Ch14 Security, Privacy and Ethical Issues

509 views

Published on

Slide Presentasi Chapter 14 Principles of Information Systems

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
509
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
32
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • <number>
  • <number>
  • <number>
  • <number>
  • <number>
  • <number>
  • <number>
  • <number>
  • Ch14 Security, Privacy and Ethical Issues

    1. 1. • Policies and procedures must be established to avoid computer waste and mistakes • Describe some examples of waste and mistakes in an IS environment, their causes, and possible solutions • Identify policies and procedures useful in eliminating waste and mistakes Principles of Information Systems, Seventh Edition 2
    2. 2. • Computer crime is a serious and rapidly growing area of concern requiring management attention • Explain the types and effects of computer crime • Identify specific measures to prevent computer crime • Discuss the principles and limits of an individual’s right to privacy Principles of Information Systems, Seventh Edition 3
    3. 3. • Jobs, equipment, and working conditions must be designed to avoid negative health effects • List the important effects of computers on the work environment • Identify specific actions that must be taken to ensure the health and safety of employees • Outline criteria for the ethical use of information systems Principles of Information Systems, Seventh Edition 4
    4. 4. Computer Waste and Mistakes • Computer waste: the inappropriate use of computer technology and resources • Computer-related mistakes: errors, failures, and other computer problems that make computer output incorrect or not useful Principles of Information Systems, Seventh Edition 5
    5. 5. Computer Waste • Discarding of technology • Unused systems • Personal use of corporate time and technology • Spam Principles of Information Systems, Seventh Edition 6
    6. 6. Computer-Related Mistakes • Mistakes can be caused by unclear expectations and a lack of feedback • A programmer might develop a program that contains errors • A data-entry clerk might enter the wrong data Principles of Information Systems, Seventh Edition 7
    7. 7. Preventing Computer-related Waste and Mistakes • Establishing policies and procedures • Implementing policies and procedures • Monitoring policies and procedures • Reviewing policies and procedures Principles of Information Systems, Seventh Edition 8
    8. 8. Table 14.2: Types of Computer-Related Mistakes Principles of Information Systems, Seventh Edition 9
    9. 9. Table 14.3: Useful Policies to Eliminate Waste and Mistakes Principles of Information Systems, Seventh Edition 10
    10. 10. Computer Crime • Often defies detection • The amount stolen or diverted can be substantial • The crime is “clean” and nonviolent • The number of IT-related security incidents is increasing dramatically • Computer crime is now global Principles of Information Systems, Seventh Edition 11
    11. 11. Table 14.4: Summary of Key Data from 2003 Computer Crime and Security Survey Principles of Information Systems, Seventh Edition 12
    12. 12. The Computer as a Tool to Commit Crime • Criminals need two capabilities to commit most computer crimes: • Knowing how to gain access to the computer system • Knowing how to manipulate the system to produce the desired result • Social engineering • Dumpster diving Principles of Information Systems, Seventh Edition 13
    13. 13. Cyberterrorism • Cyberterrorist: intimidates or coerces a government or organization to advance his or her political or social objectives by launching computer-based attacks against computers, networks, and the information stored on them • Homeland Security Department’s Information Analysis and Infrastructure Protection Directorate • Supervisory Control and Data Acquisition systems (known as Scada systems) Principles of Information Systems, Seventh Edition 14
    14. 14. Identity Theft • An imposter obtains key pieces of personal identification information, such as Social Security or driver’s license numbers, in order to impersonate someone else • The information is then used to obtain credit, merchandise, and services in the name of the victim or to provide the thief with false credentials • Identity Theft and Assumption Deterrence Act of 1998 Principles of Information Systems, Seventh Edition 15
    15. 15. The Computer as the Object of Crime • Illegal access and use • Data alteration and destruction • Information and equipment theft Principles of Information Systems, Seventh Edition 16
    16. 16. The Computer as the Object of Crime (continued) • Software and Internet piracy • Computer-related scams • International computer crime Principles of Information Systems, Seventh Edition 17
