Mais conteúdo relacionado
Semelhante a Chap011 MIS (20)
Chap011 MIS
- 1. 1
Chapter
11
Security and Ethical
Challenges
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 2. 2
Learning Objectives
Identify ethical issues in how the use of
information technologies in business affects
employment, individuality, working
conditions, privacy, crime, health, and
solutions to societal problems.
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 3. 3
Learning Objectives (continued)
Identify types of security management
strategies and defenses, and explain how they
can be used to ensure the security of e-business
applications.
How can business managers and professionals
help to lessen the harmful effects and increase
the beneficial effects of the use of information
technology?
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 4. 4
Section I
Security, Ethical, and Societal Challenges
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 5. 5
Ethical Responsibility
The use of IT presents major security
challenges, poses serious ethical questions, and
affects society in significant ways.
IT raises ethical issues in the areas of..
Crime
Privacy
Individuality
Employment
Health
Working conditions
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 6. 6
Ethical Responsibility (continued)
But, IT has had beneficial results as well.
So as managers, it is our responsibility to
minimize the detrimental effects and optimize
the beneficial effects.
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 7. 7
Ethical Responsibility (continued)
Business Ethics
Basic categories of ethical issues
Employee privacy
Security of company records
Workplace safety
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 8. 8
Ethical Responsibility (continued)
Theories of corporate social responsibility
Stockholder theory
Managers are agents of the stockholders.
Their only ethical responsibility is to
increase profit without violating the law or
engaging in fraud
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 9. 9
Ethical Responsibility (continued)
Theories of corporate social responsibility
(continued)
Social Contract Theory
Companies have ethical responsibilities to
all members of society, which allow
corporations to exist based on a social
contract
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 10. 10
Ethical Responsibility (continued)
Theories of corporate social responsibility
(continued)
First condition – companies must
enhance economic satisfaction of
consumers and employees
Second condition – avoid fraudulent
practices, show respect for employees as
human beings, and avoid practices that
systematically worsen the position of any
group in society
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 11. 11
Ethical Responsibility (continued)
Theories of corporate social responsibility (continued)
Stakeholder theory
Managers have an ethical responsibility to
manage a firm for the benefit of all its
stakeholders.
Stockholders
Employees
Customers
Suppliers
Local community
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 12. 12
Ethical Responsibility (continued)
Theories of corporate social responsibility
(continued)
Sometimes stakeholders are considered
to include
Competitors
Government agencies and special
interest groups
Future generations
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 13. 13
Ethical Responsibility (continued)
Technology Ethics
Four Principles
Proportionality
Good must outweigh any harm or risk
Must be no alternative that achieves the
same or comparable benefits with less
harm or risk
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 14. 14
Ethical Responsibility (continued)
Technology Ethics (continued)
Informed consent
Those affected should understand and
accept the risks
Justice
Benefits and burdens should be
distributed fairly
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 15. 15
Ethical Responsibility (continued)
Technology Ethics (continued)
Minimized Risk
Even if judged acceptable by the other
three guidelines, the technology must be
implemented so as to avoid all
unnecessary risk
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 16. 16
Ethical Responsibility (continued)
Ethical Guidelines
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 17. 17
Ethical Responsibility (continued)
Ethical guidelines (continued)
Responsible end users
Act with integrity
Increase their professional competence
Set high standards of personal
performance
Accept responsibility for their work
Advance the health, privacy, and general
welfare of the public
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 18. 18
Computer Crime
Association of Information Technology
Professionals (AITP) definition includes
The unauthorized use, access, modification,
and destruction of hardware, software, data,
or network resources
Unauthorized release of information
Unauthorized copying of software
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 19. 19
Computer Crime (continued)
AITP guidelines (continued)
Denying an end user his/her own hardware,
software, data, or network resources
Using or conspiring to use computer or
network resources to illegally obtain info or
tangible property
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 20. 20
Computer Crime (continued)
Hacking
The obsessive use of computers, or the
unauthorized access and use of networked
computer systems
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 21. 21
Computer Crime (continued)
Cyber Theft
Involves unauthorized network entry and
the fraudulent alteration of computer
databases
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 22. 22
Computer Crime (continued)
Unauthorized use at work
Also called time and resource theft
May range from doing private consulting or
personal finances, to playing video games, to
unauthorized use of the Internet on
company networks
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 23. 23
Computer Crime (continued)
Software Piracy
Unauthorized copying of software
Software is intellectual property protected
by copyright law and user licensing
agreements
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 24. 24
Computer Crime (continued)
Piracy of intellectual property
Other forms of intellectual property covered
by copyright laws
Music
Videos
Images
Articles
Books
Other written works
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 25. 25
Computer Crime (continued)
Computer viruses and worms
Virus
A
program that cannot work without
being inserted into another program
Worm
A distinct program that can run unaided
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 26. 26
Privacy Issues
IT makes it technically and economically
feasible to collect, store, integrate, interchange,
and retrieve data and information quickly and
easily.
