week 13 - information system and society
TRANSCRIPT
-
8/4/2019 Week 13 - Information System and Society
1/78
Security and Ethical Challenges
Chapter
7.1 (week 13 )
McGraw-Hill/Irwin Copyright 2009 by The McGraw-Hill Companies, Inc. All rights reserved.
-
8/4/2019 Week 13 - Information System and Society
2/78
Identify several ethical issues in how the useof information technologies in business affects
Employment
Individuality
Working conditions
Privacy
Crime
Health
Solutions to societal problems
Learning Objectives
13-2
-
8/4/2019 Week 13 - Information System and Society
3/78
Learning Objectives
Identify several types of securitymanagement strategies and defenses,and explain how they can be used toensure the security of businessapplications of information technology
Propose several ways that businessmanagers and professionals can help to
lessen the harmful effects and increasethe beneficial effects of the use ofinformation technology
13-3
-
8/4/2019 Week 13 - Information System and Society
4/78
Case 1: Ethics, Moral Dilemmas, andTough Decisions
The pervasive use of IT in organizations andsociety present individuals with new ethicalchallenges and dilemmas.
If companies dont set ethical policies andguidelines, or dont make sure that
employees know what they are andunderstand them, companies cannot hold
workers accountable for their unethicalbehavior.
13-4
-
8/4/2019 Week 13 - Information System and Society
5/78
Case Study Questions
1. Companies are developing ethical policies and guidelinesfor legal reasons, but also to clarify what is acceptableand what is not. Do you think any of the issues raised inthe case required clarification? Would you take exceptionto any of them being classified as inappropriate behavior?
Why do you think these things happen anyway?2. In the first example (Bryans), it is apparent that he did not
believe justice had been ultimately served by the decisionhis company made. Should he have taken the issue to theauthorities? Or, was it enough that he reported theproblem through the proper channels and let theorganization handle it, as was the recommendation ofLinn Hynds? Provide a rationale for the position you arewilling to take on this matter.
13-5
-
8/4/2019 Week 13 - Information System and Society
6/78
Case Study Questions
3. In the case, Gary chose not to stop his bossfrom installing unlicensed software, althoughhe refused to do it himself. If installingunlicensed software is wrong, is there any
difference between refusing to do it versus notstopping somebody else? Do you buy hisargument that it was not really going to hurtanybody? Why or why not?
13-6
-
8/4/2019 Week 13 - Information System and Society
7/78
IT Security, Ethics, and Society
13-7
-
8/4/2019 Week 13 - Information System and Society
8/78
IT Security, Ethics, and Society
Information technology has bothbeneficialand detrimental effects on society
and people
Manage work activities to minimize thedetrimental effects of information
technology
Optimize the beneficial effects
13-8
-
8/4/2019 Week 13 - Information System and Society
9/78
Business Ethics
Ethics questions that managersconfront as part of their dailybusiness decision making include
Equity
Rights
Honesty Exercise of corporate power
13-9
-
8/4/2019 Week 13 - Information System and Society
10/78
Categories of Ethical Business Issues
13-10
-
8/4/2019 Week 13 - Information System and Society
11/78
Corporate Social Responsibility Theories
Stockholder Theory
Managers are agents of the stockholders
Their only ethical responsibility is to increase
the profits of the business without violatingthe law or engaging in fraudulent practices
Social Contract Theory
Companies have ethical responsibilities to allmembers of society, who allow corporationsto exist
13-11
-
8/4/2019 Week 13 - Information System and Society
12/78
Corporate Social Responsibility Theories
Stakeholder Theory
Managers have an ethicalresponsibility to manage a firm for thebenefit of all its stakeholders
Stakeholders are all individuals andgroups
that have a stake in, or claim on, acompany
13-12
-
8/4/2019 Week 13 - Information System and Society
13/78
Principles of Technology Ethics
Proportionality
The good achieved by the technology mustoutweigh the harm or risk; there must be no
alternative that achieves the same orcomparable benefits with less harm or risk
Informed Consent
Those affected by the technology shouldunderstand and accept the risks
13-13
-
8/4/2019 Week 13 - Information System and Society
14/78
Principles of Technology Ethics
Justice
The benefits and burdens of the technologyshould be distributed fairly.
