Information ethics & intro to information security
Upcoming SlideShare
Loading in...5
×
 

Information ethics & intro to information security

on

  • 2,469 views

 

Statistics

Views

Total Views
2,469
Views on SlideShare
2,458
Embed Views
11

Actions

Likes
1
Downloads
35
Comments
0

1 Embed 11

http://bua235-infosystems.com 11

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Information ethics & intro to information security Information ethics & intro to information security Presentation Transcript

  • Information Ethics & Intro to Information Security Chapter 4
  • Laws & Ethics
    • Ethical issues in the areas of copyright infringement and intellectual property rights are consuming the e-business world
    • Technology makes it extremely easy to copy everything digital!
    Ethics in the Information Age
  • As a result, several technology-related issues arise! Intellectual Property Intangible creative work that is embodied in physical form Copyright The legal protection afforded an expression of an idea Fair Use Doctrine In certain situations, its legal to use copyrighted material Pirated Software Unauthorized use, duplication, distribution, or sale of copyrighted software Counterfeit Software Software that is manufactured to look like the real thing and sold as such
    • The protection of consumer personal information over the Internet is getting an increasing amount of attention.
    • As consumers become more aware of the many online threats that exist to their personal information and businesses attempt to find ways to retain their customers trust. (Peslak, 2005).
    • Two areas of threats
    • Outside threats
        • Hackers
        • Phishing schemes
    • Inside threats
        • Unintended use of consumer PI
        • PI sale to third parties
    Privacy Protection
    • Is the right to be left alone when you want to be, have control over your own personal possessions, and not to be observed without your consent.
    • Confidentiality: is related to privacy. Confidentiality says that messages and information are available to only those who are authorized to view them
            • Hmmm…… what about the use of cookies then?
    Privacy
    • Trust between companies, customers, partners, and suppliers is the support structure of e-business
    • Privacy continues to be a barrier to the growth of e-business
    • The unintentional use of consumer information and the resulting uncertainty of where consumer information ultimately end up diminishes consumer trust of e-commerce websites.
    • When consumers feel that they cannot trust how their personal information is going to be used by online businesses consumers simply choose not to shop online.
    Trust
    • Initially, e-businesses reported that they collected large amounts of consumer personal information for the purposes of;
        • improving services
        • and personalizing the customer’s experience while visiting their website.
    • Today more and more frequently, e-businesses are using PI for uses other than what it is originally authorized to do!
    E-business practices & Consumer Mistrust
    • Book discusses Saab public relations fiasco when a marketing firm “bent” the opt-in rules governing the use of email promotions.
    • In 2005, a survey of large and small businesses found that private smaller companies often placed marketing causes ahead of the altruistic motivation of protecting their customers (Peslak, A.R., 2005)
    Reason for Misuse
  • Consumer Protection
    • Information has no ethics. Information does not care how it is used. It will not stop itself from spamming customers, sharing itself (sensitive or not), or revealing details to third parties, information cannot delete or restore itself
    • Therefore it is the responsibility of those who own or manage information to develop ethical use policies / guidelines
    • Laws were developed to ensure that consumer personal information is being handled securely and that the right to privacy is being enforced.
    • Examples of these laws include;
    • the Health Insurance Portability and Accountability Act (HIPAA),
    • the Family Education Rights and Privacy Act (FERPA),
    • Electronic Communications Privacy Act,
    • Sarbanes-Oxley Act, and the CAN-Spam Act
    Established Information related laws
  • Information Management Policies
    • Sensitive corporate information is a valuable resource
    • Management needs to develop a culture that is based on ethical principles that they can easily implement and employees can understand
    • Establishing this culture is based in the development of written policies that will guide personnel procedures and set organizational rules for the use of information
  • ePolicies
    • Organizational practices & standards related to information
    • Protection from misuse of computer systems and IT resources
    • Minimally, Organizations should develop ePolicies .
    • ePolicies: are policies and procedures that address the ethical use of computers and Internet usage in the business environment
  • ePolicy types
            • Ethical computer use policy
            • Information privacy policy
            • Acceptable use policy
            • E-mail privacy
            • Internet use policy
            • Anti-spam policy
  • Ethical computer use Guide computer use behavior; don’t play games at work; Policy should be clear on what happens after several infractions Information Privacy Policy Includes components related to adoption & Implementation, notice and disclosure, choice & consent, Information security, and information quality and access Acceptable Use Policy
    • Users must agree to follow in order to have access to a network or the Internet.
      • AUPs are common for most business and educational facilities
    Email Privacy Policy
      • Details the extent to which email messages may be read by others
  • More policies
    • Internet Use Policy: contains general principles to guide the proper use of the Internet at work; this limits access to certain categories of websites, why the Internet is available to employees (and why it is not!)
    • Anti-Spam Policy: employees can not send unsolicited emails.
    • Spam by estimates accounts for 40-60% of most organizations email traffic
    • Spam clog e-mail systems and siphons IT resources away from legitimate business projects
  • Ethics: Monitoring in the Workplace
    • Employees shop online at work and email/IM friends and family from work….
    • Employees consume portions of their work day surfing the web…..
    • As a result of this behavior…..
    • Employers are taken a “big brother” approach and monitoring employee Internet usage and emails.
  • Information Technology Monitoring
    • Tracks employees activities using measures such as;
      • Number of keystrokes
      • Error rates
      • And # of transactions processed
    Key loggers / hardware key loggers Record keystrokes and mouse clicks Web Log Consists of one line of information for every visitor to a website
  • Employee Monitoring Policies
    • The best path for an organization planning to engage in employee monitoring is open communication surrounding the issue
    • CSO’s that are open about how, when, and where they monitor employees will find that employees police themselves
  • Intellectual Capital
    • Organizational information is intellectual capital
    • Just like protecting Money in a bank and providing a safe environment for employees, organizations must also protect their intellectual capital
  • Information Security
    • Information Security is a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside the organization
    • Security is the most fundamental & critical of all technologies/ disciplines an organization must have squarely in place to execute its business strategy