Presentation is loading. Please wait.

Presentation is loading. Please wait.

McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved ETHICS SECTION 4.1.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved ETHICS SECTION 4.1."— Presentation transcript:

1 McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved ETHICS SECTION 4.1

2 4-2 ETHICS Ethics – the principles and standards that guide our behavior toward other people Issues affected by technology advances –Intellectual property –Copyright –Fair use doctrine –Pirated software –Counterfeit software

3 4-3 ETHICS Privacy is a major ethical issue –Privacy – the right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent –Confidentiality – the assurance that messages and information are available only to those who are authorized to view them

4 4-4 ETHICS One of the main ingredients in trust is privacy Primary reasons privacy issues lost trust for e- business

5 4-5 INFORMATION ETHICS Individuals form the only ethical component of IT

6 4-6 Information Has No Ethics Acting ethically and legally are not always the same

7 4-7 Information Has No Ethics Information does not care how it is used Information will not stop itself from sending spam, viruses, or highly-sensitive information Information cannot delete or preserve itself

8 4-8 DEVELOPING INFORMATION MANAGEMENT POLICIES Organizations strive to build a corporate culture based on ethical principles that employees can understand and implement ePolicies typically include: –Ethical computer use policy –Information privacy policy –Acceptable use policy –E-mail privacy policy –Internet use policy –Anti-spam policy

9 4-9 Ethical Computer Use Policy Ethical computer use policy – contains general principles to guide computer user behavior The ethical computer user policy ensures all users are informed of the rules and, by agreeing to use the system on that basis, consent to abide by the rules

10 4-10 Ethical Computer Use Policy

11 4-11 Information Privacy Policy The unethical use of information typically occurs “unintentionally” when it is used for new purposes –For example, social security numbers started as a way to identify government retirement benefits and are now used as a sort of universal personal ID Information privacy policy - contains general principles regarding information privacy

12 4-12 Information Privacy Policy Information privacy policy guidelines 1.Adoption and implementation of a privacy policy 2.Notice and disclosure 3.Choice and consent 4.Information security 5.Information quality and access

13 4-13 Acceptable Use Policy Acceptable use policy (AUP) – a policy that a user must agree to follow in order to be provided access to a network or to the Internet An AUP usually contains a nonrepudiation clause –Nonrepudiation – a contractual stipulation to ensure that e-business participants do not deny (repudiate) their online actions

14 4-14 Acceptable Use Policy

15 4-15 E-Mail Privacy Policy Organizations can mitigate the risks of e- mail and instant messaging communication tools by implementing and adhering to an e-mail privacy policy E-mail privacy policy – details the extent to which e-mail messages may be read by others

16 4-16 E-Mail Privacy Policy

17 4-17 E-Mail Privacy Policy

18 4-18 Internet Use Policy Internet use policy – contains general principles to guide the proper use of the Internet

19 4-19 Anti-Spam Policy Spam – unsolicited e-mail Spam accounts for 40% to 60% of most organizations’ e-mail and cost U.S. businesses over $14 billion in 2005 Anti-spam policy – simply states that e- mail users will not send unsolicited e- mails (or spam)

20 4-20 ETHICS IN THE WORKPLACE Workplace monitoring is a concern for many employees Organizations can be held financially responsible for their employees’ actions The dilemma surrounding employee monitoring in the workplace is that an organization is placing itself at risk if it fails to monitor its employees, however, some people feel that monitoring employees is unethical

21 4-21 Monitoring Technologies

22 4-22 Monitoring Technologies Monitoring – tracking people’s activities by such measures as number of keystrokes, error rate, and number of transactions processed Common monitoring technologies include: –Key logger or key trapper software –Hardware key logger –Cookie –Adware –Spyware –Web log –Clickstream

23 4-23 Employee Monitoring Policies Employee monitoring policies – explicitly state how, when, and where the company monitors its employees

24 McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2

25 4-25 PROTECTING INTELLECTUAL ASSETS

26 4-26 PROTECTING INTELLECTUAL ASSETS

27 4-27 THE FIRST LINE OF DEFENSE - PEOPLE Organizations must enable employees, customers, and partners to access information electronically The biggest issue surrounding information security is not a technical issue, but a people issue 33% of security incidents originate within the organization –Insiders – legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident

28 4-28 THE FIRST LINE OF DEFENSE - PEOPLE The first line of defense an organization should follow to help combat insider issues is to develop information security policies and an information security plan –Information security policies – identify the rules required to maintain information security –Information security plan – details how an organization will implement the information security policies

29 4-29 THE FIRST LINE OF DEFENSE - PEOPLE Hackers frequently use “social engineering” to obtain password –Social engineering – using one’s social skills to trick people into revealing access credentials or other information valuable to the attacker

30 4-30 THE FIRST LINE OF DEFENSE - PEOPLE Five steps to creating an information security plan: 1.Develop the information security policies 2.Communicate the information security policies 3.Identify critical information assets and risks 4.Test and reevaluate risks 5.Obtain stakeholder support

