module v management challenges security and 1....

1

ENDBACK NEXT

Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits

KEY TERMS

Copyright 2005, McGraw-Hill/Irwin, Inc. 11-1

Real World Cases

Security and Security and Ethical Ethical

ChallengesChallenges

Module V – Management Challenges

ENDBACK NEXT


KEY TERMS


Real World Cases

Learning ObjectivesLearning Objectives1. Identify several ethical issues in how the

use of information technologies in business affects employment, individuality, working conditions, privacy crime, health, and solutions to societal problems.

2. Identify several types of security management strategies and defences, and explain how they can be used to ensure the security of business applications of information technology.

3. Propose several ways that business managers and professionals can help to lessen the harmful effects and increase the beneficial effects of the use of information technology.

ENDBACK NEXT


KEY TERMS


Real World Cases

Security and EthicsSecurity and Ethics• Major Security Challenges• Serious Ethical Questions• Threats to Business and

Individuals•• Real World Case 1Real World Case 1-- FF--Secure, Secure,

Microsoft, GM, and Microsoft, GM, and VerizonVerizon: : The Business Challenge of The Business Challenge of Computer VirusesComputer Viruses Click to go to

Case 1END

BACK NEXT


KEY TERMS


Real World Cases

Security and EthicsSecurity and EthicsBusiness/IT Security, Ethics, and SocietyBusiness/IT Security, Ethics, and Society

Employment

Health

Individuality

Privacy

WorkingConditions

CrimeBusiness/IT

SecurityEthics and

Society

2

ENDBACK NEXT


KEY TERMS


Real World Cases

Security and EthicsSecurity and Ethics

•Business Ethics•Stockholder Theory•Social Contract Theory•Stakeholder Theory

Ethical ResponsibilityEthical Responsibility

ENDBACK NEXT


KEY TERMS


Real World Cases

Security and EthicsSecurity and EthicsEthical ResponsibilityEthical Responsibility

ENDBACK NEXT


KEY TERMS


Real World Cases

Security and EthicsSecurity and EthicsTechnology EthicsTechnology Ethics

ENDBACK NEXT


KEY TERMS


Real World Cases

Security and EthicsSecurity and EthicsEthical GuidelinesEthical Guidelines

3

ENDBACK NEXT


KEY TERMS


Real World Cases

Security and EthicsSecurity and EthicsEnron Corporation: Failure Enron Corporation: Failure

in Business Ethicsin Business Ethics• Drove Stock Prices Higher Never

Mentioning Any Weaknesses• Promised Much – Delivered

Little• Finally Admitted Overstated

Earnings by $586 Million in 1997• 1998 Third Quarter Loss $638

Million – Filed Bankruptcy• Greed and Mismanagement

Destroyed a Potentially Successful Business Plan END

BACK NEXT


KEY TERMS


Real World Cases

Security ManagementSecurity Management• Security is 6 to 8% of IT Budget in

Developing Countries• 63% Have or Plan to Have Position of

Chief Privacy or Information Officer in the Next Two Years• 40% Have a Chief Privacy Officer

and Another 6% Intend One in the Next Two Years• 39% Acknowledge that their Systems

Have Been Compromised in the Past Year• 24% Have Cyber Risk Insurance and

5% Intend to Acquire Such Coverage

ENDBACK NEXT


KEY TERMS


Real World Cases

Antivirus96%

Virtual Private Networks86%

Intrusion-Detection Systems85%

Content Filtering/Monitoring77%

Public-Key Infrastructure 45%

Smart Cards43%

Biometrics19%

Security Technology UsedSecurity Technology UsedSecurity ManagementSecurity Management

ENDBACK NEXT


KEY TERMS


Real World Cases

PayPalPayPal, Inc. , Inc. CybercrimeCybercrime on the on the InternetInternet

• Online Payment Processing Company• Observed Questionable Accounts

Being Opened• Froze Accounts Used to Buy

Expensive Goods For Purchasers in Russia

• Used Sniffer Software and Located Users Capturing PayPal Ids and Passwords

• More than $100,000 in Fraudulent Charges

• Crooks Arrested by FBI

Security ManagementSecurity Management

4

ENDBACK NEXT


KEY TERMS


Real World Cases

Computer CrimeComputer Crime•Hacking•Cyber Theft•Unauthorized Use of

Work•Piracy of Intellectual

Property•Computer Viruses and

Worms


ENDBACK NEXT


KEY TERMS


Real World Cases

Examples of Common HackingExamples of Common HackingSecurity ManagementSecurity Management

