Presentation is loading. Please wait.

Presentation is loading. Please wait.

This presentation was developed by Dr. Steven C

Published byMargaret Waters Modified over 5 years ago

Similar presentations

Presentation on theme: "This presentation was developed by Dr. Steven C"— Presentation transcript:

1 This presentation was developed by Dr. Steven C
This presentation was developed by Dr. Steven C. Ross for use in MIS 320 classes at Western Washington University. Some of the material contained herein is © 2007, John Wiley & Sons, Inc. and other sources, as noted. All rights reserved.

2 Protecting People and Information
MIS 320 Protecting People and Information

3 Protecting People Ethics Intellectual property Privacy
Cultural diversity Ergonomics

4 Ethics “Doing what’s right.” Who decides?
What’s the difference between unethical and illegal? What’s the difference between unethical and immoral?

5 A Framework for Ethical Issues
Privacy Information revealed, surveillance, security of information Accuracy Accuracy of collected and reported information Property Ownership and exchange of information Intellectual property Accessibility Who, how facilitated Consequences – benefit or harm Society’s opinion – your perception of what society really thinks of the intended action Likelihood of effect – probability of harm or benefit Time to consequences – length of time it will take until benefit or harm takes effect Relatedness – how much do you identify with the person or persons who will receive the benefit or suffer the harm? Reach of result – how many people will be affected

6 Privacy Employees Customers [from] Government Agencies
Variations by Country

7 Employee Privacy What right does an organization have to
Collect data on its employees Monitor employee and internet use Who and what limits the organization’s data collection and monitoring? Who and what limits the organization’s data collection and monitoring? Laws Employee associations (including unions)

8 Consumer Privacy What right does an organization have to
Collect data on its consumers Share that data with other organizations Share that data with government Is there a difference between individually-identifiable data and aggregated data?

9 Privacy and Societal Needs
The right to privacy is not absolute … Balanced against needs of society Public’s right to know is superior to individual’s right to privacy

10 Privacy and Government Agencies
Do we want the government to know everything about us? Do we want the government to know anything about us? Should the government know more (or different) data about non-citizens? Types of data Criminal Tax Census

11 Code of Fair Information Practices
There must be no personal record keeping whose very existence is secret. There must be a way for an individual to find out what information about him is on record and how it is being used. There must be a way for an individual to correct or amend a record of identifiable information about him. There must be a way for an individual to prevent information about him that was obtained for one purpose from being used or made available for another purpose without his consent. Any organization creating, maintaining, using or disseminating records of identifiable personal data must guarantee the reliability of the data for their intended use and must take precautions against the misuse of the data. US Department of Health, Education, and Welfare 1973

12 Privacy Law Variations among Countries
Countries, or groups of countries such as the EU, have rules that are different from ours. So what? So what? Restrictions on international movement of data Reciprocal treaties – e.g., US companies will treat European data with the same rules that European countries apply to that data

13 More about Privacy Privacy advocate André Bacard :
Playboy interview at A whole bunch on privacy at including links to other sites.

14 Intellectual Property
What is it? Why do we protect it? What’s fair use? Who decides? Who decides fair use? Copyright owner may state what’s permitted. Person who uses material may have to make a judgment as to what’s fair. Courts will decide if there is a dispute.

15 If something hurts – determine the cause and fix it!!!
Ergonomics What’s RSI? How do you prevent it? What are the characteristics of a good workplace? Eyes – lighting, focal distance Wrists and hands – angles, support Arms, neck, and shoulders – monitor and keyboard height, angles, support Back and legs – angles, support Circulation – support and movement What’s RSI? Repetitive strain injury

16 Protecting Information
The Roles of Information Security Disaster Recovery

17 The Roles of Information
Raw material “component from which a product is made” Trade secrets (“secret herbs and spices”) Algorithms in the product Capital “an asset used to produce a product or service” Information about the market and customers Information that helps manufacture the product Information that helps manage the enterprise

18 Information Security What are the bad things that can happen?
Loss of data Data integrity Disclosure of data Embarrassment Trade secrets Marketing data Financial data and strategic plans Loss of physical assets Human casualties Loss of use

19 Security Threats * Figure 3.1 from Rainer, et al.

20 Unintentional Threats to Information Systems
Human errors Environmental hazards Computer system failures

21 Intentional Threats to Information Systems
Espionage or trespass Information extortion Sabotage or vandalism Theft Identity theft Software attacks Compromises to intellectual property

22 Software Attacks on Information Systems
Virus Segment of code in existing (desired) program Worm Stand-alone destructive program Trojan horse Program that hides in another program Logic bomb Segment of code that executes under certain circumstances

23 Software Attacks on Information Systems
Back door or trap door Logon method that bypasses normal security Denial of service Flooding a web site with a multitude of requests for information Alien software Pestware, adware, spyware, cookies, web bugs Phishing and Pharming Masquerading as a legitimate or web site