Those who benefit should bear their fairshareof the risks, and those who do not benefitshould not suffer a significant increase in risk
Minimized Risk
Even if judged acceptable by the other threeguidelines, the technology must beimplemented so as to avoid all unnecessaryrisk
13-14
-
8/4/2019 Week 13 - Information System and Society
15/78
AITP Standards of Professional Conduct
13-15
-
8/4/2019 Week 13 - Information System and Society
16/78
Responsible Professional Guidelines
A responsible professional
Acts with integrity
Increases personal competence Sets high standards of personal
performance
Accepts responsibility for his/her work Advances the health, privacy, and
generalwelfare of the public
13-16
-
8/4/2019 Week 13 - Information System and Society
17/78
Computer Crime
Computer crime includes
Unauthorized use, access, modification, ordestruction of hardware, software, data, ornetwork resources
The unauthorized release of information The unauthorized copying of software
Denying an end user access to his/her ownhardware, software, data, or network
resources Using or conspiring to use computer ornetwork resources illegally to obtaininformation or tangible property
13-17
-
8/4/2019 Week 13 - Information System and Society
18/78
Hacking
Hacking is The obsessive use of computers The unauthorized access and use of
networked computer systems
Electronic Breaking and Entering Hacking into a computer system and reading
files, but neither stealing nor damaginganything
Cracker A malicious or criminal hacker who maintains
knowledge of the vulnerabilities found forprivate advantage
13-18
-
8/4/2019 Week 13 - Information System and Society
19/78
Common Hacking Tactics
Denial of Service
Hammering a websites equipment with toomany requests for information
Clogging the system, slowing performance,or crashing the site
Scans
Widespread probes of the Internet to
determine types of computers, services, andconnections
Looking for weaknesses
13-19
-
8/4/2019 Week 13 - Information System and Society
20/78
Common Hacking Tactics
Sniffer
Programs that search individual packets ofdata as they pass through the Internet
Capturing passwords or entire contents
Spoofing
Faking an e-mail address or Web page to
trick users into passing along criticalinformationlike passwords or credit card numbers
13-20
-
8/4/2019 Week 13 - Information System and Society
21/78
Common Hacking Tactics
Trojan House A program that, unknown to the user,
contains instructions that exploit a knownvulnerabilityin some software
Back Doors A hidden point of entry to be used in case
the original entry point is detected or blocked
Malicious Applets Tiny Java programs that misuse your
computers resources, modify files on thehard disk, send fake email, or stealpasswords
13-21
-
8/4/2019 Week 13 - Information System and Society
22/78
Common Hacking Tactics
War Dialing
Programs that automatically dial thousandsof telephone numbers in search of a way inthrough a modem connection
Logic Bombs
An instruction in a computer program thattriggers a malicious act
Buffer Overflow
Crashing or gaining control of a computer bysending too much data to buffer memory
13-22
-
8/4/2019 Week 13 - Information System and Society
23/78
Common Hacking Tactics
Password Crackers Software that can guess passwords
Social Engineering
Gaining access to computer systems bytalking unsuspecting company employeesout ofvaluable information, such as passwords
Dumpster Diving
Sifting through a companys garbage to findinformation to help break into theircomputers
13-23
-
8/4/2019 Week 13 - Information System and Society
24/78
Cyber Theft
Many computer crimes involve the theft ofmoney
The majority are inside jobs that involveunauthorized network entry and alternation
of computer databases to cover the tracksof the employees involved
Many attacks occur through the Internet
Most companies dont reveal that they have
been targets or victims of cybercrime
13-24
-
8/4/2019 Week 13 - Information System and Society
25/78
Unauthorized Use at Work
Unauthorized use of computer systemsand networks is time and resource theft
Doing private consulting
