Chapter 8 Protecting People and Information Threats and Safeguards 8-1 Management Information Systems for the Information Age

Presentation Overview Ethics Privacy Information Security 8-2 Management Information Systems for the Information Age

Opening Case Study Digital Destruction Beyond All Imagination One of the lessons learned from 9/11 is that with careful and thorough protection of important information, not even a calamity like the one that occurred in New York can put you out of business. In what ways is information vulnerable and what can you do to protect important information? 8-3 Management Information Systems for the Information Age

Management Information Systems for the Information Age Introduction To handle information in a responsible way you must understand: The importance of ethics in the ownership and use of information. The importance to people of personal privacy and the ways in which it can be compromised. The value of information to an organization. Threats to information and how to protect against them (security). 8-4 Management Information Systems for the Information Age

Management Information Systems for the Information Age Introduction 8-5 Management Information Systems for the Information Age

Management Information Systems for the Information Age Ethics Ethics - the principles and standards that guide our behavior toward other people. 8-6 Management Information Systems for the Information Age

Ethics Two Factors That Determine How You Decide Ethical Issues Your basic ethical structure, which you developed as you grew up. The set of practical circumstances involved in the decision that you’re trying to make — that is, all the shades of gray in what are rarely black or white decisions. 8-7 Management Information Systems for the Information Age

Ethics Two Factors That Determine How You Decide Ethical Issues 8-8 Management Information Systems for the Information Age

Ethics Two Factors That Determine How You Decide Ethical Issues The practical circumstances surrounding decisions include: Consequences - how much or how little benefit or harm will come from a particular decision? Society’s opinion - what is your perception of what society really thinks of your intended action? Likelihood of effect - what is the probability of the harm or benefit that will occur if you take the action? 8-9 Management Information Systems for the Information Age

Ethics Two Factors That Determine How You Decide Ethical Issues Time to consequences - what length of time will it take for the benefit or harm to take effect? Relatedness - how much do you identify with the person or persons who will receive the benefit or suffer the harm? Reach of result - how many people will be affected by your action? 8-10 Management Information Systems for the Information Age

Ethics Guidelines for Ethical Computer System Use In the figure to the right you see the four quadrants of ethical and legal behavior. You’re pretty safe if you can manage to stay in quadrant I. 8-11 Management Information Systems for the Information Age

Ethics Intellectual Property Intellectual property - intangible creative work that is embodied in physical form. Copyright - the legal protection afforded an expression of an idea, such as a song, video game, and some types of proprietary documents. 8-12 Management Information Systems for the Information Age

Ethics Intellectual Property Fair Use Doctrine - says that you may use copyrighted material in certain situations — for example, in the creation of new work or, within certain limits, for teaching purposes. Pirated software - the unauthorized use, duplication, distribution or sale of copyrighted software. 8-13 Management Information Systems for the Information Age

Ethics Intellectual Property Counterfeit software - software that is manufactured to look like the real thing and sold as such. On Your Own Are You Careful About Your Posture? (p. 377) 8-14 Management Information Systems for the Information Age

Management Information Systems for the Information Age Privacy Privacy - the right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent. 8-15 Management Information Systems for the Information Age

Privacy Privacy and Other Individuals Key logger, or key trapper, software, -a program, when installed on a computer, records every keystroke and mouse click. Team Work What Would You Do? (p. 380) 8-16 Management Information Systems for the Information Age

Privacy Privacy and Other Individuals E-mail is completely insecure. Each e-mail you send results in at least 3 or 4 copies being stored on different computers. You can take measures to protect your e-mail. 8-17 Management Information Systems for the Information Age

Privacy Privacy and Other Individuals 8-18 Management Information Systems for the Information Age

Privacy Privacy and Employees Companies need information about their employees and customers to be effective in the marketplace. In 2001, 63% of companies monitored employee Internet connections including about two-thirds of the 60 billion electronic messages sent by 40 million e-mail users. 8-19 Management Information Systems for the Information Age

Privacy Privacy and Employees Good reasons for seeking and storing personal information on employees. Hire the best people possible and avoid being sued for failing to adequately investigate backgrounds. Ensure staff members are conducting themselves appropriately. Held liable for the actions of employees. 8-20 Management Information Systems for the Information Age

