Docstoc

Principles of Information System

Document Sample
Principles of Information System Powered By Docstoc
					 Principles of Information
         Systems
      Eighth Edition

          Chapter 14
The Personal and Social Impact of
          Computers
     Principles and Learning Objectives

• Policies and procedures must be established to
  avoid computer waste and mistakes
     – Describe some examples of waste and mistakes in
       an IS environment, their causes, and possible
       solutions
     – Identify policies and procedures useful in eliminating
       waste and mistakes
     – Discuss the principles and limits of an individual’s
       right to privacy



Principles of Information Systems, Eighth Edition           2
     Principles and Learning Objectives
                 (continued)
• Computer crime is a serious and rapidly growing
  area of concern requiring management attention
     – Explain the types and effects of computer crime
     – Identify specific measures to prevent computer crime




Principles of Information Systems, Eighth Edition         3
     Principles and Learning Objectives
                 (continued)
• Jobs, equipment, and working conditions must be
  designed to avoid negative health effects
     – List the important effects of computers on the work
       environment
     – Identify specific actions that must be taken to ensure
       the health and safety of employees
     – Outline criteria for the ethical use of information
       systems




Principles of Information Systems, Eighth Edition           4
    Why Learn About Security, Privacy,
     and Ethical Issues in Information
        Systems and the Internet?
• Many nontechnical issues associated with ISs
• Human Resource employees need to:
     – Prevent computer waste and mistakes
     – Avoid privacy violations
     – Comply with laws about:
           • Collecting customer data
           • Monitoring employees
• Employees, IS users, and Internet users need to:
     – Avoid crime, fraud, privacy invasion

Principles of Information Systems, Eighth Edition    5
          Computer Waste and Mistakes

• Computer waste
     – Inappropriate use of computer technology and
       resources
• Computer-related mistakes
     – Errors, failures, and other computer problems that
       make computer output incorrect or not useful
     – Caused mostly by human error




Principles of Information Systems, Eighth Edition           6
                            Computer Waste

• Cause: improper management of information
  systems and resources
     – Discarding old software and computer systems when
       they still have value
     – Building and maintaining complex systems that are
       never used to their fullest extent
     – Using corporate time and technology for personal
       use
     – Spam



Principles of Information Systems, Eighth Edition      7
              Computer-Related Mistakes

• Common causes
     –   Failure by users to follow proper procedures
     –   Unclear expectations and a lack of feedback
     –   Program development that contains errors
     –   Incorrect data entry by data-entry clerk




Principles of Information Systems, Eighth Edition       8
  Preventing Computer-Related Waste
             and Mistakes
• Effective policies and procedures must be:
     –   Established
     –   Implemented
     –   Monitored
     –   Reviewed




Principles of Information Systems, Eighth Edition   9
  Establishing Policies and Procedures

• Establish policies and procedures regarding
  efficient acquisition, use, and disposal of systems
  and devices
• Identify most common types of computer-related
  mistakes
• Training programs for individuals and workgroups
• Manuals and documents on how computer systems
  are to be maintained and used
• Approval of certain systems and applications
  before they are implemented and used
Principles of Information Systems, Eighth Edition   10
Implementing Policies and Procedures

• Policies often focus on:
     – Implementation of source data automation
     – Use of data editing to ensure data accuracy and
       completeness
     – Assignment of clear responsibility for data accuracy
       within each information system
• Training is very important for acceptance and
  implementation of policies and procedures



Principles of Information Systems, Eighth Edition             11
    Monitoring Policies and Procedures

• Monitor routine practices and take corrective action
  if necessary
• Implement internal audits to measure actual results
  against established goals
• Follow requirements in Sarbanes-Oxley Act
     – Requires companies to document underlying
       financial data to validate earnings reports




Principles of Information Systems, Eighth Edition    12
    Reviewing Policies and Procedures

• Do current policies cover existing practices
  adequately?
     – Were any problems or opportunities uncovered
       during monitoring?
• Does the organization plan any new activities in the
  future?
     – If so, does it need new policies or procedures on
       who will handle them and what must be done?
• Are contingencies and disasters covered?


