Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Security & ethical challenges


Published on

Published in: Education, Technology, Business
  • Be the first to comment

Security & ethical challenges

  1. 1. Security and Ethical Challenges Management Information Systems Management Information Systems Reported by: LOUIE A. MEDINACELI ZEPPELIN B. MALPAL AZUDIN T. MAZTURA CLODUALDO G. MAGAAN, JR. GILBERT S. DADOR, MBA Special Lecturer
  2. 2. Security challenges <ul><li>Computer crimes that exist in the present society are:- </li></ul><ul><li>Hacking </li></ul><ul><li>Cyber Theft </li></ul><ul><li>Unauthorized use at work </li></ul><ul><li>Software Piracy </li></ul><ul><li>Piracy of intellectual property </li></ul><ul><li>Computer viruses and worms </li></ul>Management Information Systems
  3. 3. Hacking <ul><li>Hacking is the obsessive use of computers, or the unauthorized access and use of networked computer systems. Hackers usually </li></ul><ul><li>Steal or damage data </li></ul><ul><li>Get unauthorized access to computer files </li></ul><ul><li>Monitor e-mails or web server access </li></ul><ul><li>May use remote services that allow one computer to execute programs on another </li></ul><ul><li>Plant data that will cause system to welcome intruders </li></ul>Management Information Systems
  4. 4. Cyber Theft <ul><li>Cyber theft involves theft of money by unauthorized network entry and fraudulent alteration of computer databases. </li></ul>Management Information Systems
  5. 5. Unauthorized use at Work <ul><li>Unauthorized use of computer resources especially by employees </li></ul><ul><li>Playing video games </li></ul><ul><li>Unauthorized use of internet </li></ul><ul><li>Non-work related upload/download </li></ul><ul><li>Transmission of confidential data </li></ul><ul><li>Moonlighting </li></ul>Management Information Systems
  6. 6. Software Piracy <ul><li>Unauthorized copying of data is called software piracy or software theft </li></ul><ul><li>Software is protected by copyright law and user license agreement that allows only limited copies to be made </li></ul>Management Information Systems
  7. 7. Piracy of Intellectual Property <ul><li>Materials other than software are also pirated by making multiple copies </li></ul><ul><li>Piracy of music, video, images, articles, books etc. </li></ul><ul><li>Dissemination of these material through internet websites </li></ul>Management Information Systems
  8. 8. Computer viruses and worms <ul><li>A virus is a program code that cannot work without being inserted into another program </li></ul><ul><li>A worm is a distinct program that can run unaided </li></ul><ul><li>These programs copy annoying or destructive routines into the networked computer systems of anyone who accesses computers affected with the virus or who uses copies of magnetic disks taken from infected computers </li></ul><ul><li>They enter a computer through e-mail or file attachments, or through illegal software. A virus usually copies itself into the OS, and then spreads to main memory and thus hard disk and any inserted external memory. </li></ul>Management Information Systems
  9. 9. Privacy Issues <ul><li>Privacy on the internet </li></ul><ul><li>Computer Matching </li></ul><ul><li>Privacy Laws </li></ul><ul><li>Computer libel and censorship (threats are spamming and flaming) </li></ul>Management Information Systems
  10. 10. Other Challenges <ul><li>Employment challenges because a lot of tasks have been automated </li></ul><ul><li>Computer monitoring causes intrusion in personal space for workers </li></ul><ul><li>Challenges in working conditions are caused by tasks which are monotonous in nature. But it also automates most of the work and gives way to more challenging jobs </li></ul><ul><li>Challenges to individuality as they eliminate the human relationships between people </li></ul>Management Information Systems
  11. 11. Health issues <ul><li>The use of IT in the workplace raises a variety of health issues . Heavy use of computers is reportedly causing health problems such as: </li></ul><ul><li>· Job stress </li></ul><ul><li>· Damaged arm and neck muscles </li></ul><ul><li>· Eye strain </li></ul><ul><li>· Radiation exposure </li></ul><ul><li>· Death by computer-caused accidents </li></ul>Management Information Systems
