Published on

Security & Ethical Challenges

Published in: Entertainment & Humor
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. Security & Ethical Challenges
  2. 2. Learning Objectives <ul><li>Identify ethical issues in how the use of information technologies in business affects employment, individuality, working conditions, privacy, crime, health, and solutions to societal problems. </li></ul>
  3. 3. Ethical Responsibility <ul><li>The use of IT presents major security challenges </li></ul>
  4. 4. Ethical Responsibility (continued) <ul><li>Business Ethics </li></ul><ul><ul><li>Basic categories of ethical issues </li></ul></ul><ul><ul><ul><li>Employee privacy </li></ul></ul></ul><ul><ul><ul><li>Security of company records </li></ul></ul></ul><ul><ul><ul><li>Workplace safety </li></ul></ul></ul>
  5. 5. Ethical Responsibility (continued) <ul><li>Technology Ethics </li></ul><ul><ul><li>Four Principles </li></ul></ul><ul><ul><ul><li>Proportionality </li></ul></ul></ul><ul><ul><ul><ul><li>Good must outweigh any harm or risk </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Must be no alternative that achieves the same or comparable benefits with less harm or risk </li></ul></ul></ul></ul>
  6. 6. Ethical Responsibility (continued) <ul><li>Technology Ethics (continued) </li></ul><ul><ul><ul><li>Informed consent </li></ul></ul></ul><ul><ul><ul><ul><li>Those affected should understand and accept the risks </li></ul></ul></ul></ul><ul><ul><ul><li>Justice </li></ul></ul></ul><ul><ul><ul><ul><li>Benefits and burdens should be distributed fairly </li></ul></ul></ul></ul><ul><ul><ul><li>Minimized Risk </li></ul></ul></ul><ul><ul><ul><ul><li>Even if judged acceptable by the other three guidelines, the technology must be implemented so as to avoid all unnecessary risk </li></ul></ul></ul></ul>
  7. 7. Computer Crime <ul><li>Association of Information Technology Professionals (AITP) definition includes </li></ul><ul><ul><li>The unauthorized use, access, modification, and destruction of hardware, software, data, or network resources </li></ul></ul><ul><ul><li>Unauthorized release of information </li></ul></ul><ul><ul><li>Unauthorized copying of software </li></ul></ul>
  8. 8. <ul><li>Hacking </li></ul><ul><ul><li>The obsessive use of computers, or the unauthorized access and use of networked computer systems </li></ul></ul><ul><li>Cyber Theft </li></ul><ul><ul><li>Involves unauthorized network entry and the fraudulent alteration of computer databases </li></ul></ul>Computer Crime Who commits computer crime?
  9. 9. Computer Crime (continued) <ul><li>Unauthorized use at work </li></ul><ul><ul><li>Also called time and resource theft </li></ul></ul><ul><ul><li>May range from doing private consulting or personal finances, to playing video games, to unauthorized use of the Internet on company networks </li></ul></ul>
  10. 10. Computer Crime (continued) <ul><li>Piracy of intellectual property </li></ul><ul><ul><li>Other forms of intellectual property covered by copyright laws </li></ul></ul><ul><ul><ul><li>Music </li></ul></ul></ul><ul><ul><ul><li>Videos </li></ul></ul></ul><ul><ul><ul><li>Images </li></ul></ul></ul><ul><ul><ul><li>Articles </li></ul></ul></ul><ul><ul><ul><li>Books </li></ul></ul></ul><ul><ul><ul><li>Other written works </li></ul></ul></ul><ul><li>Software Piracy </li></ul><ul><ul><li>Unauthorized copying of software </li></ul></ul><ul><ul><ul><li>Software is intellectual property protected by copyright law and user licensing agreements </li></ul></ul></ul>
  11. 11. Computer Crime (continued) <ul><li>Computer viruses and worms </li></ul><ul><ul><li>Virus </li></ul></ul><ul><ul><ul><li>A program that cannot work without being inserted into another program </li></ul></ul></ul><ul><ul><li>Worm </li></ul></ul><ul><ul><ul><li>A distinct program that can run unaided </li></ul></ul></ul>
