Document Sample
lecture12 Powered By Docstoc
					                    CLARK UNIVERSITY
     College of Professional and Continuing Education

Management Information Systems

                  Lection 12
           Ethical Aspects of Using
            Information Systems
•   Basic terms
•   IS in global economy
•   Computer waste and mistakes
•   Computer crime
•   Privacy issues
•   Ethical and societal issues

Stair R., Reynolds G.
Principles of Information Systems, Eighth Edition
Principles and Learning Objectives
• Policies and procedures must be established
  to avoid computer waste and mistakes
  – Describe some examples of waste and mistakes in
    an IS environment, their causes, and possible
  – Identify policies and procedures useful in
    eliminating waste and mistakes
  – Discuss the principles and limits of an individual’s
    right to privacy

   Principles and Learning Objectives
• Computer crime is a serious and rapidly
  growing area of concern requiring
  management attention
  – Explain the types and effects of computer crime
  – Identify specific measures to prevent computer

  Principles and Learning Objectives
• Jobs, equipment, and working conditions must
  be designed to avoid negative health effects
  – List the important effects of computers on the
    work environment
  – Identify specific actions that must be taken to
    ensure the health and safety of employees
  – Outline criteria for the ethical use of information

Why Learn About Security, Privacy, and
 Ethical Issues in Information Systems
            and the Internet?
• Many nontechnical issues associated with ISs
• Human Resource employees need to:
  – Prevent computer waste and mistakes
  – Avoid privacy violations
  – Comply with laws about:
     • Collecting customer data
     • Monitoring employees
• Employees, IS users, and Internet users need to:
  – Avoid crime, fraud, privacy invasion
   Computer Waste and Mistakes
• Computer waste
  – Inappropriate use of computer technology and
• Computer-related mistakes
  – Errors, failures, and other computer problems that
    make computer output incorrect or not useful
  – Caused mostly by human error

            Computer Waste
• Cause: improper management of information
  systems and resources
  – Discarding old software and computer systems
    when they still have value
  – Building and maintaining complex systems that
    are never used to their fullest extent
  – Using corporate time and technology for
    personal use
  – Spam

    Computer-Related Mistakes
• Common causes
  – Failure by users to follow proper procedures
  – Unclear expectations and a lack of feedback
  – Program development that contains errors
  – Incorrect data entry by data-entry clerk

 Preventing Computer-Related Waste
            and Mistakes
• Effective policies and procedures must be:
  – Established
  – Implemented
  – Monitored
  – Reviewed

  Establishing Policies and Procedures
• Establish policies and procedures regarding
  efficient acquisition, use, and disposal of systems
  and devices
• Identify most common types of computer-related
• Training programs for individuals and workgroups
• Manuals and documents on how computer
  systems are to be maintained and used
• Approval of certain systems and applications
  before they are implemented and used

Implementing Policies and Procedures
• Policies often focus on:
  – Implementation of source data automation
  – Use of data editing to ensure data accuracy and
  – Assignment of clear responsibility for data
    accuracy within each information system
• Training is very important for acceptance and
  implementation of policies and procedures

Monitoring Policies and Procedures
• Monitor routine practices and take corrective
  action if necessary
• Implement internal audits to measure actual
  results against established goals
• Follow requirements in Sarbanes-Oxley Act
  – Requires companies to document underlying
    financial data to validate earnings reports

Reviewing Policies and Procedures
• Do current policies cover existing practices
  – Were any problems or opportunities uncovered
    during monitoring?
• Does the organization plan any new activities
  in the future?
  – If so, does it need new policies or procedures on
    who will handle them and what must be done?
• Are contingencies and disasters covered?

            Computer Crime
• Often defies detection
• Amount stolen or diverted can be substantial
• Crime is “clean” and nonviolent
• Number of IT-related security incidents is
  increasing dramatically
• Computer crime is now global

  The Computer as a Tool to Commit
• Criminals need two capabilities to commit
  most computer crimes
  – Knowing how to gain access to computer system
  – Knowing how to manipulate the system to
    produce desired results
• Examples
  – Social engineering
  – Dumpster diving
  – Counterfeit and banking fraud using sophisticated
    desktop publishing programs and high-quality
• Cyberterrorist: intimidates or coerces a
  government or organization to advance his or her
  political or social objectives by launching
  computer-based attacks against computers,
  networks, and information stored on them
• Homeland Security Department’s Information
  Analysis and Infrastructure Protection Directorate
  – Serves as governmental focal point for fighting

                  Identity Theft
• Imposter obtains personal identification
  information such as Social Security or driver’s
  license numbers in order to impersonate
  someone else
   – To obtain credit, merchandise, and services in the
     name of the victim
   – To have false credentials
• Identity Theft and Assumption Deterrence Act of
  1998 passed to fight identity theft
• 9 million victims in 2005
 The Computer as the Object of Crime
• Crimes fall into several categories
  – Illegal access and use
  – Data alteration and destruction
  – Information and equipment theft
  – Software and Internet piracy
  – Computer-related scams
  – International computer crime

