Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
13
Security and Ethical Challenges
McGraw-Hill/Irwin
Learning Objectives
Identify several ethical issues in how the use
of information technologies in business affects
Employment
Individuality
Working conditions
Privacy
Crime
Health
Solutions to societal problems
13-2
Learning Objectives
Identify several types of security management
strategies and defenses, and explain how they
can be used to ensure the security of business
applications of information technology
13-3
13-5
13-6
13-7
13-8
Business Ethics
Ethics questions that managers confront as part
of their daily business decision making include
Equity
Rights
Honesty
Exercise of corporate power
13-9
13-10
13-11
13-12
Informed Consent
Those affected by the technology should
understand and accept the risks
13-13
Minimized Risk
Even if judged acceptable by the other three
guidelines, the technology must be implemented
so as to avoid all unnecessary risk
13-14
13-15
13-16
Computer Crime
Computer crime includes
Unauthorized use, access, modification, or
destruction of hardware, software, data, or
network resources
The unauthorized release of information
The unauthorized copying of software
Denying an end user access to his/her own
hardware, software, data, or network resources
Using or conspiring to use computer or network
resources illegally to obtain information or
tangible property
13-17
13-18
Hacking
Hacking is
The obsessive use of computers
The unauthorized access and use of networked
computer systems
Cracker
A malicious or criminal hacker who maintains
knowledge of the vulnerabilities found for
private advantage
13-19
Scans
Widespread probes of the Internet to determine
types of computers, services, and connections
Looking for weaknesses
13-20
Spoofing
Faking an e-mail address or Web page to trick
users into passing along critical information
like passwords or credit card numbers
13-21
Back Doors
A hidden point of entry to be used in case the
original entry point is detected or blocked
Malicious Applets
Tiny Java programs that misuse your computers
resources, modify files on the hard disk, send
fake email, or steal passwords
13-22
Logic Bombs
An instruction in a computer program that
triggers a malicious act
Buffer Overflow
Crashing or gaining control of a computer by
sending too much data to buffer memory
13-23
Social Engineering
Gaining access to computer systems by talking
unsuspecting company employees out of
valuable information, such as passwords
Dumpster Diving
Sifting through a companys garbage to find
information to help break into their computers
13-24
Cyber Theft
Many computer crimes involve the theft of
money
The majority are inside jobs that involve
unauthorized network entry and alternation
of computer databases to cover the tracks
of the employees involved
Many attacks occur through the Internet
Most companies dont reveal that they have
been targets or victims of cybercrime
13-25
Sniffers
Used to monitor network traffic or capacity
Find evidence of improper use
13-26
Software Piracy
Software Piracy
Unauthorized copying of computer programs
Licensing
Purchasing software is really a payment
for a license for fair use
Site license allows a certain number of copies
A third of the software
industrys revenues are
lost to piracy
13-28
13-32
13-33
13-35
13-36
Spyware
Adware that uses an Internet connection in the
background, without the users permission
or knowledge
Captures information about the user and sends
it over the Internet
13-37
Spyware Problems
Spyware can steal private information and also
Privacy Issues
The power of information technology to store
and retrieve information can have a negative
effect on every individuals right to privacy
Personal information is collected with every
visit to a Web site
Confidential information stored by credit
bureaus, credit card companies, and the
government has been stolen or misused
13-39
Opt-Out
Data can be compiled about you unless you
specifically request it not be
This is the default in the U.S.
13-40
Privacy Issues
Violation of Privacy
Accessing individuals private email
conversations and computer records
Collecting and sharing information about
individuals gained from their visits to
Internet websites
Computer Monitoring
Always knowing where a person is
Mobile and paging services are becoming more
closely associated with people than with places
13-41
Privacy Issues
Computer Matching
Using customer information gained from many
sources to market additional business services
13-42
13-43
Privacy Laws
Electronic Communications Privacy Act
and Computer Fraud and Abuse Act
Prohibit intercepting data communications
messages, stealing or destroying data, or
trespassing in federal-related computer systems
13-44
Privacy Laws
Other laws impacting privacy and how
much a company spends on compliance
Sarbanes-Oxley
Health Insurance Portability and
Accountability Act (HIPAA)
Gramm-Leach-Bliley
USA Patriot Act
California Security Breach Law
Securities and Exchange Commission rule 17a-4
13-45
Biggest battlegrounds
Bulletin boards
Email boxes
Online files of Internet and public networks
Spamming
Flame mail
Libel laws
Censorship
13-46
Flaming
Sending extremely critical, derogatory, and often
vulgar email messages or newsgroup posting to
other users on the Internet or online services
Especially prevalent on special-interest
newsgroups
13-47
Cyberlaw
Laws intended to regulate activities over
the Internet or via electronic communication
devices
Encompasses a wide variety of legal and
political issues
Includes intellectual property, privacy,
freedom of expression, and jurisdiction
13-48
Cyberlaw
The intersection of technology and the law
is controversial
Some feel the Internet should not be regulated
Encryption and cryptography make traditional
form of regulation difficult
The Internet treats censorship as damage and
simply routes around it
Other Challenges
Employment
IT creates new jobs and increases productivity
It can also cause significant reductions in job
opportunities, as well as requiring new job skills
Computer Monitoring
Using computers to monitor the productivity
and behavior of employees as they work
Criticized as unethical because it monitors
individuals, not just work, and is done constantly
Criticized as invasion of privacy because many
employees do not know they are being monitored
13-50
Other Challenges
Working Conditions
IT has eliminated monotonous or obnoxious tasks
However, some skilled craftsperson jobs have
been replaced by jobs requiring routine,
repetitive tasks or standby roles
Individuality
Dehumanizes and depersonalizes activities
because computers eliminate human relationships
Inflexible systems
13-51
Health Issues
Cumulative Trauma Disorders (CTDs)
Disorders suffered by people who sit at a
PC or terminal and do fast-paced repetitive
keystroke jobs
13-52
Ergonomics
Designing healthy work environments
Safe, comfortable, and pleasant for people
to work in
Increases employee morale and productivity
Also called human factors engineering
13-53
Ergonomics Factors
13-54
Societal Solutions
Using information technologies to solve
human and social problems
Medical diagnosis
Computer-assisted instruction
Governmental program planning
Environmental quality control
Law enforcement
Job placement
13-55
Societal Solutions
The detrimental effects of
information technology
Often caused by individuals
or organizations not
accepting ethical
responsibility for
their actions
13-56
Security Management of IT
The Internet was developed for inter-operability,
not impenetrability
Business managers and professionals alike
are responsible for the security, quality, and
performance of business information systems
Hardware, software, networks, and data
resources must be protected by a variety
of security measures
13-57
13-59
13-60
Security Management
The goal of security
management is the
accuracy, integrity,
and safety of all
information system
processes and resources
13-61
13-62
13-63
13-64
13-65
13-66
At the ISP
Monitor and block traffic spikes
13-67
Virus Defenses
Centralize the updating and distribution of
antivirus software
Use a security suite that integrates virus
protection with firewalls, Web security,
and content blocking features
13-68
Backup Files
Duplicate files of data or programs
Security Monitors
Monitor the use of computers and networks
Protects them from unauthorized use, fraud,
and destruction
13-69
13-71
13-72
13-73
Auditing IT Security
IT Security Audits
Performed by internal or external auditors
Review and evaluation of security measures
and management policies
Goal is to ensure that that proper and adequate
measures and policies are in place
13-74
13-75
Risk Management
A forward-looking view
A focus on a critical few security issues
Integrated management of security policies and
strategies
13-76
13-77
13-78
13-79
13-80
13-81