SlideShare a Scribd company logo

obrien13e_chap011.ppt

Download as PPT, PDF
P
Pradeep513562

This document discusses ethical issues and security challenges related to information technology. It covers topics like computer crime, hacking, privacy, censorship, cyberlaw, and strategies for improving security such as encryption, firewalls, biometrics, and fault tolerant systems. The document provides examples and definitions to explain these concepts over several pages. It also includes two case studies and questions to help readers apply the concepts.

Business
1 of 68
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
11-1 McGraw-Hill/Irwin Copyright © 2007 by The McGraw-Hill Companies, Inc. All rights reserved.
Security and Ethical Challenges Ethical issues in the use of Information Technology Security Management Chapter 11 McGraw-Hill/Irwin Copyright © 2007 by The McGraw-Hill Companies, Inc. All rights reserved.
11-3 Learning Objectives 1. Identify several ethical issues in how the use of information technologies in business affects employment, individuality, working conditions, privacy, crime, health, and solutions to societal problems. 2. Identify several types of security management strategies and defenses, and explain how they can be used to ensure the security of business applications of information technology.
11-4 Learning Objectives 3. Propose several ways that business managers and professionals can help to lessen the harmful effects and increase the beneficial effects of the use of information technology.
11-5 Case 1: Machine Wars Fighting Evil in Cyberspace  Machine Wars  Computers compromised and subverted by hackers churn out spam and malicious code in relentless raids  Spyware  Phishing  Trojan horses  Fighting back  Blocking spam  Turning the network into a security device
11-6 Case Study Questions 1. Why is automation becoming such an important tool in cybercrime? 2. What is being done to combat the wide variety of cybercrimes listed in the case? 3. Have you ever been a victim of a cybercrime? Do you know how it happened? What did you do to fix the problem and ensure it not happening again?
11-7 Real World Internet Activity 1. The advent of various cybercrimes has spawned new companies and products focusing on its prevention. Using the Internet,  See if you can find examples of companies that specialize in preventing or combating cybercrimes.
11-8 Real World Group Activity  Cyberspace is a world without laws and can serve to both help or hurt those who use it. In small groups,  Discuss ways in which the Internet can be better protected.  What security measures should companies, business professionals, and consumers take to protect their systems from being damaged or infected by cyber criminals?
11-9 IT Security, Ethics and Society
11-10 Ethical Responsibility  Business professionals  have a responsibility to promote ethical uses of information technology in the workplace.
11-11 Business Ethics  Questions that managers must confront as part of their daily business decision making including:  Equity  Rights  Honesty  Exercise of Corporate Power
11-12 Ethical Business Issues Categories
11-13 Corporate Social Responsibility Theories  Stockholder Theory  Managers are agents of the stockholders  Their only ethical responsibility is to increase the profits of the business  Without violating the law or engaging in fraudulent practices  Social Contract Theory  Companies have ethical responsibilities to all members of society  Which allow corporations to exist based on a social contract
11-14 Corporate Social Responsibility Theories  Stakeholder Theory  Managers have an ethical responsibility to manage a firm for the benefit of all its stakeholders  Stakeholders are all individuals and groups that have a stake in, or claim on, a company
11-15 Principles of Technology Ethics  Proportionality – the good achieved by the technology must outweigh the harm or risk  Informed Consent – those affected by the technology should understand and accept the risks  Justice – the benefits and burdens of the technology should be distributed fairly  Minimized Risk – even if judged acceptable by the other three guidelines, the technology must be implemented so as to avoid all unnecessary risk
11-16 AITP Standards of Professional Conduct
11-17 Responsible Professional Guidelines  Acting with integrity  Increasing your professional competence  Setting high standards of personal performance  Accepting responsibility for your work  Advancing the health, privacy, and general welfare of the public
11-18 Computer Crime  The unauthorized use, access, modification, and destruction of hardware, software, data, or network resources  The unauthorized release of information  The unauthorized copying of software  Denying an end user access to his or her own hardware, software, data, or network resources  Using or conspiring to use computer or network resources illegally to obtain information or tangible property
11-19 How large companies protect themselves from cybercrime Source: 2003 Global Security Survey by Deloitte Touche Tohmatsu, New York, June 2003, In Mitch Betts, “The Almanac,” Computerworld, July 14, 2003, p 42.
11-20 Hacking  The obsessive use of computers,  Or the unauthorized access and use of networked computer systems
11-21 Common Hacking Tactics  Denial of Service  Hammering a website’s equipment with too many requests for information  Clogging the system, slowing performance or even crashing the site  Scans  Widespread probes of the Internet to determine types of computers, services, and connections  Looking for weaknesses
11-22 Common Hacking Tactics  Sniffer  Programs that search individual packets of data as they pass through the Internet  Capturing passwords or entire contents  Spoofing  Faking an e-mail address or Web page to trick users into passing along critical information like passwords or credit card numbers
11-23 Common Hacking Tactics  Trojan Horse  A program that, unknown to the user, contains instructions that exploit a known vulnerability in some software  Back Doors  A hidden point of entry to be used in case the original entry point has been detected or blocked  Malicious Applets  Tiny Java programs that misuse your computer’s resources, modify files on the hard disk, send fake e- mail, or steal passwords
11-24 Common Hacking Tactics  War Dialing  Programs that automatically dial thousands of telephone numbers in search of a way in through a modem connection  Logic Bombs  An instruction in a computer program that triggers a malicious act  Buffer Overflow  A technique for crashing or gaining control of a computer by sending too much data to the buffer in a computer’s memory
11-25 Common Hacking Tactics  Password Crackers  Software that can guess passwords  Social Engineering  Gaining access to computer systems  By talking unsuspecting company employees out of valuable information such as passwords  Dumpster Diving  Sifting through a company’s garbage to find information to help break into their computers
11-26 Cyber Theft  Computer crime involving the theft of money  Often inside jobs  Or use Internet to break in
11-27 Unauthorized Use at Work  Time and resource theft  May range from doing private consulting or personal finances, or playing video games, to unauthorized use of the Internet on company networks
11-28 Internet Abuses in the Workplace  General e-mail abuses  Unauthorized usage and access  Copyright infringement/plagiarism  Newsgroup postings  Transmission of confidential data  Pornography – accessing sexually explicit sites  Hacking  Non-work related download or upload  Leisure use of the Internet  Usage of external ISPs  Moonlighting
11-29 Software Piracy  Software Piracy  Unauthorized copying of computer programs  Licensing  Purchase of software is really a payment for a license for fair use  Site license allow a certain number of copies  A third of the software industry’s revenues are lost due to piracy
11-30 Theft of Intellectual Property  Intellectual property  Copyrighted material such as  Music, videos, images, articles, books, software  Copyright infringement is illegal  Peer-to-peer networking techniques have made it easy to trade pirated intellectual property
11-31 Viruses and Worms  Virus and worms copy annoying or destructive routines into networked computers  Often spread via e-mail or file attachments  Computer Virus  Program code that cannot work without being inserted into another program  Worm  Distinct program that can run unaided
11-32 Cost of viruses and worms  Nearly 115 million computers were infected in 2004  As many as 11 million computers are believed to be permanently infected  Total economic damage estimated to be between $166 and $292 billion in 2004  Average damage per installed Windows-based machine is between $277 and $366
