fundamentals of information systems fourth edition chapter 9 the personal and social impact of...
TRANSCRIPT
Fundamentals of Information Systems
Fourth Edition
Chapter 9
The Personal and Social Impact of Computers
Fundamentals of Information Systems, Fourth Edition 2
Principles and Learning Objectives
• Policies and procedures must be established to avoid computer waste and mistakes– Describe some examples of waste and mistakes in
an IS environment, their causes, and possible solutions
– Identify policies and procedures useful in eliminating waste and mistakes
– Discuss the principles and limits of an individual’s right to privacy
Fundamentals of Information Systems, Fourth Edition 3
Principles and Learning Objectives (continued)
• Computer crime is a serious and rapidly growing area of concern requiring management attention– Explain the types and effects of computer crime– Identify specific measures to prevent computer crime
Fundamentals of Information Systems, Fourth Edition 4
Principles and Learning Objectives (continued)
• Jobs, equipment, and working conditions must be designed to avoid negative health effects– List the important effects of computers on the work
environment– Identify specific actions that must be taken to ensure
the health and safety of employees– Outline criteria for the ethical use of information
systems
Fundamentals of Information Systems, Fourth Edition 5
Why Learn About Security, Privacy, and Ethical Issues in Information
Systems and the Internet?
• Many nontechnical issues associated with ISs• Human Resource employees need to:
– Prevent computer waste and mistakes– Avoid privacy violations– Comply with laws about:
• Collecting customer data• Monitoring employees
• Employees, IS users, and Internet users need to: – Avoid crime, fraud, privacy invasion
Fundamentals of Information Systems, Fourth Edition 6
Computer Waste and Mistakes
• Computer waste– Inappropriate use of computer technology and
resources
• Computer-related mistakes– Errors, failures, and other computer problems that
make computer output incorrect or not useful
Fundamentals of Information Systems, Fourth Edition 7
Computer Waste
• Cause: improper management of information systems and resources– Discarding old software and even complete
computer systems when they still have value– Building and maintaining complex systems that are
never used to their fullest extent– Using corporate time and technology for personal
use– Spam
Fundamentals of Information Systems, Fourth Edition 8
Computer-Related Mistakes
• Causes– Failure by users to follow proper procedures– Unclear expectations and a lack of feedback– Program development that contains errors– Incorrect data entry by data-entry clerk
Fundamentals of Information Systems, Fourth Edition 9
Preventing Computer-Related Waste and Mistakes
• Preventing waste and mistakes involves:– Establishing policies and procedures– Implementing policies and procedures– Monitoring policies and procedures– Reviewing policies and procedures
Fundamentals of Information Systems, Fourth Edition 10
Establishing Policies and Procedures
• Establish policies and procedures regarding efficient acquisition, use, and disposal of systems and devices
• Training programs for individuals and workgroups
• Manuals and documents on how computer systems are to be maintained and used
• Approval of certain systems and applications to ensure compatibility and cost-effectiveness
Fundamentals of Information Systems, Fourth Edition 11
Implementing Policies and Procedures
• Policies often focus on:– Implementation of source data automation and the
use of data editing to ensure data accuracy and completeness
– Assignment of clear responsibility for data accuracy within each information system
• Training is often the key to acceptance and implementation of policies and procedures
Fundamentals of Information Systems, Fourth Edition 12
Monitoring Policies and Procedures
• Monitor routine practices and take corrective action if necessary
• Implement internal audits to measure actual results against established goals
• Follow requirements in Sarbanes-Oxley Act
Fundamentals of Information Systems, Fourth Edition 13
Reviewing Policies and Procedures
• During review, people should ask the following questions:– Do current policies cover existing practices
adequately? Were any problems or opportunities uncovered during monitoring?
– Does the organization plan any new activities in the future? If so, does it need new policies or procedures on who will handle them and what must be done?
– Are contingencies and disasters covered?
