-
7/31/2019 Management Information System Chapter 13 GTU MBA
1/71
13-1
-
7/31/2019 Management Information System Chapter 13 GTU MBA
2/71
13-2
-
7/31/2019 Management Information System Chapter 13 GTU MBA
3/71
13-3
-
7/31/2019 Management Information System Chapter 13 GTU MBA
4/71
Chapter
13Security and EthicalChallenges
-
7/31/2019 Management Information System Chapter 13 GTU MBA
5/71
Learning Objectives
Identify several ethical issues in how the useof information technologies in business affects
Employment
Individuality
Working conditions
Privacy Crime
Health
Solutions to societal problems
13-5
-
7/31/2019 Management Information System Chapter 13 GTU MBA
6/71
Learning Objectives
Identify several types of security managementstrategies and defenses, and explain how theycan be used to ensure the security of businessapplications of information technology
Propose several ways that business managers
and professionals can help to lessen the harmfuleffects and increase the beneficial effects of theuse of information technology
13-6
-
7/31/2019 Management Information System Chapter 13 GTU MBA
7/71
IT Security, Ethics, and Society
13-7
-
7/31/2019 Management Information System Chapter 13 GTU MBA
8/71
IT Security, Ethics, and Society
Information technology has both beneficialand detrimental effects on society and people
Manage work activities to minimize thedetrimental effects of information technology
Optimize the beneficial effects
13-8
-
7/31/2019 Management Information System Chapter 13 GTU MBA
9/71
Business Ethics
Ethics questions that managers confront as partof their daily business decision making include
Equity
Rights
Honesty
Exercise of corporate power
13-9
-
7/31/2019 Management Information System Chapter 13 GTU MBA
10/71
Categories of Ethical Business Issues
10
-
7/31/2019 Management Information System Chapter 13 GTU MBA
11/71
Corporate Social ResponsibilityTheories Stockholder Theory
Managers are agents of the stockholders Their only ethical responsibility is to increase
the profits of the business without violating thelaw or engaging in fraudulent practices
Social Contract Theory
Companies have ethical responsibilities to allmembers of society, who allow corporations
to exist
13-11
-
7/31/2019 Management Information System Chapter 13 GTU MBA
12/71
Corporate Social ResponsibilityTheories Stakeholder Theory
Managers have an ethical responsibility to managea firm for the benefit of all its stakeholders
Stakeholders are all individuals and groupsthat have a stake in, or claim on, a company
12
-
7/31/2019 Management Information System Chapter 13 GTU MBA
13/71
Principles of Technology Ethics
Proportionality
The good achieved by the technology mustoutweigh the harm or risk; there must be noalternative that achieves the same orcomparable benefits with less harm or risk
Informed Consent Those affected by the technology should
understand and accept the risks
13
-
7/31/2019 Management Information System Chapter 13 GTU MBA
14/71
Principles of Technology Ethics Justice
The benefits and burdens of the technology shouldbe distributed fairly.
Those who benefit should bear their fair shareof the risks, and those who do not benefit shouldnot suffer a significant increase in risk
Minimized Risk
Even if judged acceptable by the other threeguidelines, the technology must be implemented
so as to avoid all unnecessary risk
14
-
7/31/2019 Management Information System Chapter 13 GTU MBA
15/71
AITP Standards of Professional Conduct
15
16
-
7/31/2019 Management Information System Chapter 13 GTU MBA
16/71
Responsible Professional Guidelines
A responsible professional
Acts with integrity
Increases personal competence
Sets high standards of personal performance
Accepts responsibility for his/her work
Advances the health, privacy, and generalwelfare of the public
16
17
-
7/31/2019 Management Information System Chapter 13 GTU MBA
17/71
Computer Crime
Computer crime includes
Unauthorized use, access, modification, or destruction
of hardware, software, data, or network resources
The unauthorized release of information
The unauthorized copying of software
Denying an end user access to his/her own hardware,software, data, or network resources
Using or conspiring to use computer or networkresources illegally to obtain information or tangibleproperty
17
18
-
7/31/2019 Management Information System Chapter 13 GTU MBA
18/71
Cybercrime Protection Measures