         Illegal Access and Use

• Hacker: learns about and uses computer systems
• Criminal hacker (also called a cracker): gains
  unauthorized use or illegal access to computer
• Script bunny: automates the job of crackers
• Insider: employee who comprises corporate
• Malware: software programs that destroy or
  damage processing
 Illegal Access and Use (continued)
• Virus: program file capable of attaching to
  disks or other files and replicating itself
• Worm: parasitic computer program that can
  create copies of itself on infected computer or
  send copies to other computers via a network

 Illegal Access and Use (continued)
• Trojan horse: program that appears to be
  useful but purposefully does something user
  does not expect
• Logic bomb: type of Trojan horse that
  executes when specific conditions occur
• Variant: modified version of a virus that is
  produced by virus’s author or another person

       Using Antivirus Programs
• Antivirus program: program or utility that
  prevents viruses and recovers from them if they
  infect a computer
• Tips on using antivirus software
  – Run and update antivirus software often
  – Scan all diskettes and CDs before using them
  – Install software only from a sealed package or secure,
    well-known Web site
  – Follow careful downloading practices
  – If you detect a virus, take immediate action

Using Antivirus Programs (continued)

    Antivirus software should be used and updated often

 Information and Equipment Theft
• Obtaining identification numbers and
  passwords to steal information or disrupt
  – Trial and error, password sniffer program
• Software theft
• Computer systems and equipment theft
  – Data on equipment is valuable

Software and Internet Software Piracy
• Software is protected by copyright laws
• Copyright law violations
   – Making additional copies
   – Loading the software onto more than one machine
• Software piracy: act of illegally duplicating
• Internet-based software piracy
   – Most rapidly expanding type of software piracy and
     most difficult form to combat
   – Examples: pirate Web sites, auction sites with
     counterfeit software, peer-to-peer networks

      Computer-Related Scams
• Examples of Internet scams
  – Get-rich-quick schemes
  – “Free” vacations with huge hidden costs
  – Bank fraud
  – Fake telephone lotteries
  – Selling worthless penny stocks
• Phishing
  – Gaining access to personal information by
    redirecting user to fake site

   International Computer Crime
• Computer crime becomes more complex
  when it is committed internationally
• Large percentage of software piracy takes
  place across borders
• Threat of terrorists, international drug dealers,
  and other criminals using information systems
  to launder illegally obtained funds
• Computer Associates International’s
  CleverPath for Global Compliance software
 Preventing Computer-Related Crime
• Efforts to curb computer crime being made
  – Private users
  – Companies
  – Employees
  – Public officials

Crime Prevention by State and Federal
• Computer Fraud and Abuse Act of 1986
  – Punishment based on the victim’s dollar loss
• Computer Emergency Response Team (CERT)
  – Responds to network security breaches
  – Monitors systems for emerging threats
• Newer and tougher computer crime
  legislation is emerging

 Crime Prevention by Corporations
• Public key infrastructure (PKI)
  – Allows users of an unsecured public network such
    as the Internet to securely and privately exchange
  – Use of a public and a private cryptographic key
    pair, obtained and shared through a trusted
• Biometrics: measurement of one of a person’s
  traits, whether physical or behavioral
Crime Prevention by Corporations

Table 14.3: Common Methods Used to Commit Computer Crimes

Crime Prevention by Corporations

Table 14.3: Common Methods Used to Commit Computer Crimes

Using Intrusion Detection Software
• Intrusion detection system (IDS)
  – Monitors system and network resources
  – Notifies network security personnel when it
    senses a possible intrusion, such as:
     • Repeated failed logon attempts
     • Attempts to download a program to a server
     • Access to a system at unusual hours
  – Can provide false alarms
  – E-mail or voice message alerts may be missed

    Using Managed Security Service
          Providers (MSSPs)
• Managed security service provider (MSSP):
  organization that monitors, manages, and
  maintains network security for both hardware
  and software for its client companies
  – Sifts through alarms and alerts from all monitoring
  – May provide scanning, blocking, and filtering
  – Useful for small and midsized companies
Internet Laws for Libel and Protection
             of Decency
• Filtering software
  – Screens Internet content to protect children
  – Prevents children from sending personal
    information over e-mail or through chat groups
• Internet Content Rating Association (ICRA)
  rating system for Web sites
• Children’s Internet Protection Act (CIPA)
  – Requires filters in federally funded libraries

Internet Laws for Libel and Protection
       of Decency (continued)
• Libel: publishing an intentionally false written
  statement that is damaging to a person’s
• Can online services be sued for libel for
  content that someone else publishes on their

 Preventing Crime on the Internet
• Develop effective Internet usage and security
• Use a stand-alone firewall with network
  monitoring capabilities
• Deploy intrusion detection systems, monitor
  them, and follow up on their alarms
• Monitor managers’ and employees’ use of
• Use Internet security specialists to perform
  audits of all Internet and network activities

              Privacy Issues

• With information systems, privacy deals with
  the collection and use or misuse of data
• More and more information on all of us is
  being collected, stored, used, and shared
  among organizations
• Who owns this information and knowledge?