11-33 Adware and Spyware  Adware  Software that purports to serve a useful purpose  But also allows Internet advertisers to display advertisements (pop-up and banner ads)  Without the consent of the computer’s user  Spyware  Adware that employs the user’s Internet connection in the background without your permission or knowledge  Captures information about you and sends it over the Internet
11-34 Privacy: Opt-in versus Opt-out  Opt-in  You explicitly consent to allow data to be compiled about them  Law in Europe  Opt-out  Data can be compiled about you unless you specifically request it not be  Default in the US
11-35 Privacy Issues  Violation of Privacy:  Accessing individuals’ private e-mail conversations and computer records,  Collecting and sharing information about individuals gained from their visits to Internet websites  Computer Monitoring:  Always knowing where a person is, especially as mobile and paging services become more closely associated with people rather than places
11-36 Privacy Issues  Computer Matching  Using customer information gained from many sources to market additional business services  Unauthorized Personal Files  Collecting telephone numbers, e-mail addresses, credit card numbers, and other personal information to build individual customer profiles
11-37 Protecting your Privacy on the Internet  E-mail can be encrypted  Newsgroup postings can be sent through anonymous remailers  ISP can be asked not to sell your name and personal information to mailing list providers and other marketers  Decline to reveal personal data and interests on online service and website user profiles
11-38 Privacy Laws  Rules that regulate the collection and use of personal data by businesses and the government
11-39 Censorship Issues  Spamming  Indiscriminate sending of unsolicited e-mail messages to many Internet users  Flaming  Sending extremely critical, derogatory, and often vulgar e-mail messages or newsgroup postings to other users on the Internet or online services
11-40 Cyberlaw  Laws intended to regulate activities over the Internet or via electronic data communications
11-41 Other Challenges  Employment  IT creates new jobs and increases productivity  But can also cause significant reductions in job opportunities as well as different types of skills required for new jobs  Computer Monitoring  Computers used to monitor the productivity and behavior of employees as they work
11-42 Other Challenges  Working Conditions  IT has eliminated monotonous or obnoxious tasks  But some jobs requiring a skilled craftsman have been replaced by jobs requiring routine, repetitive tasks or standby roles  Individuality  Dehumanize and depersonalize activities because computers eliminate human relationships  Systems without flexibility
11-43 Health Issues  Cumulative Trauma Disorders (CTDs)  Disorders suffered by people who sit at a PC or terminal and do fast-paced repetitive keystroke jobs  Carpal Tunnel Syndrome  Painful crippling ailment of the hand and wrist
11-44 Ergonomics  Designing healthy work environments  That are safe, comfortable, and pleasant for people to work in  Thus increasing employee morale and productivity
11-45 Ergonomic Factors
11-46 Case 2: Strategic Security  OCTAVE Process Methodology to security  Risk evaluation  Risk management  Organizational and cultural  A principle of “reduction of risk on investment”
11-47 Case Study Questions 1. What are security managers doing to improve information security? 2. How does the OCTAVE methodology work to improve security in organizations? 3. What does Lloyd Hession mean when he says information security is “not addressed simply by the firewalls and antivirus [tools] that are already in place”?
11-48 Real World Internet Activity 1. The focus on information security is an important one for modern organizations of all sizes. Using the Internet,  See if you can find examples of companies that are focused on improving information security.  What approaches are they using to improve the situation?
11-49 Real World Group Activity  Private and corporate information is under attack from a wide variety of sources. In small groups,  Discuss the various threats to information security.  Are you doing your share to protect your information?
11-50 Security Management  The goal of security management is the accuracy, integrity, and safety of all information system processes and resources. Source: Courtesy of Wang Global.
11-51 Internetworked Security Defenses  Encryption  Data transmitted in scrambled form and unscrambled by computer systems for authorized users only
11-52 Public/Private Key Encryption
11-53 Internetworked Security Defenses  Firewalls  A gatekeeper system that protects a company’s intranets and other computer networks from intrusion  By providing a filter and safe transfer point for access to and from the Internet and other networks  Firewalls are also important for individuals who connect to the Internet with DSL or cable modems
11-54 Internet and Intranet Firewalls
11-55 How to Defend Against Denial of Service Attacks  At the zombie machines (computers commandeered by cyber criminals)  Set and enforce security policies  Scan for vulnerabilities  At the ISP  Monitor and block traffic spikes  At the victim’s website  Create backup servers and network connections
11-56 Internetworked Security Defenses  E-mail Monitoring  Use of content monitoring software that scans for troublesome words that might compromise corporate security  Virus Defenses  Centralize the distribution and updating of antivirus software  Use security suite that integrates virus protection with firewalls, Web security, and content blocking features
11-57 Other Security Measures  Security Codes  Multilevel password system  Encrypted passwords  Smart cards with microprocessors  Backup Files  Duplicate files of data or programs  System Security Monitors  Programs that monitor the use of computer systems and networks and protects them from unauthorized use, fraud, and destruction
11-58 Biometrics  Computer devices that measure physical traits that make each individual unique  Examples:  Voice verification  Fingerprints  Retina scan
11-59 Computer Failure Controls  Prevent computer failure or minimize its effects  Preventative maintenance  Arrange backups with a disaster recovery organization
11-60 Fault Tolerant Systems  Systems that have redundant processors, peripherals, and software that provide a:  Fail-over capability to back up components in the event of system failure  Fail-safe capability where the computer system continues to operate at the same level even if there is a major hardware or software failure  Fail-soft capability where the computer system continues to operate at a reduced but acceptable level in the event of system failure
11-61 Disaster Recovery Plan  Formalized procedures to follow in the event a disaster occurs including:  Which employees will participate  What their duties will be  What hardware, software, and facilities will be used  Priority of applications that will be processed  Use of alternative facilities  Offsite storage of an organization’s databases
11-62 Information Systems Controls  Methods and devices that attempt to ensure the accuracy, validity, and propriety of information system activities
11-63 Auditing IT Security  IT security audits  By internal or external auditors  Review and evaluate whether proper and adequate security measures and management policies have been developed and implemented
11-64 How to protect yourself from cybercrime
11-65 Case 3: A Day in the Life of the Patch Patrol  After Microsoft announces security alerts and fixes  Race starts between hackers and virus writers and the security administrators rushing to patch their systems before an attack
11-66 Case Study Questions 1. What types of security problems are typically addressed by a patch management strategy? Why do such problems arise in the first place? 2. What challenges does the process of applying software patches and updates pose for many businesses? What are the limitations of the patching process? 3. Does the business value of a comprehensive patch management strategy outweigh its costs, limitations, and the demands it places on the IT function? Why or why not?
11-67 Real World Internet Activity 1. Anyone or any organization that uses Microsoft products is familiar with the myriad of patches necessary to keep up with managing potential security risks. Using the Internet,  See if you can find other examples of companies like Shavlik that specialize in helping manage the software patch process.
11-68 Real World Group Activity  Many people argue that software patches are simply a way that software vendors can get away with releasing products that are not fully tested. In small groups,  Discuss this issue.  Is it reasonable to expect a complex operating system to be completely secure and tested before being released?  How would such a thorough approach to testing affect the availability and price of complex software?

