Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Week 12: Information Systems Ethics and Crime MIS 2101: Management Information Systems No Place to Hide Video What are benefits to companies or govt of information use? What are some factors for increase in privacy concerns? What are the harms of information misuse to consumers? What technologies did you notice in the video? 2 Learning Objectives Discuss the ethical concerns associated with information privacy, accuracy, property, and accessibility. Define computer crime and list several types of computer crime. 3 Computer Ethics Issues and standards of conduct pertaining to the use of information systems Examples Legal but not ethical Need for computer ethics 4 Ethical Challenges – Possible Scenarios Employers ‘Googling’ their employees Spreading rumors about your friends on Facebook Employers ‘read’ employee emails Click fraud Fair use of corporate IT resources Information collection and use in marketing Who is responsible for errors in credit reports? 5 Ethical Challenges – Possible Scenarios Second Life Property Relationships Internet Plagiarism Wi Fi ‘Leaching’ Advertising Networks Blogging about work Anonymity Snooping on Confidential Data Obama’s cell phone and Sarah Palin’s Yahoo account 6 Computer Ethics 7 Information Privacy Increase in Privacy Concerns Increased Digitization Increased Surveillance Information you might want to keep private: Social security number Medical history Family history Identity theft Fastest growing “information” crime Biometrics for better protection 8 Information Privacy Companies seem to know about our every move – how much information do we need to reveal? Amazon.com is famous for personalization What are the costs? 9 How to Maintain Your Privacy Online Review the privacy policy of the company with which you are transacting The policy should indicate: What information is being gathered about you How the seller will use this information Whether and how you can “opt out” of these practices Choose Web sites monitored by independent organizations 10 Information Accuracy Ensuring of the authenticity and fidelity of information Over-reliance on computers Who is responsible? High costs of incorrect information Banks Hospitals Difficult to track down the person who made the mistake 11 Information Property Who owns information about individuals? Easily replicated and shared “Tragedy of the commons” How can this information be sold and exchanged? 12 Information Ownership Company maintaining the database with customer information legally owns it Is free to sell it o Cannot sell information it agreed not to share o Must ensure proper data handling practices 13 Spam, Cookies and Spyware Spam Unsolicited e-mail promoting products or services CAN-SPAM Act of 2003 Little protection available Cookies Text file storing Web browsing activity Can opt for cookies not to be stored Web sites might not function properly without cookies Spyware Software used for data collection without the users’ knowledge Unlikely this activity will become illegal anytime soon 14 Cybersquatting The practice of registering a domain name and later reselling it Some of the victims include Panasonic, Hertz, Avon Anti-Cybersquatting Consumer Protection Act in 1999 Fines as high as $100,000 Some companies pay the cybersquatters to speed up the process of getting the domain 15 Information Accessibility Rightful Access Digital Divide “Questionable” Access e-Survellience, wiretapping Who has the right to monitor the information? E.g., email capture by Carnivore 16 Carnivore Developed to monitor all communication by the government In 2005 FBI abandoned Carnivore for commercially available software 17 Learning Objectives Discuss the ethical concerns associated with information privacy, accuracy, property, and accessibility. Define computer crime and list several types of computer crime. 18 Seems Familiar?? 19 Fraud Statistics Total Fraud in 2006 - ~ $14 bn Over 100% growth compared to 2005 Sources Auctions General Merchandise Nigerian Money Offers Fake Checks Lotteries Phishing Advance Fee Loans Work at Home --------- 42% 30% 8% 6% 4% 2% 1% 1% 20 Fraud Statistics Ages of Consumers Below 29 29-49 Over 50 ---- 28% 48% 24% 37% of crooks are based overseas Other frauds Health care products / services Free Check Credit Card Fraud 21 Computer Crime Targeting a computer – unauthorized access Using a computer to commit an offense Using a computer to support a criminal activity 22 Financial Impact of Virus Attacks Losses from computer crime can be tremendous $14.2 billion in estimated losses due to viruses alone in 2005 23 Some Common Terms Bug Phishing Email Hoaxes Trojan Horse Social Engineering White Hat vs. Black Hat Spam Denial of Service (DoS) 24 Security Two levels of Defense People Technology 25 The First Line of Defense - People The biggest issue surrounding information security is not a technical issue, but a people issue 38% of security incidents originate within the organization Insiders Social engineering 26 The First Line of Defense - People The first line of defense an organization should follow to help combat insider issues is to develop information security policies and an information security plan Information security policies – identify the rules required to maintain information security Information security plan – details how an organization will implement the information security policies 27 The Second Line of Defense Technology Three primary information security areas 1. 2. 3. Authentication and authorization Prevention and resistance Detection and response 28 AUTHENTICATION AND AUTHORIZATION Authentication – a method for confirming users’ identities Authorization – the process of giving someone permission to do or have something The most secure type of authentication involves a combination of the following: 1. 2. 3. Something the user knows such as a user ID and password Something the user has such as a smart card or token Something that is part of the user such as a fingerprint or voice signature 29 PREVENTION AND RESISTANCE Technologies available to help prevent and build resistance to attacks include: 1. 2. 3. Content filtering Encryption Firewalls 30 Content Filtering Organizations can use content filtering technologies to filter e-mail and prevent e-mails containing sensitive information from transmitting and stop spam and viruses from spreading Content filtering – occurs when organizations use software that filters content to prevent the transmission of unauthorized information Spam – a form of unsolicited e-mail 31 Encryption If there is an information security breach and the information was encrypted, the person stealing the information would be unable to read it Encryption – scrambles information into an alternative form that requires a key or password to decrypt the information Digital Signature – using encryption techniques to verify authenticity of sender 32 Firewalls One of the most common defenses for preventing a security breach is a firewall Firewall – hardware and/or software that guards a private network by analyzing the information leaving and entering the network Firewall acts like a gatekeeper 33 FIREWALLS Sample firewall architecture connecting systems located in Chicago, New York, and Boston 34 Detection and Response Intrusion Detection Systems Response? 35 Federal and State Laws Electronic Communications Privacy Act of 1986 Breaking into any electronic communication service is a crime USA PATRIOT Act of 2002 Controversial law Investigators may monitor voice communication Other laws Patent laws protect some software and hardware Right to Financial Privacy Act All 50 states passed laws prohibiting computer crime 36 Types of Computer Crimes 37 Types of Computer Crimes 38 Key Learnings No Place to Hide Video Role of Information in our Society Harms due to Misuse of Information New Technologies on the Horizon Fraud Statistics Ethics of Information Use Privacy, Accuracy, Ownership, Accessibility 39 Key Learnings …contd Computer Security Key Terms and Definitions Role of People in IT Security Role of Technology in IT Security Federal and State Laws Types of Computer Crime 40 Questions! 41