Chap011 MIS
Upcoming SlideShare
Loading in...5
×
 

Chap011 MIS

on

  • 2,223 views

 

Statistics

Views

Total Views
2,223
Views on SlideShare
2,223
Embed Views
0

Actions

Likes
4
Downloads
111
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Chap011 MIS Chap011 MIS Presentation Transcript

  • 1Chapter 11 Security and Ethical ChallengesMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 2 Learning ObjectivesIdentify ethical issues in how the use of information technologies in business affects employment, individuality, working conditions, privacy, crime, health, and solutions to societal problems.McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 3 Learning Objectives (continued)Identify types of security management strategies and defenses, and explain how they can be used to ensure the security of e-business applications.How can business managers and professionals help to lessen the harmful effects and increase the beneficial effects of the use of information technology?McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 4 Section I Security, Ethical, and Societal ChallengesMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 5 Ethical ResponsibilityThe use of IT presents major security challenges, poses serious ethical questions, and affects society in significant ways.IT raises ethical issues in the areas of.. Crime Privacy Individuality Employment Health Working conditionsMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 6 Ethical Responsibility (continued)But, IT has had beneficial results as well.So as managers, it is our responsibility to minimize the detrimental effects and optimize the beneficial effects.McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 7 Ethical Responsibility (continued)Business Ethics Basic categories of ethical issues Employee privacy Security of company records Workplace safetyMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 8 Ethical Responsibility (continued)Theories of corporate social responsibility Stockholder theory Managers are agents of the stockholders. Their only ethical responsibility is to increase profit without violating the law or engaging in fraudMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 9 Ethical Responsibility (continued)Theories of corporate social responsibility (continued) Social Contract Theory Companies have ethical responsibilities to all members of society, which allow corporations to exist based on a social contractMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 10 Ethical Responsibility (continued)Theories of corporate social responsibility (continued) First condition – companies must enhance economic satisfaction of consumers and employees Second condition – avoid fraudulent practices, show respect for employees as human beings, and avoid practices that systematically worsen the position of any group in societyMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 11 Ethical Responsibility (continued) Theories of corporate social responsibility (continued)  Stakeholder theory  Managers have an ethical responsibility to manage a firm for the benefit of all its stakeholders.  Stockholders  Employees  Customers  Suppliers  Local communityMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 12 Ethical Responsibility (continued)Theories of corporate social responsibility (continued) Sometimes stakeholders are considered to include Competitors Government agencies and special interest groups Future generationsMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 13 Ethical Responsibility (continued)Technology Ethics Four Principles Proportionality Good must outweigh any harm or risk Must be no alternative that achieves the same or comparable benefits with less harm or riskMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 14 Ethical Responsibility (continued)Technology Ethics (continued) Informed consent Those affected should understand and accept the risks Justice Benefits and burdens should be distributed fairlyMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 15 Ethical Responsibility (continued)Technology Ethics (continued) Minimized Risk Even if judged acceptable by the other three guidelines, the technology must be implemented so as to avoid all unnecessary riskMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 16 Ethical Responsibility (continued) Ethical GuidelinesMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 17 Ethical Responsibility (continued)Ethical guidelines (continued) Responsible end users Act with integrity Increase their professional competence Set high standards of personal performance Accept responsibility for their work Advance the health, privacy, and general welfare of the publicMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 18 Computer CrimeAssociation of Information Technology Professionals (AITP) definition includes The unauthorized use, access, modification, and destruction of hardware, software, data, or network resources Unauthorized release of information Unauthorized copying of softwareMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 19 Computer Crime (continued) AITP guidelines (continued) Denying an end user his/her own hardware, software, data, or network resources Using or conspiring to use computer or network resources to illegally obtain info or tangible propertyMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 20 Computer Crime (continued) Hacking The obsessive use of computers, or the unauthorized access and use of networked computer systemsMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 21 Computer Crime (continued) Cyber Theft Involves unauthorized network entry and the fraudulent alteration of computer databasesMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 22 Computer Crime (continued)Unauthorized use at work Also called time and resource theft May range from doing private consulting or personal finances, to playing video games, to unauthorized use of the Internet on company networksMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 23 Computer Crime (continued)Software Piracy Unauthorized copying of software Software is intellectual property protected by copyright law and user licensing agreementsMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 24 Computer Crime (continued)Piracy of intellectual property Other forms of intellectual property covered by copyright laws Music Videos Images Articles Books Other written worksMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 25 Computer Crime (continued)Computer viruses and worms Virus A program that cannot work without being inserted into another program Worm A distinct program that can run unaidedMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 26 Privacy IssuesIT makes it technically and economically feasible to