Presentation is loading. Please wait.

Presentation is loading. Please wait.

MIS 301 Information Systems in Organizations

Published byMavis Stafford Modified over 8 years ago

Similar presentations

Presentation on theme: "MIS 301 Information Systems in Organizations"— Presentation transcript:

1 MIS 301 Information Systems in Organizations
Dave Salisbury ( ) (web site)

2 Talking Points Security, Ethics and Privacy Ethical Issues
Information Systems Defense and Control Corporate Individual Law & Order

3 Security & Ethical Challenges
Privacy Accuracy Property Access Computer Crime Human Impacts

4 Security Issues Physical Security Logical Security
Making sure the hardware is safe and not tampered with Logical Security Making sure that software and data are not manipulated, stolen or tampered with

5 Security Issues Physical Security Issues Access methods Security Codes
Theft of equipment Fire Natural Disaster Man-made disaster Electrical failure Logical Security Issues Viruses Denial of Service as virus transmission Disaster Recovery & Backups Phishing & Pharming Identity Theft Tampering with data

6 Ethical Considerations
Delta & Pine Land Company 11/25/97 Ethical Considerations Ethical Principles Proportionality Informed Consent Justice Minimized Risk Standard of Conduct Act with integrity Protect information privacy & confidentiality Do not misrepresent or withhold information Do not misuse resources Do not exploit weakness of systems Advance general health & welfare As a business end user, you have a responsibility to promote ethical uses of information technology in the workplace. As a manager or business professional, it will be your responsibility to make decisions about business activities and use of information technologies which may have an ethical dimension that must be considered. Business ethics is concerned with the numerous ethical questions that managers must confront as part of their daily business decision making. Such issues include employee and customer privacy, protection of corporate information, workplace safety, honesty in business practices, and equity in corporate policies. How can managers make ethical decisions when confronted with many of these controversial issues? Managers and business professionals alike should use ethical principles to evaluate potential harm or risks of the use of E-Business technologies. Ethical principles for responsible use of IT include: Proportionality. The good achieved by technology must outweigh any harm or risk in its use. Informed Consent. Those affected by the technology should understand and accept the risks associated with that use. Justice. The benefits and burdens of the technology should be distributed fairly. Minimized Risk. To the extent that any risk is judged acceptable by the preceding three guidelines, technology should be implemented so as to eliminate all unnecessary risk. These are guiding principles that can be used to govern ethical conduct by managers and users. However, more specific standards of conduct are needed to govern ethical use of information technology. The Association of Information Technology Professionals (AITP) provides the following guidelines for becoming a responsible end user: Act with integrity, avoid conflicts of interest and ensure your employer is aware of any potential conflicts. Protect the privacy and confidentiality of any information you are entrusted with. Do not misrepresent or withhold information that is germane to a situation. Do not attempt to use the resources of an employer for personal gain or for any purpose without proper approval. Do not exploit the weakness of a computer system for personal gain or personal satisfaction. Set high standards for your work. Accept responsibility for your work. Advance the health, privacy, and general welfare of the public.

7 Ethical Issues Privacy Accuracy Property Access Internet privacy
Corporate Matching Accuracy Credit card accounts Student Records Property Intellectual property Software piracy Identity Theft Access Who can see it? Who should see it?

8 Delta & Pine Land Company
11/25/97 Privacy Issues IT makes it technically and economically feasible to collect, store, integrate, interchange, and retrieve data and information quickly and easily. Benefit – increases efficiency and effectiveness But, may also have a negative effect on individual’s right to privacy Accessing private and computer records & sharing information about individuals gained from their visits to websites and newsgroups

9 Delta & Pine Land Company
11/25/97 Privacy Issues Always knowing where a person is via mobile and paging services Computer Matching Computer profiling and matching personal data to that profile Mistakes can be a major problem Protect your privacy by Encrypting your messages Post to newsgroups through anonymous r ers Ask your ISP not to sell your information to mailing list providers and other marketers Decline to reveal personal data and interests online

10 Laws to Defend Individual Privacy
Delta & Pine Land Company 11/25/97 Laws to Defend Individual Privacy Attempt to enforce the privacy of computer-based files and communications Electronic Communications Privacy Act Computer Fraud and Abuse Act The Health Insurance Portability and Accountability Act (HIPAA)

11 Delta & Pine Land Company
11/25/97 Computer Libel and Censorship (The opposite side of the privacy debate) Right to know (freedom of information) Right to express opinions (freedom of speech) Right to publish those opinions (freedom of the press) Spamming Flaming Anonymity of domain ownership

