Principles of Information SystemsPrinciples of Information Systems

Chapter 14Chapter 14

The Personal and Social Impact of The Personal and Social Impact of ComputersComputers

2

Principles and Learning Principles and Learning ObjectivesObjectives

Policies and proceduresPolicies and procedures must be must be established to avoid computer waste and established to avoid computer waste and mistakesmistakes

3

Principles and Learning Principles and Learning Objectives (continued)Objectives (continued)

Computer crimeComputer crime is a serious and rapidly is a serious and rapidly growing area of concern requiring growing area of concern requiring management attentionmanagement attention

4

Principles and Learning Principles and Learning Objectives (continued)Objectives (continued)

Jobs, equipment, and working conditionsJobs, equipment, and working conditions must be designed to avoid negative health must be designed to avoid negative health effectseffects

5

Computer Waste and MistakesComputer Waste and Mistakes

Computer wasteComputer waste Inappropriate use of computer technology and Inappropriate use of computer technology and

resourcesresources Computer-related mistakesComputer-related mistakes

Errors, failures, and other computer problems Errors, failures, and other computer problems that make computer output incorrect or not that make computer output incorrect or not usefuluseful

Caused mostly by human errorCaused mostly by human error

6

Computer-Related MistakesComputer-Related Mistakes

Common causesCommon causes Failure by users to follow proper proceduresFailure by users to follow proper procedures Unclear expectations and a lack of feedbackUnclear expectations and a lack of feedback Program development that contains errorsProgram development that contains errors Incorrect data entry by data-entry clerkIncorrect data entry by data-entry clerk

7

Preventing Computer-Related Preventing Computer-Related Waste and MistakesWaste and Mistakes

Effective policies and proceduresEffective policies and procedures must be: must be: EstablishedEstablished ImplementedImplemented MonitoredMonitored ReviewedReviewed

8

The Computer as the Object of The Computer as the Object of CrimeCrime

Crimes fall into several categoriesCrimes fall into several categories Illegal access and useIllegal access and use Data alteration and destructionData alteration and destruction Information and equipment theftInformation and equipment theft Software and Internet piracySoftware and Internet piracy Computer-related scamsComputer-related scams International computer crimeInternational computer crime

9

Illegal Access and UseIllegal Access and Use

HackerHacker: learns about and uses computer : learns about and uses computer systems systems

Criminal hackerCriminal hacker (also called a cracker): gains (also called a cracker): gains unauthorized use or illegal access to computer unauthorized use or illegal access to computer systemssystems

Script bunnyScript bunny: automates the job of crackers: automates the job of crackers InsiderInsider: employee who comprises corporate : employee who comprises corporate

systemssystems MalwareMalware: software programs that destroy or : software programs that destroy or

damage processingdamage processing

10

Illegal Access and Use Illegal Access and Use (continued)(continued)

VirusVirus: : program file capable of attaching to program file capable of attaching to disks or other files and replicating itself disks or other files and replicating itself repeatedlyrepeatedly

WormWorm:: parasitic computer program that parasitic computer program that can create copies of itself on infected can create copies of itself on infected computer or send copies to other computer or send copies to other computers via a networkcomputers via a network

11

Illegal Access and Use (continued)Illegal Access and Use (continued)

Trojan horseTrojan horse:: program that appears to be program that appears to be useful but purposefully does something user useful but purposefully does something user does not expectdoes not expect

Logic bombLogic bomb: : type of Trojan horse that executes type of Trojan horse that executes when specific conditions occurwhen specific conditions occur

VariantVariant:: modified version of a virus that is modified version of a virus that is produced by virus’s author or another personproduced by virus’s author or another person

12

Using Antivirus ProgramsUsing Antivirus Programs

Antivirus programAntivirus program:: program or utility that program or utility that prevents viruses and recovers from them if prevents viruses and recovers from them if they infect a computerthey infect a computer

13

Software and Internet Software PiracySoftware and Internet Software Piracy

Software is protected by Software is protected by copyright lawscopyright laws

Copyright law violationsCopyright law violations Making additional copiesMaking additional copies Loading the software onto more than one Loading the software onto more than one

machinemachine

Software piracySoftware piracy: : act of illegally duplicating act of illegally duplicating softwaresoftware

