security and ethical challenges.ppt

7/25/2019 SECURITY AND ETHICAL CHALLENGES.ppt

1/61

Chapter 13 Security and

Ethical Challenges

James A. O'Brien, and George Marakas.ManagementInformation Systems with MISource2!, "thed. Boston, MA# McGraw$%i&&, Inc.,2!. ISB# () *!"!))2)*(


2/61

+earning O-ecties Identify seera& ethica& issues in how the use of

information techno&ogies in usiness affects#em/&oyment, indiidua&ity, working conditions,0riacy, crime, hea&th, and so&utions to societa&

/ro&ems Identify seera& ty/es of security management

strategies and defenses, and e1/&ain how they cane used to ensure the security of usiness

a//&ications of information techno&ogy 0ro/ose seera& ways that usiness managers and

/rofessiona&s can he&/ to &essen the harmfu& effectsand increase the eneficia& effects of the use of I

23ha/ter () Security and 4thica& 3ha&&enges


3/61

3ase ( 3yerscams and

3yercrimina&s 3yerscams are today5s fastest$growing

crimina& niche

"! /ercent of com/anies sureyed re/orteda security incidenthe 6.S. 7edera& rade 3ommission says

identity theft is its to/ com/&aint

eBay has 8 /eo/&e comating fraud9Microsoft has 8:

Sto&en credit card account numers areregu&ar&y so&d on&ine

)3ha/ter () Security and 4thica& 3ha&&enges


4/61

3ase Study ;uestions ? 41/&ain why the reasons you gie contriute to the growth

of cyerscams


5/61

I Security, 4thics, and Society

:3ha/ter () Security and 4thica& 3ha&&enges

I has oth eneficia&and detrimenta&effects on society and/eo/&eManage work

actiities tominimie thedetrimenta& effects

of IO/timie the

eneficia& effects


6/61

Business 4thics

4thics uestions that managers confront as /artof their dai&y usiness decision making inc&ude#4uity

Cights%onesty41ercise of cor/orate /ower



7/61

3ategories of 4thica& Business

Issues

!3ha/ter () Security and 4thica& 3ha&&enges


8/61

3or/orate Socia& Ces/onsii&ity

heories Stockho&der heory Managers are agents of the stockho&ders heir on&y ethica& res/onsii&ity is to increase the /rofits of

the usiness without io&ating the &aw or engaging in

fraudu&ent /ractices Socia& 3ontract heory

3om/anies hae ethica& res/onsii&ities to a&& memers ofsociety, who a&&ow cor/orations to e1ist

Stakeho&der heory

Managers hae an ethica& res/onsii&ity to manage a firmfor the enefit of a&& its stakeho&ders

Stakeho&ders are a&& indiidua&s and grou/s that hae astake in, or c&aim on, a com/any

"3ha/ter () Security and 4thica& 3ha&&enges


9/61

0rinci/&es of echno&ogy 4thics 0ro/ortiona&ity $ he good achieed y the techno&ogy must

outweigh the harm or risk9 there must e no a&ternatie thatachiees the same or com/ara&e enefits with &ess harm orrisk

Informed 3onsent $ hose affected y the techno&ogy shou&d

understand and acce/t the risks Justice he enefits and urdens of the techno&ogy shou&d e

distriuted fair&y hose who enefit shou&d ear their fair share of the risks,

and those who do not enefit shou&d not suffer a significantincrease in risk

Minimied Cisk $ 4en if -udged acce/ta&e y the other threeguide&ines, the techno&ogy must e im/&emented so as toaoid a&& unnecessary risk

