Introduction to Information Technology Turban, Rainer and Potter John Wiley & Sons, Inc. Copyright 2005 Chapter 12 1
IT Ethics, Impacts, and Security Chapter 12 2
Chapter Outline Ethical Issues Impact of IT on organizations and jobs Impacts on individuals at work Societal impacts and Internet communities IS vulnerability and computer crimes Protecting information resources Chapter 12 3
Learning Objectives Describe the major ethical issues related to information technology and identify situations in which they occur. Identify the major impacts of information technology on organizational structure, power, jobs, supervision, and decision making. Understand the potential dehumanization of people by computers and other potential negative impacts of information technology. Identify some of the major societal effects of information technology. Describe the many threats to information security. Understand the various defense mechanisms used to protect information systems. Explain IT auditing and planning for disaster recovery. Chapter 12 4
12.1 Ethical Issues Ethics. A branch of philosophy that deals with what is considered to be right and wrong. Code of ethics. A collection of principles intended as a guide for the members of company or an organization. Ethical issues can be categorized into four types: Privacy issues: collection, storage, and dissemination of information about individuals Accuracy issues: authenticity, fidelity, and accuracy of information collected and processed Property issues: ownership, and value of information (intellectual property) Accessibility issues: right to access information and payment of fees to access it. Chapter 12 5
Protecting Privacy Privacy. The right to be left alone and to be free of unreasonable personal intrusions Two rules have been followed fairly closely in past court decision in many countries: The right of privacy is not absolutes. Privacy must be balanced against the needs of society The public s right to know is superior to the individual s right of privacy. Chapter 12 6
Protecting Privacy cont Electronic surveillance. The tracking of people s activities, online or offline, with the aid of computers. Privacy policies/codes. An organization s guidelines with respect to protecting the privacy of customers, clients, and employees.. Chapter 12 7
Protecting Intellectual Property Intellectual property. The intangible property created by individuals or corporations, which is protected under trade secret, patent, and copyright, laws. Trade secret. Intellectual work such as a business plan, that is a company secret and is not based on public information. Patent. A document that grants the holder exclusive rights on an invention or process for 20 years. Copyright. A grant that provides the creator of intellectual property with ownership of it for the life of the creator plus 70 years. Chapter 12 8
12.2 Impacts of IT on organizations and Jobs The use of information technologies, most recently the web, has brought many organizational changes in areas such as structure, authority, power, job content, employee career ladders, supervision and manager s job. Chapter 12 9
How will organizations change? Flatter organization hierarchies. More employees per supervisor Shrinking of Middle Management Changes in supervision. Electronic and remote supervision Less emphasis on office policies Power and status Conflict on control of corporate information Power redistribution Chapter 12 10
How will job change? Job content Higher level of computing literacy Employee career ladders E-learning may shortcut a portion of the learning curve How will high-level human expertise be acquired with minimal experience in low level tasks The manager s job IT tends to reduce the time necessary to complete any step in the decision making process Leadership qualities attributed to physical presence may be lessened Chapter 12 11
12.3 Impacts on Individuals at Work Will my job be eliminated? Dehumanization and psychological impacts Dehumanization: Loss of identity Information anxiety: Disquiet caused by an overload of information Impacts on health and safety Ergonomics: The science of adapting machines and work environment to people. Chapter 12 12
12.4 Societal Impact and Internet Communities Opportunities for people with disabilities Quality-of-life improvements Robot Revolution Improvements in healthcare Crime fighting Technology and privacy The digital divide Free speech versus censorship Controlling spam Virtual communities Chapter 12 13
Technology and privacy Scanning crowds for criminals Cookies and individual privacy Digital millennium Copyright Act and Privacy Chapter 12 14
The Digital Divide The gap in computer technology in general, and now in web technology, between those who have such technology and those who do not. Cybercafés: Public places in which Internet terminals are available usually for a small fee. Chapter 12 15
Free speech versus censorship Controlling spam. Spamming. The practice of indiscriminately broadcasting message over the Internet. Chapter 12 16
