Download Chapter 4 Personal, Legal, Ethical, and Organizational Issues of

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
Document related concepts

Information security wikipedia , lookup

Information privacy law wikipedia , lookup

Computer security wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
MIS
CHAPTER 4
PERSONAL, LEGAL, ETHICAL,
AND ORGANIZATIONAL
ISSUES OF INFORMATION
SYSTEMS
Hossein BIDGOLI
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
1
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Risks Associated with Information Technologies
• Misuses of information technology
– Invade users’ privacy
– Commit computer crimes
• Minimize or prevent by:
– Installing operating system updates regularly
– Using antivirus software
– Using e-mail security features
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
2
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Cookies
• Cookies
– Small text files with a unique ID tag
– Embedded in a Web browser
– Saved on the user’s hard drive
• Can be useful or intrusive
• Many users disable cookies
– By installing a cookie manager
– Or using Web browser options
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
3
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Spyware and Adware
• Spyware
– Software that secretly gathers information about
users while they browse the Web
– Can be used maliciously
• Install antivirus or antispyware software
• Adware
– Form of spyware
– Collects information about the user to display
advertisements in the Web browser
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
4
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Phishing
• Phishing
– Sending fraudulent e-mails that seem to come from
legitimate sources
• Direct e-mail recipients to false Web sites
– To capture private information
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
5
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Keyloggers
• Keyloggers
– Monitor and record keystrokes
– Can be software or hardware devices
– Sometimes used by companies to track employees’
use of e-mail and the Internet
– Can be used for malicious purposes
• Some antivirus and antispyware programs
protect against software keyloggers
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
6
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Sniffing and Spoofing
• Sniffing
– Capturing and recording network traffic
– Often used by hackers to intercept information
• Spoofing
– Attempt to gain access to a network by posing as an
authorized user to find sensitive information
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
7
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Privacy Issues
• Concerns about privacy in the workplace
– Employers search social networking sites
– Employee monitoring systems
• Misuse and abuse of information gathered by:
– Healthcare organizations
– Financial institutions
– Legal firms
• Defining privacy is difficult
– Information technologies have increased ease of
access to information
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
8
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Privacy Issues (cont’d.)
• Number of databases is increasing rapidly
• Enforcement of federal laws has been lax
• Index and link databases using Social Security
numbers
– Direct marketing companies are major users of this
information
• U.S. government began linking large databases
to find information
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
9
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Privacy Issues (cont’d.)
• Federal laws now regulate collecting and using
information on people and corporations
– 1970 Fair Credit Reporting Act
•
•
•
•
Acceptable use policies
Accountability
Nonrepudiation
Hardware or software controls
– Determine what personal information is provided on
the Web
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
10
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Data Collection on the Internet
• Number of people shopping online is increasing
• Some customers are reluctant to make online
purchases
– Concerns about hackers getting access to their credit
card numbers
– Many credit card companies reimburse fraudulent
charges
• Other electronic payment systems are being
developed
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
11
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Data Collection on the Internet (cont’d.)
• Concerned about computers’ contents being
searched while they’re connected to the Internet
• Information users provide on the Web
– Combined with other information and technologies to
produce new information
• Log files
– Generated by Web server software
– Record a user’s actions on a Web site
• Data collected on the Internet must be used and
interpreted with caution
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
12
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Ethical Issues of Information Technologies
• Ethics and ethical decision making
– Moral guidelines people or organizations follow in
dealing with others
– More difficult to determine than legal versus illegal
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
13
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Ethical Issues of Information Technologies (cont’d.)
• Information technology offers many
opportunities for unethical behavior
– Cybercrime, cyberfraud, identity theft, and intellectual
property theft
• Many associations promote ethically responsible
use of information systems and technologies
– Codes of ethics
• Quick ethics test
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
14
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Intellectual Property
• Intellectual property
– Protections that involve copyrights, trademarks, trade
secrets, and patents for “creations of the mind”
developed by people or businesses
• Industrial property
– Inventions, trademarks, logos, industrial designs
• Copyrighted material
– Literary and artistic works
– May apply to online materials
– Exceptions under Fair Use Doctrine
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
15
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Intellectual Property (cont’d.)
