Eleventh Edition 1 Introduction to Information Systems Essentials for the Internetworked E-Business Enterprise Irwin/McGraw-Hill Copyright © 2002, The McGraw-Hill Companies, Inc. All rights reserved. C h a p t e r James A. O’Brien 11 Security and Ethical Challenges

Eleventh Edition James A. O’Brien 2 Introduction to Information Systems Irwin/McGraw-Hill Copyright © 2002, The McGraw-Hill Companies, Inc. All rights reserved. Chapter Objectives Identify several ethical issues Identify several types of security management strategies and defenses.

God is in the Small Stuff and it all matters “Leadership is an Art” Bruce Bickel & Stan Jantz

….In the Small Stuff Empowering is more than delegating Empowering is more than delegating Have the courage to hold people accountable Have the courage to hold people accountable Associate with leaders as often as you can Associate with leaders as often as you can Being a good example is better than giving good advice Being a good example is better than giving good advice There are born leaders and there are leaders who are made. And then there arte those who become leaders out of necessity There are born leaders and there are leaders who are made. And then there arte those who become leaders out of necessity

Small Stuff (cont.) An exceptional leader is one who gets average people to do superior work An exceptional leader is one who gets average people to do superior work If you want to lead, read If you want to lead, read Use your influence sparingly. It will last longer Use your influence sparingly. It will last longer When you find a leader, follow When you find a leader, follow When you identify a follower, lead When you identify a follower, lead Be available to take someone’s place in an emergency Be available to take someone’s place in an emergency Power begins to corrupt the moment you begin to seek it Power begins to corrupt the moment you begin to seek it

Small Stuff (cont.) A signpost like a peer, only warns you about the road ahead. But a map, like a mentor can show you how to get where you want to go A signpost like a peer, only warns you about the road ahead. But a map, like a mentor can show you how to get where you want to go Find a mentor Find a mentor Managing people begins with caring for them Managing people begins with caring for them One of the sobering characteristics of leadership is that leaders are judged to a greater than followers. One of the sobering characteristics of leadership is that leaders are judged to a greater than followers.

Eleventh Edition James A. O’Brien 7 Introduction to Information Systems Irwin/McGraw-Hill Copyright © 2002, The McGraw-Hill Companies, Inc. All rights reserved. Security and Ethical Challenges Security Ethics and Society Employment Privacy Health Individuality Crime Working Conditions

Security

IT Security in the 21 st Century Increasing the Reliability of Systems. Increasing the Reliability of Systems. The objective relating to reliability is to use fault tolerance to keep the information systems working, even if some parts fail. Intelligent Systems for Early Detection. Intelligent Systems for Early Detection. Detecting intrusion in its beginning is extremely important, especially for classified information and financial data. Intelligent Systems in Auditing. Intelligent Systems in Auditing. Intelligent systems are used to enhance the task of IS auditing.

IT Security in the 21 st Century (cont.) Artificial Intelligence in Biometrics. Artificial Intelligence in Biometrics. Expert systems, neural computing, voice recognition, and fuzzy logic can be used to enhance the capabilities of several biometric systems. Expert Systems for Diagnosis, Prognosis, and Disaster Planning. Expert systems can be used to diagnose troubles in computer systems and to suggest solutions. Expert Systems for Diagnosis, Prognosis, and Disaster Planning. Expert systems can be used to diagnose troubles in computer systems and to suggest solutions. Smart Cards. Smart card technology can be used to protect PCs on LANs. -- Example Smart Cards. Smart card technology can be used to protect PCs on LANs. -- Example Smart CardsExample Smart CardsExample Fighting Hackers. Several new products are available for fighting hackers. Fighting Hackers. Several new products are available for fighting hackers.

Eleventh Edition James A. O’Brien 11 Introduction to Information Systems Irwin/McGraw-Hill Copyright © 2002, The McGraw-Hill Companies, Inc. All rights reserved. Computer Crime Hacking Unauthorized Use at work Cyber Theft Piracy Computer Viruses

Eleventh Edition James A. O’Brien 12 Introduction to Information Systems Irwin/McGraw-Hill Copyright © 2002, The McGraw-Hill Companies, Inc. All rights reserved. Common Hacking Tactics Denial of Service Scans Sniffer Programs Spoofing Trojan Horse Back Doors Malicious Applets War Dialing Logic Bombs Buffer Overflow Password Crackers Social Engineering Dumpster Driving

Eleventh Edition James A. O’Brien 13 Introduction to Information Systems Irwin/McGraw-Hill Copyright © 2002, The McGraw-Hill Companies, Inc. All rights reserved. Security Management of e-Business Encryption Denial of Service Defenses Fire Walls Monitor Virus Defenses

Eleventh Edition James A. O’Brien 14 Introduction to Information Systems Irwin/McGraw-Hill Copyright © 2002, The McGraw-Hill Companies, Inc. All rights reserved. Other e-Business Security Measures Security Codes Security Monitors Backup Files Biometric Security Controls

Ethics Where does work end and private life begin?