  12. 12. Benefits <ul><li>Medical diagnosis </li></ul><ul><li>Crime control </li></ul><ul><li>Environmental monitoring </li></ul><ul><li>Urban planning </li></ul><ul><li>Computer based training </li></ul><ul><li>Distance learning </li></ul>Management Information Systems
  13. 13. Ethical responsibility of business professionals <ul><li>Business ethics are concerned with </li></ul><ul><li>Equity </li></ul><ul><li>Rights </li></ul><ul><li>Honesty </li></ul><ul><li>Exercise of corporate power </li></ul>Management Information Systems
  14. 14. Categories of Ethical Business Issues Management Information Systems
  15. 15. Theories of corporate social responsibility <ul><li>The stockholders theory holds that managers are agents of the stockholders and their only ethical responsibility is to increase the profits of the business without violating the law or engaging in fraudulent activities. </li></ul><ul><li>The social contract theory states that companies have ethical responsibilities to all members of society, which allow corporations to exist based on a social contract </li></ul><ul><li>The stakeholders theory states that managers have ethical responsibility to manage a firm for the benefit of all of its stakeholders i.e. stockholders, employees, customers, suppliers and local community. </li></ul>Management Information Systems
  16. 16. Principles of technology ethics <ul><li>Proportionality of benefits to risk </li></ul><ul><li>Informed consent to risks </li></ul><ul><li>Justice in distribution of risk with benefits derived to each sub unit </li></ul><ul><li>Minimized risk by the selected option </li></ul>Management Information Systems
  17. 17. Ethical guideline <ul><li>Acting with integrity </li></ul><ul><li>Increasing your professional competence </li></ul><ul><li>Setting high standards of personal performance </li></ul><ul><li>Accepting responsibility for your work </li></ul><ul><li>Advancing the health, privacy, and general welfare of the public </li></ul>Management Information Systems
  18. 18. Security management of IT <ul><li>Encryption </li></ul><ul><li>Firewalls </li></ul><ul><li>Denial of service attacks </li></ul><ul><li>E-mail monitoring </li></ul><ul><li>Virus defense </li></ul><ul><li>Security codes </li></ul><ul><li>Backup files </li></ul><ul><li>Security monitors </li></ul><ul><li>Biometric security </li></ul><ul><li>Computer failure controls </li></ul><ul><li>Fault tolerant systems </li></ul><ul><li>Disaster recovery </li></ul><ul><li>System controls and audits </li></ul>Management Information Systems
  19. 19. Encryption <ul><li>The concept of private key and public key can be extended to authentication protocols. There are three types of authentication protocols followed by organizations. </li></ul><ul><li>Password Authentication protocol </li></ul><ul><li>Challenge Handshake authentication Protocol </li></ul><ul><li>Extensible Authentication Protocol </li></ul>Management Information Systems
  20. 20. Firewall <ul><li>Firewalls are used to restrict access to one network from another network. Different types of firewalls exist. </li></ul><ul><li>Packet Filtering </li></ul><ul><li>Stateful firewalls </li></ul><ul><li>Proxy Firewalls </li></ul><ul><li>Kernel Proxy firewalls </li></ul>Management Information Systems
  21. 21. Denial of Service Defenses <ul><li>The Internet is extremely vulnerable to variety of assaults by criminal hackers, especially denial of service (DOS) </li></ul><ul><li>attacks. Denial of service assaults via the Internet depend on three layers of networked computer systems, and </li></ul><ul><li>these are the basic steps e-business companies and other organizations can take to protect their websites form </li></ul><ul><li>denial of service and other hacking attacks . </li></ul>Management Information Systems
  22. 22. e-Mail Monitoring <ul><li>Internet and other online e-mail systems are one of the favorite avenues of attack by hackers for spreading computer viruses or breaking into networked computers. E-mail is also the battleground for attempts by companies to enforce policies against illegal, personal, or damaging messages by employees, and the demands of some </li></ul><ul><li>employees and others, who see such policies as violations of privacy rights. </li></ul>Management Information Systems
