
-
- A distinct program that can run unaided
12. Privacy Issues
- IT makes it technically and economically feasible to collect,
store, integrate, interchange, and retrieve data and information
quickly and easily.
-
- Benefit increases efficiency and effectiveness
-
- But, may also have a negative effect on individuals right to
privacy
13. Privacy Issues (continued)
-
- Users of the Internet are highly visible and open to violations
of privacy
-
- Unsecured with no real rules
-
- Cookies capture information about you every time you visit a
site
-
- That information may be sold to third parties
14. Privacy Issues (continued)
- Privacy on the Internet (continued)
-
-
- Post to newsgroups through anonymous remailers
-
-
- Ask your ISP not to sell your information to mailing list
providers and other marketers
-
-
- Decline to reveal personal data and interests online
15. Privacy Issues (continued)
-
- Attempt to enforce the privacy of computer-based files and
communications
-
- Electronic Communications Privacy Act
-
- Computer Fraud and Abuse Act
16. Privacy Issues (continued)
- Computer Libel and Censorship
-
- The opposite side of the privacy debate
-
-
- Right to know (freedom of information)
-
-
- Right to express opinions (freedom of speech)
-
-
- Right to publish those opinions (freedom of the press)
17. Other Challenges
-
- New jobs have been created and productivity has increased, yet
there has been a significant reduction in some types of jobs as a
result of IT.
18. Other Challenges (continued)
-
- Concerns workplace privacy
-
-
- Monitors individuals, not just work
-
-
- Is done continually.May be seen as violating workers privacy
& personal freedom
-
-
- Workers may not know that they are being monitored or how the
information is being used
-
-
- May increase workers stress level
-
-
- May rob workers of the dignity of their work
19. Other Challenges (continued)
-
- IT has eliminated many monotonous, obnoxious tasks, but has
created others
-
- Computer-based systems criticized as impersonal systems that
dehumanize and depersonalize activities
20. Health Issues
-
- Ergonomics (human factors engineering)
-
-
- Goal is to design healthy work environments
21. Health Issues (continued) 22. Section II Security Management
23. Tools of Security Management
-
- Minimize errors, fraud, and losses in the e-business systems
that interconnect businesses with their customers, suppliers, and
other stakeholders
24. 25. Internetworked Security Defenses
-
- Passwords, messages, files, and other data is transmitted in
scrambled form and unscrambled for authorized users
-
- Involves using special mathematical algorithms to transform
digital data in scrambled code
-
- Most widely used method uses a pair of public and private keys
unique to each individual
26. Internetworked Security Defenses (continued)
-
- Serves as a gatekeeper system that protects a companys
intranets and other computer networks from intrusion
-
-
- Provides a filter and safe transfer point
-
-
- Screens all network traffic for proper passwords or other
security codes
27. Internetworked Security Defenses (continued)
- Denial of Service Defenses
-
- These assaults depend on three layers of networked computer
systems
-
-
- Sites of zombie or slave computers
-
- Defensive measures and security precautions must be taken at
all three levels
28. Internetworked Security Defenses (continued)
-
- Spot checks just arent good enough anymore.The tide is turning
toward systematic monitoring of corporate e-mail traffic using
content-monitoring software that scans for troublesome words that
might compromise corporate security.
29. Internetworked Security Defenses (continued)
-
- Protection may accomplished through
-
-
- Centralized distribution and updating of antivirus
software
-
-
- Outsourcing the virus protection responsibility to ISPs or to
telecommunications or security management companies
30. Other Security Measures
-
- Multilevel password system
-
-
- Log onto the computer system
-
-
- Gain access into the system
31. Other Security Measures (continued)
-
- Duplicate files of data or programs
-
- Sometimes several generations of files are kept for control
purposes
32. Other Security Measures (continued)
-
- Programs that monitor the use of computer systems and networks
and protect them from unauthorized use, fraud, and destruction
33. Other Security Measures (continued)
-
- Measure physical traits that make each individual unique
-
-
- Face recognition and Genetic pattern analysis
34. Other Security Measures (continued)
- Computer Failure Controls
-
- Preventive maintenance of hardware and management of software
updates
-
- Carefully scheduled hardware or software changes
-
- Highly trained data center personnel
35. Other Security Measures (continued)
-
- Computer systems that have redundant processors, peripherals,
and software
36. Other Security Measures (continued)
-
-
- Which employees will participate and their duties
-
-
- What hardware, software, and facilities will be used
-
-
- Priority of applications that will be processed
37. System Controls and Audits
- Information System Controls
-
- Methods and devices that attempt to ensure the accuracy,
validity, and propriety of information system activities
-
- Designed to monitor and maintain the quality and security of
input, processing, and storage activities
38. System Controls and Audits (continued)
- Auditing Business Systems
-
- Review and evaluate whether proper and adequate security
measures and management policies have been developed and
implemented
-
- Testing the integrity of an applications audit trail