God is in the Small Stuff and it all matters. .In the Small Stuff. Security and Ethical Challenges. Introduction to Information Systems Chapter 11

Similar documents
Chapter 10: Security and Ethical Challenges of E-Business

Introduction to Information Technology Turban, Rainer and Potter John Wiley & Sons, Inc. Copyright Chapter 12 1

Ethics and Information Security. 10 주차 - 경영정보론 Spring 2014

IS Today: Managing in a Digital World 9/17/12

Securing Information Systems

716 West Ave Austin, TX USA

Chapter 6 Network and Internet Security and Privacy

AN ANALYSIS OF CYBER CRIME AND INTERNET SECURITY

CHAPTER 8 SECURING INFORMATION SYSTEMS

Discovering Computers Living in a Digital World

Security, Privacy and Authentication. Michael Power Gowling Lafleur Henderson LLP

Cyber Criminal Methods & Prevention Techniques. By

Certified Cyber Security Analyst VS-1160

Securing Information Systems

Securing Information Systems

Define information security Define security as process, not point product.

Cybercrime Criminal Law Definitions and Concepts

Security Policies and Procedures Principles and Practices

Thailand Initiatives and Challenges in Cyber Terrorism

II.C.4. Policy: Southeastern Technical College Computer Use

Personal Cybersecurity

Management of IT Infrastructure Security by Establishing Separate Functional Area with Spiral Security Model

Introduction to Computing

2005 E-Crime Watch Survey Survey Results Conducted by CSO magazine in cooperation with the U.S. Secret Service and CERT Coordination Center

Guide to Network Security First Edition. Chapter One Introduction to Information Security

Introduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable?

Chapter 12. Information Security Management

Management Information Systems. B15. Managing Information Resources and IT Security

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner

Ethical Hacking and Countermeasures: Attack Phases, Second Edition. Chapter 1 Introduction to Ethical Hacking

Cybersecurity: Incident Response Short

INTERNAL ASSESSMENT TEST 3 Answer Keys

region16.net Acceptable Use Policy ( AUP )

CHAPTER 3. Information Systems: Ethics, Privacy, and Security

Cleveland State University General Policy for University Information and Technology Resources

DONE FOR YOU SAMPLE INTERNET ACCEPTABLE USE POLICY

Cybersecurity and Hospitals: A Board Perspective

Information Technology Cyber Security Policy. Convergint Technologies, LLC

Cyber Security Practice Questions. Varying Difficulty

13. Acceptable Use Policy

Overview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks

Securing Information Systems

POLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND. October Table of Contents

Legal Issues. Manfred Kerber.

Acceptable Use Policy

Accounting Information Systems

E-guide Getting your CISSP Certification

Electronic Communication of Personal Health Information

Effective security is a team effort involving the participation and support of everyone who handles Company information and information systems.

CUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE

A policy that the user agrees to follow before being allowed to access a network.

Acceptable Use Policy

Secure Programming. Course material Introduction. 3 Course material. 4 Contents

Secure Programming. Introduction. Ahmet Burak Can Hacettepe University

Acceptable Use Policy

Legal, Ethical, and Professional Issues in Information Security

Red Flag Regulations

Glenwood Telecommunications, Inc. Acceptable Use Policy (AUP)

The University of Tennessee. Information Technology Policy (ITP) Preamble

Electronic Identity Theft and Basic Security

SINGLE COURSE. NH9000 Certified Ethical Hacker 104 Total Hours. COURSE TITLE: Certified Ethical Hacker

A Security Model for Space Based Communication. Thom Stone Computer Sciences Corporation

Evolution of Spear Phishing. White Paper

CYBERSECURITY IN THE POST ACUTE ARENA AGENDA

IJESRT. (I2OR), Publication Impact Factor: (ISRA), Impact Factor: 2.114

4 Information Security

Security Solutions. Overview. Business Needs

Principles of Information Security, Fourth Edition. Chapter 2 The Need for Security

CCISO Blueprint v1. EC-Council

UNIQUE IAS ACADEMY-COMPUTER QUIZ-15

FBI. National Security & Oil and Natural Gas. NOIA Conference April 11, 2014

A Review Paper on Network Security Attacks and Defences

Data Security and Breach Notification Legislative Update: What You Need to Know (SESSION CODE CRM001)

