1. Security & Ethical Challenges

2. Learning Objectives

Identify ethical issues in how the use of information technologies in business affects employment, individuality, working conditions, privacy, crime, health, and solutions to societal problems.

3. Ethical Responsibility

The use of IT presents major security challenges

4. Ethical Responsibility (continued)

Business Ethics

• Basic categories of ethical issues

• • Employee privacy

• • Security of company records

• • Workplace safety

5. Ethical Responsibility (continued)

Technology Ethics

• Four Principles

• • Proportionality

• • • Good must outweigh any harm or risk

• • • Must be no alternative that achieves the same or comparable benefits with less harm or risk

6. Ethical Responsibility (continued)

Technology Ethics (continued)

• • Informed consent

• • • Those affected should understand and accept the risks

• • Justice

• • • Benefits and burdens should be distributed fairly

• • Minimized Risk

• • • Even if judged acceptable by the other three guidelines, the technology must be implemented so as to avoid all unnecessary risk

7. Computer Crime

Association of Information Technology Professionals (AITP) definition includes

• The unauthorized use, access, modification, and destruction of hardware, software, data, or network resources

• Unauthorized release of information

• Unauthorized copying of software

8.

Hacking

• The obsessive use of computers, or the unauthorized access and use of networked computer systems

Cyber Theft

• Involves unauthorized network entry and the fraudulent alteration of computer databases

Computer Crime Who commits computer crime? 9. Computer Crime (continued)

Unauthorized use at work

• Also called time and resource theft

• May range from doing private consulting or personal finances, to playing video games, to unauthorized use of the Internet on company networks

10. Computer Crime (continued)

Piracy of intellectual property

• Other forms of intellectual property covered by copyright laws

• • Music

• • Videos

• • Images

• • Articles

• • Books

• • Other written works

Software Piracy

• Unauthorized copying of software

• • Software is intellectual property protected by copyright law and user licensing agreements

11. Computer Crime (continued)

Computer viruses and worms

• Virus

• • A program that cannot work without being inserted into another program

• Worm

• • A distinct program that can run unaided

12. Privacy Issues

IT makes it technically and economically feasible to collect, store, integrate, interchange, and retrieve data and information quickly and easily.

• Benefit increases efficiency and effectiveness

• But, may also have a negative effect on individuals right to privacy

13. Privacy Issues (continued)

Privacy on the Internet

• Users of the Internet are highly visible and open to violations of privacy

• Unsecured with no real rules

• Cookies capture information about you every time you visit a site

• That information may be sold to third parties

14. Privacy Issues (continued)

Privacy on the Internet (continued)

• Protect your privacy by

• • Encrypting your messages

• • Post to newsgroups through anonymous remailers

• • Ask your ISP not to sell your information to mailing list providers and other marketers

• • Decline to reveal personal data and interests online

15. Privacy Issues (continued)

Privacy laws

• Attempt to enforce the privacy of computer-based files and communications

• Electronic Communications Privacy Act

• Computer Fraud and Abuse Act

16. Privacy Issues (continued)

Computer Libel and Censorship

• The opposite side of the privacy debate

• • Right to know (freedom of information)

• • Right to express opinions (freedom of speech)

• • Right to publish those opinions (freedom of the press)

• • Spamming

• • Flaming

17. Other Challenges

Employment

• New jobs have been created and productivity has increased, yet there has been a significant reduction in some types of jobs as a result of IT.

18. Other Challenges (continued)

Computer Monitoring

• Concerns workplace privacy

• • Monitors individuals, not just work

• • Is done continually.May be seen as violating workers privacy & personal freedom

• • Workers may not know that they are being monitored or how the information is being used

• • May increase workers stress level

• • May rob workers of the dignity of their work

19. Other Challenges (continued)

Working Conditions

• IT has eliminated many monotonous, obnoxious tasks, but has created others

Individuality

• Computer-based systems criticized as impersonal systems that dehumanize and depersonalize activities

• Regimentation

20. Health Issues

Job stress

Muscle damage

Eye strain

Radiation exposure

Accidents

Some solutions

• Ergonomics (human factors engineering)

• • Goal is to design healthy work environments

21. Health Issues (continued) 22. Section II Security Management 23. Tools of Security Management

Goal

• Minimize errors, fraud, and losses in the e-business systems that interconnect businesses with their customers, suppliers, and other stakeholders

24. 25. Internetworked Security Defenses

Encryption

• Passwords, messages, files, and other data is transmitted in scrambled form and unscrambled for authorized users

• Involves using special mathematical algorithms to transform digital data in scrambled code

• Most widely used method uses a pair of public and private keys unique to each individual

26. Internetworked Security Defenses (continued)

Firewalls

• Serves as a gatekeeper system that protects a companys intranets and other computer networks from intrusion

• • Provides a filter and safe transfer point

• • Screens all network traffic for proper passwords or other security codes

27. Internetworked Security Defenses (continued)

Denial of Service Defenses

• These assaults depend on three layers of networked computer systems

• • Victims website

• • Victims ISP

• • Sites of zombie or slave computers

• Defensive measures and security precautions must be taken at all three levels

28. Internetworked Security Defenses (continued)

E-mail Monitoring

• Spot checks just arent good enough anymore.The tide is turning toward systematic monitoring of corporate e-mail traffic using content-monitoring software that scans for troublesome words that might compromise corporate security.

29. Internetworked Security Defenses (continued)

Virus Defenses

• Protection may accomplished through

• • Centralized distribution and updating of antivirus software

• • Outsourcing the virus protection responsibility to ISPs or to telecommunications or security management companies

30. Other Security Measures

Security codes

• Multilevel password system

• • Log onto the computer system

• • Gain access into the system

• • Access individual files

31. Other Security Measures (continued)

Backup Files

• Duplicate files of data or programs

• File retention measures

• Sometimes several generations of files are kept for control purposes

32. Other Security Measures (continued)

Security Monitors

• Programs that monitor the use of computer systems and networks and protect them from unauthorized use, fraud, and destruction

33. Other Security Measures (continued)

Biometric Security

• Measure physical traits that make each individual unique

• • Voice

• • Fingerprints

• • Hand geometry

• • Signature dynamics

• • Keystroke analysis

• • Retina scanning

• • Face recognition and Genetic pattern analysis

34. Other Security Measures (continued)

Computer Failure Controls

• Preventive maintenance of hardware and management of software updates

• Backup computer system

• Carefully scheduled hardware or software changes

• Highly trained data center personnel

35. Other Security Measures (continued)

Fault Tolerant Systems

• Computer systems that have redundant processors, peripherals, and software

• • Fail-over

• • Fail-safe

• • Fail-soft

36. Other Security Measures (continued)

Disaster Recovery

• Disaster recovery plan

• • Which employees will participate and their duties

• • What hardware, software, and facilities will be used

• • Priority of applications that will be processed

37. System Controls and Audits

Information System Controls

• Methods and devices that attempt to ensure the accuracy, validity, and propriety of information system activities

• Designed to monitor and maintain the quality and security of input, processing, and storage activities

38. System Controls and Audits (continued)

Auditing Business Systems

• Review and evaluate whether proper and adequate security measures and management policies have been developed and implemented

• Testing the integrity of an applications audit trail