Ethical and Social Issues in Information Systems Notes PDF

Summary

These notes cover ethical and social issues related to information systems, focusing on concepts like information rights, property rights, and accountability. They also explore technology trends that raise ethical concerns, such as profiling and NORA. The notes provide a framework for analyzing ethical situations in a five-step process.

Full Transcript

**Ethical and Social Issues in Information Systems**

*4.1 UNDERSTANDING ETHICAL AND SOCIAL ISSUES RELATED TO SYSTEMS*

*A Model for Thinking About Ethical, Social, and Political Issues*

*Five Moral Dimensions of the Information Age*

The major ethical, social, and political issues raised by information
systems include the following moral dimensions:

1. **Information rights and obligations**

2. **Property rights and obligations.**

3. **Accountability and control.**

4. **System quality.**

5. **Quality of life**

*Key Technology Trends that Raise Ethical Issues*

The use of computers to combine data from multiple sources and create
electronic dossiers of detailed information on individuals is called
**profiling**.

**Nonobvious relationship awareness (NORA)** take information about
people from many disparate sources, such as employment applications,
telephone records, customer listings, and "wanted" lists, and correlate
relationships to find obscure hidden connections that might help
identify criminals or terrorists

*4.2 ETHICS IN AN INFORMATION SOCIETY*

Basic Concepts: Responsibility, Accountability, and Liability

**Responsibility** is a key element of ethical action. Responsibility
means that you accept the potential costs, duties, and obligations for
the decisions you make.

**Accountability** is a feature of systems and social institutions: It
means that mechanisms are in place to determine who took responsible
action, and who is responsible

**Liability** extends the concept of responsibility further to the area
of laws. Liability is a feature of political systems in which a body of
laws is in place that permits individuals to recover the damages done to
them by other actors, systems, or organizations

**Due process** is a related feature of law-governed societies and is a
process in which laws are known and understood, and there is an ability
to appeal to higher authorities to ensure that the laws are applied
correctly.

Ethical Analysis

When confronted with a situation that seems to present ethical issues,
how should you analyze it? The following five-step process should help:

1\. *Identify and describe clearly the facts*.

2\. *Define the conflict or dilemma and identify the higher-order values
involved.*

3\. *Identify the stakeholders.*

4\. *Identify the options that you can reasonably take.*

5\. *Identify the potential consequences of your options.*

Candidate Ethical Principles

1\. Do unto others as you would have them do unto you (the **Golden
Rule**).

2\. If an action is not right for everyone to take, it is not right for
anyone **(Immanuel Kant's Categorical Imperative)**.

3\. If an action cannot be taken repeatedly, it is not right to take at
all **(Descartes'**

**rule of change)**.

4\. Take the action that achieves the higher or greater value
**(Utilitarian Principle)**.

5\. Take the action that produces the least harm or the least potential
cost **(Risk Aversion Principle)**.

6\. Assume that virtually all tangible and intangible objects are owned
by someone

else unless there is a specific declaration otherwise. (This is the
**ethical**

**"no free lunch" rule.**)

*4.3 THE MORAL DIMENSIONS OF INFORMATION SYSTEMS*

***Privacy** is the claim of individuals to be left alone, free from
surveillance or interference from other individuals or organizations,
including the state.*

***Fair Information Practices (FIP)** is a set of principles governing
the collection and use of information about individuals*

***Informed consent** can be defined as consent given with knowledge of
all the facts needed to make a rational decision.*

***safe harbor** is a private, self-regulating policy and enforcement
mechanism that meets the objectives of government regulators and
legislation.*

***Cookies** are small text files deposited on a computer hard drive
when a user visits Web sites.*

***Web beacons**, also called Web bugs, are tiny objects invisibly
embedded in e-mail messages and Web pages that are designed to monitor
the behavior of the user visiting a Web site or sending e-mail.*

***spyware** can secretly install itself on an Internet user's computer
by piggybacking on larger applications.*

***Intellectual property** is considered to be intangible property
created by individuals or corporations.*

*Any intellectual work product---a formula, device, pattern, or
compilation of data---used for a business purpose can be classified as a
**trade secret.***

***Copyright** is a statutory grant that protects creators of
intellectual property from having their work copied by others for any
purpose during the life of the author plus an additional 70 years after
the author's death.*

***patent** grants the owner an exclusive monopoly on the ideas behind
an invention for 20 years*

***Computer crime** is the commission of illegal acts through the use of
a computer or against a computer system.*

***Computer abuse** is the commission of acts involving a computer that
may not be illegal but that are considered unethical*

***Spam** is junk e-mail sent by an organization or individual to a mass
audience of Internet users who have expressed no interest in the product
or service being marketed*

***Repetitive stress injury (RSI)** is the leading occupational disease
today. The single largest cause of RSI is computer keyboard work.*

