Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security and Ethical Challenges

Published byJonathan Cain Modified over 5 years ago

Similar presentations

Presentation on theme: "Security and Ethical Challenges"— Presentation transcript:

1 Security and Ethical Challenges
11 Security and Ethical Challenges © 2002 McGraw-Hill Companies

2 Identify several ethical issues
Chapter Objectives Identify several ethical issues Identify several types of security management strategies and defenses. © 2002 McGraw-Hill Companies

3 Security and Ethical Challenges
Ethics and Society Employment Privacy Health Individuality Crime Working Conditions Information technology can support both beneficial and detrimental effects to a business and society on a whole. The use of information technology in e-business operations presents major security challenges, poses serious ethical questions, and affects society in significant ways. Some of the important aspects are shown on this slide. In this lecture we will discuss these issues and describe how business professionals should act to minimize the detrimental effects of e-business systems. Privacy Issues. The power of information technology to store and retrieve information can have a negative effect on the individuals’ right to privacy. The Internet itself gives users a feeling of anonymity while actually being quite the opposite. Important privacy issues being debated in business and government include: Violation of Privacy. Accessing individuals’ private conversations, and/or collecting and sharing information about individuals without their knowledge or consent. Unauthorized Personal Files. Collecting telephone numbers, credit card numbers, addresses, and other personal information to build individual customer profiles. Computer Monitoring. Using technology to monitor conversations, employee productivity or an individual’s movement. Computer Matching. Using customer information gained from multiple sources to create customer profiles that can be sold to information brokers or other companies and used to market business services. User Privacy Protection. Privacy Laws attempt to address some of these issues. The Electronic Communications Privacy Act and the Computer Fraud and Abuse Act prohibit intercepting data communication messages, stealing or destroying data. The Computer Matching and Privacy Act regulates the matching of data held in federal agency files. Individuals can also protect their privacy by using such software and services like encryption and anonymous r ers. Censorship. The right of people to know about matters others may want to keep quiet, the rights of people to express their opinion, and to publish those opinions, is the center of a major debate between the rights of the individual and the rights of society. Issues regarding spamming, flaming, pornography, and copyright protection are just some of the issues being debated by various groups and government. Teaching Tips This slide corresponds to Figure 11.2 on pp. 382 and relates to the material on pp © 2002 McGraw-Hill Companies

4 Security

5 IT Security in the 21st Century
Increasing the Reliability of Systems.  The objective relating to reliability is to use fault tolerance to keep the information systems working, even if some parts fail. Intelligent Systems for Early Detection.  Detecting intrusion in its beginning is extremely important, especially for classified information and financial data. Intelligent Systems in Auditing.  Intelligent systems are used to enhance the task of IS auditing.

6 IT Security in the 21st Century (cont.)
Artificial Intelligence in Biometrics.  Expert systems, neural computing, voice recognition, and fuzzy logic can be used to enhance the capabilities of several biometric systems. Expert Systems for Diagnosis, Prognosis, and Disaster Planning. Expert systems can be used to diagnose troubles in computer systems and to suggest solutions. Smart Cards. Smart card technology can be used to protect PCs on LANs Example Fighting Hackers. Several new products are available for fighting hackers.

7 Computer Crime Cyber Hacking Theft Computer Viruses Unauthorized
Use at work Cyber Theft Piracy Computer Viruses Computer crime is a growing threat to today’s e-business. It is defined as the unauthorized use, access, modification, and destruction of information, hardware, software or network resources, and the unauthorized release of information. There are several major categories of computer crime that include: Hacking. The unauthorized access and use of networked computers. Examples of common hacking tactics include Spoofing, Trojan Horses, Logic Bombs, Denial of Service, War Dialing, and Scans. These tactics can be used to retrieve passwords, access or steal network files, overload computer systems, or damage data and programs. Cyber Theft. Electronic breaking and entering involving the theft of money. More recent examples involve using the Internet to access major banks’ computer systems. Unauthorized Use at Work. Unauthorized use of computer systems and networks by employees. Recent surveys suggest 90% of U.S workers admit to using work resources for personal use. Piracy. Software piracy is the unauthorized copying of software and is a violation of federal copyright laws. Such piracy results in millions of dollars of lost profits by software publishers. Computer Viruses. A virus is a program that once inserted into another program can spread destructive program routines that can result in destroying the contents of memory, hard disks, and other storage devices. The use of antivirus programs can reduce the risk of receiving a virus. Teaching Tips This slide corresponds to Figure 11.4 on pp. 384 and relates to the material on pp © 2002 McGraw-Hill Companies

