Docstoc

lecture12

Document Sample
lecture12 Powered By Docstoc
					                    CLARK UNIVERSITY
     College of Professional and Continuing Education
                         (COPACE)


Management Information Systems

                  Lection 12
           Ethical Aspects of Using
            Information Systems
                            Plan
•   Basic terms
•   IS in global economy
•   Computer waste and mistakes
•   Computer crime
•   Privacy issues
•   Ethical and societal issues

Stair R., Reynolds G.
Principles of Information Systems, Eighth Edition
Principles and Learning Objectives
• Policies and procedures must be established
  to avoid computer waste and mistakes
  – Describe some examples of waste and mistakes in
    an IS environment, their causes, and possible
    solutions
  – Identify policies and procedures useful in
    eliminating waste and mistakes
  – Discuss the principles and limits of an individual’s
    right to privacy

                                                           3
   Principles and Learning Objectives
               (continued)
• Computer crime is a serious and rapidly
  growing area of concern requiring
  management attention
  – Explain the types and effects of computer crime
  – Identify specific measures to prevent computer
    crime




                                                      4
  Principles and Learning Objectives
              (continued)
• Jobs, equipment, and working conditions must
  be designed to avoid negative health effects
  – List the important effects of computers on the
    work environment
  – Identify specific actions that must be taken to
    ensure the health and safety of employees
  – Outline criteria for the ethical use of information
    systems


                                                          5
Why Learn About Security, Privacy, and
 Ethical Issues in Information Systems
            and the Internet?
• Many nontechnical issues associated with ISs
• Human Resource employees need to:
  – Prevent computer waste and mistakes
  – Avoid privacy violations
  – Comply with laws about:
     • Collecting customer data
     • Monitoring employees
• Employees, IS users, and Internet users need to:
  – Avoid crime, fraud, privacy invasion
                                                     6
   Computer Waste and Mistakes
• Computer waste
  – Inappropriate use of computer technology and
    resources
• Computer-related mistakes
  – Errors, failures, and other computer problems that
    make computer output incorrect or not useful
  – Caused mostly by human error



                                                     7
            Computer Waste
• Cause: improper management of information
  systems and resources
  – Discarding old software and computer systems
    when they still have value
  – Building and maintaining complex systems that
    are never used to their fullest extent
  – Using corporate time and technology for
    personal use
  – Spam

                                                    8
    Computer-Related Mistakes
• Common causes
  – Failure by users to follow proper procedures
  – Unclear expectations and a lack of feedback
  – Program development that contains errors
  – Incorrect data entry by data-entry clerk




                                                   9
 Preventing Computer-Related Waste
            and Mistakes
• Effective policies and procedures must be:
  – Established
  – Implemented
  – Monitored
  – Reviewed




                                               10
  Establishing Policies and Procedures
• Establish policies and procedures regarding
  efficient acquisition, use, and disposal of systems
  and devices
• Identify most common types of computer-related
  mistakes
• Training programs for individuals and workgroups
• Manuals and documents on how computer
  systems are to be maintained and used
• Approval of certain systems and applications
  before they are implemented and used

                                                    11
Implementing Policies and Procedures
• Policies often focus on:
  – Implementation of source data automation
  – Use of data editing to ensure data accuracy and
    completeness
  – Assignment of clear responsibility for data
    accuracy within each information system
• Training is very important for acceptance and
  implementation of policies and procedures

                                                      12
Monitoring Policies and Procedures
• Monitor routine practices and take corrective
  action if necessary
• Implement internal audits to measure actual
  results against established goals
• Follow requirements in Sarbanes-Oxley Act
  – Requires companies to document underlying
    financial data to validate earnings reports



                                                  13
Reviewing Policies and Procedures
• Do current policies cover existing practices
  adequately?
  – Were any problems or opportunities uncovered
    during monitoring?
• Does the organization plan any new activities
  in the future?
  – If so, does it need new policies or procedures on
    who will handle them and what must be done?
• Are contingencies and disasters covered?

