Docstoc

Ppt - Server Login

Document Sample
Ppt - Server Login Powered By Docstoc
					  Fundamentals of Information
         Systems
               Fourth Edition

                  Chapter 9
    The Personal and Social Impact of Computers



Edited for AK ITEC 1010 Fall, 2007
     Principles and Learning Objectives

• Page 382

    Review Principles as an overview of chapter.

    Pay attention to acronyms !

In this edited slide set, a number of references to U.S. laws or practices have
been deleted or grayed out. Reference to Canadian laws or practices should
be substituted wherever feasible. 



Fundamentals of Information Systems, Fourth Edition                           2
    Why Learn About Security, Privacy,
     and Ethical Issues in Information
       Systems and the Internet?
• Many nontechnical issues associated with ISs
• Human Resource employees need to:
     – Prevent computer waste and mistakes
     – Avoid privacy violations
     – Comply with laws about:         Understand !
           • Collecting customer data
           • Monitoring employees
• Employees, IS users, and Internet users need to:
     – Avoid crime, fraud, privacy invasion


Fundamentals of Information Systems, Fourth Edition   3
                           Computer Waste

• Cause: improper management of information
  systems and resources
     – Discarding old software and even complete
       computer systems when they still have value
     – Building and maintaining complex systems that are
       never used to their fullest extent
     – Using corporate time and technology for personal
       use
     – Spam

             P 385
Fundamentals of Information Systems, Fourth Edition        4
             Computer-Related Mistakes

• Causes
     –   Failure by users to follow proper procedures
     –   Unclear expectations and a lack of feedback
     –   Program development that contains errors
     –   Incorrect data entry by data-entry clerk




Fundamentals of Information Systems, Fourth Edition     5
  Preventing Computer-Related Waste
             and Mistakes
• Preventing waste and mistakes involves:
     –   Establishing policies and procedures
     –   Implementing policies and procedures
     –   Monitoring policies and procedures
     –   Reviewing policies and procedures




Fundamentals of Information Systems, Fourth Edition   6
  Establishing Policies and Procedures

• Establish policies and procedures regarding
  efficient acquisition, use, and disposal of systems
  and devices
• Training programs for individuals and workgroups
• Manuals and documents on how computer systems
  are to be maintained and used
• Approval of certain systems and applications to
  ensure compatibility and cost-effectiveness

     P 386

Fundamentals of Information Systems, Fourth Edition   7
Implementing Policies and Procedures

• Policies often focus on:
     – Implementation of source data automation and the
       use of data editing to ensure data accuracy and
       completeness
     – Assignment of clear responsibility for data accuracy
       within each information system
• Training is often the key to acceptance and
  implementation of policies and procedures



Fundamentals of Information Systems, Fourth Edition           8
    Monitoring Policies and Procedures

• Monitor routine practices and take corrective action
  if necessary
• Implement internal audits to measure actual results
  against established goals
• Follow requirements in Sarbanes-Oxley Act
• Follow PIPEDA (Canada.)




Fundamentals of Information Systems, Fourth Edition   9
                           Computer Crime

• Often defies detection
• Amount stolen or diverted can be substantial
• Crime is “clean” and nonviolent
• Number of IT-related security incidents is
  increasing dramatically
• Computer crime is now global




Fundamentals of Information Systems, Fourth Edition   10
    The Computer as a Tool to Commit
                Crime
• Criminals need two capabilities to commit most
  computer crimes
     – Knowing how to gain access to the computer system
     – Knowing how to manipulate the system to produce
       the desired result
• Examples
     – Social engineering
     – Dumpster diving
     – Counterfeit and banking fraud using sophisticated
       desktop publishing programs and high-quality
       printers

Fundamentals of Information Systems, Fourth Edition        11
                             Cyberterrorism

• Cyberterrorist
     – Someone who intimidates or coerces a government
       or organization to advance his or her political or
       social objectives by launching computer-based
       attacks against computers, networks, and the
       information stored on them
• CSIS has division that deals with this in Canada.