8 Common Hacking Tactics
Denial of Service Scans Sniffer Programs Spoofing Trojan Horse Back Doors Malicious Applets War Dialing Logic Bombs Buffer Overflow Password Crackers Social Engineering Dumpster Driving Denial of Service (DOS): Hammering a website’s equipment with too many requests for information, an attacker can effectively clog the system, slowing performance or even crashing the site. Scans: Widespread probes of the Internet to determine types of computers, services, and connections. That way the bad guys can take advantage of weaknesses in a particular make of computer or software program. Sniffer Programs: Programs that covertly search individual packets of data as they pass through the Internet, capturing passwords or the entire contents. Spoofing: Faking an address or Web page to trick users into passing along critical information like passwords or credit card numbers. Trojan Horse: A program that, unknown to the user, contains instructions that exploit a known vulnerability in some software. Back Doors: In case the original entry point has been detected, having a few hidden ways back makes reentry easy - and difficult to detect. Malicious Applets: Tiny programs, sometimes written in the popular Java computer language, that misuse your computer’s resources, modify files on the hard disk, send fake , or steal passwords. War Dialing: Programs that automatically dial thousands of telephone numbers in search of a way in through a modem connection. Logic Bombs: An instruction in a computer program that triggers a malicious act. Buffer Overflow: A technique for crashing or gaining control of a computer by sending too much data to the buffer in a computer’s memory. Password Crackers: Software that can guess passwords. Social Engineering: A tactic used to gain access to computer systems by talking unsuspecting company employees out of valuable information such as passwords. Dumpster Diving: Sifting through a company’s garbage to find information to help break into their computers. Sometimes the information is used to make a stab at social engineering more credible. Teaching Tips This slide corresponds to Figure 11.4 on pp. 384 and relates to the material on pp © 2002 McGraw-Hill Companies

9 Security Management of e-Business
Encryption Denial of Service Defenses Fire Walls Monitor Virus As discussed earlier, there are many significant threats to the security of e-business and e-commerce. Business managers are responsible for the security, quality, and performance of their e-business systems. Hence, these corporate resources must be protected. The goal of security management is to ensure the accuracy, integrity, and safety of all e-business processes and resources. The slide illustrates many of the types of security measures needed by the e-business today. These include: Encryption. Is an important way to protect data that is transmitted via the Internet, intranets, or extranets. The contents of files can be scrambled using special mathematical algorithms. Users must have access to passwords that engage the scrambling and descrambling processing. Fire Walls. A network fire wall is a computer that protects computer networks from intrusion by serving as a safe transfer point for access to and from other networks. The fire wall computer screens external connections and requests to make sure that they are valid and compatible with the network. Irregular or unauthorized access requests are denied. Hence, fire walls serve as ‘gatekeepers’; keeping the system safe from intrusion. Denial of Service Defenses. Denial of Service is a hacking tactic that can be used to crash a site by clogging the system with too many requests for information. To defend against such attacks an e-business must set and enforce security policies to prevent the infiltration of destructive programs like Trojan Horses. They should monitor and block traffic spikes, and should install multiple intrusion-detection systems and multiple routers for incoming traffic in order to reduce choke points. Monitor . While there is considerable debate about the violation of employee privacy, it is also true that is one of the favorite avenues of attack by hackers for spreading viruses or breaking into networked computers. Moreover, companies often have an interest in preventing illegal, personal, or damaging messages by employees. Companies should establish a clear monitoring policy that communicates to employees the reasons for monitoring, the appropriate use of , and disciplinary actions that can be taken in the case of violations. Virus Defenses. Many companies are building defenses against the spread of viruses by centralizing the distribution and updating of antivirus software. Teaching Tips This slide relates to the material on pp © 2002 McGraw-Hill Companies