    17. 17. Illegal Access and Use • Hacker • Criminal hacker (also called a cracker) • Script bunnies • Insider Principles of Information Systems, Seventh Edition 18
    18. 18. Table 14.5: How to Respond to a Security Incident Principles of Information Systems, Seventh Edition 19
    19. 19. Table 14.5: How to Respond to a Security Incident (continued) Principles of Information Systems, Seventh Edition 20
    20. 20. Data Alteration and Destruction • Virus: a program that attaches itself to other programs • Worm: an independent program that replicates its own program files until it interrupts the operation of networks and computer systems • Malware: software that is harmful or destructive, such as viruses and worms Principles of Information Systems, Seventh Edition 21
    21. 21. Data Alteration and Destruction (continued) • Trojan horse: a program that appears to be useful but actually masks a destructive program • Logic bomb: an application or system virus designed to “explode” or execute at a specified time and date • Variant: a modified version of a virus that is produced by the virus’s author or another person who amends the original virus code Principles of Information Systems, Seventh Edition 22
    22. 22. Table 14.8: How to Avoid Viruses and Worms Principles of Information Systems, Seventh Edition 23
    23. 23. Using Antivirus Programs • Antivirus program: program or utility that prevents viruses and recovers from them if they infect a computer • An antivirus software should be run and updated often • Hoax, or false, viruses also cause problems Principles of Information Systems, Seventh Edition 24
    24. 24. Information and Equipment Theft • To obtain illegal access, criminal hackers require identification numbers and passwords • Password sniffer: small program hidden in a network or computer system that records identification numbers and passwords • Theft of data and software • Theft of computer systems and equipment Principles of Information Systems, Seventh Edition 25
    25. 25. Software and Internet Software Piracy • Software piracy: the act of illegally duplicating software • Internet software piracy: illegally downloading software from the Internet Principles of Information Systems, Seventh Edition 26
    26. 26. Preventing Computer-Related Crime • Crime prevention by state and federal agencies • Crime prevention by corporations • Public key infrastructure (PKI): a means to enable users of an unsecured public network such as the Internet to securely and privately exchange data through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority • Biometrics: the measurement of one of a person’s traits, whether physical or behavioral Principles of Information Systems, Seventh Edition 27
    27. 27. Table 14.10: Common Methods Used to Commit Computer Crimes Principles of Information Systems, Seventh Edition 28
    28. 28. Table 14.10: Common Methods Used to Commit Computer Crimes (continued) Principles of Information Systems, Seventh Edition 29
    29. 29. Table 14.11: How to Protect Your Corporate Data from Criminal Hackers Principles of Information Systems, Seventh Edition 30
    30. 30. Table 14.11: How to Protect Your Corporate Data from Criminal Hackers (continued) Principles of Information Systems, Seventh Edition 31
    31. 31. Preventing Computer-Related Crime (continued) • Intrusion detection system (IDS): software that monitors system and network resources and notifies network security personnel when it senses a possible intrusion • Managed security service provider (MSSP): an organization that monitors, manages, and maintains network security hardware and software for its client companies • Internet laws for libel and protection of decency Principles of Information Systems, Seventh Edition 32
    32. 32. Preventing Crime on the Internet • Develop effective Internet usage and security policies • Use a stand-alone firewall with network monitoring capabilities • Monitor managers and employees • Use Internet security specialists to perform audits Principles of Information Systems, Seventh Edition 33
    33. 33. Privacy Issues • With information systems, privacy deals with the collection and use or misuse of data • Privacy and the federal government • Privacy at work • E-mail privacy • Privacy and the Internet Principles of Information Systems, Seventh Edition 34
    34. 34. Table 14.12: The Right to Know and the Ability to Decide Principles of Information Systems, Seventh Edition 35
    35. 35. Federal Privacy Laws and Regulations • The Privacy Act of 1974 • Gramm-Leach-Bliley Act • USA Patriot Act • Other federal privacy laws Principles of Information Systems, Seventh Edition 36