  23. 23. Virus Defenses <ul><li>Many companies are building defenses against the spread of viruses by centralizing the distribution and updating of antivirus software, as a responsibility of there IS departments. Other companies are outsourcing the virus </li></ul><ul><li>protection responsibility to their Internet service providers or to telecommunications or security management </li></ul><ul><li>companies. </li></ul>Management Information Systems
  24. 24. Security Codes <ul><li>Typically, a multilevel password system is used for security management. </li></ul><ul><li>First, an end user logs on to the computer system by entering his or her unique identification code, or user ID. </li></ul><ul><li>The end user is then asked to enter a password in order to gain access into the system. </li></ul><ul><li>Next, to access an individual file, a unique file name must be entered. </li></ul>Management Information Systems
  25. 25. Backup Files <ul><li>Backup files, which are duplicate files of data or programs, are another important security measure. </li></ul><ul><li>· Files can be protected by file retention measures that involve storing copies of files from previous periods. </li></ul><ul><li>· Several generations of files can be kept for control purposes. </li></ul>Management Information Systems
  26. 26. Security Monitors <ul><li>System security monitors are programs that monitor the use of computer systems and networks and protect them </li></ul><ul><li>from unauthorized use, fraud, and destruction. </li></ul><ul><li>Security monitor programs provide the security measures needed to allow only authorized users to access the networks. </li></ul><ul><li>Security monitors also control the use of the hardware, software, and data resources of a computer system . </li></ul><ul><li>Security monitors can be used to monitor the use of computer networks and collect statistics on any attempts at improper use. </li></ul>Management Information Systems
  27. 27. Biometric Security <ul><li>These are security measures provided by computer devices, which measure physical traits that make each </li></ul><ul><li>individual unique. This includes: </li></ul><ul><li>Voice verification </li></ul><ul><li>Fingerprints </li></ul><ul><li>Hand geometry </li></ul><ul><li>Signature dynamics </li></ul><ul><li>Keystroke analysis </li></ul><ul><li>Retina scanning </li></ul><ul><li>Face recognition </li></ul><ul><li>Genetic pattern analysis </li></ul>Management Information Systems
  28. 28. Computer Failure Controls <ul><li>Programs of preventative maintenance of hardware and management of software updates are commonplace </li></ul><ul><li>Using computers equipped with automatic and remote maintenance capabilities </li></ul><ul><li>Establishing standards for electrical supply, air conditioning, humidity control, and fire prevention standards </li></ul>Management Information Systems
  29. 29. Computer Failure Controls <ul><li>Arrange for a backup computer system capability with disaster recovery organizations. </li></ul><ul><li>Scheduling and implementing major hardware or software changes to avoid problems. </li></ul><ul><li>Training and supervision of computer operators. </li></ul><ul><li>Using fault tolerant computer systems (fail-safe and fail-soft capabilities) </li></ul>Management Information Systems
  30. 30. Computer Failure Controls <ul><li>Arrange for a backup computer system capability with disaster recovery organizations. </li></ul><ul><li>Scheduling and implementing major hardware or software changes to avoid problems. </li></ul><ul><li>Training and supervision of computer operators. </li></ul><ul><li>Using fault tolerant computer systems (fail-safe and fail-soft capabilities) </li></ul>Management Information Systems
  31. 31. Fault Tolerant Systems Management Information Systems
  32. 32. Disaster Recovery <ul><li>Hurricanes, earthquakes, fires, floods, criminal and terrorist acts, and human error can all severely damage an organization's computing resources, and thus the health of the organization itself. That is why it is important for organizations to develop disaster recovery procedures and formalize them in a disaster recovery plan. It specifies which employees will participate in disaster recovery, and what their duties will be; what hardware, software, and facilities will be used; and the priority of applications that will be processed. Arrangements with other companies for use of alternative facilities as a disaster recovery site and off site storage of an organization's databases are also part of an effective recovery effort. </li></ul>Management Information Systems