Principles of Information Systems, Eighth Edition          13
                             Computer Crime

• Often defies detection
• Amount stolen or diverted can be substantial
• Crime is “clean” and nonviolent
• Number of IT-related security incidents is
  increasing dramatically
• Computer crime is now global




Principles of Information Systems, Eighth Edition   14
    The Computer as a Tool to Commit
                Crime
• Criminals need two capabilities to commit most
  computer crimes
     – Knowing how to gain access to computer system
     – Knowing how to manipulate the system to produce
       desired results
• Examples
     – Social engineering
     – Dumpster diving
     – Counterfeit and banking fraud using sophisticated
       desktop publishing programs and high-quality
       printers

Principles of Information Systems, Eighth Edition          15
                               Cyberterrorism

• Cyberterrorist: intimidates or coerces a
  government or organization to advance his or her
  political or social objectives by launching computer-
  based attacks against computers, networks, and
  information stored on them
• Homeland Security Department’s Information
  Analysis and Infrastructure Protection Directorate
     – Serves as governmental focal point for fighting
       cyberterrorism



Principles of Information Systems, Eighth Edition        16
                                 Identity Theft

• Imposter obtains personal identification information
  such as Social Security or driver’s license numbers
  in order to impersonate someone else
     – To obtain credit, merchandise, and services in the
       name of the victim
     – To have false credentials
• Identity Theft and Assumption Deterrence Act of
  1998 passed to fight identity theft
• 9 million victims in 2005


Principles of Information Systems, Eighth Edition           17
 The Computer as the Object of Crime

• Crimes fall into several categories
     –   Illegal access and use
     –   Data alteration and destruction
     –   Information and equipment theft
     –   Software and Internet piracy
     –   Computer-related scams
     –   International computer crime




Principles of Information Systems, Eighth Edition   18
                    Illegal Access and Use

• Hacker: learns about and uses computer systems
• Criminal hacker (also called a cracker): gains
  unauthorized use or illegal access to computer
  systems
• Script bunny: automates the job of crackers
• Insider: employee who comprises corporate
  systems
• Malware: software programs that destroy or
  damage processing

Principles of Information Systems, Eighth Edition   19
     Illegal Access and Use (continued)

• Virus: program file capable of attaching to disks or
  other files and replicating itself repeatedly
• Worm: parasitic computer program that can create
  copies of itself on infected computer or send copies
  to other computers via a network




Principles of Information Systems, Eighth Edition   20
     Illegal Access and Use (continued)

• Trojan horse: program that appears to be useful
  but purposefully does something user does not
  expect
• Logic bomb: type of Trojan horse that executes
  when specific conditions occur
• Variant: modified version of a virus that is
  produced by virus’s author or another person




Principles of Information Systems, Eighth Edition   21
                 Using Antivirus Programs

• Antivirus program: program or utility that prevents
  viruses and recovers from them if they infect a
  computer
• Tips on using antivirus software
     – Run and update antivirus software often
     – Scan all diskettes and CDs before using them
     – Install software only from a sealed package or
       secure, well-known Web site
     – Follow careful downloading practices
     – If you detect a virus, take immediate action

Principles of Information Systems, Eighth Edition       22
 Using Antivirus Programs (continued)




             Antivirus software should be used and updated often
Principles of Information Systems, Eighth Edition                  23
       Information and Equipment Theft

• Obtaining identification numbers and passwords to
  steal information or disrupt systems
     – Trial and error, password sniffer program
• Software theft
• Computer systems and equipment theft
     – Data on equipment is valuable




Principles of Information Systems, Eighth Edition   24
 Software and Internet Software Piracy
• Software is protected by copyright laws
• Copyright law violations
     – Making additional copies
     – Loading the software onto more than one machine
• Software piracy: act of illegally duplicating
  software
• Internet-based software piracy
     – Most rapidly expanding type of software piracy and
       most difficult form to combat
     – Examples: pirate Web sites, auction sites with
       counterfeit software, peer-to-peer networks
Principles of Information Systems, Eighth Edition           25
                Computer-Related Scams

• Examples of Internet scams
     –   Get-rich-quick schemes
     –   “Free” vacations with huge hidden costs
     –   Bank fraud
     –   Fake telephone lotteries
     –   Selling worthless penny stocks
• Phishing
     – Gaining access to personal information by
       redirecting user to fake site


Principles of Information Systems, Eighth Edition   26
            International Computer Crime

• Computer crime becomes more complex when it is
  committed internationally
• Large percentage of software piracy takes place
  across borders
• Threat of terrorists, international drug dealers, and
  other criminals using information systems to
  launder illegally obtained funds
• Computer Associates International’s CleverPath for
  Global Compliance software


Principles of Information Systems, Eighth Edition    27
   Preventing Computer-Related Crime

• Efforts to curb computer crime being made by:
     –   Private users
     –   Companies
     –   Employees
     –   Public officials




