Upcoming SlideShare
Loading in...5




Security & Ethical Challenges

Security & Ethical Challenges



Total Views
Views on SlideShare
Embed Views



9 Embeds 364 195 160 3 1 1 1 1 1 1


Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Ethics Ethics Presentation Transcript

    • Security & Ethical Challenges
    • Learning Objectives
      • Identify ethical issues in how the use of information technologies in business affects employment, individuality, working conditions, privacy, crime, health, and solutions to societal problems.
    • Ethical Responsibility
      • The use of IT presents major security challenges
    • Ethical Responsibility (continued)
      • Business Ethics
        • Basic categories of ethical issues
          • Employee privacy
          • Security of company records
          • Workplace safety
    • Ethical Responsibility (continued)
      • Technology Ethics
        • Four Principles
          • Proportionality
            • Good must outweigh any harm or risk
            • Must be no alternative that achieves the same or comparable benefits with less harm or risk
    • Ethical Responsibility (continued)
      • Technology Ethics (continued)
          • Informed consent
            • Those affected should understand and accept the risks
          • Justice
            • Benefits and burdens should be distributed fairly
          • Minimized Risk
            • Even if judged acceptable by the other three guidelines, the technology must be implemented so as to avoid all unnecessary risk
    • Computer Crime
      • Association of Information Technology Professionals (AITP) definition includes
        • The unauthorized use, access, modification, and destruction of hardware, software, data, or network resources
        • Unauthorized release of information
        • Unauthorized copying of software
      • Hacking
        • The obsessive use of computers, or the unauthorized access and use of networked computer systems
      • Cyber Theft
        • Involves unauthorized network entry and the fraudulent alteration of computer databases
      Computer Crime Who commits computer crime?
    • Computer Crime (continued)
      • Unauthorized use at work
        • Also called time and resource theft
        • May range from doing private consulting or personal finances, to playing video games, to unauthorized use of the Internet on company networks
    • Computer Crime (continued)
      • Piracy of intellectual property
        • Other forms of intellectual property covered by copyright laws
          • Music
          • Videos
          • Images
          • Articles
          • Books
          • Other written works
      • Software Piracy
        • Unauthorized copying of software
          • Software is intellectual property protected by copyright law and user licensing agreements
    • Computer Crime (continued)
      • Computer viruses and worms
        • Virus
          • A program that cannot work without being inserted into another program
        • Worm
          • A distinct program that can run unaided
    • Privacy Issues
      • IT makes it technically and economically feasible to collect, store, integrate, interchange, and retrieve data and information quickly and easily.
        • Benefit – increases efficiency and effectiveness
        • But, may also have a negative effect on individual’s right to privacy
    • Privacy Issues (continued)
      • Privacy on the Internet
        • Users of the Internet are highly visible and open to violations of privacy
        • Unsecured with no real rules
        • Cookies capture information about you every time you visit a site
        • That information may be sold to third parties
    • Privacy Issues (continued)
      • Privacy on the Internet (continued)
        • Protect your privacy by
          • Encrypting your messages
          • Post to newsgroups through anonymous remailers
          • Ask your ISP not to sell your information to mailing list providers and other marketers
          • Decline to reveal personal data and interests online
    • Privacy Issues (continued)
      • Privacy laws
        • Attempt to enforce the privacy of computer-based files and communications
        • Electronic Communications Privacy Act
        • Computer Fraud and Abuse Act
    • Privacy Issues (continued)
      • Computer Libel and Censorship
        • The opposite side of the privacy debate
          • Right to know (freedom of information)
          • Right to express opinions (freedom of speech)
          • Right to publish those opinions (freedom of the press)
          • Spamming
          • Flaming
    • Other Challenges
      • Employment
        • New jobs have been created and productivity has increased, yet there has been a significant reduction in some types of jobs as a result of IT.
    • Other Challenges (continued)
      • Computer Monitoring
        • Concerns workplace privacy
          • Monitors individuals, not just work
          • Is done continually. May be seen as violating workers’ privacy & personal freedom