 Privacy and the Federal Government
• Data collectors
  – U.S. federal government
  – State and local governments
  – Profit and nonprofit organizations
• U.S. National Security Agency (NSA)’s program
  to wiretap telephone and Internet traffic of
  U.S. residents

              Privacy at Work
• Rights of workers who want their privacy versus
  interests of companies that demand to know
  more about their employees
• Workers can be closely monitored via computer
  – Track every keystroke made by a user
  – Determine what workers are doing while at the
  – Estimate how many breaks workers are taking
• Many workers consider monitoring dehumanizing
              E-Mail Privacy
• Federal law permits employers to monitor e-
  mail sent and received by employees
• E-mail messages that have been erased from
  hard disks can be retrieved and used in
• Use of e-mail among public officials might
  violate “open meeting” laws

        Privacy and the Internet
• Huge potential for privacy invasion on the
  – E-mail messages
  – Visiting a Web site
  – Buying products over the Internet
• Platform for Privacy Preferences (P3P): screening
• Children’s Online Privacy Protection Act (COPPA),
  1998: requires privacy policies and parental
• Potential dangers on social networking Web sites
Fairness in Information Use

Table 14.4: The Right to Know and the Ability to Decide

       Fairness in Information Use
• The Privacy Act of 1974: provides privacy
  protection from federal agencies
• Gramm-Leach-Bliley Act: requires financial
  institutions to protect customers’ nonpublic data
• USA Patriot Act: allows law enforcement and
  intelligence agencies to gather private
• Other laws regulate fax advertisements, credit-
  card bureaus, the IRS, video rental stores,
  telemarketers, etc.

      Corporate Privacy Policies
• Should address a customer’s knowledge,
  control, notice, and consent over storage and
  use of information
• May cover who has access to private data and
  when it may be used
• A good database design practice is to assign a
  single unique identifier to each customer

Individual Efforts to Protect Privacy
• Find out what is stored about you in existing
• Be careful when you share information about
• Be proactive to protect your privacy
• When purchasing anything from a Web site,
  make sure that you safeguard your credit card
  numbers, passwords, and personal
         The Work Environment
• Use of computer-based information systems has
  changed the workforce
  – Jobs that require IS literacy have increased
  – Less-skilled positions have decreased
• Computer technology and information systems
  have opened up numerous avenues to
  professionals and nonprofessionals
• Despite increasing productivity and efficiency,
  computers and information systems can raise
  other concerns
            Health Concerns

• Occupational stress
• Repetitive stress injury (RSI)
• Carpal tunnel syndrome (CTS)
• Emissions from improperly maintained and
  used equipment
• Increase in traffic accidents due to drivers
  using cell phones, laptops, or other devices
  while driving
   Avoiding Health and Environment
• Work stressors: hazardous activities associated
  with unfavorable conditions of a poorly designed
  work environment
• Ergonomics: science of designing machines,
  products, and systems to maximize safety,
  comfort, and efficiency of people who use them
• Employers, individuals, and hardware
  manufacturing companies can take steps to
  reduce RSI and develop a better work

     Avoiding Health and Environment
           Problems (continued)

Research has shown that developing certain ergonomically correct habits can
                reduce the risk of RSI when using a computer

 Ethical Issues in Information Systems
• Laws do not provide a complete guide to ethical
• Many IS-related organizations have codes of
  ethics for their members
• American Computing Machinery (ACM): oldest
  computing society founded in 1947
• ACM’s code of ethics and professional conduct
  – Contribute to society and human well-being
  – Avoid harm to others
  – Be honest and trustworthy

 Ethical Issues in Information Systems
• ACM’s code of ethics and professional conduct
  – Be fair and take action not to discriminate
  – Honor property rights including copyrights and
  – Give proper credit for intellectual property
  – Respect the privacy of others
  – Honor confidentiality

• Computer waste: inappropriate use of computer
  technology and resources
• Computer-related mistakes: errors, failures, and
  other computer problems that make computer
  output incorrect or not useful; caused mostly by
  human error
• Preventing computer-related waste and mistakes
  requires establishing, implementing, monitoring,
  and reviewing effective policies and procedures
         Summary (continued)
• Criminals need two capabilities to commit most
  computer crimes: knowing how to gain access to
  a computer system and knowing how to
  manipulate the system to produce desired results
• Crimes in which computer is the tool:
  cyberterrorism, identity theft, etc.
• Crimes in which computer is the object of crime:
  illegal access and use, data alteration and
  destruction, information and equipment theft,
  software and Internet piracy, computer-related
  scams, and international computer crime

         Summary (continued)
• Efforts to curb computer crime are being made by
  state and federal agencies, corporations, and
• With information systems, privacy deals with the
  collection and use or misuse of data
• Ergonomics: science of designing machines,
  products, and systems to maximize safety,
  comfort, and efficiency of people who use them
• Many IS-related organizations have codes of
  ethics for their members

Shared By:
yaofenji yaofenji