SlideShare a Scribd company logo

Ethical and security issues on MIS inte 322 assignment.docx

Download as DOCX, PDF
G
GogoOmolloFrancis

Information systems bring benefits to organizations but also introduce ethical and security issues if not addressed properly. An organization needs a framework to mitigate risks like cybercrime. This includes having disaster recovery plans, backup systems, biometric security, system monitors and ethical guidelines. Security measures involve encryption, firewalls, virus protection and failure controls. An ICT policy provides rules for hardware, software, passwords and training to ensure responsible technology use.

Technology
1 of 4
KABARAK UNIVERSITY INTE 322 MANAGEMENT INFORMATION SYSTEM ASSIGNMENT SUBMITED BY F .O. GOGO REG. NO: INTE/NE.1592/09/16 Discuss Ethical & Security Issues in Information System Information systems have made many businesses successful today. Some companies such as Google, Facebook, yahoo etc. would not exist without information technology. However, improper use of information technology can create problems for the organization and employees. For instance, criminals gaining access to credit card information can lead to financial loss to the owners of the cards or for the financial institution. Using organization information systems i.e. posting inappropriate content on Facebook or Twitter using a company account can lead to lawsuits and further, loss of business. We shall therefore learn some challenges that are posed by information systems and what can be done to minimize or eliminate the risks. Cyber-crime Cyber-crime refers to the use of information technology to commit crimes. Cyber-crimes can range from simply annoying computer users to huge financial losses and even the loss of human life. The growth of smartphones and other high-end mobile devices that have access to the internet have also contributed to the growth of cyber-crime. Types of cyber-crime Identity theft Identity theft occurs when a cyber-criminal impersonates someone else identity to practice malfunction. This is usually done by accessing personal details of someone else. The details used in such crimes include social security numbers, date of birth, credit and debit card numbers, passport numbers, etc.
Once the information has been acquired by the cyber-criminal, it can be used to make purchases online while impersonating himself to be someone else. One of the ways that cyber-criminals use to obtain such personal details is phishing. Phishing involves creating fake websites that look like legitimate business websites or emails. Other phishing techniques involve the use of fake Wi-Fi hotspots that look like legitimate ones. This is common in public places such as restaurants and airports. If an unsuspecting user logons into the network, then cyber-crimes may try to gain access to sensitive information such as usernames, passwords, credit card numbers, etc. Copyright infringement Piracy is one of the biggest problems with digital products. Websites such as the pirate bay are used to distribute copyrighted materials such as audio, video, software, etc. Copyright infringement refers to the unauthorized use of copyrighted materials. Fast internet access and reducing costs of storage have also contributed to the growth of copyright infringement crimes. Click fraud Advertising companies such as Google AdSense offer pay per click advertising services. Click fraud occurs when a person clicks such a link with no intention of knowing more about the click but to make more money. This can also be accomplished by using automated software that makes the clicks. Advance Fee Fraud An email is sent to the target victim that promises them a lot of money in favor of helping them to claim their inheritance money. In such cases, the criminal usually pretends to be a close relative of a very rich well-known person who died. He/she claims to have inherited the wealth of the late rich person and needs help to claim the inheritance. He/she will ask for financial assistance and promise to reward later. If the victim sends the money to the scammer, the scammer vanishes and the victim loses the money. Hacking Hacking is used to by-pass security controls to gain unauthorized access to a system. Once the attacker has gained access to the system, they can do whatever they want. Some of the common activities done when system is hacked are;  Install programs that allow the attackers to spy on the user or control their system remotely  Deface websites  Steal sensitive information. This can be done using techniques such as SQL Injection, exploiting vulnerabilities in the database software to gain access, social engineering techniques that trick users into submitting ids and passwords, etc.  Computer viruses – these are malicious programs as described in the above section. The threats posed by viruses can be eliminated or the impact minimized by using Anti-Virus software and following laid down security best practices of an organization