                                                        14
            Computer Crime
• Often defies detection
• Amount stolen or diverted can be substantial
• Crime is “clean” and nonviolent
• Number of IT-related security incidents is
  increasing dramatically
• Computer crime is now global



                                                 15
  The Computer as a Tool to Commit
              Crime
• Criminals need two capabilities to commit
  most computer crimes
  – Knowing how to gain access to computer system
  – Knowing how to manipulate the system to
    produce desired results
• Examples
  – Social engineering
  – Dumpster diving
  – Counterfeit and banking fraud using sophisticated
    desktop publishing programs and high-quality
    printers
                                                    16
               Cyberterrorism
• Cyberterrorist: intimidates or coerces a
  government or organization to advance his or her
  political or social objectives by launching
  computer-based attacks against computers,
  networks, and information stored on them
• Homeland Security Department’s Information
  Analysis and Infrastructure Protection Directorate
  – Serves as governmental focal point for fighting
    cyberterrorism

                                                      17
                  Identity Theft
• Imposter obtains personal identification
  information such as Social Security or driver’s
  license numbers in order to impersonate
  someone else
   – To obtain credit, merchandise, and services in the
     name of the victim
   – To have false credentials
• Identity Theft and Assumption Deterrence Act of
  1998 passed to fight identity theft
• 9 million victims in 2005
                                                          18
 The Computer as the Object of Crime
• Crimes fall into several categories
  – Illegal access and use
  – Data alteration and destruction
  – Information and equipment theft
  – Software and Internet piracy
  – Computer-related scams
  – International computer crime



                                        19
         Illegal Access and Use

• Hacker: learns about and uses computer systems
• Criminal hacker (also called a cracker): gains
  unauthorized use or illegal access to computer
  systems
• Script bunny: automates the job of crackers
• Insider: employee who comprises corporate
  systems
• Malware: software programs that destroy or
  damage processing
                                               20
 Illegal Access and Use (continued)
• Virus: program file capable of attaching to
  disks or other files and replicating itself
  repeatedly
• Worm: parasitic computer program that can
  create copies of itself on infected computer or
  send copies to other computers via a network



                                                21
 Illegal Access and Use (continued)
• Trojan horse: program that appears to be
  useful but purposefully does something user
  does not expect
• Logic bomb: type of Trojan horse that
  executes when specific conditions occur
• Variant: modified version of a virus that is
  produced by virus’s author or another person


                                                 22
       Using Antivirus Programs
• Antivirus program: program or utility that
  prevents viruses and recovers from them if they
  infect a computer
• Tips on using antivirus software
  – Run and update antivirus software often
  – Scan all diskettes and CDs before using them
  – Install software only from a sealed package or secure,
    well-known Web site
  – Follow careful downloading practices
  – If you detect a virus, take immediate action

                                                         23
Using Antivirus Programs (continued)




    Antivirus software should be used and updated often

                             24
 Information and Equipment Theft
• Obtaining identification numbers and
  passwords to steal information or disrupt
  systems
  – Trial and error, password sniffer program
• Software theft
• Computer systems and equipment theft
  – Data on equipment is valuable


                                                25
Software and Internet Software Piracy
• Software is protected by copyright laws
• Copyright law violations
   – Making additional copies
   – Loading the software onto more than one machine
• Software piracy: act of illegally duplicating
  software
• Internet-based software piracy
   – Most rapidly expanding type of software piracy and
     most difficult form to combat
   – Examples: pirate Web sites, auction sites with
     counterfeit software, peer-to-peer networks

                                                          26
      Computer-Related Scams
• Examples of Internet scams
  – Get-rich-quick schemes
  – “Free” vacations with huge hidden costs
  – Bank fraud
  – Fake telephone lotteries
  – Selling worthless penny stocks
• Phishing
  – Gaining access to personal information by
    redirecting user to fake site

                                                27
   International Computer Crime
• Computer crime becomes more complex
  when it is committed internationally
• Large percentage of software piracy takes
  place across borders
• Threat of terrorists, international drug dealers,
  and other criminals using information systems
  to launder illegally obtained funds
• Computer Associates International’s
  CleverPath for Global Compliance software
                                                  28
 Preventing Computer-Related Crime
• Efforts to curb computer crime being made
  by:
  – Private users
  – Companies
  – Employees
  – Public officials