Doing personal finances Playing video games
Unauthorized use of the Internet or companynetworks
Sniffers Used to monitor network traffic or capacity
Find evidence of improper use
13-25
-
8/4/2019 Week 13 - Information System and Society
26/78
Internet Abuses in the Workplace
General email abuses
Unauthorized usage and access
Copyright infringement/plagiarism
Newsgroup postings
Transmission of confidential data
Pornography
Hacking
Non-work-related download/upload
Leisure use of the Internet
Use of external ISPs
Moonlighting
13-26
-
8/4/2019 Week 13 - Information System and Society
27/78
Software Piracy
Software Piracy
Unauthorized copying of computerprograms
Licensing
Purchasing software is really a paymentfor a license for fair use
Site license allows a certain number ofcopies
A third of the software industrys revenues are lost to
piracy 13-27
-
8/4/2019 Week 13 - Information System and Society
28/78
Theft of Intellectual Property
Intellectual Property
Copyrighted material
Includes such things as music, videos, images,articles, books, and software
Copyright Infringement is Illegal Peer-to-peer networking techniques have made
it easy to trade pirated intellectual property
Publishers Offer Inexpensive Online Music
Illegal downloading of music and video isdown and continues to drop
13-28
-
8/4/2019 Week 13 - Information System and Society
29/78
Viruses and Worms
A virus is a program that cannot work withoutbeing inserted into another program A worm can run unaided
These programs copy annoying or destructive
routines into networked computers Copy routines spread the virus
Commonly transmitted through The Internet and online services
Email and file attachments
Disks from contaminated computers
Shareware
13-29
-
8/4/2019 Week 13 - Information System and Society
30/78
-
8/4/2019 Week 13 - Information System and Society
31/78
Top Five Virus Families of all Time
Netsky, 2004
Mass-mailing worm that spreads byemailing itself to all email addresses
found on infected computers
Tries to spread via peer-to-peer filesharing
by copying itself into the shared folder It renames itself to pose as one of 26
other common files along the way
13-31
-
8/4/2019 Week 13 - Information System and Society
32/78
Top Five Virus Families of all Time
SoBig, 2004
Mass-mailing email worm that arrives asan attachment
Examples: Movie_0074.mpg.pif, Document003.pif
Scans all .WAB, .WBX, .HTML, .EML, and.TXT files looking for email addresses towhich it can send itself
Also attempts to download updates for itself
13-32
-
8/4/2019 Week 13 - Information System and Society
33/78
Top Five Virus Families of all Time
Klez, 2002 A mass-mailing email worm that arrives
with a randomly named attachment
Exploits a known vulnerability in MS
Outlook to auto-execute on unpatchedclients
Tries to disable virus scanners and thencopy itself to all local and networked driveswith a random file name
Deletes all files on the infected machine andany mapped network drives on the 13th of alleven-numbered months
13-33
-
8/4/2019 Week 13 - Information System and Society
34/78
Top Five Virus Families of all Time
Sasser, 2004
Exploits a Microsoft vulnerability tospread
from computer to computer with nouser intervention
Spawns multiple threads that scan
local subnets for vulnerabilities
13-34
-
8/4/2019 Week 13 - Information System and Society
35/78
The Cost of Viruses, Trojans, Worms
Cost of the top five virus families
Nearly 115 million computers in 200countries were infected in 2004
Up to 11 million computers are believed tobe permanently infected
In 2004, total economic damage from virusproliferation was $166 to $202 billion
Average damage per computer is between$277 and $366
13-35
-
8/4/2019 Week 13 - Information System and Society
36/78
Adware and Spyware
Adware Software that purports to serve a useful purpose, and
often does
Allows advertisers to display pop-up and banner adswithout the consent of the computer users
Spyware Adware that uses an Internet connection in the
background, without the users permissionor knowledge
Captures information about the user and sendsit over the Internet
13-36
-
8/4/2019 Week 13 - Information System and Society
