Introduction to Information Technology Turban, Rainer and Potter Chapter 15 Implementing IT: Ethics, Impacts, and Security 1 CHAPTER 15 IMPLEMENTING IT:

Introduction to Information TechnologyTurban, Rainer and Potter

Chapter 15 Implementing IT: Ethics, Impacts, and Security

1

CHAPTER 15IMPLEMENTING IT:ETHICS, IMPACTS,AND SECURITY



2

Learning Objectives Describe the major ethical issues related to information

technology and identify situations in which they occur Identify the major impacts of information technology on

organizational structure, power, jobs, supervision, and decision making

Understand the potential dehumanization of people by computers and other potential negative impacts of information technology

Identify some of the major societal effects of information technology

Describe the many threats to information security Understand the various defense mechanisms of information

systems Explain IT auditing and planning for disaster recovery



3

Chapter OverviewEthical Issues

• A Framework for Ethics• Protecting Privacy• Protecting Intellectual Property

Impacts of IT on Organizations and Jobs• How will Organizations be changed?• How will Jobs be Changed?•Other Considerations

Impacts on Individuals at Work• Will my Job be Eliminated?• Dehumanization and Psychological Impacts• Impact on Health and Safety• Other Impacts

Societal Impacts and Internet Communities

• Improved Quality of life• Internet Communities• Telecommuting

Security is a Concern for Everyone

• Threats to information Systems• Systems Vulnerability• Computer Crimes

Protecting Information Systems

• Defence Strategies: How do we Protect IT?• Auditing Information Systems• Disaster Recovery Planning• Security in the 21st Century



4

Case: Music Retailer Finds Commerce in Communities

The Business Problem

The Solution The company created genre-specific sites where each is focused on the specific needs of

an Internet community. The Internet is viewed as a network that provides new kinds of “spaces,” a world of

online communities and virtual chat room.

N2K, a retailer in the music industry, merged with an Internet Music store called MusicBoulevard (www.musicblvd.com), but sales were small

The Results Increased sales dramatically High level of members’ loyalty to the site Minimal inventory cost



5

What have we learned from this case??

Case (continued…)

IT has had an impact on society as well as on corporate operations and marketing methods

The concept of internet communities can offer the opportunity to significantly increase an online company’s revenue and profit



6

Ethical Issues

Ethics is a branch of philosophy that deals with what is considered to be right and wrong

What is unethical is not necessarily illegal Codes of ethics is a collection of principles

intended as a guide for members of a company or an association

Ethics differ in countries and companies



7

Ethical Issues (continued …) A Framework for Ethics Issues

Privacy Issues

What information about oneself should an individual be required to reveal to others?What kind of surveillance can an employer use on its employees?

Accuracy Issues

Who is responsible for the authenticity, fidelity, and accuracy of information collected?How can we ensure that information will be processed properly and presented accurately to users?

Property Issues

Who owns the information?What are the just and fair prices for its exchange?

Accessibility Issues

Who is allowed to access information?How much should be charged for permitting accessibility to information?



8

Ethical Issues (continued …)

Protecting Privacy privacy - different things to different people four stages of privacy

solitude intimacy anonymity reserve

too expensive, cumbersome, and complex to invade information privacy

personal computers, powerful software, large databases, and the internet have created an entirely new dimension of accessing and using personal data



9

Electronic Surveillance (monitoring computer users) American Civil Liberties Union (ACLU) estimates

that tens of millions of computer users are monitored

Personal Information in Databases people may not appreciate the intrusion of vendors commercial companies advise individuals about how

to protect their rights, and it monitors several database




10

Information on Internet Bulletin Boards and Newsgroups how does society keep owners of bulletin boards

from disseminating information that may be offensive to readers?

highlights the conflict between freedom of speech, privacy, and ethics

Privacy codes and Polices helps organizations avoid legal problems




11

Guidelines to protect individuals’ privacy in the electronic age in Europe are very strict

International Aspects of Privacy

Collection limitation Data quality

Purpose specification Use limitation

Security safeguards Openness

Individual participation



12

Privacy Policy Guidelines - A Sampler

Dat

a C

olle

ctio

n Data should be collected on individuals only for the purpose of accomplishing a legitimate business objective.

Data should be adequate, relevant, and not excessive in relation to the business objective.

Individuals must give their consent before data pertaining to them can be gathered.

Dat

a A

ccu

racy

Sensitive data gathered on individuals should be verified before it is entered into the database.

Data should be accurate and, where and when necessary, keep current. The file should be made available so the individual can ensure that the data are correct. If there is disagreement about the accuracy of the data, the individual’s version should

be noted and included with any disclosure of the file.

Dat

a C

onfi

den

tial

ity

Computer security procedures should be implemented to provide reasonable assurance against unauthorized disclosure of data. They should include physical, technical, and administrative security measures.

Third parties should not be given access to data without the individual’s knowledge or permission, except as required by law.

Disclosures of data, other than the most routine, should be noted and maintained for as long as the data are maintained.

Data should not be disclosed for reasons incompatible with the business objective for which they are collected.



