the personal and social impact of computers. why learn about security, privacy, and ethical issues...
TRANSCRIPT
The Personal and Social Impact of Computers
Why Learn About Security, Privacy, and Ethical Issues in Information Systems and the Internet?
Many nontechnical issues associated with ISs Human Resource employees need to:
Prevent computer waste and mistakes Avoid privacy violations Comply with laws about:
Collecting customer data Monitoring employees
Employees, IS users, and Internet users need to: Avoid crime, fraud, privacy invasion
Computer Waste and Mistakes Computer waste:
Inappropriate use of computer technology and resources
Cause: improper management of information systems and resources Discarding old software and
even complete computer systems when they still have value
Building and maintaining complex systems that are never used to their fullest extent
Using corporate time and technology for personal use
Spam
Computer-related mistakes: Errors, failures, and other computer problems that make computer output incorrect or not useful
Causes Failure by users to follow
proper procedures Unclear expectations and a
lack of feedback Program development that
contains errors Incorrect data entry by data-
entry clerk
Prevention Methods: Policies and Procedures
Establishing -- Establish policies and
procedures regarding efficient acquisition, use, and disposal of systems and devices
Training programs for individuals and workgroups
Manuals and documents on how computer systems are to be maintained and used
Approval of certain systems and applications to ensure compatibility and cost-effectiveness
Implementing -- Policies often focus on:
Implementation of source data automation and the use of data editing to ensure data accuracy and completeness
Assignment of clear responsibility for data accuracy within each information system
Training is often the key to acceptance and implementation of policies and procedures
Policies and Procedures
Monitoring -- Monitor routine practices
and take corrective action if necessary
Implement internal audits to measure actual results against established goals
Follow requirements in Sarbanes-Oxley Act
Reviewing -- During review, people should
ask the following questions: Do current policies cover
existing practices adequately? Were any problems or opportunities uncovered during monitoring?
Does the organization plan any new activities in the future? If so, does it need new policies or procedures on who will handle them and what must be done?
Are contingencies and disasters covered?
Computer Crime
Often defies detectionAmount stolen or diverted can be
substantialCrime is “clean” and nonviolentNumber of IT-related security incidents is
increasing dramaticallyComputer crime is now global
The Computer as a Tool to Commit Crime
Criminals need two capabilities to commit most computer crimesKnowing how to gain access to the computer systemKnowing how to manipulate the system to produce
the desired result
ExamplesSocial engineeringDumpster divingCounterfeit and banking fraud using sophisticated
desktop publishing programs and high-quality printers
Cyberterrorism
CyberterroristSomeone who intimidates or coerces a government
or organization to advance his or her political or social objectives by launching computer-based attacks against computers, networks, and the information stored on them
Homeland Security Department’s Information Analysis and Infrastructure Protection Directorate Serves as governmental focal point for fighting
cyberterrorism
Identity Theft
Imposter obtains key pieces of personal identification information, such as Social Security or driver’s license numbers, in order to impersonate someone elseInformation is then used to obtain credit,
merchandise, and/or services in the name of the victim or to provide the thief with false credentials
Identity Theft and Assumption Deterrence Act of 1998 passed to fight identity theft
9 million victims in 2005
The Computer as the Object of Crime
Crimes fall into several categories such as:Illegal access and useData alteration and destructionInformation and equipment theftSoftware and Internet piracyComputer-related scamsInternational computer crime
Illegal Access and Use
Hacker: learns about and uses computer systems
Criminal hacker (also called a cracker): gains unauthorized use or illegal access to computer systems
Script bunnies: automate the job of crackers
Insider: employee who compromises corporate systems
Malware: software programs that destroy or damage processing
Virus: computer program file capable of attaching to disks or other files and replicating itself repeatedly, typically without the user’s knowledge or permission
Worm: parasitic computer program that can create copies of itself on the infected computer or send copies to other computers via a network