Privacy Privacy and Employees Hardware key logger - a hardware device that captures keystrokes on their journey from the keyboard to the motherboard. 8-21 Management Information Systems for the Information Age

Privacy Privacy and Consumers Customers want businesses to: Know who they are, but they want them to leave them alone. Provide what they want, but they don’t want businesses knowing too much about their habits and preferences. Tell them about products and services they might like to have, but don’t want to be inundated with ads. 8-22 Management Information Systems for the Information Age

Privacy Privacy and Consumers Cookie - a small record deposited on your hard disk by a Web site containing information about you and your Web activities. Adware - software to generate ads that installs itself on your computer when you download some other (usually free) program from the Web. Trojan-horse software - software you don’t want hidden inside software you do want. 8-23 Management Information Systems for the Information Age

Privacy Privacy and Consumers Adware 8-24 Management Information Systems for the Information Age

Privacy Privacy and Consumers Spyware (also called sneakware or stealthware) - software that comes hidden in free downloadable software and tracks your online movements, mines the information stored on your computer, or uses your computer’s CPU and storage for some task you know nothing about. 8-25 Management Information Systems for the Information Age

Privacy Privacy and Consumers Web log - consists of one line of information for every visitor to a Web site and is usually stored on a Web server. Clickstream - records information about you during a Web surfing session such as what Web sites you visited, how long you were there, what ads you looked at, and what you bought. Anonymous Web browsing (AWB) services - hides your identity from the Web sites you visit. 8-26 Management Information Systems for the Information Age

Privacy Privacy and Government Agencies Government agencies have about 2,000 databases containing personal information on individuals. The various branches of government need information to administer entitlement programs, such as social security, welfare, student loans, law enforcement, and so on. 8-27 Management Information Systems for the Information Age

Privacy Privacy and Government Agencies Law enforcement NCIC (National Crime Information Center) FBI’s Carnivore or DCS-1000 Magic Lantern (software key logger) NSA (National Security Agency) Echelon 8-28 Management Information Systems for the Information Age

Privacy Privacy and Government Agencies Other Federal agencies IRS Census bureau Student loan services FICA Social security Welfare records 8-29 Management Information Systems for the Information Age

Privacy Privacy and Government Agencies Team Work What Are The Biggest Internet Scams? (p. 387) 8-30 Management Information Systems for the Information Age

Privacy Privacy and International Trade Safe-harbor principles - a set of rules to which U.S. businesses that want to trade with the European Union (EU) must adhere. On Your Own What’s Your Opinion? (p. 388) 8-31 Management Information Systems for the Information Age

Privacy Privacy and International Trade The rights granted to EU citizens include the consumer’s right to: Know the marketer’s source of information. Check personal identifiable information for accuracy. Correct any incorrect information. Specify that information can’t be transferred to a third party without the consumer’s consent. Know the purpose for which the information is being collected. 8-32 Management Information Systems for the Information Age

Privacy Laws on Privacy The Health Insurance Portability and Accountability (HIPAA) act seeks to: Limit release and use of health information. Right to access your medical records. Specify circumstances of access. Disclosure if recipient signs protection agreement. 8-33 Management Information Systems for the Information Age

Privacy Laws on Privacy 8-34 Management Information Systems for the Information Age

Management Information Systems for the Information Age 8-35 Management Information Systems for the Information Age

Information Information as Raw Material Raw materials are the components from which a product is made. Wood, glue, and screws are raw materials for a chair. Almost everything you buy has information as part of the product. The most successful companies place the highest value on information. 8-36 Management Information Systems for the Information Age

Information Information as Capital Capital is the asset you use to produce a product or service. Buildings, trucks, and machinery are assets. Information is capital since it is used by companies to provide products and services. 8-37 Management Information Systems for the Information Age

Security Security and Employees Most of the press reports are about outside attacks on computer systems, but actually, companies are in far more danger of losing money from employee misconduct than they are from outsiders. White-collar crime accounts for about $400 billion in losses every year. 8-38 Management Information Systems for the Information Age

Security Security and Employees 8-39 Management Information Systems for the Information Age