Fundamentals of Information Systems, Fourth Edition 14
Computer Crime
• Often defies detection
• Amount stolen or diverted can be substantial
• Crime is “clean” and nonviolent
• Number of IT-related security incidents is increasing dramatically
• Computer crime is now global
Fundamentals of Information Systems, Fourth Edition 15
The Computer as a Tool to Commit Crime
• Criminals need two capabilities to commit most computer crimes– Knowing how to gain access to the computer system– Knowing how to manipulate the system to produce
the desired result• Examples
– Social engineering– Dumpster diving– Counterfeit and banking fraud using sophisticated
desktop publishing programs and high-quality printers
Fundamentals of Information Systems, Fourth Edition 16
Cyberterrorism
• Cyberterrorist– Someone who intimidates or coerces a government
or organization to advance his or her political or social objectives by launching computer-based attacks against computers, networks, and the information stored on them
• Homeland Security Department’s Information Analysis and Infrastructure Protection Directorate – Serves as governmental focal point for fighting
cyberterrorism
Fundamentals of Information Systems, Fourth Edition 17
Identity Theft
• Imposter obtains key pieces of personal identification information, such as Social Security or driver’s license numbers, in order to impersonate someone else– Information is then used to obtain credit,
merchandise, and/or services in the name of the victim or to provide the thief with false credentials
• Identity Theft and Assumption Deterrence Act of 1998 passed to fight identity theft
• 9 million victims in 2005
Fundamentals of Information Systems, Fourth Edition 18
The Computer as the Object of Crime
• Crimes fall into several categories such as:– Illegal access and use– Data alteration and destruction– Information and equipment theft– Software and Internet piracy– Computer-related scams– International computer crime
Fundamentals of Information Systems, Fourth Edition 19
Illegal Access and Use
• Hacker: learns about and uses computer systems
• Criminal hacker (also called a cracker): gains unauthorized use or illegal access to computer systems
• Script bunnies: automate the job of crackers
• Insider: employee who compromises corporate systems
• Malware: software programs that destroy or damage processing
Fundamentals of Information Systems, Fourth Edition 20
Illegal Access and Use (continued)
• Virus: computer program file capable of attaching to disks or other files and replicating itself repeatedly, typically without the user’s knowledge or permission
• Worm: parasitic computer program that can create copies of itself on the infected computer or send copies to other computers via a network
Fundamentals of Information Systems, Fourth Edition 21
Illegal Access and Use (continued)
• Trojan horse: malicious program that disguises itself as a useful application and purposefully does something the user does not expect
• Logic bomb: type of Trojan horse that executes when specific conditions occur– Triggers for logic bombs can include a change in a file
by a particular series of keystrokes or at a specific time or date
Fundamentals of Information Systems, Fourth Edition 22
Illegal Access and Use (continued)
• Tips for avoiding viruses and worms– Install antivirus software on your computer and
configure it to scan all downloads, e-mail, and disks– Update your antivirus software regularly– Back up your files regularly– Do not open any files attached to an e-mail from an
unknown, suspicious, or untrustworthy source
Fundamentals of Information Systems, Fourth Edition 23
Illegal Access and Use (continued)
• Tips for avoiding viruses and worms (continued):– Do not open any files attached to an e-mail unless
you know what it is, even if it appears to come from a friend or someone you know
– Exercise caution when downloading files from the Internet
• Ensure that the source is legitimate and reputable
Fundamentals of Information Systems, Fourth Edition 24
Using Antivirus Programs
• Antivirus program: software that runs in the background to protect your computer from dangers lurking on the Internet and other possible sources of infected files
• Tips on using antivirus software– Run and update antivirus software often– Scan all diskettes and CDs before using them– Install software only from a sealed package or
secure, well-known Web site– Follow careful downloading practices– If you detect a virus, take immediate action
Fundamentals of Information Systems, Fourth Edition 25
Using Antivirus Programs (continued)
Table 9.2: Antivirus Software
Fundamentals of Information Systems, Fourth Edition 26
Information and Equipment Theft
• Obtaining identification numbers and passwords to steal information or disrupt systems– Trial and error, password sniffer program
• Software theft
• Computer systems and equipment theft– Data on equipment is valuable
Fundamentals of Information Systems, Fourth Edition 27
Software and Internet Software Piracy
• Software piracy: act of illegally duplicating software
• Internet software piracy: illegally downloading software from the Internet– Most rapidly expanding type of software piracy– Most difficult form to combat– Examples: pirate Web sites, auction sites that offer
counterfeit software, peer-to-peer networks– Penalties can be severe
Fundamentals of Information Systems, Fourth Edition 28
Computer-Related Scams
• Examples of Internet scams– Get-rich-quick schemes involving bogus real estate
deals– “Free” vacations with huge hidden costs– Bank fraud– Fake telephone lotteries
• Phishing– Gaining access to personal information by
redirecting user to fake site
Fundamentals of Information Systems, Fourth Edition 29
International Computer Crime
• Computer crime is an international issue
• Software industry loses about $9 billion in revenue annually to software piracy occurring outside the United States
• Terrorists, international drug dealers, and other criminals might use information systems to launder illegally obtained funds
Fundamentals of Information Systems, Fourth Edition 30
Preventing Computer-Related Crime
• All states have passed computer crime legislation
• Some believe that these laws are not effective because:– Companies do not always actively detect and pursue
computer crime– Security is inadequate– Convicted criminals are not severely punished
• Individual and group efforts are being made to curb computer crime, and recent efforts have met with some success