Fundamentals of Information Systems, Fourth Edition         12
                                Identity Theft

• Imposter obtains key pieces of personal
  identification information, such as SIN or driver’s
  license numbers, in order to impersonate someone
  else
     – Information is then used to obtain credit,
       merchandise, and/or services in the name of the
       victim or to provide the thief with false credentials
9 million victims in 2005




Fundamentals of Information Systems, Fourth Edition            13
 The Computer as the Object of Crime

• Crimes fall into several categories such as:
     –   Illegal access and use
     –   Data alteration and destruction
     –   Information and equipment theft
     –   Software and Internet piracy
     –   Computer-related scams
     –   International computer crime




Fundamentals of Information Systems, Fourth Edition   14
                   Illegal Access and Use

• Hacker: learns about and uses computer systems
• Criminal hacker (also called a cracker): gains
  unauthorized use or illegal access to computer
  systems
• Script bunnies: automate the job of crackers
• Insider: employee who compromises corporate
  systems
• Malware: software programs that destroy or
  damage processing

Fundamentals of Information Systems, Fourth Edition   15
     Illegal Access and Use (continued)

• Virus: computer program file capable of attaching to
  disks or other files and replicating itself repeatedly,
  typically without the user’s knowledge or permission
• Worm: parasitic computer program that can create
  copies of itself on the infected computer or send
  copies to other computers via a network
• RootKit:




Fundamentals of Information Systems, Fourth Edition    16
     Illegal Access and Use (continued)

• Trojan horse: malicious program that disguises
  itself as a useful application and purposefully does
  something the user does not expect
• Logic bomb: type of Trojan horse that executes
  when specific conditions occur
    – Triggers for logic bombs can include a change in a file
      by a particular series of keystrokes or at a specific
      time or date




Fundamentals of Information Systems, Fourth Edition        17
     Illegal Access and Use (continued)

• Tips for avoiding viruses and worms
     – Install antivirus software on your computer and
       configure it to scan all downloads, e-mail, and disks
     – Update your antivirus software regularly
     – Back up your files regularly
     – Do not open any files attached to an e-mail from
       an unknown, suspicious, or untrustworthy
       source




Fundamentals of Information Systems, Fourth Edition        18
     Illegal Access and Use (continued)

• Tips for avoiding viruses and worms (continued):
     – Do not open any files attached to an e-mail unless
       you know what it is, even if it appears to come from
       a friend or someone you know
     – Exercise caution when downloading files from the
       Internet
           • Ensure that the source is legitimate and reputable




Fundamentals of Information Systems, Fourth Edition               19
                Using Antivirus Programs
• Antivirus program: software that runs in the
  background to protect your computer from dangers
  lurking on the Internet and other possible sources
  of infected files
• Tips on using antivirus software
     – Run and update antivirus software often
     – Scan all diskettes and CDs before using them
     – Install software only from a sealed package or
       secure, well-known Web site
     – Follow careful downloading practices
     – If you detect a virus, take immediate action

Fundamentals of Information Systems, Fourth Edition     20
       Information and Equipment Theft

• Obtaining identification numbers and passwords to
  steal information or disrupt systems
     – Trial and error, password sniffer program
• Software theft
• Computer systems and equipment theft
     – Data on equipment is valuable




Fundamentals of Information Systems, Fourth Edition   21
 Software and Internet Software Piracy

• Software piracy: act of illegally duplicating
  software
• Internet software piracy: illegally downloading
  software from the Internet
     – Most rapidly expanding type of software piracy
     – Most difficult form to combat
     – Examples: pirate Web sites, auction sites that offer
       counterfeit software, peer-to-peer networks
     – Penalties can be severe


Fundamentals of Information Systems, Fourth Edition           22
                Computer-Related Scams

• Examples of Internet scams
     – Get-rich-quick schemes involving bogus real estate
       deals
     – “Free” vacations with huge hidden costs
     – Bank fraud
     – Fake telephone lotteries
• Phishing
     – Gaining access to personal information by
       redirecting user to fake site


