Security, Privacy, and Ethical Issues in Information Systems and the Internet

1
Security, Privacy, and Ethical Issues in
Information Systems and the Internet

• Chapter 10

2
Principles and Learning Objectives

• Policies and procedures must be established to
  avoid computer waste and mistakes.
• Describe some examples of waste and mistakes in
  an IS environment, their causes, and possible
  solutions.

3
Principles and Learning Objectives

• Computer crime is a serious and rapidly growing
  area of concern requiring management attention.
• Explain the types and effects of computer crime.
• Identify specific measures to prevent computer
  crime.
• Discuss the principles and limits of an
  individuals right to privacy.

4
Principles and Learning Objectives

• Jobs, equipment, and working conditions must be
  designed to avoid negative health effects.
• List the important effects of computers on the
  work environment.
• Identify specific actions that must be taken to
  ensure the health and safety of employees.
• Outline criteria for the ethical use of
  information systems.

5
Social Issues in Information Systems
6
Computer Waste Mistakes
7
Computer Waste

• Example
• Discard technology-Some companies discard usable
  hardware and software that could be used
  elsewhere in the company, or sold or donated
• Unused systems - never used to it fullest extent
• Personal use of corporate time and technology-
  Employees playing computer games or surfing the
  Web at their desks on company time is also a
  source of waste, as are junk e-mail and junk
  faxes.

• Prevention
• User manuals
• Training
• Policy procedure

8
Computer mistakes

• Example
• Error/failure/incorrect output
• Inappropriate processing instruction
• Inaccurate data entry
• Mishandling IS output
• Poor system design

• Prevention
• Careful programming
• Testing/backup
• Provide user manual
• training

9
Preventing Computer Waste and Mistakes

• For example, procedures could ensure that
  computers no longer needed in one part of the
  company would be used in another part, rather
  than discarded.

10
Preventing Computer-Related Waste and Mistakes-
pg618
11
Implementing Policies and Procedures-pg619
12
Computer CrimeComputer crime includes a
wide range of categories, such asintroducing
viruses, stealing credit card numbers from
on-line systems stealing an informationcrashing
Web sites.
13
Number of Incidents Reported to CERT
14
Computer Crime and Security Survey-pg 622
15
The Computer as a Tool to Commit Crime

• Social engineering-stealing credit card numbers
  from on-line retailer CD Universe and stealing
  10 million from Citibank
• Dumpster diving or searching through an
  organizations garbage to find the information
  they need.
• Identity theft- Password sniffers are small
  programs that can be run on computers or networks
  to record logins and passwords.
• Cyberterrorism

16
Computers as Objects of Crime

• Illegal access and use
• Hackers vs. crackers- The term hacker has long
  been used to describe an individual who enjoys
  technology and spends much time learning about
  and using computers.Crackers are hackers who
  gain unauthorized access to computer systems
• Script bunnies-.Individuals with little technical
  knowledge who download programs, called scripts,
  that automate breaking into computers, are called
  script bunnies.
• Insiders -

17
Data Alteration and Destruction

• Virus-A virus is a program that attaches itself
  to other programs
• Application virus
• System virus
• Macro virus
• Worm- A worm is an independent program, that
  replicates itself, interrupting the functioning
  of networks and computers
• Logic bomb- Logic bombs may be disguised as
  Trojan horse, which is a program that appears to
  be useful but hides a virus or worm.

18
Data Alteration and Destruction-pg 625
19
Top Viruses July 2002-pg627
20
Top Viruses July 2002
21
Computers as Objects of Crime

• Information and equipment theft
• Software and Internet piracy
• Computer-related scams
• International computer crime

22
Preventing Computer-Related Crime

• Crime prevention by state and federal agencies
• Crime prevention by corporations-encryption
• Public Key Infrastructure (PKI)
• Biometrics
• Antivirus programs

23
Preventing Crime on the Internet

• Develop effective Internet and security policies
• Use a stand-alone firewall with network
  monitoring capabilities
• Monitor managers and employees
• Use Internet security specialists to perform
  audits

24
Common Methods Used to Commit Computer Crimes-pg
633
25
How to Protect Your Corporate Data from
Hackers-pg634
26
PrivacyThe right to be out of public view
27
Privacy Issues

• Privacy and the Federal Government
• Privacy at work
• E-mail privacy
• Privacy and the Internet

28
Using Antivirus Programs
29
The Work Environment

• Although computer technology has brought
  productivity and efficiency to the workplace, it
  has raised health concerns as well.

30
Health Concerns

• Repetitive stress injury (RSI)-Continued work
  using computer keyboards, mice, or other
  equipment can lead to repetitive stress disorder
  and carpal tunnel syndrome, both resulting in
  pain in the fingers, wrist, or hand
• Carpal tunnel syndrome (CTS)-The aggravation of
  the pathway for nerves that travel through the
  wrist.
• Ergonomics-the study of designing and positioning
  equipment to enhance employee safety and health.
  Ergonomics has suggested that furniture can be
  designed to decrease fatigue, strain, or injury
  from working with computers. The positioning of
  keyboards and display screens, as well as
  lighting, is also important

31
Avoiding Health and Environment Problems

• Maintain good posture and positioning.
• Dont ignore pain or discomfort.
• Use stretching and strengthening exercises.
• Find a good physician who is familiar with RSI
  and how to treat it.

32
Summary

• Computer waste - the inappropriate use of
  computer technology and resources in both the
  public and private sectors
• Software and Internet piracy - represent the most
  common computer crime