Week 12:

Security and ethical

challenges
James  A.  O'Brien,  and  George  Marakas.    Management Information  Systems  10th ed.

Week  12:  Management  of  Information  System  

Semester  Ganjil 2018/19
NOV  2018
Erwin  Setiawan,  M.T.I.
Learning  Objectives

After  studying  this  chapter,  you  should  be  able  to  :

1. Identify  several  ethical  issues  regarding  how  the  use  of  information  
technologies  in  business  affects  employment,  individuality,  working  
conditions,  privacy,  crime,  health,  and  solutions  to  societal  problems.
2. Identify  several  types  of  security  management  strategies  and  defenses and  
explain  how  they  can  be  used  to  ensure  the  security  of  business  
applications  of  information  technology.  
3. Propose  several  ways  that  business  managers  and  professionals  can  help  
lessen  the  harmful  effects  and  increase  the  beneficial  effects of  the  use  
ofinformation technology.

2
Security,  Ethical,  and  Societal  Challenges  of  IT

3
Beneficial  vs  Detrimental  Effects

4
Ethical  Responsibility  of  Business  Professionals

• Business  Ethics  :  stakeholder  theory,  social  contract  theory

• Technology  ethics:  principles  of  technology  ethics
• Ethical  guidelines:   professional  conduct  of  the  Association  of  Information  
Technology  Professionals  (AITP)

5
Business  Ethics

6
Technology  Ethics

7
Ethical  Guidelines

8
Computer  Crimes

• Computer  crime  is  defined  by  the  Association  of  Information  Technology  
Professionals  (AITP)  as  including
(1)  the  unauthorized  use,  access,  modification,  and  destruction  of  hardware,  
software,  data,  or  network  resources;  
(2)  the  unauthorized  release  of  information;  
(3)  the  unauthorized  copying  of  software;  
(4)  denying  an  end  user  access  to  his  or  her  own  hardware,  software,  data,  or  
network  resources;  and
(5)  using  or  conspiring  to  use  computer  or  network  resources  to  obtain  
information  or  tangible  property  illegally

9
Cyber  Crime

• Hacking:  Hacking  ,  in  computerese,  is  the  obsessive  use  of  computers  or  the  
unauthorized  access  and  use  of  networked  computer  systems
• Cracking:  criminal  hacking;  using  personal  knowledge   vulnerabilities  he  orshe finds  
and  exploits  them  for  private  advantage;  Hacking  (white  hat)  vs  Cracking  (black  hat)
• Cyber  Theft:   Many  computer  crimes  involve  the  theft  of  money.   In  most  cases,  the  
scope  of  such  financial  losses  is  much  larger  than  the  incidentsreported
• Cyberterrorism:   The  National  Conference  of  State  Legislatures  (NCSL)  defined  as  
The  use  of  information  technology  by  terrorist  groups  and  individuals  to  further  
their  agenda.  This  can  include  use  of  information  technology  to  organize  and  
execute  attacks  against  networks,  computer  systems  and  telecommunications  
infrastructures,  or  for  exchanging  information  or  making  threats  electronically.
• Cyberterorrism can  weaken  country’s  economy,  affect  on  internet-­‐based  business

10
Cyber  Crime  (2)
• Unauthorized  use  at  work:   The  unauthorized  use of  computer  systems  and  networks  can  
be  called  time  and  resource  theft
• The  New  York  Times  fired  23  workers  because  they  were  distributing  racist  and  sexually  offensive  jokes  
on  the  company’s  e-­‐mail  system.
• Xerox  Corp.  fired  more  than  40  workers  for  spending  up  to  eight  hours  a  day  on  pornography  sites  on  
the  Web
• Software  Piracy:   unauthorized  copying  of  software;   Unauthorized  copying  is  illegal  
because  software  is  intellectual  property  that  is  protected  by  copyright  law  and  user  
licensing  agreements
• Theft  of  Intellectual  Property:  unauthorized  copy  of   music,  videos,  images,  articles,  books,  
and  other  written  works
• Computer  viruses  and  worms:  
• a  virus  is  a  program  code  that  cannot  work  without  being  inserted  into  another  program
• A  worm  is  a  distinct  program  that  can  run  unaided
• Adware  and  spyware:   defined  as  any  software  that  employs  users’  Internet  connection  in  
the  background  without  their  knowledge  or  explicit  permission

11
Privacy  Issue

• The  power  of  information  technology  to  store  and  retrieve  information,  
however,  can  have  a  negative  effect  on  the  right  to  privacy of  every  individual
• With  regard  to  the  Internet,  opt-­‐in versus  opt-­‐out is  central  to  the  debate  
over  privacy  legislation
• US:  Opt-­‐out
• EU:  Opt-­‐in
• Consumer  protection  groups  typically  endorse  an  opt-­‐in
• business  interests  back  opt-­‐out

12
Privacy  Issues

• Privacy  on  the  internet:  The  Internet  is  notorious  for  giving  its  users  a  feeling  
of  anonymity  when  in  reality  they  are  highly  visible  and  open  to  violations  of  
their  privacy
• The  using  of  Cookie  file
• Computer  Matching:   profiling  software  failed  to  match  individuals  profile
• Computer  Libel  and  Censorship:  
• freedom  of  information-­‐ The  opposite  side  of  the  privacy  debate  is  the  right  of  people  
to  know  about  matters  others  may  want  to  keep  private-­‐
• Freedom  of  speech;   the  right  of  people  to  express  their  opinions  about  such  matters
• Freedom  of  the  press:  and  the  right  of  people  to  publish  those  opinions

13
Other  challenges  

• Employment  challenges:   the  use  of  computers  to  achieve  automation  of  work  
activities.   Additional  jobs  have  been  created  because  information  technologies
• Computer  Monitoring:   computers  are  being  used  to  monitor  the  productivity  and  
behavior  of  millions  of  employees  while  they  work,  for  some  reasons computer  
monitoring  has  been  criticized  as  unethical  
• Challenges  in  Working  conditions:   Information  technology  has  eliminated  
monotonous  or  obnoxious  tasks;   this  shift  allows  people  to  concentrate  on  more  
challenging  and  interesting  assignments,  upgrade  the  skill  level  –IT  upgrade  the  
quality  of  work
• Challenges  of  Individuality:  IT   eliminate  the  human  relationships  present  in  non-­‐
computer  systems

14
Health  Issues

• The  use  of  information  technology  in  the  workplace  raises  a  variety  of  health  
issues
• Ergonomics:  
• sometimes  called  human  factors  engineering
• The  goal  of  ergonomics  is  to  design  healthy  work  environments  that  are  safe,  
comfortable,  and  pleasant  for  people  to  work  in,  thus  increasing  employee  morale  and  
productivity
• Ergonomics  emphasizes  the  healthy  design  of  the  workplace,  workstations,  computers  
and  other  machines,
• Job  design:   providing  for  work  breaks  from  heavy  video  monitor  use  every  
few  hours

15
Security  Management

16
Security  Management

• The  goal  of  security  management is  the  accuracy,  integrity,  and  safety  of  all  
information  system  processes  and  resources
• security  managers  must  acquire  and  integrate  a  variety  of  security  tools  and  
methods to  protect  a  company’s  information  system  resources.

17
Important  security  measures

18
Other  security  measurs

• Security  codes:   Typically,  a  multilevel  password system  is  used  for  security  
management.  Password  to  logon,  password  to  read,  password  to  write
• Backup  files:  on-­‐premises  and  off-­‐premises  backup  location
• Security  monitors:   programs  that  monitor  the  use  of  computer  systems,  
• Biometric  Security:   These  are  security  measuresprovided by  computer  
devices  that  measure  physical  traits  that  make  each  individual  unique

19
Biometric  Techniques

20
Other  security  measurs

• Disaster  recovery
• Natural  and  human-­‐made  disasters
• Many  business  are  significantly  affected  by  losing  even  a  few  hours  of  computing  
power
• Disaster  recovery  procedures  and  formalize  them  in  a  Disaster  Recovery  Plan  (DRP)

21
 System  Control  and  Audits
• Information  system  
controls:   are  methods  
and  devices  that  attempt  
to  ensure  the  accuracy,  
validity,  and  propriety  of  
information  system  
activities
• Information  system  (IS)  
controls  must  be  
developed  to  ensure  
proper  data  entry,  
processing  techniques,  
storage  methods,  and  
information  output.

22
System  Controls  and  Audit  (2)

• Auditing  Security
• Periodic  examination  of  IT  Security  management  y  internal  auditing  staff  of  external  
auditors
• Another  important  objective  of  business  system  audits  is  testing  the  integrity  of  an  
application’s  audit  trail
• Audit  trail:   the  presence  of  documentation  that  allows  a  transaction  to  be  traced through  all  stages  
of  its  information  processing.
• Many  times,  this  electronic  audit  trail takes  the  form  of  control  logs that  automatically  record  all  
computer  network  activity  on  magnetic  disk  or  tape  devices.

23
System  Controls  and  Audit  (3)

24
Problems  at  hand

• Overload  internet  utilization

• Unauthorized  internet  access
• Data  leak
• If  you  are  an  IT  Manager,  what  woud you  do?

25