Trojan horse: malicious program that disguises itself as a useful application and purposefully does something the user does not expect
Logic bomb: type of Trojan horse that executes when specific conditions occur Triggers for logic bombs can
include a change in a file by a particular series of keystrokes or at a specific time or date
Illegal Access and Use
Tips for avoiding viruses and wormsInstall antivirus software on your computer and
configure it to scan all downloads, e-mail, and disksUpdate your antivirus software regularlyBack up your files regularlyDo not open any files attached to an e-mail from an
unknown, suspicious, or untrustworthy sourceDo not open any files attached to an e-mail unless
you know what it is, even if it appears to come from a friend or someone you know
Exercise caution when downloading files from the Internet
Ensure that the source is legitimate and reputable
Information and Equipment Theft
Obtaining identification numbers and passwords to steal information or disrupt systemsTrial and error, password sniffer program
Software theftComputer systems and equipment theft
Data on equipment is valuable
Software and Internet Software Piracy
Software piracy: act of illegally duplicating software
Internet software piracy: illegally downloading software from the InternetMost rapidly expanding type of software piracyMost difficult form to combatExamples: pirate Web sites, auction sites that
offer counterfeit software, peer-to-peer networks
Penalties can be severe
Computer-Related Scams
Examples of Internet scamsGet-rich-quick schemes involving bogus real
estate deals“Free” vacations with huge hidden costsBank fraudFake telephone lotteries
PhishingGaining access to personal information by
redirecting user to fake site
International Computer Crime
Computer crime is an international issueSoftware industry loses about $9 billion in
revenue annually to software piracy occurring outside the United States
Terrorists, international drug dealers, and other criminals might use information systems to launder illegally obtained funds
Preventing Computer-Related Crime
All states have passed computer crime legislation
Some believe that these laws are not effective because: Companies do not always
actively detect and pursue computer crime
Security is inadequate Convicted criminals are not
severely punished Individual and group efforts
are being made to curb computer crime, and recent efforts have met with some success
State and federal agencies have begun aggressive attacks on computer criminals
Computer Fraud and Abuse Act, 1986
Computer Emergency Response Team (CERT)
Many states are now passing new, comprehensive bills to help eliminate computer crimes
Crime Prevention by Corporations
Public key infrastructure (PKI): enables users of an unsecured public network such as the Internet to securely and privately exchange dataUses a public and a private cryptographic key pair
that is obtained and shared through a trusted authority
Biometrics: measurement of one of a person’s traits, whether physical or behavioral
Security & Biometric Videohttp://www.youtube.com/watch?v=CkRAUnFLYKA
Using Intrusion Detection Software
Intrusion detection system (IDS): software that monitors system and network resources and notifies network security personnel when it senses a possible intrusionSuspicious activities: failed login attempts,
attempts to download program to server, accessing a system at unusual hours
Can provide false alarmsE-mail or voice message alerts may be missed
Internet Laws for Libel and Protection of Decency
Filtering software helps screen Internet contentAlso prevents children from sending personal
information over e-mail or through chat groups
Internet Content Rating Association (ICRA)Rates Web sites based on authors’ responses from
questionnaire
Children’s Internet Protection Act (CIPA), 2000Required filters in federally funded libraries
Libel is an important legal issue on the InternetPublishing Internet content to the world can subject
companies to different countries’ laws
Preventing Crime on the Internet
Develop effective Internet usage and security policies for all employees
Use a stand-alone firewall (hardware and software) with network monitoring capabilities
Deploy intrusion detection systems, monitor them, and follow up on their alarms
Monitor managers and employees to make sure that they are using the Internet for business purposes
Use Internet security specialists to perform audits of all Internet and network activities
Privacy Issues
With information systems, privacy deals with the collection and use or misuse of data
More data and information are produced and used today than ever before
Data is constantly being collected and stored on each of us
This data is often distributed over easily accessed networks and without our knowledge or consent
Concerns of privacy regarding this data must be addressed
