Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSUN Information Systems IS312 Information Systems for Business Lecture 9 Ethic & Information Security.

Published byBlake Malone Modified over 8 years ago

Similar presentations

Presentation on theme: "CSUN Information Systems IS312 Information Systems for Business Lecture 9 Ethic & Information Security."— Presentation transcript:

1 CSUN Information Systems http://www.csun.edu/~dn58412/IS312/IS312_SP15.htm IS312 Information Systems for Business Lecture 9 Ethic & Information Security Issues (Ch. 4)

2 IS 312 : Lecture 9 2 LEARNING OBJECTIVES  Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace  Information Security Protecting Intellectual Assets The First Line of Defense - People The Second Line of Defense - Technology

3 IS 312 : Lecture 9 3 INFORMATION ETHICS  Ethics – The principles and standards that guide our behavior toward other people  Information ethics – Govern the ethical and moral issues arising from the development and use of information technologies, as well as the creation, collection, duplication, distribution, and processing of information itself

4 IS 312 : Lecture 9 4 INFORMATION ETHICS...  Business issues related to information ethics Intellectual property Copyright Pirated software Counterfeit software

5 IS 312 : Lecture 9 5 INFORMATION ETHICS...  Privacy is a major ethical issue Privacy – The right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent Confidentiality – the assurance that messages and information are available only to those who are authorized to view them

6 IS 312 : Lecture 9 6 INFORMATION ETHICS...  Individuals form the only ethical component of MIS Individuals copy, use, and distribute software Search organizational databases for sensitive and personal information Individuals create and spread viruses Individuals hack into computer systems to steal information Employees destroy and steal information

7 IS 312 : Lecture 9 7 INFORMATION ETHICS...  Acting ethically and legally are not always the same

8 IS 312 : Lecture 9 8 Information Does Not Have Ethics, People Do  Information does not care how it is used, it will not stop itself from sending spam, viruses, or highly-sensitive information  Tools to prevent information misuse Information management Information governance Information compliance Ediscovery

9 IS 312 : Lecture 9 9 DEVELOPING INFORMATION MANAGEMENT POLICIES  Organizations strive to build a corporate culture based on ethical principles that employees can understand and implement  Epolicies typically include: Ethical computer use policy Information privacy policy Acceptable use policy Email privacy policy Social media policy Workplace monitoring policy

10 IS 312 : Lecture 9 10 Ethical Computer Use Policy  Ethical computer use policy – Contains general principles to guide computer user behavior  The ethical computer user policy ensures all users are informed of the rules and, by agreeing to use the system on that basis, consent to abide by the rules

11 IS 312 : Lecture 9 11 Information Privacy Policy  The unethical use of information typically occurs “unintentionally” when it is used for new purposes  Information privacy policy - Contains general principles regarding information privacy

12 IS 312 : Lecture 9 12 Acceptable Use Policy  Acceptable use policy (AUP) – Requires a user to agree to follow it to be provided access to corporate email, information systems, and the Internet  Nonrepudiation – A contractual stipulation to ensure that ebusiness participants do not deny their online actions  Internet use policy – Contains general principles to guide the proper use of the Internet

13 IS 312 : Lecture 9 13 Email Privacy Policy  Organizations can mitigate the risks of email and instant messaging communication tools by implementing and adhering to an email privacy policy  Email privacy policy – Details the extent to which email messages may be read by others  Spam – Unsolicited email  Anti-spam policy – Simply states that email users will not send unsolicited emails (or spam)

14 IS 312 : Lecture 9 14 Email Privacy Policy...

15 IS 312 : Lecture 9 15 Social Media Policy  Social media policy – Outlines the corporate guidelines or principles governing employee online communications

16 IS 312 : Lecture 9 16 Workplace Monitoring Policy  Workplace monitoring is a concern for many employees  Organizations can be held financially responsible for their employees’ actions  The dilemma surrounding employee monitoring in the workplace is that an organization is placing itself at risk if it fails to monitor its employees, however, some people feel that monitoring employees is unethical

17 IS 312 : Lecture 9 17 Workplace Monitoring Policy...  Information technology monitoring – Tracks people’s activities by such measures as number of keystrokes, error rate, and number of transactions processed  Employee monitoring policy – Explicitly state how, when, and where the company monitors its employees

18 IS 312 : Lecture 9 18 Workplace Monitoring Policy...  Common monitoring technologies include: Key logger or key trapper software Hardware key logger Cookie Adware Spyware Web log Clickstream

19 IS 312 : Lecture 9 19 INFORMATION SECURITY PROTECTING INTELLECTUAL ASSETS  Organizational information is intellectual capital - it must be protected  Information security – The protection of information from accidental or intentional misuse by persons inside or outside an organization  Downtime – Refers to a period of time when a system is unavailable

20 IS 312 : Lecture 9 20 Sources of Unplanned Downtime

21 IS 312 : Lecture 9 21 How Much Downtime Cost Business

22 IS 312 : Lecture 9 22 SECURITY THREATS CAUSED BY HACKERS  Hacker – Experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge Black-hat hacker Cracker Cyberterrorist Hactivist Script kiddies or script bunnies White-hat hacker

23 IS 312 : Lecture 9 23 SECURITY THREATS CAUSED BY VIRUSES  Virus - Software written with malicious intent to cause annoyance or damage Backdoor program Denial-of-service attack (DoS) Distributed denial-of-service attack (DDoS) Polymorphic virus Trojan-horse virus Worm

24 IS 312 : Lecture 9 24 How Computer Viruses Spread

25 IS 312 : Lecture 9 25 TYPES OF SECURITY THREATS  Security threats to ebusiness include Elevation of privilege Hoaxes Malicious code Packet tampering Sniffer Spoofing Splogs Spyware

