Management information system chap11

1

McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.

2


Chapter

11

Security and Ethical Challenges

3


Learning Objectives

Identify ethical issues in how the use of information technologies in business affects employment, individuality, working conditions, privacy, crime, health, and solutions to societal problems.

4


Learning Objectives (continued)

Identify types of security management strategies and defenses, and explain how they can be used to ensure the security of e-business applications.

How can business managers and professionals help to lessen the harmful effects and increase the beneficial effects of the use of information technology?

5


Section I

Security, Ethical, and Societal Challenges

6


Ethical Responsibility

The use of IT presents major security challenges, poses serious ethical questions, and affects society in significant ways.

IT raises ethical issues in the areas of..CrimePrivacyIndividualityEmployment HealthWorking conditions

7


Ethical Responsibility (continued)

But, IT has had beneficial results as well.

So as managers, it is our responsibility to minimize the detrimental effects and optimize the beneficial effects.

8



Business EthicsBasic categories of ethical issues

Employee privacySecurity of company recordsWorkplace safety

9



Theories of corporate social responsibilityStockholder theory

Managers are agents of the stockholders. Their only ethical responsibility is to increase profit without violating the law or engaging in fraud

10



Theories of corporate social responsibility (continued)Social Contract Theory

Companies have ethical responsibilities to all members of society, which allow corporations to exist based on a social contract

11



Theories of corporate social responsibility (continued)

First condition – companies must enhance economic satisfaction of consumers and employees

Second condition – avoid fraudulent practices, show respect for employees as human beings, and avoid practices that systematically worsen the position of any group in society

12



Theories of corporate social responsibility (continued)Stakeholder theory

Managers have an ethical responsibility to manage a firm for the benefit of all its stakeholders.StockholdersEmployeesCustomersSuppliersLocal community

13



Theories of corporate social responsibility (continued)

Sometimes stakeholders are considered to includeCompetitorsGovernment agencies and special

interest groupsFuture generations

14



Technology EthicsFour Principles

ProportionalityGood must outweigh any harm or riskMust be no alternative that achieves the

same or comparable benefits with less harm or risk

15



Technology Ethics (continued)Informed consent

Those affected should understand and accept the risks

JusticeBenefits and burdens should be

distributed fairly

16



Technology Ethics (continued)Minimized Risk

Even if judged acceptable by the other three guidelines, the technology must be implemented so as to avoid all unnecessary risk

17



Ethical Guidelines

18



Ethical guidelines (continued)Responsible end users

Act with integrityIncrease their professional competenceSet high standards of personal

performanceAccept responsibility for their workAdvance the health, privacy, and general

welfare of the public

19


Computer Crime

Association of Information Technology Professionals (AITP) definition includesThe unauthorized use, access, modification,

and destruction of hardware, software, data, or network resources

Unauthorized release of informationUnauthorized copying of software

20


Computer Crime (continued)

AITP guidelines (continued)Denying an end user his/her own hardware,

software, data, or network resourcesUsing or conspiring to use computer or

network resources to illegally obtain info or tangible property

21



HackingThe obsessive use of computers, or the

unauthorized access and use of networked computer systems

22



Cyber TheftInvolves unauthorized network entry and

the fraudulent alteration of computer databases

23



Unauthorized use at workAlso called time and resource theftMay range from doing private consulting or

personal finances, to playing video games, to unauthorized use of the Internet on company networks

24



Software PiracyUnauthorized copying of software

Software is intellectual property protected by copyright law and user licensing agreements

25



Piracy of intellectual propertyOther forms of intellectual property covered

by copyright lawsMusicVideosImagesArticlesBooksOther written works

26



Computer viruses and wormsVirus

A program that cannot work without being inserted into another program

WormA distinct program that can run unaided

27


Privacy Issues

IT makes it technically and economically feasible to collect, store, integrate, interchange, and retrieve data and information quickly and easily.Benefit – increases efficiency and

effectivenessBut, may also have a negative effect on

individual’s right to privacy

28


Privacy Issues (continued)