*3ha/ter () Security and 4thica& 3ha&&enges


10/61

AI0 Standards of 0rofessiona&

3onduct

(3ha/ter () Security and 4thica& 3ha&&enges


11/61

Ces/onsi&e 0rofessiona&

Guide&ines A res/onsi&e /rofessiona&Acts with integrity

Increases /ersona& com/etenceSets high standards of /ersona& /erformanceAcce/ts res/onsii&ity for hisDher workAdances the hea&th, /riacy, and genera&

we&fare of the /u&ic

((3ha/ter () Security and 4thica& 3ha&&enges


12/61

3om/uter 3rime

3om/uter crime inc&udes6nauthoried use, access, modification, or

destruction of hardware, software, data, ornetwork resources

he unauthoried re&ease of informationhe unauthoried co/ying of softwareEenying an end user access to hisDher own

hardware, software, data, or network resources6sing or cons/iring to use com/uter or

network resources i&&ega&&y to otaininformation or tangi&e /ro/erty

(23ha/ter () Security and 4thica& 3ha&&enges


13/61

3yercrime 0rotection Measures

()3ha/ter () Security and 4thica& 3ha&&enges


14/61

%acking %acking ishe osessie use of com/utershe unauthoried access and use of networked

com/uter systems 4&ectronic Breaking and 4ntering%acking into a com/uter system and reading

fi&es, ut neither stea&ing nor damaging anything

3rackerA ma&icious or crimina& hacker who maintainsknow&edge of the u&nerai&ities found for/riate adantage

(@3ha/ter () Security and 4thica& 3ha&&enges


15/61

3ommon %acking actics

Eenia& of Serice %ammering a wesite5s eui/ment with too many reuests forinformation

3&ogging the system, s&owing /erformance, or crashing the site Scans


16/61


ro-an %ouse A /rogram that, unknown to the user, contains instructions thate1/&oit a known u&nerai&ity in some software

Back Eoors A hidden /oint of entry to e used in case the origina& entry

/oint is detected or &ocked Ma&icious A//&ets

iny Jaa /rograms that misuse your com/uter5s resources,modify fi&es on the hard disk, send fake emai&, or stea&/asswords


17/61


Buffer Oerf&ow 3rashing or gaining contro& of a com/uter y sending too muchdata to uffer memory

0assword 3rackers Software that can guess /asswords

Socia& 4ngineering Gaining access to com/uter systems y ta&king unsus/ecting

com/any em/&oyees out of a&ua&e information, such as/asswords

Eum/ster Eiing Sifting through a com/any5s garage to find information to he&/

reak into their com/uters

(!3ha/ter () Security and 4thica& 3ha&&enges


18/61

3yer heft

Many com/uter crimes ino&e the theft ofmoney

he ma-ority are =inside -os> that ino&e

unauthoried network entry and a&ternation ofcom/uter dataases to coer the tracks of theem/&oyees ino&ed

Many attacks occur through the Internet

Most com/anies don5t reea& that they haeeen targets or ictims of cyercrime

("3ha/ter () Security and 4thica& 3ha&&enges


19/61

6nauthoried 6se at


20/61

Internet Auses in the


21/61

Software 0iracy

Software 0iracy6nauthoried co/ying of com/uter /rograms

+icensing0urchasing software is rea&&y a /ayment

for a &icense for fair useSite &icense a&&ows a certain numer of co/ies

2(

A third of the softwareindustry5s reenues are

&ost to /iracy



22/61

heft of Inte&&ectua& 0ro/erty

Inte&&ectua& 0ro/erty3o/yrighted materia& Inc&udes such things as music, ideos,

images, artic&es, ooks, and software 3o/yright Infringement is I&&ega&0eer$to$/eer networking techniues hae

made it easy to trade /irated inte&&ectua&/ro/erty

0u&ishers Offer Ine1/ensie On&ine Music I&&ega& down&oading of music and ideo is

down and continues to dro/



23/61

Firuses and


24/61

o/ 7ie Firus 7ami&ies of a&& ime

My Eoom, 2@ S/read ia emai& and oer aaa fi&e$sharing network Insta&&s a ack door on infected com/uters Infected emai& /oses as returned message or one that can5t e

o/ened correct&y, urging reci/ient to c&ick on attachment O/ens u/ 30 /orts that stay o/en een after termination of the

worm 6/on e1ecution, a co/y of ote/ad is o/ened, fi&&ed with

nonsense characters etsky, 2@

Mass$mai&ing worm that s/reads y emai&ing itse&f to a&& emai&

addresses found on infected com/uters ries to s/read ia /eer$to$/eer fi&e sharing y co/ying itse&f into

the shared fo&der It renames itse&f to /ose as one of 28 other common fi&es a&ong

the way

2@3ha/ter () Security and 4thica& 3ha&&enges


25/61

o/ 7ie Firus 7ami&ies of a&& ime SoBig, 2@

Mass$mai&ing emai& worm that arries asan attachment 41am/&es# [email protected]/g./if, Eocument)./if

Scans a&& .