Fundamentals of Information Systems, Fourth Edition         23
           International Computer Crime

• Computer crime is an international issue
• Software industry loses about $9 billion in revenue
  annually to software piracy occurring outside the
  United States
• Terrorists, international drug dealers, and other
  criminals might use information systems to launder
  illegally obtained funds




Fundamentals of Information Systems, Fourth Edition   24
   Preventing Computer-Related Crime

• All states have passed computer crime legislation
• Some believe that these laws are not effective
  because:
     – Companies do not always actively detect and pursue
       computer crime
     – Security is inadequate
     – Convicted criminals are not severely punished
• Individual and group efforts are being made to curb
  computer crime, and recent efforts have met with
  some success

Fundamentals of Information Systems, Fourth Edition    25
      Crime Prevention by Corporations

• Public key infrastructure (PKI): enables users of
  an unsecured public network such as the Internet
  to securely and privately exchange data
     – Uses a public and a private cryptographic key pair
       that is obtained and shared through a trusted
       authority
• Biometrics: measurement of one of a person’s
  traits, whether physical or behavioral




Fundamentals of Information Systems, Fourth Edition         26
     Using Intrusion Detection Software

• Intrusion detection system (IDS): software that
  monitors system and network resources and
  notifies network security personnel when it senses
  a possible intrusion
     – Suspicious activities: failed login attempts, attempts
       to download program to server, accessing a system
       at unusual hours
     – Can provide false alarms
     – E-mail or voice message alerts may be missed

      P 402

Fundamentals of Information Systems, Fourth Edition         27
       Using Managed Security Service
             Providers (MSSPs)
• Managed security service provider (MSSP):
  organization that monitors, manages, and
  maintains network security for both hardware and
  software for its client companies
     – Sifts through alarms and alerts from all monitoring
       systems
     – May provide scanning, blocking, and filtering
       capabilities




Fundamentals of Information Systems, Fourth Edition          28
 Internet Laws for Libel and Protection
              of Decency
• Filtering software helps screen Internet content
     – Also prevents children from sending personal
       information over e-mail or through chat groups
• Internet Content Rating Association (ICRA)
     – Rates Web sites based on authors’ responses from
       questionnaire
• Libel is an important legal issue on the Internet
     – Publishing Internet content to the world can subject
       companies to different countries’ laws


Fundamentals of Information Systems, Fourth Edition           29
       Preventing Crime on the Internet

• Develop effective Internet usage and security
  policies for all employees
• Use a stand-alone firewall (hardware and software)
  with network monitoring capabilities
• Deploy intrusion detection systems, monitor them,
  and follow up on their alarms




Fundamentals of Information Systems, Fourth Edition   30
       Preventing Crime on the Internet
                 (continued)
• Monitor managers and employees to make sure
  that they are using the Internet for business
  purposes
• Use Internet security specialists to perform audits
  of all Internet and network activities




Fundamentals of Information Systems, Fourth Edition     31
                              Privacy Issues
• With information systems, privacy deals with the
  collection and use or misuse of data
• More data and information are produced and used
  today than ever before
• Data is constantly being collected and stored on
  each of us
• This data is often distributed over easily accessed
  networks and without our knowledge or consent
• Concerns of privacy regarding this data must be
  addressed

Fundamentals of Information Systems, Fourth Edition     32
                            Privacy at Work

• There is conflict between rights of workers who
  want their privacy and the interests of companies
  that demand to know more about their employees
• Workers might be monitored via computer
  technology that can:
     – Track every keystroke made by a worker
     – Know when the worker is not using the keyboard or
       computer system
     – Estimate how many breaks he or she is taking
• Many workers consider monitoring dehumanizing

Fundamentals of Information Systems, Fourth Edition        33
                              E-Mail Privacy

