1 Ethical Challenges in Management

2 Ethical Responsibility  The use of IT presents major security challenges, poses serious ethical questions, and affects society in significant ways.  IT raises ethical issues in the areas of..  Crime  Privacy  Individuality  Employment  Health  Working conditions

3 Ethical Responsibility (continued)  But, IT has had beneficial results as well.  So as managers, it is our responsibility to minimize the detrimental effects and optimize the beneficial effects.

4 Ethical Responsibility (continued)  Business Ethics  Basic categories of ethical issues  Employee privacy  Security of company records  Workplace safety

5 Ethical Responsibility (continued)  Theories of corporate social responsibility  Stockholder theory  Managers are agents of the stockholders. Their only ethical responsibility is to increase profit without violating the law or engaging in fraud

6 Ethical Responsibility (continued)  Theories of corporate social responsibility (continued)  Social Contract Theory  Companies have ethical responsibilities to all members of society, which allow corporations to exist based on a social contract

7 Ethical Responsibility (continued)  Theories of corporate social responsibility (continued)  First condition – companies must enhance economic satisfaction of consumers and employees  Second condition – avoid fraudulent practices, show respect for employees as human beings, and avoid practices that systematically worsen the position of any group in society

8 Ethical Responsibility (continued)  Theories of corporate social responsibility (continued)  Stakeholder theory  Managers have an ethical responsibility to manage a firm for the benefit of all its stakeholders.  Stockholders  Employees  Customers  Suppliers  Local community

9 Ethical Responsibility (continued)  Theories of corporate social responsibility (continued)  Sometimes stakeholders are considered to include  Competitors  Government agencies and special interest groups  Future generations

10 Ethical Responsibility (continued)  Technology Ethics  Four Principles  Proportionality  Good must outweigh any harm or risk  Must be no alternative that achieves the same or comparable benefits with less harm or risk

11 Ethical Responsibility (continued)  Technology Ethics (continued)  Informed consent  Those affected should understand and accept the risks  Justice  Benefits and burdens should be distributed fairly

12 Ethical Responsibility (continued)  Technology Ethics (continued)  Minimized Risk  Even if judged acceptable by the other three guidelines, the technology must be implemented so as to avoid all unnecessary risk

13 Ethical Responsibility (continued)  Ethical Guidelines

14 Ethical Responsibility (continued)  Ethical guidelines (continued)  Responsible end users  Act with integrity  Increase their professional competence  Set high standards of personal performance  Accept responsibility for their work  Advance the health, privacy, and general welfare of the public

15 Computer Crime  Association of Information Technology Professionals (AITP) definition includes  The unauthorized use, access, modification, and destruction of hardware, software, data, or network resources  Unauthorized release of information  Unauthorized copying of software

16 Computer Crime (continued) AITP guidelines (continued)  Denying an end user his/her own hardware, software, data, or network resources  Using or conspiring to use computer or network resources to illegally obtain info or tangible property

17 Computer Crime (continued)  Hacking  The obsessive use of computers, or the unauthorized access and use of networked computer systems

18 Computer Crime (continued)  Cyber Theft  Involves unauthorized network entry and the fraudulent alteration of computer databases

19 Computer Crime (continued)  Unauthorized use at work  Also called time and resource theft  May range from doing private consulting or personal finances, to playing video games, to unauthorized use of the Internet on company networks

20 Computer Crime (continued)  Software Piracy  Unauthorized copying of software  Software is intellectual property protected by copyright law and user licensing agreements

21 Computer Crime (continued)  Piracy of intellectual property  Other forms of intellectual property covered by copyright laws  Music  Videos  Images  Articles  Books  Other written works

22 Computer Crime (continued)  Computer viruses and worms  Virus  A program that cannot work without being inserted into another program  Worm  A distinct program that can run unaided

23 Privacy Issues  IT makes it technically and economically feasible to collect, store, integrate, interchange, and retrieve data and information quickly and easily.  Benefit – increases efficiency and effectiveness  But, may also have a negative effect on individual’s right to privacy

24 Privacy Issues (continued)  Examples of important privacy issues  Accessing private and computer records & sharing information about individuals gained from their visits to websites and newsgroups  Always knowing where a person is via mobile and paging services

25 Privacy Issues (continued)  Examples of important privacy issues (continued)  Using customer information obtained from many sources to market additional business services  Collecting personal information to build individual customer profiles

26 Privacy Issues (continued)  Privacy on the Internet  Users of the Internet are highly visible and open to violations of privacy  Unsecured with no real rules  Cookies capture information about you every time you visit a site  That information may be sold to third parties

27 Privacy Issues (continued)  Privacy on the Internet (continued)  Protect your privacy by  Encrypting your messages  Ask your ISP not to sell your information to mailing list providers and other marketers  Decline to reveal personal data and interests online