37/78
Spyware Problems
Spyware can steal private information and also Add advertising links to Web pages
Redirect affiliate payments
Change a users home page and search settings
Make a modem randomly call premium-rate phonenumbers
Leave security holes that let Trojans in
Degrade system performance
Removal programs are often not completelysuccessful in eliminating spyware
13-37
-
8/4/2019 Week 13 - Information System and Society
38/78
Privacy Issues
The power of information technology tostore and retrieve information can have anegative effect on every individuals right
to privacy Personal information is collected with every
visit to a Web site
Confidential information stored by credit
bureaus, credit card companies, and thegovernment has been stolen or misused
13-38
-
8/4/2019 Week 13 - Information System and Society
39/78
-
8/4/2019 Week 13 - Information System and Society
40/78
Privacy Issues
Violation of PrivacyAccessing individuals private email
conversations and computer records
Collecting and sharing information about
individuals gained from their visits toInternet websites
Computer Monitoring
Always knowing where a person is
Mobile and paging services are becomingmore closely associated with people thanwith places
13-40
-
8/4/2019 Week 13 - Information System and Society
41/78
Privacy Issues
Computer Matching
Using customer information gained frommany sources to market additional business
services Unauthorized Access of Personal Files
Collecting telephone numbers, emailaddresses, credit card numbers, and other
information to build customer profiles
13-41
-
8/4/2019 Week 13 - Information System and Society
42/78
Protecting Your Privacy on the Internet
There are multiple ways to protect yourprivacy
Encrypt email
Send newsgroup postings throughanonymous remailers
Ask your ISP not to sell your name andinformation to mailing list providers and
other marketers
Dont reveal personal data and interests on
online service and website user profiles
13-42
-
8/4/2019 Week 13 - Information System and Society
43/78
Privacy Laws
Electronic Communications Privacy Actand Computer Fraud and Abuse Act
Prohibit intercepting data communications
messages, stealing or destroying data, ortrespassing in federal-related computersystems
U.S. Computer Matching and Privacy Act
Regulates the matching of data held infederal agency files to verify eligibilityfor federal programs
13-43
-
8/4/2019 Week 13 - Information System and Society
44/78
Privacy Laws
Other laws impacting privacy and howmuch a company spends on compliance
Sarbanes-Oxley
Health Insurance Portability andAccountability Act (HIPAA)
Gramm-Leach-Bliley
USA Patriot Act
California Security Breach Law
Securities and Exchange Commission rule17a-4
13-44
-
8/4/2019 Week 13 - Information System and Society
45/78
Computer Libel and Censorship
The opposite side of the privacy debate Freedom of information, speech, and press
Biggest battlegrounds Bulletin boards
Email boxes Online files of Internet and public networks
Weapons used in this battle Spamming
Flame mail
Libel laws Censorship
13-45
-
8/4/2019 Week 13 - Information System and Society
46/78
Computer Libel and Censorship
Spamming
Indiscriminate sending of unsolicited emailmessages to many Internet users
Flaming
Sending extremely critical, derogatory, andoften vulgar email messages or newsgroupposting to other users on the Internet or
online services
Especially prevalent on special-interestnewsgroups
13-46
-
8/4/2019 Week 13 - Information System and Society
47/78
Cyberlaw
Laws intended to regulate activitiesoverthe Internet or via electronic
communication devices Encompasses a wide variety of legal
andpolitical issues
Includes intellectual property, privacy,freedom of expression, and jurisdiction
13-47
-
8/4/2019 Week 13 - Information System and Society
48/78
Cyberlaw
The intersection of technology and the lawis controversial Some feel the Internet should not be regulated
Encryption and cryptography make traditional form ofregulation difficult
The Internet treats censorship as damage and simplyroutes around it