Information systemSecurity MIS security refers to measures put in place to protect information system resources from unauthorized access or being compromised. Security vulnerabilities are weaknesses in a computer system, software, or hardware that can be exploited by the attacker to gain unauthorized access or compromise a system. People as part of the information system components can also be exploited using social engineering techniques. The goal of social engineering is to gain the trust of the users of the system. Let's now look at some of the threats that information system face and what can be done to eliminate or minimize the damage if the threat were to materialize. Unauthorized access – the standard convention is to use a combination of a username and a password. Hackers have learnt how to circumvent these controls if the user does not follow security best practices. Most organizations have added the use of mobile devices such as phones to provide an extra layer of security. Data loss – if the data center caught fire or was flooded, the hardware with the data can be damaged, and the data on it will be lost. As a standard security best practice, most organizations keep backups of the data at remote places. The backups are made periodically and are usually put in more than one remote area. Biometric Identification – this is now becoming very common especially with mobile devices such as smartphones. The phone can record the user fingerprint and use it for authentication purposes. This makes it harder for attackers to gain unauthorized access to the mobile device. Such technology can also be used to stop unauthorized people from getting access to your devices. Information systemEthics Ethics refers to rules of right and wrong that people use to make choices to guide their behaviors. Ethics in MIS seek to protect and safeguard individuals and society by using information systems responsibly. Most professions usually have defined a code of ethics or code of conduct guidelines that all professionals affiliated with the profession must adhere to. In a nutshell, a code of ethics makes individuals acting on their free will responsible and accountable for their actions. An example of a Code of Ethics for MIS professionals can be found on the British Computer Society (BCS) website. Information Communication Technology (ICT) policy An ICT policy is a set of guidelines that defines how an organization should use information technology and information systems responsibly. ICT policies usually include guidelines on;  Purchase and usage of hardware equipment and how to safely dispose them  Use of licensed software only and ensuring that all software is up to date with latest patches for security reasons  Rules on how to create passwords (complexity enforcement), changing passwords, etc.  Acceptable use of information technology and information systems  Training of all users involved in using ICT and MIS
Summary: With great power comes great responsibility. Information systems bring new opportunities and advantages to how we do business but they also introduce issues that can negatively affect society like (cybercrime). An organization therefore needs to address these issues and come up with a framework (MIS security, ICT policy, etc.) that addresses them. Some of the actons tht can mitigate the impact of the risks are: DisasterRecovery Hurricanes, earthquakes, fires, floods, criminal and terrorist acts, and human error can all severely damage an organization's computing resources, and thus the health of the organization itself. That is why it is important for organizations to develop disaster recovery procedures and formalize them in a disaster recovery plan. Arrangements with other companies for use of alternative facilities as a disaster recovery site and off site storage of an organization's databases are also part of an effective recovery effort. Computer Failure Controls Arrange for a backup computer system capability with disaster recovery organizations. Scheduling and implementing major hardware or software changes to avoid problems. Training and supervision of computer operators. Using fault tolerant computer systems (fail- safe and fail-soft capabilities) Fault Tolerant Systems Management Information Systems Biometric Security These are security measures provided by computer devices, which measure physical traits that make each Fingerprints Hand geometry Signature dynamics Keystroke analysis Retina scanning Face recognition Genetic pattern analysis Management Information Systems Security Monitors System security monitors are programs that monitor the use of computer systems and networks and protect them from unauthorized use, fraud, and destruction. Security monitor programs provide the security measures needed to allow only authorized users to access the networks. Security monitors also control the use of the hardware, software, and data resources of a computer system . Security monitors can be used to monitor the use of computer networks and collect statistics on any attempts at improper use. Ethical guideline Acting with integrity Increasing your professional competence Setting high standrds of personal performance Accepting responsibility for your work Advancing the health, privacy, and general welfare of the public. Security management of IT Encryption Firewalls, Denial of service, E-mail monitoring, Virus defense, Security codes Computer failure controls, Fault tolerant systems, and System controls and audits. Encryption The concept of private key and public key can be extended to authentication protocols.. Password Authentication protocol Challenge Handshake authentication Protocol Extensible Authentication Protocol Management Information Systems

