Security, Privacy,

1
C H A P T E R
14

• Security, Privacy,
• and Ethical Issues
• in Information Systems and the Internet

2
Computer Waste and Mistakes
3
Computer Waste

• U.S. government
• Largest single user and mis-user of information
  systems in the world
• Number of unused computer hours in federal
  agencies may run into the hundreds of millions
• Private sector
• Employees playing computer games, sending
  unimportant e-mail, or accessing the Internet
• Junk e-mail and fax documents advertising
  products or services not wanted or requested

4
Computer-Related Mistakes

• Despite many peoples distrust, computers
  themselves rarely make mistakes.
• Mistakes can be caused by unclear expectations
  and a lack of feedback by users that do not
  follow proper procedures.

5
Types of Computer-Related Mistakes
Table 14.2
6
Preventing Computer-Related Waste and Mistakes

• Establish policies and procedures
• Implement policies and procedures
• Monitor
• Review policies and procedures

7
Computer Crime
8
The Computer as a Tool to Commit Crime

• Can be used to gain access to information and
  money
• Emergence of new types of crime with growth of
  the Internet and telecommunications technology
• Communications and phone fraud costs consumers
  and companies an estimated 2-4 billion each year

9
The Computer as the Object of Crime

• Illegal access and use
• Data alteration and destruction
• Information and equipment theft
• Software and Internet piracy
• Computer scams
• International computer crime

10
Illegal Access and Use

• Hacker
• A person who enjoys computer technology and
  spends time learning and using computer systems
• Criminal hacker (or cracker)
• A computer-savvy person who attempts to gain
  unauthorized or illegal access to computer systems

11
Data Alteration and Destruction

• Virus
• A program that attaches itself to other programs
• Worm
• An independent program that replicates its own
  program files until it destroys other
  systems/programs or interrupts operations of
  networks and computer systems

12
Data Alteration and Destruction

• Application virus
• Infects executable application files
• System virus
• Infects operating system program or other system
  files
• Logic bomb
• An application or system virus designed to
  explode or execute at a specified time and date
• Document virus
• Attaches itself to a document file

13
Information and Equipment Theft

• Data and information represent assets that can
  also be stolen.
• Password sniffer
• A small program hidden in a network or computer
  system that records identification numbers and
  passwords

14
Software and Internet Piracy

• Software piracy
• Illegally duplicating software
• Internet piracy
• Illegally gaining access to and using the Internet

15
Computer Scams

• Get-rich-quick schemes offered by scam artists
  over the Internet
• In most cases, only the scam artist gets rich.

16
International Computer Crime

• Becomes more complicated when it crosses borders
• Estimated that more than 90 percent of software
  in use in some countries is pirated

17
Preventing Computer-Related Crime

• State and federal agencies
• Computer Emergency Response Team (CERT)
• Corporations
• Biometrics
• Systems that can scan fingerprints, handprints,
  and retinal images to prevent unauthorized access
  to important data and computer resources

18
Using Antivirus Programs

• Install a virus scanner and run it often.
• Update the virus scanner often.
• Scan all diskettes before copying or running
  programs from them.
• Install software only from sealed packages
  produced by a known software company.
• Follow careful downloading practices.
• If you detect a virus, take immediate action.

19
Internet Laws and Protection for Libel and Decency

• The Telecommunications Act of 1996 includes the
  Communications Decency Act.
• With increased popularity of networks and the
  Internet, libel and decency have become important
  legal issues.

20
Preventing Crime on the Internet

• Internet security can include firewalls and a
  number of methods to secure financial
  transmissions.
• A firewall can include hardware and software
  combinations that act as a barrier between an
  organizations information system and the outside
  world.

21
Privacy
22
Privacy Issues

• Privacy and the federal government
• Privacy at work
• E-mail privacy issues
• Privacy and the Internet

23
Fairness in Information Use

• Selling data (on customers, employees, etc.) to
  other companies is lucrative.
• Issues
• Knowledge
• Control
• Notice
• Consent

24
Federal Privacy Laws and Regulations

• Privacy Act of 1974
• Other federal privacy laws
• Table 14.7

25
State Privacy Laws and Regulations

• Issues to be considered
• Use of social security numbers and medical
  records
• Disclosure of unlisted telephone numbers by
  telephone companies and credit reports by credit
  bureaus
• Disclosure of bank and personal financial
  information
• Use of criminal files

26
Corporate Privacy Policies

• Even though privacy laws for private
  organizations are not very restrictive, most
  organizations are very sensitive to privacy
  issues and fairness.

27
Protecting Individual Privacy

• Find out what is stored about you in existing
  databases.
• Be careful when you share information about
  yourself.
• Be proactive to protect your privacy.

28
The Work Environment
29
Health Concerns

• Repetitive motion disorder
• A health problem caused by working with computer
  keyboards and other equipment
• Also known as repetitive stress injury (RSI)
• Carpal tunnel syndrome (CTS)
• Aggravation of the pathway for nerves that travel
  through the wrist

30
Avoiding Health and Environmental Problems

• Ergonomics
• The study of designing and positioning computer
  equipment
• Avoiding injury

31
How to Reduce RSI

• Maintain good posture and positioning.
• Dont ignore pain or discomfort.
• Use stretching and strengthening exercises.
• Find a good physician.
• After treatment, start back slowly and pace
  yourself.

32
Ethical Issues in Information Systems
33
Organizations with Codes of Ethics

• Association of Information Technology
  Professionals (AITP)
• Formerly the Data Processing Management
  Association (DPMA)
• Association for Computing Machinery (ACM)
• Institute of Electrical and Electronics Engineers
  (IEEE)
• Computer Professionals for Social Responsibility
  (CPSR)

34
The AITP Code of Ethics

• Obligation to management
• Obligation to fellow AITP members
• Obligation to society
• Obligation to college or university
• Obligation to the employer
• Obligation to country

35
The ACM Code of Professional Conduct

• Act at all times with integrity.
• Strive to increase own competence and the
  competence and prestige of the profession.
• Accept responsibility for own work.
• Act with professional responsibility.
• Use special knowledge and skills for the
  advancement of human welfare.