collect, store, integrate, interchange, and retrieve data and information quickly and easily. Benefit – increases efficiency and effectiveness But, may also have a negative effect on individual’s right to privacyMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 27 Privacy Issues (continued)Examples of important privacy issues Accessing private e-mail and computer records & sharing information about individuals gained from their visits to websites and newsgroups Always knowing where a person is via mobile and paging servicesMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 28 Privacy Issues (continued)Examples of important privacy issues (continued) Using customer information obtained from many sources to market additional business services Collecting personal information to build individual customer profilesMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 29 Privacy Issues (continued)Privacy on the Internet Users of the Internet are highly visible and open to violations of privacy Unsecured with no real rules Cookies capture information about you every time you visit a site That information may be sold to third partiesMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 30 Privacy Issues (continued)Privacy on the Internet (continued) Protect your privacy by Encrypting your messages Post to newsgroups through anonymous remailers Ask your ISP not to sell your information to mailing list providers and other marketers Decline to reveal personal data and interests onlineMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 31 Privacy Issues (continued)Computer matching Computer profiling and matching personal data to that profile Mistakes can be a major problemMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 32 Privacy Issues (continued)Privacy laws Attempt to enforce the privacy of computer- based files and communications Electronic Communications Privacy Act Computer Fraud and Abuse ActMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 33 Privacy Issues (continued)Computer Libel and Censorship The opposite side of the privacy debate Right to know (freedom of information) Right to express opinions (freedom of speech) Right to publish those opinions (freedom of the press) Spamming FlamingMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 34 Other ChallengesEmployment New jobs have been created and productivity has increased, yet there has been a significant reduction in some types of jobs as a result of IT.McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 35 Other Challenges (continued)Computer Monitoring  Concerns workplace privacy  Monitors individuals, not just work  Is done continually. May be seen as violating workers’ privacy & personal freedom  Workers may not know that they are being monitored or how the information is being used  May increase workers’ stress level  May rob workers of the dignity of their workMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 36 Other Challenges (continued)Working Conditions IT has eliminated many monotonous, obnoxious tasks, but has created othersMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 37 Other Challenges (continued)Individuality Computer-based systems criticized as impersonal systems that dehumanize and depersonalize activities RegimentationMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 38 Health IssuesJob stressMuscle damageEye strainRadiation exposureAccidentsSome solutions Ergonomics (human factors engineering) Goal is to design healthy work environmentsMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 39 Health Issues (continued)McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 40 Societal SolutionsBeneficial effects on society Solve human and social problems Medical diagnosis Computer-assisted instruction Governmental program planning Environmental quality control Law enforcement Crime control Job placementMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 41 Section II Security ManagementMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 42 Tools of Security ManagementGoal Minimize errors, fraud, and losses in the e- business systems that interconnect businesses with their customers, suppliers, and other stakeholdersMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 43 Tools of Security Management (continued)McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 44 Internetworked Security DefensesEncryption Passwords, messages, files, and other data is transmitted in scrambled form and unscrambled for authorized users Involves using special mathematical algorithms to transform digital data in scrambled code Most widely used method uses a pair of public and private keys unique to each individualMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 45 Internetworked Security Defenses (continued)Firewalls Serves as a “gatekeeper” system that protects a company’s intranets and other computer networks from intrusion Provides a filter and safe transfer point Screens all network traffic for proper passwords or other security codesMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 46 Internetworked Security Defenses (continued)Denial of Service Defenses These assaults depend on three layers of networked computer systems Victim’s website Victim’s ISP Sites of “zombie” or slave computers Defensive measures and security precautions must be taken at all three levelsMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 47 Internetworked Security Defenses (continued)E-mail Monitoring “Spot checks just aren’t good enough anymore. The tide is turning toward systematic monitoring of corporate e-mail traffic using content-monitoring software that scans for troublesome words that might compromise corporate security.”McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 48 Internetworked Security Defenses (continued)Virus Defenses Protection may accomplished through Centralized distribution and updating of antivirus software Outsourcing the virus protection responsibility to ISPs or to telecommunications or security management companiesMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 49 Other Security MeasuresSecurity codes Multilevel password system Log onto the computer system Gain access into the system Access individual filesMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 50 Other Security Measures (continued)Backup Files Duplicate files of data or programs File retention measures Sometimes several generations of files are kept for control purposesMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 51 Other Security Measures (continued)Security Monitors Programs that monitor the use of computer systems and networks and protect them from unauthorized use, fraud, and destructionMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 52 Other Security Measures (continued) Biometric