Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Chapter
13
Security and Ethical Challenges
Learning Objectives
Identify several ethical issues in how the use
of information technologies in business affects
Employment
Individuality
Working conditions
Privacy
Crime
Health
Solutions to societal problems
Learning Objectives
Identify several types of security management strategies
and defenses, and explain how they can be used to
ensure the security of business applications of
information technology
Propose several ways that business managers and
professionals can help to lessen the harmful effects and
increase the beneficial effects of the use of information
technology
Business Ethics
Ethics questions that managers confront as part of their
daily business decision making include
Equity
Rights
Honesty
Exercise of corporate power
Informed Consent
Those affected by the technology should understand and accept
the risks
Minimized Risk
Even if judged acceptable by the other three guidelines, the
technology must be implemented so as to avoid all unnecessary
risk
Responsible Professional
Guidelines
A responsible professional
Acts with integrity
Increases personal competence
Sets high standards of personal performance
Accepts responsibility for his/her work
Advances the health, privacy, and general
welfare of the public
Computer Crime
Computer crime includes
Unauthorized use, access, modification, or destruction of
hardware, software, data, or network resources
The unauthorized release of information
The unauthorized copying of software
Denying an end user access to his/her own hardware, software,
data, or network resources
Using or conspiring to use computer or network resources
illegally to obtain information or tangible property
Hacking
Hacking is
The obsessive use of computers
The unauthorized access and use of networked computer
systems
Cracker
A malicious or criminal hacker who maintains knowledge of the
vulnerabilities found for
private advantage
Scans
Widespread probes of the Internet to determine types of
computers, services, and connections
Looking for weaknesses
Spoofing
Faking an e-mail address or Web page to trick users into
passing along critical information
like passwords or credit card numbers
Back Doors
A hidden point of entry to be used in case the original entry point
is detected or blocked
Malicious Applets
Tiny Java programs that misuse your computers resources,
modify files on the hard disk, send fake email, or steal
passwords
Logic Bombs
An instruction in a computer program that triggers a malicious
act
Buffer Overflow
Crashing or gaining control of a computer by sending too much
data to buffer memory
Social Engineering
Gaining access to computer systems by talking unsuspecting
company employees out of
valuable information, such as passwords
Dumpster Diving
Sifting through a companys garbage to find information to help
break into their computers
Cyber Theft
Many computer crimes involve the theft of money
The majority are inside jobs that involve unauthorized
network entry and alternation
of computer databases to cover the tracks
of the employees involved
Many attacks occur through the Internet
Most companies dont reveal that they have
been targets or victims of cybercrime
Sniffers
Used to monitor network traffic or capacity
Find evidence of improper use
Software Piracy
Software Piracy
Unauthorized copying of computer programs
Licensing
Purchasing software is really a payment
for a license for fair use
Site license allows a certain number of copies
Scans all .WAB, .WBX, .HTML, .EML, and .TXT files looking for
email addresses to
which it can send itself
Also attempts to download updates for itself
Spyware
Adware that uses an Internet connection in the background,
without the users permission
or knowledge
Captures information about the user and sends
it over the Internet
Spyware Problems
Spyware can steal private information and also
Add advertising links to Web pages
Redirect affiliate payments
Change a users home page and search settings
Make a modem randomly call premium-rate phone numbers
Leave security holes that let Trojans in
Degrade system performance
Privacy Issues
The power of information technology to store and
retrieve information can have a negative effect on every
individuals right to privacy
Personal information is collected with every
visit to a Web site
Confidential information stored by credit
bureaus, credit card companies, and the government has been
stolen or misused
Opt-Out
Data can be compiled about you unless you specifically request
it not be
This is the default in the U.S.
Privacy Issues
Violation of Privacy
Accessing individuals private email conversations and computer
records
Collecting and sharing information about individuals gained from
their visits to
Internet websites
Computer Monitoring
Always knowing where a person is
Mobile and paging services are becoming more closely
associated with people than with places
Privacy Issues
Computer Matching
Using customer information gained from many sources to market
additional business services
Privacy Laws
Electronic Communications Privacy Act
and Computer Fraud and Abuse Act
Prohibit intercepting data communications messages, stealing or
destroying data, or trespassing in federal-related computer
systems
Privacy Laws
Other laws impacting privacy and how
much a company spends on compliance
Sarbanes-Oxley
Health Insurance Portability and
Accountability Act (HIPAA)
Gramm-Leach-Bliley
USA Patriot Act
California Security Breach Law
Securities and Exchange Commission rule 17a-4
Biggest battlegrounds
Bulletin boards
Email boxes
Online files of Internet and public networks
Spamming
Flame mail
Libel laws
Censorship
Flaming
Sending extremely critical, derogatory, and often vulgar email
messages or newsgroup posting to other users on the Internet or
online services
Especially prevalent on special-interest newsgroups
Cyberlaw
Laws intended to regulate activities over
the Internet or via electronic communication devices
Encompasses a wide variety of legal and
political issues
Includes intellectual property, privacy,
freedom of expression, and jurisdiction
Cyberlaw
The intersection of technology and the law
is controversial
Some feel the Internet should not be regulated
Encryption and cryptography make traditional form of regulation
difficult
The Internet treats censorship as damage and simply routes
around it
Other Challenges
Employment
IT creates new jobs and increases productivity
It can also cause significant reductions in job opportunities, as
well as requiring new job skills
Computer Monitoring
Using computers to monitor the productivity
and behavior of employees as they work
Criticized as unethical because it monitors individuals, not just
work, and is done constantly
Criticized as invasion of privacy because many employees do
not know they are being monitored
Other Challenges
Working Conditions
IT has eliminated monotonous or obnoxious tasks
However, some skilled craftsperson jobs have been replaced by
jobs requiring routine,
repetitive tasks or standby roles
Individuality
Dehumanizes and depersonalizes activities because computers
eliminate human relationships
Inflexible systems
Health Issues
Cumulative Trauma Disorders (CTDs)
Disorders suffered by people who sit at a
PC or terminal and do fast-paced repetitive keystroke jobs
Ergonomics
Designing healthy work environments
Safe, comfortable, and pleasant for people
to work in
Increases employee morale and productivity
Also called human factors engineering
Ergonomics Factors
Societal Solutions
Using information technologies to solve
human and social problems
Medical diagnosis
Computer-assisted instruction
Governmental program planning
Environmental quality control
Law enforcement
Job placement
Societal Solutions
The detrimental effects of
information technology
Often caused by individuals
or organizations not
accepting ethical
responsibility for
their actions
Security Management of IT
The Internet was developed for inter-operability, not
impenetrability
Business managers and professionals alike
are responsible for the security, quality, and performance of
business information systems
Hardware, software, networks, and data
resources must be protected by a variety
of security measures
Security Management
The goal of security
management is the
accuracy, integrity,
and safety of all
information system
processes and resources
At the ISP
Monitor and block traffic spikes
Virus Defenses
Centralize the updating and distribution of antivirus software
Use a security suite that integrates virus protection with firewalls,
Web security,
and content blocking features
Backup Files
Duplicate files of data or programs
Security Monitors
Monitor the use of computers and networks
Protects them from unauthorized use, fraud,
and destruction
Auditing IT Security
IT Security Audits
Performed by internal or external auditors
Review and evaluation of security measures
and management policies
Goal is to ensure that that proper and adequate measures and
policies are in place
Risk Management
A forward-looking view
A focus on a critical few security issues
Integrated management of security policies and strategies