                                              29
Crime Prevention by State and Federal
              Agencies
• Computer Fraud and Abuse Act of 1986
  – Punishment based on the victim’s dollar loss
• Computer Emergency Response Team (CERT)
  – Responds to network security breaches
  – Monitors systems for emerging threats
• Newer and tougher computer crime
  legislation is emerging


                                                   30
 Crime Prevention by Corporations
• Public key infrastructure (PKI)
  – Allows users of an unsecured public network such
    as the Internet to securely and privately exchange
    data
  – Use of a public and a private cryptographic key
    pair, obtained and shared through a trusted
    authority
• Biometrics: measurement of one of a person’s
  traits, whether physical or behavioral
                                                     31
Crime Prevention by Corporations
          (continued)




Table 14.3: Common Methods Used to Commit Computer Crimes

                                                            32
Crime Prevention by Corporations
          (continued)




Table 14.3: Common Methods Used to Commit Computer Crimes
                         (continued)

                                                            33
Using Intrusion Detection Software
• Intrusion detection system (IDS)
  – Monitors system and network resources
  – Notifies network security personnel when it
    senses a possible intrusion, such as:
     • Repeated failed logon attempts
     • Attempts to download a program to a server
     • Access to a system at unusual hours
  – Can provide false alarms
  – E-mail or voice message alerts may be missed

                                                    34
    Using Managed Security Service
          Providers (MSSPs)
• Managed security service provider (MSSP):
  organization that monitors, manages, and
  maintains network security for both hardware
  and software for its client companies
  – Sifts through alarms and alerts from all monitoring
    systems
  – May provide scanning, blocking, and filtering
    capabilities
  – Useful for small and midsized companies
                                                     35
Internet Laws for Libel and Protection
             of Decency
• Filtering software
  – Screens Internet content to protect children
  – Prevents children from sending personal
    information over e-mail or through chat groups
• Internet Content Rating Association (ICRA)
  rating system for Web sites
• Children’s Internet Protection Act (CIPA)
  – Requires filters in federally funded libraries

                                                     36
Internet Laws for Libel and Protection
       of Decency (continued)
• Libel: publishing an intentionally false written
  statement that is damaging to a person’s
  reputation
• Can online services be sued for libel for
  content that someone else publishes on their
  service?



                                                     37
 Preventing Crime on the Internet
• Develop effective Internet usage and security
  policies
• Use a stand-alone firewall with network
  monitoring capabilities
• Deploy intrusion detection systems, monitor
  them, and follow up on their alarms
• Monitor managers’ and employees’ use of
  Internet
• Use Internet security specialists to perform
  audits of all Internet and network activities

                                                  38
              Privacy Issues

• With information systems, privacy deals with
  the collection and use or misuse of data
• More and more information on all of us is
  being collected, stored, used, and shared
  among organizations
• Who owns this information and knowledge?



                                                 39
 Privacy and the Federal Government
• Data collectors
  – U.S. federal government
  – State and local governments
  – Profit and nonprofit organizations
• U.S. National Security Agency (NSA)’s program
  to wiretap telephone and Internet traffic of
  U.S. residents


                                              40
              Privacy at Work
• Rights of workers who want their privacy versus
  interests of companies that demand to know
  more about their employees
• Workers can be closely monitored via computer
  technology
  – Track every keystroke made by a user
  – Determine what workers are doing while at the
    keyboard
  – Estimate how many breaks workers are taking
• Many workers consider monitoring dehumanizing
                                                    41
              E-Mail Privacy
• Federal law permits employers to monitor e-
  mail sent and received by employees
• E-mail messages that have been erased from
  hard disks can be retrieved and used in
  lawsuits
• Use of e-mail among public officials might
  violate “open meeting” laws


                                                42
        Privacy and the Internet
• Huge potential for privacy invasion on the
  Internet
  – E-mail messages
  – Visiting a Web site
  – Buying products over the Internet
• Platform for Privacy Preferences (P3P): screening
  technology
• Children’s Online Privacy Protection Act (COPPA),
  1998: requires privacy policies and parental
  consent
• Potential dangers on social networking Web sites
                                                  43
Fairness in Information Use




Table 14.4: The Right to Know and the Ability to Decide


                                                          44
       Fairness in Information Use
               (continued)
• The Privacy Act of 1974: provides privacy
  protection from federal agencies
• Gramm-Leach-Bliley Act: requires financial
  institutions to protect customers’ nonpublic data
• USA Patriot Act: allows law enforcement and
  intelligence agencies to gather private
  information
• Other laws regulate fax advertisements, credit-
  card bureaus, the IRS, video rental stores,
  telemarketers, etc.

