Security and Ethical Challenges Chapter 13 Security and Ethical Challenges

Learning Objectives Identify several ethical issues regarding how the use of information technologies in business affects employment, individuality, working conditions, privacy, crime, health, and solutions to societal problems. Identify several types of security management strategies and defenses and explain how they can be used to ensure the security of business applications of information technology. Propose several ways that business managers and professionals can help lessen the harmful effects and increase the beneficial effects of the use of information technology.

Section 1 Security, Ethical, and Societal Challenges of IT

I. Introduction Use of IT in business poses security challenges, ethical questions, and societal challenges The Nexus of IT, Ethics, Security, and Safety – we must consider the impact technologies have on society

II. Ethical Responsibility of Business Professionals As a business professional you have the responsibility to promote Ethical (what does that mean???) use of IS in the workplace Business Ethics – ethical questions that are part of daily business decision making Ethical Use of Technology – the use of technology raises its own ethical questions Ethical Guidelines – many firms have specific guidelines for ethical computer and Internet use by employees

II. Ethical Responsibility of Business Professionals Security, Ethical, and Societal Aspects of IT Use

II. Ethical Responsibility of Business Professionals Categories of Ethical Business Issues

Enron Corporation: Failure in Business Ethics What were some of the unethical practices at Enron? What two issues does the article suggest about Credibility? Why would Enron (or any) executives engage in such activities? How can people be encouraged to follow acceptable ethical/moral business practices?

III. Computer Crime – using a computer to do something illegal Hacking and Cracking Hacking – obsessive use of computers, unauthorized use of networked systems Cracking (black hat or dark-side hacker) – malicious or criminal hacker Cyber Theft – many computer crimes involve theft of money; many firms do not reveal that they’ve been victims due to bad publicity Cyber-terrorism – causing physical, real-world harm or severe disruption of infrastructure

The Online Crusade Against Phishing What is phishing? Why is phishing dangerous? What is the challenge for law enforcement? Why does Warner see phishing as a personal, moral challenge?

III. Computer Crime – using a computer to do something illegal Cyber-Warfare – actions by a nation-state to cause damage or disruption to another nation-state Unauthorized use at Work – time and resource theft, this can be a very wide range of actions, many firms have written policies for (im)proper use of computers and IT resources Software Piracy –unauthorized copying of software Theft of Intellectual Property – any infringement of copyrighted materials

Leaving Your Job? Don’t Take Anything with You What is an “orphaned account”? Why are they dangerous? Why do people take data with them when they leave an organization? How many firms monitor or track these accounts? What threats does this pose to the firm?

III. Computer Crime – using a computer to do something illegal Computer Viruses and Worms – insert destructive routines into computer systems to cause damage Adware and Spyware Adware – allows Internet advertisers to display ads without the consent of the user Spyware – uses the network connection without the user’s knowledge or permission, collects and distributes information about the user

Survey: E-mail and Internet Abuse Can Get You Fired How many firms have fired workers for misuse of e-mail and the Internet? What actions may be considered inappropriate use of e-mail/Internet? How do firms prevent this behavior? How do firms monitor employee behavior? Do firms inform employees of monitoring?

Music Piracy: The Long War IS music piracy a recent phenomenon? What is a copyright? Why is it an important legal issue? How do feel about downloading music? Is it right or wrong? What ethical/moral issues does it raise? What are the business/property issues raisd by downloading music?

Oldies but Goodies: Old Threats That Just Won’t Go Away What is malware? What is the difference between a virus and a worm? Why should malware concern businesses? Why do old viruses and worms still proliferate? What can a business do to encourage users to be more careful about malware?

ommtouch: Trends in Internet Threats Describe each of the threats listed. What are the results of these threats to businesses? How can you promote a business culture of caution toward these and other threats?

IV. Privacy Issues IT can store and retrieve information affecting the privacy of the individual Privacy on the Internet – the Internet gives users a feeling of anonymity while making them vulnerable to privacy violations Computer Matching – profiling

Identity Theft: As Easy as Stealing a Check What is Identity Theft? What data does a check hold that criminals can use? How many fraudulent checks are written every day? What precautions can you take to prevent identity theft?

