Académique Documents
Professionnel Documents
Culture Documents
Copyright 2008 by The McGraw-Hill Companies, Inc. All rights reserved. Copyright 2008, The McGraw-Hill Companies, Inc. All rights reserved.
Chapter
13
Security and Ethical Challenges
McGraw-Hill/Irwin
Learning Objectives
Identify several ethical issues in how the use of information technologies in business affects
Employment Individuality Working conditions Privacy Crime Health Solutions to societal problems
13-3
Learning Objectives
Identify several types of security management strategies and defenses, and explain how they can be used to ensure the security of business applications of information technology
Propose several ways that business managers and professionals can help to lessen the harmful effects and increase the beneficial effects of the use of information technology
13-4
What are several security measures that could be implemented to combat the spread of cyberscams?
Explain why your suggestions would be effective in limiting the spread of cyberscams
13-6
13-7
13-8
13-9
Business Ethics
Ethics questions that managers confront as part of their daily business decision making include
Equity Rights Honesty Exercise of corporate power
13-10
13-11
13-12
13-13
Informed Consent
Those affected by the technology should understand and accept the risks
13-14
Minimized Risk
Even if judged acceptable by the other three guidelines, the technology must be implemented so as to avoid all unnecessary risk
13-15
13-16
13-17
Computer Crime
Computer crime includes
Unauthorized use, access, modification, or destruction of hardware, software, data, or network resources The unauthorized release of information The unauthorized copying of software Denying an end user access to his/her own hardware, software, data, or network resources Using or conspiring to use computer or network resources illegally to obtain information or tangible property
13-18
13-19
Hacking
Hacking is
The obsessive use of computers The unauthorized access and use of networked computer systems
Cracker
A malicious or criminal hacker who maintains knowledge of the vulnerabilities found for private advantage
13-20
Scans
Widespread probes of the Internet to determine types of computers, services, and connections Looking for weaknesses
13-21
Spoofing
Faking an e-mail address or Web page to trick users into passing along critical information like passwords or credit card numbers
13-22
Back Doors
A hidden point of entry to be used in case the original entry point is detected or blocked
Malicious Applets
Tiny Java programs that misuse your computers resources, modify files on the hard disk, send fake email, or steal passwords
13-23
Logic Bombs
An instruction in a computer program that triggers a malicious act
Buffer Overflow
Crashing or gaining control of a computer by sending too much data to buffer memory
13-24
Social Engineering
Gaining access to computer systems by talking unsuspecting company employees out of valuable information, such as passwords
Dumpster Diving
Sifting through a companys garbage to find information to help break into their computers
13-25
Cyber Theft
Many computer crimes involve the theft of money The majority are inside jobs that involve unauthorized network entry and alternation of computer databases to cover the tracks of the employees involved Many attacks occur through the Internet Most companies dont reveal that they have been targets or victims of cybercrime
13-26
Sniffers
Used to monitor network traffic or capacity Find evidence of improper use
13-27
Software Piracy
Software Piracy
Unauthorized copying of computer programs
Licensing
Purchasing software is really a payment for a license for fair use Site license allows a certain number of copies
A third of the software industrys revenues are lost to piracy
13-29
13-33
Scans all .WAB, .WBX, .HTML, .EML, and .TXT files looking for email addresses to which it can send itself Also attempts to download updates for itself
13-34
13-36
13-37
Spyware
Adware that uses an Internet connection in the background, without the users permission or knowledge Captures information about the user and sends it over the Internet
13-38
Spyware Problems
Spyware can steal private information and also
Add advertising links to Web pages Redirect affiliate payments Change a users home page and search settings Make a modem randomly call premium-rate phone numbers Leave security holes that let Trojans in Degrade system performance
Privacy Issues
The power of information technology to store and retrieve information can have a negative effect on every individuals right to privacy
Personal information is collected with every visit to a Web site Confidential information stored by credit bureaus, credit card companies, and the government has been stolen or misused
13-40
Opt-Out
Data can be compiled about you unless you specifically request it not be This is the default in the U.S.
