Now What

1
Now What?
2
Basic Concepts

• Waste and mistakes Is it possible? ?
• Computers and crime Aiding, abetting? ?
• Ethical behavior Are computers ethically
  neutral? ?
• ?

3
Principles and Learning Objectives -1

• Policies and procedures must be established to
  avoid computer waste and mistakes.?
• Describe some examples of waste and mistakes in
  an IS environment, their causes, and possible
  solutions.
• Identify policies and procedures useful in
  eliminating waste and mistakes.

4
Principles and Learning Objectives -2

• Computer crime is a serious and rapidly growing
  area of concern requiring management attention. ?
• Explain the types and effects of computer crime.
• Identify specific measures to prevent computer
  crime.
• Discuss the principles and limits of an
  individuals right to privacy. ?

5
Principles and Learning Objectives - 3

• Working conditions must be designed to avoid
  negative ethical consequences. ?
• Outline criteria for the ethical use of
  information systems.

6
Computer Waste and Mistakes

• Computer waste
• The inappropriate use of computer technology and
  resources
• Computer-related mistakes
• Errors, failures, and other computer problems
  that make computer output incorrect or not useful

7
Computer Waste

• Discarding of technology
• Unused systems
• Personal use of corporate time and technology
• Spam
• Poorly designed systems
• Unintelligent system use

8
Computer-Related Mistakes

• Mistakes can be caused by unclear expectations
  and a lack of feedback
• A systems analyst might specify a system that is
  not what is needed or wanted
• A programmer might develop a program that
  contains errors
• Users might accept a system that is not what is
  needed or what is wanted
• A data-entry clerk might enter the wrong data

9
Preventing Computer-Related Waste and Mistakes

• Establishing policies and procedures
• Implementing policies and procedures
• Monitoring policies and procedures
• Reviewing policies and procedures

10
Establishing Policies and Procedures
Table 9.2 Types of Computer-Related Mistakes
11
Implementing Policies and Procedures
?
Table 9.3 Useful Policies to Eliminate Waste and
Mistakes
12
Computer Crime

• Often defies detection
• The amount stolen or diverted can be substantial
• The crime is clean and nonviolent (so far!)
• The number of IT-related security incidents is
  increasing dramatically
• Computer crime is now global

13
Computer Crime (continued)
Figure 9.1 Number of Incidents Reported to CERT
14
The Computer as a Tool to Commit Crime

• Criminals need two capabilities to commit most
  computer crimes
• Knowing how to gain access to the computer system
• Knowing how to manipulate the system to produce
  the desired result
• Social engineering
• Dumpster diving

15
Cyberterrorism

• Cyberterrorist intimidates or coerces a
  government or organization to advance his or her
  political or social objectives by launching
  computer-based attacks against computers,
  networks, and the information stored on them
• Homeland Security Departments Information
  Analysis and Infrastructure Protection Directorate

16
Identity Theft

• An imposter obtains key pieces of personal
  identification information, such as Social
  Security or drivers license numbers, in order to
  impersonate someone else
• The information is then used to obtain credit,
  merchandise, and services in the name of the
  victim or to provide the thief with false
  credentials
• Identity Theft and Assumption Deterrence Act of
  1998

17
The Computer as the Object of Crime

• Illegal access and use
• Data alteration and destruction
• Information and equipment theft
• Software and Internet piracy
• Computer-related scams
• International computer crime

18
Illegal Access and Use

• Hackers
• Criminal hackers (also called crackers)
• Script bunnies
• Insiders
• Insiders are the most dangerous of all threats
  because they have the most knowledge about the
  system and its defenses

19
Illegal Access and Use - 2
Table 9.4 How to Respond to a Security Incident
20
Illegal Access and Use -3
Table 9.4 How to Respond to a Security Incident
(continued)
21
Data Alteration and Destruction

• Virus a computer program capable of attaching to
  disks or other files and replicating itself
  repeatedly, typically without the users
  knowledge or permission
• Worm an independent program that replicates its
  own program files until it interrupts the
  operation of networks and computer systems

22
Data Alteration and Destruction 2

• Trojan horse a program that appears to be useful
  but actually masks a destructive program
• Logic bomb an application or system virus
  designed to explode or execute at a specified
  time and date

23
Using Antivirus Programs

• Antivirus program program or utility that
  prevents viruses and recovers from them if they
  infect a computer
• An antivirus software should be run and updated
  often

24
Information and Equipment Theft

• To obtain illegal access, criminal hackers
  require identification numbers and passwords
• Password sniffer
• Theft of data and software
• Theft of computer systems and equipment

25
Software and Internet Software Piracy

• Software piracy the act of illegally duplicating
  software
• Internet software piracy illegally downloading
  software from the Internet
• ALL of us are tempted and MOST of us succumb, but
  there is the problem of motivating creativity by
  all but an unusual group to create a variety of
  software.