                                                  45
      Corporate Privacy Policies
• Should address a customer’s knowledge,
  control, notice, and consent over storage and
  use of information
• May cover who has access to private data and
  when it may be used
• A good database design practice is to assign a
  single unique identifier to each customer


                                               46
Individual Efforts to Protect Privacy
• Find out what is stored about you in existing
  databases
• Be careful when you share information about
  yourself
• Be proactive to protect your privacy
• When purchasing anything from a Web site,
  make sure that you safeguard your credit card
  numbers, passwords, and personal
  information
                                              47
         The Work Environment
• Use of computer-based information systems has
  changed the workforce
  – Jobs that require IS literacy have increased
  – Less-skilled positions have decreased
• Computer technology and information systems
  have opened up numerous avenues to
  professionals and nonprofessionals
• Despite increasing productivity and efficiency,
  computers and information systems can raise
  other concerns
                                                    48
            Health Concerns

• Occupational stress
• Repetitive stress injury (RSI)
• Carpal tunnel syndrome (CTS)
• Emissions from improperly maintained and
  used equipment
• Increase in traffic accidents due to drivers
  using cell phones, laptops, or other devices
  while driving
                                                 49
   Avoiding Health and Environment
              Problems
• Work stressors: hazardous activities associated
  with unfavorable conditions of a poorly designed
  work environment
• Ergonomics: science of designing machines,
  products, and systems to maximize safety,
  comfort, and efficiency of people who use them
• Employers, individuals, and hardware
  manufacturing companies can take steps to
  reduce RSI and develop a better work
  environment

                                                 50
     Avoiding Health and Environment
           Problems (continued)




Research has shown that developing certain ergonomically correct habits can
                reduce the risk of RSI when using a computer

                                                                      51
 Ethical Issues in Information Systems
• Laws do not provide a complete guide to ethical
  behavior
• Many IS-related organizations have codes of
  ethics for their members
• American Computing Machinery (ACM): oldest
  computing society founded in 1947
• ACM’s code of ethics and professional conduct
  – Contribute to society and human well-being
  – Avoid harm to others
  – Be honest and trustworthy


                                                    52
 Ethical Issues in Information Systems
              (continued)
• ACM’s code of ethics and professional conduct
  (continued)
  – Be fair and take action not to discriminate
  – Honor property rights including copyrights and
    patents
  – Give proper credit for intellectual property
  – Respect the privacy of others
  – Honor confidentiality


                                                     53
                  Summary
• Computer waste: inappropriate use of computer
  technology and resources
• Computer-related mistakes: errors, failures, and
  other computer problems that make computer
  output incorrect or not useful; caused mostly by
  human error
• Preventing computer-related waste and mistakes
  requires establishing, implementing, monitoring,
  and reviewing effective policies and procedures
                                                 54
         Summary (continued)
• Criminals need two capabilities to commit most
  computer crimes: knowing how to gain access to
  a computer system and knowing how to
  manipulate the system to produce desired results
• Crimes in which computer is the tool:
  cyberterrorism, identity theft, etc.
• Crimes in which computer is the object of crime:
  illegal access and use, data alteration and
  destruction, information and equipment theft,
  software and Internet piracy, computer-related
  scams, and international computer crime

                                                 55
         Summary (continued)
• Efforts to curb computer crime are being made by
  state and federal agencies, corporations, and
  individuals
• With information systems, privacy deals with the
  collection and use or misuse of data
• Ergonomics: science of designing machines,
  products, and systems to maximize safety,
  comfort, and efficiency of people who use them
• Many IS-related organizations have codes of
  ethics for their members
                                                 56

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:0
posted:5/18/2013
language:Unknown
pages:56
yaofenji yaofenji
About