11_security and ethical challenges

7/28/2019 11_Security and Ethical Challenges

1/60

1

Security and EthicalChallenges

11


2/60

2

Identify ethical issues in how the

use of information technologies in

business affects employment,

individuality, working conditions,privacy, crime, health, and solutions

to societal problems.

11 Learning Objectives


3/60

3

Identify types of security managementstrategies and defenses, and explainhow they can be used to ensure thesecurity of e-business applications.

How can business managers andprofessionals help to lessen the harmful

effects and increase the beneficialeffects of the use of informationtechnology?

11 Learning Objectives (continued)


4/60


5/60

5

The use of IT presents major securitychallenges, poses serious ethicalquestions, and affects society insignificant ways.

IT raises ethical issues in the areas of.. Crime

Privacy

Individuality

Employment

Health

Working conditions

11 Ethical Responsibility


6/60

6

But, IT has had beneficial results as

well.

So as managers, it is our

responsibility to minimize the

detrimental effects and optimize the

beneficial effects.

11 Ethical Responsibility (continued)


7/60

7

Business Ethics

Basic categories of ethical issues

Employee privacy

Security of company records Workplace safety



8/60

8

Theories of corporate social

responsibility

Stockholder theory

Managers are agents of the stockholders.Their only ethical responsibility is to

increase profit without violating the law or

engaging in fraud



9/60

9


responsibility

Stockholder theory

Managers are agents of the stockholders.

Their only ethical responsibility is to

increase profit without violating the law or

engaging in fraud

Ethical Responsibility (continued)


10/60

10


responsibility (continued)

Social Contract Theory

Companies have ethical responsibilities to

all members of society, which allow

corporations to exist based on a social

contract



11/60

11


responsibility (continued) First condition companies must enhance

economic satisfaction of consumers and

employees

Second condition avoid fraudulent practices,

show respect for employees as human beings,

and avoid practices that systematically worsen

the position of any group in society



12/60

12

Theories of corporate socialresponsibility (continued)

Stakeholder theory

Managers have an ethical responsibility tomanage a firm for the benefit of all itsstakeholders.

Stockholders

Employees

Customers Suppliers

Local community



13/60

13


responsibility (continued)

Sometimes stakeholders are considered to

include

Competitors

Government agencies and special interest

groups Future generations



14/60

14

Technology Ethics Four Principles

Proportionality Good must outweigh any harm or risk

Must be no alternative that achieves the sameor comparable benefits with less harm or risk

Informed consent Those affected should understand and accept

the risks

Justice Benefits and burdens should be distributed

fairly



15/60

15

Technology Ethics (continued) Minimized Risk

Even if judged acceptable by the other three

guidelines, the technology must be

implemented so as to avoid all unnecessary

risk



16/60

16

Ethical Guidelines11 Ethical Responsibility (continued)


17/60

17

Ethical guidelines (continued)

Responsible end users

Act with integrity

Increase their professional competence Set high standards of personal

performance

Accept responsibility for their work

Advance the health, privacy, and generalwelfare of the public



18/60

18

Association of Information

Technology Professionals (AITP)

definition includes

The unauthorized use, access,

modification, and destruction of

hardware, software, data, or network

resources Unauthorized release of information

Unauthorized copying of software

11 Computer Crime


19/60

19

AITP guidelines (continued)

Denying an end user his/her own

hardware, software, data, or network

resources Using or conspiring to use computer

or network resources to illegally obtain

info or tangible property

11 Computer Crime (continued)


20/60

20

Hacking

The obsessive use of computers, or the

unauthorized access and use of networked

computer systems

Cyber Theft

Involves unauthorized network entry and

the fraudulent alteration of computerdatabases



21/60

21

Unauthorized use at work

Also called time and resource theft

May range from doing private

consulting or personal finances, toplaying video games, to unauthorized

use of the Internet on company

networks

Computer Crime (continued)


22/60

22

Software Piracy

Unauthorized copying of software

Software is intellectual property protected

by copyright law and user licensingagreements



23/60

23

Piracy of intellectual property

Other forms of intellectual property

covered by copyright laws

Music Videos

Images

Articles

Books

Other written works



24/60

24

Computer viruses and worms

Virus

A program that cannot work without being

inserted into another program

Worm

A distinct program that can run unaided



25/60

25

IT makes it technically andeconomically feasible to collect,

store, integrate, interchange, and

retrieve data and information quicklyand easily.

Benefit increases efficiency and

effectiveness But, may also have a negative effect on

individuals right to privacy

11 Privacy Issues


26/60

26

Examples of important privacy

issues

Accessing private e-mail and computer

records & sharing information aboutindividuals gained from their visits to

websites and newsgroups

Always knowing where a person is viamobile and paging services

11 Privacy Issues (continued)


27/60

27

Examples of important privacy

issues (continued)

Using customer information obtained

from many sources to marketadditional business services

Collecting personal information to

build individual customer profiles



28/60

28

Privacy on the Internet

Users of the Internet are highly visible

and open to violations of privacy

Unsecured with no real rules

Cookies capture information about you

every time you visit a site

That information may be sold to thirdparties



29/60

29

Privacy on the Internet (continued)

Protect your privacy by

Encrypting your messages

Post to newsgroups through anonymousremailers

Ask your ISP not to sell your information to

mailing list providers and other marketers

Decline to reveal personal data andinterests online



30/60

30

Computer matching

Computer profiling and matching

personal data to that profile

Mistakes can be a major problem



31/60

31

Privacy laws

Attempt to enforce the privacy of

computer-based files and

communications Electronic Communications Privacy Act

Computer Fraud and Abuse Act



32/60

32

Computer Libel and Censorship

The opposite side of the privacy debate

Right to know (freedom of information)

Right to express opinions (freedom ofspeech)

Right to publish those opinions (freedom of

the press)

Spamming Flaming



33/60

33

Employment

New jobs have been created and

productivity has increased, yet there

has been a significant reduction insome types of jobs as a result of IT.