26/61

o/ 7ie Firus 7ami&ies of a&& ime Sasser, 2@

41/&oits a Microsoft u&nerai&ity to s/read from com/uter tocom/uter with no user interention

S/awns mu&ti/&e threads that scan &oca& sunets foru&nerai&ities



27/61

he 3ost of Firuses, ro-ans,


28/61

Adware and S/yware

AdwareSoftware that /ur/orts to sere a usefu& /ur/ose,and often does

A&&ows adertisers to dis/&ay /o/$u/ and anner

ads without the consent of the com/uter users S/ywareAdware that uses an Internet connection in the

ackground, without the user5s /ermission

or know&edge3a/tures information aout the user and sends itoer the Internet

2"3ha/ter () Security and 4thica& 3ha&&enges


29/61

S/yware 0ro&ems

S/yware can stea& /riate information and a&soAdd adertising &inks to


30/61

0riacy Issues he /ower of information techno&ogy to store

and retriee information can hae a negatieeffect on eery indiidua&5s right to /riacy

0ersona& information is co&&ected with eeryisit to a


31/61

O/t$in Fersus O/t$out

O/t$InKou e1/&icit&y consent to a&&ow data to e

com/i&ed aout youhis is the defau&t in 4uro/e

O/t$OutEata can e com/i&ed aout you un&ess you

s/ecifica&&y reuest it not ehis is the defau&t in the 6.S.

)(3ha/ter () Security and 4thica& 3ha&&enges


32/61

0riacy Issues Fio&ation of 0riacy

Accessing indiidua&s5 /riate emai& conersations andcom/uter records

3o&&ecting and sharing information aout indiidua&s gainedfrom their isits to Internet wesites

3om/uter MonitoringA&ways knowing where a /erson is Moi&e and /aging serices are ecoming more c&ose&y

associated with /eo/&e than with /&aces 3om/uter Matching

6sing customer information gained from many sources tomarket additiona& usiness serices

6nauthoried Access of 0ersona& 7i&es 3o&&ecting te&e/hone numers, emai& addresses, credit card

numers, and other information to ui&d customer /rofi&es



33/61

0rotecting Kour 0riacy on the

Internet here are mu&ti/&e ways to /rotect your /riacy4ncry/t emai&Send newsgrou/ /ostings through

anonymous remai&ersAsk your IS0 not to se&& your name and

information to mai&ing &ist /roiders and

other marketersEon5t reea& /ersona& data and interests onon&ine serice and wesite user /rofi&es

))3ha/ter () Security and 4thica& 3ha&&enges


34/61

0riacy +aws 4&ectronic 3ommunications 0riacy Act

and 3om/uter 7raud and Ause Act 0rohiit interce/ting data communications messages, stea&ing or

destroying data, or tres/assing in federa&$re&ated com/utersystems

6.S. 3om/uter Matching and 0riacy Act Cegu&ates the matching of data he&d in federa& agency fi&es to

erify e&igii&ity for federa& /rograms Other &aws im/acting /riacy and how

much a com/any s/ends on com/&iance Saranes$O1&ey

%ea&th Insurance 0ortai&ity and Accountai&ity Act L%I0AA Gramm$+each$B&i&ey 6SA 0atriot Act 3a&ifornia Security Breach +aw Securities and 41change 3ommission ru&e (!a$@

)@3ha/ter () Security and 4thica& 3ha&&enges


35/61

3om/uter +ie& and 3ensorshi/ he o//osite side of the /riacy deateN

7reedom of information, s/eech, and /ress Biggest att&egrounds $ u&&etin oards, emai& o1es, and

on&ine fi&es of Internet and /u&ic networks


36/61

3yer&aw +aws intended to regu&ate actiities oer the Internet or ia

e&ectronic communication deices 4ncom/asses a wide ariety of &ega& and /o&itica& issues Inc&udes inte&&ectua& /ro/erty, /riacy, freedom of

e1/ression, and -urisdiction he intersection of techno&ogy and the &aw is controersia&

