Your SlideShare is downloading. ×
0
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Ethics
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Ethics

2,418

Published on

Security & Ethical Challenges

Security & Ethical Challenges

Published in: Entertainment & Humor
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,418
On Slideshare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
124
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Security & Ethical Challenges
  • 2. Learning Objectives <ul><li>Identify ethical issues in how the use of information technologies in business affects employment, individuality, working conditions, privacy, crime, health, and solutions to societal problems. </li></ul>
  • 3. Ethical Responsibility <ul><li>The use of IT presents major security challenges </li></ul>
  • 4. Ethical Responsibility (continued) <ul><li>Business Ethics </li></ul><ul><ul><li>Basic categories of ethical issues </li></ul></ul><ul><ul><ul><li>Employee privacy </li></ul></ul></ul><ul><ul><ul><li>Security of company records </li></ul></ul></ul><ul><ul><ul><li>Workplace safety </li></ul></ul></ul>
  • 5. Ethical Responsibility (continued) <ul><li>Technology Ethics </li></ul><ul><ul><li>Four Principles </li></ul></ul><ul><ul><ul><li>Proportionality </li></ul></ul></ul><ul><ul><ul><ul><li>Good must outweigh any harm or risk </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Must be no alternative that achieves the same or comparable benefits with less harm or risk </li></ul></ul></ul></ul>
  • 6. Ethical Responsibility (continued) <ul><li>Technology Ethics (continued) </li></ul><ul><ul><ul><li>Informed consent </li></ul></ul></ul><ul><ul><ul><ul><li>Those affected should understand and accept the risks </li></ul></ul></ul></ul><ul><ul><ul><li>Justice </li></ul></ul></ul><ul><ul><ul><ul><li>Benefits and burdens should be distributed fairly </li></ul></ul></ul></ul><ul><ul><ul><li>Minimized Risk </li></ul></ul></ul><ul><ul><ul><ul><li>Even if judged acceptable by the other three guidelines, the technology must be implemented so as to avoid all unnecessary risk </li></ul></ul></ul></ul>
  • 7. Computer Crime <ul><li>Association of Information Technology Professionals (AITP) definition includes </li></ul><ul><ul><li>The unauthorized use, access, modification, and destruction of hardware, software, data, or network resources </li></ul></ul><ul><ul><li>Unauthorized release of information </li></ul></ul><ul><ul><li>Unauthorized copying of software </li></ul></ul>
  • 8. <ul><li>Hacking </li></ul><ul><ul><li>The obsessive use of computers, or the unauthorized access and use of networked computer systems </li></ul></ul><ul><li>Cyber Theft </li></ul><ul><ul><li>Involves unauthorized network entry and the fraudulent alteration of computer databases </li></ul></ul>Computer Crime Who commits computer crime?
  • 9. Computer Crime (continued) <ul><li>Unauthorized use at work </li></ul><ul><ul><li>Also called time and resource theft </li></ul></ul><ul><ul><li>May range from doing private consulting or personal finances, to playing video games, to unauthorized use of the Internet on company networks </li></ul></ul>
  • 10. Computer Crime (continued) <ul><li>Piracy of intellectual property </li></ul><ul><ul><li>Other forms of intellectual property covered by copyright laws </li></ul></ul><ul><ul><ul><li>Music </li></ul></ul></ul><ul><ul><ul><li>Videos </li></ul></ul></ul><ul><ul><ul><li>Images </li></ul></ul></ul><ul><ul><ul><li>Articles </li></ul></ul></ul><ul><ul><ul><li>Books </li></ul></ul></ul><ul><ul><ul><li>Other written works </li></ul></ul></ul><ul><li>Software Piracy </li></ul><ul><ul><li>Unauthorized copying of software </li></ul></ul><ul><ul><ul><li>Software is intellectual property protected by copyright law and user licensing agreements </li></ul></ul></ul>
  • 11. Computer Crime (continued) <ul><li>Computer viruses and worms </li></ul><ul><ul><li>Virus </li></ul></ul><ul><ul><ul><li>A program that cannot work without being inserted into another program </li></ul></ul></ul><ul><ul><li>Worm </li></ul></ul><ul><ul><ul><li>A distinct program that can run unaided </li></ul></ul></ul>
  • 12. Privacy Issues <ul><li>IT makes it technically and economically feasible to collect, store, integrate, interchange, and retrieve data and information quickly and easily. </li></ul><ul><ul><li>Benefit – increases efficiency and effectiveness </li></ul></ul><ul><ul><li>But, may also have a negative effect on individual’s right to privacy </li></ul></ul>