Recommended

Cyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxCyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxhimanshuratnama
 
Implications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfImplications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfsrtwgwfwwgw
 
Shailendra Pandey.ppt
Shailendra Pandey.pptShailendra Pandey.ppt
Shailendra Pandey.pptShailendraPandey96
 
Module 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxModule 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxSkippedltd
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptxAbhishekDas794104
 
Security & ethical challenges
Security & ethical challengesSecurity & ethical challenges
Security & ethical challengesLouie Medinaceli
 
digital marketing
digital marketingdigital marketing
digital marketingabdullahanwarabdulla
 
Shailendra Pandey.ppt
Shailendra Pandey.pptShailendra Pandey.ppt
Shailendra Pandey.pptShailendraPandey92
 

Recommended

Cyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxCyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxhimanshuratnama
 
Implications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfImplications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfsrtwgwfwwgw
 
Shailendra Pandey.ppt
Shailendra Pandey.pptShailendra Pandey.ppt
Shailendra Pandey.pptShailendraPandey96
 
Module 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxModule 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxSkippedltd
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptxAbhishekDas794104
 
Security & ethical challenges
Security & ethical challengesSecurity & ethical challenges
Security & ethical challengesLouie Medinaceli
 
digital marketing
digital marketingdigital marketing
digital marketingabdullahanwarabdulla
 
Shailendra Pandey.ppt
Shailendra Pandey.pptShailendra Pandey.ppt
Shailendra Pandey.pptShailendraPandey92
 
C018131821
C018131821C018131821
C018131821IOSR Journals
 
Risk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docxRisk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docxmalbert5
 
How to secure information systemsSolutionAnswerInformation.pdf
How to secure information systemsSolutionAnswerInformation.pdfHow to secure information systemsSolutionAnswerInformation.pdf
How to secure information systemsSolutionAnswerInformation.pdfrohit219406
 
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESE-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESIJNSA Journal
 
Cyber Ethics Notes.pdf
Cyber Ethics Notes.pdfCyber Ethics Notes.pdf
Cyber Ethics Notes.pdfAnupmaMunshi
 
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptxChap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptxSharmilaMore5
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
 
security and ethical challenges
security and ethical challengessecurity and ethical challenges
security and ethical challengesVineet Dubey
 
Cyber Security.docx
Cyber Security.docxCyber Security.docx
Cyber Security.docxTanushreeChakraborty27
 
Information security threats
Information security threatsInformation security threats
Information security threatscomplianceonline123
 
Introduction to cyber security i
Introduction to cyber security iIntroduction to cyber security i
Introduction to cyber security iEmmanuel Gbenga Dada (BSc, MSc, PhD)
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityIllumeo
 
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docx
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docxRunning head CYBERSECURITY IN FINANCIAL DOMAIN .docx
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docxhealdkathaleen
 
Task 3
Task 3Task 3
Task 3BIBEKCHAUDHARYBScHon
 
Cybersecurity awareness.pdf
Cybersecurity awareness.pdfCybersecurity awareness.pdf
Cybersecurity awareness.pdfCRO Cyber Rights Organization
 
IRJET- A Review of Information Systems Security: Types, Security Issues, and ...
IRJET- A Review of Information Systems Security: Types, Security Issues, and ...IRJET- A Review of Information Systems Security: Types, Security Issues, and ...
IRJET- A Review of Information Systems Security: Types, Security Issues, and ...IRJET Journal
 
chapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggchapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggadabotor7
 
I0516064
I0516064I0516064
I0516064IOSR Journals
 
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxThe uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxarnoldmeredith47041
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfJazmine Brown
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 

More Related Content

Similar to Ethical and security issues on MIS inte 322 assignment.docx

Risk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docxRisk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docxmalbert5
 
How to secure information systemsSolutionAnswerInformation.pdf
How to secure information systemsSolutionAnswerInformation.pdfHow to secure information systemsSolutionAnswerInformation.pdf
How to secure information systemsSolutionAnswerInformation.pdfrohit219406
 
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESE-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESIJNSA Journal
 
Cyber Ethics Notes.pdf
Cyber Ethics Notes.pdfCyber Ethics Notes.pdf
Cyber Ethics Notes.pdfAnupmaMunshi
 
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptxChap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptxSharmilaMore5
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
 
security and ethical challenges
security and ethical challengessecurity and ethical challenges
security and ethical challengesVineet Dubey
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityIllumeo
 
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docx
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docxRunning head CYBERSECURITY IN FINANCIAL DOMAIN .docx
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docxhealdkathaleen
 
IRJET- A Review of Information Systems Security: Types, Security Issues, and ...
IRJET- A Review of Information Systems Security: Types, Security Issues, and ...IRJET- A Review of Information Systems Security: Types, Security Issues, and ...
IRJET- A Review of Information Systems Security: Types, Security Issues, and ...IRJET Journal
 
chapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggchapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggadabotor7
 
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxThe uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxarnoldmeredith47041
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfJazmine Brown
 

Similar to Ethical and security issues on MIS inte 322 assignment.docx (20)

C018131821
C018131821C018131821
C018131821
 
Risk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docxRisk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docx
 
How to secure information systemsSolutionAnswerInformation.pdf
How to secure information systemsSolutionAnswerInformation.pdfHow to secure information systemsSolutionAnswerInformation.pdf
How to secure information systemsSolutionAnswerInformation.pdf
 
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESE-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
 
Cyber Ethics Notes.pdf
Cyber Ethics Notes.pdfCyber Ethics Notes.pdf
Cyber Ethics Notes.pdf
 
