Beruflich Dokumente
Kultur Dokumente
Ethical Responsibility
Business Ethics
Technology Ethics
Four Principles
Proportionality
Good must outweigh any harm or risk Must be no alternative that achieves the same or comparable benefits with less harm or risk
Informed consent
Those affected should understand and accept the risks Benefits and burdens should be distributed fairly Even if judged acceptable by the other three guidelines, the technology must be implemented so as to avoid all unnecessary risk
5
Justice
Minimized Risk
Ethical Guidelines
Act with integrity Increase their professional competence Set high standards of personal performance Accept responsibility for their work Advance the health, privacy, and general welfare of the public
Computer Crime
The unauthorized use, access, modification, and destruction of hardware, software, data, or network resources Unauthorized release of information Unauthorized copying of software Denying and end user access to his or her own hardware, software, data or network resources Using or conspiring to use computer or network resources to illegally obtain information
8
Computer Crime
Hacking
The obsessive use of computers, or the unauthorized access and use of networked computer systems Involves unauthorized network entry and the fraudulent alteration of computer databases
9
Cyber Theft
Also called time and resource theft May range from doing private consulting or personal finances, to playing video games, to unauthorized use of the Internet on company networks
10
Software Piracy
Software is intellectual property protected by copyright law and user licensing agreements
11
Virus
A program that cannot work without being inserted into another program A distinct program that can run unaided
Worm
12
Privacy Issues
IT makes it technically and economically feasible to collect, store, integrate, interchange, and retrieve data and information quickly and easily.
Benefit increases efficiency and effectiveness But, may also have a negative effect on individuals right to privacy
13
Users of the Internet are highly visible and open to violations of privacy Unsecured with no real rules Cookies capture information about you every time you visit a site That information may be sold to third parties
14
Encrypting your messages Post to newsgroups through anonymous remailers Ask your ISP not to sell your information to mailing list providers and other marketers Decline to reveal personal data and interests online
15
Computer Matching
Computer profiling and matching personal data to that profile Mistakes can be a major problem
16
Privacy laws
Attempt to enforce the privacy of computer-based files and communications Electronic Communications Privacy Act Computer Fraud and Abuse Act
17
Right to know (freedom of information) Right to express opinions (freedom of speech) Right to publish those opinions (freedom of the press) Spamming Flaming
18
Other Challenges
Employment
New jobs have been created and productivity has increased, yet there has been a significant reduction in some types of jobs as a result of IT.
19
Computer Monitoring
Monitors individuals, not just work Is done continually. May be seen as violating workers privacy & personal freedom Workers may not know that they are being monitored or how the information is being used May increase workers stress level May rob workers of the dignity of their work
20
Working Conditions
Individuality
IT has eliminated many monotonous, obnoxious tasks, but has created others
Computer-based systems criticized as impersonal systems that dehumanize and depersonalize activities Regimentation
21
Health Issues
Job stress Muscle damage Eye strain Radiation exposure Accidents Some solutions
23
Societal Solutions
Medical diagnosis Computer-assisted instruction Governmental program planning Environmental quality control Law enforcement Crime control Job placement
24
Section II
Security Management
Goal
Minimize errors, fraud, and losses in the e-business systems that interconnect businesses with their customers, suppliers, and other stakeholders
26
27
Encryption
Passwords, messages, files, and other data is transmitted in scrambled form and unscrambled for authorized users Involves using special mathematical algorithms to transform digital data in scrambled code Most widely used method uses a pair of public and private keys unique to each individual
28
Firewalls
Serves as a gatekeeper system that protects a companys intranets and other computer networks from intrusion
Provides a filter and safe transfer point Screens all network traffic for proper passwords or other security codes
29
Defensive measures and security precautions must be taken at all three levels
30
E-mail Monitoring
Spot checks just arent good enough anymore. The tide is turning toward systematic monitoring of corporate e-mail traffic using content-monitoring software that scans for troublesome words that might compromise corporate security.