• Trademark
– Protects product names and identifying marks
• Patent
– Protects new processes
– Advantages of patents
• Software piracy
• Laws
– Telecommunications Act of 1996
– Communications Decency Act (CDA)
– Laws against spamming
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
16
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Intellectual Property (cont’d.)
• Internet use policy
– Guard against legal issues and avoid the risks
• Cybersquatting
– Registering, selling, or using a domain name to profit
from someone else’s trademark
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
17
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Social Divisions and the Digital Divide
• Digital divide
– Computers still aren’t affordable for many people
– Haves and have-nots
– Companies installing cables for Internet connections
might subject their communities to a type of
economic “red-lining”
• Children are often victims of this divide
– Funding for computers at schools and libraries
– Loaner programs
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
18
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
The Impact of Information Technology in the
Workplace
• New jobs for:
–
–
–
–
–
–
–
–
–
Programmers
Systems analysts
Database and network administrators
Network engineers
Webmasters
Web page developers
e-commerce specialists
Chief information officers (CIOs)
Technicians
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
19
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
The Impact of Information Technology in the
Workplace (cont’d.)
•
•
•
•
•
Web designers
Java programmers
Web troubleshooters
Telecommuting and virtual work
Job deskilling
– Skilled labor eliminated by introducing high
technology
– Job downgraded from a skilled to a semiskilled or
unskilled position
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
20
Advantages and Disadvantages of Telecommuting
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
21
MIS
CHAPTER 5
PROTECTING INFORMATION
RESOURCES
Hossein BIDGOLI
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
22
Exhibit 5.1
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
The McCumber Cube
23
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Intentional Threats
•
•
•
•
•
•
•
•
•
Viruses
Worms
Trojan programs
Logic bombs
Backdoors
Blended threats (e.g., worm launched by Trojan)
Rootkits
Denial-of-service attacks
Social engineering
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
24
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Viruses
• Type of malware
• In 2008, the number of computer viruses in
existence exceeded one million
• Estimating the dollar amount of damage viruses
cause can be difficult
• Usually given names
– I Love You, Michelangelo
• Consists of self-propagating program code that’s
triggered by a specified time or event
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
25
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Viruses (cont’d.)
• Seriousness of viruses varies
• Transmitted through a network and e-mail
attachments
– Bulletin or message boards
• Virus hoaxes
– Can cause as much damage as real viruses
• Indications of a computer infected by a virus
• Best measure against viruses
– Installing and updating antivirus programs
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
26
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Worms
• Travel from computer to computer in a network
– Do not usually erase data
• Independent programs that can spread
themselves without having to be attached to a
host program
• Replicate into a full-blown version that eats up
computing resources
• Well-known worms
– Code Red, Melissa, and Sasser
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
27
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Trojan Programs
• Named after the Trojan horse the Greeks used
to enter Troy during the Trojan Wars
• Contains code intended to disrupt a computer,
network, or Web site
• Usually hidden inside a popular program
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
28
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Logic Bombs
• Type of Trojan program used to release a virus,
worm, or other destructive code
• Triggered at a certain time or by an event
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
29
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Backdoors
• Programming routine built into a system by its
designer or programmer
• Enable the designer or programmer to bypass
system security and sneak back into the system
later to access programs or files
• System users aren’t aware a backdoor has been
activated
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
30
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Blended Threats
• Combine the characteristics of computer viruses,
worms, and other malicious codes with
vulnerabilities found on public and private
networks
• Main goal is not just to start and transmit an
attack, but also to spread it
• Multi-layer security system could guard against
blended threats
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
31
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Denial-of-Service Attacks
• Flood a network or server with service requests
– Prevent legitimate users’ access to the system
• Target Internet servers
• Distributed denial-of-service (DDoS) attack
– Hundreds or thousands of computers work together
to bombard a Web site with thousands of requests for
information in a short period
– Difficult to trace
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
32
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Social Engineering
• Using “people skills” to trick others into revealing
private information
– Takes advantage of the human element of security
systems
• Use the private information they’ve gathered to
break into servers and networks and steal data
• Commonly used social-engineering techniques
– “Dumpster diving” and “shoulder surfing”
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
33
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Biometric Security Measures
• Use a physiological element to enhance security
measures
• Devices and measures
–
–
–
–
–
–
–
Facial recognition
Fingerprints
Hand geometry
Iris analysis
Palmprints
Retinal scanning
Signature analysis
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
– Vein analysis
– Voice recognition
34
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Callback Modems
• Verify whether a user’s access is valid by:
– Logging the user off
– Calling the user back at a predetermined number
• Useful in organizations with many employees
who work off-site
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
35
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Firewalls
• Combination of hardware and software
• Act as a filter or barrier between a private
network and external computers or networks
• Network administrator defines rules for access
• Examine data passing into or out of a private
network
– Decide whether to allow the transmission based on
users’ IDs, the transmission’s origin and destination,
and the transmission’s contents
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
36
Exhibit 5.3
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
A Basic Firewall Configuration
37
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Firewalls (cont’d.)