Principles of Information Systems, Eighth Edition   28
          Crime Prevention by State and
                Federal Agencies
• Computer Fraud and Abuse Act of 1986
     – Punishment based on the victim’s dollar loss
• Computer Emergency Response Team (CERT)
     – Responds to network security breaches
     – Monitors systems for emerging threats
• Newer and tougher computer crime legislation is
  emerging




Principles of Information Systems, Eighth Edition     29
      Crime Prevention by Corporations

• Public key infrastructure (PKI)
     – Allows users of an unsecured public network such
       as the Internet to securely and privately exchange
       data
     – Use of a public and a private cryptographic key pair,
       obtained and shared through a trusted authority
• Biometrics: measurement of one of a person’s
  traits, whether physical or behavioral




Principles of Information Systems, Eighth Edition          30
      Crime Prevention by Corporations
                (continued)




     Table 14.3: Common Methods Used to Commit Computer Crimes
Principles of Information Systems, Eighth Edition                31
      Crime Prevention by Corporations
                (continued)




     Table 14.3: Common Methods Used to Commit Computer Crimes
                              (continued)
Principles of Information Systems, Eighth Edition                32
     Using Intrusion Detection Software

• Intrusion detection system (IDS)
     – Monitors system and network resources
     – Notifies network security personnel when it senses a
       possible intrusion, such as:
           • Repeated failed logon attempts
           • Attempts to download a program to a server
           • Access to a system at unusual hours
     – Can provide false alarms
     – E-mail or voice message alerts may be missed


Principles of Information Systems, Eighth Edition         33
        Using Managed Security Service
              Providers (MSSPs)
• Managed security service provider (MSSP):
  organization that monitors, manages, and
  maintains network security for both hardware and
  software for its client companies
     – Sifts through alarms and alerts from all monitoring
       systems
     – May provide scanning, blocking, and filtering
       capabilities
     – Useful for small and midsized companies



Principles of Information Systems, Eighth Edition            34
 Internet Laws for Libel and Protection
              of Decency
• Filtering software
     – Screens Internet content to protect children
     – Prevents children from sending personal information
       over e-mail or through chat groups
• Internet Content Rating Association (ICRA) rating
  system for Web sites
• Children’s Internet Protection Act (CIPA)
     – Requires filters in federally funded libraries



Principles of Information Systems, Eighth Edition        35
 Internet Laws for Libel and Protection
        of Decency (continued)
• Libel: publishing an intentionally false written
  statement that is damaging to a person’s reputation
• Can online services be sued for libel for content
  that someone else publishes on their service?




Principles of Information Systems, Eighth Edition   36
        Preventing Crime on the Internet

• Develop effective Internet usage and security
  policies
• Use a stand-alone firewall with network monitoring
  capabilities
• Deploy intrusion detection systems, monitor them,
  and follow up on their alarms
• Monitor managers’ and employees’ use of Internet
• Use Internet security specialists to perform audits
  of all Internet and network activities

Principles of Information Systems, Eighth Edition       37
                               Privacy Issues

• With information systems, privacy deals with the
  collection and use or misuse of data
• More and more information on all of us is being
  collected, stored, used, and shared among
  organizations
• Who owns this information and knowledge?




Principles of Information Systems, Eighth Edition    38
  Privacy and the Federal Government

• Data collectors
     – U.S. federal government
     – State and local governments
     – Profit and nonprofit organizations
• U.S. National Security Agency (NSA)’s program to
  wiretap telephone and Internet traffic of U.S.
  residents




Principles of Information Systems, Eighth Edition    39
                             Privacy at Work

• Rights of workers who want their privacy versus
  interests of companies that demand to know more
  about their employees
• Workers can be closely monitored via computer
  technology
     – Track every keystroke made by a user
     – Determine what workers are doing while at the
       keyboard
     – Estimate how many breaks workers are taking
• Many workers consider monitoring dehumanizing

Principles of Information Systems, Eighth Edition      40
                               E-Mail Privacy

• Federal law permits employers to monitor e-mail
  sent and received by employees
• E-mail messages that have been erased from hard
  disks can be retrieved and used in lawsuits
• Use of e-mail among public officials might violate
  “open meeting” laws




Principles of Information Systems, Eighth Edition   41
                   Privacy and the Internet

• Huge potential for privacy invasion on the Internet
     – E-mail messages
     – Visiting a Web site
     – Buying products over the Internet
• Platform for Privacy Preferences (P3P): screening
  technology
• Children’s Online Privacy Protection Act (COPPA),
  1998: requires privacy policies and parental
  consent
• Potential dangers on social networking Web sites
Principles of Information Systems, Eighth Edition       42
              Fairness in Information Use




            Table 14.4: The Right to Know and the Ability to Decide


Principles of Information Systems, Eighth Edition                     43
              Fairness in Information Use
                      (continued)
• The Privacy Act of 1974: provides privacy
  protection from federal agencies
• Gramm-Leach-Bliley Act: requires financial
  institutions to protect customers’ nonpublic data
• USA Patriot Act: allows law enforcement and
  intelligence agencies to gather private information
• Other laws regulate fax advertisements, credit-card
  bureaus, the IRS, video rental stores,
  telemarketers, etc.

