Information System Security and Ethical Challenges CHAPTER 7 Information System Security and Ethical Challenges

Chapter 7: Security and Ethical Challenges Learning Objectives Identify several ethical issues in how the use of information technologies in business affects: employment, individuality, working conditions, Privacy, crime, health, etc. Identify several types of security management strategies and defenses, and explain how they can be used to ensure the security of business applications of information technology Propose several ways that business managers and professionals can help to lessen the harmful effects and increase the beneficial effects of the use of IT Chapter 7: Security and Ethical Challenges

Threats of IS What are the threats of IS on: Organisations Society Individuals

Impact of information systems on Organizations and society Impact on organizations Information system is one of the resources’ of an organization which poses a major resource management challenge. affects operational efficiency, employee productivity, and customer service & satisfaction. is a major source of information & support needed for effective decision making . affects organizational structure because it can reduce the layers & numbers of middle level management. Middle level management act as a bridge between operational level and top level; and information systems will break such bridge. The main challenge for organizations is IS management and IS security.

Impact of Information systems on society: Advantages a shift on employment - employment is increasing in information sector because the economy is heavily dependent on the creation, management & distribution of information. usage of internet services:-the number of services available to home users is growing. Electronic mail, education service & video games, home banking, etc. Change on life style - individuals can do their jobs independent of their workplace. Information systems have created the opportunity for high standard of living and increasing leisure time.

Problems: A growing gap between “ information rich” and “information poor”. A threat to privacy - the incremental gathering of data by many organizations has made individuals to lose control over the use of their own data. The computer Viruses: are created by computer gangsters to steal, distort or destroy the data resources of business organisations and individuals. using Internets to disseminate wrong information and pornographic films to abuse and spoil the minds of children and young people.

IT Security, Ethics, and Society IT has both beneficial and detrimental effects on society and people Objective: Manage work activities to minimize the detrimental effects of IT and Optimize the beneficial effects Chapter 7: Security and Ethical Challenges

Chapter 7: Security and Ethical Challenges Business Ethics Ethics questions that managers confront as part of their daily business decision making include: Equity Rights Honesty Exercise of corporate power It is all about rational use of information and information system. Is the information system designed to be equitably offer information, in a way that doesn’t violate the right of employees to get employees, appropriate use of information. Chapter 7: Security and Ethical Challenges

Chapter 7: Security and Ethical Challenges I. Computer Crime Is a growing threat caused by irresponsible actions of a small minority of computer professional and end users who are taking advantage of the widespread use of computers and IT in our society. Computer crime includes Unauthorized use, access, modification, or destruction of hardware, software, data, or network resources The unauthorized release of information. E.g. the case of Edward Swoden The unauthorized copying of software (copy right) Denying an end user access to his/her own hardware, software, data, or network resources Using or conspiring to use computer or network resources illegally to obtain information or tangible property Conspire: make secret plan to commit unlawful things. Chapter 7: Security and Ethical Challenges

Computer Crime (Cont’d) Hacking Unauthorized Use at work Cyber Theft Piracy Computer Viruses Computer crime is a growing threat to today’s e-business. It is defined as the unauthorized use, access, modification, and destruction of information, hardware, software or network resources, and the unauthorized release of information. There are several major categories of computer crime that include: Hacking. The unauthorized access and use of networked computers. Examples of common hacking tactics include Spoofing, Trojan Horses, Logic Bombs, Denial of Service, War Dialing, and Scans. These tactics can be used to retrieve passwords, access or steal network files, overload computer systems, or damage data and programs. Cyber Theft. Electronic breaking and entering involving the theft of money. More recent examples involve using the Internet to access major banks’ computer systems. Unauthorized Use at Work. Unauthorized use of computer systems and networks by employees. Recent surveys suggest 90% of U.S workers admit to using work resources for personal use. Piracy. Software piracy is the unauthorized copying of software and is a violation of federal copyright laws. Such piracy results in millions of dollars of lost profits by software publishers. Computer Viruses. A virus is a program that once inserted into another program can spread destructive program routines that can result in destroying the contents of memory, hard disks, and other storage devices. The use of antivirus programs can reduce the risk of receiving a virus. © 2002 McGraw-Hill Companies

Chapter 7: Security and Ethical Challenges 1.1. Hacking Hacking: The unauthorized access and use of networked computer systems and reading files, but neither stealing nor damaging anything Cracker: is a hacker with criminal intent of gaining unauthorized access by finding weaknesses in the security protections employed by Web sites and computer systems, often taking advantage of various features of the Internet Hackers and crackers try to retrieve passwords, access or steal network files, overload computer systems, or damage data and programs. Chapter 7: Security and Ethical Challenges