Fundamentals of Information Systems, Fourth Edition 31
Crime Prevention by State and Federal Agencies
• State and federal agencies have begun aggressive attacks on computer criminals
• Computer Fraud and Abuse Act, 1986
• Computer Emergency Response Team (CERT)
• Many states are now passing new, comprehensive bills to help eliminate computer crimes
Fundamentals of Information Systems, Fourth Edition 32
Crime Prevention by Corporations
• Public key infrastructure (PKI): enables users of an unsecured public network such as the Internet to securely and privately exchange data– Uses a public and a private cryptographic key pair
that is obtained and shared through a trusted authority
• Biometrics: measurement of one of a person’s traits, whether physical or behavioral
Fundamentals of Information Systems, Fourth Edition 33
Table 9.3: Common Methods Used to Commit Computer Crimes
Crime Prevention by Corporations (continued)
Fundamentals of Information Systems, Fourth Edition 34
Table 9.3: Common Methods Used to Commit Computer Crimes (continued)
Crime Prevention by Corporations (continued)
Fundamentals of Information Systems, Fourth Edition 35
Crime Prevention by Corporations (continued)
• Companies are joining together to fight crime– Software and Information Industry Alliance (SIIA):
original antipiracy organization– Microsoft financed the formation of a second
antipiracy organization, the Business Software Alliance (BSA)
– Other software companies, including Apple, Adobe, Hewlett-Packard, and IBM, now contribute to the BSA
Fundamentals of Information Systems, Fourth Edition 36
Using Intrusion Detection Software
• Intrusion detection system (IDS): software that monitors system and network resources and notifies network security personnel when it senses a possible intrusion– Suspicious activities: failed login attempts, attempts
to download program to server, accessing a system at unusual hours
– Can provide false alarms– E-mail or voice message alerts may be missed
Fundamentals of Information Systems, Fourth Edition 37
Using Managed Security Service Providers (MSSPs)
• Managed security service provider (MSSP): organization that monitors, manages, and maintains network security for both hardware and software for its client companies– Sifts through alarms and alerts from all monitoring
systems– May provide scanning, blocking, and filtering
capabilities
Fundamentals of Information Systems, Fourth Edition 38
Internet Laws for Libel and Protection of Decency
• Filtering software helps screen Internet content– Also prevents children from sending personal
information over e-mail or through chat groups• Internet Content Rating Association (ICRA)
– Rates Web sites based on authors’ responses from questionnaire
• Children’s Internet Protection Act (CIPA), 2000– Required filters in federally funded libraries
• Libel is an important legal issue on the Internet– Publishing Internet content to the world can subject
companies to different countries’ laws
Fundamentals of Information Systems, Fourth Edition 39
Preventing Crime on the Internet
• Develop effective Internet usage and security policies for all employees
• Use a stand-alone firewall (hardware and software) with network monitoring capabilities
• Deploy intrusion detection systems, monitor them, and follow up on their alarms
Fundamentals of Information Systems, Fourth Edition 40
Preventing Crime on the Internet (continued)
• Monitor managers and employees to make sure that they are using the Internet for business purposes
• Use Internet security specialists to perform audits of all Internet and network activities
Fundamentals of Information Systems, Fourth Edition 41
Privacy Issues
• With information systems, privacy deals with the collection and use or misuse of data
• More data and information are produced and used today than ever before
• Data is constantly being collected and stored on each of us
• This data is often distributed over easily accessed networks and without our knowledge or consent
• Concerns of privacy regarding this data must be addressed
Fundamentals of Information Systems, Fourth Edition 42
Privacy and the Federal Government
• U.S. federal government is perhaps the largest collector of data
• Over 4 billion records exist on citizens, collected by about 100 federal agencies
• U.S. National Security Agency (NSA) had secretly collected phone call records of tens of millions of U.S. citizens after the September 11, 2001 terrorist attacks– Ruled unconstitutional and illegal by a federal judge
in August 2006
Fundamentals of Information Systems, Fourth Edition 43
Privacy at Work
• There is conflict between rights of workers who want their privacy and the interests of companies that demand to know more about their employees
• Workers might be monitored via computer technology that can:– Track every keystroke made by a worker– Know when the worker is not using the keyboard or
computer system– Estimate how many breaks he or she is taking
• Many workers consider monitoring dehumanizing
Fundamentals of Information Systems, Fourth Edition 44
E-Mail Privacy
• Federal law permits employers to monitor e-mail sent and received by employees
• E-mail messages that have been erased from hard disks can be retrieved and used in lawsuits
• Use of e-mail among public officials might violate “open meeting” laws
Fundamentals of Information Systems, Fourth Edition 45
Privacy and the Internet
• Huge potential for privacy invasion on the Internet
• E-mail is a prime target
• Platform for Privacy Preferences (P3P): screening technology that shields users from Web sites that do not provide the level of privacy protection they desire
• Children’s Online Privacy Protection Act (COPPA), 1998: require privacy policies and parental consent
• Potential dangers on social networking Web sites
Fundamentals of Information Systems, Fourth Edition 46
Fairness in Information Use
Table 9.4: The Right to Know and the Ability to Decide
Fundamentals of Information Systems, Fourth Edition 47
Fairness in Information Use (continued)
• The Privacy Act of 1974: provides privacy protection from federal agencies
• Gramm-Leach-Bliley Act: requires financial institutions to protect customers’ nonpublic data
• USA Patriot Act: allows law enforcement and intelligence agencies to gather private information
• Other laws regulate fax advertisements, credit card bureaus, the IRS, video rental store, telemarketers, etc.
