Introduction to Information Technology Turban, Rainer and Potter John Wiley & Sons, Inc. Copyright Chapter 12 1

Similar documents
Chapter 10: Security and Ethical Challenges of E-Business

God is in the Small Stuff and it all matters. .In the Small Stuff. Security and Ethical Challenges. Introduction to Information Systems Chapter 11

Discovering Computers Living in a Digital World

Introduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable?

4 Information Security

Ethics and Information Security. 10 주차 - 경영정보론 Spring 2014

e-commerce Study Guide Test 2. Security Chapter 10

CHAPTER 8 SECURING INFORMATION SYSTEMS

Chapter 6 Network and Internet Security and Privacy

CHAPTER 3. Information Systems: Ethics, Privacy, and Security

Accounting Information Systems

Guide to Network Security First Edition. Chapter One Introduction to Information Security

II.C.4. Policy: Southeastern Technical College Computer Use

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

Security and Authentication

Cybercrime Criminal Law Definitions and Concepts

Cleveland State University General Policy for University Information and Technology Resources

5. Execute the attack and obtain unauthorized access to the system.

Introduction to Computing

Securing Information Systems

Overview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks

Securing Information Systems

Management Information Systems (MMBA 6110-SP) Research Paper: Internet Security. Michael S. Pallos April 3, 2002

Management of IT Infrastructure Security by Establishing Separate Functional Area with Spiral Security Model

Security Policies and Procedures Principles and Practices

Securing Information Systems

HIPAA UPDATE. Michael L. Brody, DPM

Certified Cyber Security Analyst VS-1160

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

The Cyber War on Small Business

: Acceptable Use Policy

19.1. Security must consider external environment of the system, and protect it from:

Acceptable Use Policy

SECURITY & PRIVACY DOCUMENTATION

Management Information Systems. B15. Managing Information Resources and IT Security

IS Today: Managing in a Digital World 9/17/12

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم

CISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks

Define information security Define security as process, not point product.

IT ACCEPTABLE USE POLICY

Protection and Security

Lesson-1 Computer Security

APPLICATION TO OPEN PORTS THROUGH THE FIREWALL

Legal, Ethical, and Professional Issues in Information Security

Keys to a more secure data environment

Chapter 12. Information Security Management

PTLGateway Acceptable Use Policy

GNS 312: DIGITAL SKILL ACQUISITION MODULE 6: COMPUTER SECURITY AND PRIVACY

INTERNAL ASSESSMENT TEST 3 Answer Keys

Principles of Information Security, Fourth Edition. Chapter 2 The Need for Security

Threat analysis. Tuomas Aura CS-C3130 Information security. Aalto University, autumn 2017

NUCONNECT INTERNET ACCEPTABLE USE POLICY

Distributed Systems. Lecture 14: Security. Distributed Systems 1

Network Fundamentals. Chapter 7: Networking and Security 4. Network Fundamentals. Network Architecture

CUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE

Information Technology Cyber Security Policy. Convergint Technologies, LLC

Distributed Systems. Lecture 14: Security. 5 March,

TERMS OF USE Terms You Your CMT Underlying Agreement CMT Network Subscribers Services Workforce User Authorization to Access and Use Services.

Chapter 4. Network Security. Part I

Acceptable Use Policy

Acceptable Use Policy

716 West Ave Austin, TX USA

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 1 Introduction to Security

Acceptable Use Policy

Cyber fraud and its impact on the NHS: How organisations can manage the risk

Jacksonville State University Acceptable Use Policy 1. Overview 2. Purpose 3. Scope

SDR Guide to Complete the SDR

Introduction to Information Security Dr. Rick Jerz

CERTIFIED SECURE COMPUTER USER COURSE OUTLINE

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner

Post-Class Quiz: Access Control Domain

DONE FOR YOU SAMPLE INTERNET ACCEPTABLE USE POLICY

Glenwood Telecommunications, Inc. Acceptable Use Policy (AUP)

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Information Security Policy

Analysis on computer network viruses and preventive measures

Securing Information Systems

Guest Wireless Policy

UNIQUE IAS ACADEMY-COMPUTER QUIZ-15

NETWORK SECURITY. Ch. 3: Network Attacks

Acceptable Use Policy

Draft. Policies of Colorado State University University Policy. Category: Information Technology

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

Module 20: Security. The Security Problem Authentication Program Threats System Threats Threat Monitoring Encryption. Operating System Concepts 20.

