Chap011 MIS

1

Chapter
11
Security and Ethical
Challenges

McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.

2

Learning Objectives

Identify ethical issues in how the use of
information technologies in business affects
employment, individuality, working
conditions, privacy, crime, health, and
solutions to societal problems.


3

Learning Objectives (continued)

Identify types of security management
strategies and defenses, and explain how they
can be used to ensure the security of e-business
applications.

How can business managers and professionals
help to lessen the harmful effects and increase
the beneficial effects of the use of information
technology?

4

Section I

Security, Ethical, and Societal Challenges


5

Ethical Responsibility
The use of IT presents major security
challenges, poses serious ethical questions, and
affects society in significant ways.
IT raises ethical issues in the areas of..

Crime

Privacy

Individuality

Employment

Health

Working conditions

6

Ethical Responsibility (continued)

But, IT has had beneficial results as well.

So as managers, it is our responsibility to
minimize the detrimental effects and optimize
the beneficial effects.


7


Business Ethics
Basic categories of ethical issues

Employee privacy

Security of company records

Workplace safety


8


Theories of corporate social responsibility
Stockholder theory

Managers are agents of the stockholders.

Their only ethical responsibility is to
increase profit without violating the law or
engaging in fraud


9


(continued)
Social Contract Theory

Companies have ethical responsibilities to

all members of society, which allow
corporations to exist based on a social
contract


10


(continued)
First condition – companies must

enhance economic satisfaction of
consumers and employees
Second condition – avoid fraudulent

practices, show respect for employees as
human beings, and avoid practices that
systematically worsen the position of any
group in society

11


 Theories of corporate social responsibility (continued)
 Stakeholder theory

 Managers have an ethical responsibility to

manage a firm for the benefit of all its
stakeholders.
 Stockholders

 Employees

 Customers

 Suppliers

 Local community


12


(continued)

Sometimes stakeholders are considered
to include
Competitors

Government agencies and special

interest groups
Future generations

13


Technology Ethics
Four Principles

Proportionality

Good must outweigh any harm or risk

Must be no alternative that achieves the

same or comparable benefits with less
harm or risk


14


Technology Ethics (continued)
Informed consent

Those affected should understand and

accept the risks
Justice

Benefits and burdens should be

distributed fairly


15


Technology Ethics (continued)
Minimized Risk

Even if judged acceptable by the other

three guidelines, the technology must be
implemented so as to avoid all
unnecessary risk


16


 Ethical Guidelines


17


Ethical guidelines (continued)
Responsible end users

Act with integrity

Increase their professional competence

Set high standards of personal

performance
Accept responsibility for their work

Advance the health, privacy, and general

welfare of the public

18

Computer Crime

Association of Information Technology
Professionals (AITP) definition includes
The unauthorized use, access, modification,

and destruction of hardware, software, data,
or network resources
Unauthorized release of information

Unauthorized copying of software


19

Computer Crime (continued)

AITP guidelines (continued)
Denying an end user his/her own hardware,

software, data, or network resources
Using or conspiring to use computer or

network resources to illegally obtain info or
tangible property


20


Hacking

The obsessive use of computers, or the
unauthorized access and use of networked
computer systems


21


Cyber Theft
Involves unauthorized network entry and

the fraudulent alteration of computer
databases


22


Unauthorized use at work
Also called time and resource theft

May range from doing private consulting or

personal finances, to playing video games, to
unauthorized use of the Internet on
company networks


23


Software Piracy
Unauthorized copying of software

Software is intellectual property protected

by copyright law and user licensing
agreements


24


Piracy of intellectual property
Other forms of intellectual property covered

by copyright laws
Music

Videos

Images

Articles

Books

Other written works

25


Computer viruses and worms
Virus

A
program that cannot work without
being inserted into another program
Worm

A distinct program that can run unaided


26

Privacy Issues
IT makes it technically and economically
feasible to collect, store, integrate, interchange,
and retrieve data and information quickly and
easily.
Benefit – increases efficiency and

effectiveness
But, may also have a negative effect on

individual’s right to privacy


27

Privacy Issues (continued)