26
Preventing Computer-Related Crime

• Crime prevention by state and federal agencies
• Crime prevention by corporations
• Public key infrastructure (PKI) a means to
  enable users of an unsecured public network such
  as the Internet to securely and privately
  exchange data through the use of a public and a
  private cryptographic key pair that is obtained
  and shared through a trusted authority
• Biometrics the measurement of one of a persons
  traits, whether physical or behavioral

27
Preventing Computer-Related Crime (continued)
Table 9.8 Common Methods Used to Commit Computer
Crimes
28
Preventing Computer-Related Crime (continued)
Table 9.8 Common Methods Used to Commit Computer
Crimes (continued)
29
Preventing Computer-Related Crime (continued)
Table 9.9 How to Protect Your Corporate Data
from Hackers
30
Preventing Computer-Related Crime (continued)
Table 9.9 How to Protect Your Corporate Data
from Hackers (continued)
31
Privacy Issues

• With information systems, privacy deals with the
  collection and use or misuse of data
• Privacy and the federal government
• Privacy at work you dont have any
• E-mail privacy doesnt exist
• Privacy and the Internet caveat emptor

32
Privacy The Basic Issue

• Information about the individual may or may not
  belong to the individual as property
• English common law, the basis of our general law,
  recognizes property rights as inherent and
  inviolable (in general)
• Intellectual assets differ in many ways from
  physical property
• Eg. Copyable without damage
• Eg. Valuable only for brief period of time
• Eg. Can cause damage as well as be an asset

33
Information about Oneself

• In general this does NOT belong to the individual
• Example public figure
• Example customer records
• Example Employee records
• Example Ones image (visual or audio)
• Information in general is inherent in an activity
  and belongs to that activity the owner of the
  activity is the owner of the information.
• This is not a well-developed field with clear-cut
  principles that juries and judges adhere to.

34
Fairness in Information Use
Table 9.10 The Right to Know and the Ability to
Decide
35
State Privacy Laws and Regulations

• State legislatures have been considering and
  passing privacy legislation that is far-reaching
  and potentially more burdensome to business than
  existing federal legislation
• State-by-state and county-by-county exceptions to
  the federal law complicate financial record
  keeping and data sharing

36
Corporate Privacy Policies

• Should address a customers knowledge, control,
  notice, and consent over the storage and use of
  information
• May cover who has access to private data and when
  it may be used
• A good database design practice is to assign a
  single unique identifier to each customer

37
Individual Efforts to Protect Privacy

• Find out what is stored about you in existing
  databases
• Be careful when you share information about
  yourself
• Be proactive to protect your privacy
• When purchasing anything from a Web site, make
  sure that you safeguard your credit card numbers,
  passwords, and personal information

?
38
Ethical Issues in Information Systems

• Old contract of business the only
  responsibility of business is to its stockholders
  and owners
• Social contract of business businesses are
  responsible to society
• There is great pressure on business to treat
  information about customers and employees as a
  corporate asset and also as an ethical
  stewardship responsibility.
• In Europe there are strong privacy laws.

39
Guilty!

• We attribute guilt to an individual for an act
  if all of the following are true
• (1) The individual appears motivated to perform
  the act (potentially profit or avoid loss)
• (2) The individual appears to have (had) the
  opportunity to perform the act
• (3) The individual appears to have (had) the
  ability to perform the act
• If any of these are missing, then we tend to
  label the individual innocent or the act
  accidental

40
Are These People Guilty?

• Alice sees Toms password stuck on the side of
  his monitor and memorizes it, then logs on to his
  email and sends out a silly message as a joke.
• Bill takes his work laptop home to surf the
  Internet. On his laptop are thousands of
  customer records. A hacker hacks into his
  computer and steals the records, opening the
  customers to many potential problems.

41
More

• Carla uses her work computer to do cybershopping
  on Cyber Monday while she is supposed to be
  working.
• Dennis, a salesperson for Company X, notices that
  many of his departments customers arent happy
  with his firms products, so he takes his list of
  customers home and copies it, intending to
  approach these customers later for his own
  business after he quits Company X.

42
What Is the Harm? What Should Be Done?

• Alice (password borrowing)
• Bill (laptop surfing)
• Carla (cybershopping)
• Dennis (record theft)

Basically goofing off. Tom is not a responsible
user
Bill shouldnt have been allowed to take records
home. He is perhaps misusing a company resource.
Computer is simply a venue for playing theft of
time.
Dennis is a thief. Hes stolen a company
resource. Doesnt require a computer to be a
thief, but it helps.
43
Summary

• Preventing computer-related waste and mistakes
  requires establishing, implementing, monitoring,
  and reviewing policies and procedures
• Criminals need two capabilities to commit most
  computer crimes knowing how to gain access to
  the computer system and knowing how to manipulate
  the system to produce the desired result

44
Summary -2

• Categories of crimes in which the computer is the
  object of crime illegal access and use, data
  alteration and destruction, information and
  equipment theft, software and Internet piracy,
  computer-related scams, and international
  computer crime

45
Summary -3

• With information systems, privacy deals with the
  collection and use or misuse of data
• Old contract of business the only
  responsibility of business is to its stockholders
  and owners
• Social contract of business businesses are
  responsible to society