***Computer vision syndrome (CVS)** refers to any eyestrain condition
related to display screen use in desktop computers, laptops, e-readers,
smartphones, and hand-held video games*

*The newest computer-related malady is **technostress**, which is stress
induced by computer use.*

***Securing Information Systems***

*8.1 SYSTEM VULNERABILITY AND ABUSE*

*Why Systems Are Vulnerable*

***Security** refers to the policies, procedures, and technical measures
used to prevent unauthorized access, alteration, theft, or physical
damage to information systems.*

***Controls** are methods, policies, and organizational procedures that
ensure the safety of the organization's assets; the accuracy and
reliability of its records; and operational adherence to management
standards.*

*Malicious Software: Viruses, Worms, Trojan Horses, and Spyware*

*Malicious software programs are referred to as **malware** and include
a variety of threats, such as computer viruses, worms, and Trojan
horses*

***Computer virus** is a rogue software program that attaches itself to
other software*

*programs or data files in order to be executed, usually without user
knowledge*

*or permission.*

***worms**, which are independent computer programs that copy themselves
from one computer to other computers over a network.*

***Trojan horse** is a software program that appears to be benign but
then does something other than expected, such as the Zeus Trojan
described in the chapter-opening case.*

***Keyloggers** record every keystroke made on a computer to steal
serial numbers for software, to launch Internet attacks, to gain access
to e-mail accounts, to obtain passwords to protected computer systems,
or to pick up personal information such as credit card numbers*

*Hackers and Computer Crime*

***hacker** is an individual who intends to gain unauthorized access to
a computer system.*

***cybervandalism**, the intentional disruption, defacement, or even
destruction of a Web site or corporate information system*

***Spoofing** also may involve redirecting a Web link to an address
different from the intended one, with the site masquerading as the
intended destination.*

***sniffer** is a type of eavesdropping program that monitors
information traveling over a network*

***Identity theft** is a crime in which an imposter obtains key pieces
of personal information, such as social security identification numbers,
driver's license numbers, or credit card numbers, to impersonate someone
else.*

***Phishing** involves setting up fake Web sites or sending e-mail or
text messages that look like those of legitimate businesses to ask users
for confidential personal data*

***Evil twins** are wireless networks that pretend to offer trustworthy
Wi-Fi connections to the Internet, such as those in airport lounges,
hotels, or coffee shops.*

***Pharming** redirects users to a bogus Web page, even when the
individual types the correct Web page address into his or her browser.*

***Click fraud** occurs when an individual or computer program
fraudulently clicks on an online ad without any intention of learning
more about the advertiser or making a purchase*

*Malicious intruders seeking system access sometimes trick employees
into revealing their passwords by pretending to be legitimate members of
the company in need of information. This practice is called **social
engineering***

***patches** to repair the flaws without disturbing the proper operation
of the software.*

*8.2 BUSINESS VALUE OF SECURITY AND CONTROL*

*Legal and Regulatory Requirements for Electronic Records Management*

*Health Insurance Portability and Accountability Act (HIPAA) of 1996.
**HIPAA** outlines medical security and privacy rules and procedures for
simplifying the administration of health care billing and automating the
transfer of health care data between health care providers, payers, and
plans. Electronic Evidence and Computer Forensics*

***Gramm-Leach-Bliley Act**. This act requires financial institutions to
ensure the security and confidentiality of customer data.*

***Sarbanes-Oxley Act.** This Act was designed to protect investors
after the financial scandals at Enron, WorldCom, and other public
companies*

***Computer forensics** is the scientific collection, examination,
authentication, preservation, and analysis of data held on or retrieved
from computer storage media in such a way that the information can be
used as evidence in a court of law.*

*TECHNOLOGIES AND TOOLS FOR PROTECTING INFORMATION RESOURCES*

*Identity Management and Authentication*

***Authentication** refers to the ability to know that a person is who
he or she claims to be. Authentication is often established by using
**passwords** known only to authorized users.*

***token** is a physical device, similar to an identification card, that
is designed to prove the identity of a single user.*

***smart card** is a device about the size of a credit card that
contains a chip formatted with access permission and other data.*

***Biometric authentication** uses systems that read and interpret
individual human traits, such as fingerprints, irises, and voices, in
order to grant or deny access.*

*Firewalls, Intrusion Detection Systems, and Antivirus Software*

***Firewalls** prevent unauthorized users from accessing private
networks.*

***Intrusion detection systems** feature full-time monitoring tools
placed at the most vulnerable points or "hot spots" of corporate
networks to detect and deter intruders continually.*

***Antivirus software** is designed to check computer systems and drives
for the presence of computer viruses.*

*Securing Wireless Networks*

***Encryption** is the process of transforming plain text or data into
cipher text that cannot be read by anyone other than the sender and the
intended receiver.*