Examples of important privacy issuesAccessing private e-mail and computer

records & sharing information about individuals gained from their visits to websites and newsgroups

Always knowing where a person is via mobile and paging services

29



Examples of important privacy issues (continued)Using customer information obtained from

many sources to market additional business services

Collecting personal information to build individual customer profiles

30



Privacy on the InternetUsers of the Internet are highly visible and

open to violations of privacyUnsecured with no real rulesCookies capture information about you

every time you visit a siteThat information may be sold to third

parties

31



Privacy on the Internet (continued)Protect your privacy by

Encrypting your messagesPost to newsgroups through anonymous

remailersAsk your ISP not to sell your information

to mailing list providers and other marketers

Decline to reveal personal data and interests online

32



Computer matchingComputer profiling and matching personal

data to that profileMistakes can be a major problem

33



Privacy lawsAttempt to enforce the privacy of computer-

based files and communicationsElectronic Communications Privacy ActComputer Fraud and Abuse Act

34



Computer Libel and CensorshipThe opposite side of the privacy debate

Right to know (freedom of information)Right to express opinions (freedom of

speech)Right to publish those opinions (freedom

of the press)SpammingFlaming

35


Other Challenges

EmploymentNew jobs have been created and

productivity has increased, yet there has been a significant reduction in some types of jobs as a result of IT.

36


Other Challenges (continued)

Computer MonitoringConcerns workplace privacy

Monitors individuals, not just workIs done continually. May be seen as violating

workers’ privacy & personal freedomWorkers may not know that they are being

monitored or how the information is being usedMay increase workers’ stress levelMay rob workers of the dignity of their work

37



Working ConditionsIT has eliminated many monotonous,

obnoxious tasks, but has created others

38



IndividualityComputer-based systems criticized as

impersonal systems that dehumanize and depersonalize activities

Regimentation

39


Health Issues

Job stressMuscle damageEye strainRadiation exposureAccidentsSome solutions

Ergonomics (human factors engineering)Goal is to design healthy work

environments

40


Health Issues (continued)

41


Societal Solutions

Beneficial effects on societySolve human and social problems

Medical diagnosisComputer-assisted instructionGovernmental program planningEnvironmental quality controlLaw enforcementCrime controlJob placement

42


Section II

Security Management

43


Tools of Security Management

GoalMinimize errors, fraud, and losses in the e-

business systems that interconnect businesses with their customers, suppliers, and other stakeholders

44


Tools of Security Management (continued)

45


Internetworked Security Defenses

EncryptionPasswords, messages, files, and other data is

transmitted in scrambled form and unscrambled for authorized users

Involves using special mathematical algorithms to transform digital data in scrambled code

Most widely used method uses a pair of public and private keys unique to each individual

46


Internetworked Security Defenses (continued)

FirewallsServes as a “gatekeeper” system that

protects a company’s intranets and other computer networks from intrusionProvides a filter and safe transfer pointScreens all network traffic for proper

passwords or other security codes

47



Denial of Service DefensesThese assaults depend on three layers of

networked computer systemsVictim’s websiteVictim’s ISPSites of “zombie” or slave computers

Defensive measures and security precautions must be taken at all three levels

48



E-mail Monitoring“Spot checks just aren’t good enough

anymore. The tide is turning toward systematic monitoring of corporate e-mail traffic using content-monitoring software that scans for troublesome words that might compromise corporate security.”