  12. 12. Privacy Issues <ul><li>IT makes it technically and economically feasible to collect, store, integrate, interchange, and retrieve data and information quickly and easily. </li></ul><ul><ul><li>Benefit – increases efficiency and effectiveness </li></ul></ul><ul><ul><li>But, may also have a negative effect on individual’s right to privacy </li></ul></ul>
  13. 13. Privacy Issues (continued) <ul><li>Privacy on the Internet </li></ul><ul><ul><li>Users of the Internet are highly visible and open to violations of privacy </li></ul></ul><ul><ul><li>Unsecured with no real rules </li></ul></ul><ul><ul><li>Cookies capture information about you every time you visit a site </li></ul></ul><ul><ul><li>That information may be sold to third parties </li></ul></ul>
  14. 14. Privacy Issues (continued) <ul><li>Privacy on the Internet (continued) </li></ul><ul><ul><li>Protect your privacy by </li></ul></ul><ul><ul><ul><li>Encrypting your messages </li></ul></ul></ul><ul><ul><ul><li>Post to newsgroups through anonymous remailers </li></ul></ul></ul><ul><ul><ul><li>Ask your ISP not to sell your information to mailing list providers and other marketers </li></ul></ul></ul><ul><ul><ul><li>Decline to reveal personal data and interests online </li></ul></ul></ul>
  15. 15. Privacy Issues (continued) <ul><li>Privacy laws </li></ul><ul><ul><li>Attempt to enforce the privacy of computer-based files and communications </li></ul></ul><ul><ul><li>Electronic Communications Privacy Act </li></ul></ul><ul><ul><li>Computer Fraud and Abuse Act </li></ul></ul>
  16. 16. Privacy Issues (continued) <ul><li>Computer Libel and Censorship </li></ul><ul><ul><li>The opposite side of the privacy debate </li></ul></ul><ul><ul><ul><li>Right to know (freedom of information) </li></ul></ul></ul><ul><ul><ul><li>Right to express opinions (freedom of speech) </li></ul></ul></ul><ul><ul><ul><li>Right to publish those opinions (freedom of the press) </li></ul></ul></ul><ul><ul><ul><li>Spamming </li></ul></ul></ul><ul><ul><ul><li>Flaming </li></ul></ul></ul>
  17. 17. Other Challenges <ul><li>Employment </li></ul><ul><ul><li>New jobs have been created and productivity has increased, yet there has been a significant reduction in some types of jobs as a result of IT. </li></ul></ul>
  18. 18. Other Challenges (continued) <ul><li>Computer Monitoring </li></ul><ul><ul><li>Concerns workplace privacy </li></ul></ul><ul><ul><ul><li>Monitors individuals, not just work </li></ul></ul></ul><ul><ul><ul><li>Is done continually. May be seen as violating workers’ privacy & personal freedom </li></ul></ul></ul><ul><ul><ul><li>Workers may not know that they are being monitored or how the information is being used </li></ul></ul></ul><ul><ul><ul><li>May increase workers’ stress level </li></ul></ul></ul><ul><ul><ul><li>May rob workers of the dignity of their work </li></ul></ul></ul>
  19. 19. Other Challenges (continued) <ul><li>Working Conditions </li></ul><ul><ul><li>IT has eliminated many monotonous, obnoxious tasks, but has created others </li></ul></ul><ul><li>Individuality </li></ul><ul><ul><li>Computer-based systems criticized as impersonal systems that dehumanize and depersonalize activities </li></ul></ul><ul><ul><li>Regimentation </li></ul></ul>
  20. 20. Health Issues <ul><li>Job stress </li></ul><ul><li>Muscle damage </li></ul><ul><li>Eye strain </li></ul><ul><li>Radiation exposure </li></ul><ul><li>Accidents </li></ul><ul><li>Some solutions </li></ul><ul><ul><li>Ergonomics (human factors engineering) </li></ul></ul><ul><ul><ul><li>Goal is to design healthy work environments </li></ul></ul></ul>
  21. 21. Health Issues (continued)
  22. 22. Section II Security Management
  23. 23. Tools of Security Management <ul><li>Goal </li></ul><ul><ul><li>Minimize errors, fraud, and losses in the e-business systems that interconnect businesses with their customers, suppliers, and other stakeholders </li></ul></ul>
  24. 24.