Chapter 7: Security and Ethical Challenges 1.2. Cyber Theft Many computer crimes involve the theft of money that occur through the Internet The majority are “inside jobs” that involve unauthorized network entry and alteration of computer databases to cover the tracks of the employees involved in the theft. More recent examples involve using the Internet to access major banks’ computer systems. Most companies don’t reveal that they have been targets or victims of cybercrime for fear of loss of customer confidence. Chapter 7: Security and Ethical Challenges

Chapter 7: Security and Ethical Challenges 1.3. Unauthorized Use at Work (Service theft) time and resource theft through unauthorized use of computer systems and networks by employees This may include: Doing private consulting Doing personal finances Playing video games Unauthorized use of the Internet or company networks 1.4. Software Piracy Unauthorized copying of computer programs, which is intellectual property protected by copy right law. Such piracy results in millions of dollars of lost profits by software publishers. Chapter 7: Security and Ethical Challenges

Chapter 7: Security and Ethical Challenges 1.5. Computer viruses A virus is a program that spreads destructive program routines to destroy the contents of memory, hard disks, and other storage devices. Commonly transmitted through The Internet and online services Email and file attachments Disks from contaminated computers Chapter 7: Security and Ethical Challenges

Chapter 7: Security and Ethical Challenges 2. Privacy Issues information technology can have a negative effect on every individual’s right to privacy. Violation of Privacy Accessing individuals’ private email conversations and computer records Collecting and sharing information about individuals gained from their visits to Internet websites Unauthorized Access of Personal Files Computer Monitoring: Tracking where a person is, especially as mobile and paging services are becoming more closely associated with people rather than places. Chapter 7: Security and Ethical Challenges

3. Computer Libel and Censorship Releasing something that is wrong; just to attack others The opposite side of the privacy debate… Freedom of information, speech, and press Biggest battlegrounds - bulletin boards, email boxes, and online files of Internet and public networks Weapons used in this battle – spamming, flame mail, libel (defamation), and censorship Spamming - Indiscriminate sending of unsolicited email messages to many Internet users Flaming: The practice of sending extremely critical, offensive, and often improper email messages or newsgroup posting to other users on the Internet or online services Censorship: suppression of free speech, forcibly publish something wrong. For example in unstable political situations where the public is rioting on government, speaking on side of government based on its good sides will be abused and censored. Chapter 7: Security and Ethical Challenges

Chapter 7: Security and Ethical Challenges Cyberlaw Cyber law only began to emerge in 1996 Laws intended to regulate activities over the Internet or via electronic communication devices Encompasses a wide variety of legal and political issues Includes intellectual property, privacy, freedom of expression, and jurisdiction Debate continues regarding the applicability of legal principles to the use of internet technology Chapter 7: Security and Ethical Challenges

5. Employment Challenges of IT Lost Job Opportunities Security Management Lost Individuality Health Issues Working Conditions The impact of information technologies on employment is a major ethical concern to managers of today’s e-business. Lost Job Opportunities. Information technology has created new jobs and increased productivity, while also causing a significant reduction in some types of job opportunities. Individuality. A frequent criticism of e-business systems concerns their negative effect on the individuality of people. Computerized systems can depersonalize human transactions, forcing people to confront and respond to impersonal programmed logic. Information systems also often require strict adherence to detailed procedures. Such regimentation is incompatible with human ideals of flexibility and empathy. However, widespread use of personal computers and the Internet has dramatically improved the development of people-oriented and personalized systems. Working Conditions. Many others suggest that while computers have eliminated monotonous or obnoxious tasks in the office place, thereby improving the quality of work, they have also made some jobs both repetitive and routine. Computer Monitoring. Computer monitoring is used by many employers to collect productivity data about their employees. However, many argue that such technology can be used to monitor individuals, not just their work, thus, violating their privacy. Moreover, such ‘Big Brotherism’ increases stress in the workplace. Political pressure is building to outlaw or regulate computer monitoring in the workplace. Stress is not the only health-related issue raised by the use of information technology. Heavy use of computers is linked to eyestrain, damaged arm and neck muscles, and radiation exposure. Solutions to some of these health problems are based on the science of ergonomics. The goal of ergonomics is to design healthy work environments that are safe, comfortable, and pleasant for people to work in, thus increasing employee morale and productivity. Ergonomics examines three major factors in the workplace: The tools used by the worker; e.g. computer screens, computer human interfaces, etc.; The work environment, e.g. lighting, work surfaces, climate etc.; and The job content and context, e.g. characteristics of the task, shift work, rest breaks etc. Teaching Tips This slide relates to the material on pp. 391-394. © 2002 McGraw-Hill Companies