ENDBACK NEXT


KEY TERMS


Real World Cases

Recourse Technologies: Recourse Technologies: Insider Computer CrimeInsider Computer Crime• Link Between Company

Financial Difficulty and Insider Computer Crimes• Use of “Honey Pots” Filled

with Phony Data to Attract Hackers• Software Catches Criminal

Activity in Seconds• Crime Exposed and Stopped


ENDBACK NEXT


KEY TERMS


Real World Cases

Internet Abuses in the WorkplaceInternet Abuses in the WorkplaceSecurity ManagementSecurity Management

5

ENDBACK NEXT


KEY TERMS


Real World Cases

Network Monitoring SoftwareNetwork Monitoring SoftwareSecurity ManagementSecurity Management

ENDBACK NEXT


KEY TERMS


Real World Cases

AGM Container Controls: AGM Container Controls: Stealing Time and ResourcesStealing Time and Resources• The Net Contains Many

Productivity Distractions• Remedies Include Monitoring

Internet Use and Blocking Sites Unrelated to Work• Importance of Telling

Employees About Monitoring• Use of Software Monitoring

Provided Rebuttal Answers To Web Use Discussions


ENDBACK NEXT


KEY TERMS


Real World Cases

Copying Music CDs: Intellectual Copying Music CDs: Intellectual Property ControversyProperty Controversy• RIAA Crack Down on Music

Piracy• Web Sites Fighting Back• 140 Million Writable Drives

In Use• Billions of Blank CDs Sold

While Music CD Sales Are Going Down• Pirates Reluctant to Go Away


ENDBACK NEXT


KEY TERMS


Real World Cases

Facts About Recent Computer Facts About Recent Computer Viruses and WormsViruses and Worms


6

ENDBACK NEXT


KEY TERMS


Real World Cases

University of Chicago: The University of Chicago: The NimdaNimda WormWorm• Nimda Worm Launch Sept. 18,

2001 Mass Mailing of Malicious Code Attacking MS-Windows

• Took Advantage of Back Doors Previously Left Behind

• In Four Hours the University of Chicago’s Web Servers were Scanned by 7,000 Unique IP Addresses Looking for Weaknesses

• Many Servers Had to Be Disconnected


ENDBACK NEXT


KEY TERMS


Real World Cases

Right to PrivacyRight to PrivacyPrivacy on the InternetAcxiomAcxiom, Inc. Challenges to , Inc. Challenges to

Consumer PrivacyConsumer Privacy• Acxiom – 30 Years

Amassing Massive Database• Sells Data to Subscribers• Use by Telemarketers

and Credit Firms

Privacy IssuesPrivacy Issues

ENDBACK NEXT


KEY TERMS


Real World Cases

Right to PrivacyRight to Privacy•Computer Profiling•Computer Matching•Privacy Laws•Computer Libel and Censorship•Spamming•Flaming


ENDBACK NEXT


KEY TERMS


Real World Cases

Other ChallengesOther Challenges•Employment Challenges•Working Conditions• Individuality Issues•Health Issues


7

ENDBACK NEXT


KEY TERMS


Real World Cases

ErgonomicsErgonomicsPrivacy IssuesPrivacy Issues

ENDBACK NEXT


KEY TERMS


Real World Cases

ErgonomicsErgonomics• Job Stress•Cumulative Trauma

Disorders (CTDs)•Carpal Tunnel

Syndrome•Human Factors

Engineering• Societal Solutions


ENDBACK NEXT


KEY TERMS


Real World Cases

Security Management of Security Management of Information TechnologyInformation Technology

• Business Value of Security Management• Protection for all Vital

Business ElementsReal World Real World Case 2Case 2--GeisingerGeisinger Health Systems and Health Systems and

DuDu Pont: Security Pont: Security Management of Data Management of Data Resources and Process Resources and Process Control Networks Control Networks

Click to go toCase 2

ENDBACK NEXT


KEY TERMS


Real World Cases

Tools of Security Management


8

ENDBACK NEXT


KEY TERMS


Real World Cases


• Need for Security Management Caused by Increased Use of Links Between Business Units• Greater Openness Means

Greater Vulnerabilities• Better Use of Identifying,

Authenticating Users and Controlling Access to Data• Theft Should Be Made as

Difficult as Possible

Providence Health and Providence Health and CervalisCervalis: : Security Management IssuesSecurity Management Issues