12 Human Impacts Employee Monitoring (especially online)
Deskilling (robotic welders) Intellectual Property Protection (Napster or KaZaA or Morpheus) Human Control (Airbus Fly-by-Wire) Outsourcing & Offshoring

13 Delta & Pine Land Company
11/25/97 Other Challenges Employment New jobs have been created and productivity has increased, yet there has been a significant reduction in some types of jobs as a result of IT. Working Conditions IT has eliminated many monotonous, obnoxious tasks, but has created others Individuality Computer-based systems criticized as impersonal systems that dehumanize and depersonalize activities Excessive regimentation

14 Delta & Pine Land Company
11/25/97 Computer Monitoring Concerns for workplace privacy Monitors individuals, not just work Is done continually. May be seen as violating workers’ privacy & personal freedom Workers may not know that they are being monitored or how the information is being used May increase workers’ stress level May rob workers of the dignity of their work

15 Delta & Pine Land Company
11/25/97 Health Issues Job stress Muscle damage Eye strain Radiation exposure Accidents Ergonomics (human factors engineering)

16 Delta & Pine Land Company
11/25/97 Societal Solutions Beneficial effects on society Solve human and social problems Medical diagnosis Computer-assisted instruction Governmental program planning Environmental quality control Law enforcement Crime control Job placement

17 Security Management Policies
Delta & Pine Land Company 11/25/97 Security Management Policies Minimize errors, fraud, and losses in the business systems that interconnect businesses with their customers, suppliers, and other stakeholders Aligned with organizational goals. Enterprisewide. Continuous. Proactive. Validated. Formal. Authority Responsibility Accountability.

18 Corporate Security Plan

19 Risk Management

20 IT Security Trends Increasing the reliability of systems
Self-healing computers Intelligent systems for early intrusion detection Intelligent systems in auditing and fraud detection Artificial intelligence in biometrics Expert systems for diagnosis, prognosis, and disaster planning Smart cards

21 Defense strategy objectives
Prevention and deterrence Detection Limitation of damage Recovery Correction Awareness and compliance

22 Computer Crime Malicious access Viruses Theft Money Service Data
Identity

23 Information System Controls
Input controls Input masks Control totals Processing controls Hardware Software Output controls Distribution Access Storage controls Passwords Backups

24 Information System Controls
Facility controls Networks Encryption Firewalls Equipment & Access Possessed object (key or key card) Biometrics (retina scans, hand scanner)

25 Information System Controls
Procedures Standards Documentation Authorization Disaster recovery Backups Equipment Failure controls Electrical Fire Water Software Software variety Windows monoculture Other varieties (e.g. Linux) might enhance “genetic” diversity

26 Internetworked Security Defenses
Delta & Pine Land Company 11/25/97 Internetworked Security Defenses Encryption Passwords, messages, files, and other data is transmitted in scrambled form Mathematical algorithms to encode data Public and private keys Firewalls Serves as a “gatekeeper” system that protects a company’s intranets and other computer networks from intrusion Provides a filter and safe transfer point Screens all network traffic for proper passwords or other security codes

27 Security Layers

28 Internetworked Security Defenses
Delta & Pine Land Company 11/25/97 Internetworked Security Defenses Denial of Service Defenses These assaults depend on three layers of networked computer systems Victim’s website Victim’s ISP Sites of “zombie” or slave computers Defensive measures and security precautions must be taken at all three levels

29 Delta & Pine Land Company
11/25/97 Monitoring “Spot checks just aren’t good enough anymore. The tide is turning toward systematic monitoring of corporate traffic using content-monitoring software that scans for troublesome words that might compromise corporate security.” Widespread monitoring of Magic Lantern Carnivore

30 Viruses Programs written with malicious intent General Types
Trojan-horse File Logic or Time Bomb Worm Defense may be accomplished through Centralized distribution and updating of antivirus software Outsourcing the virus protection responsibility to ISPs or to telecommunications or security management companies

31 Delta & Pine Land Company
11/25/97 Security Measures Security codes Multilevel password system Log onto the computer system Gain access into the system Access individual files Backup Duplicate files of data or programs File retention measures Sometimes several generations of files are kept for control purposes

32 Delta & Pine Land Company
11/25/97 Biometric Security Measure physical traits that make each individual unique Voice Fingerprints Hand geometry Signature dynamics Keystroke analysis Retina scanning Face recognition and Genetic pattern analysis