Privacy Policy Effective May 25 th 2018

ELECTRONIC BANKING & ONLINE AUTHENTICATION

FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

Checklist: Credit Union Information Security and Privacy Policies

RMU-IT-SEC-01 Acceptable Use Policy

APPLICATION TO OPEN PORTS THROUGH THE FIREWALL

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

Threat analysis. Tuomas Aura CS-C3130 Information security. Aalto University, autumn 2017

Acceptable Use Policy

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Security+ Practice Questions Exam Cram 2 (Exam SYO-101) Copyright 2004 by Que Publishing. International Standard Book Number:

HIPAA Privacy & Security Training. Privacy and Security of Protected Health Information

INSIDE. Integrated Security: Creating the Secure Enterprise. Symantec Enterprise Security

ETHICAL HACKING & COMPUTER FORENSIC SECURITY

Auditing and Monitoring for HIPAA Compliance. HCCA COMPLIANCE INSTITUTE 2003 April, Presented by: Suzie Draper Sheryl Vacca, CHC

5. Execute the attack and obtain unauthorized access to the system.

Pearson: Certified Ethical Hacker Version 9. Course Outline. Pearson: Certified Ethical Hacker Version 9.

CIRT: Requirements and implementation

Jacksonville State University Acceptable Use Policy 1. Overview 2. Purpose 3. Scope

A practical guide to IT security

ACCEPTABLE USE POLICIES FOR INFORMATION SERVICES COMPUTING RESOURCES

Hacking and Cyber Espionage

Preempting Cyber Fraud: SWIFT Threat Indicator Sharing Tool. Cyber Security 3.0 Better Together August 18, 2017

Cyber Attacks & Breaches It s not if, it s When

Information Security Management Criteria for Our Business Partners

HIPAA Federal Security Rule H I P A A

CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018

Transcription:

Introduction to Information Systems Essentials for the Internetworked E-Business Enterprise 1 Eleventh Edition 2 Chapter Objectives C h a p t e r 11 Eleventh Edition James A. O Brien Identify several ethical issues Identify several types of security management strategies and defenses. and Ethical Challenges.In the Small Stuff God is in the Small Stuff and it all matters Leadership is an Art Bruce Bickel & Stan Jantz Empowering is more than delegating Have the courage to hold people accountable Associate with leaders as often as you can Being a good example is better than giving good advice There are born leaders and there are leaders who are made. And then there arte those who become leaders out of necessity 2002 McGraw-Hill Companies 1

Small Stuff (cont.) Small Stuff (cont.) An exceptional leader is one who gets average people to do superior work If you want to lead, read Use your influence sparingly. It will last longer When you find a leader, follow When you identify a follower, lead Be available to take someone s place in an emergency Power begins to corrupt the moment you begin to seek it A signpost like a peer, only warns you about the road ahead. But a map, like a mentor can show you how to get where you want to go Find a mentor Managing people begins with caring for them One of the sobering characteristics of leadership is that leaders are judged to a greater than followers. Eleventh Edition 7 and Ethical Challenges Employment Privacy Health Ethics and Society Crime Individuality Working Conditions 2002 McGraw-Hill Companies 2

IT in the 21 st Century IT in the 21 st Century (cont.) Increasing the Reliability of Systems. The objective relating to reliability is to use fault tolerance to keep the information systems working, even if some parts fail. Intelligent Systems for Early Detection. Detecting intrusion in its beginning is extremely important, especially for classified information and financial data. Intelligent Systems in Auditing. Intelligent systems are used to enhance the task of IS auditing. Artificial Intelligence in Biometrics. Expert systems, neural computing, voice recognition, and fuzzy logic can be used to enhance the capabilities of several biometric systems. Expert Systems for Diagnosis, Prognosis, and Disaster Planning. Expert systems can be used to diagnose troubles in computer systems and to suggest solutions. Smart Cards. Smart card technology can be used to protect PCs on LANs. -- Example Fighting Hackers. Several new products are available for fighting hackers. Eleventh Edition 11 Computer Crime Eleventh Edition 12 Common Hacking Tactics Hacking Computer Viruses Cyber Theft Denial of Service Scans Sniffer Programs Spoofing Trojan Horse Back Doors Malicious Applets War Dialing Logic Bombs Buffer Overflow Password Crackers Social Engineering Dumpster Driving Unauthorized Use at work Piracy 2002 McGraw-Hill Companies 3

