chapter 12 security and ethical challenges of information systems
TRANSCRIPT
Chapter 12
Security and Ethical Challengesof Information Systems
Security and Controls
Security and controls are a managers responsibility
Used to ensure accuracy, integrity, etc
E commerce businesses increase the need for tight security and controls
Security Requirementsfor e-commerce
1. Privacy2. Authenticity3. Integrity4. Reliability5. Blocking
Major Types of Controls
There are three categories of controls for e-commerce and information systems Information System controls Procedural controls Facility controls
IS controls
Used to ensure the accuracy, validity, and propriety of information system activities
Input controls - necessary to ensure that data types are correct, formats are correct etc
Usually some sort of transaction audit trail, batch total, hash totals (addition of characters in a field correct to spec)
Processing Controls
Identification of incorrect processing is essential to good information system use Hardware controls ensure that the electronic
portion of the processing function is correct Software controls ensure that the logic is
correct, input files are correct, destination files are writing correctly
Output controls ensure that reports are correct, complete, are going to the correct destination
Storage Controls
Storage controls ensure data integrity, data security, user authentication, user authorization
Naming conventionsBackup filesGeneration data groups
Facility Controls
Protection of hardware, software, network resources
Network security System security applications - software
that monitors usage, users Encryption - Organized method of
scrambling data packets being transmitted over a network
Network Security cont
Firewalls - An electronic security guard at the front end of the network Best to use separate hardware
components Requires a software component Can deter and slow down unauthorized
use and access Can be configured to meet users needs
Physical security
Computer centers need to be behind locked doors
Biometric security devices are becoming more available and viable
Failure controls - needed to minimize interruptions due to power outages, hardware malfunctions, etc
Procedural controls
Outlines standards of operationDocumentation Requirements for authorization of
usersDisaster recovery planning - what to
do in emergenciesEnd user control
Auditing Information Systems
There is a need for internal and external audits of an organization
There are two ways to effect this task using information systems Audits through the system - verification of
all aspects of IS including programs Audits around the system - verification of
data and output Audit trails/control logs
Ethical and Societal Challenges of IT
There are multiple challenges in the business world that involve ethics
IT increases the ethical considerations
Many ethical philosophies and models that shape our ethical makeup
IT and employment
Introducing information technology into an organization can create and eliminate jobs
Reduction in individuality - automated processes minimize individual influence
This creates some loss of identity in workers
Computerized monitoring
Privacy Issues
Computerized work monitoring has been scrutinized as invading privacy
E-mail privacy issuesAssembling unauthorized data files
on individualsTracking via electronic trails
Internet Privacy
The Internet is not as anonymous as most would want to believe
CookiesAnonymous remailers allow for newsgroup
postings through a third partySpamming - Unsolicited emailsFlaming - Verbal attacks, threats via bbs,
newsgroups
Internet crime
Theft of service Software theftAlteration of online databasesMalicious hackingVirus problems
Employee health issues
Although computer users are not subject to on the job injuries like a machine worker would be, there are some definite health issues
Cumulative trauma disorders such as carpal tunnel syndrome are common among heavy users
Health issues cont
Exposure to radiationErgonomic considerations
You and ethical responsibility
Responsible for ethical use and decisions
Think about societal ramifications in decision making
Character is what you do when no one is looking