13-41
Privacy Issues
Violation of Privacy
Accessing individuals private email conversations and computer records Collecting and sharing information about individuals gained from their visits to Internet websites
Computer Monitoring
Always knowing where a person is Mobile and paging services are becoming more closely associated with people than with places
13-42
Privacy Issues
Computer Matching
Using customer information gained from many sources to market additional business services
13-43
13-44
Privacy Laws
Electronic Communications Privacy Act and Computer Fraud and Abuse Act
Prohibit intercepting data communications messages, stealing or destroying data, or trespassing in federal-related computer systems
13-45
Privacy Laws
Other laws impacting privacy and how much a company spends on compliance
Sarbanes-Oxley Health Insurance Portability and Accountability Act (HIPAA) Gramm-Leach-Bliley USA Patriot Act California Security Breach Law Securities and Exchange Commission rule 17a-4
13-46
Biggest battlegrounds
Bulletin boards Email boxes Online files of Internet and public networks
Flaming
Sending extremely critical, derogatory, and often vulgar email messages or newsgroup posting to other users on the Internet or online services Especially prevalent on special-interest newsgroups
13-48
Cyberlaw
Laws intended to regulate activities over the Internet or via electronic communication devices
Encompasses a wide variety of legal and political issues Includes intellectual property, privacy, freedom of expression, and jurisdiction
13-49
Cyberlaw
The intersection of technology and the law is controversial
Some feel the Internet should not be regulated Encryption and cryptography make traditional form of regulation difficult The Internet treats censorship as damage and simply routes around it
Other Challenges
Employment
IT creates new jobs and increases productivity It can also cause significant reductions in job opportunities, as well as requiring new job skills
Computer Monitoring
Using computers to monitor the productivity and behavior of employees as they work Criticized as unethical because it monitors individuals, not just work, and is done constantly Criticized as invasion of privacy because many employees do not know they are being monitored
13-51
Other Challenges
Working Conditions
IT has eliminated monotonous or obnoxious tasks However, some skilled craftsperson jobs have been replaced by jobs requiring routine, repetitive tasks or standby roles
Individuality
Dehumanizes and depersonalizes activities because computers eliminate human relationships Inflexible systems
13-52
Health Issues
Cumulative Trauma Disorders (CTDs)
Disorders suffered by people who sit at a PC or terminal and do fast-paced repetitive keystroke jobs
13-53
Ergonomics
Designing healthy work environments
Safe, comfortable, and pleasant for people to work in Increases employee morale and productivity Also called human factors engineering
13-54
Ergonomics Factors
13-55
Societal Solutions
Using information technologies to solve human and social problems
Medical diagnosis Computer-assisted instruction Governmental program planning Environmental quality control Law enforcement Job placement
13-56
Societal Solutions
The detrimental effects of information technology
Often caused by individuals or organizations not accepting ethical responsibility for their actions
13-57
Security Management of IT
The Internet was developed for inter-operability, not impenetrability
Business managers and professionals alike are responsible for the security, quality, and performance of business information systems Hardware, software, networks, and data resources must be protected by a variety of security measures
13-58
13-60
13-61
Security Management
The goal of security management is the accuracy, integrity, and safety of all information system processes and resources
13-62
13-63
13-64
13-65
13-66
13-67
At the ISP
Monitor and block traffic spikes
13-68
Virus Defenses
Centralize the updating and distribution of antivirus software Use a security suite that integrates virus protection with firewalls, Web security, and content blocking features
13-69
Backup Files
Duplicate files of data or programs
Security Monitors
Monitor the use of computers and networks Protects them from unauthorized use, fraud, and destruction
13-70
13-72
13-73
13-74
Auditing IT Security
IT Security Audits
Performed by internal or external auditors Review and evaluation of security measures and management policies Goal is to ensure that that proper and adequate measures and policies are in place
13-75
13-76
Risk Management
A forward-looking view A focus on a critical few security issues Integrated management of security policies and strategies
13-77
13-78
13-79
13-80
What challenges does the process of applying software patches and updates pose for many businesses?
What are the limitations of the patching process?
13-81
13-82