IV. Privacy Issues Privacy Laws – many countries regulate collection and use of personal data HIPAA – health related privacy laws Sarbanes-Oxley – standards for publicly held firms Computer Libel and Censorship – what can and cannot be said (legally) online Spamming – indiscriminate sending of unsolicited email Flaming – extremely critical, derogatory, vulgar email

V. The Current State of Cyber Law A very wide range of legal and political issues, VERY controversial

VI. Other Challenges Employment Challenges – impact of IT on employment is a major ethical concern Computer Monitoring – using a computer to monitor productivity in the workplace, or to monitor behavior in public Challenges in Working Conditions – IT can eliminate monotonous tasks, and create some, too Challenges of Individuality – one concern is the effect of IT on a person’s individuality

VII. Health Issues IT raises a variety of health issues Ergonomics (Human Factors Engineering) – designing healthy work environments that are safe and comfortable

VIII. Societal Solutions IT can have many beneficial effects on society

Section 2 Security Management of Information Technology

I. Introduction The number one problem with e-commerce is security; the Internet was developed for interoperability not impenetrability

II. Tools of Security Management Goal of Security Management – accuracy, integrity, and safety of all information processes and resources

Top Executives Agree: Information Security Is a Top Priority What are the reasons for executive support of IS/IT security? What is a breach disclosure law? Why would a firm not want consumers to know about a security breach? What are the costs of a breach (both dollar and non-dollar costs)?

III. Inter-Networked Security Defenses How so you balance the need for security with the need for access? Encryption – using a mathematical algorithm to encode a message before transmission and descramble it for reception Firewalls – a hardware or software gatekeeper that keeps unauthorized transmissions out of a system Denial of Service Attacks – using zombie/slave computers to overload another system with large volumes of service requests E-Mail Monitoring – firms watch employees use of email

III. Inter-Networked Security Defenses Public Key/Private Key Encryption

WhiteHat Security: “Black Box Testing” Mimics Hackers to Discover Vulnerabilities What do most attacks exploit today? What service does WhiteHat sell? How might a vulnerability re-appear? Is this an ethical/moral approach to security?

As If Phishing Wasn’t Enough: Denial of Service Attacks How big is online crime today? What is a Phishing scam? What is a Denial of Service attack? Why would someone want to create a denial of service attack? Why would a CEO resist taking necessary steps to solve a denial of service attack?

BNSF Railway: Well Balanced Web-Use Monitoring Why is extensive use of the Internet a concern for BNSF? Why is the BNSF Internet Policy important? What does it emphasize? What information do the Cyfin reports contain and why are they important? Why is employee monitoring a risk management obligation?

IV. Viral Defenses Antivirus software

The Future of Antivirus What is a computer virus? What is a signature-based antivirus? What other tools are used to add to strength to the antivirus approach? Why do people still like the old approach?

V. Other Security Measures Security Codes – login IDs and passwords Backup Files – duplicate files of data or programs Security Monitors – monitor systems for unauthorized use, fraud, and destruction Biometric Security – measure/verify an individual’s physical traits

V. Other Security Measures Computer Failure Controls – preventing computer failure or minimizing its effects Fault-Tolerant Systems – providing backup components in case of a system failure Disaster Recovery – getting a system running again after a disaster

What If the Internet Went Down … and Didn’t Come Back Up? What would the effects on your personal life be if the Internet went down? What changes would there be to the businesses that you use every day? Where would you go for information and research? What other daily-use items would be unavailable to you?

VI. System Controls and Audits Information System Controls – assure accuracy, validity, and propriety of IS activities Auditing IT Security – IT security should be periodically examined

Georgetown University: All Systems Go What new strategy did GU address? What effects did this have to IT? What are the most significant risks to the university? What political and cultural issues had to be addressed? How do they address “Risk”?