Embed Size (px)
DESCRIPTION
Chapter 3 Ethics, Privacy & Security. Describe the major ethical issues related to information technology and identify situations in which they occur . Identify the many threats to information security Understand the various defense mechanisms used to protect information systems. - PowerPoint PPT Presentation
Citation preview
Chapter 3 Ethics, Privacy & SecurityDescribe the major ethical issues related to information technology and identify situations in which they occur.
Identify the many threats to information security
Understand the various defense mechanisms used to protect information systems.
Explain IT auditing and planning for disaster recovery.
Case Study TJX SWOT
Ethical Issues
Fundamental tenets of ethics include responsibility, accountability, and liability
unethical is not necessarily illegal. Should organizations monitor employees’ Web surfing
and e-mail? Should organizations sell customer information to
other companies?
Ethical Issues
Should organizations audit employees’ computers for unauthorized software or illegally downloaded music or video files?
Privacy issues
Accuracy issues
Property issues
Accessibility issues
Protecting Privacy
The right of privacy is not absolute. Privacy must be balanced against the needs of society
The public’s right to know supersedes the individual’s right of privacy
International Aspects of Privacy
IT’s About Business
Security Outside the Perimeter: LexisNexis
Threats to Information Security
Today’s interconnected, interdependent, wirelessly networked business environment
Governmental legislation Smaller, faster, cheaper computers and storage devices Decreasing skills necessary to be a computer hacker International organized crime taking over cybercrime Downstream liability Increased employee use of unmanaged devices Lack of management support
Threats to Information Systems
Unintentional acts Natural disasters Technical failures Management failures Deliberate acts
IT’s About Business
The “Hack, Pump, and Dump” Scheme
Protecting Information Resources Risk management
Risk analysis
Risk mitigation
Risk acceptance
Risk limitation
Risk transference
Protecting Information Resources Controls The Difficulties in Protecting Information Resources Physical Controls Access Controls
Protecting Information Resources Authentication
Something the User Is
Something the User Has
Something the User Does
Something the User Knows
IT’s About Business
Providing Least Privilege at UPS
Protecting Information Resources Communications (network) controls
Firewalls.
Anti-malware systems.
Protecting Information Resources Whitelisting and Blacklisting
Intrusion Detection Systems
Encryption.
Virtual Private Networking
Secure Socket Layer
IT’s About Business
Using Encryption to Reduce E-Mail Security Risks at Harvard Pilgrim
Ethics, Privacy, and Information Security
Ethics, Privacy, and Information Security
Vulnerability Management Systems
Employee Monitoring Systems
Application Controls
Business Continuity Planning, Backup, and Recovery
hot site
warm site
cold site
off-site data storage
IT’s About Business
The Baltimore Ravens Plan for Business Continuity
Information Systems Auditing
Types of Auditors and Audits How Is Auditing Executed?
