Security, Privacy, and Ethical Issues in Information Systems and the Internet Chapter 14
Social Issues in Information Systems • Computer Waste • Cyber Crime • Privacy Issues • Ethical Issues • Health Concerns • Patent & Copyright Issues
Computer Waste • Personal use of corporate time and technology • Discarded technology and unused systems • Older systems may still have value • Software is often under-utilized
Should they be monitored? • According to a Vault.com survey • 90.3 percent of employees admit to surfing non-work-related sites everyday • 83.6 percent admit to sending personal e-mails everyday. • Managers should be scrambling to scrutinize server logs to prevent this epidemic of goofing off, right?
Should they be monitored? • “Using the Internet for errands or short personal breaks has become part of the fabric of normal human behavior.” • Preventing personal use of the Internet and Email may not increase overall productivity. Why? • What are the trade-offs, costs, or negatives if a company monitors and blocks personal use?
Should they be monitored? • “Employees who use the Internet to access pornography, hate groups, etc. can land a company in hot water.” • Companies need to have an enforceable Internet-usage policy that clearly outlines what is acceptable and what isn't. • What risks or problems could arise if a company does NOT have an Internet-usage policy?
Should they be monitored? • Companies are obligated to protect themselves by developing a strict Internet-usage Policy. • Monitoring systems should be in place for other reasons: To detect hackers, internal attacks, etc. • Excessive personal usage may not imply poor productivity. How so? • Use monitoring to deter inappropriate usage but not as evaluation measure of productivity.
Computer Mistakes • Data entry errors • Program bugs or errors • Accidental deletion or over-write • Inadequate planning for malfunctions • Inadequate computing resources • Failure to keep things updated
Preventing Computer Waste and Mistakes • Establish and Implement Policies • Monitor and Review Polices • Examples: • Requiring employees to update virus software. • Requiring backup of key files • Requiring “modified-on dates” for websites. • Required training • Make user manuals and documentation available
The Good Tons of info online Policies & procedures made public Training is available What else? The Bad Info poorly organized Policies and procedures are NOT simple Training is not mandatory What else? Preventing Computer Waste and Mistakes • Siena as an example: • http://www.siena.edu/technology/computing/
Number of Incidents Reported to CERT • Established in 1988, CERT is a center of Internet security expertise located at the Software Engineering Institute. • Federally funded research and development center operated by Carnegie Mellon University.
Computer Crime and Security Survey • FBI Computer Crime and Security Survey of Companies 2002 • 90% - detected security breach in last 12 months • 80% - acknowledged financial losses • 74% - frequent external attacks via Internet • 34% - frequent internal attacks (insider job) • 33% - reported incidents to FBI
Simple Cyber Crime Techniques • Social engineering • talking a critical password out of someone • knowing typical hiding spots • Dumpster diving • gathering critical information about someone • to help guess/break passwords • leading to identify theft
Computers as tools for criminals • Cyber-terrorism • From Individual harassment onlineto • Terrorist strike on critical IT infrastructure • Identity Theft • From using an individuals credit cardto • obtaining fraudulent Drivers License or Passport
The Criminals • Hacker • enjoys learning the details of how computer systems work • Cracker • a Criminal Hacker • Script Bunnies (Script Kiddies) • Wannabe Crackers who use scripts • Insider • Disgruntled employees
The Acts • Illegal Access • Hack into Equifax to see Bill Clinton’s credit report • Data Alteration • Hack into Citibank to increase account balance. • Data Destruction • Hack into Dr. Breimer’s account to delete future quizzes • Software Piracy • Warning: All we need is a technologically aware, pro-active DA, and a quarter of Siena would be in jail.
The Acts • Internet Scams • Nigerian letter fraud • Phishing • Tricking someone into sharing private information • Spam • Can be considered harassment • Spyware • Legal but dishonest access to private information • Viruses • Can be considered data alteration or destruction
Preventing Computer-Related Crime • Crime prevention by state and federal agencies • FBI handles a lot because of the inter-state issues. • FBI hampered by International issues • CERT (Dept. of Defense) • Crime prevention by corporations • Public Key Infrastructure (PKI) • Biometrics (finger-printing mouse, voice recognition, etc.) • Antivirus programs
Preventing Computer-Related Crime is a business • Firewalls • Hardware of software that can block access to a computer or network • Intrusion Detection Software • Uses sophisticated measures to detect intruders or suspicious activity • Managed Security Service Providers (MSSPs) • Consulting firms that manage security for smaller companies • Protection of Decency • Net Nanny and other filtering software
Internet Laws for Libel • A Newspaper or Publisher can be sued for libel or indecency • in addition to the actual author • Can an Internet Service Provider (AOL, MSN, etc.) be sued for libel or indecency? • How can they be responsible for all the content? • Don’t they have a right to protect the privacy of their customers?
How to Protect Your Corporate Data from Hackers • Systems with strong user authentication and data encryption • Up-to-date security patches and virus definitions • Disable guest accounts or no password accounts • Put different services on separate dedicated servers. Why? • Turn on logs and audit trails • Conduct security audits • Frequent backup of data. Why?
Privacy Issues • Privacy and the Federal Government • Individual privacy vs. national security • Privacy at work • Individual privacy vs. company’s right to protect itself • E-mail privacy • Business document or personal information? • Privacy and the Internet • Right to use right to know?
Major Issue • Adware & Spyware • Free (and sometimes useful) Software • Usign it requires agreeing to a policy (Double-negative trickery). • Gives software permission to • Track your Internet usage • Share information about you • Should this type business be outlawed? • Privacy protection vs. entrepreneurial freedom • What are the compromises?
Federal Privacy Laws and Regulations • The Privacy Act of 1979 • Applies to federal agencies • Individuals can determine what records (pertaining to them) are collected, maintained, used, or disseminated. • Gramm-Leach-Bliley Act 1999 • Applies to non-public financial institutions • Requires privacy polices to be in place • USA Patriot Act
Health Concerns • Repetitive stress injury (RSI) • Carpal tunnel syndrome (CTS) • Ergonomics
Avoiding Health and Environment Problems • Maintain good posture and positioning. • Don’t ignore pain or discomfort. • Use stretching and strengthening exercises. • Find a good physician who is familiar with RSI and how to treat it.
Ethical Issues in Information Systems • The AITP Code of Ethics • Obligation to management • Obligation to fellow AITP members • Obligation to society • The ACM Code of Professional Conduct • Acquire and maintain professional competence