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptxChap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
 
security and ethical challenges
security and ethical challengessecurity and ethical challenges
security and ethical challenges
 
Cyber Security.docx
Cyber Security.docxCyber Security.docx
Cyber Security.docx
 
Information security threats
Information security threatsInformation security threats
Information security threats
 
Introduction to cyber security i
Introduction to cyber security iIntroduction to cyber security i
Introduction to cyber security i
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docx
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docxRunning head CYBERSECURITY IN FINANCIAL DOMAIN .docx
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docx
 
Task 3
Task 3Task 3
Task 3
 
Cybersecurity awareness.pdf
Cybersecurity awareness.pdfCybersecurity awareness.pdf
Cybersecurity awareness.pdf
 
IRJET- A Review of Information Systems Security: Types, Security Issues, and ...
IRJET- A Review of Information Systems Security: Types, Security Issues, and ...IRJET- A Review of Information Systems Security: Types, Security Issues, and ...
IRJET- A Review of Information Systems Security: Types, Security Issues, and ...
 
chapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggchapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxggggggggggggggggggggggggggg
 
I0516064
I0516064I0516064
I0516064
 
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxThe uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdf
 

Recently uploaded

CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfdanishmna97
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data SciencePaolo Missier
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...WSO2
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringWSO2
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityVictorSzoltysek
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaWSO2
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingWSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...caitlingebhard1
 
Decarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceDecarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceIES VE
 

Recently uploaded (20)

CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software Engineering
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
Decarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceDecarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational Performance
 