14

Computer-Related ScamsComputer-Related Scams

Examples of Internet scamsExamples of Internet scams Get-rich-quick schemesGet-rich-quick schemes ““Free” vacations with huge hidden costsFree” vacations with huge hidden costs Bank fraudBank fraud Fake telephone lotteriesFake telephone lotteries Selling worthless penny stocksSelling worthless penny stocks

PhishingPhishing Gaining access to personal information by Gaining access to personal information by

redirecting user to fake site redirecting user to fake site

15

International Computer CrimeInternational Computer Crime

Computer crime becomes more complex Computer crime becomes more complex when it is committed internationallywhen it is committed internationally

Threat of terrorists, international drug Threat of terrorists, international drug dealers, and other criminals using information dealers, and other criminals using information systems to launder illegally obtained fundssystems to launder illegally obtained funds

16

Preventing Computer-Related Preventing Computer-Related CrimeCrime

Efforts to curb computerEfforts to curb computer crime being made crime being made by:by: Private usersPrivate users CompaniesCompanies EmployeesEmployees Public officialsPublic officials

17

Crime Prevention by State and Crime Prevention by State and Federal AgenciesFederal Agencies

Computer Emergency Response Team Computer Emergency Response Team (CERT)(CERT) Responds to network security breachesResponds to network security breaches Monitors systems for emerging threatsMonitors systems for emerging threats

Newer and tougher computer crime Newer and tougher computer crime legislation is emerginglegislation is emerging

18

Malaysia Computer Emergency Response Team (MyCERT)

E-mail: mycert@mycert.org.myE-mail: mycert@mycert.org.my

Cyber999 Hotline: 1 300 88 2999 (Office Hours)Cyber999 Hotline: 1 300 88 2999 (Office Hours)

Phone: (603) 8992 6969 (Office Hours)Phone: (603) 8992 6969 (Office Hours)

Fax: (603) 8945 3442Fax: (603) 8945 3442

Phone: 019-266 5850 (24x7) Phone: 019-266 5850 (24x7)

SMS: Type CYBER999 report <email> <report> & SMS to 15888SMS: Type CYBER999 report <email> <report> & SMS to 15888

http://www.mycert.org.my/http://www.mycert.org.my/

19

Incidents Trends Q3 2009

From July to September 2009, MyCERT, via its Cyber999 service, handled a total of 1087 incidents.

20

THE MALAYSIAN COMMUNICATIONS AND MULTIMEDIA COMMISSION / SKMM

1. Digital Signature Act 1997,2. Computer Crimes Act 1997,3. Copyright (Amendment) Act 1997, (also read Copyright Act 1987)

4. Telemedicine Act 1997,5. Communications and Multimedia Act 1998,6. Communications and Multimedia Commission Act 1998, and7. Electronic Commerce Act 2006.

It was reported that the Government would introduce some new cyber laws  including: the Electronic Government Activities Bill and the Personal Data Protection Bill.

21

Preventing Crime on the InternetPreventing Crime on the Internet

Develop effective Internet usage and security Develop effective Internet usage and security policiespolicies

Use a stand-alone firewall with network Use a stand-alone firewall with network monitoring capabilitiesmonitoring capabilities

Monitor managers’ and employees’ use of Monitor managers’ and employees’ use of InternetInternet

Use Internet security specialists to perform Use Internet security specialists to perform audits of all Internet and network activitiesaudits of all Internet and network activities

22

Privacy IssuesPrivacy Issues

With information systems, privacy deals With information systems, privacy deals with the collection and use or misuse of with the collection and use or misuse of datadata

More and more information on all of us is More and more information on all of us is being collectedbeing collected, stored, used, and shared , stored, used, and shared among organizationsamong organizations

23

Privacy at WorkPrivacy at Work

Rights of workers who want their privacy versus Rights of workers who want their privacy versus interests of companies that demand to know interests of companies that demand to know more about their employeesmore about their employees

Workers can be closely monitored via computer Workers can be closely monitored via computer technologytechnology Determine what workers are doing while at Determine what workers are doing while at

the keyboardthe keyboard

Many workers consider monitoring Many workers consider monitoring dehumanizingdehumanizing

24

E-Mail PrivacyE-Mail Privacy

Federal law permits employers to monitor e-Federal law permits employers to monitor e-mailmail sent and received by employees sent and received by employees