26 IS 312 : Lecture 9 26 THE FIRST LINE OF DEFENSE - PEOPLE  Organizations must enable employees, customers, and partners to access information electronically  The biggest issue surrounding information security is not a technical issue, but a people issue Insiders Social engineering Dumpster diving

27 IS 312 : Lecture 9 27 THE FIRST LINE OF DEFENSE – PEOPLE...  The first line of defense an organization should follow to help combat insider issues is to develop information security policies and an information security plan Information security policies Information security plan

28 IS 312 : Lecture 9 28 THE SECOND LINE OF DEFENSE - TECHNOLOGY  There are three primary information technology security areas 1. People: Authentication and authorization 2. Data: Prevention and resistance 3. Attack: Detection and response

29 IS 312 : Lecture 9 29 AUTHENTICATION & AUTHORIZATION  Identity theft – The forging of someone’s identity for the purpose of fraud  Phishing – A technique to gain personal information for the purpose of identity theft, usually by means of fraudulent email  Pharming – Reroutes requests for legitimate websites to false websites

30 IS 312 : Lecture 9 30 AUTHENTICATION & AUTHORIZATION...  Authentication – A method for confirming users’ identities  Authorization – The process of giving someone permission to do or have something  The most secure type of authentication involves 1. Something the user knows 2. Something the user has 3. Something that is part of the user

31 IS 312 : Lecture 9 31 User ID & Password  This is the most common way to identify individual users and typically contains a user ID and a password  This is also the most ineffective form of authentication  Over 50 percent of help-desk calls are password related

32 IS 312 : Lecture 9 32  Smart cards and tokens are more effective than a user ID and a password Tokens – Small electronic devices that change user passwords automatically Smart card – A device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing User ID & Password...

33 IS 312 : Lecture 9 33 Fingerprint or Voice Signature  This is by far the best and most effective way to manage authentication Biometrics – The identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting  This method can be costly and intrusive

34 IS 312 : Lecture 9 34 PREVENTION & RESISTANCE  Downtime can cost an organization anywhere from $100 to $1 million per hour  Technologies available to help prevent and build resistance to attacks include 1. Content filtering 2. Encryption 3. Firewalls

35 IS 312 : Lecture 9 35 PREVENTION & RESISTANCE...  Content filtering - Prevents emails containing sensitive information from transmitting and stops spam and viruses from spreading

36 IS 312 : Lecture 9 36 PREVENTION & RESISTANCE...  If there is an information security breach and the information was encrypted, the person stealing the information would be unable to read it Encryption Public key encryption (PKE) Certificate authority Digital certificate

37 IS 312 : Lecture 9 37 Encoding 37 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z DROPBOX TONIGHT F G H I J K L M N O P Q R S T U V W X Y Z A B C D E IWTUGTC YTSNLMY Normal sequence : Encoded sequence : Message : Encoded message :

38 IS 312 : Lecture 9 38 I S 5 3 1 01001001 01010011 00110101 00110011 00110001 10010101 00110011 01010011 00110011 00010100 01101010 11001100 10101100 11001100 11101011 Binary Codes ASCII (American Standard Code for Information Interchange) : 8 bits EBCDIC (Extended Binary-Coded Decimal Interchange Code ) : 16 bits Unicode : 32 bits and more Encryption Change bit stream sequence : Change bit value :

39 IS 312 : Lecture 9 39 Public Keys

40 IS 312 : Lecture 9 40 Firewall  Firewall – Hardware and/or software that guards a private network by analyzing the information leaving and entering the network

41 IS 312 : Lecture 9 41 DETECTION & RESPONSE  If prevention and resistance strategies fail and there is a security breach, an organization can use detection and response technologies to mitigate the damage  Intrusion detection software – Features full-time monitoring tools that search for patterns in network traffic to identify intruders

42 IS 312 : Lecture 9 42 INFORMATION SECURITY Physical vs. Access/Logical Controls

Download ppt "CSUN Information Systems IS312 Information Systems for Business Lecture 9 Ethic & Information Security."

Similar presentations

BUSINESS B2 Ethics.

BUSINESS B2 Ethics.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Information and Ethics, Information Security and Malicious Programs BSAD 141 Dave Novak.

Information and Ethics, Information Security and Malicious Programs BSAD 141 Dave Novak.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Topic 4: Protecting People & Information Ethics, Privacy & Security MGMD 233-MIS AMN 2012.

Topic 4: Protecting People & Information Ethics, Privacy & Security MGMD 233-MIS AMN 2012.
Lecture 12 Information Security and Confidentiality (Chapter 12)

Lecture 12 Information Security and Confidentiality (Chapter 12)
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.

Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.
CHAPTER OVERVIEW SECTION 4.1 – Ethics

CHAPTER OVERVIEW SECTION 4.1 – Ethics
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
MANAGING IT SYSTEMS Top Things to Keep in Mind to Protect Yourself and Others.

MANAGING IT SYSTEMS Top Things to Keep in Mind to Protect Yourself and Others.
Sarbanes-Oxley: Where Information Technology, Finance, and Ethics Meet

Sarbanes-Oxley: Where Information Technology, Finance, and Ethics Meet
BUSINESS PLUG-IN B6 Information Security.

BUSINESS PLUG-IN B6 Information Security.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Business Plug-In B6 Information Security.

McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Business Plug-In B6 Information Security.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS

ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing Email that bites Paying for Privacy Pirates.

MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing that bites Paying for Privacy Pirates.

Similar presentations

Ads by Google