Week No. 9-Topic12- Privacy and Ethical Issues in Information Systems.pptx
Document Details
Uploaded by EuphoricWhale
Full Transcript
Chapter 13: Security, Privacy, and Ethical Issues in Information Systems Stair, Reynolds and Chesney: Principles of Business Information Systems, Fourth edition (9781473774605) © Cengage Learning 2021 Principles • Policies and procedures must be established to avoid computer waste and mistakes •...
Chapter 13: Security, Privacy, and Ethical Issues in Information Systems Stair, Reynolds and Chesney: Principles of Business Information Systems, Fourth edition (9781473774605) © Cengage Learning 2021 Principles • Policies and procedures must be established to avoid computer waste and mistakes • Computer crime is a serious and rapidly growing area of concern requiring management attention • Jobs, equipment, and working conditions must be designed to avoid negative health effects For use with Principles of Business Information Systems, 4e by Stair, Reynolds & Chesney © 2021 Cengage Learning Computer waste and mistakes • Computer waste – Inappropriate use of computer technology and resources. • Computer-related mistakes – Errors, failures, and other computer problems that make computer output incorrect or not useful. – Caused mostly by human error. For use with Principles of Business Information Systems, 4e by Stair, Reynolds & Chesney © 2021 Cengage Learning Computer Crime • Computer crime is defined as the use of a computer to commit an illegal act. • This definition includes the following: – Targeting a computer while committing an offense. – Using a computer to commit an offense. – Using computers to support a criminal activity despite the fact that computers are not actually targeted. For use with Principles of Business Information Systems, 4e by Stair, Reynolds & Chesney © 2021 Cengage Learning Computer Crime (Cont.) • Targeting a computer while committing an offense. Someone gains unauthorized entry to a computer system in order to cause damage to the system or to the data it contains. • Using a computer to commit an offense. Computer criminals may steal credit card numbers from websites or a company’s database, skim money from bank accounts, or make unauthorized electronic fund transfers. • Using computers to support a criminal activity despite the fact that computers are not actually targeted. For example, drug dealers and other professional criminals may use computers to store records of their illegal transactions. For use with Principles of Business Information Systems, 4e by Stair, Reynolds & Chesney © 2021 Cengage Learning Computer Crime (Cont.) • Computer Crimes Includes: Identity Theft Cyberterrorism Illegal Access and Use Software Piracy For use with Principles of Business Information Systems, 4e by Stair, Reynolds & Chesney © 2021 Cengage Learning Identity theft • Imposter obtains personal identification information such as Social Security or driver’s license numbers in order to impersonate someone else – To obtain credit, merchandise, and services in the name of the victim – To have false credentials For use with Principles of Business Information Systems, 4e by Stair, Reynolds & Chesney © 2021 Cengage Learning Identity theft (Cont.) • Frequent methods to get information: – Social Engineering: using social skills to get computer users to provide information to access an information system or its data. – Shoulder surfing: Identity thief stands next to someone at a public office and watch as the person fills out personal information on a form. For use with Principles of Business Information Systems, 4e by Stair, Reynolds & Chesney © 2021 Cengage Learning Cyberterrorism • Cyberterrorist: Someone who intimidates a government or organization to advance his or her political or social objectives by launching computer-based attacks against computers, networks, and information stored on them. - Attackers usually aim at critical infrastructure: Telecommunication, energy, water systems, emergency services … For use with Principles of Business Information Systems, 4e by Stair, Reynolds & Chesney © 2021 Cengage Learning Cyberterrorism (Cont.) • Cyberwar: Refers to an organized attempt by a country’s military to disrupt or destroy the information and communication systems of another country. • The goal is to turn the balance of power—through information and knowledge—in one’s favor in order to enhance one’s capabilities while diminishing those of an opponent. For use with Principles of Business Information Systems, 4e by Stair, Reynolds & Chesney © 2021 Cengage Learning Illegal access and use • A criminal hacker (also called a cracker) is a person who attempts to gain unauthorized or illegal access to computer systems • Catching and convicting criminal hackers is a difficult task. • The methods behind their crimes are hard to determine. Even if methods were known, tracking down criminal hackers can take a lot of time. For use with Principles of Business Information Systems, 4e by Stair, Reynolds & Chesney © 2021 Cengage Learning Illegal access and use (Cont.) • Malware: Short for “malicious software” is software programs that destroy or damage processing of computer systems. • Virus: program file capable of attaching to disks or other files and replicating itself repeatedly without the user’s knowledge or permission. • Viruses are most often spread through: - Malicious e-mail attachments. - The sharing of removable media (e.g. USB sticks) - File downloads from malicious websites. For use with Principles of Business Information Systems, 4e by Stair, Reynolds & Chesney © 2021 Cengage Learning Illegal access and use (Cont.) For use with Principles of Business Information Systems, 4e by Stair, Reynolds & Chesney © 2021 Cengage Learning Illegal access and use (Cont.) • Worm: is a variation of a virus that is targeted at networks. It is computer program that can create copies of itself on infected computer or send copies to other computers via a network without the need for an infected host file to be shared. • Trojan horse: program that appears to be useful but purposefully does something user does not expect. • Unlike viruses, Trojan horses typically do not replicate themselves but can do much damage. • Logic bomb: type of Trojan horse that executes when specific conditions occur (e.g. changes in file, specific date). For use with Principles of Business Information Systems, 4e by Stair, Reynolds & Chesney © 2021 Cengage Learning Illegal access and use (Cont.) • Variant: modified version of a virus that is produced by virus’s author or another person. • Ransomware: program that holds a user’s computer hostage by locking or taking control of the user’s computer or encrypting files or documents. • Once infected, the chacker demand a ransom to be paid by a certain deadline in order to unlock the computers or decrypt the files. • paying the ransom does not guarantee getting access to the files again. • having backups is the best safeguard against ransomware. For use with Principles of Business Information Systems, 4e by Stair, Reynolds & Chesney © 2021 Cengage Learning Using antivirus programs • Antivirus program: program or utility software that runs in the background to prevent viruses and recover from them if they infect a computer. • Tips on using antivirus software: – Run and update antivirus software often – Scan all diskettes and CDs before using them – Install software only from a sealed package or secure, well-known website – Follow careful downloading practices – If you detect a virus, take immediate action For use with Principles of Business Information Systems, 4e by Stair, Reynolds & Chesney © 2021 Cengage Learning Software piracy • Like any other intellectual properties, software is protected by copyright laws. • Copyright law violations: – Making additional copies – Loading the software onto more than one machine. • Software piracy: act of illegally duplicating software. For use with Principles of Business Information Systems, 4e by Stair, Reynolds & Chesney © 2021 Cengage Learning Computer-related scams • Phishing – Gaining access to personal information by redirecting user to fake site. – usually by sending spam messages to millions of e-mail accounts (i.e., attackers are “phishing” [fishing] for victims). – As people learn that generically addressed e-mail from a bank is not likely legitimate, criminals have turned to spear phishing. • Spear phishing is a more sophisticated fraudulent e-mail attack that targets a specific person or organization by personalizing the message in order to make it appear as if it is from a trusted source. For use with Principles of Business Information Systems, 4e by Stair, Reynolds & Chesney © 2021 Cengage Learning Preventing computer-related crime • Crime prevention by the state: – Many “computer laws” have been passed by governments. For example: the “Data Protection Act” and “Computer Misuse Act”. – It governs how data about individuals can be stored and processed. • Crime prevention by organizations: - Encrypt sensitive data Insist on strong passwords Conduct audits Restrict physical access For use with Principles of Business Information Systems, 4e by Stair, Reynolds & Chesney © 2021 Cengage Learning Preventing computer-related crime • Crime prevention by individuals: – Using Intrusion detection system (IDS): monitors system and network resources and notifies network security personnel when it senses a possible intrusion. – Using Managed Security Service Providers (MSSPs): outsource network security, These companies provide a valuable service in terms of antivirus, firewalls etc. For use with Principles of Business Information Systems, 4e by Stair, Reynolds & Chesney © 2021 Cengage Learning Privacy • With information systems, privacy deals with the collection and use or misuse of data. • More and more information on all of us is being collected, stored, used, and shared among organizations For use with Principles of Business Information Systems, 4e by Stair, Reynolds & Chesney © 2021 Cengage Learning Email Privacy • Email also raises issues about work privacy. • Most countries have a law that permits employers to monitor e-mail sent and received by employees. • E-mail messages that have been erased from hard disks can be retrieved and used in lawsuits. For use with Principles of Business Information Systems, 4e by Stair, Reynolds & Chesney © 2021 Cengage Learning Privacy and the Internet • Huge potential for privacy invasion on the Internet – E-mail messages – Visiting a Web site – Buying products over the Internet • Potential dangers on social networking Web sites – User Profiles provides personal details – Information about users’ location For use with Principles of Business Information Systems, 4e by Stair, Reynolds & Chesney © 2021 Cengage Learning Individual efforts to protect privacy • Find out what is stored about you in existing databases • Be careful when you share information about yourself • Be proactive to protect your privacy • When purchasing anything from a Web site, make sure that you safeguard your credit card numbers, passwords, and personal information For use with Principles of Business Information Systems, 4e by Stair, Reynolds & Chesney © 2021 Cengage Learning Ethical issues in Information Systems • Laws do not provide a complete guide to ethical behavior. • Many IS-related organizations have codes of ethics for their members. - Code of ethics: states the principals and core values that are essential to their work and govern their behavior. - For example, the British Computer Society. For use with Principles of Business Information Systems, 4e by Stair, Reynolds & Chesney © 2021 Cengage Learning Ethical issues in Information Systems • ACM’s code of ethics and professional conduct – – – – – Be fair and take action not to discriminate Honor property rights including copyrights and patents Give proper credit for intellectual property Respect the privacy of others Honor confidentiality For use with Principles of Business Information Systems, 4e by Stair, Reynolds & Chesney © 2021 Cengage Learning Summary • Computer waste: inappropriate use of computer technology and resources • Computer-related mistakes: errors, failures, and other computer problems that make computer output incorrect or not useful; caused mostly by human error • Preventing computer-related waste and mistakes requires establishing, implementing, monitoring, and reviewing effective policies and procedures For use with Principles of Business Information Systems, 4e by Stair, Reynolds & Chesney © 2021 Cengage Learning Summary (cont.) • Criminals need two capabilities to commit most computer crimes: knowing how to gain access to a computer system and knowing how to manipulate the system to produce desired results • Crimes in which computer is the tool: cyberterrorism, identity theft, etc. For use with Principles of Business Information Systems, 4e by Stair, Reynolds & Chesney © 2021 Cengage Learning
