Chapter 8: Protecting People and Information Threats and Safeguards Management Information Systems for the Information Age

Lecture Map Ethics Risk Mgmt Security Capital Asset Privacy Information This chapter focuses on Information as it relates to its use, ownership, role, and protection

Chapter 8: Protecting People & InformationSlide 3 Responsibility for Information To handle information responsibly, you must understand: The importance of ethics in the ownership and use of information. The importance to people of personal privacy and the ways in which it can be compromised. The value of information to an organization. Threats to information and how to protect against them (security). The need to plan for the worst-case scenario (disaster recovery)

Chapter 8: Protecting People & InformationSlide 4 Questionable Computer Use Employees search organizational databanks (i.e., DMV) for information on friends and associates People copy, use, and distribute software as if the only costs are the medium it is stored on Hackers break into computer systems and steal passwords, credit card numbers, and personal account information Spouses can track each other’s Web activities and read each other’s messages and other private documents Organizations base important decisions on information they’ve mined from the Web

Ethics Risk Mgmt Security Capital Asset Privacy Information

Chapter 8: Protecting People & InformationSlide 6 Ethics: Introduction Ethics Defined: Ethics are the principals and standards that guide our behavior toward other people Ethical people have integrity and are trustworthy The Issue: How you deal with information (collect, store, and distribute) depends on your sense of ethics Ethical dilemmas arise from a clash between competing goals, responsibilities, and loyalties What is legal is not always ethical, and vice- versa

Chapter 8: Protecting People & InformationSlide 7 Ethics: Considerations Severity of Consequences Time to Consequences Society’s Perception or Opinion Probability or Likelihood of Effect Relatedness, Empathy, Identification Reach of Result in terms of Scope

Chapter 8: Protecting People & InformationSlide 8 Ethics: Guidelines for Technology Ownership Who owns or has the rights to creative works, information, and other intellectual property? Responsibility Who is accountable for the accuracy and completeness of information? Personal Privacy Who owns personal information? Collector/ee? Access Who can use, view, store, and process what information?

Chapter 8: Protecting People & InformationSlide 9 Ethics: ACM’s Computer Ethics Don’t use a computer to harm other people Don’t interfere with other people’s computer work Don’t snoop around in other people’s computer files Don’t use a computer to steal Don’t use a computer to pretend to be someone other than who you are Don’t copy or use software for which you’ve not paid Don’t use other’s resources without permission Don’t appropriate other people’s intellectual output Always think about the social consequences of IT Always use a computer in ways that ensure respect for your fellow humans

Chapter 8: Protecting People & InformationSlide 10 Ethics: Intellectual Property Intellectual property is intangible, creative work published in physical form, such as music, books, paintings, and software Copyright is the legal protection afforded to intellectual property; patent law is used more for protecting inventions/processes Fair Use Doctrine specifies how you may use (or how much you may use) copyrighted material in the creation of new works or for teaching purposes Pirated software is the unauthorized use, duplication, distribution, and/or sale of software Counterfeit software is re-manufactured software

Privacy Ethics Risk Mgmt Security Capital Asset Privacy Information

Chapter 8: Protecting People & InformationSlide 12 Privacy: Introduction Privacy Defined: The right to be left alone when you want to be; to have control over your personal possessions; and not to be observed without your consent The Issue: There are many ways to invade a person’s privacy using technology!