13

Intellectual property - the intangible property created by individuals or corporations

Protected under Copyright - a statutory grant that provides the creators

of intellectual property with ownership of it for 28 years Trade secret - intellectual work such as a business plan

which is a company secret and is not based on public information

Patent - a document that grants the holder exclusive rights on an invention for 17 years

Protecting Intellectual Property



14

How will organizations be changed? Flatter organizational hierarchies

It is reasonable to assume that fewer managerial levels will exist in many organizations, and there will be fewer staff and line managers.

Changes in supervision an employee’s work is performed online and stored

electronically introducing the possibility for greater electronic supervision.

Powers and status Knowledge is power.

The Impacts of ITon Organizations and Jobs



15

How will jobs be changed? Job content

Changes in job content occur when work is redesigned

Employee career ladders the use of IT may short-cut a portion of

learning curve by capturing and more efficiently managing knowledge

The manager’s job It can change the manner in which many

decisions are made and consequently change managers’ jobs.

The Impacts of ITon Organizations and Jobs



16

Impacts on Individuals at Work

Will my Job be Eliminated? IT can significantly increase the productivity of

employees, restructuring their job content and changing the skill requirement of many jobs.

Because computers are becoming “smarter” and more capable as time passes, the competitive advantage of replacing people with machines is increasing rapidly.

But many computer-related job are being created.



17

Impacts on Individuals at Work (continues …)

Dehumanization computers reduce or eliminate the human element that was

present in the non-computerized systems computer-supported activities may dehumanize people Psychological impacts

people may feel depression and loneliness if they work and shop from their living rooms

the lack of social contacts could be damaging to children’s development if they are schooled at home through IT

Job satisfaction Some jobs may become more routine and less satisfying



18

Impacts on Health and Safety Job stress - computerization has created an ever-increasing

workload on many people

Video display terminals (VDTs) - radiation exposure has been associated with cancer and other health-related problems

Repetitive strain injuries - backaches and muscle tension in the wrists and fingers

Lessening the Negative Impact on Health and Safety - ergonomic techniques focus on creating an environment for workers that are well lit, comfortable and safe

Impacts on Individuals at Work (continues …)



19

Information Systems and the Individuals

The Individual

Electronic Funds Transfer / Electric Commerce

Leisure Time System

Hot

el

Res

erva

tion

s

The

atre

and

E

nter

tain

men

t

Tra

vel

Res

erva

tion

s

Public and Private Service System

Poli

ce a

nd

Fire

Acc

ount

ing

and

Leg

al

Insu

ranc

e an

d B

roke

rage

HomeInformation System

Secu

rity

Env

iron

men

tal

and

appl

ianc

es

Ent

erta

inm

ent

, Bus

ines

s,

and

Edu

cati

onEducation and

Medical System

Cen

tral

Med

ical

D

atab

ase

Hos

pita

l A

dmin

istr

atio

n an

d T

reat

men

t

Com

pute

r A

ssis

ted

Edu

cati

on

Edu

cati

on

Adm

inis

trat

ion

and

Rec

ords

Financial System

Inte

grat

ed

Fina

ncia

l D

atab

ase

Mon

ey O

ared

R

eal E

stat

e St

ocks

Consumer System

Supe

rmar

ket

Dep

artm

ent S

tore

Dru

g St

ore



20

Societal Impacts Improved Quality of Life

Opportunities for people with disabilities The integration of intelligent systems, such as speech and vision

recognition, into a computer-based information system can create new employment opportunities for people with disabilities.

Improvements in heath care IT brought about major improvements in health care delivery,

ranging from better and faster diagnoses, to expedited research and development of new drugs, to more accurate monitoring of critically ill patients.



21

Societal Impacts (continued …)

Improved Quality of Life Help for the consumer

IT systems help the lay person perform tasks that require expertise.

Robots performing hard and hazardous labor Robots can work in uncomfortable or

dangerous environments. Crime fighting Improvement in education and other benefits



22

Internet Communities Communities of Interest : provide place for people to

interact with each other on a specific topic Communities of Relations : be organized around certain

life experiences Communities of Fantasy : provide place for participants

create imaginary environments Communities of Transactions : facilitate buying and selling Communities of Professionals : support professional

communication and the exchange of valuable work or research-related information



23

Telecommuting Benefits

To the employees• Less stress• Ability to go to school while working• Improved family life• Money is saved• Commuting time is saved• Ability to control schedule and manage time better• Employment opportunities for housebound people

To the organization• Increased productivity• Reduced real estate cost• Reduced cost of parking• Ability to retain skilled employees• Ability to tap remote labor pool• Lower labor and absenteeism cost• Better interaction of employees with clients and suppliers

To society• Less use of fossil fuels• Fewer traffic problems; including less air pollution• More business for suburbs and rural areas



24

Telecommuting (continued …)

Telecommuting and Productivity Increase productivity by

increased motivation and satisfaction reduced absenteeism forces managers to manage by results instead

of by overseeing Reduce productivity by

some employees need to work with others not all jobs can be done while telecommuting not all managers can participate



