Security And EthicalChallenges of IT Oktalia Juwita, S.Kom., M.MT. Dasar-dasar Sistem Informasi – IKU1102

IT Security, Ethics, and Society IT has both beneficial and detrimental effects on society and people  Manage work activities to minimize the detrimental effects of IT  Optimize the beneficial effects

Business Ethics Ethics questions that managers confront as part of their daily business decision making include:  Equity  Rights  Honesty  Exercise of corporate power

Categories of Ethical Business Issues

Corporate Social Responsibility Theories Stockholder Theory o Managers are agents of the stockholders o Their only ethical responsibility is to increase the profits of the business without violating the law or engaging in fraudulent practices Social Contract Theory o Companies have ethical responsibilities to all members of society, who allow corporations to exist Stakeholder Theory o Managers have an ethical responsibility to manage a firm for the benefit of all its stakeholders o Stakeholders are all individuals and groups that have a stake in, or claim on, a company

Principles of Technology Ethics Proportionality Informed Consent Justice Minimized Risk

AITP Standards of Professional Conduct

Responsible Professional Guidelines A responsible professional o Acts with integrity o Increases personal competence o Sets high standards of personal performance o Accepts responsibility for his/her work o Advances the health, privacy, and general welfare of the public

Computer Crime o Unauthorized use, access, modification, or destruction of hardware, software, data, or network resources o The unauthorized release of information o The unauthorized copying of software o Denying an end user access to his/her own hardware, software, data, or network resources o Using or conspiring to use computer or network resources illegally to obtain information or tangible property

Privacy Issues The power of information technology to store and retrieve information can have a negative effect on every individual’s right to privacy o Personal information is collected with every visit to a Web site o Confidential information stored by credit bureaus, credit card companies, and the government has been stolen or misused

Privacy Issues Violation of Privacy o Accessing individuals’ private conversations and computer records o Collecting and sharing information about individuals gained from their visits to Internet websites Computer Monitoring o Always knowing where a person is o Mobile and paging services are becoming more closely associated with people than with places

Privacy Issues (cont’) Computer Matching o Using customer information gained from many sources to market additional business services Unauthorized Access of Personal Files o Collecting telephone numbers, addresses, credit card numbers, and other information to build customer profiles

Other Challenges Employment o IT creates new jobs and increases productivity o It can also cause significant reductions in job opportunities, as well as requiring new job skills Computer Monitoring o Using computers to monitor the productivity and behavior of employees as they work o Criticized as unethical because it monitors individuals, not just work, and is done constantly o Criticized as invasion of privacy because many employees do not know they are being monitored

Other Challenges (cont’) Working Conditions o IT has eliminated monotonous or obnoxious tasks o However, some skilled craftsperson jobs have been replaced by jobs requiring routine, repetitive tasks or standby roles Individuality o Dehumanizes and depersonalizes activities because computers eliminate human relationships o Inflexible systems

Health Issues Cumulative Trauma Disorders (CTDs) o Disorders suffered by people who sit at a PC or terminal and do fast-paced repetitive keystroke jobs Carpal Tunnel Syndrome o Painful, crippling ailment of the hand and wrist o Typically requires surgery to cure

Ergonomics Designing healthy work environments o Safe, comfortable, and pleasant for people to work in o Increases employee morale and productivity o Also called human factors engineering

Ergonomics Factors

Societal Solutions Using information technologies to solve human and social problems o Medical diagnosis o Computer-assisted instruction o Governmental program planning o Environmental quality control o Law enforcement o Job placement The detrimental effects of IT o Often caused by individuals or organizations not accepting ethical responsibility for their actions

Discussion Questions 1.What can be done to improve the security of business uses of the internet? Give several examples of security measures and technologies you would use 2.What potential security problems do you see in the increasing use of intranets and extranets in business? What might be done to solve such problems? Give several examples 3.Is there an ethical crisis in business today? What role dose information technology play in unethical business practise?

Security Management of IT The Internet was developed for inter-operability, not impenetrability o Business managers and professionals alike are responsible for the security, quality, and performance of business information systems o Hardware, software, networks, and data resources must be protected by a variety of security measures

Security Management The goal of security management is the accuracy, integrity, and safety of all information system processes and resources

Internetworked Security Defenses Encryption o Data is transmitted in scrambled form o It is unscrambled by computer systems for authorized users only o The most widely used method uses a pair of public and private keys unique to each individual

Internetworked Security Defenses Firewalls o A gatekeeper system that protects a company’s intranets and other computer networks from intrusion o Provides a filter and safe transfer point for access to/from the Internet and other networks o Important for individuals who connect to the Internet with DSL or cable modems o Can deter hacking, but cannot prevent it

Internetworked Security Defenses Denial of Service Attacks Denial of service attacks depend on three layers of networked computer systems o The victim’s website o The victim’s Internet service provider o Zombie or slave computers that have been commandeered by the cybercriminals

Internetworked Security Defenses Monitoring o Use of content monitoring software that scans for troublesome words that might compromise corporate security Virus Defenses o Centralize the updating and distribution of antivirus software o Use a security suite that integrates virus protection with firewalls, Web security, and content blocking features

Other Security Measures Security Codes o Multilevel password system o Encrypted passwords o Smart cards with microprocessors Backup Files o Duplicate files of data or programs Security Monitors o Monitor the use of computers and networks o Protects them from unauthorized use, fraud, and destruction

Other Security Measures (cont’) Biometrics o Computer devices measure physical traits that make each individual unique Voice recognition, fingerprints, retina scan Computer Failure Controls o Prevents computer failures or minimizes its effects o Preventive maintenance o Arrange backups with a disaster recovery organization

Information System Controls Methods and devices that attempt to ensure the accuracy, validity, and propriety of information system activities

Auditing IT Security IT Security Audits o Performed by internal or external auditors o Review and evaluation of security measures and management policies o Goal is to ensure that that proper and adequate measures and policies are in place

Protecting Yourself from Cybercrime

Continued to next session -Thank you-