ethics
DESCRIPTION
Security & Ethical ChallengesTRANSCRIPT
- 1. Security & Ethical Challenges
2. Learning Objectives
- Identify ethical issues in how the use of information technologies in business affects employment, individuality, working conditions, privacy, crime, health, and solutions to societal problems.
3. Ethical Responsibility
- The use of IT presents major security challenges
4. Ethical Responsibility (continued)
- Business Ethics
-
- Basic categories of ethical issues
-
-
- Employee privacy
-
-
-
- Security of company records
-
-
-
- Workplace safety
-
5. Ethical Responsibility (continued)
- Technology Ethics
-
- Four Principles
-
-
- Proportionality
-
-
-
-
- Good must outweigh any harm or risk
-
-
-
-
-
- Must be no alternative that achieves the same or comparable benefits with less harm or risk
-
-
6. Ethical Responsibility (continued)
- Technology Ethics (continued)
-
-
- Informed consent
-
-
-
-
- Those affected should understand and accept the risks
-
-
-
-
- Justice
-
-
-
-
- Benefits and burdens should be distributed fairly
-
-
-
-
- Minimized Risk
-
-
-
-
- Even if judged acceptable by the other three guidelines, the technology must be implemented so as to avoid all unnecessary risk
-
-
7. Computer Crime
- Association of Information Technology Professionals (AITP) definition includes
-
- The unauthorized use, access, modification, and destruction of hardware, software, data, or network resources
-
- Unauthorized release of information
-
- Unauthorized copying of software
8.
- Hacking
-
- The obsessive use of computers, or the unauthorized access and use of networked computer systems
- Cyber Theft
-
- Involves unauthorized network entry and the fraudulent alteration of computer databases
Computer Crime Who commits computer crime? 9. Computer Crime (continued)
- Unauthorized use at work
-
- Also called time and resource theft
-
- May range from doing private consulting or personal finances, to playing video games, to unauthorized use of the Internet on company networks
10. Computer Crime (continued)
- Piracy of intellectual property
-
- Other forms of intellectual property covered by copyright laws
-
-
- Music
-
-
-
- Videos
-
-
-
- Images
-
-
-
- Articles
-
-
-
- Books
-
-
-
- Other written works
-
- Software Piracy
-
- Unauthorized copying of software
-
-
- Software is intellectual property protected by copyright law and user licensing agreements
-
11. Computer Crime (continued)
- Computer viruses and worms
-
- Virus
-
-
- A program that cannot work without being inserted into another program
-
-
- Worm
-
-
- A distinct program that can run unaided
-
12. Privacy Issues
- IT makes it technically and economically feasible to collect, store, integrate, interchange, and retrieve data and information quickly and easily.
-
- Benefit increases efficiency and effectiveness
-
- But, may also have a negative effect on individuals right to privacy
13. Privacy Issues (continued)
- Privacy on the Internet
-
- Users of the Internet are highly visible and open to violations of privacy
-
- Unsecured with no real rules
-
- Cookies capture information about you every time you visit a site
-
- That information may be sold to third parties
14. Privacy Issues (continued)
- Privacy on the Internet (continued)
-
- Protect your privacy by
-
-
- Encrypting your messages
-
-
-
- Post to newsgroups through anonymous remailers
-
-
-
- Ask your ISP not to sell your information to mailing list providers and other marketers
-
-
-
- Decline to reveal personal data and interests online
-
15. Privacy Issues (continued)
- Privacy laws
-
- Attempt to enforce the privacy of computer-based files and communications
-
- Electronic Communications Privacy Act
-
- Computer Fraud and Abuse Act
16. Privacy Issues (continued)
- Computer Libel and Censorship
-
- The opposite side of the privacy debate
-
-
- Right to know (freedom of information)
-
-
-
- Right to express opinions (freedom of speech)
-
-
-
- Right to publish those opinions (freedom of the press)
-
-
-
- Spamming
-
-
-
- Flaming
-
17. Other Challenges
- Employment
-
- New jobs have been created and productivity has increased, yet there has been a significant reduction in some types of jobs as a result of IT.
