Академический Документы
Профессиональный Документы
Культура Документы
13-2
13-3
Chapter
13
Security and Ethical Challenges
13-5
Learning Objectives
Identify several ethical issues in how the use of information technologies in business affects
Employment Individuality Working conditions Privacy Crime Health Solutions to societal problems
13-6
Learning Objectives
Identify several types of security management strategies and defenses, and explain how they can be used to ensure the security of business applications of information technology Propose several ways that business managers and professionals can help to lessen the harmful effects and increase the beneficial effects of the use of information technology
13-7
13-8
13-9
Business Ethics
Ethics questions that managers confront as part of their daily business decision making include
Equity
Rights Honesty Exercise of corporate power
10
13-11
12
13
Informed Consent
Those affected by the technology should understand and accept the risks
14
Minimized Risk
Even if judged acceptable by the other three guidelines, the technology must be implemented so as to avoid all unnecessary risk
15
16
17
Computer Crime
Computer crime includes
Unauthorized use, access, modification, or destruction of hardware, software, data, or network resources The unauthorized release of information The unauthorized copying of software
Denying an end user access to his/her own hardware, software, data, or network resources
Using or conspiring to use computer or network resources illegally to obtain information or tangible property
18
19
Hacking
Hacking is
The obsessive use of computers The unauthorized access and use of networked computer systems
Cracker
A malicious or criminal hacker who maintains knowledge of the vulnerabilities found for private advantage
20
Scans
Widespread probes of the Internet to determine types of computers, services, and connections Looking for weaknesses
21
Spoofing
Faking an e-mail address or Web page to trick users into passing along critical information like passwords or credit card numbers
22
Back Doors
A hidden point of entry to be used in case the original entry point is detected or blocked
Malicious Applets
Tiny Java programs that misuse your computers resources, modify files on the hard disk, send fake email, or steal passwords
23
Logic Bombs
An instruction in a computer program that triggers a malicious act
Buffer Overflow
Crashing or gaining control of a computer by sending too much data to buffer memory
24
Social Engineering
Gaining access to computer systems by talking unsuspecting company employees out of valuable information, such as passwords
Dumpster Diving
Sifting through a companys garbage to find information to help break into their computers
25
Cyber Theft
Many computer crimes involve the theft of money
The majority are inside jobs that involve unauthorized network entry and alternation of computer databases to cover the tracks of the employees involved
Many attacks occur through the Internet Most companies dont reveal that they have been targets or victims of cybercrime
26
Sniffers
Used to monitor network traffic or capacity Find evidence of improper use
27
28
Software Piracy
Software Piracy
Unauthorized copying of computer programs
Licensing
Purchasing software is really a payment for a license for fair use Site license allows a certain number of copies
A third of the software industrys revenues are lost to piracy
29
30
31
32
33
Scans all .WAB, .WBX, .HTML, .EML, and .TXT files looking for email addresses to which it can send itself Also attempts to download updates for itself
34
35
36
In 2004, total economic damage from virus proliferation was $166 to $202 billion
Average damage per computer is between $277 and $366
37
Spyware
Adware that uses an Internet connection in the background, without the users permission or knowledge Captures information about the user and sends it over the Internet
38
Spyware Problems
Spyware can steal private information and also
Add advertising links to Web pages Redirect affiliate payments Change a users home page and search settings Make a modem randomly call premium-rate phone numbers Leave security holes that let Trojans in Degrade system performance
39
Privacy Issues
The power of information technology to store and retrieve information can have a negative effect on every individuals right to privacy
Personal information is collected with every visit to a Web site Confidential information stored by credit bureaus, credit card companies, and the government has been stolen or misused
40
Opt-Out
Data can be compiled about you unless you specifically request it not be
41
Privacy Issues
Violation of Privacy
Accessing individuals private email conversations and computer records
Collecting and sharing information about individuals gained from their visits to Internet websites
Computer Monitoring
Always knowing where a person is
Mobile and paging services are becoming more closely associated with people than with places
42
Privacy Issues
Computer Matching
Using customer information gained from many sources to market additional business services
43
44
Privacy Laws
Electronic Communications Privacy Act and Computer Fraud and Abuse Act
Prohibit intercepting data communications messages, stealing or destroying data, or trespassing in federal-related computer systems
45
Privacy Laws
Other laws impacting privacy and how much a company spends on compliance
Sarbanes-Oxley Health Insurance Portability and Accountability Act (HIPAA) Gramm-Leach-Bliley USA Patriot Act California Security Breach Law Securities and Exchange Commission rule 17a-4
46
Biggest battlegrounds
Bulletin boards Email boxes Online files of Internet and public networks
47
Flaming
Sending extremely critical, derogatory, and often vulgar email messages or newsgroup posting to other users on the Internet or online services Especially prevalent on special-interest newsgroups
48
Cyberlaw
Laws intended to regulate activities over the Internet or via electronic communication devices
Encompasses a wide variety of legal and political issues
49
Cyberlaw
The intersection of technology and the law is controversial
Some feel the Internet should not be regulated Encryption and cryptography make traditional form of regulation difficult The Internet treats censorship as damage and simply routes around it
50
Other Challenges
Employment
IT creates new jobs and increases productivity It can also cause significant reductions in job opportunities, as well as requiring new job skills
Computer Monitoring
Using computers to monitor the productivity and behavior of employees as they work Criticized as unethical because it monitors individuals, not just work, and is done constantly Criticized as invasion of privacy because many employees do not know they are being monitored
51
Other Challenges
Working Conditions
IT has eliminated monotonous or obnoxious tasks However, some skilled craftsperson jobs have been replaced by jobs requiring routine, repetitive tasks or standby roles
Individuality
Dehumanizes and depersonalizes activities because computers eliminate human relationships Inflexible systems
52
Health Issues
Cumulative Trauma Disorders (CTDs)
Disorders suffered by people who sit at a PC or terminal and do fast-paced repetitive keystroke jobs
53
Ergonomics
Designing healthy work environments
Safe, comfortable, and pleasant for people to work in Increases employee morale and productivity Also called human factors engineering
54
Ergonomics Factors
55
Societal Solutions
Using information technologies to solve human and social problems
Medical diagnosis
Computer-assisted instruction Governmental program planning Environmental quality control Law enforcement Job placement
56
Societal Solutions
The detrimental effects of information technology
Often caused by individuals or organizations not accepting ethical responsibility for their actions
57
Security Management of IT
The Internet was developed for inter-operability, not impenetrability
Business managers and professionals alike are responsible for the security, quality, and performance of business information systems Hardware, software, networks, and data resources must be protected by a variety of security measures
58
59
60
61
62
63
At the ISP
Monitor and block traffic spikes
64
Virus Defenses
Centralize the updating and distribution of antivirus software Use a security suite that integrates virus protection with firewalls, Web security, and content blocking features
65
Backup Files
Duplicate files of data or programs
Security Monitors
Monitor the use of computers and networks Protects them from unauthorized use, fraud, and destruction
66
67
68
69
70
Auditing IT Security
IT Security Audits
Performed by internal or external auditors Review and evaluation of security measures and management policies Goal is to ensure that that proper and adequate measures and policies are in place
71