Chapter 12

Security and Ethical Challengesof Information Systems

Security and Controls

Security and controls are a managers responsibility

Used to ensure accuracy, integrity, etc

E commerce businesses increase the need for tight security and controls

Security Requirementsfor e-commerce

1. Privacy2. Authenticity3. Integrity4. Reliability5. Blocking

Major Types of Controls

There are three categories of controls for e-commerce and information systems Information System controls Procedural controls Facility controls

IS controls

Used to ensure the accuracy, validity, and propriety of information system activities

Input controls - necessary to ensure that data types are correct, formats are correct etc

Usually some sort of transaction audit trail, batch total, hash totals (addition of characters in a field correct to spec)

Processing Controls

Identification of incorrect processing is essential to good information system use Hardware controls ensure that the electronic

portion of the processing function is correct Software controls ensure that the logic is

correct, input files are correct, destination files are writing correctly

Output controls ensure that reports are correct, complete, are going to the correct destination

Storage Controls

Storage controls ensure data integrity, data security, user authentication, user authorization

Naming conventionsBackup filesGeneration data groups

Facility Controls

Protection of hardware, software, network resources

Network security System security applications - software

that monitors usage, users Encryption - Organized method of

scrambling data packets being transmitted over a network

Network Security cont

Firewalls - An electronic security guard at the front end of the network Best to use separate hardware

components Requires a software component Can deter and slow down unauthorized

use and access Can be configured to meet users needs

Physical security

Computer centers need to be behind locked doors

Biometric security devices are becoming more available and viable

Failure controls - needed to minimize interruptions due to power outages, hardware malfunctions, etc

Procedural controls

Outlines standards of operationDocumentation Requirements for authorization of

usersDisaster recovery planning - what to

do in emergenciesEnd user control

Auditing Information Systems

There is a need for internal and external audits of an organization

There are two ways to effect this task using information systems Audits through the system - verification of

all aspects of IS including programs Audits around the system - verification of

data and output Audit trails/control logs

Ethical and Societal Challenges of IT

There are multiple challenges in the business world that involve ethics

IT increases the ethical considerations

Many ethical philosophies and models that shape our ethical makeup

IT and employment

Introducing information technology into an organization can create and eliminate jobs

Reduction in individuality - automated processes minimize individual influence

This creates some loss of identity in workers

Computerized monitoring

Privacy Issues

Computerized work monitoring has been scrutinized as invading privacy

E-mail privacy issuesAssembling unauthorized data files

on individualsTracking via electronic trails

Internet Privacy

The Internet is not as anonymous as most would want to believe

CookiesAnonymous remailers allow for newsgroup

postings through a third partySpamming - Unsolicited emailsFlaming - Verbal attacks, threats via bbs,

newsgroups

Internet crime

Theft of service Software theftAlteration of online databasesMalicious hackingVirus problems

Employee health issues

Although computer users are not subject to on the job injuries like a machine worker would be, there are some definite health issues

Cumulative trauma disorders such as carpal tunnel syndrome are common among heavy users

Health issues cont

Exposure to radiationErgonomic considerations

You and ethical responsibility

Responsible for ethical use and decisions

Think about societal ramifications in decision making

Character is what you do when no one is looking