Security  Measure physical traits that make each individual unique  Voice  Fingerprints  Hand geometry  Signature dynamics  Keystroke analysis  Retina scanning  Face recognition and Genetic pattern analysisMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 53 Other Security Measures (continued)Computer Failure Controls Preventive maintenance of hardware and management of software updates Backup computer system Carefully scheduled hardware or software changes Highly trained data center personnelMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 54 Other Security Measures (continued)Fault Tolerant Systems Computer systems that have redundant processors, peripherals, and software Fail-over Fail-safe Fail-softMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 55 Other Security Measures (continued)Disaster Recovery Disaster recovery plan Which employees will participate and their duties What hardware, software, and facilities will be used Priority of applications that will be processedMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 56 System Controls and AuditsInformation System Controls Methods and devices that attempt to ensure the accuracy, validity, and propriety of information system activities Designed to monitor and maintain the quality and security of input, processing, and storage activitiesMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 57 System Controls and Audits (continued)Auditing Business Systems Review and evaluate whether proper and adequate security measures and management policies have been developed and implemented Testing the integrity of an application’s audit trailMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 58 Discussion QuestionsWhat can be done to improve e-commerce security on the Internet?What potential security problems do you see in the increasing use of intranets and extranets in business? What might be done to solve such problems?McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 59 Discussion Questions (continued)What artificial intelligence techniques can a business use to improve computer security and fight computer crime?What are your major concerns about computer crime and privacy on the Internet? What can you do about it?McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 60 Discussion Questions (continued)What is disaster recovery? How could it be implemented at your school or work?Is there an ethical crisis in e-business today? What role does information technology play in unethical business practices?McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 61 Discussion Questions (continued)What business decisions will you have to make as a manager that have both an ethical and IT dimension?What would be examples of one positive and one negative effect of the use of e-business technologies in each of the ethical and societal dimensions illustrated in the chapter?McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 62 Real World Case 1 – MTV Networks & First Citizens BankDefending Against Hacker and Virus AttacksWhat are the business value and security benefits and limitations of defenses against DDOS attacks like those used by MTV Networks?McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 63 Real World Case 1 (continued)What are the business benefits and limitations of an intrusion-detection system like that installed at First Citizens?McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 64 Real World Case 1 (continued)What security defense should small businesses have to protect their websites and internal systems?Why did you make that choice?McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 65 Real World Case 1 (continued)What other network security threats besides denial of service, viruses, and hacker attacks should businesses protect themselves against?McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 66Real World Case 2 – Oppenheimer Funds, Cardinal Health, & ExodusIT Security Management Qualifications Technical Business People skills Experience and expertise in areas like government liaison, international regulations, and cyberterrorismMcGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 67 Real World Case 2 (continued)What mix of skills is most sought after for IT security specialists?Why is this mix important in business?McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 68 Real World Case 2 (continued)Why must IT security executives in business have the mix of skills and experience outlined in this case?What other skills do you think are important to have for effective IT security management?McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 69 Real World Case 2 (continued)How should businesses protect themselves from the spread of cyberterrorism in today’s internetworked world?McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 70 Real World Case 3 – Brandon Internet Services & PayPalWhat are the business benefits and limitations of the cybercrime investigative work done by firms like Brandon Internet Services?McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 71 Real World Case 3 (continued)When should a company use cyberforensic investigative services like those offered by Predictive Systems?McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 72 Real World Case 3 (continued)What is the business value of their cyberforensic and investigative capabilities to PayPal?Would you trust PayPal for your online payment transactions?McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 73 Real World Case 4 – Providence Health Systems & OthersWhy is there a growing need for IT security defenses and management in business?What challenges does this pose to effective IT security management?McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 74 Real World Case 4 (continued)What are some of the IT security defenses companies are using to meet these challenges?McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 75 Real World Case 4 (continued)Do you agree with the IT usage policies of Link Staffing? The security audit policies of Cervalis?McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 76 Real World Case 5 – The Doctor’s Co. & Rockland TrustWhat are the benefits and limitations for a business of outsourcing IT security management according to the companies in this case?McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 77 Real World Case 5 (continued)What are the benefits and limitations to a business of using “pure play” IT security management companies like Counterpane and Ubizen?McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
  • 78 Real World Case 5 (continued)What are the benefits and limitations of outsourcing IT security management to vendors like Symantec and Network Associates?McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.