31
Virus Defenses
Centralized distribution and updating of antivirus software Outsourcing the virus protection responsibility to ISPs or to telecommunications or security management companies
32
Security codes
Log onto the computer system Gain access into the system Access individual files
33
Backup Files
Duplicate files of data or programs File retention measures Sometimes several generations of files are kept for control purposes
34
Security Monitors
Programs that monitor the use of computer systems and networks and protect them from unauthorized use, fraud, and destruction
35
Biometric Security
Voice Fingerprints Hand geometry Signature dynamics Keystroke analysis Retina scanning Face recognition and Genetic pattern analysis
36
Preventive maintenance of hardware and management of software updates Backup computer system Carefully scheduled hardware or software changes Highly trained data center personnel
37
38
Disaster Recovery
Which employees will participate and their duties What hardware, software, and facilities will be used Priority of applications that will be processed
39
Methods and devices that attempt to ensure the accuracy, validity, and propriety of information system activities Designed to monitor and maintain the quality and security of input, processing, and storage activities
40
Review and evaluate whether proper and adequate security measures and management policies have been developed and implemented Testing the integrity of an applications audit trail
41
CYBERTERRORISM
Cyber Threats
Out-of-the-box
announced:
[30 [1
hours] PC fully compromised: Administrative access obtained Event logging selectively disabled System software modified to suit intruder Attack software installed PC actively probing for new hosts to intrude
Clear
44
Tools
Staged
Intruder Knowledge
sweepers
back doors disabling audits network mgmt. diagnostics hijacking burglaries sessions Attack Sophistication exploiting known vulnerabilities password cracking self-replicating code
Low
1980
password guessing
Intruders
1995 2000
1985
1990
Definitions
Cyberterror:
The deliberate destruction, disruption or distortion of digital data or information flows with widespread effect for political, religious or ideological reasons.
Cyber-utilization:
The use of on-line networks or data by terrorist organizations for supportive purposes.
Cybercrime:
Sophistication of Cybercrime
Simple
Unstructured: Individuals or groups working with little structure, forethought or preparation Structured: Groups working with some structure, but little forethought or preparation Coordinated: Groups working with advance preparation with specific targets and objectives.
Advanced
Complex
rebellion in Mexico
Military
Agents
Compounded
Pakistani/Indian Defacements
More
1/00 4/00 10/00 4/01
10/99
7/00
1/01
Well written
Juvenile
Cyber Trends
CERT/CC Year 2000 - 21,756 Incidents 16,129 Probes/Scans 2,912 Information Requests 261 Hoaxes, false alarms, vul reports, unknown 2454 Incidents with substantive impact on target Profiled 851 incidents, all active during July-Oct 2000 (plus some preliminary June data, profiling work is ongoing) Many different dimensions for analysis and trend generation (analysis work is ongoing)
Summary
Majority Cyber
Much
Widely
ERGONOMICS
Benefits of Ergonomics
EROGONOMIC CONCEPTS
Tool design Workstation Design Material handling limits Visual and auditory task design
WORKSTATION GUIDELINES
Reduce static component and allow worker to use optimal posture Optimal posture usually at midpoint of limbs range of motion Avoid muscular insufficiency Avoid forward reaches in excess of 16 Elbows down close to the body flexor angle around 90 degrees
WORKPLACE INDICATORS
Performance deteriorationEngineering Quality Control problems Absenteeism and turn-overHuman Resources Musculoskeletal disordersOSHA Logs WC reports Complaints of fatigue and discomfort
Types of Injuries
Muscle pain Joint pain Swelling Numbness Restricted motion Repetitive stress injury
Ergonomic Controls
CONTROL TECHNOLOGY
Tool redesign Workstation redesign Job methods Early detection Job rotation Machine pacing Medical surveillance
Rest-pause Increase number of employees Job rotation Physical conditioning Relief personnel Medical management
Job hazard analysis and control Training MSD management Program evaluation
THANK YOU
67