ENDBACK NEXT


KEY TERMS


Real World Cases


•Encryption–Public Key–Private Key

GraphicallyGraphically……

InternetworkedInternetworked Security DefensesSecurity Defenses

ENDBACK NEXT


KEY TERMS


Real World Cases

EncryptionEncryption


ENDBACK NEXT


KEY TERMS


Real World Cases

FirewallsFirewalls


Firewall

IntranetServer

Firewall

Router Router

IntranetServer

Host System

Internet

1

2

3

4

4 5

1 External FirewallBlocks Outsiders

2 Internal FirewallBlocks Restricted Materials

3 Use of Passwords and Browser Security

4 Performs Authentication and Encryption

5 Careful Network Interface Design

9

ENDBACK NEXT


KEY TERMS


Real World Cases


• Worldwide Search for Active IP Addresses• Sophisticated Probes Scan

Any Home or Work Location• Personal Firewalls Help Block

Intruders• Firewalls Generally Good at

Protecting Computers from Most Hacking Efforts

Barry Nance: Testing PC Barry Nance: Testing PC Firewall SecurityFirewall Security

ENDBACK NEXT


KEY TERMS


Real World Cases


• MTV.com Website Targeted for Distributed Denial of Service (DDOS) Attacks During Fall Peak Periods• Some People Try to Crash MTV

Sites• Parent Viacom Installed Software

to Filter out DDOS Attacks• Website Downtime Reduced

MTV Networks: Denial of MTV Networks: Denial of Service DefensesService Defenses

ENDBACK NEXT


KEY TERMS


Real World Cases

Defending Against Denial of Defending Against Denial of Service AttacksService Attacks


ENDBACK NEXT


KEY TERMS


Real World Cases

• e-Sniff Monitoring Device Searches e-Mail by Key Word or Records of Web Sites Visited• 82% of Businesses Monitor

Web Use• Close to 100% of Workers

Register Some Improper Use

SonalystsSonalysts, Inc.: Corporate e, Inc.: Corporate e--Mail MonitoringMail Monitoring


10

ENDBACK NEXT


KEY TERMS


Real World Cases


• Much Software Was Unable to Stop Nimda Worm• Software Alone is Often Not

Enough to Clean System• Until Better Software is

Developed, A Complete System Disconnect and Purge May Be the Only Solution

TrueSecureTrueSecure and 724 Inc.: and 724 Inc.: Limitations of Antivirus SoftwareLimitations of Antivirus Software

ENDBACK NEXT


KEY TERMS


Real World Cases

Example Security Suite InterfaceExample Security Suite Interface


ENDBACK NEXT


KEY TERMS


Real World Cases

Other Security MeasuresOther Security Measures


• Security Codes• Multilevel Password

System–Smart Cards

• Backup Files–Child, Parent, Grandparent

Files• System Security Monitors• Biometric Security END

BACK NEXT


KEY TERMS


Real World Cases

Example Security MonitorExample Security Monitor


11

ENDBACK NEXT


KEY TERMS


Real World Cases

Evaluation of Biometric Evaluation of Biometric SecuritySecurity


ENDBACK NEXT


KEY TERMS


Real World Cases

Computer Failure ControlsComputer Failure Controls


•Fault Tolerant Systems–Fail-Over–Fail-Safe–Fail-Soft•Disaster Recovery

ENDBACK NEXT


KEY TERMS


Real World Cases

Methods of Fault ToleranceMethods of Fault Tolerance


ENDBACK NEXT


KEY TERMS


Real World Cases

Visa International: Fault Visa International: Fault Tolerant SystemsTolerant Systems


• Only 100% Uptime is Acceptable• Only 98 Minutes of Downtime in

12 Years• 1 Billion Transactions Worth $2

Trillion in Transactions a Year• 4 Global Processing Centers• Multiple Layers of Redundancy

and Backup• Software Testing and Art Form

12

ENDBACK NEXT


KEY TERMS


Real World Cases

Systems Controls Systems Controls and Auditsand Audits

• Information System Controls•Garbage-In, Garbage-

Out (GIGO)•Auditing IT Security•Audit Trails•Control Logs END

BACK NEXT


KEY TERMS


Real World Cases

Systems Controls Systems Controls and Auditsand Audits

Security CodesEncryption

Data Entry ScreensError SignalsControl Totals


Control TotalsControl Listings

End User Feedback


Backup FilesLibrary Procedures

Database Administration

InputControls

OutputControls

StorageControls

ProcessingControls

Software ControlsHardware Controls

FirewallsCheckpoints

ENDBACK NEXT


KEY TERMS


Real World Cases

SummarySummary• Ethical and

Societal Dimensions

• Ethical Responsibility in Business

• Security Management

module v management challenges security and 1....

Documents