Benefit – increases efficiency and
effectiveness
But, may also have a negative effect on
individual’s right to privacy
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 27. 27
Privacy Issues (continued)
Examples of important privacy issues
Accessing private e-mail and computer
records & sharing information about
individuals gained from their visits to
websites and newsgroups
Always knowing where a person is via
mobile and paging services
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 28. 28
Privacy Issues (continued)
Examples of important privacy issues
(continued)
Using customer information obtained from
many sources to market additional business
services
Collecting personal information to build
individual customer profiles
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 29. 29
Privacy Issues (continued)
Privacy on the Internet
Users of the Internet are highly visible and
open to violations of privacy
Unsecured with no real rules
Cookies capture information about you
every time you visit a site
That information may be sold to third
parties
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 30. 30
Privacy Issues (continued)
Privacy on the Internet (continued)
Protect your privacy by
Encrypting your messages
Post to newsgroups through anonymous
remailers
Ask your ISP not to sell your information
to mailing list providers and other
marketers
Decline to reveal personal data and
interests online
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 31. 31
Privacy Issues (continued)
Computer matching
Computer profiling and matching personal
data to that profile
Mistakes can be a major problem
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 32. 32
Privacy Issues (continued)
Privacy laws
Attempt to enforce the privacy of computer-
based files and communications
Electronic Communications Privacy Act
Computer Fraud and Abuse Act
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 33. 33
Privacy Issues (continued)
Computer Libel and Censorship
The opposite side of the privacy debate
Right to know (freedom of information)
Right to express opinions (freedom of
speech)
Right to publish those opinions (freedom
of the press)
Spamming
Flaming
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 34. 34
Other Challenges
Employment
New jobs have been created and
productivity has increased, yet there has
been a significant reduction in some types of
jobs as a result of IT.
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 35. 35
Other Challenges (continued)
Computer Monitoring
Concerns workplace privacy
Monitors individuals, not just work
Is done continually. May be seen as violating
workers’ privacy & personal freedom
Workers may not know that they are being
monitored or how the information is being used
May increase workers’ stress level
May rob workers of the dignity of their work
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 36. 36
Other Challenges (continued)
Working Conditions
IT has eliminated many monotonous,
obnoxious tasks, but has created others
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 37. 37
Other Challenges (continued)
Individuality
Computer-based systems criticized as
impersonal systems that dehumanize and
depersonalize activities
Regimentation
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 38. 38
Health Issues
Job stress
Muscle damage
Eye strain
Radiation exposure
Accidents
Some solutions
Ergonomics (human factors engineering)
Goal is to design healthy work
environments
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 39. 39
Health Issues (continued)
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 40. 40
Societal Solutions
Beneficial effects on society
Solve human and social problems
Medical diagnosis
Computer-assisted instruction
Governmental program planning
Environmental quality control
Law enforcement
Crime control
Job placement
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 41. 41
Section II
Security Management
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 42. 42
Tools of Security Management
Goal
Minimize errors, fraud, and losses in the e-
business systems that interconnect
businesses with their customers, suppliers,
and other stakeholders
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 43. 43
Tools of Security Management (continued)
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 44. 44
Internetworked Security Defenses
Encryption
Passwords, messages, files, and other data is
transmitted in scrambled form and
unscrambled for authorized users
Involves using special mathematical
algorithms to transform digital data in
scrambled code
Most widely used method uses a pair of
public and private keys unique to each
individual
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 45. 45
Internetworked Security Defenses (continued)
Firewalls
Serves as a “gatekeeper” system that
protects a company’s intranets and other
computer networks from intrusion
Provides a filter and safe transfer point
Screens all network traffic for proper
passwords or other security codes
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 46. 46
Internetworked Security Defenses (continued)
Denial of Service Defenses
These assaults depend on three layers of
networked computer systems
Victim’s website
Victim’s ISP
Sites of “zombie” or slave computers
Defensive measures and security precautions
must be taken at all three levels
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 47. 47
Internetworked Security Defenses (continued)
E-mail Monitoring
“Spot checks just aren’t good enough
anymore. The tide is turning toward
systematic monitoring of corporate e-mail
traffic using content-monitoring software
that scans for troublesome words that might
compromise corporate security.”