28 Privacy Issues (continued)  Computer matching  Computer profiling and matching personal data to that profile  Mistakes can be a major problem

29 Privacy Issues (continued)  Privacy laws  Attempt to enforce the privacy of computer- based files and communications  Electronic Communications Privacy Act  Computer Fraud and Abuse Act

30 Privacy Issues (continued)  Computer Libel and Censorship  The opposite side of the privacy debate  Right to know (freedom of information)  Right to express opinions (freedom of speech)  Right to publish those opinions (freedom of the press)  Spamming  Flaming

31 Other Challenges  Employment  New jobs have been created and productivity has increased, yet there has been a significant reduction in some types of jobs as a result of IT.

32 Other Challenges (continued)  Computer Monitoring  Concerns workplace privacy  Monitors individuals, not just work  Is done continually. May be seen as violating workers’ privacy & personal freedom  Workers may not know that they are being monitored or how the information is being used  May increase workers’ stress level  May rob workers of the dignity of their work

33 Other Challenges (continued)  Working Conditions  IT has eliminated many monotonous, obnoxious tasks, but has created others

34 Other Challenges (continued)  Individuality  Computer-based systems criticized as impersonal systems that dehumanize and depersonalize activities

35 Health Issues  Job stress  Muscle damage  Eye strain  Radiation exposure  Accidents  Some solutions  Ergonomics (human factors engineering)  Goal is to design healthy work environments

36 Health Issues (continued)

37 Societal Solutions  Beneficial effects on society  Solve human and social problems  Medical diagnosis  Computer-assisted instruction  Governmental program planning  Environmental quality control  Law enforcement  Crime control  Job placement

38 Section II Security Management

39 Tools of Security Management  Goal  Minimize errors, fraud, and losses in the e- business systems that interconnect businesses with their customers, suppliers, and other stakeholders

40 Tools of Security Management (continued)

41 Internetworked Security Defenses  Encryption  Passwords, messages, files, and other data is transmitted in scrambled form and unscrambled for authorized users  Involves using special mathematical algorithms to transform digital data in scrambled code  Most widely used method uses a pair of public and private keys unique to each individual

42 Internetworked Security Defenses (continued)  Firewalls  Serves as a “gatekeeper” system that protects a company’s intranets and other computer networks from intrusion  Provides a filter and safe transfer point  Screens all network traffic for proper passwords or other security codes

43 Internetworked Security Defenses (continued)  Denial of Service Defenses  These assaults depend on three layers of networked computer systems  Victim’s website  Victim’s ISP  Sites of “zombie” or slave computers  Defensive measures and security precautions must be taken at all three levels

44 Internetworked Security Defenses (continued)  Monitoring  “Spot checks just aren’t good enough anymore. The tide is turning toward systematic monitoring of corporate traffic using content-monitoring software that scans for troublesome words that might compromise corporate security.”

45 Internetworked Security Defenses (continued)  Virus Defenses  Protection may accomplished through  Centralized distribution and updating of antivirus software  Outsourcing the virus protection responsibility to ISPs or to telecommunications or security management companies

46 Other Security Measures  Security codes  Multilevel password system  Log onto the computer system  Gain access into the system  Access individual files

47 Other Security Measures (continued)  Backup Files  Duplicate files of data or programs  File retention measures  Sometimes several generations of files are kept for control purposes

48 Other Security Measures (continued)  Security Monitors  Programs that monitor the use of computer systems and networks and protect them from unauthorized use, fraud, and destruction

49 Other Security Measures (continued)  Biometric Security  Measure physical traits that make each individual unique  Voice  Fingerprints  Hand geometry  Signature dynamics  Keystroke analysis  Retina scanning  Face recognition and Genetic pattern analysis

50 Other Security Measures (continued)  Computer Failure Controls  Preventive maintenance of hardware and management of software updates  Backup computer system  Carefully scheduled hardware or software changes  Highly trained data center personnel

51 Other Security Measures (continued)  Fault Tolerant Systems  Computer systems that have redundant processors, peripherals, and software  Fail-over  Fail-safe  Fail-soft

52 Other Security Measures (continued)  Disaster Recovery  Disaster recovery plan  Which employees will participate and their duties  What hardware, software, and facilities will be used  Priority of applications that will be processed

53 System Controls and Audits  Information System Controls  Methods and devices that attempt to ensure the accuracy, validity, and propriety of information system activities  Designed to monitor and maintain the quality and security of input, processing, and storage activities

54 System Controls and Audits (continued)  Auditing Business Systems  Review and evaluate whether proper and adequate security measures and management policies have been developed and implemented  Testing the integrity of an application’s audit trail