31 4-31 THE FIRST LINE OF DEFENSE - PEOPLE

32 4-32 THE SECOND LINE OF DEFENSE - TECHNOLOGY There are three primary information technology security areas 1.Authentication and authorization 2.Prevention and resistance 3.Detection and response

33 4-33 Authentication and Authorization Authentication – a method for confirming users’ identities Authorization – the process of giving someone permission to do or have something The most secure type of authentication involves: 1.Something the user knows such as a user ID and password 2.Something the user has such as a smart card or token 3.Something that is part of the user such as a fingerprint or voice signature

34 4-34 Something the User Knows Such As a User ID and Password This is the most common way to identify individual users and typically contains a user ID and a password This is also the most ineffective form of authentication Over 50 percent of help-desk calls are password related

35 4-35 Something the User Knows Such As a User ID and Password Identity theft – the forging of someone’s identity for the purpose of fraud Phishing – a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent e- mail

36 4-36 Something the User Knows Such As a User ID and Password

37 4-37 Smart cards and tokens are more effective than a user ID and a password –Tokens – small electronic devices that change user passwords automatically –Smart card – a device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing Something the User Knows Such As a User ID and Password

38 4-38 Something That Is Part Of The User Such As a Fingerprint or Voice Signature This is by far the best and most effective way to manage authentication –Biometrics – the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting Unfortunately, this method can be costly and intrusive

39 4-39 Prevention and Resistance Downtime can cost an organization anywhere from $100 to $1 million per hour Technologies available to help prevent and build resistance to attacks include: 1.Content filtering 2.Encryption 3.Firewalls

40 4-40 Content Filtering Organizations can use content filtering technologies to filter e-mail and prevent e- mails containing sensitive information from transmitting and stop spam and viruses from spreading. –Content filtering – occurs when organizations use software that filters content to prevent the transmission of unauthorized information –Spam – a form of unsolicited e-mail –Corporate losses caused by Spam

41 4-41 Encryption If there is an information security breach and the information was encrypted, the person stealing the information would be unable to read it –Encryption – scrambles information into an alternative form that requires a key or password to decrypt the information –Public key encryption (PKE) – an encryption system that uses two keys: a public key for everyone and a private key for the recipient

42 4-42 Encryption

43 4-43 Firewalls One of the most common defenses for preventing a security breach is a firewall –Firewall – hardware and/or software that guards a private network by analyzing the information leaving and entering the network

44 4-44 Firewalls Sample firewall architecture connecting systems located in Chicago, New York, and Boston

45 4-45 Detection and Response If prevention and resistance strategies fail and there is a security breach, an organization can use detection and response technologies to mitigate the damage Antivirus software is the most common type of detection and response technology

46 4-46 Detection and Response Hacker - people very knowledgeable about computers who use their knowledge to invade other people’s computers –White-hat hacker –Black-hat hacker –Hactivist –Script kiddies or script bunnies –Cracker –Cyberterrorist

47 4-47 Detection and Response Virus - software written with malicious intent to cause annoyance or damage –Worm –Denial-of-service attack (DoS) –Distributed denial-of-service attack (DDoS) –Trojan-horse virus –Backdoor program –Polymorphic virus and worm

48 4-48 Detection and Response Security threats to e-business include: –Elevation of privilege –Hoaxes –Malicious code –Spoofing –Spyware –Sniffer –Packet tampering

Download ppt "McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved ETHICS SECTION 4.1."

Similar presentations

BUSINESS B2 Ethics.

BUSINESS B2 Ethics.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Information and Ethics, Information Security and Malicious Programs BSAD 141 Dave Novak.

Information and Ethics, Information Security and Malicious Programs BSAD 141 Dave Novak.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Topic 4: Protecting People & Information Ethics, Privacy & Security MGMD 233-MIS AMN 2012.

Topic 4: Protecting People & Information Ethics, Privacy & Security MGMD 233-MIS AMN 2012.
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.

Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.
CHAPTER OVERVIEW SECTION 4.1 – Ethics

CHAPTER OVERVIEW SECTION 4.1 – Ethics
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
MANAGING IT SYSTEMS Top Things to Keep in Mind to Protect Yourself and Others.

MANAGING IT SYSTEMS Top Things to Keep in Mind to Protect Yourself and Others.
Sarbanes-Oxley: Where Information Technology, Finance, and Ethics Meet

Sarbanes-Oxley: Where Information Technology, Finance, and Ethics Meet
BUSINESS PLUG-IN B6 Information Security.

BUSINESS PLUG-IN B6 Information Security.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Business Plug-In B6 Information Security.

McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Business Plug-In B6 Information Security.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS

ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing Email that bites Paying for Privacy Pirates.

MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing that bites Paying for Privacy Pirates.
McGraw-Hill © 2008 The McGraw-Hill Companies, Inc. All rights reserved. Chapter 8 Threats and Safeguards Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats.

McGraw-Hill © 2008 The McGraw-Hill Companies, Inc. All rights reserved. Chapter 8 Threats and Safeguards Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats.

Similar presentations

Ads by Google