Cyberlaw only began to emerge in 1996 Debate continues regarding the applicability
of legal principles derived from issues thathad nothing to do with cyberspace
13-48
-
8/4/2019 Week 13 - Information System and Society
49/78
Other Challenges
Employment IT creates new jobs and increases productivity
It can also cause significant reductions in jobopportunities, as well as requiring new job skills
Computer Monitoring Using computers to monitor the productivityand behavior of employees as they work
Criticized as unethical because it monitors individuals,not just work, and is done constantly
Criticized as invasion of privacy because manyemployees do not know they are being monitored
13-49
-
8/4/2019 Week 13 - Information System and Society
50/78
Other Challenges
Working Conditions
IT has eliminated monotonous or obnoxious tasks
However, some skilled craftsperson jobs have beenreplaced by jobs requiring routine,
repetitive tasks or standby roles Individuality
Dehumanizes and depersonalizes activitiesbecause computers eliminate human
relationships Inflexible systems
13-50
-
8/4/2019 Week 13 - Information System and Society
51/78
Health Issues
Cumulative Trauma Disorders (CTDs)
Disorders suffered by people who sit at aPC or terminal and do fast-paced repetitive
keystroke jobs Carpal Tunnel Syndrome
Painful, crippling ailment of the handand wrist
Typically requires surgery to cure
13-51
-
8/4/2019 Week 13 - Information System and Society
52/78
Ergonomics
Designing healthy workenvironments
Safe, comfortable, and pleasant forpeopleto work in
Increases employee morale and
productivity Also called human factors engineering
13-52
-
8/4/2019 Week 13 - Information System and Society
53/78
Ergonomics Factors
13-53
-
8/4/2019 Week 13 - Information System and Society
54/78
Societal Solutions
Using information technologies to solvehuman and social problems
Medical diagnosis
Computer-assisted instruction
Governmental program planning
Environmental quality control
Law enforcement Job placement
13-54
-
8/4/2019 Week 13 - Information System and Society
55/78
Societal Solutions
The detrimental effects ofinformation technology
Often caused by individualsor organizations notaccepting ethicalresponsibility for
their actions
13-55
-
8/4/2019 Week 13 - Information System and Society
56/78
Security Management of IT
The Internet was developed for inter-operability, not impenetrability
Business managers and professionals alike
are responsible for the security, quality, andperformance of business informationsystems
Hardware, software, networks, and data
resources must be protected by a varietyof security measures
13-56
-
8/4/2019 Week 13 - Information System and Society
57/78
Case 2: Raymond James Financial, BCDTravel, Houston Texans, and Others
For companies like Raymond James, leakage ofsensitive customer data or proprietary information isa new priority.
Companies are starting to focus on keepingsensitive information within their boundaries.
Companies are deploying Outbound contentmanagement tools to monitor outgoing information.
Companies not only have to monitor e-mailmessages, but also the explosion of alternativecommunication mechanisms that employees areusing, including instant messaging, blogs, FTPtransfers, Web mail, and message boards.
13-57
-
8/4/2019 Week 13 - Information System and Society
58/78
Case Study Questions
1. Barring illegal activities, why do you think that employees in
the organizations featured in the case do not realizethemselves the dangers of loosely managing proprietary andsensitive information? Would you have thought of theseissues?
2. How should organizations strike the right balance between
monitoring and invading their employees privacy, even if itwould be legal for them to do so? Why is it important thatcompanies achieve this balance? What would be theconsequences of being too biased to one side?
3. The IT executives in the case all note that outbound
monitoring and management technologies are only part of anoverall strategy, and not their primary defense. What shouldbe the other components of this strategy? Which weightwould you give to human and technological factors? Why?