Privacy and the Federal Government
U.S. federal government is perhaps the largest collector of data
Over 4 billion records exist on citizens, collected by about 100 federal agencies
U.S. National Security Agency (NSA) had secretly collected phone call records of tens of millions of U.S. citizens after the September 11, 2001 terrorist attacksRuled unconstitutional and illegal by a federal judge
in August 2006
Privacy at Work
There is conflict between rights of workers who want their privacy and the interests of companies that demand to know more about their employees
Workers might be monitored via computer technology that can:Track every keystroke made by a workerKnow when the worker is not using the keyboard or
computer systemEstimate how many breaks he or she is taking
Many workers consider monitoring dehumanizing
E-Mail Privacy
Federal law permits employers to monitor e-mail sent and received by employees
E-mail messages that have been erased from hard disks can be retrieved and used in lawsuits
Use of e-mail among public officials might violate “open meeting” laws
Privacy and the Internet
Huge potential for privacy invasion on the InternetE-mail is a prime target
Platform for Privacy Preferences (P3P): screening technology that shields users from Web sites that do not provide the level of privacy protection they desire
Children’s Online Privacy Protection Act (COPPA), 1998: require privacy policies and parental consent
Potential dangers on social networking Web sites
Corporate Privacy Policies
Should address a customer’s knowledge, control, notice, and consent over the storage and use of information
May cover who has access to private data and when it may be used
A good database design practice is to assign a single unique identifier to each customerSingle record describing all relationships with the
company across all its business unitsCan apply customer privacy preferences consistently
throughout all databases
Individual Efforts to Protect Privacy
Find out what is stored about you in existing databases
Be careful when you share information about yourself
Be proactive to protect your privacyWhen purchasing anything from a Web site,
make sure that you safeguard your credit card numbers, passwords, and personal information
Health Concerns Working with computers can
cause occupational stress Training and counseling can
often help the employee and deter problems
Computer use can affect physical health as well Strains, sprains, tendonitis,
repetitive motion disorder, carpal tunnel syndrome
Concerns about emissions from improperly maintained and used equipment, display screens, and cell phones
Many computer-related health problems are caused by a poorly designed work environment
Ergonomics: science of designing machines, products, and systems to maximize the safety, comfort, and efficiency of the people who use them
EthicsPrinciples of right and wrong used by
individuals as free moral agents to guide behavior
Moral dimensions of the information ageInformation rights & obligationsProperty rightsAccountability & controlSystem qualityQuality of life
Moral dimensions of the information age
Information rights & obligationsProperty rightsAccountability & controlSystem qualityQuality of life
Ethics in an information society
Ethical analysis: Identify, describe factsDefine conflict, identify values Identify stakeholders Identify options Identify potential consequences
Ethics in an information society
Ethical principles:Treat others as you want to be treated If action not right for everyone, not right For
anyone If action not repeatable, not right at any timePut value on outcomes, understand
consequences Incur least harm or costNo free lunch
Information rights
Privacy: right to be left alone Fair information practices (FIP): No secret personal records Individuals can access, amend information about them Use info only with prior consent Managers accountable for damage done by systems Governments can intervene
Intellectual property
Intellectual property: intangible creations protected by law
Trade secret: intellectual work or product belonging to business, not in public domain
Copyright: statutory grant protecting intellectual property from copying by others
Trade Mark: legally registered mark, device, or name to distinguish one’s goods
Patent: legal document granting owner exclusive monopoly on an invention for 17 years
Ethical Issues in Information Systems
Code of ethics: states the principles and core values that are essential to a set of people and thus governs their behavior
ACM code of ethics and professional conductContribute to society and human well-beingAvoid harm to othersBe honest and trustworthyBe fair and take action not to discriminateHonor property rights including copyrights and
patentsGive proper credit for intellectual propertyRespect the privacy of othersHonor confidentiality