18
19
-
7/31/2019 Management Information System Chapter 13 GTU MBA
19/71
Hacking Hacking is
The obsessive use of computers
The unauthorized access and use of networkedcomputer systems
Electronic Breaking and Entering Hacking into a computer system and reading files, but
neither stealing nor damaging anything Cracker
A malicious or criminal hacker who maintainsknowledge of the vulnerabilities found for
private advantage
19
20
-
7/31/2019 Management Information System Chapter 13 GTU MBA
20/71
Common Hacking Tactics Denial of Service
Hammering a websites equipment with too
many requests for information
Clogging the system, slowing performance,or crashing the site
Scans Widespread probes of the Internet to determine
types of computers, services, and connections
Looking for weaknesses
20
21
-
7/31/2019 Management Information System Chapter 13 GTU MBA
21/71
Common Hacking Tactics
Sniffer
Programs that search individual packets ofdata as they pass through the Internet
Capturing passwords or entire contents
Spoofing
Faking an e-mail address or Web page to trickusers into passing along critical informationlike passwords or credit card numbers
21
22
-
7/31/2019 Management Information System Chapter 13 GTU MBA
22/71
Common Hacking Tactics
Trojan House A program that, unknown to the user, contains
instructions that exploit a known vulnerabilityin some software
Back Doors A hidden point of entry to be used in case the
original entry point is detected or blocked
Malicious Applets Tiny Java programs that misuse your computersresources, modify files on the hard disk, send fakeemail, or steal passwords
22
23
-
7/31/2019 Management Information System Chapter 13 GTU MBA
23/71
Common Hacking Tactics War Dialing
Programs that automatically dial thousands of
telephone numbers in search of a way in through amodem connection
Logic Bombs An instruction in a computer program that
triggers a malicious act
Buffer Overflow Crashing or gaining control of a computer by
sending too much data to buffer memory
23
24
-
7/31/2019 Management Information System Chapter 13 GTU MBA
24/71
Common Hacking Tactics Password Crackers
Software that can guess passwords
Social Engineering
Gaining access to computer systems by talkingunsuspecting company employees out ofvaluable information, such as passwords
Dumpster Diving
Sifting through a companys garbage to findinformation to help break into their computers
24
25
-
7/31/2019 Management Information System Chapter 13 GTU MBA
25/71
Cyber Theft Many computer crimes involve the theft of
money
The majority are inside jobs that involveunauthorized network entry and alternationof computer databases to cover the tracksof the employees involved
Many attacks occur through the Internet
Most companies dont reveal that they havebeen targets or victims of cybercrime
25
26
-
7/31/2019 Management Information System Chapter 13 GTU MBA
26/71
Unauthorized Use at Work Unauthorized use of computer systems and
networks is time and resource theft
Doing private consulting Doing personal finances
Playing video games
Unauthorized use of the Internet or company
networks Sniffers
Used to monitor network traffic or capacity
Find evidence of improper use
26
27
-
7/31/2019 Management Information System Chapter 13 GTU MBA
27/71
Internet Abuses in the Workplace General email abuses Unauthorized usage and access
Copyright infringement/plagiarism Newsgroup postings Transmission of confidential data Pornography Hacking
Non-work-related download/upload Leisure use of the Internet Use of external ISPs Moonlighting
27
28
-
7/31/2019 Management Information System Chapter 13 GTU MBA
28/71
Software Piracy
Software Piracy
Unauthorized copying of computer programs
Licensing
Purchasing software is really a paymentfor a license for fair use
Site license allows a certain number of copies
28
A third of the software
industrys revenues are
lost to piracy
29
-
7/31/2019 Management Information System Chapter 13 GTU MBA
29/71
Theft of Intellectual Property Intellectual Property
Copyrighted material
Includes such things as music, videos, images, articles,books, and software
Copyright Infringement is Illegal
Peer-to-peer networking techniques have made
it easy to trade pirated intellectual property
Publishers Offer Inexpensive Online Music
Illegal downloading of music and video isdown and continues to drop
29
30
-