Employment Challenges The impact of information technologies on employment is a major ethical concern to managers of today’s e-business. Why? Information technology has created new jobs and increased productivity; While it has caused a significant reduction in some types of job opportunities. Computer Monitoring: Using computers to monitor the productivity and behavior of employees as they work Criticized as unethical because it monitors individuals, not just work, and is done constantly Criticized as invasion of privacy because many employees do not know they are being monitored Chapter 7: Security and Ethical Challenges

Employment Challenges (Cont’d) Working Conditions computers have eliminated monotonous or unpleasant tasks in the office place, thereby improving the quality of work as they have made some jobs repetitive and routine. Computerized systems can depersonalize human transactions, forcing people to confront and respond to impersonal programmed logic which lessens the importance of empathy Information systems also often require strict adherence to detailed procedures, which is incompatible with human ideals of flexibility. However, widespread use of personal computers and the Internet has dramatically improved the development of people-oriented and personalized systems. Personalized systems like mobile banking. Chapter 7: Security and Ethical Challenges

Chapter 7: Security and Ethical Challenges Health Issues Heavy use of computers is linked to eyestrain, damaged arm, neck muscles, and radiation exposure. Ergonomics (Also called human factors engineering) is the science that seeks Solutions to some of these health problems The Goal of ergonomics is to design healthy work environments that are Safe, comfortable, and pleasant for people to work Chapter 7: Security and Ethical Challenges

Chapter 7: Security and Ethical Challenges Ergonomics (Cont’d) Ergonomics examines three major factors in the workplace: The tools used by the worker; e.g. computer screens, computer human interfaces, etc.; The work environment, e.g. lighting, work surfaces, climate etc.; and The job content and context, e.g. characteristics of the task, shift work, rest breaks etc. Chapter 7: Security and Ethical Challenges

Security Management of IT Business managers and professionals are responsible to adhere to the goal of security management, which is to ensure the accuracy, integrity, Quality and safety of all information system resources (Hardware, software, networks, and data resources). Chapter 7: Security and Ethical Challenges

Internetworked Security Defenses Encryption: uses to protect data that is transmitted via the Internet, intranets, or extranets. Installing multiple intrusion-detection systems e.g. firewalls, and multiple routers to control incoming traffic in order to reduce choke points. Centralizing, distribution and updating of antivirus software to Build defenses against the spread of computer viruses Setting and enforcing security policies such as e-mail monitoring policy to prevent the infiltration of destructive programs like Trojan Horses. Intrusion: unauthorized trial of access of information. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text ; encrypted data is referred to as cipher text. Encryption is the process of translating plain text data (plaintext) into something that appears to be random and meaningless (cipher text). Decryption is the process of converting cipher text (which means secret message) back to plaintext. To encrypt more than a small amount of data, symmetric encryption is used. An Intruder is a person who attempts to gain unauthorized access to a system, to damage that system, or to disturb data on that system. In summary, this person attempts to violate Security by interfering with system Availability, data Integrity or data Confidentiality. Chapter 7: Security and Ethical Challenges

Internet and Intranet Firewalls Chapter 7: Security and Ethical Challenges

Other Security Measures (Cont’d) Security Codes. The use of passwords to control access to information assets. Backup Files. Such files may be stored off-premises and can be a key component in disaster recovery. Security Monitors. are programs that Monitor the use of hardware, software, and data resources of a computer. collect statistics on any attempt of misuse. Biometric Security Controls: include such detection devices as voice recognition and fingerprinting, which must correspond to the authorized person before admitting personnel to the system. Chapter 7: Security and Ethical Challenges

Security and control issues Three major areas of control Information System Controls Methods and devices that ensures the accuracy, validity, and propriety of information system activities Procedural controls Include: Separation of duties Standard procedures and documentation Authorization requirements Auditing Physical control Include: Physical protection Computer failure controls Telecommunications controls Insurance Chapter 7: Security and Ethical Challenges

Chapter 7: Security and Ethical Challenges Discussions What is the business value of IS security and control? What management, organization, and technology factors are responsible for IS security problem? What was the business impact of this IS security problem, both for organizations and its stakeholders? What do you think should be done in the business organizations to avoid similar problems? 9/17/2018 Chapter 7: Security and Ethical Challenges

The End