Start the Security Walkthrough

Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:

Cyber Criminal Methods & Prevention Techniques. By

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.

Course Outline (version 2)

13. Acceptable Use Policy

Security in Computing

Online Threats. This include human using them!

MU2a Authentication, Authorization & Accounting Questions and Answers with Explainations

SINGLE COURSE. NH9000 Certified Ethical Hacker 104 Total Hours. COURSE TITLE: Certified Ethical Hacker

The Tension. Security vs. ease of use: the more security measures added, the more difficult a site is to use, and the slower it becomes

Technology in Action 12/11/2014. Cybercrime and Identity Theft (cont.) Cybercrime and Identity Theft (cont.) Chapter Topics

DNA Intrusion Detection Methodology. James T. Dollens, Ph.D Cox Road Roswell, GA (678)

E-Commerce Security Pearson Prentice Hall, Electronic Commerce 2008, Efraim Turban, et al.

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Horry County IT /GIS Policy Acce table Use Com uter S stems

Transcription:

Introduction to Information Technology Turban, Rainer and Potter John Wiley & Sons, Inc. Copyright 2005 Chapter 12 1

IT Ethics, Impacts, and Security Chapter 12 2

Chapter Outline Ethical Issues Impact of IT on organizations and jobs Impacts on individuals at work Societal impacts and Internet communities IS vulnerability and computer crimes Protecting information resources Chapter 12 3

Learning Objectives Describe the major ethical issues related to information technology and identify situations in which they occur. Identify the major impacts of information technology on organizational structure, power, jobs, supervision, and decision making. Understand the potential dehumanization of people by computers and other potential negative impacts of information technology. Identify some of the major societal effects of information technology. Describe the many threats to information security. Understand the various defense mechanisms used to protect information systems. Explain IT auditing and planning for disaster recovery. Chapter 12 4

12.1 Ethical Issues Ethics. A branch of philosophy that deals with what is considered to be right and wrong. Code of ethics. A collection of principles intended as a guide for the members of company or an organization. Ethical issues can be categorized into four types: Privacy issues: collection, storage, and dissemination of information about individuals Accuracy issues: authenticity, fidelity, and accuracy of information collected and processed Property issues: ownership, and value of information (intellectual property) Accessibility issues: right to access information and payment of fees to access it. Chapter 12 5

Protecting Privacy Privacy. The right to be left alone and to be free of unreasonable personal intrusions Two rules have been followed fairly closely in past court decision in many countries: The right of privacy is not absolutes. Privacy must be balanced against the needs of society The public s right to know is superior to the individual s right of privacy. Chapter 12 6

Protecting Privacy cont Electronic surveillance. The tracking of people s activities, online or offline, with the aid of computers. Privacy policies/codes. An organization s guidelines with respect to protecting the privacy of customers, clients, and employees.. Chapter 12 7

Protecting Intellectual Property Intellectual property. The intangible property created by individuals or corporations, which is protected under trade secret, patent, and copyright, laws. Trade secret. Intellectual work such as a business plan, that is a company secret and is not based on public information. Patent. A document that grants the holder exclusive rights on an invention or process for 20 years. Copyright. A grant that provides the creator of intellectual property with ownership of it for the life of the creator plus 70 years. Chapter 12 8

12.2 Impacts of IT on organizations and Jobs The use of information technologies, most recently the web, has brought many organizational changes in areas such as structure, authority, power, job content, employee career ladders, supervision and manager s job. Chapter 12 9

How will organizations change? Flatter organization hierarchies. More employees per supervisor Shrinking of Middle Management Changes in supervision. Electronic and remote supervision Less emphasis on office policies Power and status Conflict on control of corporate information Power redistribution Chapter 12 10

How will job change? Job content Higher level of computing literacy Employee career ladders E-learning may shortcut a portion of the learning curve How will high-level human expertise be acquired with minimal experience in low level tasks The manager s job IT tends to reduce the time necessary to complete any step in the decision making process Leadership qualities attributed to physical presence may be lessened Chapter 12 11

12.3 Impacts on Individuals at Work Will my job be eliminated? Dehumanization and psychological impacts Dehumanization: Loss of identity Information anxiety: Disquiet caused by an overload of information Impacts on health and safety Ergonomics: The science of adapting machines and work environment to people. Chapter 12 12