          • Workers may not know that they are being monitored or how the information is being used
          • May increase workers’ stress level
          • May rob workers of the dignity of their work
    • Other Challenges (continued)
      • Working Conditions
        • IT has eliminated many monotonous, obnoxious tasks, but has created others
      • Individuality
        • Computer-based systems criticized as impersonal systems that dehumanize and depersonalize activities
        • Regimentation
    • Health Issues
      • Job stress
      • Muscle damage
      • Eye strain
      • Radiation exposure
      • Accidents
      • Some solutions
        • Ergonomics (human factors engineering)
          • Goal is to design healthy work environments
    • Health Issues (continued)
    • Section II Security Management
    • Tools of Security Management
      • Goal
        • Minimize errors, fraud, and losses in the e-business systems that interconnect businesses with their customers, suppliers, and other stakeholders
    • Internetworked Security Defenses
      • Encryption
        • Passwords, messages, files, and other data is transmitted in scrambled form and unscrambled for authorized users
        • Involves using special mathematical algorithms to transform digital data in scrambled code
        • Most widely used method uses a pair of public and private keys unique to each individual
    • Internetworked Security Defenses (continued)
      • Firewalls
        • Serves as a “gatekeeper” system that protects a company’s intranets and other computer networks from intrusion
          • Provides a filter and safe transfer point
          • Screens all network traffic for proper passwords or other security codes
    • Internetworked Security Defenses (continued)
      • Denial of Service Defenses
        • These assaults depend on three layers of networked computer systems
          • Victim’s website
          • Victim’s ISP
          • Sites of “zombie” or slave computers
        • Defensive measures and security precautions must be taken at all three levels
    • Internetworked Security Defenses (continued)
      • E-mail Monitoring
        • “ Spot checks just aren’t good enough anymore. The tide is turning toward systematic monitoring of corporate e-mail traffic using content-monitoring software that scans for troublesome words that might compromise corporate security.”
    • Internetworked Security Defenses (continued)
      • Virus Defenses
        • Protection may accomplished through
          • Centralized distribution and updating of antivirus software
          • Outsourcing the virus protection responsibility to ISPs or to telecommunications or security management companies
    • Other Security Measures
      • Security codes
        • Multilevel password system
          • Log onto the computer system
          • Gain access into the system
          • Access individual files
    • Other Security Measures (continued)
      • Backup Files
        • Duplicate files of data or programs
        • File retention measures
        • Sometimes several generations of files are kept for control purposes
    • Other Security Measures (continued)
      • Security Monitors
        • Programs that monitor the use of computer systems and networks and protect them from unauthorized use, fraud, and destruction
    • Other Security Measures (continued)
      • Biometric Security
        • Measure physical traits that make each individual unique
          • Voice
          • Fingerprints
          • Hand geometry
          • Signature dynamics
          • Keystroke analysis
          • Retina scanning
          • Face recognition and Genetic pattern analysis
    • Other Security Measures (continued)
      • Computer Failure Controls
        • Preventive maintenance of hardware and management of software updates
        • Backup computer system
        • Carefully scheduled hardware or software changes
        • Highly trained data center personnel
    • Other Security Measures (continued)
      • Fault Tolerant Systems
        • Computer systems that have redundant processors, peripherals, and software
          • Fail-over
          • Fail-safe
          • Fail-soft
    • Other Security Measures (continued)
      • Disaster Recovery
        • Disaster recovery plan
          • Which employees will participate and their duties
          • What hardware, software, and facilities will be used
          • Priority of applications that will be processed
    • System Controls and Audits
      • Information System Controls
        • Methods and devices that attempt to ensure the accuracy, validity, and propriety of information system activities
        • Designed to monitor and maintain the quality and security of input, processing, and storage activities
    • System Controls and Audits (continued)
      • Auditing Business Systems
        • Review and evaluate whether proper and adequate security measures and management policies have been developed and implemented
        • Testing the integrity of an application’s audit trail