Principles of Information Systems, Eighth Edition   44
                Corporate Privacy Policies

• Should address a customer’s knowledge, control,
  notice, and consent over storage and use of
  information
• May cover who has access to private data and
  when it may be used
• A good database design practice is to assign a
  single unique identifier to each customer




Principles of Information Systems, Eighth Edition   45
     Individual Efforts to Protect Privacy

• Find out what is stored about you in existing
  databases
• Be careful when you share information about
  yourself
• Be proactive to protect your privacy
• When purchasing anything from a Web site, make
  sure that you safeguard your credit card numbers,
  passwords, and personal information



Principles of Information Systems, Eighth Edition     46
                    The Work Environment

• Use of computer-based information systems has
  changed the workforce
     – Jobs that require IS literacy have increased
     – Less-skilled positions have decreased
• Computer technology and information systems
  have opened up numerous avenues to
  professionals and nonprofessionals
• Despite increasing productivity and efficiency,
  computers and information systems can raise other
  concerns

Principles of Information Systems, Eighth Edition     47
                            Health Concerns

• Occupational stress
• Repetitive stress injury (RSI)
• Carpal tunnel syndrome (CTS)
• Emissions from improperly maintained and used
  equipment
• Increase in traffic accidents due to drivers using
  cell phones, laptops, or other devices while driving




Principles of Information Systems, Eighth Edition    48
       Avoiding Health and Environment
                  Problems
• Work stressors: hazardous activities associated
  with unfavorable conditions of a poorly designed
  work environment
• Ergonomics: science of designing machines,
  products, and systems to maximize safety, comfort,
  and efficiency of people who use them
• Employers, individuals, and hardware
  manufacturing companies can take steps to reduce
  RSI and develop a better work environment

Principles of Information Systems, Eighth Edition   49
        Avoiding Health and Environment
              Problems (continued)




Research has shown that developing certain ergonomically correct habits can
                reduce the risk of RSI when using a computer

 Principles of Information Systems, Eighth Edition                   50
 Ethical Issues in Information Systems

• Laws do not provide a complete guide to ethical
  behavior
• Many IS-related organizations have codes of ethics
  for their members
• American Computing Machinery (ACM): oldest
  computing society founded in 1947
• ACM’s code of ethics and professional conduct
     – Contribute to society and human well-being
     – Avoid harm to others
     – Be honest and trustworthy
Principles of Information Systems, Eighth Edition   51
 Ethical Issues in Information Systems
              (continued)
• ACM’s code of ethics and professional conduct
  (continued)
     – Be fair and take action not to discriminate
     – Honor property rights including copyrights and
       patents
     – Give proper credit for intellectual property
     – Respect the privacy of others
     – Honor confidentiality




Principles of Information Systems, Eighth Edition       52
                                     Summary

• Computer waste: inappropriate use of computer
  technology and resources
• Computer-related mistakes: errors, failures, and
  other computer problems that make computer
  output incorrect or not useful; caused mostly by
  human error
• Preventing computer-related waste and mistakes
  requires establishing, implementing, monitoring,
  and reviewing effective policies and procedures


Principles of Information Systems, Eighth Edition    53
                      Summary (continued)

• Criminals need two capabilities to commit most
  computer crimes: knowing how to gain access to a
  computer system and knowing how to manipulate
  the system to produce desired results
• Crimes in which computer is the tool:
  cyberterrorism, identity theft, etc.
• Crimes in which computer is the object of crime:
  illegal access and use, data alteration and
  destruction, information and equipment theft,
  software and Internet piracy, computer-related
  scams, and international computer crime
Principles of Information Systems, Eighth Edition   54
                      Summary (continued)

• Efforts to curb computer crime are being made by
  state and federal agencies, corporations, and
  individuals
• With information systems, privacy deals with the
  collection and use or misuse of data
• Ergonomics: science of designing machines,
  products, and systems to maximize safety, comfort,
  and efficiency of people who use them
• Many IS-related organizations have codes of ethics
  for their members

Principles of Information Systems, Eighth Edition   55

				
DOCUMENT INFO