MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 1

Security, Privacy, and Ethical Issues in Information Systems and

the Internet

Chapter 14

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 2

Principles and Learning Objectives

• Policies and procedures must be established to avoid computer waste and mistakes.

– Describe some examples of waste and mistakes in an IS environment, their causes, and possible solutions.

– Identify policies and procedures useful in eliminating waste and mistakes.

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 3

Principles and Learning Objectives

• Computer crime is a serious and rapidly growing area of concern requiring management attention.

– Explain the types and effects of computer crime.– Identify specific measures to prevent computer crime.– Discuss the principles and limits of an individual’s

right to privacy.

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 4

Principles and Learning Objectives

• Jobs, equipment, and working conditions must be designed to avoid negative health effects.

– List the important effects of computers on the work environment.

– Identify specific actions that must be taken to ensure the health and safety of employees.

– Outline criteria for the ethical use of information systems.

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 5

Social Issues in Information Systems

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 6

Computer Waste & Mistakes

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 7

Computer Waste

• Discard technology• Unused systems• Personal use of corporate time and technology

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 8

Preventing Computer Waste and Mistakes

• Establish Policies and Procedures• Implement Policies and Procedures• Monitor Policies and Procedures• Review Policies and Procedures

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 9

Preventing Computer-Related Waste and Mistakes

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 10

Implementing Policies and Procedures

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 11

Computer Crime

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 12

Number of Incidents Reported to CERT

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 13

Computer Crime and Security Survey

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 14

The Computer as a Tool to Commit Crime

• Social engineering• Dumpster diving• Identity theft• Cyberterrorism

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 15

Computers as Objects of Crime

• Illegal access and use– Hackers vs. crackers– Script bunnies– Insiders

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 16

Illegal Access and Use

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 17

Data Alteration and Destruction

• Virus– Application virus– System virus– Macro virus

• Worm• Logic bomb

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 18

Data Alteration and Destruction

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 19

Top Viruses – July 2002

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 20

Top Viruses – July 2002

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 21

Computers as Objects of Crime

• Information and equipment theft• Software and Internet piracy• Computer-related scams• International computer crime

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 22

Preventing Computer-Related Crime

• Crime prevention by state and federal agencies• Crime prevention by corporations

– Public Key Infrastructure (PKI)– Biometrics

• Antivirus programs

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 23

Preventing Computer-Related Crime

• Intrusion Detection Software• Managed Security Service Providers (MSSPs)• Internet Laws for Libel and Protection of

Decency

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 24

Preventing Crime on the Internet

• Develop effective Internet and security policies• Use a stand-alone firewall with network monitoring

capabilities• Monitor managers and employees• Use Internet security specialists to perform audits

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 25

Common Methods Used to Commit Computer Crimes

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 26

How to Protect Your Corporate Data from Hackers

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 27

Privacy

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 28

Privacy Issues

• Privacy and the Federal Government• Privacy at work• E-mail privacy• Privacy and the Internet

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 29

Using Antivirus Programs

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 30

Fairness and Information Use

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 31

Federal Privacy Laws and Regulations

• The Privacy Act of 1979• Gramm-Leach-Bliley Act• USA Patriot Act

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 32

Other Federal Privacy Laws

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 33

Other Federal Privacy Laws

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 34

The Work Environment

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 35

Health Concerns

• Repetitive stress injury (RSI)• Carpal tunnel syndrome (CTS)• Ergonomics

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 36

Avoiding Health and Environment Problems

• Maintain good posture and positioning.• Don’t ignore pain or discomfort.• Use stretching and strengthening exercises.• Find a good physician who is familiar with RSI and how

to treat it.

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 37

Medical Topics on the Internet

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 38

Ethical Issues in Information Systems

• The AITP Code of Ethics– Obligation to management– Obligation to fellow AITP members– Obligation to society

• The ACM Code of Professional Conduct– Acquire and maintain professional competence

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 39

AITP Code of Ethics

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan 40

Summary

• Computer waste - the inappropriate use of computer technology and resources in both the public and private sectors

• Software and Internet piracy - represent the most common computer crime

• Ethics - determine generally accepted and discouraged activities within a company