Chapter 8: Protecting People & InformationSlide 13 Privacy: And Other Individuals Software Surveillance & Monitoring Key Loggers and Key Trappers (Spector Pro) Record keystrokes, mouse clicks, Websites visited, applications run, and passwords entered Webcam control/automation (i.e., babysitters) Combating Software Surveillance

Chapter 8: Protecting People & InformationSlide 14 Privacy: And Employees Corporate monitoring of Companies can be sued for what their employees send to each other and to people outside of the company Cyberslacking Companies want to avoid wasting resources Employer’s Rights Legal right to monitor the use of their resources and that includes the time they’re paying you for No expectation of privacy when using company resources

Chapter 8: Protecting People & InformationSlide 15 Privacy: And Consumers Webmetrics (DoubleClick.net) Cookies Small files placed on your computer that contain information on where you’ve been and what you’ve done; for personalization/customization Spyware Adware (ad-supported software) Can track your online movements, mine your computer for data, and commandeer CPU power A firewall can stop your computer from sending data outside of your network, as well as protecting your network from outside attacks

Chapter 8: Protecting People & InformationSlide 16 Privacy: And the Law Canadian Privacy Law The Privacy Act mandates how information may be collected and disseminated by government Personal Information Protection and Electronic Documents Act (PIPEDA) in effect since 2001 Applies only to personal information collected and disclosed while conducting commercial activities, but exempts names, titles, business addresses, and telephone numbers

Chapter 8: Protecting People & InformationSlide 17 Privacy: Law Enforcement Law enforcement Royal Canadian Mounted Police (RCMP) Canadian Security Intelligence Service (CSIS) Criminal Intelligence Service Canada (CISC) Correctional Service of Canada (CSC) National Crime Prevention Strategy Other Federal agencies Canada Customs and Revenue Agency (CCRA) Statistics Canada Human Resources Development Canada Office of the Privacy Commissioner of Canada

Information Ethics Risk Mgmt Security Capital Asset Privacy Information

Chapter 8: Protecting People & InformationSlide 19 Information: As An Asset As Raw Material: Used in the actual creation or construction of the product or service you market Consider GPS systems, professional and consulting services, and Internet Web access As Capital: Used to produce the product or service you market; consider an eCRM and data warehouse You typically incur a cost in acquiring information (capital), and you expect a return on that investment

Security Ethics Risk Mgmt Security Capital Asset Privacy Information

Chapter 8: Protecting People & InformationSlide 21 Security: Introduction Security Issues: Internal Employee Fraud Industrial Espionage Funds and Data Embezzlement Open Collaborative Systems with Partners Grid Computing and Theft of Resource Power Internet Dot-Cons: Internet Auction Fraud Web Hosting, Design, and ISP Scams Multi-Level Marketing/Pyramid Scams Get-Rich-Quick and Work-at-Home Scams Adult-Oriented Sites and Credit Card Scams

Chapter 8: Protecting People & InformationSlide 22 Security: Outside Threats Hackers, Hacktivists, and Crackers Gaining unauthorized access to computers and information systems through network computing Viruses, Worms, and Denial-of-Service Viruses cannot hurt your hardware or any data on your computer it wasn’t designed to attack Monitoring Network Activity 85% of large companies and governmental agencies were broken into during 2001

Chapter 8: Protecting People & InformationSlide 23 Security: Precautions Backups Incremental versus Full On-site and Off-Site AntiVirus Software Norton and McAfee are the market leaders Firewalls Hardware (routers) and software (ZoneAlarm) Access Authorization Biometrics (i.e., fingerprints, facial recognition) Encryption

Risk Management & Assessment Ethics Risk Mgmt Security Capital Asset Privacy Information

Chapter 8: Protecting People & InformationSlide 25 Risk Management and Assessment Risk Management Identification of risks or threats Implementation of security measures Monitoring of those measures for effectiveness Risk Assessment Evaluate IT assets and what can go wrong? What is the probability that it will go wrong? What are the worst-case scenario consequences? Too much security can hamper ability to do job Too little security can leave you vulnerable

Chapter 8: Protecting People & InformationSlide 26 Disaster Recovery Takes into consideration the following: Customers (reassurance) Facilities (hot/cold) Knowledge workers Business information Computer equipment Communications infrastructure

Chapter 8: Protecting People & InformationSlide 27 XLM E: Internet and Web World Wide Web Search Engines Internet Technologies Connecting to the Internet