Download Chapter 4 Personal, Legal, Ethical, and Organizational Issues of

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Information security wikipedia , lookup

Information privacy law wikipedia , lookup

Computer security wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript
MIS
CHAPTER 4
PERSONAL, LEGAL, ETHICAL,
AND ORGANIZATIONAL
ISSUES OF INFORMATION
SYSTEMS
Hossein BIDGOLI
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
1
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Risks Associated with Information Technologies
• Misuses of information technology
– Invade users’ privacy
– Commit computer crimes
• Minimize or prevent by:
– Installing operating system updates regularly
– Using antivirus software
– Using e-mail security features
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
2
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Cookies
• Cookies
– Small text files with a unique ID tag
– Embedded in a Web browser
– Saved on the user’s hard drive
• Can be useful or intrusive
• Many users disable cookies
– By installing a cookie manager
– Or using Web browser options
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
3
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Spyware and Adware
• Spyware
– Software that secretly gathers information about
users while they browse the Web
– Can be used maliciously
• Install antivirus or antispyware software
• Adware
– Form of spyware
– Collects information about the user to display
advertisements in the Web browser
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
4
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Phishing
• Phishing
– Sending fraudulent e-mails that seem to come from
legitimate sources
• Direct e-mail recipients to false Web sites
– To capture private information
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
5
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Keyloggers
• Keyloggers
– Monitor and record keystrokes
– Can be software or hardware devices
– Sometimes used by companies to track employees’
use of e-mail and the Internet
– Can be used for malicious purposes
• Some antivirus and antispyware programs
protect against software keyloggers
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
6
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Sniffing and Spoofing
• Sniffing
– Capturing and recording network traffic
– Often used by hackers to intercept information
• Spoofing
– Attempt to gain access to a network by posing as an
authorized user to find sensitive information
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
7
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Privacy Issues
• Concerns about privacy in the workplace
– Employers search social networking sites
– Employee monitoring systems
• Misuse and abuse of information gathered by:
– Healthcare organizations
– Financial institutions
– Legal firms
• Defining privacy is difficult
– Information technologies have increased ease of
access to information
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
8
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Privacy Issues (cont’d.)
• Number of databases is increasing rapidly
• Enforcement of federal laws has been lax
• Index and link databases using Social Security
numbers
– Direct marketing companies are major users of this
information
• U.S. government began linking large databases
to find information
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
9
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Privacy Issues (cont’d.)
• Federal laws now regulate collecting and using
information on people and corporations
– 1970 Fair Credit Reporting Act
•
•
•
•
Acceptable use policies
Accountability
Nonrepudiation
Hardware or software controls
– Determine what personal information is provided on
the Web
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
10
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Data Collection on the Internet
• Number of people shopping online is increasing
• Some customers are reluctant to make online
purchases
– Concerns about hackers getting access to their credit
card numbers
– Many credit card companies reimburse fraudulent
charges
• Other electronic payment systems are being
developed
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
11
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Data Collection on the Internet (cont’d.)
• Concerned about computers’ contents being
searched while they’re connected to the Internet
• Information users provide on the Web
– Combined with other information and technologies to
produce new information
• Log files
– Generated by Web server software
– Record a user’s actions on a Web site
• Data collected on the Internet must be used and
interpreted with caution
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
12
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Ethical Issues of Information Technologies
• Ethics and ethical decision making
– Moral guidelines people or organizations follow in
dealing with others
– More difficult to determine than legal versus illegal
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
13
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Ethical Issues of Information Technologies (cont’d.)
• Information technology offers many
opportunities for unethical behavior
– Cybercrime, cyberfraud, identity theft, and intellectual
property theft
• Many associations promote ethically responsible
use of information systems and technologies
– Codes of ethics
• Quick ethics test
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
14
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Intellectual Property
• Intellectual property
– Protections that involve copyrights, trademarks, trade
secrets, and patents for “creations of the mind”
developed by people or businesses
• Industrial property
– Inventions, trademarks, logos, industrial designs
• Copyrighted material
– Literary and artistic works
– May apply to online materials
– Exceptions under Fair Use Doctrine
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
15
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Intellectual Property (cont’d.)
• Trademark
– Protects product names and identifying marks
• Patent
– Protects new processes
– Advantages of patents
• Software piracy
• Laws
– Telecommunications Act of 1996
– Communications Decency Act (CDA)
– Laws against spamming
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
16
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Intellectual Property (cont’d.)
• Internet use policy
– Guard against legal issues and avoid the risks
• Cybersquatting
– Registering, selling, or using a domain name to profit
from someone else’s trademark
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
17
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Social Divisions and the Digital Divide
• Digital divide
– Computers still aren’t affordable for many people
– Haves and have-nots
– Companies installing cables for Internet connections
might subject their communities to a type of
economic “red-lining”
• Children are often victims of this divide
– Funding for computers at schools and libraries
– Loaner programs
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
18
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
The Impact of Information Technology in the
Workplace
• New jobs for:
–
–
–
–
–
–
–
–
–
Programmers
Systems analysts
Database and network administrators
Network engineers
Webmasters
Web page developers
e-commerce specialists
Chief information officers (CIOs)
Technicians
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
19
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
The Impact of Information Technology in the
Workplace (cont’d.)
•
•
•
•
•
Web designers
Java programmers
Web troubleshooters
Telecommuting and virtual work
Job deskilling
– Skilled labor eliminated by introducing high
technology
– Job downgraded from a skilled to a semiskilled or
unskilled position
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
20
Advantages and Disadvantages of Telecommuting
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
21
MIS
CHAPTER 5
PROTECTING INFORMATION
RESOURCES
Hossein BIDGOLI
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
22
Exhibit 5.1
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
The McCumber Cube
23
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Intentional Threats
•
•
•
•
•
•
•
•
•
