View
216
Download
0
Tags:
Embed Size (px)
Citation preview
Security, Privacy, and Ethical Issues in Information Systems and the Internet
Chapter 14
Social Issues in Information Systems Computer Waste Cyber Crime Privacy Issues Ethical Issues Health Concerns Patent & Copyright
Issues
Computer Waste
Personal use of corporate time and technology
Discarded technology and unused systems– Older systems may still
have value
– Software is often under-utilized
Should they be monitored?
According to a Vault.com survey– 90.3 percent of employees admit to surfing non-work-
related sites everyday
– 83.6 percent admit to sending personal e-mails everyday.
Managers should be scrambling to scrutinize server logs to prevent this epidemic of goofing off, right?
Should they be monitored? “Using the Internet for errands or
short personal breaks has become part of the fabric of normal human behavior.”
Preventing personal use of the Internet and Email may not increase overall productivity. Why?
What are the trade-offs, costs, or negatives if a company monitors and blocks personal use?
Should they be monitored? “Employees who use the Internet to
access pornography, hate groups, etc. can land a company in hot water.”
Companies need to have an enforceable Internet-usage policy that clearly outlines what is acceptable and what isn't.
What risks or problems could arise if a company does NOT have an Internet-usage policy?
Should they be monitored? Companies are obligated to protect
themselves by developing a strict Internet-usage Policy.
Monitoring systems should be in place for other reasons: To detect hackers, internal attacks, etc.
Excessive personal usage may not imply poor productivity. How so?
Use monitoring to deter inappropriate usage but not as evaluation measure of productivity.
Computer Mistakes
Data entry errors Program bugs or errors Accidental deletion or over-write Inadequate planning for malfunctions Inadequate computing resources Failure to keep things updated
Preventing Computer Waste and Mistakes
Establish and Implement Policies Monitor and Review Polices Examples:
– Requiring employees to update virus software.– Requiring backup of key files– Requiring “modified-on dates” for websites.– Required training– Make user manuals and documentation
available
Preventing Computer Waste and Mistakes
The Good– Tons of info online
– Policies & procedures made public
– Training is available
– What else?
The Bad– Info poorly organized
– Policies and procedures are NOT simple
– Training is not mandatory
– What else?
Siena as an example:http://www.siena.edu/technology/computing/
Computer Crime
Number of Incidents Reported to CERT Established in 1988, CERT is a center of Internet
security expertise located at the Software Engineering Institute.
Federally funded research and development center operated by Carnegie Mellon University.
Computer Crime and Security Survey FBI Computer Crime and Security Survey
of Companies 2002– 90% - detected security breach in last 12
months– 80% - acknowledged financial losses– 74% - frequent external attacks via Internet– 34% - frequent internal attacks (insider job)– 33% - reported incidents to FBI
Simple Cyber Crime Techniques
Social engineering– talking a critical password out of someone– knowing typical hiding spots
Dumpster diving– gathering critical information about someone– to help guess/break passwords– leading to identify theft
Computers as tools for criminals
Cyber-terrorism– From Individual harassment online
to– Terrorist strike on critical IT infrastructure
Identity Theft– From using an individuals credit card
to– obtaining fraudulent Drivers License or
Passport
The Criminals
Hacker– enjoys learning the details of how computer
systems work Cracker
– a Criminal Hacker Script Bunnies (Script Kiddies)
– Wannabe Crackers who use scripts Insider
– Disgruntled employees
The Acts Illegal Access
– Hack into Equifax to see Bill Clinton’s credit report Data Alteration
– Hack into Citibank to increase account balance. Data Destruction
– Hack into Dr. Breimer’s account to delete future quizzes
Software Piracy– Warning: All we need is a technologically aware, pro-
active DA, and a quarter of Siena would be in jail.
The Acts Internet Scams
– Nigerian letter fraud Phishing
– Tricking someone into sharing private information Spam
– Can be considered harassment Spyware
– Legal but dishonest access to private information Viruses
– Can be considered data alteration or destruction
Data Alteration and Destruction
Preventing Computer-Related Crime Crime prevention by state and federal agencies
– FBI handles a lot because of the inter-state issues.– FBI hampered by International issues– CERT (Dept. of Defense)
Crime prevention by corporations– Public Key Infrastructure (PKI)– Biometrics (finger-printing mouse, voice recognition,
etc.)
Antivirus programs
Preventing Computer-Related Crime is a business Firewalls
– Hardware of software that can block access to a computer or network
Intrusion Detection Software– Uses sophisticated measures to detect intruders or
suspicious activity Managed Security Service Providers (MSSPs)
– Consulting firms that manage security for smaller companies
Protection of Decency– Net Nanny and other filtering software
Internet Laws for Libel
A Newspaper or Publisher can be sued for libel or indecency– in addition to the actual author
Can an Internet Service Provider (AOL, MSN, etc.) be sued for libel or indecency?– How can they be responsible for all the
content?– Don’t they have a right to protect the privacy of
their customers?
How to Protect Your Corporate Data from Hackers
Systems with strong user authentication and data encryption
Up-to-date security patches and virus definitions Disable guest accounts or no password accounts Put different services on separate dedicated
servers. Why? Turn on logs and audit trails Conduct security audits Frequent backup of data. Why?
Privacy
Privacy Issues
Privacy and the Federal Government– Individual privacy vs. national security
Privacy at work– Individual privacy vs. company’s right to
protect itself E-mail privacy
– Business document or personal information? Privacy and the Internet
– Right to use right to know?
Major Issue Adware & Spyware
– Free (and sometimes useful) Software Usign it requires agreeing to a policy (Double-
negative trickery).– Gives software permission to
• Track your Internet usage• Share information about you
Should this type business be outlawed? Privacy protection vs. entrepreneurial freedom
– What are the compromises?
Federal Privacy Laws and Regulations The Privacy Act of 1979
– Applies to federal agencies– Individuals can determine what records
(pertaining to them) are collected, maintained, used, or disseminated.
Gramm-Leach-Bliley Act 1999– Applies to non-public financial institutions– Requires privacy polices to be in place
USA Patriot Act
Health Concerns
Repetitive stress injury (RSI) Carpal tunnel syndrome (CTS) Ergonomics
Avoiding Health and Environment Problems Maintain good posture and positioning. Don’t ignore pain or discomfort. Use stretching and strengthening exercises. Find a good physician who is familiar with
RSI and how to treat it.
Ethical Issues in Information Systems The AITP Code of Ethics
– Obligation to management– Obligation to fellow AITP members– Obligation to society
The ACM Code of Professional Conduct– Acquire and maintain professional competence