24 Risk Management “Perfect security is unobtainable at any price.”
Risk assessment What can go wrong? How likely is it? What are the consequences? Security measures Backup Firewall Encryption Security software Auditing Recovery plan

25 Access Controls Authentication Authorization
Are you who you say you are? UserID (often fairly public) Verification: Something you are: Biometric Something you have: smartcard or token Something you do: voice or signature Something you know: password or phrase Authorization What you are allowed to do

26 Location of Defense Mechanisms
* Figure 3.2 from Rainer, et al.

27 Public Key Encryption * Figure 3.4 from Rainer, et al.

28 Digital Certificates * Figure 3.5 from Rainer, et al.

29 Backup Perhaps the single most important thing you can do to protect your data. Issues What (data, programs, settings) How (full or incremental) Timing (how often and when) Where to store the backup copies (safe, off-site, televault)

30 Active Security Measures
Firewall Encryption Anti-virus software Intrusion-detection software Authentication software Security auditing Firewall to isolate your system Encryption to disguise the data that can’t be isolated Anti-virus software to detect and eliminate viruses Intrusion-detection software to warn you that an attempt has been made Authentication software to control access Security auditing looks for weaknesses

31 Disaster Recovery What can go wrong? Data integrity can be compromised
Human error Human maliciousness System error Data can be lost System destruction Hardware can be lost from human or natural causes

32 Disaster Recovery Plan
Customers Facilities Hot or cold site Knowledge workers Business information Computer equipment Communications infrastructure Customers – keep them informed Facilities – hot or cold site Knowledge workers – consider family needs, impacts of long, hard hours Business information – backup Computer equipment – understand the special quirks of your setup Communications infrastructure – who provides, what contract

33 Questions to ask Before Your Data Center Burns
Backup Where are original copies stored? What is being backed up? What is not being backed up? Where are the backups stored? How often is backed-up data moved to a different place? Restoration and recovery Are the backup media readable? What devices are required to read the backup media? What software is needed to read the backup media? Who knows how to restore the backed-up data? What hardware would be available to resume operations?

34 References Haag, Cummings, and McCubbrey, Management Information Systems for the Information Age (5th Edition), McGraw-Hill Irwin, 2005. Rainer, Turban, and Potter, Introduction to Information Systems: Supporting and Transforming Business, Wiley, 2007.

Download ppt "This presentation was developed by Dr. Steven C"

Similar presentations

POSSIBLE THREATS TO DATA

POSSIBLE THREATS TO DATA
4 Information Security.

4 Information Security.
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
Objectives Overview Describe various types of network attacks, and identify ways to safeguard against these attacks, including firewalls and intrusion.

Objectives Overview Describe various types of network attacks, and identify ways to safeguard against these attacks, including firewalls and intrusion.
1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.

1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
CHAPTER 3 Ethics, Privacy and Information Security.

CHAPTER 3 Ethics, Privacy and Information Security.
Chapter 10 Privacy and Security McGraw-Hill

Chapter 10 Privacy and Security McGraw-Hill
Chapter 10 Privacy and Security.

Chapter 10 Privacy and Security.
Discovering Computers Fundamentals, 2012 Edition Living in a Digital World.

Discovering Computers Fundamentals, 2012 Edition Living in a Digital World.
Introduction to Information Technology, 2nd Edition Turban, Rainer & Potter © 2003 John Wiley & Sons, Inc. 15-1 Introduction to Information Technology.

Introduction to Information Technology, 2nd Edition Turban, Rainer & Potter © 2003 John Wiley & Sons, Inc Introduction to Information Technology.
McGraw-Hill © 2008 The McGraw-Hill Companies, Inc. All rights reserved. Chapter 8 Threats and Safeguards Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats.

McGraw-Hill © 2008 The McGraw-Hill Companies, Inc. All rights reserved. Chapter 8 Threats and Safeguards Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats.
Protecting People and Information Threats and Safeguards

Protecting People and Information Threats and Safeguards
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
8-1 Management Information Systems for the Information Age Copyright 2004 The McGraw-Hill Companies, Inc. All rights reserved Chapter 8 Protecting People.

8-1 Management Information Systems for the Information Age Copyright 2004 The McGraw-Hill Companies, Inc. All rights reserved Chapter 8 Protecting People.
1 McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved. Ethical Challenges Ethics Principles of right and wrong that.

1 McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved. Ethical Challenges Ethics Principles of right and wrong that.
McGraw-Hill/Irwin Copyright © 2008 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 10 Privacy and Security.

McGraw-Hill/Irwin Copyright © 2008 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 10 Privacy and Security.
1010 CHAPTER PRIVACY AND SECURITY. © 2005 The McGraw-Hill Companies, Inc. All Rights Reserved. 10-2 Competencies Describe concerns associated with computer.

1010 CHAPTER PRIVACY AND SECURITY. © 2005 The McGraw-Hill Companies, Inc. All Rights Reserved Competencies Describe concerns associated with computer.

Similar presentations

Ads by Google