10 Other e-Business Security Measures
Codes Monitors Backup Files Biometric Security Controls There are hosts of other security measures that can be used to protect network resources. Security Codes. Multilevel passwords can be used to control access to information assets. For example, a user might be required to have one password for logging on to the system, another password to gain access to a particular application and still another password to access a particular file. Passwords can also be encrypted to avoid theft or improper use. In some companies smart cards are used to generate random numbers to add to the end of a user’s password, providing an additional level of security. Backup Files. Duplicate or back up files are an important security measure. Files can also be protected by file retention measures that involve storing copies from previous periods. These can be used to reconstruct current files. Such files may be stored off-premises and can be a key component in disaster recovery. Security Monitors. These are programs that monitor the use of computer systems and networks and protect them from unauthorized use, fraud, and destruction. Security monitors can control the use of hardware, software, and data resources of a computer. They can also be used to collect statistics on any attempt of misuse. Biometric Security Controls. Biometric controls include such detection devices as voice recognition and fingerprinting, which must correspond to the authorized person before admitting personnel to the system. Teaching Tips This slide relates to the material on pp © 2002 McGraw-Hill Companies

11 Where does work end and private life begin?
Ethics Where does work end and private life begin?

12 Ethical Considerations
Ethical Principles Proportionality Informed Consent Justice Minimized Risk Standard of Conduct Act with integrity Protect the privacy and confidentiality of information Do not misrepresent or withhold information Do not misuse resources Do not exploit weakness of systems Set high standards Advance the health and welfare of general public As a business end user, you have a responsibility to promote ethical uses of information technology in the workplace. As a manager or business professional, it will be your responsibility to make decisions about business activities and use of information technologies which may have an ethical dimension that must be considered. Business ethics is concerned with the numerous ethical questions that managers must confront as part of their daily business decision making. Such issues include employee and customer privacy, protection of corporate information, workplace safety, honesty in business practices, and equity in corporate policies. How can managers make ethical decisions when confronted with many of these controversial issues? Managers and business professionals alike should use ethical principles to evaluate potential harm or risks of the use of e-business technologies. Ethical principles for responsible use of IT include: Proportionality. The good achieved by technology must outweigh any harm or risk in its use. Informed Consent. Those affected by the technology should understand and accept the risks associated with that use. Justice. The benefits and burdens of the technology should be distributed fairly. Minimized Risk. To the extent that any risk is judged acceptable by the preceding three guidelines, technology should be implemented so as to eliminate all unnecessary risk. These are guiding principles that can be used to govern ethical conduct by managers and users. However, more specific standards of conduct are needed to govern ethical use of information technology. The Association of Information Technology Professionals (AITP) provides the following guidelines for becoming a responsible end user: Act with integrity, avoid conflicts of interest and ensure your employer is aware of any potential conflicts. Protect the privacy and confidentiality of any information you are entrusted with. Do not misrepresent or withhold information that is germane to a situation. Do not attempt to use the resources of an employer for personal gain or for any purpose without proper approval. Do not exploit the weakness of a computer system for personal gain or personal satisfaction. Set high standards for your work. Accept responsibility for your work. Advance the health, privacy, and general welfare of the public. Teaching Tips This slide corresponds to Figure on pp. 396 and relates to the material on pp © 2002 McGraw-Hill Companies

13 Case: Cyber Crime On Feb. 6, the biggest EC sites were hit by cyber crime. Yahoo!, eBay, Amazon.com, E*Trade The attacker(s) used a method called denial of service (DOS). Clog a system by hammering a Web site’s equipment with too many requests for information The total damage worldwide was estimated at $5-10 billion (U.S.). The alleged attacker, from the Philippines, was not prosecuted because he did not break any law in the Philippines.

14 Lessons Learned from the Case
Information resources that include computers, networks, programs, and data are vulnerable to unforeseen attacks. Many countries do not have sufficient laws to deal with computer criminals. Protection of networked systems can be a complex issue. Attackers can zero on a single company, or can attack many companies, without discrimination. Attackers use different attack methods. Although variations of the attack methods are known, the defence against them is difficult and/or expensive.