13-58
-
8/4/2019 Week 13 - Information System and Society
59/78
Security Management
The goal of securitymanagement is theaccuracy, integrity,
and safety of allinformation systemprocesses and resources
13-59
-
8/4/2019 Week 13 - Information System and Society
60/78
Internetworked Security Defenses
Encryption
Data is transmitted in scrambled form
It is unscrambled by computersystems for authorized users only
The most widely used method uses apair of public and private keys unique
to each individual
13-60
-
8/4/2019 Week 13 - Information System and Society
61/78
Public/Private Key Encryption
13-61
-
8/4/2019 Week 13 - Information System and Society
62/78
Internetworked Security Defenses
Firewalls
A gatekeeper system that protects acompanys intranets and other computer
networks from intrusion
Provides a filter and safe transfer point foraccess to/from the Internet and othernetworks
Important for individuals who connect to theInternet with DSL or cable modems
Can deter hacking, but cannot prevent it
13-62
-
8/4/2019 Week 13 - Information System and Society
63/78
Internet and Intranet Firewalls
13-63
-
8/4/2019 Week 13 - Information System and Society
64/78
Denial of Service Attacks
Denial of service attacks depend onthreelayers of networked computer
systems The victims website
The victims Internet service provider
Zombie or slave computers that havebeen commandeered by thecybercriminals
13-64
-
8/4/2019 Week 13 - Information System and Society
65/78
Defending Against Denial of Service
At Zombie Machines
Set and enforce security policies
Scan for vulnerabilities
At the ISP
Monitor and block traffic spikes
At the Victims Website Create backup servers and network
connections
13-65
-
8/4/2019 Week 13 - Information System and Society
66/78
Internetworked Security Defenses
Email Monitoring
Use of content monitoring software thatscansfor troublesome words that might
compromise corporate security
Virus Defenses
Centralize the updating and distribution ofantivirus software
Use a security suite that integrates virusprotection with firewalls, Web security,and content blocking features
13-66
-
8/4/2019 Week 13 - Information System and Society
67/78
Other Security Measures
Security Codes Multilevel password system
Encrypted passwords
Smart cards with microprocessors Backup Files
Duplicate files of data or programs
Security Monitors
Monitor the use of computers and networks
Protects them from unauthorized use, fraud,and destruction
13-67
-
8/4/2019 Week 13 - Information System and Society
68/78
Other Security Measures
Biometrics
Computer devices measure physical traitsthat make each individual unique Voice recognition, fingerprints, retina scan
Computer Failure Controls
Prevents computer failures or minimizesits effects
Preventive maintenance
Arrange backups with a disaster recoveryorganization
13-68
-
8/4/2019 Week 13 - Information System and Society
69/78
Other Security Measures
In the event of a system failure, fault-tolerant systems have redundantprocessors, peripherals, and software
that provide Fail-over capability: shifts to back up
components
Fail-save capability: the system continues
to operate at the same level
Fail-soft capability: the system continuesto operate at a reduced but acceptable level
13-69
-
8/4/2019 Week 13 - Information System and Society
70/78
-
8/4/2019 Week 13 - Information System and Society
71/78
Information System Controls
Methods and devices that attempt toensure the accuracy, validity, andpropriety of information system activities
13-71
-
8/4/2019 Week 13 - Information System and Society
72/78
Auditing IT Security
IT Security Audits
Performed by internal or externalauditors
Review and evaluation of securitymeasuresand management policies
Goal is to ensure that that proper andadequate measures and policies arein place
13-72
-
8/4/2019 Week 13 - Information System and Society
73/78
Protecting Yourself from Cybercrime
13-73
-
8/4/2019 Week 13 - Information System and Society
74/78
Case 3: Cyberscams and Cybercriminals
Cyberscams are todays fastest-growingcriminal niche
87 percent of companies surveyed reported
a security incident The U.S. Federal Trade Commission says
identity theft is its top complaint
eBay has 60 people combating fraud;
Microsoft has 65
Stolen credit card account numbers areregularly sold online
13-74
-
8/4/2019 Week 13 - Information System and Society
75/78
-
8/4/2019 Week 13 - Information System and Society
76/78
Case 4: Lowes, TCI, Bank of America,ChoicePoint, and Others
Security Breach Headlines Identity thieves stole information on 145,000
people from ChoicePoint
Bank of America lost backup tapes that held
data on over 1 million credit card holders DSW had its stores credit card data
breached; over 1 million had been accessed
Corporate America is finally owning up toa long-held secret It cant safeguard its most valuable data
13-76
-
8/4/2019 Week 13 - Information System and Society
77/78
Case Study Questions
1. Why have there been so many recentincidents of data security breaches andloss of customer data by reputablecompanies?
2. What security safeguards mustcompanies have to deter electronicbreak-ins into their computer networks,
business applications, and dataresources like the incident at Lowes?
13-77
-
8/4/2019 Week 13 - Information System and Society
78/78
Case Study Questions
3. What security safeguards wouldhave deterred the loss of customerdata at TCI, Bank of America, and
ChoicePoint? Defend yourproposed security measures toavoid the incidents that occurred at
each company.