11 Other Challenges


34/60

34

Computer Monitoring Concerns workplace privacy

Monitors individuals, not just work

Is done continually. May be seen asviolating workers privacy & personalfreedom

Workers may not know that they are beingmonitored or how the information is being

used May increase workers stress level

May rob workers of the dignity of their work

11 Other Challenges (continued)


35/60

35

Working Conditions IT has eliminated many monotonous,

obnoxious tasks, but has created others

Individuality

Computer-based systems criticized asimpersonal systems that dehumanize

and depersonalize activities Regimentation

11 Other Challenges (continued)


36/60

36

Job stress

Muscle damage

Eye strain

Radiation exposure

Accidents

Some solutions

Ergonomics (human factors engineering) Goal is to design healthy work environments

11 Health Issues


37/60

37

11 Health Issues (continued)


38/60

38

Beneficial effects on society

Solve human and social problems

Medical diagnosis

Computer-assisted instruction Governmental program planning

Environmental quality control

Law enforcement

Crime control

Job placement

11 Societal Solutions


39/60

39

Security Management

11 Section II


40/60

40

Goal

Minimize errors, fraud, and losses in

the e-business systems that

interconnect businesses with theircustomers, suppliers, and other

stakeholders

11 Tools of Security Management


41/60

41

11 Tools of Security Management (continued)


42/60

42

Encryption Passwords, messages, files, and other

data is transmitted in scrambled formand unscrambled for authorized users

Involves using special mathematicalalgorithms to transform digital data inscrambled code

Most widely used method uses a pairof public and private keys unique toeach individual

11 Internet worked Security Defenses


43/60

43

Firewalls

Serves as a gatekeeper system that

protects a companys intranets and

other computer networks fromintrusion

Provides a filter and safe transfer point

Screens all network traffic for proper

passwords or other security codes

11 Internet worked Security Defenses (continued)


44/60

44

Denial of Service Defenses

These assaults depend on three layers

of networked computer systems

Victims website Victims ISP

Sites of zombie or slave computers

Defensive measures and security

precautions must be taken at all three

levels



45/60

45

E-mail Monitoring

Spot checks just arent good enough

anymore. The tide is turning toward

systematic monitoring of corporate e-mail traffic using content-monitoring

software that scans for troublesome

words that might compromise corporate

security.



46/60

46

Virus Defenses

Protection may accomplished through

Centralized distribution and updating of

antivirus software Outsourcing the virus protection

responsibility to ISPs or to

telecommunications or security

management companies



47/60

47

Security codes

Multilevel password system

Log onto the computer system

Gain access into the system Access individual files

11 Other Security Measures


48/60

48

Backup Files

Duplicate files of data or programs

File retention measures

Sometimes several generations of filesare kept for control purposes

11 Other Security Measures (continued)


49/60

49

Security Monitors

Programs that monitor the use of

computer systems and networks and

protect them from unauthorized use,fraud, and destruction



50/60

50

Biometric Security Measure physical traits that make each

individual unique Voice

Fingerprints

Hand geometry

Signature dynamics

Keystroke analysis

Retina scanning

Face recognition and Genetic patternanalysis



51/60

51

Computer Failure Controls

Preventive maintenance of hardware

and management of software updates

Backup computer system Carefully scheduled hardware or

software changes

Highly trained data center personnel



52/60

52

Fault Tolerant Systems

Computer systems that have

redundant processors, peripherals,

and software Fail-over

Fail-safe

Fail-soft



53/60

53

Disaster Recovery

Disaster recovery plan

Which employees will participate and their

duties What hardware, software, and facilities will

be used

Priority of applications that will be

processed



54/60

54

Information System Controls Methods and devices that attempt to

ensure the accuracy, validity, and

propriety of information systemactivities

Designed to monitor and maintain the

quality and security of input,

processing, and storage activities

11 System Controls and Audits


55/60

55

Auditing Business Systems

Review and evaluate whether proper

and adequate security measures and

management policies have beendeveloped and implemented

Testing the integrity of an

applications audit trail

11 System Controls and Audits (continued)


56/60

56

What can be done to improve e-commerce security on the Internet?

What potential security problems do

you see in the increasing use of

intranets and extranets in business?

What might be done to solve suchproblems?

11 Discussion Questions


57/60

57

What artificial intelligencetechniques can a business use toimprove computer security and fight

computer crime?

What are your major concernsabout computer crime and privacyon the Internet? What can you doabout it?

11 Discussion Questions (continued)


58/60

58

What is disaster recovery? Howcould it be implemented at your

school or work?

Is there an ethical crisis in e-

business today? What role does

information technology play inunethical business practices?



59/60

59

What business decisions will you have tomake as a manager that have both an

ethical and IT dimension?

What would be examples of one positive

and one negative effect of the use of e-

business technologies in each of the

ethical and societal dimensions illustratedin the chapter?


R f


60/60

60

References James A. O'Brien; George M. Marakas.

Management Information Systems:

Managing Information Technology in the

Business Enterprise 6th Ed., Boston:

McGraw-Hill/ Irwin,2004

11

11_security and ethical challenges

Documents