More Related Content

PPT
Psi 10 security and ethical challenges
Silvia Afrima Chandra
 
PPTX
c13.security_and_ethics.pptx managemet info
tasniahnuha
 
PPTX
Chapter 13 security and ethical challenges
Advance Saraswati Prakashan Pvt Ltd
 
PPTX
c13 Security and Ethics(1)(1)(1).pptsasdax
ShaonKhan12
 
PPT
Security and ethical challenges in mis
I P Abir
 
PPTX
chapter 5.pptxggggggggggggggggggggggggggg
adabotor7
 
PPT
Chap13 Security and Ethical Challenges
Aqib Syed
 
PPT
security and ethical challenges
Vineet Dubey
 
Psi 10 security and ethical challenges
Silvia Afrima Chandra
 
c13.security_and_ethics.pptx managemet info
tasniahnuha
 
Chapter 13 security and ethical challenges
Advance Saraswati Prakashan Pvt Ltd
 
c13 Security and Ethics(1)(1)(1).pptsasdax
ShaonKhan12
 
Security and ethical challenges in mis
I P Abir
 
chapter 5.pptxggggggggggggggggggggggggggg
adabotor7
 
Chap13 Security and Ethical Challenges
Aqib Syed
 
security and ethical challenges
Vineet Dubey
 

Similar to obrien13e_chap011.ppt (20)

PPT
Newethics
Dr. Vardhan choubey
 
PPT
Chapter 13 Security and Ethical Challenge.ppt
ValentinusRobyHanant
 
PPTX
Ethics,security and privacy control
Sifat Hossain
 
PPT
9. Computer Ethics.ppt
asm071149
 
PDF
Information Systems Audit - Auditing Information Systems
ssuser557ea5
 
PPTX
Information security
Laxmiprasad Bansod
 
PPTX
Computer Security and their social effect and their usage.
rizwanshafique4321
 
PDF
Ethics in Information Technology - An Overview
kapilhande1
 
PPTX
Module 8 security and ethical challenges
CRM
 
PPTX
Module 1_ Introduction to Cyber Security.pptx
Firoza10
 
PPTX
Computer Security risks Shelly
Adeel Khurram
 
PPT
Week 13 ch14 c
Zahir Reza
 
PPTX
Chapter-10-Information Security and Cyber Crime.pptx
reaz4524
 
PPTX
Computer ethics
RitikaSharma238
 
PPTX
9 - Security
Raymond Gao
 
PPTX
Computer Ethics and History Of computer .pptx
harshjyotsingh34
 
PPTX
Week_7.pptx Computer science topic 7 Notes
FrancisOdoom5
 
PPT
Cyber crime and forensic
SANTANU KUMAR DAS
 
PPT
Chapter008.Protecting People and Information: Threats and Safeguards
lobnaqassem2
 
PPTX
DOC-20250311-WA00nnjnnnnnnnnnnnnnnnnnn..pptx
AlishbaAbbasi5
 
Newethics
Dr. Vardhan choubey
 
Chapter 13 Security and Ethical Challenge.ppt
ValentinusRobyHanant
 
Ethics,security and privacy control
Sifat Hossain
 
9. Computer Ethics.ppt
asm071149
 
Information Systems Audit - Auditing Information Systems
ssuser557ea5
 
Information security
Laxmiprasad Bansod
 
Computer Security and their social effect and their usage.
rizwanshafique4321
 
Ethics in Information Technology - An Overview
kapilhande1
 
Module 8 security and ethical challenges
CRM
 
Module 1_ Introduction to Cyber Security.pptx
Firoza10
 
Computer Security risks Shelly
Adeel Khurram
 
Week 13 ch14 c
Zahir Reza
 
Chapter-10-Information Security and Cyber Crime.pptx
reaz4524
 
Computer ethics
RitikaSharma238
 
9 - Security
Raymond Gao
 
Computer Ethics and History Of computer .pptx
harshjyotsingh34
 
Week_7.pptx Computer science topic 7 Notes
FrancisOdoom5
 
Cyber crime and forensic
SANTANU KUMAR DAS
 
Chapter008.Protecting People and Information: Threats and Safeguards
lobnaqassem2
 
DOC-20250311-WA00nnjnnnnnnnnnnnnnnnnnn..pptx
AlishbaAbbasi5
 

More from Pradeep513562 (20)

PPTX
Statistics for MBA.pptx
Pradeep513562
 
PPTX
Demo presentation SVPISTM Sampling and scales.pptx
Pradeep513562
 
PPTX
Creating compelling manuscripts.pptx
Pradeep513562
 
PPTX
OB U1.pptx
Pradeep513562
 
PPTX
Unit 1 RMM.pptx
Pradeep513562
 
PPTX
identifyinganddefiningaresearchproblem-111106143750-phpapp02.pptx
Pradeep513562
 
PPT
6152935.ppt
Pradeep513562
 
PPT
15 Qualitative Research Methods Overview.ppt
Pradeep513562
 
PPT
Strauss_emktg6_ppt14.ppt
Pradeep513562
 
PPTX
tamil nadu tenders act.pptx
Pradeep513562
 
PPT
ch13 scales.ppt
Pradeep513562
 
PPT
RMM scales ,reliability,validity.ppt
Pradeep513562
 
PPT
Thinking like a Researcher Ch3.ppt
Pradeep513562
 
PPT
obrien13e_chap005.ppt
Pradeep513562
 
PPT
obrien13e_chap005.ppt
Pradeep513562
 
PPT
Chap004.ppt
Pradeep513562
 
PPT
strauss_emktg6_ppt09_-_l_r_-_7_ed.ppt
Pradeep513562
 
PPT
strauss_emktg6_ppt11_-_l_r_-_7_ed.ppt
Pradeep513562
 
PPT
CHAPTER 1.ppt
Pradeep513562
 
PPT
CHAPTER 2.ppt
Pradeep513562
 
Statistics for MBA.pptx
Pradeep513562
 
Demo presentation SVPISTM Sampling and scales.pptx
Pradeep513562
 
Creating compelling manuscripts.pptx
Pradeep513562
 
OB U1.pptx
Pradeep513562
 
Unit 1 RMM.pptx
Pradeep513562
 
identifyinganddefiningaresearchproblem-111106143750-phpapp02.pptx
Pradeep513562
 
6152935.ppt
Pradeep513562
 
15 Qualitative Research Methods Overview.ppt
Pradeep513562
 
Strauss_emktg6_ppt14.ppt
Pradeep513562
 
tamil nadu tenders act.pptx
Pradeep513562
 
ch13 scales.ppt
Pradeep513562
 
RMM scales ,reliability,validity.ppt
Pradeep513562
 
Thinking like a Researcher Ch3.ppt
Pradeep513562
 
obrien13e_chap005.ppt
Pradeep513562
 
obrien13e_chap005.ppt
Pradeep513562
 
Chap004.ppt
Pradeep513562
 
strauss_emktg6_ppt09_-_l_r_-_7_ed.ppt
Pradeep513562
 
strauss_emktg6_ppt11_-_l_r_-_7_ed.ppt
Pradeep513562
 
CHAPTER 1.ppt
Pradeep513562
 
CHAPTER 2.ppt
Pradeep513562
 

Recently uploaded (20)

PPTX
basic introduction to research chapter 1.pptx
sangeethanagaraj8
 
PDF
Module 3 - Functions of the Supervisor - Part 1 - Student Resource (1).pdf
OmoobaOrun1
 
PPTX
Board-Reporting-Package-by-Umbrex-5-23-23.pptx
Pars Six Sigma Excellence
 
DOCX
Hand book of Entrepreneurship 4 Chapters.docx
DrSubinKMohan
 
PPT
Lecture 3344;;,,(,(((((((((((((((((((((((
princessbliss09
 
PDF
Nante Industrial Plug Factory: Engineering Quality for Modern Power Applications
gdhdgee963
 
PDF
ANALYZING THE OPPORTUNITIES OF DIGITAL MARKETING IN BANGLADESH TO PROVIDE AN ...
IJMIT JOURNAL
 
PDF
Satish NS: Fostering Innovation and Sustainability: Haier India’s Customer-Ce...
red402426
 
PPTX
TRAINNING, DEVELOPMENT AND APPRAISAL.pptx
sy2773667
 
PPTX
operations management : demand supply ch
JayeshJaiswal23
 
PDF
Robin Fischer: A Visionary Leader Making a Difference in Healthcare, One Day ...
The lifescience magaizne
 
PDF
Solara Labs: Empowering Health through Innovative Nutraceutical Solutions
The lifescience magaizne
 
PPTX
Slide gioi thieu VietinBank Quy 2 - 2025
hoadm5190
 
PDF
TyAnn Osborn: A Visionary Leader Shaping Corporate Workforce Dynamics
CIO WOMEN MAGAIZNE CIO WOMEN MAGAIZNE
 
PDF
How to Get Business Funding for Small Business Fast
Jake Thornhill
 
PDF
NEW - FEES STRUCTURES (01-july-2024).pdf
priyansubarmanwork
 
PDF
Digital Marketing & E-commerce Certificate Glossary.pdf.................
RoobaV2
 
PDF
Susan Semmelmann: Enriching the Lives of others through her Talents and Bless...
CIO WOMEN MAGAIZNE CIO WOMEN MAGAIZNE
 
PDF
Introduction to Generative Engine Optimization (GEO)
seoplus+
 
PDF
Family Law: The Role of Communication in Mediation (www.kiu.ac.ug)
publication11
 
basic introduction to research chapter 1.pptx
sangeethanagaraj8
 
Module 3 - Functions of the Supervisor - Part 1 - Student Resource (1).pdf
OmoobaOrun1
 
Board-Reporting-Package-by-Umbrex-5-23-23.pptx
Pars Six Sigma Excellence
 
Hand book of Entrepreneurship 4 Chapters.docx
DrSubinKMohan
 
Lecture 3344;;,,(,(((((((((((((((((((((((
princessbliss09
 
Nante Industrial Plug Factory: Engineering Quality for Modern Power Applications
gdhdgee963
 
ANALYZING THE OPPORTUNITIES OF DIGITAL MARKETING IN BANGLADESH TO PROVIDE AN ...
IJMIT JOURNAL
 
Satish NS: Fostering Innovation and Sustainability: Haier India’s Customer-Ce...
red402426
 
TRAINNING, DEVELOPMENT AND APPRAISAL.pptx
sy2773667
 
operations management : demand supply ch
JayeshJaiswal23
 
Robin Fischer: A Visionary Leader Making a Difference in Healthcare, One Day ...
The lifescience magaizne
 
Solara Labs: Empowering Health through Innovative Nutraceutical Solutions
The lifescience magaizne
 
Slide gioi thieu VietinBank Quy 2 - 2025
hoadm5190
 
TyAnn Osborn: A Visionary Leader Shaping Corporate Workforce Dynamics
CIO WOMEN MAGAIZNE CIO WOMEN MAGAIZNE
 
How to Get Business Funding for Small Business Fast
Jake Thornhill
 
NEW - FEES STRUCTURES (01-july-2024).pdf
priyansubarmanwork
 
Digital Marketing & E-commerce Certificate Glossary.pdf.................
RoobaV2
 
Susan Semmelmann: Enriching the Lives of others through her Talents and Bless...
CIO WOMEN MAGAIZNE CIO WOMEN MAGAIZNE
 
Introduction to Generative Engine Optimization (GEO)
seoplus+
 
Family Law: The Role of Communication in Mediation (www.kiu.ac.ug)
publication11
 

obrien13e_chap011.ppt

  • 1. 11-1 McGraw-Hill/Irwin Copyright © 2007 by The McGraw-Hill Companies, Inc. All rights reserved.
  • 2. Security and Ethical Challenges Ethical issues in the use of Information Technology Security Management Chapter 11 McGraw-Hill/Irwin Copyright © 2007 by The McGraw-Hill Companies, Inc. All rights reserved.
  • 3. 11-3 Learning Objectives 1. Identify several ethical issues in how the use of information technologies in business affects employment, individuality, working conditions, privacy, crime, health, and solutions to societal problems. 2. Identify several types of security management strategies and defenses, and explain how they can be used to ensure the security of business applications of information technology.
  • 4. 11-4 Learning Objectives 3. Propose several ways that business managers and professionals can help to lessen the harmful effects and increase the beneficial effects of the use of information technology.
  • 5. 11-5 Case 1: Machine Wars Fighting Evil in Cyberspace  Machine Wars  Computers compromised and subverted by hackers churn out spam and malicious code in relentless raids  Spyware  Phishing  Trojan horses  Fighting back  Blocking spam  Turning the network into a security device
  • 6. 11-6 Case Study Questions 1. Why is automation becoming such an important tool in cybercrime? 2. What is being done to combat the wide variety of cybercrimes listed in the case? 3. Have you ever been a victim of a cybercrime? Do you know how it happened? What did you do to fix the problem and ensure it not happening again?
  • 7. 11-7 Real World Internet Activity 1. The advent of various cybercrimes has spawned new companies and products focusing on its prevention. Using the Internet,  See if you can find examples of companies that specialize in preventing or combating cybercrimes.
  • 8. 11-8 Real World Group Activity  Cyberspace is a world without laws and can serve to both help or hurt those who use it. In small groups,  Discuss ways in which the Internet can be better protected.  What security measures should companies, business professionals, and consumers take to protect their systems from being damaged or infected by cyber criminals?
  • 10. 11-10 Ethical Responsibility  Business professionals  have a responsibility to promote ethical uses of information technology in the workplace.
  • 11. 11-11 Business Ethics  Questions that managers must confront as part of their daily business decision making including:  Equity  Rights  Honesty  Exercise of Corporate Power
  • 13. 11-13 Corporate Social Responsibility Theories  Stockholder Theory  Managers are agents of the stockholders  Their only ethical responsibility is to increase the profits of the business  Without violating the law or engaging in fraudulent practices  Social Contract Theory  Companies have ethical responsibilities to all members of society  Which allow corporations to exist based on a social contract
  • 14. 11-14 Corporate Social Responsibility Theories  Stakeholder Theory  Managers have an ethical responsibility to manage a firm for the benefit of all its stakeholders  Stakeholders are all individuals and groups that have a stake in, or claim on, a company
  • 15. 11-15 Principles of Technology Ethics  Proportionality – the good achieved by the technology must outweigh the harm or risk  Informed Consent – those affected by the technology should understand and accept the risks  Justice – the benefits and burdens of the technology should be distributed fairly  Minimized Risk – even if judged acceptable by the other three guidelines, the technology must be implemented so as to avoid all unnecessary risk
  • 16. 11-16 AITP Standards of Professional Conduct
  • 17. 11-17 Responsible Professional Guidelines  Acting with integrity  Increasing your professional competence  Setting high standards of personal performance  Accepting responsibility for your work  Advancing the health, privacy, and general welfare of the public
  • 18. 11-18 Computer Crime  The unauthorized use, access, modification, and destruction of hardware, software, data, or network resources  The unauthorized release of information  The unauthorized copying of software  Denying an end user access to his or her own hardware, software, data, or network resources  Using or conspiring to use computer or network resources illegally to obtain information or tangible property
  • 19. 11-19 How large companies protect themselves from cybercrime Source: 2003 Global Security Survey by Deloitte Touche Tohmatsu, New York, June 2003, In Mitch Betts, “The Almanac,” Computerworld, July 14, 2003, p 42.
  • 20. 11-20 Hacking  The obsessive use of computers,  Or the unauthorized access and use of networked computer systems
  • 21. 11-21 Common Hacking Tactics  Denial of Service  Hammering a website’s equipment with too many requests for information  Clogging the system, slowing performance or even crashing the site  Scans  Widespread probes of the Internet to determine types of computers, services, and connections  Looking for weaknesses
  • 22. 11-22 Common Hacking Tactics  Sniffer  Programs that search individual packets of data as they pass through the Internet  Capturing passwords or entire contents  Spoofing  Faking an e-mail address or Web page to trick users into passing along critical information like passwords or credit card numbers
  • 23. 11-23 Common Hacking Tactics  Trojan Horse  A program that, unknown to the user, contains instructions that exploit a known vulnerability in some software  Back Doors  A hidden point of entry to be used in case the original entry point has been detected or blocked  Malicious Applets  Tiny Java programs that misuse your computer’s resources, modify files on the hard disk, send fake e- mail, or steal passwords
  • 24. 11-24 Common Hacking Tactics  War Dialing  Programs that automatically dial thousands of telephone numbers in search of a way in through a modem connection  Logic Bombs  An instruction in a computer program that triggers a malicious act  Buffer Overflow  A technique for crashing or gaining control of a computer by sending too much data to the buffer in a computer’s memory
  • 25. 11-25 Common Hacking Tactics  Password Crackers  Software that can guess passwords  Social Engineering  Gaining access to computer systems  By talking unsuspecting company employees out of valuable information such as passwords  Dumpster Diving  Sifting through a company’s garbage to find information to help break into their computers
  • 26. 11-26 Cyber Theft  Computer crime involving the theft of money  Often inside jobs  Or use Internet to break in
  • 27. 11-27 Unauthorized Use at Work  Time and resource theft  May range from doing private consulting or personal finances, or playing video games, to unauthorized use of the Internet on company networks
  • 28. 11-28 Internet Abuses in the Workplace  General e-mail abuses  Unauthorized usage and access  Copyright infringement/plagiarism  Newsgroup postings  Transmission of confidential data  Pornography – accessing sexually explicit sites  Hacking  Non-work related download or upload  Leisure use of the Internet  Usage of external ISPs  Moonlighting
  • 29. 11-29 Software Piracy  Software Piracy  Unauthorized copying of computer programs  Licensing  Purchase of software is really a payment for a license for fair use  Site license allow a certain number of copies  A third of the software industry’s revenues are lost due to piracy
  • 30. 11-30 Theft of Intellectual Property  Intellectual property  Copyrighted material such as  Music, videos, images, articles, books, software  Copyright infringement is illegal  Peer-to-peer networking techniques have made it easy to trade pirated intellectual property
  • 31. 11-31 Viruses and Worms  Virus and worms copy annoying or destructive routines into networked computers  Often spread via e-mail or file attachments  Computer Virus  Program code that cannot work without being inserted into another program  Worm  Distinct program that can run unaided
  • 32. 11-32 Cost of viruses and worms  Nearly 115 million computers were infected in 2004  As many as 11 million computers are believed to be permanently infected  Total economic damage estimated to be between $166 and $292 billion in 2004  Average damage per installed Windows-based machine is between $277 and $366
  • 33. 11-33 Adware and Spyware  Adware  Software that purports to serve a useful purpose  But also allows Internet advertisers to display advertisements (pop-up and banner ads)  Without the consent of the computer’s user  Spyware  Adware that employs the user’s Internet connection in the background without your permission or knowledge  Captures information about you and sends it over the Internet
  • 34. 11-34 Privacy: Opt-in versus Opt-out  Opt-in  You explicitly consent to allow data to be compiled about them  Law in Europe  Opt-out  Data can be compiled about you unless you specifically request it not be  Default in the US
  • 35. 11-35 Privacy Issues  Violation of Privacy:  Accessing individuals’ private e-mail conversations and computer records,  Collecting and sharing information about individuals gained from their visits to Internet websites  Computer Monitoring:  Always knowing where a person is, especially as mobile and paging services become more closely associated with people rather than places
  • 36. 11-36 Privacy Issues  Computer Matching  Using customer information gained from many sources to market additional business services  Unauthorized Personal Files  Collecting telephone numbers, e-mail addresses, credit card numbers, and other personal information to build individual customer profiles
  • 37. 11-37 Protecting your Privacy on the Internet  E-mail can be encrypted  Newsgroup postings can be sent through anonymous remailers  ISP can be asked not to sell your name and personal information to mailing list providers and other marketers  Decline to reveal personal data and interests on online service and website user profiles
  • 38. 11-38 Privacy Laws  Rules that regulate the collection and use of personal data by businesses and the government
  • 39. 11-39 Censorship Issues  Spamming  Indiscriminate sending of unsolicited e-mail messages to many Internet users  Flaming  Sending extremely critical, derogatory, and often vulgar e-mail messages or newsgroup postings to other users on the Internet or online services
  • 40. 11-40 Cyberlaw  Laws intended to regulate activities over the Internet or via electronic data communications
  • 41. 11-41 Other Challenges  Employment  IT creates new jobs and increases productivity  But can also cause significant reductions in job opportunities as well as different types of skills required for new jobs  Computer Monitoring  Computers used to monitor the productivity and behavior of employees as they work
  • 42. 11-42 Other Challenges  Working Conditions  IT has eliminated monotonous or obnoxious tasks  But some jobs requiring a skilled craftsman have been replaced by jobs requiring routine, repetitive tasks or standby roles  Individuality  Dehumanize and depersonalize activities because computers eliminate human relationships  Systems without flexibility
  • 43. 11-43 Health Issues  Cumulative Trauma Disorders (CTDs)  Disorders suffered by people who sit at a PC or terminal and do fast-paced repetitive keystroke jobs  Carpal Tunnel Syndrome  Painful crippling ailment of the hand and wrist
  • 44. 11-44 Ergonomics  Designing healthy work environments  That are safe, comfortable, and pleasant for people to work in  Thus increasing employee morale and productivity
  • 46. 11-46 Case 2: Strategic Security  OCTAVE Process Methodology to security  Risk evaluation  Risk management  Organizational and cultural  A principle of “reduction of risk on investment”
  • 47. 11-47 Case Study Questions 1. What are security managers doing to improve information security? 2. How does the OCTAVE methodology work to improve security in organizations? 3. What does Lloyd Hession mean when he says information security is “not addressed simply by the firewalls and antivirus [tools] that are already in place”?
  • 48. 11-48 Real World Internet Activity 1. The focus on information security is an important one for modern organizations of all sizes. Using the Internet,  See if you can find examples of companies that are focused on improving information security.  What approaches are they using to improve the situation?
  • 49. 11-49 Real World Group Activity  Private and corporate information is under attack from a wide variety of sources. In small groups,  Discuss the various threats to information security.  Are you doing your share to protect your information?
  • 50. 11-50 Security Management  The goal of security management is the accuracy, integrity, and safety of all information system processes and resources. Source: Courtesy of Wang Global.
  • 51. 11-51 Internetworked Security Defenses  Encryption  Data transmitted in scrambled form and unscrambled by computer systems for authorized users only
  • 53. 11-53 Internetworked Security Defenses  Firewalls  A gatekeeper system that protects a company’s intranets and other computer networks from intrusion  By providing a filter and safe transfer point for access to and from the Internet and other networks  Firewalls are also important for individuals who connect to the Internet with DSL or cable modems
  • 55. 11-55 How to Defend Against Denial of Service Attacks  At the zombie machines (computers commandeered by cyber criminals)  Set and enforce security policies  Scan for vulnerabilities  At the ISP  Monitor and block traffic spikes  At the victim’s website  Create backup servers and network connections
  • 56. 11-56 Internetworked Security Defenses  E-mail Monitoring  Use of content monitoring software that scans for troublesome words that might compromise corporate security  Virus Defenses  Centralize the distribution and updating of antivirus software  Use security suite that integrates virus protection with firewalls, Web security, and content blocking features
  • 57. 11-57 Other Security Measures  Security Codes  Multilevel password system  Encrypted passwords  Smart cards with microprocessors  Backup Files  Duplicate files of data or programs  System Security Monitors  Programs that monitor the use of computer systems and networks and protects them from unauthorized use, fraud, and destruction
  • 58. 11-58 Biometrics  Computer devices that measure physical traits that make each individual unique  Examples:  Voice verification  Fingerprints  Retina scan
  • 59. 11-59 Computer Failure Controls  Prevent computer failure or minimize its effects  Preventative maintenance  Arrange backups with a disaster recovery organization
  • 60. 11-60 Fault Tolerant Systems  Systems that have redundant processors, peripherals, and software that provide a:  Fail-over capability to back up components in the event of system failure  Fail-safe capability where the computer system continues to operate at the same level even if there is a major hardware or software failure  Fail-soft capability where the computer system continues to operate at a reduced but acceptable level in the event of system failure
  • 61. 11-61 Disaster Recovery Plan  Formalized procedures to follow in the event a disaster occurs including:  Which employees will participate  What their duties will be  What hardware, software, and facilities will be used  Priority of applications that will be processed  Use of alternative facilities  Offsite storage of an organization’s databases
  • 62. 11-62 Information Systems Controls  Methods and devices that attempt to ensure the accuracy, validity, and propriety of information system activities
  • 63. 11-63 Auditing IT Security  IT security audits  By internal or external auditors  Review and evaluate whether proper and adequate security measures and management policies have been developed and implemented
  • 64. 11-64 How to protect yourself from cybercrime
  • 65. 11-65 Case 3: A Day in the Life of the Patch Patrol  After Microsoft announces security alerts and fixes  Race starts between hackers and virus writers and the security administrators rushing to patch their systems before an attack
  • 66. 11-66 Case Study Questions 1. What types of security problems are typically addressed by a patch management strategy? Why do such problems arise in the first place? 2. What challenges does the process of applying software patches and updates pose for many businesses? What are the limitations of the patching process? 3. Does the business value of a comprehensive patch management strategy outweigh its costs, limitations, and the demands it places on the IT function? Why or why not?
  • 67. 11-67 Real World Internet Activity 1. Anyone or any organization that uses Microsoft products is familiar with the myriad of patches necessary to keep up with managing potential security risks. Using the Internet,  See if you can find other examples of companies like Shavlik that specialize in helping manage the software patch process.
  • 68. 11-68 Real World Group Activity  Many people argue that software patches are simply a way that software vendors can get away with releasing products that are not fully tested. In small groups,  Discuss this issue.  Is it reasonable to expect a complex operating system to be completely secure and tested before being released?  How would such a thorough approach to testing affect the availability and price of complex software?