  • 13. Privacy Issues (continued) <ul><li>Privacy on the Internet </li></ul><ul><ul><li>Users of the Internet are highly visible and open to violations of privacy </li></ul></ul><ul><ul><li>Unsecured with no real rules </li></ul></ul><ul><ul><li>Cookies capture information about you every time you visit a site </li></ul></ul><ul><ul><li>That information may be sold to third parties </li></ul></ul>
  • 14. Privacy Issues (continued) <ul><li>Privacy on the Internet (continued) </li></ul><ul><ul><li>Protect your privacy by </li></ul></ul><ul><ul><ul><li>Encrypting your messages </li></ul></ul></ul><ul><ul><ul><li>Post to newsgroups through anonymous remailers </li></ul></ul></ul><ul><ul><ul><li>Ask your ISP not to sell your information to mailing list providers and other marketers </li></ul></ul></ul><ul><ul><ul><li>Decline to reveal personal data and interests online </li></ul></ul></ul>
  • 15. Privacy Issues (continued) <ul><li>Privacy laws </li></ul><ul><ul><li>Attempt to enforce the privacy of computer-based files and communications </li></ul></ul><ul><ul><li>Electronic Communications Privacy Act </li></ul></ul><ul><ul><li>Computer Fraud and Abuse Act </li></ul></ul>
  • 16. Privacy Issues (continued) <ul><li>Computer Libel and Censorship </li></ul><ul><ul><li>The opposite side of the privacy debate </li></ul></ul><ul><ul><ul><li>Right to know (freedom of information) </li></ul></ul></ul><ul><ul><ul><li>Right to express opinions (freedom of speech) </li></ul></ul></ul><ul><ul><ul><li>Right to publish those opinions (freedom of the press) </li></ul></ul></ul><ul><ul><ul><li>Spamming </li></ul></ul></ul><ul><ul><ul><li>Flaming </li></ul></ul></ul>
  • 17. Other Challenges <ul><li>Employment </li></ul><ul><ul><li>New jobs have been created and productivity has increased, yet there has been a significant reduction in some types of jobs as a result of IT. </li></ul></ul>
  • 18. Other Challenges (continued) <ul><li>Computer Monitoring </li></ul><ul><ul><li>Concerns workplace privacy </li></ul></ul><ul><ul><ul><li>Monitors individuals, not just work </li></ul></ul></ul><ul><ul><ul><li>Is done continually. May be seen as violating workers’ privacy & personal freedom </li></ul></ul></ul><ul><ul><ul><li>Workers may not know that they are being monitored or how the information is being used </li></ul></ul></ul><ul><ul><ul><li>May increase workers’ stress level </li></ul></ul></ul><ul><ul><ul><li>May rob workers of the dignity of their work </li></ul></ul></ul>
  • 19. Other Challenges (continued) <ul><li>Working Conditions </li></ul><ul><ul><li>IT has eliminated many monotonous, obnoxious tasks, but has created others </li></ul></ul><ul><li>Individuality </li></ul><ul><ul><li>Computer-based systems criticized as impersonal systems that dehumanize and depersonalize activities </li></ul></ul><ul><ul><li>Regimentation </li></ul></ul>
  • 20. Health Issues <ul><li>Job stress </li></ul><ul><li>Muscle damage </li></ul><ul><li>Eye strain </li></ul><ul><li>Radiation exposure </li></ul><ul><li>Accidents </li></ul><ul><li>Some solutions </li></ul><ul><ul><li>Ergonomics (human factors engineering) </li></ul></ul><ul><ul><ul><li>Goal is to design healthy work environments </li></ul></ul></ul>
  • 21. Health Issues (continued)
  • 22. Section II Security Management
  • 23. Tools of Security Management <ul><li>Goal </li></ul><ul><ul><li>Minimize errors, fraud, and losses in the e-business systems that interconnect businesses with their customers, suppliers, and other stakeholders </li></ul></ul>
  • 24.
  • 25. Internetworked Security Defenses <ul><li>Encryption </li></ul><ul><ul><li>Passwords, messages, files, and other data is transmitted in scrambled form and unscrambled for authorized users </li></ul></ul><ul><ul><li>Involves using special mathematical algorithms to transform digital data in scrambled code </li></ul></ul><ul><ul><li>Most widely used method uses a pair of public and private keys unique to each individual </li></ul></ul>
  • 26. Internetworked Security Defenses (continued) <ul><li>Firewalls </li></ul><ul><ul><li>Serves as a “gatekeeper” system that protects a company’s intranets and other computer networks from intrusion </li></ul></ul><ul><ul><ul><li>Provides a filter and safe transfer point </li></ul></ul></ul><ul><ul><ul><li>Screens all network traffic for proper passwords or other security codes </li></ul></ul></ul>