Virtual communities Groups of people with similar interests who interact and communicate via the Internet Chapter 12 17
12.5 IS Vulnerability and Computer Crimes Identity theft. Crime in which someone uses the personal information of others to create a false identity and then uses it for some fraud. Chapter 12 18
Security Terms Term Backup Decryption Encryption Exposure Fault tolerance Information system controls Integrity (of data) Risk Threats (or hazards) Vulnerability Definition An extra copy of data and/or programs, kept in a secured location (s) Transformation of scrambled code into readable data after transmission Transmission of data into scrambled code prior to transmission The harm, loss, or damage that can result if something has gone wrong in information system. The ability of an information system to continue to operate (usually for a limited time and/or at reduced level) when a failure occurs The procedure, devices, or software that attempt to ensure that system performs as planned. The procedure, devices or software that attempt to ensure that the system performs as planned. A guarantee of the accuracy, completeness, and reliability of data, system integrity is provided by the integrity of its components and their integration The likelihood that a threat will materialize Given that a threat exists, the susceptibility of the system to harm caused by the threat. Chapter 12 19
Type of computer crimes and criminals Hacker. An outside person who has penetrated a computer system, usually with no criminal intent. Cracker. A malicious hacker. Social engineering. Getting around security systems by tricking computer users into revealing sensitive information or gaining unauthorized access privileges. Cybercrimes. Illegal activities executed on the Internet. Identify theft. A criminal (the identity thief) poses as someone else. Cyberwar. War in which a country s information systems could be paralyzed from a massive attack by destructive software. Virus. Software that can attach itself to ( infect ) other computer programs without the owner of the program being aware of the infection. Chapter 12 20
Security Terms Method Virus Worm Trojan horse Salami slicing Super zapping Trap door Logic bomb Denial of services Sniffer Spoofing Password cracker War dialling Back doors Malicious applets Definition Secret instructions inserted into programs (or data) that are innocently ordinary tasks. The secret instructions may destroy or alter data as well as spread within or between computer systems A program that replicates itself and penetrates a valid computer system. It may spread within a network, penetrating all connected computers. An illegal program, contained within another program, that sleep' until some specific event occurs then triggers the illegal program to be activated and cause damage. A program designed to siphon off small amounts of money from a number of larger transactions, so the quantity taken is not readily apparent. A method of using a utility zap program that can bypass controls to modify programs or data A technique that allows for breaking into a program code, making it possible to insert additional instructions. An instruction that triggers a delayed malicious act Too many requests for service, which crashes the site A program that searches for passwords or content in packet of data as they pass through the Internet Faking an e-mail address or web-page to trick users to provide information instructions A password that tries to guess passwords (can be very successful) Programs that automatically dial thousands of telephone numbers in an attempt to identify one authorized to make a connection with a modem, then one can use that connection to break into databases and systems Invaders to a system create several entry points, even if you discover and close one, they can still get in through others Small Java programs that misuse your computer resource, modify your file, send fake e-mail, etc Chapter 12 21
12.6 Protecting Information Resources Controls General control is the security established to protect a computer system regardless of the specific application Securing your PC Concluding thoughts about computer Auditing information systems Disaster recovery planning Chapter 12 22
Protecting Information Resources cont Disaster recovery. The chain of events linking planning to protection to recovery. Disaster avoidance. A security approach oriented toward prevention. Backup location. Location where, in the event of a major disaster, an extra copy of data and/ or key programs are kept. Hot site. Location at which vendors provide access to a fully configured backup data center. Chapter 12 23
All rights reserved. Reproduction or translation of this work beyond that permitted in section 117 of the United States Copyright Act without express permission of the copyright owner is unlawful. Request for information should be addressed to the permission department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The publisher assumes no responsibility for error, omissions, or damages caused by the use of these programs or from the use of the information herein. Chapter 12 24