Security And EthicalChallenges of IT

Oktalia Juwita, S.Kom., M.MT.

Dasar-dasar Sistem Informasi – IKU1102

IT Security, Ethics, and Society

IT has both beneficial and detrimental effects on society and people Manage work

activities to minimize the detrimental effects of IT

Optimize the beneficial effects

Business Ethics

Ethics questions that managers confront as part of their daily business decision making include:EquityRightsHonestyExercise of corporate power

Categories of Ethical Business

Issues

Corporate Social Responsibility Theories

• Stockholder Theoryo Managers are agents of the stockholderso Their only ethical responsibility is to increase the profits

of the business without violating the law or engaging in fraudulent practices

• Social Contract Theoryo Companies have ethical responsibilities to all members

of society, who allow corporations to exist• Stakeholder Theory

o Managers have an ethical responsibility to manage a firm for the benefit of all its stakeholders

o Stakeholders are all individuals and groups that have a stake in, or claim on, a company

Principles of Technology

Ethics

• Proportionality

• Informed Consent

• Justice

• Minimized Risk

AITP Standards of Professional Conduct

Responsible Professional

Guidelines

• A responsible professionalo Acts with integrityo Increases personal competenceo Sets high standards of personal

performanceo Accepts responsibility for his/her worko Advances the health, privacy, and general

welfare of the public

Computer Crimeo Unauthorized use, access, modification, or

destruction of hardware, software, data, or network resources

o The unauthorized release of informationo The unauthorized copying of softwareo Denying an end user access to his/her own

hardware, software, data, or network resources

o Using or conspiring to use computer or network resources illegally to obtain information or tangible property

Privacy Issues

• The power of information technology to store and retrieve information can have a negative effect on every individual’s right to privacyo Personal information is collected with every

visit to a Web siteo Confidential information stored by credit

bureaus, credit card companies, and the government has been stolen or misused

Privacy Issues

• Violation of Privacyo Accessing individuals’ private email

conversations and computer recordso Collecting and sharing information about

individuals gained from their visits to Internet websites

• Computer Monitoringo Always knowing where a person iso Mobile and paging services are becoming more

closely associated with people than with places

Privacy Issues (cont’)

• Computer Matchingo Using customer information gained from many

sources to market additional business services• Unauthorized Access of Personal Files

o Collecting telephone numbers, email addresses, credit card numbers, and other information to build customer profiles

Other Challenges• Employment

o IT creates new jobs and increases productivityo It can also cause significant reductions in job

opportunities, as well as requiring new job skills

• Computer Monitoringo Using computers to monitor the productivity

and behavior of employees as they worko Criticized as unethical because it monitors

individuals, not just work, and is done constantly

o Criticized as invasion of privacy because many employees do not know they are being monitored

Other Challenges (cont’)

• Working Conditionso IT has eliminated monotonous or obnoxious

taskso However, some skilled craftsperson jobs have

been replaced by jobs requiring routine, repetitive tasks or standby roles

• Individualityo Dehumanizes and depersonalizes activities

because computers eliminate human relationships

o Inflexible systems

Health Issues• Cumulative Trauma Disorders (CTDs)

o Disorders suffered by people who sit at a PC or terminal and do fast-paced repetitive keystroke jobs

• Carpal Tunnel Syndromeo Painful, crippling ailment of the hand

and wristo Typically requires surgery to cure

Ergonomics

• Designing healthy work environmentso Safe, comfortable, and pleasant for people to

work ino Increases employee morale and productivityo Also called human factors engineering

Ergonomics Factors

Societal Solutions• Using information technologies to solve human

and social problemso Medical diagnosiso Computer-assisted instructiono Governmental program planningo Environmental quality controlo Law enforcemento Job placement

• The detrimental effects of ITo Often caused by individuals or organizations

not accepting ethical responsibility for their actions

Discussion Questions

1. What can be done to improve the security of business uses of the internet? Give several examples of security measures and technologies you would use

2. What potential security problems do you see in the increasing use of intranets and extranets in business? What might be done to solve such problems? Give several examples

3. Is there an ethical crisis in business today? What role dose information technology play in unethical business practise?

Security Management of IT

• The Internet was developed for inter-operability, not impenetrabilityo Business managers and professionals alike

are responsible for the security, quality, and performance of business information systems

o Hardware, software, networks, and data resources must be protected by a variety of security measures

Security Management

The goal of securitymanagement is the accuracy, integrity, and safety of allinformation system processes and resources

Internetworked Security

Defenses

• Encryptiono Data is transmitted in scrambled formo It is unscrambled by computer systems for

authorized users onlyo The most widely used method uses a pair of

public and private keys unique to each individual

Internetworked Security

Defenses

• Firewallso A gatekeeper system that protects a

company’s intranets and other computer networks from intrusion

o Provides a filter and safe transfer point for access to/from the Internet and other networks

o Important for individuals who connect to the Internet with DSL or cable modems

o Can deter hacking, but cannot prevent it

Internetworked Security

Defenses

Denial of Service Attacks• Denial of service attacks depend on

three layers of networked computer systemso The victim’s websiteo The victim’s Internet service provideroZombie or slave computers that have

been commandeered by the cybercriminals

Internetworked Security

Defenses

• Email Monitoringo Use of content monitoring software that

scans for troublesome words that might compromise corporate security

• Virus Defenseso Centralize the updating and distribution of

antivirus softwareo Use a security suite that integrates virus

protection with firewalls, Web security, and content blocking features

Other Security Measures

• Security Codeso Multilevel password systemo Encrypted passwordso Smart cards with microprocessors

• Backup Fileso Duplicate files of data or programs

• Security Monitorso Monitor the use of computers and networkso Protects them from unauthorized use, fraud, and

destruction

Other Security Measures

(cont’)

• Biometricso Computer devices measure physical traits that make

each individual unique• Voice recognition, fingerprints, retina scan

• Computer Failure Controlso Prevents computer failures or minimizes its effectso Preventive maintenanceo Arrange backups with a disaster recovery

organization

Information System Controls

• Methods and devices that attempt to ensure the accuracy, validity, and propriety of information system activities

Auditing IT Security

• IT Security Auditso Performed by internal or external auditorso Review and evaluation of security

measures and management policies

o Goal is to ensure that that proper and adequate measures and policies are in place

Protecting Yourself from

Cybercrime

Continued to next session-Thank you-