Ethical and security issues on MIS inte 322 assignment.docx

  • 1. KABARAK UNIVERSITY INTE 322 MANAGEMENT INFORMATION SYSTEM ASSIGNMENT SUBMITED BY F .O. GOGO REG. NO: INTE/NE.1592/09/16 Discuss Ethical & Security Issues in Information System Information systems have made many businesses successful today. Some companies such as Google, Facebook, yahoo etc. would not exist without information technology. However, improper use of information technology can create problems for the organization and employees. For instance, criminals gaining access to credit card information can lead to financial loss to the owners of the cards or for the financial institution. Using organization information systems i.e. posting inappropriate content on Facebook or Twitter using a company account can lead to lawsuits and further, loss of business. We shall therefore learn some challenges that are posed by information systems and what can be done to minimize or eliminate the risks. Cyber-crime Cyber-crime refers to the use of information technology to commit crimes. Cyber-crimes can range from simply annoying computer users to huge financial losses and even the loss of human life. The growth of smartphones and other high-end mobile devices that have access to the internet have also contributed to the growth of cyber-crime. Types of cyber-crime Identity theft Identity theft occurs when a cyber-criminal impersonates someone else identity to practice malfunction. This is usually done by accessing personal details of someone else. The details used in such crimes include social security numbers, date of birth, credit and debit card numbers, passport numbers, etc.
  • 2. Once the information has been acquired by the cyber-criminal, it can be used to make purchases online while impersonating himself to be someone else. One of the ways that cyber-criminals use to obtain such personal details is phishing. Phishing involves creating fake websites that look like legitimate business websites or emails. Other phishing techniques involve the use of fake Wi-Fi hotspots that look like legitimate ones. This is common in public places such as restaurants and airports. If an unsuspecting user logons into the network, then cyber-crimes may try to gain access to sensitive information such as usernames, passwords, credit card numbers, etc. Copyright infringement Piracy is one of the biggest problems with digital products. Websites such as the pirate bay are used to distribute copyrighted materials such as audio, video, software, etc. Copyright infringement refers to the unauthorized use of copyrighted materials. Fast internet access and reducing costs of storage have also contributed to the growth of copyright infringement crimes. Click fraud Advertising companies such as Google AdSense offer pay per click advertising services. Click fraud occurs when a person clicks such a link with no intention of knowing more about the click but to make more money. This can also be accomplished by using automated software that makes the clicks. Advance Fee Fraud An email is sent to the target victim that promises them a lot of money in favor of helping them to claim their inheritance money. In such cases, the criminal usually pretends to be a close relative of a very rich well-known person who died. He/she claims to have inherited the wealth of the late rich person and needs help to claim the inheritance. He/she will ask for financial assistance and promise to reward later. If the victim sends the money to the scammer, the scammer vanishes and the victim loses the money. Hacking Hacking is used to by-pass security controls to gain unauthorized access to a system. Once the attacker has gained access to the system, they can do whatever they want. Some of the common activities done when system is hacked are;  Install programs that allow the attackers to spy on the user or control their system remotely  Deface websites  Steal sensitive information. This can be done using techniques such as SQL Injection, exploiting vulnerabilities in the database software to gain access, social engineering techniques that trick users into submitting ids and passwords, etc.  Computer viruses – these are malicious programs as described in the above section. The threats posed by viruses can be eliminated or the impact minimized by using Anti-Virus software and following laid down security best practices of an organization
  • 3. Information systemSecurity MIS security refers to measures put in place to protect information system resources from unauthorized access or being compromised. Security vulnerabilities are weaknesses in a computer system, software, or hardware that can be exploited by the attacker to gain unauthorized access or compromise a system. People as part of the information system components can also be exploited using social engineering techniques. The goal of social engineering is to gain the trust of the users of the system. Let's now look at some of the threats that information system face and what can be done to eliminate or minimize the damage if the threat were to materialize. Unauthorized access – the standard convention is to use a combination of a username and a password. Hackers have learnt how to circumvent these controls if the user does not follow security best practices. Most organizations have added the use of mobile devices such as phones to provide an extra layer of security. Data loss – if the data center caught fire or was flooded, the hardware with the data can be damaged, and the data on it will be lost. As a standard security best practice, most organizations keep backups of the data at remote places. The backups are made periodically and are usually put in more than one remote area. Biometric Identification – this is now becoming very common especially with mobile devices such as smartphones. The phone can record the user fingerprint and use it for authentication purposes. This makes it harder for attackers to gain unauthorized access to the mobile device. Such technology can also be used to stop unauthorized people from getting access to your devices. Information systemEthics Ethics refers to rules of right and wrong that people use to make choices to guide their behaviors. Ethics in MIS seek to protect and safeguard individuals and society by using information systems responsibly. Most professions usually have defined a code of ethics or code of conduct guidelines that all professionals affiliated with the profession must adhere to. In a nutshell, a code of ethics makes individuals acting on their free will responsible and accountable for their actions. An example of a Code of Ethics for MIS professionals can be found on the British Computer Society (BCS) website. Information Communication Technology (ICT) policy An ICT policy is a set of guidelines that defines how an organization should use information technology and information systems responsibly. ICT policies usually include guidelines on;  Purchase and usage of hardware equipment and how to safely dispose them  Use of licensed software only and ensuring that all software is up to date with latest patches for security reasons  Rules on how to create passwords (complexity enforcement), changing passwords, etc.  Acceptable use of information technology and information systems  Training of all users involved in using ICT and MIS
  • 4. Summary: With great power comes great responsibility. Information systems bring new opportunities and advantages to how we do business but they also introduce issues that can negatively affect society like (cybercrime). An organization therefore needs to address these issues and come up with a framework (MIS security, ICT policy, etc.) that addresses them. Some of the actons tht can mitigate the impact of the risks are: DisasterRecovery Hurricanes, earthquakes, fires, floods, criminal and terrorist acts, and human error can all severely damage an organization's computing resources, and thus the health of the organization itself. That is why it is important for organizations to develop disaster recovery procedures and formalize them in a disaster recovery plan. Arrangements with other companies for use of alternative facilities as a disaster recovery site and off site storage of an organization's databases are also part of an effective recovery effort. Computer Failure Controls Arrange for a backup computer system capability with disaster recovery organizations. Scheduling and implementing major hardware or software changes to avoid problems. Training and supervision of computer operators. Using fault tolerant computer systems (fail- safe and fail-soft capabilities) Fault Tolerant Systems Management Information Systems Biometric Security These are security measures provided by computer devices, which measure physical traits that make each Fingerprints Hand geometry Signature dynamics Keystroke analysis Retina scanning Face recognition Genetic pattern analysis Management Information Systems Security Monitors System security monitors are programs that monitor the use of computer systems and networks and protect them from unauthorized use, fraud, and destruction. Security monitor programs provide the security measures needed to allow only authorized users to access the networks. Security monitors also control the use of the hardware, software, and data resources of a computer system . Security monitors can be used to monitor the use of computer networks and collect statistics on any attempts at improper use. Ethical guideline Acting with integrity Increasing your professional competence Setting high standrds of personal performance Accepting responsibility for your work Advancing the health, privacy, and general welfare of the public. Security management of IT Encryption Firewalls, Denial of service, E-mail monitoring, Virus defense, Security codes Computer failure controls, Fault tolerant systems, and System controls and audits. Encryption The concept of private key and public key can be extended to authentication protocols.. Password Authentication protocol Challenge Handshake authentication Protocol Extensible Authentication Protocol Management Information Systems