• Possible actions after examining packet
– Reject the incoming packet
– Send a warning to the network administrator
– Send a message to the packet’s sender that the
attempt failed
– Allow the packet to enter (or leave) the private
network
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
38
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Firewalls (cont’d.)
• Main types of firewalls
– Packet-filtering firewalls
– Application-filtering firewalls
– Proxy servers
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
39
Exhibit 5.4
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
A Proxy Server
40
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Intrusion Detection Systems
•
•
•
•
•
•
Protect against both external and internal access
Placed in front of a firewall
Prevent against DoS attacks
Monitor network traffic
“Prevent, detect, and react” approach
Require a lot of processing power and can affect
network performance
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
41
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Physical Security Measures
• Primarily control access to computers and
networks
• Include:
–
–
–
–
–
–
–
Cable shielding
Corner bolts
Electronic trackers
Identification (ID) badges
Proximity-release door openers
Room shielding
Steel encasements
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
42
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Access Controls
• Terminal resource security
– Software feature that erases the screen and signs the
user off automatically after a specified length of
inactivity
• Password
– Combination of numbers, characters, and symbols
that’s entered to allow access to a system
– Length and complexity determine its vulnerability to
discovery
– Guidelines for strong passwords
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
43
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Virtual Private Networks
• Provide a secure “tunnel” through the Internet
– For transmitting messages and data via a private
network
• Remote users have a secure connection to the
organization’s network
• Low cost
• Slow transmission speeds
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
44
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Data Encryption
• Transforms data, called “plaintext” or
“cleartext,” into a scrambled form called
“ciphertext”
• Rules for encryption determine how simple or
complex the transformation process should be
– Known as the “encryption algorithm”
• Protocols:
– Secure Sockets Layer (SSL)
– Transport Layer Security (TLS)
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
45
Exhibit 5.7
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
Using Encryption
46
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
E-commerce Transaction Security Measures
• Three factors are critical for security:
– Authentication
– Confirmation
– Nonrepudiation
• Transaction security
–
–
–
–
–
Confidentiality
Authentication
Integrity
Nonrepudiation of origin
Nonrepudiation of receipt
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
47
Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems
Business Continuity Planning
• Outlines procedures for keeping an organization
operational
• Prepare for disaster
• Plan steps for resuming normal operations as
soon as possible
MIS, Chapter 4
©2011 Course Technology, a part of Cengage Learning
48
Related documents
Chapter Twelve - Cengage Learning
Chapter Twelve - Cengage Learning
Chapter Twelve - Cengage Learning
Chapter Twelve - Cengage Learning
Marketing research provides information to help
Marketing research provides information to help
SEM II 4.01 notes
SEM II 4.01 notes
Product Life Cycle
Product Life Cycle
here
here
2.04
2.04
Market Research External
Market Research External
Chapter One
Chapter One
Marketing Research: Collecting the Data
Marketing Research: Collecting the Data