7/31/2019 Management Information System Chapter 13 GTU MBA
30/71
Viruses and Worms A virus is a program that cannot work without being
inserted into another program
A worm can run unaided These programs copy annoying or destructive
routines into networked computers Copy routines spread the virus
Commonly transmitted through The Internet and online services Email and file attachments Disks from contaminated computers Shareware
30
31
-
7/31/2019 Management Information System Chapter 13 GTU MBA
31/71
Top Five Virus Families of all Time My Doom, 2004
Spread via email and over Kazaa file-sharing network
Installs a back door on infected computers
Infected email poses as returned message or one thatcant be opened correctly, urging recipientto click on attachment
Opens up TCP ports that stay open even aftertermination of the worm
Upon execution, a copy of Notepad is opened, filledwith nonsense characters
31
32
-
7/31/2019 Management Information System Chapter 13 GTU MBA
32/71
Top Five Virus Families of all Time
Netsky, 2004
Mass-mailing worm that spreads by emailing itselfto all email addresses found on infectedcomputers
Tries to spread via peer-to-peer file sharing
by copying itself into the shared folder It renames itself to pose as one of 26 other
common files along the way
32
33
-
7/31/2019 Management Information System Chapter 13 GTU MBA
33/71
Top Five Virus Families of all Time SoBig, 2004
Mass-mailing email worm that arrives asan attachment
Examples: Movie_0074.mpg.pif, Document003.pif
Scans all .WAB, .WBX, .HTML, .EML, and .TXT
files looking for email addresses towhich it can send itself
Also attempts to download updates for itself
33
34
-
7/31/2019 Management Information System Chapter 13 GTU MBA
34/71
Top Five Virus Families of all Time Klez, 2002
A mass-mailing email worm that arrives
with a randomly named attachment
Exploits a known vulnerability in MSOutlook to auto-execute on unpatched clients
Tries to disable virus scanners and then copy itself to
all local and networked drives with a random file name
Deletes all files on the infected machine andany mapped network drives on the 13th of all even-numbered months
34
35
-
7/31/2019 Management Information System Chapter 13 GTU MBA
35/71
Top Five Virus Families of all Time Sasser, 2004
Exploits a Microsoft vulnerability to spreadfrom computer to computer with no userintervention
Spawns multiple threads that scan local subnets
for vulnerabilities
36
-
7/31/2019 Management Information System Chapter 13 GTU MBA
36/71
The Cost of Viruses, Trojans, Worms
Cost of the top five virus families
Nearly 115 million computers in 200 countrieswere infected in 2004
Up to 11 million computers are believed tobe permanently infected
In 2004, total economic damage from virusproliferation was $166 to $202 billion
Average damage per computer is between$277 and $366
37
-
7/31/2019 Management Information System Chapter 13 GTU MBA
37/71
Adware and Spyware
Adware
Software that purports to serve a useful purpose,and often does
Allows advertisers to display pop-up and bannerads without the consent of the computer users
Spyware
Adware that uses an Internet connection in thebackground, without the users permissionor knowledge
Captures information about the user and sendsit over the Internet
38
-
7/31/2019 Management Information System Chapter 13 GTU MBA
38/71
Spyware Problems
Spyware can steal private information and also Add advertising links to Web pages
Redirect affiliate payments
Change a users home page and search settings Make a modem randomly call premium-rate
phone numbers
Leave security holes that let Trojans in
Degrade system performance
Removal programs are often not completelysuccessful in eliminating spyware
39
-
7/31/2019 Management Information System Chapter 13 GTU MBA
39/71
Privacy Issues
The power of information technology to storeand retrieve information can have a negativeeffect on every individuals right to privacy
Personal information is collected with everyvisit to a Web site
Confidential information stored by creditbureaus, credit card companies, and the
government has been stolen or misused
40
-
7/31/2019 Management Information System Chapter 13 GTU MBA
40/71
Opt-in Versus Opt-out
Opt-In You explicitly consent to allow data to be compiled
about you
This is the default in Europe Opt-Out
Data can be compiled about you unless youspecifically request it not be
This is the default in the U.S.