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 48. 48
Internetworked Security Defenses (continued)
Virus Defenses
Protection may accomplished through
Centralized distribution and updating of
antivirus software
Outsourcing the virus protection
responsibility to ISPs or to
telecommunications or security
management companies
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 49. 49
Other Security Measures
Security codes
Multilevel password system
Log onto the computer system
Gain access into the system
Access individual files
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 50. 50
Other Security Measures (continued)
Backup Files
Duplicate files of data or programs
File retention measures
Sometimes several generations of files are
kept for control purposes
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 51. 51
Other Security Measures (continued)
Security Monitors
Programs that monitor the use of computer
systems and networks and protect them
from unauthorized use, fraud, and
destruction
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 52. 52
Other Security Measures (continued)
Biometric Security
Measure physical traits that make each individual
unique
Voice
Fingerprints
Hand geometry
Signature dynamics
Keystroke analysis
Retina scanning
Face recognition and Genetic pattern analysis
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 53. 53
Other Security Measures (continued)
Computer Failure Controls
Preventive maintenance of hardware and
management of software updates
Backup computer system
Carefully scheduled hardware or software
changes
Highly trained data center personnel
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 54. 54
Other Security Measures (continued)
Fault Tolerant Systems
Computer systems that have redundant
processors, peripherals, and software
Fail-over
Fail-safe
Fail-soft
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 55. 55
Other Security Measures (continued)
Disaster Recovery
Disaster recovery plan
Which employees will participate and
their duties
What hardware, software, and facilities
will be used
Priority of applications that will be
processed
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 56. 56
System Controls and Audits
Information System Controls
Methods and devices that attempt to ensure
the accuracy, validity, and propriety of
information system activities
Designed to monitor and maintain the
quality and security of input, processing,
and storage activities
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 57. 57
System Controls and Audits (continued)
Auditing Business Systems
Review and evaluate whether proper and
adequate security measures and
management policies have been developed
and implemented
Testing the integrity of an application’s
audit trail
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 58. 58
Discussion Questions
What can be done to improve e-commerce
security on the Internet?
What potential security problems do you see
in the increasing use of intranets and extranets
in business? What might be done to solve such
problems?
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 59. 59
Discussion Questions (continued)
What artificial intelligence techniques can a
business use to improve computer security and
fight computer crime?
What are your major concerns about
computer crime and privacy on the Internet?
What can you do about it?
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 60. 60
Discussion Questions (continued)
What is disaster recovery? How could it be
implemented at your school or work?
Is there an ethical crisis in e-business today?
What role does information technology play in
unethical business practices?
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 61. 61
Discussion Questions (continued)
What business decisions will you have to make
as a manager that have both an ethical and IT
dimension?
What would be examples of one positive and
one negative effect of the use of e-business
technologies in each of the ethical and societal
dimensions illustrated in the chapter?
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 62. 62
Real World Case 1 – MTV Networks & First Citizens Bank
Defending Against Hacker and Virus Attacks
What are the business value and security
benefits and limitations of defenses against
DDOS attacks like those used by MTV
Networks?
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 63. 63
Real World Case 1 (continued)
What are the business benefits and limitations
of an intrusion-detection system like that
installed at First Citizens?
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 64. 64
Real World Case 1 (continued)
What security defense should small businesses
have to protect their websites and internal
systems?
Why did you make that choice?
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 65. 65
Real World Case 1 (continued)
What other network security threats besides
denial of service, viruses, and hacker attacks
should businesses protect themselves against?
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 66. 66
Real World Case 2 – Oppenheimer Funds, Cardinal Health, &
Exodus
IT Security Management Qualifications
Technical
Business
People skills
Experience and expertise in areas like
government liaison, international
regulations, and cyberterrorism
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 67. 67
Real World Case 2 (continued)
What mix of skills is most sought after for IT
security specialists?
Why is this mix important in business?
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 68. 68
Real World Case 2 (continued)
Why must IT security executives in business
have the mix of skills and experience outlined
in this case?
What other skills do you think are important
to have for effective IT security management?
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 69. 69
Real World Case 2 (continued)
How should businesses protect themselves
from the spread of cyberterrorism in today’s
internetworked world?
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 70. 70
Real World Case 3 – Brandon Internet Services & PayPal
What are the business benefits and limitations
of the cybercrime investigative work done by
firms like Brandon Internet Services?
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 71. 71
Real World Case 3 (continued)
When should a company use cyberforensic
investigative services like those offered by
Predictive Systems?
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 72. 72
Real World Case 3 (continued)
What is the business value of their
cyberforensic and investigative capabilities to
PayPal?
Would you trust PayPal for your online
payment transactions?
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 73. 73
Real World Case 4 – Providence Health Systems & Others
Why is there a growing need for IT security
defenses and management in business?
What challenges does this pose to effective IT
security management?
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 74. 74
Real World Case 4 (continued)
What are some of the IT security defenses
companies are using to meet these challenges?
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 75. 75
Real World Case 4 (continued)
Do you agree with the IT usage policies of
Link Staffing? The security audit policies of
Cervalis?
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 76. 76
Real World Case 5 – The Doctor’s Co. & Rockland Trust
What are the benefits and limitations for a
business of outsourcing IT security
management according to the companies in
this case?
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 77. 77
Real World Case 5 (continued)
What are the benefits and limitations to a
business of using “pure play” IT security
management companies like Counterpane and
Ubizen?
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
- 78. 78
Real World Case 5 (continued)
What are the benefits and limitations of
outsourcing IT security management to
vendors like Symantec and Network
Associates?
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.