25

Security Security Threats

Processor

Hardware

Systems Software

ApplicationProgrammer

Terminals

Terminal UserSystems

Programmer

External Environment

Database

Radiation

Operator

Authorizer

DatabaseAccess rules

Crosstalk

Tap



26

Types of computer crimes computers are the target of the crime computers are the medium of the attack by creating an environment

in which a crime or fraud can occur computers are the tool by which the crime is perpetrated computers are used to intimidate or deceive

Criminals hackers - outsider people who penetrate a computer system

crackers - malicious hackers who may represent a serious problem for organizations

Computer Crimes



27

Computer Crime Methods of Attack

Data tampering Programming fraud

Viruses receiving its name from the program’s ability to attach itself to

other computer programs, causing them to become viruses themselves

Representative federal laws Computer Fraud and Abuse Act (1986) Computer Security act of 1987

Computer Crime (continues ...)



28

Some of the reasons that make it complex or expensive to defend information systems Hundreds of potential threats exists. Computing resources may be situated in many

locations. Many individuals control information assets. Computer networks can be outside the

organization and difficult to protect. People tend to violate security procedures

because the procedures are inconvenient

Protecting Information Systems



29

Defense strategies Controls for prevention and deterrence - prevent

errors from occurring, deter criminals from attacking the system, deny access to unauthorized people

Detection - the earlier it is detected, the earlier it is to combat and the less damage

Limitation - minimizing losses once a malfunction has occurred

Recovery - explains how to fix a damaged information system as quickly as possible

Correction - prevent the problem from occurring again

Protecting Information Systems (continued …)



30


General Controls - protect the system regardless of the specific application

Physical controls

provides protection against most natural hazards as well as against some human-created hazards

Access controls

restrict unauthorized user access to a portion of a computer system or to the entire system



31


General Controls (CONT’)

Biometric controls verify the identity of a person, based on physiological or behavioral characteristics hand geometry, blood vessel pattern in the retina of an eye, voice, signature, keystroke

dynamics, facial thermography, fingerprints Data security controls

protect data from accidental or intentional disclosure to unauthorized persons, or from unauthorized modification or destruction



32


Application controls - protect specific application Input controls

prevent data alteration or loss Processing controls

allow only authorized users to access certain programs or facilities monitor the computer’s use by individuals

Output controls ensure that outputs are sent only to authorized personnel



33

Access Control guards against unauthorized dial-in attempts

Encryption encodes regular digitized text into unreadable scrambled text or

numbers, to be decoded upon receipt

Cable Testers finds almost any fault that can occur with LAN cabling

Firewalls enforces an access control policy between two networks do not protect against viruses

Network Protections and Firewalls



34

Audit additional layer of controls or safeguards

Types of Auditors and Audits internal auditor

audit information systems external auditor

reviews the findings of the internal audit and the inputs, processing, and outputs of information systems

Auditing Information Systems



35

How is Auditing Executed?

Auditing around

the computerAuditing through

the computerAuditingwith

the computer



36

Disaster Recovery of Information Systems the chain of events linking planning to protection to

recovery from a disaster keep the business running after a disaster occurs

Disaster Avoidance an approach oriented toward prevention

Back-up Arrangements an extra copy of data and/or programs are kept in

another location

Disaster Recovery Planning



37

Planning for a recovery from Disasters Isolate data that change frequently Keep management and technical procedures

separate Don’t include data in the plan if it can be

obtained elsewhere after the disaster Write a plan that is independent of

organization, positions, and personnel Gather data on a daily basis

Disaster Recovery Planning (continued …)



38

IT Security in the 21st Century

Computer control and security are receiving increased attention

almost 70 percent of all U.S. corporations have battled computer viruses

the latest technologies need to be employed to protect against viruses and computer crimes

using intelligent systems for detecting intruders and crimes



39

How Technologies Improved IT Security

Area IT SolutionFault tolerance systems, multiple disksImproved systems reliabilityIntelligent agents monitor performance, compare to standards, analyze profiles(e.g., Network Associates Inc.)

Early or real time detection of intrusion, failures, or noncompliance with rules

Neural computer can detect fraud and expert systems evaluate controls

Auditing information systems

Quick diagnosis by expert system, especially on networks and the Internet

Troubleshooting

Internet-based expert systems for self-assessment including planning and disaster recovery

Disaster planning

Smart cardsAccess protection



40

For Accounting Accountant involved in Web-based auditing,

security of data, and fraud prevention and detection programs

For Finance Finance and banking industry is concerned

about security and auditing in electronic commerce, computer criminals, the hazards and the available controls

What’s in IT for Me?



41

What’s in IT for Me? (continued …)

For Marketing Marketers do not want to be sued because of

invasion of privacy in data collected, nor do they want their innovative marketing strategies to fall into the hands of competitors

For Human Resources Management Motivation, supervision, career development,

recruiting, and more are all affected by IT Telecommuting is implemented by HRM

Documents

Introduction to Information Technology Turban, Rainer and Potter Chapter 15 Implementing IT: Ethics, Impacts, and Security 1 CHAPTER 15 IMPLEMENTING IT: