(exam)information system security and social issues

7/21/2019 (Exam)Information System Security and Social Issues

1/26

Sections (Structure)B&C (20)Information systems security30 MCQ (chapter1) Denition

INFORMATION SYSTEM SECURITY AND SOCIAL ISSUES

INTRODUCTION

Computer systems pay a critica roe in !usinesses" #o$ernment functionsan% %aiy ife 'herefore" or#anisations nee% to consi%er specia steps toprotect their information systems 'his topic i epain ho farinformation systems can !e controe% an% protecte% so that they canperform tas*s accor%in#y Before the eistence of o+ce automation!rou#ht !y computers" %ata on the in%i$i%uas an% or#anisation erestore% as paper recor%s hich ere %istri!ute% to %i,erent !usiness unitsor or#anisations Information systems !rou#ht to#ether computer eshich cou% !e accesse% easiy !y many peope an% #roups outsi%e theor#anisations Conse-uenty" the automate% %ata is more epose% to%eetion" fasication" errors an% misuse

'o han%e Internet security issue" or#anisation proce%ure an% poicy scopemust !e !roa%" responsi!e to users" aare the security trainin# (se#e$".omra an% /o%an" 1)

Security and E-commerce

commerce security is a main contro issue for companies usin# thisfaciity It is $ita that the %ata of the seer an% !uyer reate% to commerce!e *ept con%entia hen channee% eectronicay Sent %ata must !eprotecte% from in%i$i%uas" other than the sen%er" ho intentionay ant

to chan#e it" for eampe for or%ers for share mar*ets or pro%uctsaccuratey represent the intentions of the !uyer an% seer

Many or#anisations %epen% on encryption to protect sensiti$e information!ein# channee% throu#h a netor* ncryption is co%in# an% miin#or%ers to protect sent %ata from !ein# un%erstoo% !y hac*ers r%ers can!e encrypte% !y usin# con%entiay num!ere% co%es *non as encryption*ey so that they are sent as a pair of num!ers hich ha$en !een mie%up ('he *ey contain ar#e #roups of apha!ets" num!ers an% sym!os)


2/26

'o !e rea%a!e" the or%er must !e %ecrypte% ith a suita!e *ey 'here arese$era encryption stan%ar% in eistence" incu%in# Data ncryptionStan%ar% (DS) hich is use% !y the 4S #o$ernment" /S5 (Data Security/S5)" SS6 (Secure% Soc*et 6ayer) an% S7''. (Secure% hypertettransportation protoco) SS6 an% S7''. are use% for tra+c!ase% 8e!ncryption is usefu for protectin# or%ers on the Internet an% other pu!icnetor* hich are ess secure than pri$ate netor* ncryption heps toprotect sent payment %ata such as cre%it car% %etais" en-uiries hichre-uire a%%ress $erication an% or%er inte#rity 9erication refers to thea!iity of one party to *no the other party present In the noneectronicor%" e use si#natures

Ban*in# throu#h mai has pre$ente% the use of si#natures on che-ues#i$en to customers throu#h a protecte% pri$ate netor*" here the sourcere-uestin# for payment is recor%e% an% can !e pro$en r%er inte#rity isthe capa!iity to ensure or%ers sent arri$e ithout !ein# copie% or

amen%e%

Computer security eperts are sti n%in# ays in$o$in# encryption toesta!ish %i#ita si#natures hich are a#ree% upon an% $erie% Di#itasi#nature is a %i#ita co%e hich is attache% to an or%er sent eectronicayan% use% to $erify the or%er:s content It pro$i%es a metho% of associatin#the or%er ith sen%er" performin# a simiar function as a ritten si#nature

9erication can !e enforce% !y attachin# a %i#ita certicate to theeectronic or%er 'he %i#ita certication system uses a truste% thir% party*non as Certifyin# 5uthority to $erify a user:s i%entity 'he Certie%5uthority system can !e operate% as a function in the or#anisation or !yeterna or#anisations such as 9erisi#n Inc an% MIMS Berha%

SYSTEM SECURITY THREATS

System security threats refer to the act or inci%ent that can an% i a,ectthe inte#rity of an information system" hich in turn" a,ects the reia!iityan% pri$acy of !usiness %ata Most or#anisations are %epen%ent oncomputer systems to function" an% thus must %ea ith system security

threats Sma enterprises" hoe$er" are often un%ersta,e% for !asicinformation technoo#y (I') functions as e as system security s*is

SECURITY THREATS

ampes of security threats are as foo;

9iruses" spyare an% a%are


3/26

Insi%er 5!use of Internet 5ccess

6aptop or Mo!ie 'heft

Denia of Ser$ice (DS)

4nauthorise% 5ccess to Information

5!use of 8ireess ?@ ofparticipants recei$e% emai spam e$ery %ay 'here are to pro!ems ithspam; empoyees aste time rea%in# an% %eetin# spam" an% it increasesthe system o$erhea% to %ei$er an% store =un* %ata 'he %aiy a$era#e

spam is 1A? messa#es" an% the a$era#e time spent %eetin# them a is2A minutes

S!y"are

Spyare is a computer pro#ramme that secrety #athers the user:spersona information an% reays it to thir% parties" such as a%$ertisersCommon functionaities of spyare incu%e monitorin# *eystro*es"scannin# es" snoopin# on other appications such as chat pro#rammessor or% processors" instain# other spyare pro#rams" rea%in# coo*ies"

chan#in# the %efaut homepa#e on the 8e! !roser" an% consistenty


4/26

reayin# information to the spyare home !ase 4n*noin# users ofteninsta spyare as the resut of $isitin# a e!site" cic*in# on a %is#uise%popup in%o" or %onoa%in# a e from the Internet

Ad"are

5%are is a pro#ram that can %ispay a%$ertisements such as popupin%os or a%$ertisin# !anners on e!pa#es 5 #roin# num!er ofsoftare %e$eopers o,er free trias for their softare unti users pay tore#ister reetria users $ie sponsore% a%$ertisements hie the softareis !ein# use% Some a%are %oes more than =ust present a%$ertisements"hoe$er it can report the users: ha!its" preferences" or e$en personainformation to a%$ertisers or other thir% parties" simiar to spyare

EFFECTIVE VIRUS# AD$ARE AND S%Y$ARECONTROL

'o protect computer systems a#ainst $iruses an% other pro#ramme%threats" or#anisations must ha$e e,ecti$e access contros an% insta an%re#uary up%ate -uarantine softare 8ith e,ecti$e protection a#ainstunauthorise% access an% !y encoura#in# sta, to !ecome %efensi$e:computer users" $irus threats can !e re%uce% Some $iruses can infect a

computer throu#h operatin# system $unera!iities It is critica to instasystem security patches as soon as they are a$aia!e

i#htin# a#ainst pro#ramme% threats is an on#oin# an% e$erchan#in#!atte ireas an% routers shou% aso !e instae% at the netor* e$e toeiminate threats !efore they reach the %es*top 5ntia%are an% antispyare softare are si#nature!ase%" an% or#anisations are a%$ise% toinsta more than one type to ensure e,ecti$e protection Instain# antispam softare on the ser$er is important !ecause increase% spam resutsin pro%ucti$ity oss an% a aste of computin# resources

Important consi%erations for seectin# antispam softare incu%e asystem:s e,ecti$eness" impact on mai %ei$ery" ease of use"maintenance" an% cost Many Internet ser$ice pro$i%ers con$enientyre%uce spam on their ser$ers !efore it reaches su!scri!ers 5%%itionay"or#anisations must maintain inhouse an% o,site !ac*up copies ofcorporate %ata an% softare so that %ata an% softare can !e -uic*yrestore% in case of a system faiure

INSIDER A&USE OF INTERNET ACCESS


5/26

Internet in an or#anisation is use% to increase the or#anisation:spro%ucti$ity 4nfortunatey" it can !e a!use% or eampe" emai an%Internet connections are a$aia!e in amost a o+ces to impro$epro%ucti$ity" !ut empoyees may use them for persona reasons" such asonine shoppin#" payin# #ames" an% sen%in# instant messa#es to frien%s%urin# or* hours5s pre$enti$e contro" e$ery or#anisation shou% ha$e a ritten poicyre#ar%in# the use of corporate computin# faciities In a%%ition"or#anisations shou% up%ate their monitorin# poicies perio%icay" !ecauseI' e$o$es rapi%y

LA%TO% OR MO&ILE THEFTBecause they are reati$ey epensi$e" aptops an% .D5s ha$e !ecome thetar#ets of thie$es Besi%es !ein# epensi$e" they often contain proprietarycorporate %ata" access co%es to company netor*s" an% sensiti$e

information'he fooin# su##estions can hep minimise the chance of theft henoutsi%e the o+ce;

1


6/26

DENIAL OF SERVICE 'DoS(

5 %enia of ser$ice (DoS) attac* is specicay %esi#ne% to interruptnorma system functions an% a,ect e#itimate usersF access to thesystem 7ostie users sen% a Goo% of fa*e re-uests to a ser$er"o$erhemin# it an% ma*in# a connection !eteen the ser$er an%e#itimate cients %i+cut or impossi!e to esta!ish

'he %istri!ute% %enia of ser$ice (DDoS) aos the hac*er to auncha massi$e" coor%inate% attac* from thousan%s of hi=ac*e% (Hom!ie)computers remotey controe% !y the hac*er

5 massi$e DoS attac* can parayse a netor* system an% !rin#%on #iant e!sites 4nfortunatey" any computer system can !e ahac*erFs tar#et as on# as it is connecte% to the Internet DoSattac*s can resut in si#nicant ser$er %ontime an% nancia oss

for many or#anisations" !ut the contros to miti#ate the ris* are$ery technica

r#anisations shou% e$auate their potentia eposure to DoSattac*s an% %etermine the etent of contro or protection they cana,or%

UNAUTHORISED ACCESS TO INFORMATION

'o contro unauthorise% access to information" access contros"

incu%in# passor%s an% a controe% en$ironment" are necessaryComputers instae% in a pu!ic area" such as a conference room orreception area" can create serious threats an% shou% !e a$oi%e% ifpossi!e

5ny computer in a pu!ic area must !e e-uippe% ith a physicaprotection %e$ice to contro access hen there is no !usiness nee%'he 65< shou% !e in a controe% en$ironment accesse% !yauthorise% empoyees ony

mpoyees shou% !e aoe% to access ony the %ata necessary forthem to perform their =o!s

A&USE OF $IRELESS NET$OR)S 8ireess netor*s o,er the a%$anta#e of con$enience an%

Gei!iity" !ut system security can !e a !i# issue 5ttac*ers %o notnee% to ha$e physica access to the netor*

5ttac*ers can ta*e their time crac*in# the passor%s an% rea%in#the netor* %ata ithout ea$in# a trace ne option to pre$ent anattac* is to use one of se$era encryption stan%ar%s that can !e!uit into ireess netor* %e$ices


7/26

ne eampe" ire% e-ui$aent pri$acy (8.) encryption can !ee,ecti$e at stoppin# amateur snoopers" !ut it is not sophisticate%enou#h to foi %etermine% hac*ers Conse-uenty" any sensiti$einformation transmitte% o$er ireess netor*s shou% !e encrypte%at the %ata e$e as if it ere !ein# sent o$er a pu!ic netor*


8/26

SYSTEM %ENETRATION

7ac*ers penetrate systems ie#ay to stea information" mo%ify %ata" orharm the system 'he fooin# factors are reate% to system penetration;

1

System hoes; the %esi#n %eciency of operatin# systems orappication systems that ao hi=ac*in#" security !ypass" %atamanipuation" pri$ie#e escaation" an% system access

.ort scannin#; a hac*in# techni-ue use% to chec* 'C.EI. ports tore$ea the ser$ices that are a$aia!e an% to i%entify theea*nesses of a computer or netor* system in or%er to epoitthem


9/26

Insta a netor* rea so that interna a%%resses are not re$eae%eternay

sta!ish a #oo% system%e$eopment poicy to #uar% a#ainst a!ac* %oorEtrap %oor remo$e the !ac* %oor as soon as the ne

system %e$eopment is compete%

Desi#n security an% au%it capa!iities to co$er a user e$es

THEFT OF %RO%RIETARY INFORMATIONInformation is a commo%ity in the ecommerce era" an% there are aays!uyers for sensiti$e information" incu%in# customer %ata" cre%it car%information" an% tra%e secrets Data theft !y an insi%er is common henaccess contros are not impemente% utsi%e hac*ers can aso use 'ro=anJ $iruses to stea information from unprotecte% systems Beyon%instain# rea an% anti$irus softare to secure systems" a companyshou% encrypt a its important %ata

5ccess pri$ie#e an% %ata encryption are #oo% pre$enti$e contros a#ainst%ata theft !y unauthorise% empoyees ho stea for persona #ain 'heaccess contros incu%e the tra%itiona passor%s" smartcar% security" an%moresophisticate% !iometric security %e$ices r#anisations canimpement some appropriate contros" incu%in# imitin# access toproprietary information to authorise% empoyees" controin# access here

proprietary information is a$aia!e" an% con%uctin# !ac*#roun% chec*s onempoyees ho i ha$e access to proprietary information 'here i"hoe$er" aays !e some ris* that authorise% empoyees i misuse %atathey ha$e access to in the course of their or* r#anisations can asoor* ith an eperience% inteectua property attorney" an% re-uireempoyees to si#n noncompete an% non%iscosure a#reements

MISUSE OF %U&LIC $E& A%%LICATIONS'he nature of ecommerceKcon$enience an% Gei!iityKma*es 8e!appications $unera!e an% easiy a!use% 7ac*ers can circum$enttra%itiona netor* reas an% intrusionpre$ention systems an% attac*e! appications %irecty 'hey can in=ect comman%s into %ata!ases $iathe e! appication user interfaces an% secrety stea %ata" such ascustomer an% cre%it car% information4ser authentication is the foun%ation of 8e! appication security" an%ina%e-uate authentication may ma*e appications $unera!er#anisations must insta a 8e! appication rea to ensure that asecurity poicies are cosey fooe%

'he fooin# a%%itiona contros can miti#ate 8e! appication a!uses;


10/26

1 Instain# security patches prompty

4sin# a 8e! appication scanner to %isco$er any $unera!iity

Monitorin# the ser$er an% appications to i%entify any potentiapro!ems an% terminate maicious re-uests

7i%in# information that en% users %o not nee% to *no" incu%in#the ser$er machine type an% the operatin# system

SA&OTA*E

System security crimes are committe% !y insi%ers as much as !youtsi%ers Some of the contros %iscusse% a!o$e can pro$i%eprotection a#ainst the sa!ota#es committe% !y outsi%ers" !ut noor#anisation is immune from an empoyee a!usin# its trust 8hen itcomes to security" or#anisations often pay attention ony to theparameter of the or#anisation" an% not the insi%e Sa!ota#e !yinsi%ers is often orchestrate% hen empoyees *no theirtermination is comin#

In some cases" %is#runte% empoyees are sti a!e to #ain accessafter !ein# terminate% 5nother potentia threat of unauthorise% useis hen empoyees -uit or are terminate% !ut there is nocoor%ination !eteen the personne %epartment an% the computercentre In some cases" empoyees sti ha$e system access an% anemai account after they ha$e eft an or#anisation It is aso notunusua that empoyees *no the user IDs an% passor%s of theircoea#ues


11/26

TECHNOLO*Y SECURITY MANA*EMENT

8hat are the resources that nee% to !e controe% or mana#e% from theperspecti$e of their safetyL 'he resources that nee% to !e protecte%incu%e;

1

/a %ata

Information

Computer har%are

.eriphera %e$ices that are connecte% ith computer technoo#y

'he information technoo#y use%

Support softare that is use% in the information technoo#y unit"i*e operatin# technoo#y

6et us oo* at ho e can mana#e information technoo#y safety" rstyfrom the !asic concepts an% then from the steps that nee% to !eperforme% practicay to%ay that form the safety contro of informationtechnoo#y

(a) !=ecti$es of System Safety Mana#ementIn #enera" system safety mana#ement can !e sai% to !e the e,ort tocontro access to technoo#y to ensure the four important o!=ecti$esare met" hich are;

(i) Con%entiaity

'his is for ensurin# that %ata or information is not epose% toothers ho are not suppose% to see it ecuti$e InformationSystem" Company 5ccountin# System" an% 7uman /esourceMana#ement are amon# the systems that are critica an% nee%to !e protecte% in this re#ar%

(ii) Inte#rity'his is for ensurin# that the information store% can !e truste%an% that the %ata as e as the pro#ram that mana#es it isaays accurate or functions i*e it is suppose% to In otheror%s" it represents the actua technoo#y capa!iity for eachtime hen access is ma%e

(iii) 5$aia!iity'his is for ensurin# that technoo#y" %ata an% ser$ice in thissystem can !e accesse% at a times that they are re-uire% !yanyone ho is aoe% access

(i$) 5%herence to the /ues


12/26

'his is for ensurin# that a aspects of operations reate% to thisinformation technoo#y foo a the as" rues" poicies"a#reements" contracts an% ethica principes use% in anor#anisation

(!) Strate#ies of System Safety Contro5 strate#ic impementation of a system safety contro is $eryimportant in !ui%in# a %efence structure a#ainst a threats" hetherthey are intentiona or nonintentiona 7oe$er" it must !e state%that !ui%in# a #oo% safety contro infrastructure i in$o$e animpicate% cost Con$ersey" not !ui%in# an accurate contro featuremay ea% to a oss hich may !e e$en more costy 'he mi%%e roa% isto ensure a su+cient amount of safety contro ithin theor#anisation" not more an% not ess 'o pro%uce an o$era contro foran information system" our strate#y i ta*e into consi%eration three

!asic steps" !y carryin# out;1

/is* anaysis

Contro mechanism impementation an% Information au%it

(i) /is* 5naysis

In or%er to %etermine ho much safety contro is re-uire%" a ris*anaysis of the system is necessary /is* anaysis is a proce%ure

to %etermine the possi!iities of threats an% osses incurre% fromthe eposure of technoo#y to certain threats 8ith this" themost e,ecti$e an% most costsa$in# step can !e ta*en to essenthe %an#ers of eposin# the technoo#y to a minimum e$e

'he steps that are in$o$e% in a ris* anaysis incu%e;1

Determinin# potentia threats toar%s the informationtechnoo#y 5rran#e these threats accor%in# to priority

Determinin# the resources in$o$e% that nee% to !e protecte%

.erformin# a cost anaysis on the oss that cou% !e incurre% ifthese resources are epose% to the ris*s an% if they areattac*e%

ormin# or#anisationa safety poicies that are suita!e hichco$er the access" emer#ency pan" !ac*up pan" an% reco$erypan an% testin# pan poicies

(ii) Impementation of Contro Mechanisms


13/26

5fter a ris* anaysis has !een performe%" ony then can theforms of contro !e formuate% in or%er to face the critica threatsthat ha$e !een iste% 6et us ha$e a coser oo* at se$era contromechanisms that are usuay impemente% in formin# anappropriate contro infrastructure" an% the scope of controimpementation that e i impement rom that scope" controof technoo#y safety co$ers a components of informationtechnoo#y an% the components that support theimpementation of information technoo#y

In !rief" this contro mechanism encompasses the pre$entionmechanism an% reco$ery mechanism that co$er the contro ofthreats that are intentiona as e as nonintentiona

.re$ention mechanisms are safety contro components that are

impemente% to a$oi% threats" hie reco$ery mechanisms aresteps that are ta*en after an attac* occurs" here e$en afterpre$ention has !een impemente%" a threat sti occurs" thusreco$ery is impemente% as shon in i#ure 101

(c)


14/26

(i) Input contro aso incu%es;4sin# the screen for enterin# %ata that has !een formatte% tore%uce the num!er of mista*es in enterin# %ata

9ai%ation usin# certain au%i!e error arnin#s 8hen the userma*es a mista*e in enterin# %ata" he is aerte% a!out themista*e !y a certain soun%Softare can !e use% to i%entify incorrect" in$ai% orinappropriate %ata hie it is !ein# entere% into the system co%e" e% or transaction that is not $ai%" outsi%e the imit!oun%aries" outsi%e the ran#e" monitor of the ''56 countin#of the tota num!er of recor%s in$o$e% !atch count (totacount in !atches)" hash count (for comparison purposes ony)

(ii) utput contro is aime% at ensurin# that the processe% resuts areaccurate" compete an% %istri!ute% in an appropriate manner Some of the

aspects in$o$e% are;1

nsurin# that the num!er of inputs" processes an% outputs is !aance%

Neepin# an% maintainin# a process o#

nsurin# that ony authorise% recipients recei$e the processe% output

(iii) .rocess contro ensures that the %ata is compete an% accurate %urin#the processin# sta#e 5fter the %ata is inserte% safey into the information

system" it shou% !e ensure% that the processes function propery Controo$er processes is %e$eope% to i%entify the mista*es or errors in arithmeticcacuations as e as o#ica operations" an% to ensure %ata is not ost ornot processe% as it is suppose% to !e processe%

.rocess contro can !e %i$i%e% into to; har%are contro an%softare contro 7ar%are contro refers to a specia contromechanism that is pro$i%e% in the har%are for ensurin# thatthe computer process performs accurateyIn !rief" the steps that can !e ta*en for har%are contro are asfoos;

1.ro%uce a controe% tota !efore an% after the processin#

Match the input %ata ith the main e


15/26

CONTROLLIN* COM%UTER CRIMESECURITY

5fter !rieGy oo*in# at these contro mechanisms to a%%ress nonintentiona threats" e no oo* at contro mechanisms that a%%ressintentiona threats or computer crime5fter pre$ention" a #enera contro strate#y for each component can !eoutine% as;(a) Detection(i) 8hen the pre$ention contro mechanism is una!e to %efen% thesystem" other mechanisms are nee%e% to imme%iatey i%entify theattac*ers of the system(!) 6imitation(i) 'he e,ort to minimise the e,ects of certain attac*s or threats as theyhappen(ii) 'his incu%es aunchin# imme%iate steps to ena!e the importantfunctions of the system to !e use% as -uic*y as possi!e so that oss tothe company %oes not increase hen the pro%uct cannot !e pro%uce%(iii) ampe; 4sin# a su!stitute system

(c) /eco$ery(i) 5 strate#ic pan to reco$er the information system that has !een%ama#e% as -uic*y as possi!e

(%) Correction(i) /epair of a %ama#e% system to pre$ent the pro!em from recurrin#

rom the impementation aspect" se$era protection mechanisms can !euse% in controin# the information system resources incu%in# thosecontaine% in the computer netor* Some of these mechanisms are;(a) 5ccess Contro(i) Contro access to a system !y as*in# for a passor%" smart car%" orusin# !iometric contro (n#erprint)

(ii) 5nti$irus softare

15 softare appication that protects the computer system an% appicationsoftare ithin it from $irus attac*s

Boc*s any $irus containe% ithin any e !efore that e is use%" causin#the sprea% of the $irus

Scan suspect es an% if a $irus is foun%" %estroy it


16/26

'he nee% for up%atin# the anti$irus fre-uenty in or%er to ena!e theappication to %etect ne $iruses 'his is %one !y up%atin# the $irussi#nature components from time to time throu#h the Internet from thecompany that pro$i%es the anti$irus


17/26

(i) 'his is use% for o$ercomin# pro!ems reate% to %ama#e ithin thecomputer system

(ii) It in$o$es se$era process ayers" %e$ices" stora#e an% computersoftare that i automaticay repace the system that is ha$in#pro!ems to ensure that the process !ein# performe% is not %isrupte%

(iii) 'his is appica!e for important an% critica operations" i*e in ar#e!an*s" hich normay can a,or% to ha$e a faut toerant system pro$i%e%!y a specia company that has a ayere% system in se$era %i,erentpaces(#) 4se of Bac*up(i) Some computer systems are e-uippe% ith their on !ac*up faciitiesi*e a !ac*up %e$ice hen there is no eectricity" a sur#e protector"computer %ata an% processe% resut !ac*up

(ii) 'he impementation of a !ac*up in an institution re-uires a cear an%systematic poicy to ensure that hen a %isaster occurs" the computer

system i not ose any %ata or processe% resuts(h) Impementation of an 5u%it5fter a ris* anaysis an% a %efence contro mechanism ha$e !eenimpemente%" steps to ensure that this %efence system is capa!e ofcontinuay pro$i%in# the re-uire% protection are impemente% 5nau%it ou% impement this nee%

SOCIAL ISSUES IN INFORMATION

TECHNOLO*Y USA*E'he intro%uction of information systems an% information technoo#y in$arious aspects of the %aiy ife of society has eft many si%e e,ects onman*in%" hether as an in%i$i%ua or as a society In the fooin#sections" e i oo* at se$era aspects from the socia issues that ha$eemer#e% fooin# the use of information technoo#y

T+reat to ,o

Many types of =o!s hich ere pre$iousy performe% !y humans are no%one !y computer systems or machines Computers ha$e repace% cer*san% other or*ers or eampe" ith the use of an ecuti$e InformationSystem (IS)" a mana#ement can pro%uce eecuti$e reports strai#ht fromthe system for anaysis .re$iousy" this tas* ha% to !e performe% !yse$era cer*s or or*ers 'his situation has e% to the risin# of theunempoyment rate$en thou#h computer usa#e has re%uce% the num!er of =o!s" it has asocontri!ute% ne positions reate% to the use of computer systems" such aschief information o+cer an% other reate% positions In !rief" it can !e sai%that the intro%uction of computers has remo$e% the positions hich

entaie% repetitious tas*s an% a%%e% =o! tites that re-uire more s*is an%


18/26

inteect 'hese ne positions are e% !y peope *non as *noe%#eor*ers


19/26

Human Re.ation

'here are compaints that the intro%uction of the computer system hascause% reationships !eteen in%i$i%uas to %eteriorate 'his is !ecause

some operations hich pre$iousy re-uire% human contact or e$auation isno performe% autonomousy !y computer 5 computer system %oes notconsi%er human feein#s or o#ic in performin# the tas*s that ha$e !eenpro#ramme% into it" uni*e humans 'as*s i*e !i payment" for eampe"may ma*e the company appear as too strict hen it is %ue" since thesystem aos no Gei!iity

Hea.t+ Iue

Computer use to perform or* in the o+ce can aso #i$e rise to nepro!ems" such as or* stress" strain to nec* musces" the !ac* or spine"an% the shou%ers Constant eposure to ra%iation from the computerscreen can aso cause %ama#e to the eyes In a%%ition to this" monitorin#of computer use !y the or*er can aso !e sai% to create ecess stress tothe or*er hich may ea% to many heath reate% pro!ems

T+reat to %erona. Ri/+t '%ri0acy(

'he capa!iity of the computer system to store" process an% %istri!ute

%ata is one of the a%$anta#es that can faciitate an% increase thee+ciency of many tas*s 7oe$er" in #enera" the computer can aso #i$erise to the issue of persona ri#hts toar%s con%entiaity of informationthat can !e compromise%in# to the a%$ance% technoo#y a$aia!e to%ay" a user surn# theInternet an% enterin# a e!site may ha$e his persona informationcapture% ithout his consent .ri$ate user information that is store% ininstitutiona computer systems i*e cre%it information an% famiy %etaisface the threat of the information !ein# epose% or ron#y use% romanother perspecti$e" there are certain institutions that monitor the use ofcomputers !y their or*ers ithout these or*ers !ein# aare of it

Some forms of o,ence a#ainst the persona ri#hts of in%i$i%uas are;(a) Spammin#(i) Sen%in# of emai ran%omy to a #roup of Internet users ithout theirconsent

(ii)


20/26

(iii) 8hen too many messa#es of this type are recei$e%" they can createpro!ems for the user(!) amin#(i) 'he act of sen%in# messa#es containin# ru%e or o,ensi$e or%s to a

certain #roup of computer users" for eampe" Internet users in anes#roup

(ii) Can #i$e rise to sensiti$e issues" i*e racia issues" an% ma*e thesituation tense(c) Computer Matchin#(i) 8hen a user su!scri!es to an onine ser$ice" sometimes the informationhe su!mits can !e capture%: an% store% automaticay ithout his*noe%#e 'his information may !ecome compromise% an% fa into thehan%s of others

