1 / 30

Security, Privacy, and Ethical Issues in Information Systems and the Internet

Security, Privacy, and Ethical Issues in Information Systems and the Internet. Chapter 14. Social Issues in Information Systems. Computer Waste Cyber Crime Privacy Issues Ethical Issues Health Concerns Patent & Copyright Issues. Computer Waste.

gomer
Télécharger la présentation

Security, Privacy, and Ethical Issues in Information Systems and the Internet

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security, Privacy, and Ethical Issues in Information Systems and the Internet Chapter 14

  2. Social Issues in Information Systems • Computer Waste • Cyber Crime • Privacy Issues • Ethical Issues • Health Concerns • Patent & Copyright Issues

  3. Computer Waste • Personal use of corporate time and technology • Discarded technology and unused systems • Older systems may still have value • Software is often under-utilized

  4. Should they be monitored? • According to a Vault.com survey • 90.3 percent of employees admit to surfing non-work-related sites everyday • 83.6 percent admit to sending personal e-mails everyday. • Managers should be scrambling to scrutinize server logs to prevent this epidemic of goofing off, right?

  5. Should they be monitored? • “Using the Internet for errands or short personal breaks has become part of the fabric of normal human behavior.” • Preventing personal use of the Internet and Email may not increase overall productivity. Why? • What are the trade-offs, costs, or negatives if a company monitors and blocks personal use?

  6. Should they be monitored? • “Employees who use the Internet to access pornography, hate groups, etc. can land a company in hot water.” • Companies need to have an enforceable Internet-usage policy that clearly outlines what is acceptable and what isn't. • What risks or problems could arise if a company does NOT have an Internet-usage policy?

  7. Should they be monitored? • Companies are obligated to protect themselves by developing a strict Internet-usage Policy. • Monitoring systems should be in place for other reasons: To detect hackers, internal attacks, etc. • Excessive personal usage may not imply poor productivity. How so? • Use monitoring to deter inappropriate usage but not as evaluation measure of productivity.

  8. Computer Mistakes • Data entry errors • Program bugs or errors • Accidental deletion or over-write • Inadequate planning for malfunctions • Inadequate computing resources • Failure to keep things updated

  9. Preventing Computer Waste and Mistakes • Establish and Implement Policies • Monitor and Review Polices • Examples: • Requiring employees to update virus software. • Requiring backup of key files • Requiring “modified-on dates” for websites. • Required training • Make user manuals and documentation available

  10. The Good Tons of info online Policies & procedures made public Training is available What else? The Bad Info poorly organized Policies and procedures are NOT simple Training is not mandatory What else? Preventing Computer Waste and Mistakes • Siena as an example: • http://www.siena.edu/technology/computing/

  11. Computer Crime

  12. Number of Incidents Reported to CERT • Established in 1988, CERT is a center of Internet security expertise located at the Software Engineering Institute. • Federally funded research and development center operated by Carnegie Mellon University.

  13. Computer Crime and Security Survey • FBI Computer Crime and Security Survey of Companies 2002 • 90% - detected security breach in last 12 months • 80% - acknowledged financial losses • 74% - frequent external attacks via Internet • 34% - frequent internal attacks (insider job) • 33% - reported incidents to FBI

  14. Simple Cyber Crime Techniques • Social engineering • talking a critical password out of someone • knowing typical hiding spots • Dumpster diving • gathering critical information about someone • to help guess/break passwords • leading to identify theft

  15. Computers as tools for criminals • Cyber-terrorism • From Individual harassment onlineto • Terrorist strike on critical IT infrastructure • Identity Theft • From using an individuals credit cardto • obtaining fraudulent Drivers License or Passport

  16. The Criminals • Hacker • enjoys learning the details of how computer systems work • Cracker • a Criminal Hacker • Script Bunnies (Script Kiddies) • Wannabe Crackers who use scripts • Insider • Disgruntled employees

  17. The Acts • Illegal Access • Hack into Equifax to see Bill Clinton’s credit report • Data Alteration • Hack into Citibank to increase account balance. • Data Destruction • Hack into Dr. Breimer’s account to delete future quizzes • Software Piracy • Warning: All we need is a technologically aware, pro-active DA, and a quarter of Siena would be in jail.

  18. The Acts • Internet Scams • Nigerian letter fraud • Phishing • Tricking someone into sharing private information • Spam • Can be considered harassment • Spyware • Legal but dishonest access to private information • Viruses • Can be considered data alteration or destruction

  19. Data Alteration and Destruction

  20. Preventing Computer-Related Crime • Crime prevention by state and federal agencies • FBI handles a lot because of the inter-state issues. • FBI hampered by International issues • CERT (Dept. of Defense) • Crime prevention by corporations • Public Key Infrastructure (PKI) • Biometrics (finger-printing mouse, voice recognition, etc.) • Antivirus programs

  21. Preventing Computer-Related Crime is a business • Firewalls • Hardware of software that can block access to a computer or network • Intrusion Detection Software • Uses sophisticated measures to detect intruders or suspicious activity • Managed Security Service Providers (MSSPs) • Consulting firms that manage security for smaller companies • Protection of Decency • Net Nanny and other filtering software

  22. Internet Laws for Libel • A Newspaper or Publisher can be sued for libel or indecency • in addition to the actual author • Can an Internet Service Provider (AOL, MSN, etc.) be sued for libel or indecency? • How can they be responsible for all the content? • Don’t they have a right to protect the privacy of their customers?

  23. How to Protect Your Corporate Data from Hackers • Systems with strong user authentication and data encryption • Up-to-date security patches and virus definitions • Disable guest accounts or no password accounts • Put different services on separate dedicated servers. Why? • Turn on logs and audit trails • Conduct security audits • Frequent backup of data. Why?

  24. Privacy

  25. Privacy Issues • Privacy and the Federal Government • Individual privacy vs. national security • Privacy at work • Individual privacy vs. company’s right to protect itself • E-mail privacy • Business document or personal information? • Privacy and the Internet • Right to use  right to know?

  26. Major Issue • Adware & Spyware • Free (and sometimes useful) Software • Usign it requires agreeing to a policy (Double-negative trickery). • Gives software permission to • Track your Internet usage • Share information about you • Should this type business be outlawed? • Privacy protection vs. entrepreneurial freedom • What are the compromises?

  27. Federal Privacy Laws and Regulations • The Privacy Act of 1979 • Applies to federal agencies • Individuals can determine what records (pertaining to them) are collected, maintained, used, or disseminated. • Gramm-Leach-Bliley Act 1999 • Applies to non-public financial institutions • Requires privacy polices to be in place • USA Patriot Act

  28. Health Concerns • Repetitive stress injury (RSI) • Carpal tunnel syndrome (CTS) • Ergonomics

  29. Avoiding Health and Environment Problems • Maintain good posture and positioning. • Don’t ignore pain or discomfort. • Use stretching and strengthening exercises. • Find a good physician who is familiar with RSI and how to treat it.

  30. Ethical Issues in Information Systems • The AITP Code of Ethics • Obligation to management • Obligation to fellow AITP members • Obligation to society • The ACM Code of Professional Conduct • Acquire and maintain professional competence

More Related