Some fee& the Internet shou&d not e regu&ated 4ncry/tion and cry/togra/hy make traditiona& form of

regu&ation difficu&t he Internet treats censorshi/ as damage and sim/&y

routes around it 3yer&aw on&y egan to emerge in (**8 Eeate continues regarding the a//&icai&ity of &ega&

/rinci/&es deried from issues that had nothing to do withcyers/ace



37/61

Other 3ha&&enges 4m/&oyment

I creates new -os and increases /roductiity It can a&so cause significant reductions in -o o//ortunities, as we&& as

reuiring new -o ski&&s 3om/uter Monitoring

6sing com/uters to monitor the /roductiity and ehaior of em/&oyees asthey work

3riticied as unethica& ecause it monitors indiidua&s, not -ust work, and isdone constant&y

3riticied as inasion of /riacy ecause many em/&oyees do not knowthey are eing monitored


38/61

%ea&th Issues

3umu&atie rauma Eisorders L3EsEisorders suffered y /eo/&e who sit at a

03 or termina& and do fast$/aced re/etitiekeystroke -os

3ar/a& unne& Syndrome0ainfu&, cri//&ing ai&ment of the hand

and wristy/ica&&y reuires surgery to cure

)"3ha/ter () Security and 4thica& 3ha&&enges


39/61

4rgonomics

Eesigning hea&thywork enironments Safe, comforta&e,

and /&easant for

/eo/&e to work in Increasesem/&oyee mora&eand /roductiity

A&so ca&&ed humanfactors

engineering

)*3ha/ter () Security and 4thica& 3ha&&enges

4rgonomics 7actors


40/61

Societa& So&utions

6sing information techno&ogies to so&e humanand socia& /ro&emsMedica& diagnosis3om/uter$assisted instruction

Goernmenta& /rogram /&anning4nironmenta& ua&ity contro&+aw enforcementJo /&acement

he detrimenta& effects of IOften caused y indiidua&s or organiations

not acce/ting ethica& res/onsii&ity for theiractions

@3ha/ter () Security and 4thica& 3ha&&enges


41/61

Security Management of I

he Internet was dee&o/ed for inter$o/erai&ity,not im/enetrai&ityBusiness managers and /rofessiona&s a&ike

are res/onsi&e for the security, ua&ity, and

/erformance of usiness information systems%ardware, software, networks, and data

resources must e /rotected y a arietyof security measures

@(3ha/ter () Security and 4thica& 3ha&&enges


42/61

3ase 2 Eata Security 7ai&ures

Security Breach %ead&ines Identity thiees sto&e information on (@:,

/eo/&e from 3hoice0ointBank of America &ost acku/ ta/es that he&d

data on oer ( mi&&ion credit card ho&dersES< had its stores5 credit card data

reached9 oer ( mi&&ion had een accessed

3or/orate America is fina&&y owning u/ to a &ong$he&d secret It can5t safeguard its most a&ua&e data



43/61

3ase Study ;uestions


44/61

Security Management

he goa& of securitymanagement is theaccuracy, integrity,

and safety of a&&information system/rocesses andresources

@@3ha/ter () Security and 4thica& 3ha&&enges


45/61

Internetworked Security Eefenses

4ncry/tionEata is transmitted in scram&ed form It is unscram&ed y com/uter systems for

authoried users on&yhe most wide&y used method uses a /air of

/u&ic and /riate keys uniue to eachindiidua&

@:3ha/ter () Security and 4thica& 3ha&&enges


46/61

0u&icD0riate ey 4ncry/tion



47/61


7irewa&&sA gatekee/er system that /rotects a

com/any5s intranets and other com/uternetworks from intrusion

0roides a fi&ter and safe transfer /oint foraccess toDfrom the Internet and othernetworks