Viruses
Worms
Trojan programs
Logic bombs
Backdoors
Blended threats (e.g., worm launched by Trojan)
Rootkits
Denial-of-service attacks
Social engineering
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
24
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Viruses
• Type of malware
• In 2008, the number of computer viruses in
existence exceeded one million
• Estimating the dollar amount of damage viruses
cause can be difficult
• Usually given names
– I Love You, Michelangelo
• Consists of self-propagating program code that’s
triggered by a specified time or event
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
25
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Viruses (cont’d.)
• Seriousness of viruses varies
• Transmitted through a network and e-mail
attachments
– Bulletin or message boards
• Virus hoaxes
– Can cause as much damage as real viruses
• Indications of a computer infected by a virus
• Best measure against viruses
– Installing and updating antivirus programs
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
26
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Worms
• Travel from computer to computer in a network
– Do not usually erase data
• Independent programs that can spread
themselves without having to be attached to a
host program
• Replicate into a full-blown version that eats up
computing resources
• Well-known worms
– Code Red, Melissa, and Sasser
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
27
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Trojan Programs
• Named after the Trojan horse the Greeks used
to enter Troy during the Trojan Wars
• Contains code intended to disrupt a computer,
network, or Web site
• Usually hidden inside a popular program
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
28
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Logic Bombs
• Type of Trojan program used to release a virus,
worm, or other destructive code
• Triggered at a certain time or by an event
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
29
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Backdoors
• Programming routine built into a system by its
designer or programmer
• Enable the designer or programmer to bypass
system security and sneak back into the system
later to access programs or files
• System users aren’t aware a backdoor has been
activated
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
30
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Blended Threats
• Combine the characteristics of computer viruses,
worms, and other malicious codes with
vulnerabilities found on public and private
networks
• Main goal is not just to start and transmit an
attack, but also to spread it
• Multi-layer security system could guard against
blended threats
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
31
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Denial-of-Service Attacks
• Flood a network or server with service requests
– Prevent legitimate users’ access to the system
• Target Internet servers
• Distributed denial-of-service (DDoS) attack
– Hundreds or thousands of computers work together
to bombard a Web site with thousands of requests for
information in a short period
– Difficult to trace
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
32
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Social Engineering
• Using “people skills” to trick others into revealing
private information
– Takes advantage of the human element of security
systems
• Use the private information they’ve gathered to
break into servers and networks and steal data
• Commonly used social-engineering techniques
– “Dumpster diving” and “shoulder surfing”
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
33
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Biometric Security Measures
• Use a physiological element to enhance security
measures
• Devices and measures
–
–
–
–
–
–
–
Facial recognition
Fingerprints
Hand geometry
Iris analysis
Palmprints
Retinal scanning
Signature analysis
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
– Vein analysis
– Voice recognition
34
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Callback Modems
• Verify whether a user’s access is valid by:
– Logging the user off
– Calling the user back at a predetermined number
• Useful in organizations with many employees
who work off-site
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
35
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Firewalls
• Combination of hardware and software
• Act as a filter or barrier between a private
network and external computers or networks
• Network administrator defines rules for access
• Examine data passing into or out of a private
network
– Decide whether to allow the transmission based on
users’ IDs, the transmission’s origin and destination,
and the transmission’s contents
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
36
Exhibit 5.3
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
A Basic Firewall Configuration
37
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Firewalls (cont’d.)
• Possible actions after examining packet
– Reject the incoming packet
– Send a warning to the network administrator
– Send a message to the packet’s sender that the
attempt failed
– Allow the packet to enter (or leave) the private
network
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
38
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Firewalls (cont’d.)
• Main types of firewalls
– Packet-filtering firewalls
– Application-filtering firewalls
– Proxy servers
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
39
Exhibit 5.4
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
A Proxy Server
40
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Intrusion Detection Systems
•
•
•
•
•
•
Protect against both external and internal access
Placed in front of a firewall
Prevent against DoS attacks
Monitor network traffic
“Prevent, detect, and react” approach
Require a lot of processing power and can affect
network performance
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
41
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Physical Security Measures
• Primarily control access to computers and
networks
• Include:
–
–
–
–
–
–
–
Cable shielding
Corner bolts
Electronic trackers
Identification (ID) badges
Proximity-release door openers
Room shielding
Steel encasements
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
42
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Access Controls
• Terminal resource security
– Software feature that erases the screen and signs the
user off automatically after a specified length of
inactivity
• Password
– Combination of numbers, characters, and symbols
that’s entered to allow access to a system
– Length and complexity determine its vulnerability to
discovery
– Guidelines for strong passwords
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
43
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Virtual Private Networks
• Provide a secure “tunnel” through the Internet
– For transmitting messages and data via a private
network
• Remote users have a secure connection to the
organization’s network
• Low cost
• Slow transmission speeds
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
44
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Data Encryption
• Transforms data, called “plaintext” or
“cleartext,” into a scrambled form called
“ciphertext”
• Rules for encryption determine how simple or
complex the transformation process should be
– Known as the “encryption algorithm”
• Protocols:
– Secure Sockets Layer (SSL)
– Transport Layer Security (TLS)
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
45
Exhibit 5.7
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
Using Encryption
46
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
E-commerce Transaction Security Measures
• Three factors are critical for security:
– Authentication
– Confirmation
– Nonrepudiation
• Transaction security
–
–
–
–
–
Confidentiality
Authentication
Integrity
Nonrepudiation of origin
Nonrepudiation of receipt
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
47
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Business Continuity Planning
• Outlines procedures for keeping an organization
operational
• Prepare for disaster
• Plan steps for resuming normal operations as
soon as possible
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
48