Eleventh Edition 13 Management of e-business Eleventh Edition 14 Other e-business Measures Encryption Fire Walls Codes Backup Files Virus Defenses Denial of Service Defenses Monitor E-mail Monitors Biometric Controls Change Ethics Where does work end and private life begin? Portfolio Career Handy Telecommuting Smart Work 80% cerebral/20%manual Virtual Corporations Intellectual Capital 2002 McGraw-Hill Companies 4

Eleventh Edition 17 Ethical Considerations Ethical Principles Proportionality Informed Consent Justice Minimized Risk Standard of Conduct Act with integrity Protect the privacy and confidentiality of information Do not misrepresent or withhold information Do not misuse resources Do not exploit weakness of systems Set high standards Advance the health and welfare of general public National Loss of individual privacy Wiretaps Library Example Right s at Work Case: Cyber Crime On Feb. 6, 2000 - the biggest EC sites were hit by cyber crime. Yahoo!, ebay, Amazon.com, E*Trade The attacker(s) used a method called denial of service (DOS). Clog a system by hammering a Web site s equipment with too many requests for information The total damage worldwide was estimated at $5-10 billion (U.S.). The alleged attacker, from the Philippines, was not prosecuted because he did not break any law in the Philippines. Lessons Learned from the Case Information resources that include computers, networks, programs, and data are vulnerable to unforeseen attacks. Many countries do not have sufficient laws to deal with computer criminals. Protection of networked systems can be a complex issue. Attackers can zero on a single company, or can attack many companies, without discrimination. Attackers use different attack methods. Although variations of the attack methods are known, the defence against them is difficult and/or expensive. 2002 McGraw-Hill Companies 5

U.S. Federal Statutes According to the FBI, an average white-collar crime involves $23,000; but an average computer crime involves about $600,000. The following U.S. federal statutes deal with computer crime; Counterfeit Access Device and Computer Fraud Act of 1984 Computer Fraud and Abuse Act of 1986 Computer Abuse Amendment Act of 1994 (prohibits transmission of viruses) Computer Act of 1987 Electronic Communications Privacy Act of 1986 Electronic Funds Transfer Act of 1980 Video privacy protection act of 1988 Video Ethics Eleventh Edition 24 Employment Challenges Privacy Intellectual Property Copyright Trade Secrets Patent Quality of Life Social Responsibility P2P / File Sharing SPAM / Free speech The privacy of patients information Monitoring employees use of the Internet Lost Job Opportunities Computer Monitoring Working Conditions Lost Individuality Health Issues 2002 McGraw-Hill Companies 6

Case: Catching Cases of Plagiarism Problem: The Internet provides abundant information to students who may be tempted to download material and submit it as their own work. Solution: Some companies (e.g., Plagiarism.org) are offering Internet-based anti-plagiarism technology to identify such cases of plagiarism. Manuscript are checked against a database of other manuscripts collected from different universities and from all over the Internet. Results: Cases of gross plagiarism are more likely to be flagged. Eleventh Edition 26 Chapter Summary The vital role of e-bbusiness and e-commerce systems in society raises serious ethical and societal issues in terms of their impact on employment, individuality, working conditions, privacy, health, and computer crime. Managers can help solve the problems of improper use of IT by assuming their ethical responsibilities for ergonomic design, beneficial use, and enlightened management of e-business technologies in our society. Eleventh Edition 27 Chapter Summary (cont) Business and IT activities involve many ethical considerations. Ethical principles and standards of conduct can serve as guidelines for dealing with ethical businesses issues. One of the most important responsibilities of the management of a company is to assure the security and quality of its e-business activities. management tools and policies can ensure the accuracy, integrity, and safety of e- business systems and resources. 2002 McGraw-Hill Companies 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback