Title: Security, Privacy,
1C H A P T E R
14
- Security, Privacy,
- and Ethical Issues
- in Information Systems and the Internet
2Computer Waste and Mistakes
3Computer Waste
- U.S. government
- Largest single user and mis-user of information
systems in the world - Number of unused computer hours in federal
agencies may run into the hundreds of millions - Private sector
- Employees playing computer games, sending
unimportant e-mail, or accessing the Internet - Junk e-mail and fax documents advertising
products or services not wanted or requested
4Computer-Related Mistakes
- Despite many peoples distrust, computers
themselves rarely make mistakes. - Mistakes can be caused by unclear expectations
and a lack of feedback by users that do not
follow proper procedures.
5Types of Computer-Related Mistakes
Table 14.2
6Preventing Computer-Related Waste and Mistakes
- Establish policies and procedures
- Implement policies and procedures
- Monitor
- Review policies and procedures
7Computer Crime
8The Computer as a Tool to Commit Crime
- Can be used to gain access to information and
money - Emergence of new types of crime with growth of
the Internet and telecommunications technology - Communications and phone fraud costs consumers
and companies an estimated 2-4 billion each year
9The Computer as the Object of Crime
- Illegal access and use
- Data alteration and destruction
- Information and equipment theft
- Software and Internet piracy
- Computer scams
- International computer crime
10Illegal Access and Use
- Hacker
- A person who enjoys computer technology and
spends time learning and using computer systems - Criminal hacker (or cracker)
- A computer-savvy person who attempts to gain
unauthorized or illegal access to computer systems
11Data Alteration and Destruction
- Virus
- A program that attaches itself to other programs
- Worm
- An independent program that replicates its own
program files until it destroys other
systems/programs or interrupts operations of
networks and computer systems
12Data Alteration and Destruction
- Application virus
- Infects executable application files
- System virus
- Infects operating system program or other system
files - Logic bomb
- An application or system virus designed to
explode or execute at a specified time and date - Document virus
- Attaches itself to a document file
13Information and Equipment Theft
- Data and information represent assets that can
also be stolen. - Password sniffer
- A small program hidden in a network or computer
system that records identification numbers and
passwords
14Software and Internet Piracy
- Software piracy
- Illegally duplicating software
- Internet piracy
- Illegally gaining access to and using the Internet
15Computer Scams
- Get-rich-quick schemes offered by scam artists
over the Internet - In most cases, only the scam artist gets rich.
16International Computer Crime
- Becomes more complicated when it crosses borders
- Estimated that more than 90 percent of software
in use in some countries is pirated
17Preventing Computer-Related Crime
- State and federal agencies
- Computer Emergency Response Team (CERT)
- Corporations
- Biometrics
- Systems that can scan fingerprints, handprints,
and retinal images to prevent unauthorized access
to important data and computer resources
18Using Antivirus Programs
- Install a virus scanner and run it often.
- Update the virus scanner often.
- Scan all diskettes before copying or running
programs from them. - Install software only from sealed packages
produced by a known software company. - Follow careful downloading practices.
- If you detect a virus, take immediate action.
19Internet Laws and Protection for Libel and Decency
- The Telecommunications Act of 1996 includes the
Communications Decency Act. - With increased popularity of networks and the
Internet, libel and decency have become important
legal issues.
20Preventing Crime on the Internet
- Internet security can include firewalls and a
number of methods to secure financial
transmissions. - A firewall can include hardware and software
combinations that act as a barrier between an
organizations information system and the outside
world.
21Privacy
22Privacy Issues
- Privacy and the federal government
- Privacy at work
- E-mail privacy issues
- Privacy and the Internet
23Fairness in Information Use
- Selling data (on customers, employees, etc.) to
other companies is lucrative. - Issues
- Knowledge
- Control
- Notice
- Consent
24Federal Privacy Laws and Regulations
- Privacy Act of 1974
- Other federal privacy laws
- Table 14.7
25State Privacy Laws and Regulations
- Issues to be considered
- Use of social security numbers and medical
records - Disclosure of unlisted telephone numbers by
telephone companies and credit reports by credit
bureaus - Disclosure of bank and personal financial
information - Use of criminal files
26Corporate Privacy Policies
- Even though privacy laws for private
organizations are not very restrictive, most
organizations are very sensitive to privacy
issues and fairness.
27Protecting Individual Privacy
- Find out what is stored about you in existing
databases. - Be careful when you share information about
yourself. - Be proactive to protect your privacy.
28The Work Environment
29Health Concerns
- Repetitive motion disorder
- A health problem caused by working with computer
keyboards and other equipment - Also known as repetitive stress injury (RSI)
- Carpal tunnel syndrome (CTS)
- Aggravation of the pathway for nerves that travel
through the wrist
30Avoiding Health and Environmental Problems
- Ergonomics
- The study of designing and positioning computer
equipment - Avoiding injury
31How to Reduce RSI
- Maintain good posture and positioning.
- Dont ignore pain or discomfort.
- Use stretching and strengthening exercises.
- Find a good physician.
- After treatment, start back slowly and pace
yourself.
32Ethical Issues in Information Systems
33Organizations with Codes of Ethics
- Association of Information Technology
Professionals (AITP) - Formerly the Data Processing Management
Association (DPMA) - Association for Computing Machinery (ACM)
- Institute of Electrical and Electronics Engineers
(IEEE) - Computer Professionals for Social Responsibility
(CPSR)
34The AITP Code of Ethics
- Obligation to management
- Obligation to fellow AITP members
- Obligation to society
- Obligation to college or university
- Obligation to the employer
- Obligation to country
35The ACM Code of Professional Conduct
- Act at all times with integrity.
- Strive to increase own competence and the
competence and prestige of the profession. - Accept responsibility for own work.
- Act with professional responsibility.
- Use special knowledge and skills for the
advancement of human welfare.