• Like
Ethics
Upcoming SlideShare
Loading in...5
×
Uploaded on

Security & Ethical Challenges

Security & Ethical Challenges

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
2,341
On Slideshare
0
From Embeds
0
Number of Embeds
6

Actions

Shares
Downloads
122
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Security & Ethical Challenges
  • 2. Learning Objectives
    • Identify ethical issues in how the use of information technologies in business affects employment, individuality, working conditions, privacy, crime, health, and solutions to societal problems.
  • 3. Ethical Responsibility
    • The use of IT presents major security challenges
  • 4. Ethical Responsibility (continued)
    • Business Ethics
      • Basic categories of ethical issues
        • Employee privacy
        • Security of company records
        • Workplace safety
  • 5. Ethical Responsibility (continued)
    • Technology Ethics
      • Four Principles
        • Proportionality
          • Good must outweigh any harm or risk
          • Must be no alternative that achieves the same or comparable benefits with less harm or risk
  • 6. Ethical Responsibility (continued)
    • Technology Ethics (continued)
        • Informed consent
          • Those affected should understand and accept the risks
        • Justice
          • Benefits and burdens should be distributed fairly
        • Minimized Risk
          • Even if judged acceptable by the other three guidelines, the technology must be implemented so as to avoid all unnecessary risk
  • 7. Computer Crime
    • Association of Information Technology Professionals (AITP) definition includes
      • The unauthorized use, access, modification, and destruction of hardware, software, data, or network resources
      • Unauthorized release of information
      • Unauthorized copying of software
  • 8.
    • Hacking
      • The obsessive use of computers, or the unauthorized access and use of networked computer systems
    • Cyber Theft
      • Involves unauthorized network entry and the fraudulent alteration of computer databases
    Computer Crime Who commits computer crime?
  • 9. Computer Crime (continued)
    • Unauthorized use at work
      • Also called time and resource theft
      • May range from doing private consulting or personal finances, to playing video games, to unauthorized use of the Internet on company networks
  • 10. Computer Crime (continued)
    • Piracy of intellectual property
      • Other forms of intellectual property covered by copyright laws
        • Music
        • Videos
        • Images
        • Articles
        • Books
        • Other written works
    • Software Piracy
      • Unauthorized copying of software
        • Software is intellectual property protected by copyright law and user licensing agreements
  • 11. Computer Crime (continued)
    • Computer viruses and worms
      • Virus
        • A program that cannot work without being inserted into another program
      • Worm
        • A distinct program that can run unaided
  • 12. Privacy Issues
    • IT makes it technically and economically feasible to collect, store, integrate, interchange, and retrieve data and information quickly and easily.
      • Benefit – increases efficiency and effectiveness
      • But, may also have a negative effect on individual’s right to privacy
  • 13. Privacy Issues (continued)
    • Privacy on the Internet
      • Users of the Internet are highly visible and open to violations of privacy
      • Unsecured with no real rules
      • Cookies capture information about you every time you visit a site
      • That information may be sold to third parties
  • 14. Privacy Issues (continued)
    • Privacy on the Internet (continued)
      • Protect your privacy by
        • Encrypting your messages
        • Post to newsgroups through anonymous remailers
        • Ask your ISP not to sell your information to mailing list providers and other marketers
        • Decline to reveal personal data and interests online
  • 15. Privacy Issues (continued)
    • Privacy laws
      • Attempt to enforce the privacy of computer-based files and communications
      • Electronic Communications Privacy Act
      • Computer Fraud and Abuse Act
  • 16. Privacy Issues (continued)
    • Computer Libel and Censorship
      • The opposite side of the privacy debate
        • Right to know (freedom of information)
        • Right to express opinions (freedom of speech)
        • Right to publish those opinions (freedom of the press)
        • Spamming
        • Flaming
  • 17. Other Challenges
    • Employment
      • New jobs have been created and productivity has increased, yet there has been a significant reduction in some types of jobs as a result of IT.
  • 18. Other Challenges (continued)
    • Computer Monitoring
      • Concerns workplace privacy
        • Monitors individuals, not just work
        • Is done continually. May be seen as violating workers’ privacy & personal freedom