49



Virus DefensesProtection may accomplished through

Centralized distribution and updating of antivirus software

Outsourcing the virus protection responsibility to ISPs or to telecommunications or security management companies

50


Other Security Measures

Security codesMultilevel password system

Log onto the computer systemGain access into the systemAccess individual files

51


Other Security Measures (continued)

Backup FilesDuplicate files of data or programsFile retention measuresSometimes several generations of files are

kept for control purposes

52



Security MonitorsPrograms that monitor the use of computer

systems and networks and protect them from unauthorized use, fraud, and destruction

53



Biometric SecurityMeasure physical traits that make each individual

uniqueVoiceFingerprintsHand geometrySignature dynamicsKeystroke analysisRetina scanningFace recognition and Genetic pattern analysis

54



Computer Failure ControlsPreventive maintenance of hardware and

management of software updatesBackup computer systemCarefully scheduled hardware or software

changesHighly trained data center personnel

55



Fault Tolerant SystemsComputer systems that have redundant

processors, peripherals, and softwareFail-overFail-safeFail-soft

56



Disaster RecoveryDisaster recovery plan

Which employees will participate and their duties

What hardware, software, and facilities will be used

Priority of applications that will be processed

57


System Controls and Audits

Information System ControlsMethods and devices that attempt to ensure

the accuracy, validity, and propriety of information system activities

Designed to monitor and maintain the quality and security of input, processing, and storage activities

58


System Controls and Audits (continued)

Auditing Business SystemsReview and evaluate whether proper and

adequate security measures and management policies have been developed and implemented

Testing the integrity of an application’s audit trail

59


Discussion Questions

What can be done to improve e-commerce security on the Internet?

What potential security problems do you see in the increasing use of intranets and extranets in business? What might be done to solve such problems?

60


Discussion Questions (continued)

What artificial intelligence techniques can a business use to improve computer security and fight computer crime?

What are your major concerns about computer crime and privacy on the Internet? What can you do about it?

61



What is disaster recovery? How could it be implemented at your school or work?

Is there an ethical crisis in e-business today? What role does information technology play in unethical business practices?

62



What business decisions will you have to make as a manager that have both an ethical and IT dimension?

What would be examples of one positive and one negative effect of the use of e-business technologies in each of the ethical and societal dimensions illustrated in the chapter?

63


Real World Case 1 – MTV Networks & First Citizens Bank

Defending Against Hacker and Virus Attacks

What are the business value and security benefits and limitations of defenses against DDOS attacks like those used by MTV Networks?

64


Real World Case 1 (continued)

What are the business benefits and limitations of an intrusion-detection system like that installed at First Citizens?

65



What security defense should small businesses have to protect their websites and internal systems?

Why did you make that choice?

66



What other network security threats besides denial of service, viruses, and hacker attacks should businesses protect themselves against?

67


Real World Case 2 – Oppenheimer Funds, Cardinal Health, & Exodus

IT Security Management QualificationsTechnicalBusinessPeople skillsExperience and expertise in areas like

government liaison, international regulations, and cyberterrorism

68



What mix of skills is most sought after for IT security specialists?

Why is this mix important in business?

69



Why must IT security executives in business have the mix of skills and experience outlined in this case?

What other skills do you think are important to have for effective IT security management?

70



How should businesses protect themselves from the spread of cyberterrorism in today’s internetworked world?

71


Real World Case 3 – Brandon Internet Services & PayPal

What are the business benefits and limitations of the cybercrime investigative work done by firms like Brandon Internet Services?

72



When should a company use cyberforensic investigative services like those offered by Predictive Systems?

73



What is the business value of their cyberforensic and investigative capabilities to PayPal?

Would you trust PayPal for your online payment transactions?

74


Real World Case 4 – Providence Health Systems & Others

Why is there a growing need for IT security defenses and management in business?

What challenges does this pose to effective IT security management?

75



What are some of the IT security defenses companies are using to meet these challenges?

76



Do you agree with the IT usage policies of Link Staffing? The security audit policies of Cervalis?

77


Real World Case 5 – The Doctor’s Co. & Rockland Trust

What are the benefits and limitations for a business of outsourcing IT security management according to the companies in this case?

78



What are the benefits and limitations to a business of using “pure play” IT security management companies like Counterpane and Ubizen?

79



What are the benefits and limitations of outsourcing IT security management to vendors like Symantec and Network Associates?

Date post:	30-Jul-2015
Category:	Education
Upload:	ashish-gupta
View:	47 times
Download:	3 times

Management information system chap11

Education