12.4 Societal Impact and Internet Communities Opportunities for people with disabilities Quality-of-life improvements Robot Revolution Improvements in healthcare Crime fighting Technology and privacy The digital divide Free speech versus censorship Controlling spam Virtual communities Chapter 12 13

Technology and privacy Scanning crowds for criminals Cookies and individual privacy Digital millennium Copyright Act and Privacy Chapter 12 14

The Digital Divide The gap in computer technology in general, and now in web technology, between those who have such technology and those who do not. Cybercafés: Public places in which Internet terminals are available usually for a small fee. Chapter 12 15

Free speech versus censorship Controlling spam. Spamming. The practice of indiscriminately broadcasting message over the Internet. Chapter 12 16

Virtual communities Groups of people with similar interests who interact and communicate via the Internet Chapter 12 17

12.5 IS Vulnerability and Computer Crimes Identity theft. Crime in which someone uses the personal information of others to create a false identity and then uses it for some fraud. Chapter 12 18

Security Terms Term Backup Decryption Encryption Exposure Fault tolerance Information system controls Integrity (of data) Risk Threats (or hazards) Vulnerability Definition An extra copy of data and/or programs, kept in a secured location (s) Transformation of scrambled code into readable data after transmission Transmission of data into scrambled code prior to transmission The harm, loss, or damage that can result if something has gone wrong in information system. The ability of an information system to continue to operate (usually for a limited time and/or at reduced level) when a failure occurs The procedure, devices, or software that attempt to ensure that system performs as planned. The procedure, devices or software that attempt to ensure that the system performs as planned. A guarantee of the accuracy, completeness, and reliability of data, system integrity is provided by the integrity of its components and their integration The likelihood that a threat will materialize Given that a threat exists, the susceptibility of the system to harm caused by the threat. Chapter 12 19

Type of computer crimes and criminals Hacker. An outside person who has penetrated a computer system, usually with no criminal intent. Cracker. A malicious hacker. Social engineering. Getting around security systems by tricking computer users into revealing sensitive information or gaining unauthorized access privileges. Cybercrimes. Illegal activities executed on the Internet. Identify theft. A criminal (the identity thief) poses as someone else. Cyberwar. War in which a country s information systems could be paralyzed from a massive attack by destructive software. Virus. Software that can attach itself to ( infect ) other computer programs without the owner of the program being aware of the infection. Chapter 12 20

Security Terms Method Virus Worm Trojan horse Salami slicing Super zapping Trap door Logic bomb Denial of services Sniffer Spoofing Password cracker War dialling Back doors Malicious applets Definition Secret instructions inserted into programs (or data) that are innocently ordinary tasks. The secret instructions may destroy or alter data as well as spread within or between computer systems A program that replicates itself and penetrates a valid computer system. It may spread within a network, penetrating all connected computers. An illegal program, contained within another program, that sleep' until some specific event occurs then triggers the illegal program to be activated and cause damage. A program designed to siphon off small amounts of money from a number of larger transactions, so the quantity taken is not readily apparent. A method of using a utility zap program that can bypass controls to modify programs or data A technique that allows for breaking into a program code, making it possible to insert additional instructions. An instruction that triggers a delayed malicious act Too many requests for service, which crashes the site A program that searches for passwords or content in packet of data as they pass through the Internet Faking an e-mail address or web-page to trick users to provide information instructions A password that tries to guess passwords (can be very successful) Programs that automatically dial thousands of telephone numbers in an attempt to identify one authorized to make a connection with a modem, then one can use that connection to break into databases and systems Invaders to a system create several entry points, even if you discover and close one, they can still get in through others Small Java programs that misuse your computer resource, modify your file, send fake e-mail, etc Chapter 12 21

12.6 Protecting Information Resources Controls General control is the security established to protect a computer system regardless of the specific application Securing your PC Concluding thoughts about computer Auditing information systems Disaster recovery planning Chapter 12 22

Protecting Information Resources cont Disaster recovery. The chain of events linking planning to protection to recovery. Disaster avoidance. A security approach oriented toward prevention. Backup location. Location where, in the event of a major disaster, an extra copy of data and/ or key programs are kept. Hot site. Location at which vendors provide access to a fully configured backup data center. Chapter 12 23

All rights reserved. Reproduction or translation of this work beyond that permitted in section 117 of the United States Copyright Act without express permission of the copyright owner is unlawful. Request for information should be addressed to the permission department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The publisher assumes no responsibility for error, omissions, or damages caused by the use of these programs or from the use of the information herein. Chapter 12 24

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback