1. Security and Ethical Challenges
Chapter 11
Security and Ethical Challenges

2. Learning Objectives
Identify ethical issues in how the use of information technologies in business affects employment, individuality, working conditions, privacy, crime, health, and solutions to societal problems.

3. Learning Objectives (continued)
Identify types of security management strategies and defenses, and explain how they can be used to ensure the security of e-business applications.
How can business managers and professionals help to lessen the harmful effects and increase the beneficial effects of the use of information technology?

4. Security, Ethical, and Societal Challenges
Section I
Security, Ethical, and Societal Challenges

5. Ethical Responsibility
The use of IT presents major security challenges, poses serious ethical questions, and affects society in significant ways.
IT raises ethical issues in the areas of..
Crime
Privacy
Individuality
Employment
Health
Working conditions

6. Ethical Responsibility (continued)
But, IT has had beneficial results as well.
So as managers, it is our responsibility to minimize the detrimental effects and optimize the beneficial effects.

7. Ethical Responsibility (continued)
Business Ethics
Basic categories of ethical issues
Employee privacy
Security of company records
Workplace safety

8. Ethical Responsibility (continued)
Theories of corporate social responsibility
Stockholder theory
Managers are agents of the stockholders. Their only ethical responsibility is to increase profit without violating the law or engaging in fraud

9. Ethical Responsibility (continued)
Theories of corporate social responsibility (continued)
Social Contract Theory
Companies have ethical responsibilities to all members of society, which allow corporations to exist based on a social contract

10. Ethical Responsibility (continued)
Theories of corporate social responsibility (continued)
First condition – companies must enhance economic satisfaction of consumers and employees
Second condition – avoid fraudulent practices, show respect for employees as human beings, and avoid practices that systematically worsen the position of any group in society

11. Ethical Responsibility (continued)
Theories of corporate social responsibility (continued)
Stakeholder theory
Managers have an ethical responsibility to manage a firm for the benefit of all its stakeholders.
Stockholders
Employees
Customers
Suppliers
Local community

12. Ethical Responsibility (continued)
Theories of corporate social responsibility (continued)
Sometimes stakeholders are considered to include
Competitors
Government agencies and special interest groups
Future generations

13. Ethical Responsibility (continued)
Technology Ethics
Four Principles
Proportionality
Good must outweigh any harm or risk
Must be no alternative that achieves the same or comparable benefits with less harm or risk

14. Ethical Responsibility (continued)
Technology Ethics (continued)
Informed consent
Those affected should understand and accept the risks
Justice
Benefits and burdens should be distributed fairly

15. Ethical Responsibility (continued)
Technology Ethics (continued)
Minimized Risk
Even if judged acceptable by the other three guidelines, the technology must be implemented so as to avoid all unnecessary risk

16. Ethical Responsibility (continued)
Ethical Guidelines

17. Ethical Responsibility (continued)
Ethical guidelines (continued)
Responsible end users
Act with integrity
Increase their professional competence
Set high standards of personal performance
Accept responsibility for their work
Advance the health, privacy, and general welfare of the public

18. Computer Crime
Association of Information Technology Professionals (AITP) definition includes
The unauthorized use, access, modification, and destruction of hardware, software, data, or network resources
Unauthorized release of information
Unauthorized copying of software

19. Computer Crime (continued)
AITP guidelines (continued)
Denying an end user his/her own hardware, software, data, or network resources
Using or conspiring to use computer or network resources to illegally obtain info or tangible property

20. Computer Crime (continued)
Hacking
The obsessive use of computers, or the unauthorized access and use of networked computer systems

21. Computer Crime (continued)
Cyber Theft
Involves unauthorized network entry and the fraudulent alteration of computer databases

22. Computer Crime (continued)
Unauthorized use at work
Also called time and resource theft
May range from doing private consulting or personal finances, to playing video games, to unauthorized use of the Internet on company networks

23. Computer Crime (continued)
Software Piracy
Unauthorized copying of software
Software is intellectual property protected by copyright law and user licensing agreements

24. Computer Crime (continued)
Piracy of intellectual property
Other forms of intellectual property covered by copyright laws
Music
Videos
Images
Articles
Books
Other written works

25. Computer Crime (continued)
Computer viruses and worms
Virus
A program that cannot work without being inserted into another program
Worm
A distinct program that can run unaided

26. Privacy Issues
IT makes it technically and economically feasible to collect, store, integrate, interchange, and retrieve data and information quickly and easily.
Benefit – increases efficiency and effectiveness
But, may also have a negative effect on individual’s right to privacy

27. Privacy Issues (continued)
Examples of important privacy issues
Accessing private and computer records & sharing information about individuals gained from their visits to websites and newsgroups
Always knowing where a person is via mobile and paging services

28. Privacy Issues (continued)
Examples of important privacy issues (continued)
Using customer information obtained from many sources to market additional business services
Collecting personal information to build individual customer profiles

29. Privacy Issues (continued)
Privacy on the Internet
Users of the Internet are highly visible and open to violations of privacy
Unsecured with no real rules
Cookies capture information about you every time you visit a site
That information may be sold to third parties

30. Privacy Issues (continued)
Privacy on the Internet (continued)
Protect your privacy by
Encrypting your messages
Post to newsgroups through anonymous r ers
Ask your ISP not to sell your information to mailing list providers and other marketers
Decline to reveal personal data and interests online

31. Privacy Issues (continued)
Computer matching
Computer profiling and matching personal data to that profile
Mistakes can be a major problem

32. Privacy Issues (continued)
Privacy laws
Attempt to enforce the privacy of computer-based files and communications
Electronic Communications Privacy Act
Computer Fraud and Abuse Act

33. Privacy Issues (continued)
Computer Libel and Censorship
The opposite side of the privacy debate
Right to know (freedom of information)
Right to express opinions (freedom of speech)
Right to publish those opinions (freedom of the press)
Spamming
Flaming

34. Other Challenges Employment
New jobs have been created and productivity has increased, yet there has been a significant reduction in some types of jobs as a result of IT.

35. Other Challenges (continued)
Computer Monitoring
Concerns workplace privacy
Monitors individuals, not just work
Is done continually. May be seen as violating workers’ privacy & personal freedom
Workers may not know that they are being monitored or how the information is being used
May increase workers’ stress level
May rob workers of the dignity of their work

36. Other Challenges (continued)
Working Conditions
IT has eliminated many monotonous, obnoxious tasks, but has created others

37. Other Challenges (continued)
Individuality
Computer-based systems criticized as impersonal systems that dehumanize and depersonalize activities
Regimentation

38. Health Issues Job stress Muscle damage Eye strain Radiation exposure
Accidents
Some solutions
Ergonomics (human factors engineering)
Goal is to design healthy work environments

39. Health Issues (continued)

40. Societal Solutions Beneficial effects on society
Solve human and social problems
Medical diagnosis
Computer-assisted instruction
Governmental program planning
Environmental quality control
Law enforcement
Crime control
Job placement

41. Section II
Security Management

42. Tools of Security Management
Goal
Minimize errors, fraud, and losses in the e-business systems that interconnect businesses with their customers, suppliers, and other stakeholders

43. Tools of Security Management (continued)

44. Internetworked Security Defenses
Encryption
Passwords, messages, files, and other data is transmitted in scrambled form and unscrambled for authorized users
Involves using special mathematical algorithms to transform digital data in scrambled code
Most widely used method uses a pair of public and private keys unique to each individual

45. Internetworked Security Defenses (continued)
Firewalls
Serves as a “gatekeeper” system that protects a company’s intranets and other computer networks from intrusion
Provides a filter and safe transfer point
Screens all network traffic for proper passwords or other security codes

46. Internetworked Security Defenses (continued)
Denial of Service Defenses
These assaults depend on three layers of networked computer systems
Victim’s website
Victim’s ISP
Sites of “zombie” or slave computers
Defensive measures and security precautions must be taken at all three levels

47. Internetworked Security Defenses (continued)
Monitoring
“Spot checks just aren’t good enough anymore. The tide is turning toward systematic monitoring of corporate traffic using content-monitoring software that scans for troublesome words that might compromise corporate security.”

48. Internetworked Security Defenses (continued)
Virus Defenses
Protection may accomplished through
Centralized distribution and updating of antivirus software
Outsourcing the virus protection responsibility to ISPs or to telecommunications or security management companies

49. Other Security Measures
Security codes
Multilevel password system
Log onto the computer system
Gain access into the system
Access individual files

50. Other Security Measures (continued)
Backup Files
Duplicate files of data or programs
File retention measures
Sometimes several generations of files are kept for control purposes

51. Other Security Measures (continued)
Security Monitors
Programs that monitor the use of computer systems and networks and protect them from unauthorized use, fraud, and destruction

52. Other Security Measures (continued)
Biometric Security
Measure physical traits that make each individual unique
Voice
Fingerprints
Hand geometry
Signature dynamics
Keystroke analysis
Retina scanning
Face recognition and Genetic pattern analysis

53. Other Security Measures (continued)
Computer Failure Controls
Preventive maintenance of hardware and management of software updates
Backup computer system
Carefully scheduled hardware or software changes
Highly trained data center personnel

54. Other Security Measures (continued)
Fault Tolerant Systems
Computer systems that have redundant processors, peripherals, and software
Fail-over
Fail-safe
Fail-soft

55. Other Security Measures (continued)
Disaster Recovery
Disaster recovery plan
Which employees will participate and their duties
What hardware, software, and facilities will be used
Priority of applications that will be processed

56. System Controls and Audits
Information System Controls
Methods and devices that attempt to ensure the accuracy, validity, and propriety of information system activities
Designed to monitor and maintain the quality and security of input, processing, and storage activities

57. System Controls and Audits (continued)
Auditing Business Systems
Review and evaluate whether proper and adequate security measures and management policies have been developed and implemented
Testing the integrity of an application’s audit trail

58. Discussion Questions
What can be done to improve e-commerce security on the Internet?
What potential security problems do you see in the increasing use of intranets and extranets in business? What might be done to solve such problems?

59. Discussion Questions (continued)
What artificial intelligence techniques can a business use to improve computer security and fight computer crime?
What are your major concerns about computer crime and privacy on the Internet? What can you do about it?

60. Discussion Questions (continued)
What is disaster recovery? How could it be implemented at your school or work?
Is there an ethical crisis in e-business today? What role does information technology play in unethical business practices?

61. Discussion Questions (continued)
What business decisions will you have to make as a manager that have both an ethical and IT dimension?
What would be examples of one positive and one negative effect of the use of e-business technologies in each of the ethical and societal dimensions illustrated in the chapter?

62. Real World Case 1 – MTV Networks & First Citizens Bank
Defending Against Hacker and Virus Attacks
What are the business value and security benefits and limitations of defenses against DDOS attacks like those used by MTV Networks?

63. Real World Case 1 (continued)
What are the business benefits and limitations of an intrusion-detection system like that installed at First Citizens?

64. Real World Case 1 (continued)
What security defense should small businesses have to protect their websites and internal systems?
Why did you make that choice?

65. Real World Case 1 (continued)
What other network security threats besides denial of service, viruses, and hacker attacks should businesses protect themselves against?

66. Real World Case 2 – Oppenheimer Funds, Cardinal Health, & Exodus
IT Security Management Qualifications
Technical
Business
People skills
Experience and expertise in areas like government liaison, international regulations, and cyberterrorism

67. Real World Case 2 (continued)
What mix of skills is most sought after for IT security specialists?
Why is this mix important in business?

68. Real World Case 2 (continued)
Why must IT security executives in business have the mix of skills and experience outlined in this case?
What other skills do you think are important to have for effective IT security management?

69. Real World Case 2 (continued)
How should businesses protect themselves from the spread of cyberterrorism in today’s internetworked world?

70. Real World Case 3 – Brandon Internet Services & PayPal
What are the business benefits and limitations of the cybercrime investigative work done by firms like Brandon Internet Services?

71. Real World Case 3 (continued)
When should a company use cyberforensic investigative services like those offered by Predictive Systems?

72. Real World Case 3 (continued)
What is the business value of their cyberforensic and investigative capabilities to PayPal?
Would you trust PayPal for your online payment transactions?

73. Real World Case 4 – Providence Health Systems & Others
Why is there a growing need for IT security defenses and management in business?
What challenges does this pose to effective IT security management?

74. Real World Case 4 (continued)
What are some of the IT security defenses companies are using to meet these challenges?

75. Real World Case 4 (continued)
Do you agree with the IT usage policies of Link Staffing? The security audit policies of Cervalis?

76. Real World Case 5 – The Doctor’s Co. & Rockland Trust
What are the benefits and limitations for a business of outsourcing IT security management according to the companies in this case?

77. Real World Case 5 (continued)
What are the benefits and limitations to a business of using “pure play” IT security management companies like Counterpane and Ubizen?

78. Real World Case 5 (continued)
What are the benefits and limitations of outsourcing IT security management to vendors like Symantec and Network Associates?