Presentation is loading. Please wait.

Presentation is loading. Please wait.

What is Ethics? Ethics Ethical behavior

Published byLynette Elliott Modified over 8 years ago

Similar presentations

Presentation on theme: "What is Ethics? Ethics Ethical behavior"— Presentation transcript:

1 What is Ethics? Ethics Ethical behavior
Set of beliefs about right and wrong behavior Ethical behavior Conforms to generally accepted social norms Doing what is ethical can be difficult Information Technology for Managers

2 Improving Corporate Ethics
Unethical behavior has led to serious negative consequences that have had a global impact Failure of major corporations like Enron and WorldCom due to accounting scandals Collapse of many financial institutions due to unwise and unethical decision making Organizations today recognize the need to take action to ensure that their employees operate in an ethical manner when using technology Information Technology for Managers

3 Appointing a Corporate Ethics Officer
Includes ethical conduct, legal compliance, and corporate social responsibility Corporate ethics officer Senior-level manager Provides vision and direction in the area of business conduct Corporation will place a higher emphasis on ethics policies following a major scandal within the organization Information Technology for Managers

4 Ethical Standards Set by Board of Directors
Responsible for supervising the management team Expected to conduct themselves according to the highest standards of personal and professional integrity Set the standard for company-wide ethical conduct and ensure compliance with laws and regulations Information Technology for Managers

5 Establishing a Corporate Code of Ethics
Highlights an organization’s key ethical issues Identifies the overarching values and principles that are important to the organization Formal, written statements about: Purpose of the organization Values Principles that guide its employees’ actions Develop with employee participation Fully endorsed by the organization’s leadership Information Technology for Managers

6 Establishing a Corporate Code of Ethics (continued)
Information Technology for Managers

7 Requiring Employees to Take Ethics Training
Company’s code of ethics must be promoted and continually communicated within the organization From top to bottom Comprehensive ethics education program Small workshop formats Existence of formal training programs Can reduce a company’s liability in the event of legal action Information Technology for Managers

8 Including Ethical Criteria in Employee Appraisals
Employees evaluated on their demonstration of qualities and characteristics highlighted in the corporate code of ethics Considered along with more traditional criteria used in performance appraisals Information Technology for Managers

9 Privacy Balance the needs of those who use the information against the rights and desires of the people whose information may be used Various states have passed laws that require disclosure of any breach of security to any resident whose data is believed to have been compromised Information Technology for Managers

10 Privacy (continued) Information Technology for Managers

11 Right to Privacy Historical perspective on the right to privacy
Protected by a number of amendments in the Bill of Rights Information Technology for Managers

12 Treating Customer Data Responsibly
Code of Fair Information Practices and the 1980 Organization for Economic Cooperation and Development (OECD) privacy guidelines Five widely accepted core principles European adequacy standard for privacy protection United States does not meet these standards Organizations should appoint an executive Chief Privacy Officer, or CPO Define, implement, and oversee data privacy policies Information Technology for Managers

13 Treating Customer Data Responsibly (continued)
Establish an effective data privacy program Conduct a thorough assessment Define a comprehensive data privacy program Assign a high-level executive Develop a data breach response plan Track ongoing changes to regulatory and legal requirements Information Technology for Managers

14 Workplace Monitoring IT usage policy
Establishes boundaries of acceptable behavior Enables management to take action against violators Organizations monitor workers to ensure compliance Information Technology for Managers

15 Workplace Monitoring (continued)
Information Technology for Managers

16 Workplace Monitoring (continued)
Fourth Amendment of the Constitution Protects citizens from unreasonable searches by the government Often used to protect the privacy of government employees Cannot be used to control how a private employer treats its employees Public sector employees have far greater privacy rights than those in private industry State privacy statutes tend to favor employers over employees Information Technology for Managers

17 A Manager Takes Inappropriate Action: City of Ontario, California
Contracted with Arch Wireless to provide wireless text-messaging Services Jeff Quon, a member of the Ontario Police Department (OPD) SWAT team Received alphanumeric pager Sent sexually explicit messages to two other workers in the police department and to his wife General computer usage, Internet, and policy Not specific to pagers Information Technology for Managers

18 A Manager Takes Inappropriate Action: City of Ontario, California (continued)
Ontario Police Department was unable to access the message directly Requested that Arch Wireless provide the transcripts Stored Communications Act (SCA) Attempt to address a number of potential privacy issues not addressed by the Fourth Amendment U.S. Court of Appeals for the Ninth Circuit Ruled that Arch Wireless was an electronic communications service and had violated the SCA when it provided transcripts of Quon’s messages to the OPD Information Technology for Managers

19 Cybercrime and Computer Security
Criminal activity in which a computer or a computer network is used as a tool to commit a crime or is the target of criminal activity Electronic fraud Class of cybercrime Involves the use of computer hardware, software, or networks to misrepresent facts for the purpose of causing someone to do or refrain from doing something that causes loss Information Technology for Managers

20 Types of Attacks Attack on a networked computer from an outside source
One of the most frequent types of attack Viruses Piece of programming code Usually disguised as something innocuous Cause some unexpected and undesirable event Often attached to a file Do not spread themselves from computer to computer Macro viruses Information Technology for Managers