41
-
7/31/2019 Management Information System Chapter 13 GTU MBA
41/71
Privacy Issues
Violation of Privacy
Accessing individuals private email conversationsand computer records
Collecting and sharing information aboutindividuals gained from their visits toInternet websites
Computer Monitoring
Always knowing where a person is
Mobile and paging services are becoming moreclosely associated with people than with places
42
-
7/31/2019 Management Information System Chapter 13 GTU MBA
42/71
Privacy Issues
Computer Matching
Using customer information gained from many
sources to market additional business services
Unauthorized Access of Personal Files
Collecting telephone numbers, email addresses,
credit card numbers, and other information tobuild customer profiles
43
-
7/31/2019 Management Information System Chapter 13 GTU MBA
43/71
Protecting Your Privacy on the Internet
There are multiple ways to protect your privacy
Encrypt email
Send newsgroup postings through anonymousremailers
Ask your ISP not to sell your name and
information to mailing list providers andother marketers
Dont reveal personal data and interests ononline service and website user profiles
44
-
7/31/2019 Management Information System Chapter 13 GTU MBA
44/71
Privacy Laws Electronic Communications Privacy Act
and Computer Fraud and Abuse Act
Prohibit intercepting data communicationsmessages, stealing or destroying data, ortrespassing in federal-related computer systems
U.S. Computer Matching and Privacy Act Regulates the matching of data held in
federal agency files to verify eligibilityfor federal programs
45
-
7/31/2019 Management Information System Chapter 13 GTU MBA
45/71
Privacy Laws Other laws impacting privacy and how
much a company spends on compliance
Sarbanes-Oxley Health Insurance Portability and
Accountability Act (HIPAA)
Gramm-Leach-Bliley
USA Patriot Act
California Security Breach Law
Securities and Exchange Commission rule 17a-4
46
-
7/31/2019 Management Information System Chapter 13 GTU MBA
46/71
Computer Libel and Censorship The opposite side of the privacy debate
Freedom of information, speech, and press
Biggest battlegrounds Bulletin boards Email boxes Online files of Internet and public networks
Weapons used in this battle Spamming Flame mail Libel laws Censorship
47
-
7/31/2019 Management Information System Chapter 13 GTU MBA
47/71
Computer Libel and Censorship Spamming
Indiscriminate sending of unsolicited emailmessages to many Internet users
Flaming
Sending extremely critical, derogatory, and often
vulgar email messages or newsgroup posting toother users on the Internet or online services
Especially prevalent on special-interestnewsgroups
48
-
7/31/2019 Management Information System Chapter 13 GTU MBA
48/71
Cyberlaw Laws intended to regulate activities over
the Internet or via electronic communication
devices
Encompasses a wide variety of legal andpolitical issues
Includes intellectual property, privacy,freedom of expression, and jurisdiction
49
-
7/31/2019 Management Information System Chapter 13 GTU MBA
49/71
Cyberlaw
The intersection of technology and the lawis controversial Some feel the Internet should not be regulated
Encryption and cryptography make traditionalform of regulation difficult
The Internet treats censorship as damage andsimply routes around it
Cyberlaw only began to emerge in 1996 Debate continues regarding the applicability
of legal principles derived from issues thathad nothing to do with cyberspace
50
-
7/31/2019 Management Information System Chapter 13 GTU MBA
50/71
Other Challenges Employment
IT creates new jobs and increases productivity
It can also cause significant reductions in jobopportunities, as well as requiring new job skills
Computer Monitoring Using computers to monitor the productivity
and behavior of employees as they work Criticized as unethical because it monitorsindividuals, not just work, and is done constantly
Criticized as invasion of privacy because manyemployees do not know they are being monitored
51
-
7/31/2019 Management Information System Chapter 13 GTU MBA
51/71
Other Challenges Working Conditions
IT has eliminated monotonous or obnoxious tasks
However, some skilled craftsperson jobs havebeen replaced by jobs requiring routine,repetitive tasks or standby roles
Individuality
Dehumanizes and depersonalizes activitiesbecause computers eliminate human relationships
Inflexible systems
52
-
7/31/2019 Management Information System Chapter 13 GTU MBA
52/71
Health Issues Cumulative Trauma Disorders (CTDs)
Disorders suffered by people who sit at aPC or terminal and do fast-paced repetitivekeystroke jobs
Carpal Tunnel Syndrome
Painful, crippling ailment of the handand wrist
Typically requires surgery to cure
53
-
7/31/2019 Management Information System Chapter 13 GTU MBA
53/71
Ergonomics Designing healthy work environments
Safe, comfortable, and pleasant for peopleto work in
Increases employee morale and productivity
Also called human factors engineering
54
-
7/31/2019 Management Information System Chapter 13 GTU MBA
54/71
Ergonomics Factors
55
