Ch14 091120101906-phpapp01

Principles of Information
Systems
Eighth Edition
Chapter 14
The Personal and Social Impact of
Computers

2Principles of Information Systems, Eighth Edition
Principles and Learning Objectives
• Policies and procedures must be established to
avoid computer waste and mistakes
– Describe some examples of waste and mistakes in
an IS environment, their causes, and possible
solutions
– Identify policies and procedures useful in eliminating
waste and mistakes
– Discuss the principles and limits of an individual’s
right to privacy

(continued)
• Computer crime is a serious and rapidly growing
area of concern requiring management attention
– Explain the types and effects of computer crime
– Identify specific measures to prevent computer crime

(continued)
• Jobs, equipment, and working conditions must be
designed to avoid negative health effects
– List the important effects of computers on the work
environment
– Identify specific actions that must be taken to ensure
the health and safety of employees
– Outline criteria for the ethical use of information
systems

Why Learn About Security, Privacy,
and Ethical Issues in Information
Systems and the Internet?
• Many nontechnical issues associated with ISs
• Human Resource employees need to:
– Prevent computer waste and mistakes
– Avoid privacy violations
– Comply with laws about:
• Collecting customer data
• Monitoring employees
• Employees, IS users, and Internet users need to:
– Avoid crime, fraud, privacy invasion

Computer Waste and Mistakes
• Computer waste
– Inappropriate use of computer technology and
resources
• Computer-related mistakes
– Errors, failures, and other computer problems that
make computer output incorrect or not useful
– Caused mostly by human error

Computer Waste
• Cause: improper management of information
systems and resources
– Discarding old software and computer systems when
they still have value
– Building and maintaining complex systems that are
never used to their fullest extent
– Using corporate time and technology for personal
use
– Spam

Computer-Related Mistakes
• Common causes
– Failure by users to follow proper procedures
– Unclear expectations and a lack of feedback
– Program development that contains errors
– Incorrect data entry by data-entry clerk

Preventing Computer-Related Waste
and Mistakes
• Effective policies and procedures must be:
– Established
– Implemented
– Monitored
– Reviewed

Establishing Policies and Procedures
• Establish policies and procedures regarding
efficient acquisition, use, and disposal of systems
and devices
• Identify most common types of computer-related
mistakes
• Training programs for individuals and workgroups
• Manuals and documents on how computer systems
are to be maintained and used
• Approval of certain systems and applications
before they are implemented and used

Implementing Policies and Procedures
• Policies often focus on:
– Implementation of source data automation
– Use of data editing to ensure data accuracy and
completeness
– Assignment of clear responsibility for data accuracy
within each information system
• Training is very important for acceptance and
implementation of policies and procedures

Monitoring Policies and Procedures
• Monitor routine practices and take corrective action
if necessary
• Implement internal audits to measure actual results
against established goals
• Follow requirements in Sarbanes-Oxley Act
– Requires companies to document underlying
financial data to validate earnings reports

Reviewing Policies and Procedures
• Do current policies cover existing practices
adequately?
– Were any problems or opportunities uncovered
during monitoring?
• Does the organization plan any new activities in the
future?
– If so, does it need new policies or procedures on
who will handle them and what must be done?
• Are contingencies and disasters covered?

Computer Crime
• Often defies detection
• Amount stolen or diverted can be substantial
• Crime is “clean” and nonviolent
• Number of IT-related security incidents is
increasing dramatically
• Computer crime is now global

The Computer as a Tool to Commit
Crime
• Criminals need two capabilities to commit most
computer crimes
– Knowing how to gain access to computer system
– Knowing how to manipulate the system to produce
desired results
• Examples
– Social engineering
– Dumpster diving
– Counterfeit and banking fraud using sophisticated
desktop publishing programs and high-quality
printers

Cyberterrorism
• Cyberterrorist: intimidates or coerces a
government or organization to advance his or her
political or social objectives by launching computer-
based attacks against computers, networks, and
information stored on them
• Homeland Security Department’s Information
Analysis and Infrastructure Protection Directorate
– Serves as governmental focal point for fighting
cyberterrorism

Identity Theft
• Imposter obtains personal identification information
such as Social Security or driver’s license numbers
in order to impersonate someone else
– To obtain credit, merchandise, and services in the
name of the victim
– To have false credentials
• Identity Theft and Assumption Deterrence Act of
1998 passed to fight identity theft
• 9 million victims in 2005

The Computer as the Object of Crime
• Crimes fall into several categories
– Illegal access and use
– Data alteration and destruction
– Information and equipment theft
– Software and Internet piracy
– Computer-related scams
– International computer crime

Illegal Access and Use
• Hacker: learns about and uses computer systems
• Criminal hacker (also called a cracker): gains
unauthorized use or illegal access to computer
systems
• Script bunny: automates the job of crackers
• Insider: employee who comprises corporate
systems
• Malware: software programs that destroy or
damage processing