  • 27. Internetworked Security Defenses (continued) <ul><li>Denial of Service Defenses </li></ul><ul><ul><li>These assaults depend on three layers of networked computer systems </li></ul></ul><ul><ul><ul><li>Victim’s website </li></ul></ul></ul><ul><ul><ul><li>Victim’s ISP </li></ul></ul></ul><ul><ul><ul><li>Sites of “zombie” or slave computers </li></ul></ul></ul><ul><ul><li>Defensive measures and security precautions must be taken at all three levels </li></ul></ul>
  • 28. Internetworked Security Defenses (continued) <ul><li>E-mail Monitoring </li></ul><ul><ul><li>“ Spot checks just aren’t good enough anymore. The tide is turning toward systematic monitoring of corporate e-mail traffic using content-monitoring software that scans for troublesome words that might compromise corporate security.” </li></ul></ul>
  • 29. Internetworked Security Defenses (continued) <ul><li>Virus Defenses </li></ul><ul><ul><li>Protection may accomplished through </li></ul></ul><ul><ul><ul><li>Centralized distribution and updating of antivirus software </li></ul></ul></ul><ul><ul><ul><li>Outsourcing the virus protection responsibility to ISPs or to telecommunications or security management companies </li></ul></ul></ul>
  • 30. Other Security Measures <ul><li>Security codes </li></ul><ul><ul><li>Multilevel password system </li></ul></ul><ul><ul><ul><li>Log onto the computer system </li></ul></ul></ul><ul><ul><ul><li>Gain access into the system </li></ul></ul></ul><ul><ul><ul><li>Access individual files </li></ul></ul></ul>
  • 31. Other Security Measures (continued) <ul><li>Backup Files </li></ul><ul><ul><li>Duplicate files of data or programs </li></ul></ul><ul><ul><li>File retention measures </li></ul></ul><ul><ul><li>Sometimes several generations of files are kept for control purposes </li></ul></ul>
  • 32. Other Security Measures (continued) <ul><li>Security Monitors </li></ul><ul><ul><li>Programs that monitor the use of computer systems and networks and protect them from unauthorized use, fraud, and destruction </li></ul></ul>
  • 33. Other Security Measures (continued) <ul><li>Biometric Security </li></ul><ul><ul><li>Measure physical traits that make each individual unique </li></ul></ul><ul><ul><ul><li>Voice </li></ul></ul></ul><ul><ul><ul><li>Fingerprints </li></ul></ul></ul><ul><ul><ul><li>Hand geometry </li></ul></ul></ul><ul><ul><ul><li>Signature dynamics </li></ul></ul></ul><ul><ul><ul><li>Keystroke analysis </li></ul></ul></ul><ul><ul><ul><li>Retina scanning </li></ul></ul></ul><ul><ul><ul><li>Face recognition and Genetic pattern analysis </li></ul></ul></ul>
  • 34. Other Security Measures (continued) <ul><li>Computer Failure Controls </li></ul><ul><ul><li>Preventive maintenance of hardware and management of software updates </li></ul></ul><ul><ul><li>Backup computer system </li></ul></ul><ul><ul><li>Carefully scheduled hardware or software changes </li></ul></ul><ul><ul><li>Highly trained data center personnel </li></ul></ul>
  • 35. Other Security Measures (continued) <ul><li>Fault Tolerant Systems </li></ul><ul><ul><li>Computer systems that have redundant processors, peripherals, and software </li></ul></ul><ul><ul><ul><li>Fail-over </li></ul></ul></ul><ul><ul><ul><li>Fail-safe </li></ul></ul></ul><ul><ul><ul><li>Fail-soft </li></ul></ul></ul>
  • 36. Other Security Measures (continued) <ul><li>Disaster Recovery </li></ul><ul><ul><li>Disaster recovery plan </li></ul></ul><ul><ul><ul><li>Which employees will participate and their duties </li></ul></ul></ul><ul><ul><ul><li>What hardware, software, and facilities will be used </li></ul></ul></ul><ul><ul><ul><li>Priority of applications that will be processed </li></ul></ul></ul>
  • 37. System Controls and Audits <ul><li>Information System Controls </li></ul><ul><ul><li>Methods and devices that attempt to ensure the accuracy, validity, and propriety of information system activities </li></ul></ul><ul><ul><li>Designed to monitor and maintain the quality and security of input, processing, and storage activities </li></ul></ul>
  • 38. System Controls and Audits (continued) <ul><li>Auditing Business Systems </li></ul><ul><ul><li>Review and evaluate whether proper and adequate security measures and management policies have been developed and implemented </li></ul></ul><ul><ul><li>Testing the integrity of an application’s audit trail </li></ul></ul>

×