Date post: | 19-Dec-2015 |
Category: |
Documents |
View: | 219 times |
Download: | 0 times |
Manager’s View
• Issues regarding information security and ethics regarding information systems are critical to all managers in modern organisations.
• Information systems represent critical organisational assets.
• Ethical responsibility for private information is important to managers.
Viewing IS Security
Control loss of assets
ensure the integrity and reliability of data
improve the efficiency/ effectiveness of Information Systems applications
Risks, Threats, and Vulnerabilities
• Risk: a potential monetary loss to the firm.
• Threat: people, actions, events, and other situations that can trigger losses.
• Vulnerabilities: flaws, problems, and other conditions that make a system open to threats.
Assessing Risks
• Identify what risks are acceptable and what risks are not.
• Estimate amount of loss and probability the loss will occur.
– If loss occurs, how will the firm respond?
– What would be the cost of the response?
Controls
Counter measures to threats.
Physical controls
Electronic controls
Software controls
Management controls
Natural Disasters
Disaster prevention plan
Use of backup power supplies
Special building material
Location
Drainage systems
Structural modifications to avoid damage
Natural Disasters
Disaster recovery plan • Planning how to restore
operations quickly
• Developing contingency plans
Disaster containment plan
• Sprinkler systems• Water tight ceilings
Computer Crime, Fraud and Abuse
• About 75% of firms reported financial losses from computer crimes; 90% of computer crime goes unreported.
• Industrial Espionage -
The theft of organisational data by competitors
Hacking -
Unauthorised entry by a person into a computer system or network
Data Diddling -
The use of a computer system by employees to forge documents or change data in records for personal gain
Computer Viruses
a hidden program which insert itself into the computer system and forces the system to clone it.
Can be
– Benign
– Malicious • destroys its original host
when it has copied itself
• spare capacity of the computer is used up by proliferation
Time Bombs
activated by a particular date
Logic Bomb
activated by the execution of a specific logical condition
Worms
similar to virus but, resides on separate soft ware
Trojan Horses
Computer Viruses
Can be infected by :
•any network connection- download a program - access web site
•from diskettes
Computer Crime, Fraud and Abuse (Cont.)
• Hardware Theft and Vandalism:
– Over 208,000 notebook computers were stolen in 1995.
• Software Piracy: reproducing a program that violates copyright protection.
– Illegal use jeopardises organisations.– Piracy can cause you to lose your
job.
•Copy right laws
Privacy Violations
Capacity of individuals or organisations to control information about themselves.
– limiting the types and amounts of data that can be collected about individuals and organisations.
– individuals or organisations have the ability to access, examine, and correct the data stored about them
– that the disclosure, use, or dissemination of those data are restricted
Privacy Violations
Violations of electronic mail privacy and electronic data interchange.
Data protection legislation
Controls
Good computer hygiene
Anti-Virus programs
-Prevent a virus-laden file from being down loaded from a network
-Prevent the virus program being inserting it self in the system
-Detect a virus program so you can take emergency action
-Controlling the damage virus programs can do once they have been detected
Protecting Information Systems
• Small business measures:– Alarms and regular use of
keyboard locks.– Replacement value insurance.– Password protection. – Storage of software disks in a
locked cabinet.– Tie-down cables for desktop
computers.– Train employees.
Securing Communications Systems
• Encryption:
the process of encoding data
• Firewalls:
typically a system used to enforce an access control policy between two networks.
• E-mail Gateways:
monitors all inbound and outbound traffic
Develop/practice a disaster recovery plan with a “hot” site and a “cold” site.
Describes how a firm can resume operations after a disaster
Ethics
• Ethical and Contractual Behaviour: a good part of computer ethics is behaving legally and contractually - not copying software you have no right to copy.
• Privacy, Access, and Accuracy Issues: It is not illegal to read the email of others, but it is unethical.
Privacy Issues
• What information on individuals and other firms should an organisation keep?
• What rights should these individuals and firms have about the use of the data that your organisation keeps?
• If your organisation is bought by another, what rights should the purchaser have about the data that it maintains?
Privacy Issues (Cont.)
• What is your firm’s responsibility for ensuring the data on people it keeps is accurate?
• What rights do people have to review the data kept about themselves?
• Who in an organisation has the right to review the records of others?
Property Issues
• Using shareware software without sending a check to the developer is unethical.
• Protecting the rights of others by not copying software--piracy increases the legal cost to others who purchase the software.
• Property rights over intellectual property such as copyrights.
The Widespread Impact of Information Systems and
Management Responsibility
• IS allow increased efficiency and effectiveness--this can lead to workforce reductions.
• Responsibilities to employees as stakeholders in the organisation.
• Managers should develop and deploy information systems in a socially responsible way.
Summary
• Information systems pose numerous security and ethical problems for managers.
• Assess the risks and understand the controls to apply to reduce the threats to IS.
• Understand that ethical problems with IS have been the subject of legislation and court action, and that managers have a social responsibility to safeguard information and its use.
R. Behar, “Who’s Reading Your Email?”, Fortune, February 3, 1997, , p58, p64.
Check out CNET.COM (on line magazine). K Ferrell, “Net Crime: Don’t be a Victim”, February 6, 1996.
A Gordon, “Study: Computer Crimes Grow, Losses Top $100 million, “ UDA Today, March 7, 1997 (on line version).
M J Zuckerman, “Cybercrime against Business Frequent, Costly”, USA Today, January 13, 1997 (online version).
Vance McCarthy, “Web Security: How Much Is Enough?”, January, 1997.