Examples of important privacy issues
Accessing private e-mail and computer

records & sharing information about
individuals gained from their visits to
websites and newsgroups
Always knowing where a person is via

mobile and paging services


28


Examples of important privacy issues
(continued)
Using customer information obtained from

many sources to market additional business
services
Collecting personal information to build

individual customer profiles


29


Privacy on the Internet
Users of the Internet are highly visible and

open to violations of privacy
Unsecured with no real rules

Cookies capture information about you

every time you visit a site
That information may be sold to third

parties


30


Privacy on the Internet (continued)
Protect your privacy by

Encrypting your messages

Post to newsgroups through anonymous
remailers
Ask your ISP not to sell your information
to mailing list providers and other
marketers
Decline to reveal personal data and
interests online

31


Computer matching
Computer profiling and matching personal

data to that profile
Mistakes can be a major problem


32


Privacy laws
Attempt to enforce the privacy of computer-

based files and communications
Electronic Communications Privacy Act

Computer Fraud and Abuse Act


33


Computer Libel and Censorship
The opposite side of the privacy debate

Right to know (freedom of information)

Right to express opinions (freedom of

speech)
Right to publish those opinions (freedom

of the press)
Spamming

Flaming

34

Other Challenges
Employment

New jobs have been created and
productivity has increased, yet there has
been a significant reduction in some types of
jobs as a result of IT.


35

Other Challenges (continued)

Computer Monitoring
 Concerns workplace privacy
 Monitors individuals, not just work

 Is done continually. May be seen as violating

workers’ privacy & personal freedom
 Workers may not know that they are being

monitored or how the information is being used
 May increase workers’ stress level

 May rob workers of the dignity of their work


36


Working Conditions
IT has eliminated many monotonous,

obnoxious tasks, but has created others


37


Individuality

Computer-based systems criticized as
impersonal systems that dehumanize and
depersonalize activities
Regimentation


38

Health Issues
Job stress
Muscle damage

Eye strain

Radiation exposure

Accidents

Some solutions

Ergonomics (human factors engineering)

Goal is to design healthy work

environments

39

Health Issues (continued)


40

Societal Solutions
Beneficial effects on society
Solve human and social problems

Medical diagnosis

Computer-assisted instruction

Governmental program planning

Environmental quality control

Law enforcement

Crime control

Job placement

41

Section II

Security Management


42

Tools of Security Management

Goal

Minimize errors, fraud, and losses in the e-
business systems that interconnect
businesses with their customers, suppliers,
and other stakeholders


43

Tools of Security Management (continued)


44

Internetworked Security Defenses
Encryption

Passwords, messages, files, and other data is
transmitted in scrambled form and
unscrambled for authorized users
Involves using special mathematical

algorithms to transform digital data in
scrambled code
Most widely used method uses a pair of

public and private keys unique to each
individual

45

Internetworked Security Defenses (continued)

Firewalls

Serves as a “gatekeeper” system that
protects a company’s intranets and other
computer networks from intrusion
Provides a filter and safe transfer point

Screens all network traffic for proper

passwords or other security codes


46


Denial of Service Defenses
These assaults depend on three layers of

networked computer systems
Victim’s website

Victim’s ISP

Sites of “zombie” or slave computers

Defensive measures and security precautions

must be taken at all three levels


47


E-mail Monitoring
“Spot checks just aren’t good enough

anymore. The tide is turning toward
systematic monitoring of corporate e-mail
traffic using content-monitoring software
that scans for troublesome words that might
compromise corporate security.”


48


Virus Defenses
Protection may accomplished through

Centralized distribution and updating of

antivirus software
Outsourcing the virus protection

responsibility to ISPs or to
telecommunications or security
management companies


49

Other Security Measures
Security codes
Multilevel password system

Log onto the computer system

Gain access into the system

Access individual files


50

Other Security Measures (continued)

Backup Files
Duplicate files of data or programs

File retention measures

Sometimes several generations of files are

kept for control purposes


51


Security Monitors
Programs that monitor the use of computer

systems and networks and protect them
from unauthorized use, fraud, and
destruction


52


 Biometric Security
 Measure physical traits that make each individual
unique
 Voice