Illegal Access and Use (continued)
• Virus: program file capable of attaching to disks or
other files and replicating itself repeatedly
• Worm: parasitic computer program that can create
copies of itself on infected computer or send copies
to other computers via a network

Illegal Access and Use (continued)
• Trojan horse: program that appears to be useful
but purposefully does something user does not
expect
• Logic bomb: type of Trojan horse that executes
when specific conditions occur
• Variant: modified version of a virus that is
produced by virus’s author or another person

Using Antivirus Programs
• Antivirus program: program or utility that prevents
viruses and recovers from them if they infect a
computer
• Tips on using antivirus software
– Run and update antivirus software often
– Scan all diskettes and CDs before using them
– Install software only from a sealed package or
secure, well-known Web site
– Follow careful downloading practices
– If you detect a virus, take immediate action

Using Antivirus Programs (continued)
Antivirus software should be used and updated often

Information and Equipment Theft
• Obtaining identification numbers and passwords to
steal information or disrupt systems
– Trial and error, password sniffer program
• Software theft
• Computer systems and equipment theft
– Data on equipment is valuable

Software and Internet Software Piracy
• Software is protected by copyright laws
• Copyright law violations
– Making additional copies
– Loading the software onto more than one machine
• Software piracy: act of illegally duplicating
software
• Internet-based software piracy
– Most rapidly expanding type of software piracy and
most difficult form to combat
– Examples: pirate Web sites, auction sites with
counterfeit software, peer-to-peer networks

Computer-Related Scams
• Examples of Internet scams
– Get-rich-quick schemes
– “Free” vacations with huge hidden costs
– Bank fraud
– Fake telephone lotteries
– Selling worthless penny stocks
• Phishing
– Gaining access to personal information by
redirecting user to fake site

International Computer Crime
• Computer crime becomes more complex when it is
committed internationally
• Large percentage of software piracy takes place
across borders
• Threat of terrorists, international drug dealers, and
other criminals using information systems to
launder illegally obtained funds
• Computer Associates International’s CleverPath for
Global Compliance software

Preventing Computer-Related Crime
• Efforts to curb computer crime being made by:
– Private users
– Companies
– Employees
– Public officials

Crime Prevention by State and
Federal Agencies
• Computer Fraud and Abuse Act of 1986
– Punishment based on the victim’s dollar loss
• Computer Emergency Response Team (CERT)
– Responds to network security breaches
– Monitors systems for emerging threats
• Newer and tougher computer crime legislation is
emerging

Crime Prevention by Corporations
• Public key infrastructure (PKI)
– Allows users of an unsecured public network such as
the Internet to securely and privately exchange data
– Use of a public and a private cryptographic key pair,
obtained and shared through a trusted authority
• Biometrics: measurement of one of a person’s
traits, whether physical or behavioral

Table 14.3: Common Methods Used to Commit Computer Crimes
(continued)

(continued)
Table 14.3: Common Methods Used to Commit Computer Crimes
(continued)

Using Intrusion Detection Software
• Intrusion detection system (IDS)
– Monitors system and network resources
– Notifies network security personnel when it senses a
possible intrusion, such as:
• Repeated failed logon attempts
• Attempts to download a program to a server
• Access to a system at unusual hours
– Can provide false alarms
– E-mail or voice message alerts may be missed

Using Managed Security Service
Providers (MSSPs)
• Managed security service provider (MSSP):
organization that monitors, manages, and
maintains network security for both hardware and
software for its client companies
– Sifts through alarms and alerts from all monitoring
systems
– May provide scanning, blocking, and filtering
capabilities
– Useful for small and midsized companies

Internet Laws for Libel and Protection
of Decency
• Filtering software
– Screens Internet content to protect children
– Prevents children from sending personal information
over e-mail or through chat groups
• Internet Content Rating Association (ICRA) rating
system for Web sites
• Children’s Internet Protection Act (CIPA)
– Requires filters in federally funded libraries

Internet Laws for Libel and Protection
of Decency (continued)
• Libel: publishing an intentionally false written
statement that is damaging to a person’s reputation
• Can online services be sued for libel for content
that someone else publishes on their service?

Preventing Crime on the Internet
• Develop effective Internet usage and security
policies
• Use a stand-alone firewall with network monitoring
capabilities
• Deploy intrusion detection systems, monitor them,
and follow up on their alarms
• Monitor managers’ and employees’ use of Internet
• Use Internet security specialists to perform audits
of all Internet and network activities

Privacy Issues
• With information systems, privacy deals with the
collection and use or misuse of data
• More and more information on all of us is being
collected, stored, used, and shared among
organizations
• Who owns this information and knowledge?