15 Video

16 Ethics Privacy Intellectual Property Copyright Trade Secrets Patent
Quality of Life Social Responsibility P2P / File Sharing SPAM / Free speech The privacy of patients’ information Monitoring employees’ use of the Internet

17 Case: Catching Cases of Plagiarism
Problem: The Internet provides abundant information to students who may be tempted to download material and submit it as their own work. Solution: Some companies (e.g., Plagiarism.org) are offering Internet-based anti-plagiarism technology to identify such cases of plagiarism. Manuscript are checked against a database of other manuscripts collected from different universities and from all over the Internet. Results: Cases of gross plagiarism are more likely to be flagged.

18 Chapter Summary The vital role of e-bBusiness and e-commerce systems in society raises serious ethical and societal issues in terms of their impact on employment, individuality, working conditions, privacy, health, and computer crime. Managers can help solve the problems of improper use of IT by assuming their ethical responsibilities for ergonomic design, beneficial use, and enlightened management of e-business technologies in our society. © 2002 McGraw-Hill Companies

19 Chapter Summary (cont)
Business and IT activities involve many ethical considerations. Ethical principles and standards of conduct can serve as guidelines for dealing with ethical businesses issues. One of the most important responsibilities of the management of a company is to assure the security and quality of its e-business activities. Security management tools and policies can ensure the accuracy, integrity, and safety of e-business systems and resources. © 2002 McGraw-Hill Companies

Download ppt "Security and Ethical Challenges"

Similar presentations

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Www.sims.monash.edu.au 1 IMS9043 - INFORMATION TECHNOLOGY IN ORGANISATIONS Week 9 Control, audit and security.

1 IMS INFORMATION TECHNOLOGY IN ORGANISATIONS Week 9 Control, audit and security.
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing Email that bites Paying for Privacy Pirates.

MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing that bites Paying for Privacy Pirates.
Chapter 10 Privacy and Security McGraw-Hill

Chapter 10 Privacy and Security McGraw-Hill
1 Average: 85%, Median: 90%…Good Work!. 2 Chapter 15 Managing Information Resources & Security.

1 Average: 85%, Median: 90%…Good Work!. 2 Chapter 15 Managing Information Resources & Security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Sixth Edition 1 M a n a g e m e n t I n f o r m a t i o n S y s t e m s M a n a g I n g I n f o r m a t i o n T e c h n o l o g y i n t h e E – B u s i.

Sixth Edition 1 M a n a g e m e n t I n f o r m a t i o n S y s t e m s M a n a g I n g I n f o r m a t i o n T e c h n o l o g y i n t h e E – B u s i.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
1 McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved. Ethical Challenges Ethics Principles of right and wrong that.

1 McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved. Ethical Challenges Ethics Principles of right and wrong that.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
1 Lesson 17 Technology, the Workplace, and Society Computer Concepts BASICS 4 th Edition Wells.

1 Lesson 17 Technology, the Workplace, and Society Computer Concepts BASICS 4 th Edition Wells.
Fifth Edition 1 M a n a g e m e n t I n f o r m a t i o n S y s t e m s M a n a g I n g I n f o r m a t i o n T e c h n o l o g y i n t h e E – B u s i.

Fifth Edition 1 M a n a g e m e n t I n f o r m a t i o n S y s t e m s M a n a g I n g I n f o r m a t i o n T e c h n o l o g y i n t h e E – B u s i.
Security and Ethical Challenges

Security and Ethical Challenges
Eleventh Edition 1 Introduction to Information Systems Essentials for the Internetworked E-Business Enterprise Irwin/McGraw-Hill Copyright © 2002, The.

Eleventh Edition 1 Introduction to Information Systems Essentials for the Internetworked E-Business Enterprise Irwin/McGraw-Hill Copyright © 2002, The.
Eleventh Edition 1 Introduction to Information Systems Essentials for the Internetworked E-Business Enterprise Irwin/McGraw-Hill Copyright © 2002, The.

Eleventh Edition 1 Introduction to Information Systems Essentials for the Internetworked E-Business Enterprise Irwin/McGraw-Hill Copyright © 2002, The.
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 LO1 Describe information technologies that could be used in computer.

MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 LO1 Describe information technologies that could be used in computer.
1 Tonga Institute of Higher Education IT 245 Management Information Systems Lecture 11 Security, and Ethical Challenges of E- Business.

1 Tonga Institute of Higher Education IT 245 Management Information Systems Lecture 11 Security, and Ethical Challenges of E- Business.

Similar presentations

Ads by Google