Security Security and Collaboration Partners If you use collaboration systems, representatives of other companies can gain access to your systems. Grid computing - harnesses far-flung computers together by way of the Internet or a virtual private network to share CPU power, databases, and database storage. 8-40 Management Information Systems for the Information Age

Security Security and Outside Threats 85% of large companies and governmental agencies were broken into during 2001. Hackers - very knowledgeable computer users who use their knowledge to invade other people’s computers. 8-41 Management Information Systems for the Information Age

Security Security and Outside Threats 8-42 Management Information Systems for the Information Age

Security Security and Outside Threats Computer virus (or simply a virus) - is software that is written with malicious intent to cause annoyance or damage. Worm - a type of virus that spreads itself, not just from file to file, but from computer to computer via e-mail and other Internet traffic. Denial-of-service attack (DoS) - floods a Web site with so many requests for service that it slows down or crashes. 8-43 Management Information Systems for the Information Age

Security Security and Outside Threats 8-44 Management Information Systems for the Information Age

Security Security and Outside Threats Computer viruses can’t: Hurt your hardware (i.e. monitors, printers, or processor.) Hurt any files they weren’t designed to attack. Infect files on write-protected disks. 8-45 Management Information Systems for the Information Age

Security Security Precautions Risk management - consists of the identification of risks or threats, the implementation of security measures, and the monitoring of those measures for effectiveness. 8-46 Management Information Systems for the Information Age

Security Security Precautions Risk assessment - the process of evaluating IT assets, their importance to the organization, and their susceptibility to threats, to measure the risk exposure of these assets. Risk assessment asks: What can go wrong? How likely is it to go wrong? What are the possible consequences if it does go wrong? 8-47 Management Information Systems for the Information Age

Security Security Precautions Backup - the process of making a copy of the information stored on a computer. Anti-virus software - detects and removes or quarantines computer viruses. Firewall - hardware and/or software that protects computers from intruders. 8-48 Management Information Systems for the Information Age

Security Security Precautions Biometrics - the use of physical characteristics — such as your fingerprint, the blood vessels in the retina of your eye, the sound of your voice, or perhaps even your breath — to provide identification. 8-49 Management Information Systems for the Information Age

Security Security Precautions Encryption – scrambles the contents of a file so that you can’t read it without having the right decryption key. Public key encryption (PKE) - an encryption system that uses two keys: a public key that everyone can have and a private key for only the recipient. 8-50 Management Information Systems for the Information Age

Security Security Precautions Intrusion-detection software - looks for people on the network who shouldn’t be there or who are acting suspiciously. Security auditing software - checks out your computer or network for potential weaknesses. 8-51 Management Information Systems for the Information Age

Closing Case Study One Protecting More than Health In a two-month period in 2001, the Cleveland Clinic detected eight security breaches. Why might people break into a clinic? What steps could the Cleveland Clinic take to prevent these security breaches? 8-52 Management Information Systems for the Information Age

Closing Case Study Two Is the Safe Harbor Safe for U.S. Businesses? European countries and Australia have passed laws protecting the privacy of name-linked information of consumers. Would you like to have stronger privacy laws in this country? 8-53 Management Information Systems for the Information Age

Summary Student Learning Outcomes Define ethics and describe the two factors that affect how you make a decision concerning an ethical issue. Define and describe intellectual property, copyright, Fair Use Doctrine, and pirated and counterfeit software. Define privacy and describe the ways in which it can be threatened. 8-54 Management Information Systems for the Information Age

Summary Student Learning Outcomes Describe the two ways that information is valuable to business. Describe the ways in which information on your computer or network is vulnerable. Define risk management and risk assessment and describe the seven security measures that companies can take to protect their information. 8-55 Management Information Systems for the Information Age

Summary Assignments & Exercises Helping a friend Find Anti-virus software Find out what happened in the U.S. Investigate monitoring systems Check out the Computer Ethics Institute’s advice 8-56 Management Information Systems for the Information Age

Visit the Web to Learn More www.mhhe.com/haag Airlines Trains and busses Rental cars Road conditions and maps Lodging One-stop travel sites Destination information Security and Privacy 8-57 Management Information Systems for the Information Age