• E-mail messages that have been erased from hard
  disks can be retrieved and used in lawsuits
• Use of e-mail among public officials might violate
  “open meeting” laws




Fundamentals of Information Systems, Fourth Edition   34
                  Privacy and the Internet

• Huge potential for privacy invasion on the Internet
• E-mail is a prime target
• Platform for Privacy Preferences (P3P):
  screening technology that shields users from Web
  sites that do not provide the level of privacy
  protection they desire
• Children’s Online Privacy Protection Act (COPPA),
  1998: require privacy policies and parental consent
• Potential dangers on social networking Web sites


Fundamentals of Information Systems, Fourth Edition   35
  PI PE DA

Personal Information Protection and Electronic Documents Act
An Act to support and promote electronic commerce by protecting personal
information that is collected, used or disclosed in certain circumstances, by
providing for the use of electronic means to communicate or record
information or transactions and by amending the Canada Evidence Act, the
Statutory Instruments Act and the Statute Revision Act.

 http://www.privcom.gc.ca/legislation/02_06_01_01_e.asp

 MUST KNOW
                                                      Like, this is Canadian, eh?


Fundamentals of Information Systems, Fourth Edition                                 36
              Fairness in Information Use




            Table 9.4: The Right to Know and the Ability to Decide

Fundamentals of Information Systems, Fourth Edition                  37
               Corporate Privacy Policies

• Should address a customer’s knowledge, control,
  notice, and consent over the storage and use of
  information
• May cover who has access to private data and
  when it may be used
• A good database design practice is to assign a
  single unique identifier to each customer
     – Single record describing all relationships with the
       company across all its business units
     – Can apply customer privacy preferences consistently
       throughout all databases
Fundamentals of Information Systems, Fourth Edition     38
    Individual Efforts to Protect Privacy

• Find out what is stored about you in existing
  databases
• Be careful when you share information about
  yourself
• Be proactive to protect your privacy
• When purchasing anything from a Web site, make
  sure that you safeguard your credit card numbers,
  passwords, and personal information



Fundamentals of Information Systems, Fourth Edition   39
                   The Work Environment

• Computer technology and information systems
  have opened up numerous avenues to
  professionals and nonprofessionals
• Enhanced telecommunications has:
     – Been the impetus for new types of business
     – Created global markets in industries once limited to
       domestic markets
• Despite increasing productivity and efficiency,
  computers and information systems can raise other
  concerns

Fundamentals of Information Systems, Fourth Edition           40
                           Health Concerns

• Working with computers can cause occupational
  stress
• Training and counseling can often help the
  employee and deter problems
• Computer use can affect physical health as well
     – Strains, sprains, tendonitis, repetitive motion
       disorder, carpal tunnel syndrome
• Concerns about emissions from improperly
  maintained and used equipment, display screens,
  and cell phones

Fundamentals of Information Systems, Fourth Edition      41
    Avoiding Health and Environmental
                Problems
• Many computer-related health problems are
  caused by a poorly designed work environment
• Ergonomics: science of designing machines,
  products, and systems to maximize the safety,
  comfort, and efficiency of the people who use them

P 414: Be able to spell “ergonomics”




Fundamentals of Information Systems, Fourth Edition   42
 Ethical Issues in Information Systems

• Code of ethics: states the principles and core
  values that are essential to a set of people and
  thus governs their behavior




Fundamentals of Information Systems, Fourth Edition   43
 Ethical Issues in Information Systems
              (continued)
• ACM code of ethics and professional conduct
     – Contribute to society and human well-being
     – Avoid harm to others
     – Be honest and trustworthy
     – Be fair and take action not to discriminate
     – Honor property rights including copyrights and
       patents
     – Give proper credit for intellectual property
     – Respect the privacy of others
     – Honor confidentiality

Fundamentals of Information Systems, Fourth Edition     44
                    Sorry, That’s All There Is.

                    Wrap-up Next Week !




Fundamentals of Information Systems, Fourth Edition   45

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:3
posted:12/30/2012
language:English
pages:45