18. Other Challenges (continued)
- Computer Monitoring
-
- Concerns workplace privacy
-
-
- Monitors individuals, not just work
-
-
-
- Is done continually.May be seen as violating workers privacy & personal freedom
-
-
-
- Workers may not know that they are being monitored or how the information is being used
-
-
-
- May increase workers stress level
-
-
-
- May rob workers of the dignity of their work
-
19. Other Challenges (continued)
- Working Conditions
-
- IT has eliminated many monotonous, obnoxious tasks, but has created others
- Individuality
-
- Computer-based systems criticized as impersonal systems that dehumanize and depersonalize activities
-
- Regimentation
20. Health Issues
- Job stress
- Muscle damage
- Eye strain
- Radiation exposure
- Accidents
- Some solutions
-
- Ergonomics (human factors engineering)
-
-
- Goal is to design healthy work environments
-
21. Health Issues (continued) 22. Section II Security Management 23. Tools of Security Management
- Goal
-
- Minimize errors, fraud, and losses in the e-business systems that interconnect businesses with their customers, suppliers, and other stakeholders
24. 25. Internetworked Security Defenses
- Encryption
-
- Passwords, messages, files, and other data is transmitted in scrambled form and unscrambled for authorized users
-
- Involves using special mathematical algorithms to transform digital data in scrambled code
-
- Most widely used method uses a pair of public and private keys unique to each individual
26. Internetworked Security Defenses (continued)
- Firewalls
-
- Serves as a gatekeeper system that protects a companys intranets and other computer networks from intrusion
-
-
- Provides a filter and safe transfer point
-
-
-
- Screens all network traffic for proper passwords or other security codes
-
27. Internetworked Security Defenses (continued)
- Denial of Service Defenses
-
- These assaults depend on three layers of networked computer systems
-
-
- Victims website
-
-
-
- Victims ISP
-
-
-
- Sites of zombie or slave computers
-
-
- Defensive measures and security precautions must be taken at all three levels
28. Internetworked Security Defenses (continued)
- E-mail Monitoring
-
- Spot checks just arent good enough anymore.The tide is turning toward systematic monitoring of corporate e-mail traffic using content-monitoring software that scans for troublesome words that might compromise corporate security.
29. Internetworked Security Defenses (continued)
- Virus Defenses
-
- Protection may accomplished through
-
-
- Centralized distribution and updating of antivirus software
-
-
-
- Outsourcing the virus protection responsibility to ISPs or to telecommunications or security management companies
-
30. Other Security Measures
- Security codes
-
- Multilevel password system
-
-
- Log onto the computer system
-
-
-
- Gain access into the system
-
-
-
- Access individual files
-
31. Other Security Measures (continued)
- Backup Files
-
- Duplicate files of data or programs
-
- File retention measures
-
- Sometimes several generations of files are kept for control purposes
32. Other Security Measures (continued)
- Security Monitors
-
- Programs that monitor the use of computer systems and networks and protect them from unauthorized use, fraud, and destruction
33. Other Security Measures (continued)
- Biometric Security
-
- Measure physical traits that make each individual unique
-
-
- Voice
-
-
-
- Fingerprints
-
-
-
- Hand geometry
-
-
-
- Signature dynamics
-
-
-
- Keystroke analysis
-
-
-
- Retina scanning
-
-
-
- Face recognition and Genetic pattern analysis
-
34. Other Security Measures (continued)
- Computer Failure Controls
-
- Preventive maintenance of hardware and management of software updates
-
- Backup computer system
-
- Carefully scheduled hardware or software changes
-
- Highly trained data center personnel
35. Other Security Measures (continued)
- Fault Tolerant Systems
-
- Computer systems that have redundant processors, peripherals, and software
-
-
- Fail-over
-
-
-
- Fail-safe
-
-
-
- Fail-soft
-
36. Other Security Measures (continued)
- Disaster Recovery
-
- Disaster recovery plan
-
-
- Which employees will participate and their duties
-
-
-
- What hardware, software, and facilities will be used
-
-
-
- Priority of applications that will be processed
-
37. System Controls and Audits
- Information System Controls
-
- Methods and devices that attempt to ensure the accuracy, validity, and propriety of information system activities
-
- Designed to monitor and maintain the quality and security of input, processing, and storage activities
38. System Controls and Audits (continued)
- Auditing Business Systems
-
- Review and evaluate whether proper and adequate security measures and management policies have been developed and implemented
-
- Testing the integrity of an applications audit trail