(ii) 'his information can sometimes !e use% for tar#ete% a%$ertisin# of

pro%ucts or for sen%in# information that ou% characteristicay attemptto inGuence the rea%er into a#reein# ith a $ie(iii) Matchin# user information ithout the *noe%#e of the oner" theinformation is performe% !y the computer system that sometimes#enerates errors or mista*es that can cause the user pro!ems" i*erecei$in# information that shou% not ha$e !een sent to him

(%) Internet 4sa#e(i) 'here is a possi!iity that the !usiness transaction sent throu#h theInternet may !e monitore%

(ii) 4ser information can easiy !e %istri!ute% to the hoe or% instanty(iii) In a%%ition to this" there are cases of ima#es or #raphics of users thatare mo%ie% an% %ispaye% to the #enera pu!ic ith i intentions


21/26

ETHICAL ISSUES

rom the an#ua#e perspecti$e" ethics can !e %ene% as the ri#ht orron# principes he% !y an in%i$i%ua an% they act as a mora a#ent thatis a #ui%e for %eterminin# the !eha$iour co%e of man*in%thics is a !ranch of phiosophy reate% to ascertainin# ri#ht or ron# 'heuse of information technoo#y an% information systems to%ay has #i$enrise to ne ethica issues hich ere noneistent prior to the intro%uctionof computers 8hat is ri#ht an% hat is ron# in the use of informationsystems an% information technoo#yL 'his is the !asic -uestion that ei a%%ress in this section 'he $aue system that %eci%es the ri#ht an%ron# of usin# information technoo#y forms that hich e *no as theethica co%e of information technoo#y

Et+ica. Iue in In1ormation Tec+no.o/y

8hat are the forms of ne ethica issues that ha$e emer#e% throu#h theuse of information technoo#yL 'o%ay" information technoo#y has reaise%many thin#s that ere not consi%ere% pre$iousy Computer netor*technoo#y can transfer information -uic*y a o$er the or% in a matterof minutes at minima cost In this situation" the -uestion of the type ofinformation" hich shou% !e %istri!ute% an% that hich shou% not !e%istri!ute% !ecomes an issue or eampe" a type of informationconsi%ere% immora in one cuture may not !e consi%ere% as such in

another cuture In another scenario" the use of certain types of softarethat can monitor the use of information technoo#y !y users ho areconnecte% to the Internet may compromise their pri$ate informationShou% the ri#ht to monitor !e #i$en to the authorities an% to hat etentshou% they !e aoe% to %o soL 'his poemic situation has opene% upne -uestions hose ansers must !e !ase% on a certain set of !eiefs or$aues 'his is *non as the co%e of ethics in usin# informationtechnoo#y 'his set of !eiefs i %etermine hat is ri#ht an% hat isron# in a #roup or institution an% then !een fooe% !y its mem!ers

Main Tec+no.o/ica. Trend t+at Lead to Et+ica.Iue

In or%er to un%erstan% further hy the use of information technoo#y cancause ethica issues such as the ones state% a!o$e" et us re$ie the%e$eopment of information technoo#y that has e% to this Se$erasituations ha$e #i$en rise to ethica issues in the %e$eopment ofinformation technoo#y;

(a) ponentia a%$ancement of computin# poer


22/26

5t present" it is estimate% that the processin# poer of the computeris increasin# eponentiay e$ery 1A months 5s a resut" the maincomputin# operations in !usiness companies are increasin# at a rapi%rate 'hus" reyin# too much on computer systems may epose thesecompanies to the e,ects an% performance of their computers 5nymista*es or ea*nesses in the %ata can ha$e a ma=or impact on theor#anisation

(!) 5%$ancement in %ata stora#e'his a%$ancement has opene% many opportunities for or#anisationsto store $arious types of %ata in a form that is easier to e%it" transferan% anayse in eectronic stora#e %e$ices that can !e accesse% easiyan% -uic*y

(c) 5%$ancement in %ata minin# techni-ues

5 the information that is successfuy coecte% can !e anayse% in#reater %etai to eamine the !eha$iours of the customers an% otheraspects Data minin# is a techni-ue that ena!es the pro%uction of%esire% information throu#h a %ata searchin# process from a ar#e%ata!ase 'hrou#h this metho%" the %ata reate% to the anaysis can!e searche% automaticay 'his has opene% the ay for i%esprea%information eposure

(%) 5%$ancement in netor*in# incu%in# the InternetIt is cear ho netor* technoo#y has chan#e% the access patternsan% sen%in# of %ata to%ay 'he user can access %ata or information%irecty from his room ithout anyoneFs *noe%#e 'he informationthat is sprea% anyhere aroun% the or% faces the possi!iity of!ein# hi=ac*e% hen it is pace% on the InternetP

