Information ethics & intro to information securityPresentation Transcript
Information Ethics & Intro to Information Security Chapter 4
Laws & Ethics
Ethical issues in the areas of copyright infringement and intellectual property rights are consuming the e-business world
Technology makes it extremely easy to copy everything digital!
Ethics in the Information Age
As a result, several technology-related issues arise! Intellectual Property Intangible creative work that is embodied in physical form Copyright The legal protection afforded an expression of an idea Fair Use Doctrine In certain situations, its legal to use copyrighted material Pirated Software Unauthorized use, duplication, distribution, or sale of copyrighted software Counterfeit Software Software that is manufactured to look like the real thing and sold as such
The protection of consumer personal information over the Internet is getting an increasing amount of attention.
As consumers become more aware of the many online threats that exist to their personal information and businesses attempt to find ways to retain their customers trust. (Peslak, 2005).
Two areas of threats
Unintended use of consumer PI
PI sale to third parties
Is the right to be left alone when you want to be, have control over your own personal possessions, and not to be observed without your consent.
Confidentiality: is related to privacy. Confidentiality says that messages and information are available to only those who are authorized to view them
Trust between companies, customers, partners, and suppliers is the support structure of e-business
Privacy continues to be a barrier to the growth of e-business
The unintentional use of consumer information and the resulting uncertainty of where consumer information ultimately end up diminishes consumer trust of e-commerce websites.
When consumers feel that they cannot trust how their personal information is going to be used by online businesses consumers simply choose not to shop online.
Initially, e-businesses reported that they collected large amounts of consumer personal information for the purposes of;
and personalizing the customer’s experience while visiting their website.
Today more and more frequently, e-businesses are using PI for uses other than what it is originally authorized to do!
E-business practices & Consumer Mistrust
Book discusses Saab public relations fiasco when a marketing firm “bent” the opt-in rules governing the use of email promotions.
In 2005, a survey of large and small businesses found that private smaller companies often placed marketing causes ahead of the altruistic motivation of protecting their customers (Peslak, A.R., 2005)
Reason for Misuse
Information has no ethics. Information does not care how it is used. It will not stop itself from spamming customers, sharing itself (sensitive or not), or revealing details to third parties, information cannot delete or restore itself
Therefore it is the responsibility of those who own or manage information to develop ethical use policies / guidelines
Laws were developed to ensure that consumer personal information is being handled securely and that the right to privacy is being enforced.
Examples of these laws include;
the Health Insurance Portability and Accountability Act (HIPAA),
the Family Education Rights and Privacy Act (FERPA),
Electronic Communications Privacy Act,
Sarbanes-Oxley Act, and the CAN-Spam Act
Established Information related laws
Information Management Policies
Sensitive corporate information is a valuable resource
Management needs to develop a culture that is based on ethical principles that they can easily implement and employees can understand
Establishing this culture is based in the development of written policies that will guide personnel procedures and set organizational rules for the use of information
Organizational practices & standards related to information
Protection from misuse of computer systems and IT resources
Minimally, Organizations should develop ePolicies .
ePolicies: are policies and procedures that address the ethical use of computers and Internet usage in the business environment
Ethical computer use policy
Acceptable use policy
Internet use policy
Users must agree to follow in order to have access to a network or the Internet.
AUPs are common for most business and educational facilities
Details the extent to which email messages may be read by others
Internet Use Policy: contains general principles to guide the proper use of the Internet at work; this limits access to certain categories of websites, why the Internet is available to employees (and why it is not!)
Anti-Spam Policy: employees can not send unsolicited emails.
Spam by estimates accounts for 40-60% of most organizations email traffic
Spam clog e-mail systems and siphons IT resources away from legitimate business projects
Ethics: Monitoring in the Workplace
Employees shop online at work and email/IM friends and family from work….
Employees consume portions of their work day surfing the web…..
As a result of this behavior…..
Employers are taken a “big brother” approach and monitoring employee Internet usage and emails.
Information Technology Monitoring
Tracks employees activities using measures such as;
Number of keystrokes
And # of transactions processed
Key loggers / hardware key loggers Record keystrokes and mouse clicks Web Log Consists of one line of information for every visitor to a website
Employee Monitoring Policies
The best path for an organization planning to engage in employee monitoring is open communication surrounding the issue
CSO’s that are open about how, when, and where they monitor employees will find that employees police themselves
Organizational information is intellectual capital
Just like protecting Money in a bank and providing a safe environment for employees, organizations must also protect their intellectual capital
Information Security is a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside the organization
Security is the most fundamental & critical of all technologies/ disciplines an organization must have squarely in place to execute its business strategy