-
7/31/2019 Management Information System Chapter 13 GTU MBA
55/71
Societal Solutions Using information technologies to solve
human and social problems
Medical diagnosis
Computer-assisted instruction
Governmental program planning
Environmental quality control
Law enforcement
Job placement
56
-
7/31/2019 Management Information System Chapter 13 GTU MBA
56/71
Societal Solutions The detrimental effects of
information technology
Often caused by individualsor organizations notaccepting ethicalresponsibility fortheir actions
57
-
7/31/2019 Management Information System Chapter 13 GTU MBA
57/71
Security Management of IT The Internet was developed for inter-operability,
not impenetrability
Business managers and professionals alikeare responsible for the security, quality, andperformance of business information systems
Hardware, software, networks, and dataresources must be protected by a varietyof security measures
58
-
7/31/2019 Management Information System Chapter 13 GTU MBA
58/71
Internetworked Security Defenses Encryption
Data is transmitted in scrambled form
It is unscrambled by computer systems forauthorized users only
The most widely used method uses a pair of public
and private keys unique to each individual
59
-
7/31/2019 Management Information System Chapter 13 GTU MBA
59/71
Public/Private Key Encryption
60
-
7/31/2019 Management Information System Chapter 13 GTU MBA
60/71
Internetworked Security Defenses Firewalls
A gatekeeper system that protects a companys
intranets and other computer networks fromintrusion
Provides a filter and safe transfer point for
access to/from the Internet and other networks Important for individuals who connect to the
Internet with DSL or cable modems
Can deter hacking, but cannot prevent it
61
-
7/31/2019 Management Information System Chapter 13 GTU MBA
61/71
Internet and Intranet Firewalls
62
-
7/31/2019 Management Information System Chapter 13 GTU MBA
62/71
Denial of Service Attacks Denial of service attacks depend on three
layers of networked computer systems
The victims website
The victims Internet service provider
Zombie or slave computers that have been
commandeered by the cybercriminals
63
-
7/31/2019 Management Information System Chapter 13 GTU MBA
63/71
Defending Against Denial of Service
At Zombie Machines
Set and enforce security policies
Scan for vulnerabilities
At the ISP
Monitor and block traffic spikes
At the Victims Website
Create backup servers and network connections
64
-
7/31/2019 Management Information System Chapter 13 GTU MBA
64/71
Internetworked Security Defenses Email Monitoring
Use of content monitoring software that scans
for troublesome words that might compromisecorporate security
Virus Defenses
Centralize the updating and distribution ofantivirus software
Use a security suite that integrates virusprotection with firewalls, Web security,and content blocking features
65
-
7/31/2019 Management Information System Chapter 13 GTU MBA
65/71
Other Security Measures Security Codes
Multilevel password system
Encrypted passwords Smart cards with microprocessors
Backup Files
Duplicate files of data or programs
Security Monitors Monitor the use of computers and networks
Protects them from unauthorized use, fraud,and destruction
66
-
7/31/2019 Management Information System Chapter 13 GTU MBA
66/71
Other Security Measures Biometrics
Computer devices measure physical traits
that make each individual unique Voice recognition, fingerprints, retina scan
Computer Failure Controls
Prevents computer failures or minimizes
its effects Preventive maintenance
Arrange backups with a disaster recoveryorganization
67
-
7/31/2019 Management Information System Chapter 13 GTU MBA
67/71
Other Security Measures In the event of a system failure, fault-tolerant
systems have redundant processors,
peripherals, and software that provide Fail-over capability: shifts to back up
components
Fail-save capability: the system continuesto operate at the same level
Fail-soft capability: the system continuesto operate at a reduced but acceptable level
68
-
7/31/2019 Management Information System Chapter 13 GTU MBA
68/71
Other Security Measures Adisaster recovery plan contains formalized
procedures to follow in the event of a disaster
Which employees will participate What their duties will be
What hardware, software, and facilitieswill be used
Priority of applications that will be processed
Use of alternative facilities
Offsite storage of databases
69
-
7/31/2019 Management Information System Chapter 13 GTU MBA
69/71
Information System Controls Methods and devices that attempt to ensure the
accuracy, validity, and propriety of information
system activities
70
-
7/31/2019 Management Information System Chapter 13 GTU MBA
70/71
Auditing IT Security IT Security Audits
Performed by internal or external auditors
Review and evaluation of security measuresand management policies
Goal is to ensure that that proper and adequate
measures and policies are in place
71
-
7/31/2019 Management Information System Chapter 13 GTU MBA
71/71
Protecting Yourself from Cybercrime