33 More Security Measures
Delta & Pine Land Company 11/25/97 More Security Measures Computer Failure Controls Preventive maintenance of hardware & management of software updates Backup computer system Carefully scheduled hardware or software changes Highly trained data center personnel Fault tolerant systems Computer systems that have redundant processors, peripherals, and software Disaster recovery plan Which employees will participate and their duties What hardware, software, and facilities will be used Priority of applications that will be processed

34 Business Continuity The purpose of a business continuity plan is to keep the business running after a disaster occurs. Recovery planning is part of asset protection. Planning should focus on recovery from a total loss of all capabilities. Proof of capability usually involves some kind of what-if analysis that shows that the recovery plan is current. All critical applications must be identified and their recovery procedures addressed. The plan should be written so that it will be effective in case of disaster.

35 System Controls and Audits
Delta & Pine Land Company 11/25/97 System Controls and Audits Information System Controls Methods and devices that attempt to ensure the accuracy, validity, and propriety of information system activities Designed to monitor and maintain the quality and security of input, processing, and storage activities Auditing Business Systems Review and evaluate whether proper and adequate security measures and management policies have been developed and implemented Testing the integrity of an application’s audit trail Has legal implications (i.e. Sarbanes-Oxley)

36 Auditing Implementing controls in an organization can be very complicated and difficult to enforce. Are controls installed as intended? Are they effective? Did any breach of security occur? These and other questions need to be answered by independent and unbiased observers. Such observers perform an auditing task. There are two types of auditors: An internal auditor is usually a corporate employee who is not a member of the ISD. An external auditor is a corporate outsider. This type of auditor reviews the findings of the internal audit. There are two types of audits. The operational audit determines whether the ISD is working properly. The compliance audit determines whether controls have been implemented properly and are adequate.

37 Personal Security Management Examples
Install and regularly use antivirus and spy-ware cleaning software, and keep it up to date Don’t store credit card information online with merchants (or at least only with trusted ones) Don’t be predictable with passwords Keep OS, apps and browsers up to date with most recent patches Send sensitive information only to secure sites Make sure the website you’re accessing is correct (check the underlying URL) – avoid phishing attempts Don’t open attachments, or click on URLs in unless you’ve verified the source Install firewalls (this is particularly important with fast internet connections)

38 Law & Order Irony of a private person being accessible by so many
It’s always been doable; just not this easily (see examples throughout the episode) Worms Privacy and the law Who’s morally responsible for how information is used? If your software or service is used by somebody as a means to kill another, who’s responsible?

Download ppt "MIS 301 Information Systems in Organizations"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Sixth Edition 1 M a n a g e m e n t I n f o r m a t i o n S y s t e m s M a n a g I n g I n f o r m a t i o n T e c h n o l o g y i n t h e E – B u s i.

Sixth Edition 1 M a n a g e m e n t I n f o r m a t i o n S y s t e m s M a n a g I n g I n f o r m a t i o n T e c h n o l o g y i n t h e E – B u s i.
1 McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved. Ethical Challenges Ethics Principles of right and wrong that.

1 McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved. Ethical Challenges Ethics Principles of right and wrong that.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Fifth Edition 1 M a n a g e m e n t I n f o r m a t i o n S y s t e m s M a n a g I n g I n f o r m a t i o n T e c h n o l o g y i n t h e E – B u s i.

Fifth Edition 1 M a n a g e m e n t I n f o r m a t i o n S y s t e m s M a n a g I n g I n f o r m a t i o n T e c h n o l o g y i n t h e E – B u s i.
Security and Ethical Challenges

Security and Ethical Challenges
Eleventh Edition 1 Introduction to Information Systems Essentials for the Internetworked E-Business Enterprise Irwin/McGraw-Hill Copyright © 2002, The.

Eleventh Edition 1 Introduction to Information Systems Essentials for the Internetworked E-Business Enterprise Irwin/McGraw-Hill Copyright © 2002, The.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
1 Tonga Institute of Higher Education IT 245 Management Information Systems Lecture 11 Security, and Ethical Challenges of E- Business.

1 Tonga Institute of Higher Education IT 245 Management Information Systems Lecture 11 Security, and Ethical Challenges of E- Business.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) =.00625 * 5,349.44 = $33.434 What happens to the.004?.004+.004+.004=.012.004.

Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =

Similar presentations

Ads by Google