21 Types of Attacks (continued)
Worms Harmful computer programs that reside in the active memory of the computer Can propagate over a network without human intervention May install malware (malicious software) on a computer Information Technology for Managers

22 Types of Attacks (continued)
Distributed Denial-of-Service Attack (DDOS) Malicious hacker takes over computers connected to the Internet Causes them to flood a target site with demands for data and other small tasks Zombie Compromised computer Botnet Group of zombie computers running software that is being remotely controlled without the knowledge or consent of the owners Information Technology for Managers

23 Information Technology for Managers

24 Types of Attacks (continued)
DDOS (continued) Spoofing Zombies are often programmed to put false return addresses on the packets they send out Egress filtering Ensure that spoofed packets do not leave their corporate network Information Technology for Managers

25 Perpetrators Information Technology for Managers

26 Defensive Measures Risk assessment
Organization’s review of potential threats to its computers and networks Identify which investments of time and resources will best protect the organization from its most likely and serious threats Reasonable assurance Managers must use their judgment to ensure that the cost of control does not exceed the system’s benefits or the risks involved Information Technology for Managers

27 Information Technology for Managers

28 Establishing a Security Policy
Defines an organization’s security requirements Defines controls and sanctions needed to meet those requirements National Institute of Standards and Technology (NIST) Computer Security Division Automated system rules should mirror an organization’s written policies Information Technology for Managers

29 Establishing a Security Policy (continued)
attachments Critical security issue Virtual private network (VPN) Uses the Internet to relay communications Maintains privacy through security procedures and tunneling protocols Information Technology for Managers

30 Educating Employees, Contractors, and Part-Time Workers
Must be educated about the importance of security Discuss recent security incidents Protect an organization’s information systems and data by: Guarding their passwords Applying strict access controls Reporting all unusual activity to the organization’s IT security group Information Technology for Managers

31 Prevention Installing a corporate firewall
Established through the use of software, hardware, or a combination of both Can lead to complacency Intrusion prevention systems Prevent an attack by blocking viruses, malformed packets, and other threats from getting into the company network Information Technology for Managers

32 Prevention (continued)
Installing antivirus software on personal computers Virus signature Specific sequence of bytes United States Computer Emergency Response Team (US-CERT) Most of the virus and worm attacks that the team analyzes use already known programs Crucial that antivirus software be updated continually with the latest virus detection information Information Technology for Managers

33 Prevention (continued)
Implementing safeguards against attacks by malicious insiders IT staff must delete the computer accounts, login IDs, and passwords of departing employees Create roles and user accounts so that users have the authority to perform their responsibilities and no more Information Technology for Managers

34 Prevention (continued)
Addressing the most critical Internet security threats Overwhelming majority of successful computer attacks are made possible by taking advantage of well-known vulnerabilities SANS (System Administration, Networking, and Security) Institute and US-CERT regularly update a summary of the most frequent, high-impact vulnerabilities Information Technology for Managers

35 Prevention (continued)
Conducting periodic IT security audits Evaluate whether an organization has a well-considered security policy in place and if it is being followed Test system safeguards Federal Computer Security Report Card Information Technology for Managers

36 Prevention (continued)
Information Technology for Managers

37 Detection Intrusion detection system Software and/or hardware
Monitors system and network resources and activities and notifies network security personnel when it identifies possible intrusions Different approaches to intrusion detection Knowledge-based approaches Behavior-based approaches Information Technology for Managers

38 Response Primary goal Incident notification
Regain control and limit damage Not to attempt to monitor or catch an intruder Incident notification Define who to notify and who not to notify Protecting evidence and activity logs Document all details of a security incident Incident containment Act quickly to contain an attack Information Technology for Managers

39 Response (continued) Eradication
Collect and log all possible criminal evidence from the system Verify that all necessary backups are current Create a forensic disk image of each compromised system Keep a log of all actions taken Information Technology for Managers

40 Response (continued) Incident follow-up
Determine how the organization’s security was compromised Develop an estimate of the monetary damage Determine amount of effort that should be put into capturing the perpetrator Information Technology for Managers

41 Information Technology for Managers

42 Summary Ethics Information technology usage policy
Set of beliefs about right and wrong behavior Treat customer data responsibly Information technology usage policy Laws governing employee privacy and monitoring Cybercrime Types of attacks Prevention Detection Response Information Technology for Managers

Download ppt "What is Ethics? Ethics Ethical behavior"

Similar presentations

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
COMP427 Business Ethics. Objectives 1.To understand ethics and why its important in ways that are consistent with a code of principles. 2.Understand why.

COMP427 Business Ethics. Objectives 1.To understand ethics and why its important in ways that are consistent with a code of principles. 2.Understand why.
Chapter 1 An Overview of Ethics

Chapter 1 An Overview of Ethics
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
 ICT Security › If the firm is a victim of a computer crime, should they pursue prosecution of the criminals at all costs, should they maintain a low.

 ICT Security › If the firm is a victim of a computer crime, should they pursue prosecution of the criminals at all costs, should they maintain a low.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Access to Electronic Media Acceptable Use Policy August 8, 2011 Meece Middle School.

Access to Electronic Media Acceptable Use Policy August 8, 2011 Meece Middle School.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Ethics in Information Technology, Second Edition

Ethics in Information Technology, Second Edition

Similar presentations

Ads by Google