Security & Ethical Challenges

Learning Objectives

Identify ethical issues in how the use of information technologies in business affects employment, individuality, working conditions, privacy, crime, health, and solutions to societal problems.
2

Ethical Responsibility

The use of IT presents major security challenges

Ethical Responsibility (continued)

Business Ethics

Basic categories of ethical issues

Employee privacy Security of company records Workplace safety

Ethical Responsibility (continued)

Technology Ethics

Four Principles

Proportionality

Good must outweigh any harm or risk Must be no alternative that achieves the same or comparable benefits with less harm or risk

Ethical Responsibility (continued)

Technology Ethics (continued)

Informed consent

Those affected should understand and accept the risks Benefits and burdens should be distributed fairly

Justice

Minimized Risk

Even if judged acceptable by the other three guidelines, the technology must be implemented so as to avoid all unnecessary risk
6

Computer Crime

Association of Information Technology Professionals (AITP) definition includes

The unauthorized use, access, modification, and destruction of hardware, software, data, or network resources Unauthorized release of information Unauthorized copying of software

Who commits computer crime?

Computer Crime

Hacking

The obsessive use of computers, or the unauthorized access and use of networked computer systems Involves unauthorized network entry and the fraudulent alteration of computer databases
8

Cyber Theft

Computer Crime (continued)

Unauthorized use at work

Also called time and resource theft May range from doing private consulting or personal finances, to playing video games, to unauthorized use of the Internet on company networks

Computer Crime (continued)

Piracy of intellectual property

Software Piracy

Other forms of intellectual property covered by copyright laws

Unauthorized copying of software

Music Videos Images Articles Books Other written works

Software is intellectual property protected by copyright law and user licensing agreements

10

Computer Crime (continued)

Computer viruses and worms

Virus

A program that cannot work without being inserted into another program A distinct program that can run unaided

Worm

11

Privacy Issues

IT makes it technically and economically feasible to collect, store, integrate, interchange, and retrieve data and information quickly and easily.

Benefit increases efficiency and effectiveness But, may also have a negative effect on individuals right to privacy

12

Privacy Issues (continued)

Privacy on the Internet

Users of the Internet are highly visible and open to violations of privacy Unsecured with no real rules Cookies capture information about you every time you visit a site That information may be sold to third parties

13

Privacy Issues (continued)

Privacy on the Internet (continued)

Protect your privacy by

Encrypting your messages Post to newsgroups through anonymous remailers Ask your ISP not to sell your information to mailing list providers and other marketers Decline to reveal personal data and interests online
14

Privacy Issues (continued)

Privacy laws

Attempt to enforce the privacy of computer-based files and communications Electronic Communications Privacy Act Computer Fraud and Abuse Act
15

Privacy Issues (continued)

Computer Libel and Censorship

The opposite side of the privacy debate

Right to know (freedom of information) Right to express opinions (freedom of speech) Right to publish those opinions (freedom of the press) Spamming Flaming
16

Other Challenges

Employment

New jobs have been created and productivity has increased, yet there has been a significant reduction in some types of jobs as a result of IT.

17

Other Challenges (continued)

Computer Monitoring

Concerns workplace privacy

Monitors individuals, not just work Is done continually. May be seen as violating workers privacy & personal freedom Workers may not know that they are being monitored or how the information is being used May increase workers stress level May rob workers of the dignity of their work
18

Other Challenges (continued)

Working Conditions

Individuality

IT has eliminated many monotonous, obnoxious tasks, but has created others

Computer-based systems criticized as impersonal systems that dehumanize and depersonalize activities Regimentation

19

Health Issues

Job stress Muscle damage Eye strain Radiation exposure Accidents Some solutions

Ergonomics (human factors engineering)

Goal is to design healthy work environments 20

Health Issues (continued)

21

Section II

Security Management

Tools of Security Management

Goal

Minimize errors, fraud, and losses in the e-business systems that interconnect businesses with their customers, suppliers, and other stakeholders

23

24

Internetworked Security Defenses

Encryption

Passwords, messages, files, and other data is transmitted in scrambled form and unscrambled for authorized users Involves using special mathematical algorithms to transform digital data in scrambled code Most widely used method uses a pair of public and private keys unique to each individual

25

Internetworked Security Defenses (continued)

Firewalls

Serves as a gatekeeper system that protects a companys intranets and other computer networks from intrusion

Provides a filter and safe transfer point Screens all network traffic for proper passwords or other security codes

26

Internetworked Security Defenses (continued)

Denial of Service Defenses

These assaults depend on three layers of networked computer systems

Victims website Victims ISP Sites of zombie or slave computers

Defensive measures and security precautions must be taken at all three levels
27

Internetworked Security Defenses (continued)

E-mail Monitoring

Spot checks just arent good enough anymore. The tide is turning toward systematic monitoring of corporate e-mail traffic using content-monitoring software that scans for troublesome words that might compromise corporate security.

28

Internetworked Security Defenses (continued)

Virus Defenses

Protection may accomplished through

Centralized distribution and updating of antivirus software Outsourcing the virus protection responsibility to ISPs or to telecommunications or security management companies

29

Other Security Measures

Security codes

Multilevel password system

Log onto the computer system Gain access into the system Access individual files

30

Other Security Measures (continued)

Backup Files

Duplicate files of data or programs File retention measures Sometimes several generations of files are kept for control purposes

31

Other Security Measures (continued)

Security Monitors

Programs that monitor the use of computer systems and networks and protect them from unauthorized use, fraud, and destruction

32

Other Security Measures (continued)

Biometric Security

Measure physical traits that make each individual unique

Voice Fingerprints Hand geometry Signature dynamics Keystroke analysis Retina scanning Face recognition and Genetic pattern analysis
33

Other Security Measures (continued)

Computer Failure Controls

Preventive maintenance of hardware and management of software updates Backup computer system Carefully scheduled hardware or software changes Highly trained data center personnel

34

Other Security Measures (continued)

Fault Tolerant Systems

Computer systems that have redundant processors, peripherals, and software

Fail-over Fail-safe Fail-soft

35

Other Security Measures (continued)

Disaster Recovery

Disaster recovery plan

Which employees will participate and their duties What hardware, software, and facilities will be used Priority of applications that will be processed

36

System Controls and Audits

Information System Controls

Methods and devices that attempt to ensure the accuracy, validity, and propriety of information system activities Designed to monitor and maintain the quality and security of input, processing, and storage activities

37

System Controls and Audits (continued)

Auditing Business Systems

Review and evaluate whether proper and adequate security measures and management policies have been developed and implemented Testing the integrity of an applications audit trail

38