    36. 36. State Privacy Laws and Regulations • State legislatures have been considering and passing privacy legislation that is far-reaching and potentially more burdensome to business than existing federal legislation • State-by-state and county-by-county exceptions to the federal law complicate financial record keeping and data sharing Principles of Information Systems, Seventh Edition 37
    37. 37. Corporate Privacy Policies • Should address a customer’s knowledge, control, notice, and consent over the storage and use of information • May cover who has access to private data and when it may be used • A good database design practice is to assign a single unique identifier to each customer Principles of Information Systems, Seventh Edition 38
    38. 38. Individual Efforts to Protect Privacy • Find out what is stored about you in existing databases • Be careful when you share information about yourself • Be proactive to protect your privacy • When purchasing anything from a Web site, make sure that you safeguard your credit card numbers, passwords, and personal information Principles of Information Systems, Seventh Edition 39
    39. 39. The Work Environment: Health Concerns • Occupational stress • Repetitive stress injury (RSI) • Carpal tunnel syndrome (CTS) • Emissions from improperly maintained and used equipment Principles of Information Systems, Seventh Edition 40
    40. 40. Avoiding Health and Environment Problems • Work stressors: hazardous activities associated with unfavorable conditions of a poorly designed work environment • Ergonomics: the study of designing and positioning computer equipment for employee health and safety • Both companies and individuals can take steps to reduce RSI and develop a better work environment • The computer can also be used to help prevent and treat general health problems Principles of Information Systems, Seventh Edition 41
    41. 41. Avoiding Health and Environment Problems (continued) Research has shown that developing certain ergonomically correct habits can reduce the risk of RSI when using a computer. Principles of Information Systems, Seventh Edition 42
    42. 42. Ethical Issues in Information Systems • “Old contract” of business: the only responsibility of business is to its stockholders and owners • “Social contract” of business: businesses are responsible to society Principles of Information Systems, Seventh Edition 43
    43. 43. The AITP Code of Ethics • Obligation to management • Obligation to fellow AITP members • Obligation to society Principles of Information Systems, Seventh Edition 44
    44. 44. The AITP Code of Ethics (continued) • Obligation to college or university • Obligation to the employer • Obligation to country Principles of Information Systems, Seventh Edition 45
    45. 45. The ACM Code of Professional Conduct • Strive to achieve the highest quality, effectiveness, and dignity in both the process and products of professional work • Acquire and maintain professional competence • Know and respect existing laws pertaining to professional work • Accept and provide appropriate professional review • Give comprehensive and thorough evaluations of computer systems and their impacts, including analysis of possible risks Principles of Information Systems, Seventh Edition 46
    46. 46. The ACM Code of Professional Conduct (continued) • Honor contracts, agreements, and assigned responsibilities • Improve public understanding of computing and its consequences • Access computing and communication resources only when authorized to do so Principles of Information Systems, Seventh Edition 47
    47. 47. Summary • Preventing computer-related waste and mistakes requires establishing, implementing, monitoring, and reviewing policies and procedures • Criminals need two capabilities to commit most computer crimes: knowing how to gain access to the computer system and knowing how to manipulate the system to produce the desired result Principles of Information Systems, Seventh Edition 48
    48. 48. Summary (continued) • Categories of crimes in which the computer is the object of crime: illegal access and use, data alteration and destruction, information and equipment theft, software and Internet piracy, computer-related scams, and international computer crime • Intrusion detection system (IDS) is software that monitors system and network resources and notifies network security personnel when it senses a possible intrusion Principles of Information Systems, Seventh Edition 49
    49. 49. Summary (continued) • With information systems, privacy deals with the collection and use or misuse of data • Ergonomics is the study of designing and positioning computer equipment for employee health and safety • “Old contract” of business: the only responsibility of business is to its stockholders and owners • “Social contract” of business: businesses are responsible to society Principles of Information Systems, Seventh Edition 50

    ×