Fundamentals of Information Systems, Fourth Edition 48
Corporate Privacy Policies
• Should address a customer’s knowledge, control, notice, and consent over the storage and use of information
• May cover who has access to private data and when it may be used
• A good database design practice is to assign a single unique identifier to each customer– Single record describing all relationships with the
company across all its business units– Can apply customer privacy preferences consistently
throughout all databases
Fundamentals of Information Systems, Fourth Edition 49
Individual Efforts to Protect Privacy
• Find out what is stored about you in existing databases
• Be careful when you share information about yourself
• Be proactive to protect your privacy
• When purchasing anything from a Web site, make sure that you safeguard your credit card numbers, passwords, and personal information
Fundamentals of Information Systems, Fourth Edition 50
The Work Environment
• Computer technology and information systems have opened up numerous avenues to professionals and nonprofessionals
• Enhanced telecommunications has:– Been the impetus for new types of business– Created global markets in industries once limited to
domestic markets
• Despite increasing productivity and efficiency, computers and information systems can raise other concerns
Fundamentals of Information Systems, Fourth Edition 51
Health Concerns
• Working with computers can cause occupational stress
• Training and counseling can often help the employee and deter problems
• Computer use can affect physical health as well– Strains, sprains, tendonitis, repetitive motion
disorder, carpal tunnel syndrome
• Concerns about emissions from improperly maintained and used equipment, display screens, and cell phones
Fundamentals of Information Systems, Fourth Edition 52
Avoiding Health and Environmental Problems
• Many computer-related health problems are caused by a poorly designed work environment
• Ergonomics: science of designing machines, products, and systems to maximize the safety, comfort, and efficiency of the people who use them
Fundamentals of Information Systems, Fourth Edition 53
Ethical Issues in Information Systems
• Code of ethics: states the principles and core values that are essential to a set of people and thus governs their behavior
Fundamentals of Information Systems, Fourth Edition 54
Ethical Issues in Information Systems (continued)
• ACM code of ethics and professional conduct– Contribute to society and human well-being– Avoid harm to others– Be honest and trustworthy– Be fair and take action not to discriminate– Honor property rights including copyrights and
patents
Fundamentals of Information Systems, Fourth Edition 55
Ethical Issues in Information Systems (continued)
• ACM code of ethics and professional conduct (continued)– Give proper credit for intellectual property– Respect the privacy of others– Honor confidentiality
Fundamentals of Information Systems, Fourth Edition 56
Summary
• Preventing computer-related waste and mistakes requires establishing, implementing, monitoring, and reviewing policies and procedures
• Criminals need two capabilities to commit most computer crimes: knowing how to gain access to the computer system and knowing how to manipulate the system to produce the desired result
Fundamentals of Information Systems, Fourth Edition 57
Summary (continued)
• Categories of crimes in which the computer is the object of crime: illegal access and use, data alteration and destruction, information and equipment theft, software and Internet piracy, computer-related scams, and international computer crime
• Intrusion detection system (IDS): software that monitors system and network resources and notifies network security personnel when it senses a possible intrusion
Fundamentals of Information Systems, Fourth Edition 58
Summary (continued)
• With information systems, privacy deals with the collection and use or misuse of data
• Ergonomics: science of designing machines, products, and systems to maximize the safety, comfort, and efficiency of the people who use them
• Code of ethics: states the principles and core values that are essential to a set of people and thus governs their behavior