Im/ortant for indiidua&s who connect to theInternet with ES+ or ca&e modems3an deter hacking, ut cannot /reent it

@!3ha/ter () Security and 4thica& 3ha&&enges


48/61

Internet and Intranet 7irewa&&s

@"3ha/ter () Security and 4thica& 3ha&&enges


49/61

Eenia& of Serice Attacks

Eenia& of serice attacks de/end on three&ayers of networked com/uter systemshe ictim5s wesitehe ictim5s Internet serice /roider

Pomie or s&ae com/uters that hae eencommandeered y the cyercrimina&s

@*3ha/ter () Security and 4thica& 3ha&&enges


50/61

Eefending Against Eenia& of Serice

At Pomie MachinesSet and enforce security /o&iciesScan for u&nerai&ities

At the IS0

Monitor and &ock traffic s/ikes At the Fictim5s


51/61


4mai& Monitoring6se of content monitoring software that scans

for trou&esome words that might com/romisecor/orate security

Firus Eefenses3entra&ie the u/dating and distriution of

antiirus software6se a security suite that integrates irus

/rotection with firewa&&s,


52/61

Other Security Measures Security 3odes

Mu&ti&ee& /assword system 4ncry/ted /asswords Smart cards with micro/rocessors

Backu/ 7i&es Eu/&icate fi&es of data or /rograms

Security Monitors Monitor the use of com/uters and networks 0rotects them from unauthoried use, fraud, and destruction

Biometrics 3om/uter deices measure /hysica& traits that make each

indiidua& uniue Foice recognition, finger/rints, retina scan

3om/uter 7ai&ure 3ontro&s 0reents com/uter fai&ures or minimies its effects 0reentie maintenance Arrange acku/s with a disaster recoery organiation



53/61

Other Security Measures In the eent of a system fai&ure, fault-tolerant systemshae

redundant /rocessors, /eri/hera&s, and software that /roide Fail-over capability# shifts to ack u/ com/onents Fail-save capability# the system continues to o/erate at the

same &ee& Fail-soft capability# the system continues to o/erate at a

reduced ut acce/ta&e &ee& A disaster recovery plancontains forma&ied /rocedures to fo&&ow

in the eent of a disaster


54/61

Information System 3ontro&s

Methods anddeices thatattem/t to

ensure theaccuracy,a&idity, and/ro/riety ofinformation

systemactiities

:@3ha/ter () Security and 4thica& 3ha&&enges


55/61

Auditing I Security

I Security Audits0erformed y interna& or e1terna& auditorsCeiew and ea&uation of security measures

and management /o&iciesGoa& is to ensure that that /ro/er and

adeuate measures and /o&icies are in /&ace

::3ha/ter () Security and 4thica& 3ha&&enges


56/61

0rotecting Kourse&f from

3yercrime



57/61

3ase ) Managing Information

Security O3AF4 Security 0rocess Methodo&ogy Cisk 4a&uation

Se&f$direction y /eo/&e in the organiationAda/ta&e measures that can change with techno&ogyA defined /rocess and standard ea&uation /roceduresA foundation for a continua& /rocess that im/roes

security oer time Cisk Management

A forward$&ooking iewA focus on a =critica& few> security issues Integrated management of security /o&icies and

strategies

:!3ha/ter () Security and 4thica& 3ha&&enges


58/61

3ase ) Managing Information

SecurityOrganiationa& and 3u&tura&

O/en communication of risk information

and actiities ui&d around co&&aorationA g&oa& /ers/ectie on risk in the conte1t

of the organiation5s mission and usinesso-ecties

eamwork

:"3ha/ter () Security and 4thica& 3ha&&enges


59/61



60/61

3ase @ Maintaining Software

Security Security /rofessiona&s hae ! to 2( days eforehacker5s too&s used to e1/&oit the most recentu&nerai&ities ecome aai&a&e on the InternetMicrosoft5s month&y /atch$re&ease date is

known as =0atch uesday>Security software com/anies go to work

immediate&y to u/date their /roducts6/date must e thorough&y tested eforeeing de/&oyed



61/61


security and ethical challenges.ppt

Documents