E-mail messages that have been erased from E-mail messages that have been erased from hard disks can be retrieved and used in hard disks can be retrieved and used in lawsuits lawsuits

25

The Work EnvironmentThe Work Environment

Use of computer-based information Use of computer-based information systems has changed the workforcesystems has changed the workforce Jobs that require IS literacy have Jobs that require IS literacy have

increasedincreased Less-skilled positions have decreasedLess-skilled positions have decreased

Health ConcernsHealth Concerns

• Continued work using computer keyboards, Continued work using computer keyboards,

mice, or other equipmentmice, or other equipment can lead to repetitive can lead to repetitive

stress disorder and carpal tunnel syndrome, stress disorder and carpal tunnel syndrome,

both resulting in pain in the fingers, wrist, or both resulting in pain in the fingers, wrist, or

hand.hand.

Repetitive stress injury (RSI)Repetitive stress injury (RSI) RSI is caused due to lifestyle without ergonomic care Carpal tunnel syndrome (CTS)Carpal tunnel syndrome (CTS)

27

Health ConcernsHealth Concerns

Occupational stressOccupational stress Emissions from improperly maintained and Emissions from improperly maintained and

used equipmentused equipment Increase in traffic accidents due to drivers Increase in traffic accidents due to drivers

using cell phones, laptops, or other devices using cell phones, laptops, or other devices while drivingwhile driving

Health ConcernsHealth Concerns

Carpal tunnel syndrome (CTS)Carpal tunnel syndrome (CTS)

CTS can be a very annoying condition and is often seen in the working population, especially in people using computers or keyboards. The canal in the wrist that houses several tendons and the nerve going to your fingers is too tight.

30

Avoiding Health and Environment Avoiding Health and Environment ProblemsProblems

ErgonomicsErgonomics: : science of designing science of designing machines, products, and systems to machines, products, and systems to maximize safety, comfort, and efficiency of maximize safety, comfort, and efficiency of people who use thempeople who use them

Employers, individuals, and hardware Employers, individuals, and hardware manufacturing companies can take steps manufacturing companies can take steps to reduce RSI and develop a better work to reduce RSI and develop a better work environmentenvironment

31

Avoiding Health and Environment Problems Avoiding Health and Environment Problems (continued)(continued)

Research has shown that developing certain ergonomically correct habits can reduce the risk of

RSI when using a computer

32

Computer Workstation VariablesComputer Workstation Variables

Source: Ergonomics, Integrated Safety Management, Berkeley Lab.

33

Ethics (also known as moral philosophy) is a branch of philosophy which seeks to address questions about morality; that is, about concepts such as good and bad, right and wrong, justice, and virtue.

Ethics

34

Ethical Issues in Information SystemsEthical Issues in Information Systems

Laws do not provide a complete guide to ethical Laws do not provide a complete guide to ethical behaviorbehavior

Many IS-related organizations have codes of Many IS-related organizations have codes of ethics for their membersethics for their members

American Computing Machinery (ACM): oldest American Computing Machinery (ACM): oldest computing society founded in 1947computing society founded in 1947

ACM’s code of ethicsACM’s code of ethics and professional conduct and professional conduct Contribute to society and human well-beingContribute to society and human well-being Avoid harm to othersAvoid harm to others Be honest and trustworthyBe honest and trustworthy

35

Ethical Issues in Information Systems Ethical Issues in Information Systems (continued)(continued)

ACM’s code of ethicsACM’s code of ethics and professional and professional conduct (continued)conduct (continued) Be fair and take action not to discriminateBe fair and take action not to discriminate Honor property rights including copyrights and Honor property rights including copyrights and

patentspatents Give proper credit for intellectual propertyGive proper credit for intellectual property Respect the privacy of othersRespect the privacy of others Honor confidentialityHonor confidentiality

36

SummarySummary

Computer waste: inappropriate use of Computer waste: inappropriate use of computer technology and resourcescomputer technology and resources

Computer-related mistakes: errors, failures, Computer-related mistakes: errors, failures, and other computer problems that make and other computer problems that make computer output incorrect or not useful; computer output incorrect or not useful; caused mostly by human errorcaused mostly by human error

Preventing computer-related waste and Preventing computer-related waste and mistakes requires establishing, implementing, mistakes requires establishing, implementing, monitoring, and reviewing effective policies monitoring, and reviewing effective policies and proceduresand procedures

37