 Fingerprints

 Hand geometry

 Signature dynamics

 Keystroke analysis

 Retina scanning

 Face recognition and Genetic pattern analysis


53


Computer Failure Controls
Preventive maintenance of hardware and

management of software updates
Backup computer system

Carefully scheduled hardware or software

changes
Highly trained data center personnel


54


Fault Tolerant Systems
Computer systems that have redundant

processors, peripherals, and software
Fail-over

Fail-safe

Fail-soft


55


Disaster Recovery
Disaster recovery plan

Which employees will participate and

their duties
What hardware, software, and facilities

will be used
Priority of applications that will be

processed


56

System Controls and Audits
Information System Controls
Methods and devices that attempt to ensure

the accuracy, validity, and propriety of
information system activities
Designed to monitor and maintain the

quality and security of input, processing,
and storage activities


57

System Controls and Audits (continued)

Auditing Business Systems
Review and evaluate whether proper and

adequate security measures and
management policies have been developed
and implemented
Testing the integrity of an application’s

audit trail


58

Discussion Questions
What can be done to improve e-commerce
security on the Internet?

What potential security problems do you see
in the increasing use of intranets and extranets
in business? What might be done to solve such
problems?


59

Discussion Questions (continued)

What artificial intelligence techniques can a
business use to improve computer security and
fight computer crime?

What are your major concerns about
computer crime and privacy on the Internet?
What can you do about it?


60


What is disaster recovery? How could it be
implemented at your school or work?

Is there an ethical crisis in e-business today?
What role does information technology play in
unethical business practices?


61


What business decisions will you have to make
as a manager that have both an ethical and IT
dimension?

What would be examples of one positive and
one negative effect of the use of e-business
technologies in each of the ethical and societal
dimensions illustrated in the chapter?


62

Real World Case 1 – MTV Networks & First Citizens Bank

Defending Against Hacker and Virus Attacks

What are the business value and security
benefits and limitations of defenses against
DDOS attacks like those used by MTV
Networks?


63

Real World Case 1 (continued)

What are the business benefits and limitations
of an intrusion-detection system like that
installed at First Citizens?


64


What security defense should small businesses
have to protect their websites and internal
systems?

Why did you make that choice?


65


What other network security threats besides
denial of service, viruses, and hacker attacks
should businesses protect themselves against?


66

Real World Case 2 – Oppenheimer Funds, Cardinal Health, &
Exodus

IT Security Management Qualifications
Technical

Business

People skills

Experience and expertise in areas like

government liaison, international
regulations, and cyberterrorism


67


What mix of skills is most sought after for IT
security specialists?

Why is this mix important in business?


68


Why must IT security executives in business
have the mix of skills and experience outlined
in this case?

What other skills do you think are important
to have for effective IT security management?


69


How should businesses protect themselves
from the spread of cyberterrorism in today’s
internetworked world?


70

Real World Case 3 – Brandon Internet Services & PayPal

What are the business benefits and limitations
of the cybercrime investigative work done by
firms like Brandon Internet Services?


71


When should a company use cyberforensic
investigative services like those offered by
Predictive Systems?


72


What is the business value of their
cyberforensic and investigative capabilities to
PayPal?

Would you trust PayPal for your online
payment transactions?


73

Real World Case 4 – Providence Health Systems & Others

Why is there a growing need for IT security
defenses and management in business?

What challenges does this pose to effective IT
security management?


74


What are some of the IT security defenses
companies are using to meet these challenges?


75


Do you agree with the IT usage policies of
Link Staffing? The security audit policies of
Cervalis?


76

Real World Case 5 – The Doctor’s Co. & Rockland Trust

What are the benefits and limitations for a
business of outsourcing IT security
management according to the companies in
this case?


77


What are the benefits and limitations to a
business of using “pure play” IT security
management companies like Counterpane and
Ubizen?


78


What are the benefits and limitations of
outsourcing IT security management to
vendors like Symantec and Network
Associates?


Chap011 MIS

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Chap011 MIS

Similar to Chap011 MIS (20)

More from AMIT ROY

More from AMIT ROY (17)

Recently uploaded

Recently uploaded (20)

Chap011 MIS