  25. 25. Internetworked Security Defenses <ul><li>Encryption </li></ul><ul><ul><li>Passwords, messages, files, and other data is transmitted in scrambled form and unscrambled for authorized users </li></ul></ul><ul><ul><li>Involves using special mathematical algorithms to transform digital data in scrambled code </li></ul></ul><ul><ul><li>Most widely used method uses a pair of public and private keys unique to each individual </li></ul></ul>
  26. 26. Internetworked Security Defenses (continued) <ul><li>Firewalls </li></ul><ul><ul><li>Serves as a “gatekeeper” system that protects a company’s intranets and other computer networks from intrusion </li></ul></ul><ul><ul><ul><li>Provides a filter and safe transfer point </li></ul></ul></ul><ul><ul><ul><li>Screens all network traffic for proper passwords or other security codes </li></ul></ul></ul>
  27. 27. Internetworked Security Defenses (continued) <ul><li>Denial of Service Defenses </li></ul><ul><ul><li>These assaults depend on three layers of networked computer systems </li></ul></ul><ul><ul><ul><li>Victim’s website </li></ul></ul></ul><ul><ul><ul><li>Victim’s ISP </li></ul></ul></ul><ul><ul><ul><li>Sites of “zombie” or slave computers </li></ul></ul></ul><ul><ul><li>Defensive measures and security precautions must be taken at all three levels </li></ul></ul>
  28. 28. Internetworked Security Defenses (continued) <ul><li>E-mail Monitoring </li></ul><ul><ul><li>“ Spot checks just aren’t good enough anymore. The tide is turning toward systematic monitoring of corporate e-mail traffic using content-monitoring software that scans for troublesome words that might compromise corporate security.” </li></ul></ul>
  29. 29. Internetworked Security Defenses (continued) <ul><li>Virus Defenses </li></ul><ul><ul><li>Protection may accomplished through </li></ul></ul><ul><ul><ul><li>Centralized distribution and updating of antivirus software </li></ul></ul></ul><ul><ul><ul><li>Outsourcing the virus protection responsibility to ISPs or to telecommunications or security management companies </li></ul></ul></ul>
  30. 30. Other Security Measures <ul><li>Security codes </li></ul><ul><ul><li>Multilevel password system </li></ul></ul><ul><ul><ul><li>Log onto the computer system </li></ul></ul></ul><ul><ul><ul><li>Gain access into the system </li></ul></ul></ul><ul><ul><ul><li>Access individual files </li></ul></ul></ul>
  31. 31. Other Security Measures (continued) <ul><li>Backup Files </li></ul><ul><ul><li>Duplicate files of data or programs </li></ul></ul><ul><ul><li>File retention measures </li></ul></ul><ul><ul><li>Sometimes several generations of files are kept for control purposes </li></ul></ul>
  32. 32. Other Security Measures (continued) <ul><li>Security Monitors </li></ul><ul><ul><li>Programs that monitor the use of computer systems and networks and protect them from unauthorized use, fraud, and destruction </li></ul></ul>
  33. 33. Other Security Measures (continued) <ul><li>Biometric Security </li></ul><ul><ul><li>Measure physical traits that make each individual unique </li></ul></ul><ul><ul><ul><li>Voice </li></ul></ul></ul><ul><ul><ul><li>Fingerprints </li></ul></ul></ul><ul><ul><ul><li>Hand geometry </li></ul></ul></ul><ul><ul><ul><li>Signature dynamics </li></ul></ul></ul><ul><ul><ul><li>Keystroke analysis </li></ul></ul></ul><ul><ul><ul><li>Retina scanning </li></ul></ul></ul><ul><ul><ul><li>Face recognition and Genetic pattern analysis </li></ul></ul></ul>
  34. 34. Other Security Measures (continued) <ul><li>Computer Failure Controls </li></ul><ul><ul><li>Preventive maintenance of hardware and management of software updates </li></ul></ul><ul><ul><li>Backup computer system </li></ul></ul><ul><ul><li>Carefully scheduled hardware or software changes </li></ul></ul><ul><ul><li>Highly trained data center personnel </li></ul></ul>
  35. 35. Other Security Measures (continued) <ul><li>Fault Tolerant Systems </li></ul><ul><ul><li>Computer systems that have redundant processors, peripherals, and software </li></ul></ul><ul><ul><ul><li>Fail-over </li></ul></ul></ul><ul><ul><ul><li>Fail-safe </li></ul></ul></ul><ul><ul><ul><li>Fail-soft </li></ul></ul></ul>
  36. 36. Other Security Measures (continued) <ul><li>Disaster Recovery </li></ul><ul><ul><li>Disaster recovery plan </li></ul></ul><ul><ul><ul><li>Which employees will participate and their duties </li></ul></ul></ul><ul><ul><ul><li>What hardware, software, and facilities will be used </li></ul></ul></ul><ul><ul><ul><li>Priority of applications that will be processed </li></ul></ul></ul>
  37. 37. System Controls and Audits <ul><li>Information System Controls </li></ul><ul><ul><li>Methods and devices that attempt to ensure the accuracy, validity, and propriety of information system activities </li></ul></ul><ul><ul><li>Designed to monitor and maintain the quality and security of input, processing, and storage activities </li></ul></ul>
  38. 38. System Controls and Audits (continued) <ul><li>Auditing Business Systems </li></ul><ul><ul><li>Review and evaluate whether proper and adequate security measures and management policies have been developed and implemented </li></ul></ul><ul><ul><li>Testing the integrity of an application’s audit trail </li></ul></ul>