        • Workers may not know that they are being monitored or how the information is being used
        • May increase workers’ stress level
        • May rob workers of the dignity of their work
  • 19. Other Challenges (continued)
    • Working Conditions
      • IT has eliminated many monotonous, obnoxious tasks, but has created others
    • Individuality
      • Computer-based systems criticized as impersonal systems that dehumanize and depersonalize activities
      • Regimentation
  • 20. Health Issues
    • Job stress
    • Muscle damage
    • Eye strain
    • Radiation exposure
    • Accidents
    • Some solutions
      • Ergonomics (human factors engineering)
        • Goal is to design healthy work environments
  • 21. Health Issues (continued)
  • 22. Section II Security Management
  • 23. Tools of Security Management
    • Goal
      • Minimize errors, fraud, and losses in the e-business systems that interconnect businesses with their customers, suppliers, and other stakeholders
  • 24.
  • 25. Internetworked Security Defenses
    • Encryption
      • Passwords, messages, files, and other data is transmitted in scrambled form and unscrambled for authorized users
      • Involves using special mathematical algorithms to transform digital data in scrambled code
      • Most widely used method uses a pair of public and private keys unique to each individual
  • 26. Internetworked Security Defenses (continued)
    • Firewalls
      • Serves as a “gatekeeper” system that protects a company’s intranets and other computer networks from intrusion
        • Provides a filter and safe transfer point
        • Screens all network traffic for proper passwords or other security codes
  • 27. Internetworked Security Defenses (continued)
    • Denial of Service Defenses
      • These assaults depend on three layers of networked computer systems
        • Victim’s website
        • Victim’s ISP
        • Sites of “zombie” or slave computers
      • Defensive measures and security precautions must be taken at all three levels
  • 28. Internetworked Security Defenses (continued)
    • E-mail Monitoring
      • “ Spot checks just aren’t good enough anymore. The tide is turning toward systematic monitoring of corporate e-mail traffic using content-monitoring software that scans for troublesome words that might compromise corporate security.”
  • 29. Internetworked Security Defenses (continued)
    • Virus Defenses
      • Protection may accomplished through
        • Centralized distribution and updating of antivirus software
        • Outsourcing the virus protection responsibility to ISPs or to telecommunications or security management companies
  • 30. Other Security Measures
    • Security codes
      • Multilevel password system
        • Log onto the computer system
        • Gain access into the system
        • Access individual files
  • 31. Other Security Measures (continued)
    • Backup Files
      • Duplicate files of data or programs
      • File retention measures
      • Sometimes several generations of files are kept for control purposes
  • 32. Other Security Measures (continued)
    • Security Monitors
      • Programs that monitor the use of computer systems and networks and protect them from unauthorized use, fraud, and destruction
  • 33. Other Security Measures (continued)
    • Biometric Security
      • Measure physical traits that make each individual unique
        • Voice
        • Fingerprints
        • Hand geometry
        • Signature dynamics
        • Keystroke analysis
        • Retina scanning
        • Face recognition and Genetic pattern analysis
  • 34. Other Security Measures (continued)
    • Computer Failure Controls
      • Preventive maintenance of hardware and management of software updates
      • Backup computer system
      • Carefully scheduled hardware or software changes
      • Highly trained data center personnel
  • 35. Other Security Measures (continued)
    • Fault Tolerant Systems
      • Computer systems that have redundant processors, peripherals, and software
        • Fail-over
        • Fail-safe
        • Fail-soft
  • 36. Other Security Measures (continued)
    • Disaster Recovery
      • Disaster recovery plan
        • Which employees will participate and their duties
        • What hardware, software, and facilities will be used
        • Priority of applications that will be processed
  • 37. System Controls and Audits
    • Information System Controls
      • Methods and devices that attempt to ensure the accuracy, validity, and propriety of information system activities
      • Designed to monitor and maintain the quality and security of input, processing, and storage activities
  • 38. System Controls and Audits (continued)
    • Auditing Business Systems
      • Review and evaluate whether proper and adequate security measures and management policies have been developed and implemented
      • Testing the integrity of an application’s audit trail