Report_chapter 12 Ethical, Privacy and Security Issues

8/8/2019 Report_chapter 12 Ethical, Privacy and Security Issues

1/23

Ethical, Privacy and Security

Issues

John Benedict BationMorell BegoniaKorina Andrea Del CastilloRaphael EnriquezGeraldine Francisco

Ma. Rica Tapang


2/23

Objectives:

To understand the different kinds of ethicalissues in Information Technology

To know and understand how organizations

deal with them To understand the basic concepts of ethics

in IT Development


3/23

Ethics Defined:

Moral codes are the rules that establish theboundaries of generally accepted behavior.

Morality refers to social conventions about right

and wrong human conduct. Ethics.A branch of philosophy that deals with

what is considered to be right and wrong.

A Code of Ethics is a collection of principles that

are intended to guide decision making bymembers of an organization.


4/23

Why Ethics are important:

Protect an organization and its employeesfrom legal action.

Create an organization that operates

consistently. Provide a livelihood for employees.

Avoid unfavorable publicity.

Gain the goodwill of the community.


5/23

Ethics in Information Technology

The increased use of informationtechnology has raised many ethical issuesfor todays IT professional. Licensing of IT professionals

Internet communication

Intellectual property

Employee/employer issues


6/23


Todays workers are subject to the monitoring oftheir e-mail and Internet access while at work, asemployers and employees struggle to balance theneed of the employer to manage importantcompany assets and employees work time versusthe employees desire for privacy and self-direction.


7/23


Millions of people have used Napster softwareto download music at no charge and inapparent violation of copyright laws.

DoubleClick, an advertising network that tracksusers as they move around the Internet, wassued after it revealed plans to match a mass

mailing marketing list with its anonymousdatabase of Internet users, thus revealing theWeb users identities.


8/23


Students around the world have been caughtdownloading material from the Internet andplagiarizing content for their term papers.

Hackers engaged in acts of cyberterrorismdefaced hundreds ofWeb sites and left hatemessages after a collision between a United

States spy plane and a Chinese jet fighter.


9/23

Other Ethical Issues raised:

Who should have accessto data?

Who is responsible for maintainingaccuracyand security?

To whom does databelong?

Doesthe abilityto capture dataimplyacorresponding responsibilityto

monitor its use? How muchinformation is necessaryand relevant for decision making?


10/23

The Four Categories of EthicalIssues

PrivacyIssues involves collecting, storing and

disseminating information about individuals. What is the safeguards when we want to

reveal secret info? What things can people keep to themselves

and notbeing cracked?

AccuracyIssues involves the authenticity, fidelity and

accuracy of information that is collected and

processed.


11/23

The Four Categories of EthicalIssues

PropertyIssues involves the ownership and value of information. Who owns the info? What are the just and fair prices for its exchange?

AccessibilityIssues revolve around who should have access to

information and whether they should have to pay

for this access. What info does a person have a right to obtain? What will be the requirement and condition that

info can be delivered?


12/23

Protecting Privacy

Privacy. The right to be left alone and to befree of unreasonable personal intrusions.

Privacy Codesand Policies.An

organizations guidelines with respect toprotecting the privacy of customers, clients,and employees.

International Aspects of Privacy. Privacyissues that international organizations andgovernments face when information spanscountries and jurisdictions.


13/23

Compromises to IntellectualProperty

Intellectual property. Property createdby individuals or corporations which isprotected under trade secret, patent, and

copyright laws. Trade secret. Intellectual work, such as abusiness plan, that is a company secret and

is notbased on public information. Patent. Document that grants the holder

exclusive rights on an invention or processfor 20 years.


14/23

Compromises to IntellectualProperty (Continued)

Copyright. Statutory grant that providescreators of intellectual property withownership of the property for life of the

creator plus 70 years. Piracy. Copying a software program

without making payment to the owner.


15/23

Protecting Information Resources

Risk. The probability that a threat willimpact an information resource.

Risk management. To identify, control

and minimize the impact of threats. Riskanalysis. To assess the value of each

assetbeing protected, estimate the

probability it mightbe compromised, andcompare the probable costs of itbeingcompromised with the cost of protecting it.


16/23

Protecting Information Resources(Continued)

Risk mitigation is when the organizationtakes concrete actions against risk. It hastwo functions:

(1) implement controls to prevent identifiedthreats from occurring, and

(2) developing a means of recovery should thethreatbecome a reality.


17/23

Risk Mitigation Strategies

Risk Acceptance.Accept the potentialrisk, continue operating with no controls,and absorb any damages that occur.

Risk limitation. Limit the risk byimplementing controls that minimize theimpact of threat.

Risktransference. Transfer the risk byusing other means to compensate for theloss, such as purchasing insurance.


18/23

Controls

Controls evaluation. Identifies securitydeficiencies and calculates the costs ofimplementing adequate control measures.

General controls. Established to protect the

system regardless of their application. Physical controls. Physical protection of computerfacilities and resources.

Accesscontrols. Restriction of unauthorized useraccess to computer resources; use biometrics andpasswords controls for user identification.


19/23

Controls (Continued)

Communications (networks)controls. Toprotect the movement of data across networksand include border security controls,authentication and authorization.

irewalls. System that enforces access-control policybetween two networks.

Encryption. Process of converting an original messageinto a form that cannotbe read by anyone except the

intended receiver.


20/23

Controls (Continued)

irtual Private Networking. Uses theInternet to carry information within acompany and among business partners butwith increased security by uses ofencryption, authentication and accesscontrol.

Application controls. Controls that

protect specific applications and include:input, processing and output controls.


21/23

Netiquette

"Netiquette" is network etiquette, the do'sand don'ts of online communication.

Netiquette covers both common courtesyonline and the informal "rules of the road"

of cyberspace.


22/23

Rules of Netiquette

Rule 1: Remember the Human

Rule 2: Adhere to the same standards ofbehavior onlinethat you follow in real life

Rule 3: Know where you are in cyberspace

Rule 4: Respect other people's time and bandwidth

Rule 5: Make yourself look good online

Rule 6: Share expert knowledge

Rule 7: Help keep flame wars under control

Rule 8: Respect other people's privacy

Rule 9: Don't abuse your power

Rule 10: Be forgiving of other people's mistakes


23/23

References

http://higheredbcs.wiley.com/legacy/college/rainer/0471736368/ppt/ch03.ppt

http://www.misq.org/archivist/vol/no10/issue1/vol10no1mason.html

http://www.slideshare.net/kusmulyono/ethical-issues-in-ict-presentation#text-version

http://www.albion.com/netiquette/corerules.html

http://articles.techrepublic.com.com/5100-22_11-6091121.html

Documents

Report_chapter 12 Ethical, Privacy and Security Issues