Privacy and the Federal Government
• Data collectors
– U.S. federal government
– State and local governments
– Profit and nonprofit organizations
• U.S. National Security Agency (NSA)’s program to
wiretap telephone and Internet traffic of U.S.
residents

Privacy at Work
• Rights of workers who want their privacy versus
interests of companies that demand to know more
about their employees
• Workers can be closely monitored via computer
technology
– Track every keystroke made by a user
– Determine what workers are doing while at the
keyboard
– Estimate how many breaks workers are taking
• Many workers consider monitoring dehumanizing

E-Mail Privacy
• Federal law permits employers to monitor e-mail
sent and received by employees
• E-mail messages that have been erased from hard
disks can be retrieved and used in lawsuits
• Use of e-mail among public officials might violate
“open meeting” laws

Privacy and the Internet
• Huge potential for privacy invasion on the Internet
– E-mail messages
– Visiting a Web site
– Buying products over the Internet
• Platform for Privacy Preferences (P3P): screening
technology
• Children’s Online Privacy Protection Act (COPPA),
1998: requires privacy policies and parental
consent
• Potential dangers on social networking Web sites

Fairness in Information Use
Table 14.4: The Right to Know and the Ability to Decide

Fairness in Information Use
(continued)
• The Privacy Act of 1974: provides privacy
protection from federal agencies
• Gramm-Leach-Bliley Act: requires financial
institutions to protect customers’ nonpublic data
• USA Patriot Act: allows law enforcement and
intelligence agencies to gather private information
• Other laws regulate fax advertisements, credit-card
bureaus, the IRS, video rental stores,
telemarketers, etc.

Corporate Privacy Policies
• Should address a customer’s knowledge, control,
notice, and consent over storage and use of
information
• May cover who has access to private data and
when it may be used
• A good database design practice is to assign a
single unique identifier to each customer

Individual Efforts to Protect Privacy
• Find out what is stored about you in existing
databases
• Be careful when you share information about
yourself
• Be proactive to protect your privacy
• When purchasing anything from a Web site, make
sure that you safeguard your credit card numbers,
passwords, and personal information

The Work Environment
• Use of computer-based information systems has
changed the workforce
– Jobs that require IS literacy have increased
– Less-skilled positions have decreased
• Computer technology and information systems
have opened up numerous avenues to
professionals and nonprofessionals
• Despite increasing productivity and efficiency,
computers and information systems can raise other
concerns

Health Concerns
• Occupational stress
• Repetitive stress injury (RSI)
• Carpal tunnel syndrome (CTS)
• Emissions from improperly maintained and used
equipment
• Increase in traffic accidents due to drivers using
cell phones, laptops, or other devices while driving

Avoiding Health and Environment
Problems
• Work stressors: hazardous activities associated
with unfavorable conditions of a poorly designed
work environment
• Ergonomics: science of designing machines,
products, and systems to maximize safety, comfort,
and efficiency of people who use them
• Employers, individuals, and hardware
manufacturing companies can take steps to reduce
RSI and develop a better work environment

Avoiding Health and Environment
Problems (continued)
Research has shown that developing certain ergonomically correct habits can
reduce the risk of RSI when using a computer

Ethical Issues in Information Systems
• Laws do not provide a complete guide to ethical
behavior
• Many IS-related organizations have codes of ethics
for their members
• American Computing Machinery (ACM): oldest
computing society founded in 1947
• ACM’s code of ethics and professional conduct
– Contribute to society and human well-being
– Avoid harm to others
– Be honest and trustworthy

Ethical Issues in Information Systems
(continued)
• ACM’s code of ethics and professional conduct
(continued)
– Be fair and take action not to discriminate
– Honor property rights including copyrights and
patents
– Give proper credit for intellectual property
– Respect the privacy of others
– Honor confidentiality

Summary
• Computer waste: inappropriate use of computer
technology and resources
• Computer-related mistakes: errors, failures, and
other computer problems that make computer
output incorrect or not useful; caused mostly by
human error
• Preventing computer-related waste and mistakes
requires establishing, implementing, monitoring,
and reviewing effective policies and procedures

Summary (continued)
• Criminals need two capabilities to commit most
computer crimes: knowing how to gain access to a
computer system and knowing how to manipulate
the system to produce desired results
• Crimes in which computer is the tool:
cyberterrorism, identity theft, etc.
• Crimes in which computer is the object of crime:
illegal access and use, data alteration and
destruction, information and equipment theft,
software and Internet piracy, computer-related
scams, and international computer crime

Summary (continued)
• Efforts to curb computer crime are being made by
state and federal agencies, corporations, and
individuals
• With information systems, privacy deals with the
collection and use or misuse of data
• Ergonomics: science of designing machines,
products, and systems to maximize safety, comfort,
and efficiency of people who use them
• Many IS-related organizations have codes of ethics
for their members

Ch14 091120101906-phpapp01

Recommended

Recommended

More Related Content

What's hot

What's hot (16)

Similar to Ch14 091120101906-phpapp01

Similar to Ch14 091120101906-phpapp01 (20)

More from Cleophas Rwemera

More from Cleophas Rwemera (20)

Recently uploaded

Recently uploaded (20)

Ch14 091120101906-phpapp01