Managing IT security and Business Ethics
0 likes1,239 views
This document discusses the ethical implications and social impacts of information technology and information security. It outlines some common security threats like viruses, denial of service attacks, and phishing. It also discusses key aspects of information security like authentication, identification, privacy, integrity, and non-repudiation. Technical countermeasures for security like firewalls and encryption are described. The document also discusses ethics in information technology and raises issues around information rights, property rights, accountability, and system quality. It notes some of the social impacts of advances in information technology.
Managing IT security and Business Ethics
- 1. Ethical Implications & Social Impacts of Information Technology & Information Technology Security Radhika Sharma (93) Rahul Sharma (94)
- 2. Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
- 3. Objectives Information Security The Threats Scope of Security Management Tools for Computer Security
- 4. Information Security Information security is more than just protecting hardware and software from being crashed… It’s about protecting the information resources that keep the company operating Goals are to ensure: Data integrity, availability and confidentiality Business continuity
- 6. Common Attacks - Corporate Virus/Worm: A computer program that appears to perform a legitimate task, but is a hidden malware E.g., wipe out a hard drive; send out an unauthorized email, etc. Sniffing: Interception and reading of electronic messages as they travel over the Internet E.g., copy passwords, or credit card information Denial of Service: Attacks from coordinated computers that floods a site with so many requests until the site crashes Thousands of page requests/minute on an ecommerce site (virus as well)
- 7. Common Attacks - Personal Spoofing: Masquerade as a legitimate web site and redirect traffic to a fraudulent site Con artists: calling to offer credit card account to obtain info about email, SSN, etc. Phishing or Fishing: Fraudulent email attempt to obtain sensitive information E.g., email notifying a bank account owner that s/he account had a security breach, and request the owner to log in a fraudulent website to “reset the password”
- 8. Threats from inside…. Employee illegally accesses email accounts Angry / misguided technical personnel: Deletes sensitive data Rewrites a program so that data is corrupted/company can’t operate Leaves a ‘cyber bomb’ that detonates in the event he/she is fired Employee steals sensitive data (customer) and sells it to a competitor
- 10. Security’s Five Pillars Authentication: Verifying the authenticity of users – ensuring people are who they say they are. ID/Password, biometric, questions Identification: Identifying users to grant them appropriate access Allowing system to know who someone is to give appropriate access rights Privacy: Protecting information from being seen E.g., against spyware installed without consent in a computer to collect information
- 11. Security’s Five Pillars(Contd..) Integrity: Keeping information in its original form Ensuring data is not altered in any way Non-repudiation: Preventing parties from denying actions they have taken Ensuring that the parties in a transaction are who they say they are and cannot deny that transaction took place
- 12. Technical Countermeasures Firewalls: hardware/software to control access between networks / blocking unwanted access > Windows Vista Encryption/decryption: Using an algorithm (cipher) to make a plain text unreadable to anyone that does not have a key SSL
- 13. Technical Countermeasures Virtual Private Networks (VPNs) Allow strong protection for data communications Cheaper than private networks, but do not provide 100% end-to-end security
- 14. Encryption / SSL An SSL Certificate enables encryption of sensitive information during online transactions. Each SSL Certificate contains unique, authenticated information about the certificate owner. Each SSL Certificate consists of a public key and a A Certificate Authority private key. Public key: scramble; Private Key: verifies the identity of unscramble the certificate owner Secure Sockets Layer handshake authenticates when it is issued. the server (Web site) and the client (Web browser). Unique session key established and secure transmission can begin.
- 15. Ethics Defined Ethics refers to the principles of right and wrong that individuals, acting as free moral agents, use to make choices to guide their behaviors. Information systems raise new ethical questions for both individuals and societies because they create opportunities for intense social change, and thus threaten existing distributions of power, money, rights, and obligations.
- 16. Ethical issues in information systems have been given new urgency by the rise of the Internet and electronic commerce. Internet and digital firm technologies make it easier than ever to assemble, integrate, and distribute information, unleashing new concerns about the appropriate use of customer information, the protection of personal privacy, and the protection of intellectual property. Insiders with special knowledge can “fool” information systems by submitting phony records, and diverting cash, on a scale unimaginable in the pre-computer era.
- 17. The major ethical, social, and political issues raised by information systems include the following moral dimensions: Information rights and obligations. What information rights do individuals and organizations possess with respect to themselves? What can they protect? What obligations do individuals and organizations have concerning this information? Property rights and obligations. How will traditional intellectual property rights be protected in a digital society in which tracing and accounting for ownership are difficult and ignoring such property rights is so easy? Accountability and control. Who can and will be held accountable and liable for the harm done to individual and collective information and property rights? System quality. What standards of data and system quality should we demand to protect individual rights and the safety of society? Quality of life. What values should be preserved in an information- and knowledge-based society? Which institutions should we protect from violation? Which cultural values and practices are supported by the new information technology?
- 18. Ethics in Information Technology The increased use of information technology has raised many ethical issues for today’s IT professional. Various ethical issues are: Plagiarism Piracy Hacking Computer crime Viruses • Intellectual property Work pressures imposed on computer professionals
- 19. Social Impacts This infrastructure might affect real-time transactions and make intermediaries such as sales clerks, stock brokers and travel agents, whose function is to provide an essential information link between buyers and sellers, redundant. Computers and communication technologies allow individuals to communicate with one another in ways complementary to traditional face-to-face, telephonic, and written modes.
- 20. Social Impacts It would be easier for individuals to work on flexible schedules, to work part time, to share jobs, or to hold two or more jobs simultaneously. Beyond the net employment gains or losses brought about by these factors, it is apparent that workers with different skill levels will be affected differently.
- 21. Social Impacts Advances in information technology will affect the craft of teaching by complementing rather than eliminating traditional classroom instruction. Many issues also surround free speech and regulation of content on the Internet, and there continue to be calls for mechanisms to control objectionable content.
- 22. ACHIEVING ETHICS IN INFORMATION TECHNOLOGY Companies can get assistance in the form of ethics codes and ethics educational programs to provide the foundation for their culture The ethics codes can be used as is or tailored to the firm Educational programs can assist in developing a corporate credo and in putting ethics programs in place
- 23. “The ongoing computing and communications revolution has numerous economic and social impacts on modern society and requires serious social science investigation in order to manage its risks and dangers. Such work would be valuable for both social policy and technology design”