Change Portfolio Career – Handy Portfolio Career – Handy Telecommuting Telecommuting Smart Work – 80% cerebral/20%manual Smart Work – 80% cerebral/20%manual Virtual Corporations Virtual Corporations Intellectual Capital Intellectual Capital

Eleventh Edition James A. O’Brien 17 Introduction to Information Systems Irwin/McGraw-Hill Copyright © 2002, The McGraw-Hill Companies, Inc. All rights reserved. Ethical Considerations Ethical Principles –Proportionality –Informed Consent –Justice –Minimized Risk Standard of Conduct –Act with integrity –Protect the privacy and confidentiality of information –Do not misrepresent or withhold information –Do not misuse resources –Do not exploit weakness of systems –Set high standards –Advance the health and welfare of general public

National Security Loss of individual privacy Loss of individual privacy Wiretaps Wiretaps Library Example Library Example Right’s at Work Right’s at Work

Case: Cyber Crime On Feb. 6, the biggest EC sites were hit by cyber crime. On Feb. 6, the biggest EC sites were hit by cyber crime. Yahoo!, eBay, Amazon.com, E*TradeYahoo!, eBay, Amazon.com, E*Trade The attacker(s) used a method called denial of service (DOS). The attacker(s) used a method called denial of service (DOS). Clog a system by hammering a Web site ’ s equipment with too many requests for informationClog a system by hammering a Web site ’ s equipment with too many requests for information The total damage worldwide was estimated at $5- 10 billion (U.S.). The total damage worldwide was estimated at $5- 10 billion (U.S.). The alleged attacker, from the Philippines, was not prosecuted because he did not break any law in the Philippines.The alleged attacker, from the Philippines, was not prosecuted because he did not break any law in the Philippines.

Lessons Learned from the Case Information resources that include computers, networks, programs, and data are vulnerable to unforeseen attacks. Information resources that include computers, networks, programs, and data are vulnerable to unforeseen attacks. Many countries do not have sufficient laws to deal with computer criminals. Many countries do not have sufficient laws to deal with computer criminals. Protection of networked systems can be a complex issue. Protection of networked systems can be a complex issue. Attackers can zero on a single company, or can attack many companies, without discrimination. Attackers can zero on a single company, or can attack many companies, without discrimination. Attackers use different attack methods. Attackers use different attack methods. Although variations of the attack methods are known, the defence against them is difficult and/or expensive. Although variations of the attack methods are known, the defence against them is difficult and/or expensive.

U.S. Federal Statutes According to the FBI, an average white-collar crime involves $23,000; but an average computer crime involves about $600,000. According to the FBI, an average white-collar crime involves $23,000; but an average computer crime involves about $600,000. The following U.S. federal statutes deal with computer crime; The following U.S. federal statutes deal with computer crime; Counterfeit Access Device and Computer Fraud Act of 1984Counterfeit Access Device and Computer Fraud Act of 1984 Computer Fraud and Abuse Act of 1986Computer Fraud and Abuse Act of 1986 Computer Abuse Amendment Act of 1994 (prohibits transmission of viruses)Computer Abuse Amendment Act of 1994 (prohibits transmission of viruses) Computer Security Act of 1987Computer Security Act of 1987 Electronic Communications Privacy Act of 1986Electronic Communications Privacy Act of 1986 Electronic Funds Transfer Act of 1980Electronic Funds Transfer Act of 1980 Video privacy protection act of 1988Video privacy protection act of 1988

Video

Ethics Privacy Privacy Intellectual Property Intellectual Property CopyrightCopyright Trade SecretsTrade Secrets PatentPatent Quality of Life Quality of Life Social Responsibility Social Responsibility P2P / File Sharing P2P / File Sharing SPAM / Free speech SPAM / Free speech The privacy of patients’ information The privacy of patients’ information Monitoring employees’ use of the Internet Monitoring employees’ use of the Internet

Eleventh Edition James A. O’Brien 24 Introduction to Information Systems Irwin/McGraw-Hill Copyright © 2002, The McGraw-Hill Companies, Inc. All rights reserved. Employment Challenges Lost Job Opportunities Computer Monitoring Lost Individuality Health Issues Working Conditions

Case: Catching Cases of Plagiarism Problem:  The Internet provides abundant information to students who may be tempted to download material and submit it as their own work. Solution:  Some companies (e.g., Plagiarism.org) are offering Internet-based anti-plagiarism technology to identify such cases of plagiarism.  Manuscript are checked against a database of other manuscripts collected from different universities and from all over the Internet. Results:  Cases of gross plagiarism are more likely to be flagged.

Eleventh Edition James A. O’Brien 26 Introduction to Information Systems Irwin/McGraw-Hill Copyright © 2002, The McGraw-Hill Companies, Inc. All rights reserved. Chapter Summary The vital role of e-bBusiness and e-commerce systems in society raises serious ethical and societal issues in terms of their impact on employment, individuality, working conditions, privacy, health, and computer crime. Managers can help solve the problems of improper use of IT by assuming their ethical responsibilities for ergonomic design, beneficial use, and enlightened management of e-business technologies in our society.

Eleventh Edition James A. O’Brien 27 Introduction to Information Systems Irwin/McGraw-Hill Copyright © 2002, The McGraw-Hill Companies, Inc. All rights reserved. Chapter Summary (cont) Business and IT activities involve many ethical considerations. Ethical principles and standards of conduct can serve as guidelines for dealing with ethical businesses issues. One of the most important responsibilities of the management of a company is to assure the security and quality of its e-business activities. Security management tools and policies can ensure the accuracy, integrity, and safety of e- business systems and resources.