*Two methods for encrypting network traffic on the Web are SSL and
S-HTTP.*

***Secure Sockets Layer (SSL)** enable client and server computers to
manage encryption and decryption activities as they communicate with
each other during a secure Web session.*

***Secure Hypertext Transfer Protocol (S-HTTP)** is another protocol
used for encrypting data flowing over the Internet, but it is limited to
individual messages, whereas SSL and TLS are designed to establish a
secure connection between two computers*

*A more secure form of encryption called **public key encryption** uses
two keys: one shared (or public) and one totally private*

***Digital certificates** are data files used to establish the identity
of users and electronic assets for protection of online transactions*

***Downtime** refers to periods of time in which a system is not
operational. However, high-availability computing helps firms recover
quickly from a system crash, whereas fault tolerance promises continuous
availability and the elimination of recovery time altogether.*

***recovery-oriented computing**. This work includes designing systems
that recover quickly, and implementing capabilities and tools to help
operators pinpoint the sources of faults in multi-component systems and
easily correct their mistakes.*

***deep packet inspection (DPI)** examines data files and sorts out
low-priority online material while assigning higher priority to
business-critical files*

***managed security service providers (MSSPs)** that monitor network
activity and perform vulnerability testing and intrusion detection*

***Enhancing Decision Making***

*12.1 DECISION MAKING AND INFORMATION SYSTEMS*

*Types of Decisions*

***Unstructured decisions** are those in which the decision maker must
provide judgment, evaluation, and insight to solve the problem.*

***Structured decisions**, by contrast, are repetitive and routine, and
they involve a definite procedure for handling them so that they do not
have to be treated each time as if they were new.*

***semistructured**, where only part of the problem has a clear-cut
answer provided by an accepted procedure*

*The Decision-Making Process*

***Intelligence** consists of discovering, identifying, and
understanding the problems occurring in the organization---why a problem
exists, where, and what effects it is having on the firm.*

***Design** involves identifying and exploring various solutions to the
problem.*

***Choice** consists of choosing among solution alternatives.*

***Implementation** involves making the chosen alternative work and
continuing to monitor how well the solution is working*

*Managers and Decision Making in the Real World*

***Behavioral models** state that the actual behavior of managers
appears to be less systematic, more informal, less reflective, more
reactive, and less well organized than the classical model would have us
believe.*

***Managerial roles** are expectations of the activities that managers
should perform in an organization*

***Interpersonal Roles**. Managers act as figureheads for the
organization when they represent their companies to the outside world
and perform symbolic duties, such as giving out employee awards*

***informational role**, managers act as the nerve centers of their
organizations, receiving the most concrete, up-to-date information and
redistributing it to those who need to be aware of it.*

***decisional role**, they act as entrepreneurs by initiating new kinds
of activities; they handle disturbances arising in the organization*

***Information Quality.** High-quality decisions require high-quality
information.*

***Management Filters.** Even with timely, accurate information, some
managers make bad decisions. Managers (like all human beings) absorb
information through a series of filters to make sense of the world
around them.*

***Organizational Inertia and Politics.** Organizations are
bureaucracies with limited capabilities and competencies for acting
decisively.*

*12.2 BUSINESS INTELLIGENCE IN THE ENTERPRISE*

*What Is Business Intelligence?*

*"Business intelligence" is a term used by hardware and software vendors
and information technology consultants to describe the infrastructure
for warehousing, integrating, reporting, and analyzing data that comes
from the business environment.*

*The Business Intelligence Environment*

*There are six elements in this business intelligence environment:*

* **Data from the business environment***

* **Business intelligence infrastructure***

* **Business analytics toolset***

* **Managerial users and methods***

* **Delivery platform---MIS, DSS, ESS.***

* **User interface***

*Business Intelligence and Analytics Capabilities*

***There are 5 analytic functionalities that BI systems deliver to
achieve these ends:***

* **Production reports:** These are predefined reports based on
industry-specific requirements*

* **Parameterized reports.** Users enter several parameters as in a
pivot table to filter data and isolate impacts of parameters*

* **Dashboards/scorecards:** These are visual tools for presenting
performance data defined by users*

* **Ad hoc query/search/report creation:** These allow users to create
their own reports based on queries and searches*

* **Drill down:** This is the ability to move from a high-level summary
to a more detailed view*

* **Forecasts, scenarios, models**: These include the ability to
perform linear forecasting, what-if scenario analysis, and analyze data
using standard statistical tools.*

***data visualization** tools help users see patterns and relationships
in large amounts of data that would be difficult to discern if the data
were presented as traditional lists of text.*

***Geographic information systems (GIS)** help decision makers visualize
problems requiring knowledge about the geographic distribution of people
or other resources.*