'he situation a!o$e has raise% se$era ne -uestions in mana#ement an%!usiness" incu%in# the fooin#;(a) 'he -uestion of ri#hts an% responsi!iities o$er information

Se$era -uestions reate% to the ri#hts an% responsi!iities of the useran% *eepers of the information in information systems can !e state%as foos;

1

8hat are the ri#hts of the in%i$i%ua an% or#anisation o$er theinformationL

8hat can they %efen%L

8hat a!out their responsi!iities o$er the sai% informationL(!) .roperty ri#hts

7o can the contro o$er inteectua property ri#hts !e impemente%in to%ayFs %i#ita or% here it is fairy %i+cut to conrm anin%i$i%uaFs copyri#htL


23/26

(c) 5ccounta!iity an% contro8ho can !e ma%e responsi!e for a the %i+cuties that !efa anin%i$i%ua from the usa#e of the information system an% the i%e%istri!ution of information" coecte% information an% property ri#htsL

(%) System -uaity

8hat are the stan%ar%s that shou% !e %ran re#ar%in# the -uaity of%ata an% system for #uaranteein# in%i$i%ua ri#hts an% the safety ofthe pu!ic reatin# to the pro!em of %ata inte#rity in an informationsystemL 'o hat etent can %ata a!out an in%i$i%ua store% in a%ata!ase !e truste%L

(e) Quaity of ife8hat shou% chan#e an% hat shou% !e maintaine% %urin# theprocess of chan#e toar%s an era of an informe% societyL

&aic Frame"or3 o1 In1ormation Tec+no.o/yEt+ic

Many or#anisations or institutions that use information technoo#y ha$eoutine% their on co%e of ethics as a #ui%eine for their mem!ers orempoyees in the use of information technoo#y 'his co%e of ethics i !euse% in %eci%in# hether or not a certain type of !eha$iour is ri#ht orron# from the perspecti$e of information technoo#y use ithin theor#anisation or institution ou may nee% to form the co%e of ethics forinformation technoo#y use in your or#anisation sometime in the future

'he 2001 ethica frameor* use% !y / Mason an% others ('ur!an" /einer".orter) cate#oriHes the ethica issue of information technoo#y into fourcate#ories" hich are;

.ri$acy issues

5ccuracy issues

.roperty issues

5ccessi!iity issues


24/26

%ERSONAL ISSUES

.ersona issues are reate% to the protection of the persona ri#hts ofin%i$i%uas in the use of information technoo#y It has !ecome animportant issue an% can cause ma=or %ama#es an% osses if it is nota%%resse% propery

ou can ima#ine the hu#e amount of persona information of usersincu%in# !an* information" information a!out a userFs aiment" an%nancia cre%it information that is store% in computer systems connecte%to a computer netor* hether it is a oca area netor* (65


25/26

'he tren% in the %e$eopment of information technoo#y has #i$en rise tose$era -uestions re#ar%in# ethica issues /eate ho this informationtechnoo#y tren% can #i$e rise to those issues

(c) 8hat information can !e pace% in a %ata!ase (here its security fromothersF access cannot !e fuy #uarantee%)L

Summary

ou as a user of information technoo#y shou% !e a responsi!e en% user'here are se$era #ui%eines for a co%e of ethics for informationtechnoo#y o+cers" hich are as foos;

(a) 5ct ith inte#rity trustorthy" reia!e

(!) Increase professionaism in your e%(c) .ace hi#h stan%ar%s for your achie$ements(%) Be responsi!e for your =o!(e) Be concerne% a!out heath" pri$acy as e as #enera ser$ice to thepu!ic

Business operations can !e %isrupte% !y many information systemthreat factors" incu%in# !reach of system security

System %ontime" system penetrations" theft of computin#resources" an% ost pro%ucti$ity ha$e rapi%y !ecome critica systemsecurity issues

'he nancia oss from these security !reaches can !e si#nicant Ina%%ition" system security !reaches often taint a companyFs ima#ean% may compromise a compiance ith appica!e as an%re#uations

'he *ey to protectin# an or#anisationFs information system a#ainst

security !reaches is to !e e prepare% for a possi!e ma=orthreats

5 com!ination of pre$enti$e an% %etecti$e contros can pre$entsecurity threats

'he use of information technoo#y aso ea%s to the !asic issue ofthe co%e of information technoo#y ethics that must !e a%here% to

'he use of information technoo#y has socia e,ects 'herefore" it isnecessary to pan the use of information technoo#y in an


26/26

or#anisation or the society in or%er to #ain maimum positi$eresuts an% a$oi% its ne#ati$e e,ects

(exam)information system security and social issues

Documents