Documente Academic
Documente Profesional
Documente Cultură
13
McGraw-Hill/Irwin
Learning Objectives
Identify several ethical issues in how the use
of information technologies in business affects
Employment
Individuality
Working conditions
Privacy
Crime
Health
Solutions to societal problems
13-2
Learning Objectives
Identify several types of security
management strategies and defenses,
and explain how they can be used to
ensure the security of business
applications of information technology
Propose several ways that business
managers and professionals can help to
lessen the harmful effects and increase
the beneficial effects of the use of
information technology
13-3
13-6
13-7
Business Ethics
13-9
13-10
Stakeholder Theory
Managers have an ethical
responsibility to manage a firm for the
benefit of all its stakeholders
Stakeholders are all individuals and
groups
that have a stake in, or claim on, a
company
13-12
Informed Consent
Those affected by the technology should
understand and accept the risks
13-13
Minimized Risk
Even if judged acceptable by the other three
guidelines, the technology must be
implemented so as to avoid all unnecessary
risk
13-14
13-15
A responsible professional
Acts with integrity
Increases personal competence
Sets high standards of personal
performance
Accepts responsibility for his/her work
Advances the health, privacy, and general
Computer Crime
Computer crime includes
Unauthorized use, access, modification, or
destruction of hardware, software, data, or
network resources
The unauthorized release of information
The unauthorized copying of software
Denying an end user access to his/her own
hardware, software, data, or network
resources
Using or conspiring to use computer or
network resources illegally to obtain
information or tangible property
13-17
Hacking
Hacking is
The obsessive use of computers
The unauthorized access and use of
networked computer systems
Cracker
A malicious or criminal hacker who maintains
knowledge of the vulnerabilities found for
private advantage
13-18
Scans
Widespread probes of the Internet to
determine types of computers, services, and
connections
Looking for weaknesses
13-19
Spoofing
Faking an e-mail address or Web page to
trick users into passing along critical
information
like passwords or credit card numbers
13-20
Back Doors
A hidden point of entry to be used in case the
original entry point is detected or blocked
Malicious Applets
Tiny Java programs that misuse your
computers resources, modify files on the hard
disk, send fake email, or steal passwords
13-21
Logic Bombs
An instruction in a computer program that
triggers a malicious act
Buffer Overflow
Crashing or gaining control of a computer by
sending too much data to buffer memory
13-22
Social Engineering
Gaining access to computer systems by
talking unsuspecting company employees
out of
valuable information, such as passwords
Dumpster Diving
Sifting through a companys garbage to find
information to help break into their
computers
13-23
Cyber Theft
Many computer crimes involve the theft of
money
The majority are inside jobs that involve
unauthorized network entry and alternation
of computer databases to cover the tracks
of the employees involved
Many attacks occur through the Internet
Most companies dont reveal that they have
been targets or victims of cybercrime
13-24
Sniffers
Used to monitor network traffic or capacity
Find evidence of improper use
13-25
Software Piracy
Software Piracy
Unauthorized copying of computer
programs
Licensing
Purchasing software is really a payment
for a license for fair use
Site license allows a certain number of
copies
13-28
13-29
Netsky, 2004
Mass-mailing worm that spreads by
emailing itself to all email addresses
found on infected computers
Tries to spread via peer-to-peer file
sharing
by copying itself into the shared folder
It renames itself to pose as one of 26
other common files along the way
13-31
13-32
Sasser, 2004
Exploits a Microsoft vulnerability to
spread
from computer to computer with no
user intervention
Spawns multiple threads that scan
local subnets for vulnerabilities
13-34
13-35
Spyware
Adware that uses an Internet connection in the
background, without the users permission
or knowledge
Captures information about the user and sends
it over the Internet
13-36
Spyware Problems
Spyware can steal private information and also
13-37
Privacy Issues
The power of information technology to
store and retrieve information can have a
negative effect on every individuals right
to privacy
Personal information is collected with every
visit to a Web site
Confidential information stored by credit
bureaus, credit card companies, and the
government has been stolen or misused
13-38
Opt-Out
Data can be compiled about you unless you
specifically request it not be
This is the default in the U.S.
13-39
Privacy Issues
Violation of Privacy
Accessing individuals private email
conversations and computer records
Collecting and sharing information about
individuals gained from their visits to
Internet websites
Computer Monitoring
Always knowing where a person is
Mobile and paging services are becoming
more closely associated with people than
with places
13-40
Privacy Issues
Computer Matching
Using customer information gained from
many sources to market additional business
services
13-41
Privacy Laws
Electronic Communications Privacy Act
and Computer Fraud and Abuse Act
Prohibit intercepting data communications
messages, stealing or destroying data, or
trespassing in federal-related computer
systems
Privacy Laws
Other laws impacting privacy and how
much a company spends on compliance
Sarbanes-Oxley
Health Insurance Portability and
Accountability Act (HIPAA)
Gramm-Leach-Bliley
USA Patriot Act
California Security Breach Law
Securities and Exchange Commission rule
17a-4
13-44
Biggest battlegrounds
Bulletin boards
Email boxes
Online files of Internet and public networks
Spamming
Flame mail
Libel laws
Censorship
13-45
Flaming
Sending extremely critical, derogatory, and
often vulgar email messages or newsgroup
posting to other users on the Internet or
online services
Especially prevalent on special-interest
newsgroups
13-46
Cyberlaw
Cyberlaw
The intersection of technology and the law
is controversial
Some feel the Internet should not be regulated
Encryption and cryptography make traditional form of
regulation difficult
The Internet treats censorship as damage and simply
routes around it
13-48
Other Challenges
Employment
IT creates new jobs and increases productivity
It can also cause significant reductions in job
opportunities, as well as requiring new job skills
Computer Monitoring
Using computers to monitor the productivity
and behavior of employees as they work
Criticized as unethical because it monitors individuals,
not just work, and is done constantly
Criticized as invasion of privacy because many
employees do not know they are being monitored
13-49
Other Challenges
Working Conditions
IT has eliminated monotonous or obnoxious tasks
However, some skilled craftsperson jobs have been
replaced by jobs requiring routine,
repetitive tasks or standby roles
Individuality
Dehumanizes and depersonalizes activities
because computers eliminate human
relationships
Inflexible systems
13-50
Health Issues
Cumulative Trauma Disorders (CTDs)
Disorders suffered by people who sit at a
PC or terminal and do fast-paced repetitive
keystroke jobs
13-51
Ergonomics
Ergonomics Factors
13-53
Societal Solutions
Using information technologies to solve
human and social problems
Medical diagnosis
Computer-assisted instruction
Governmental program planning
Environmental quality control
Law enforcement
Job placement
13-54
Societal Solutions
13-55
Security Management of IT
The Internet was developed for interoperability, not impenetrability
Business managers and professionals alike
are responsible for the security, quality, and
performance of business information
systems
Hardware, software, networks, and data
resources must be protected by a variety
of security measures
13-56
Security Management
13-59
Encryption
Data is transmitted in scrambled form
It is unscrambled by computer
systems for authorized users only
The most widely used method uses a
pair of public and private keys unique
to each individual
13-60
13-61
13-63
At Zombie Machines
Set and enforce security policies
Scan for vulnerabilities
At the ISP
Monitor and block traffic spikes
Virus Defenses
Centralize the updating and distribution of
antivirus software
Use a security suite that integrates virus
protection with firewalls, Web security,
and content blocking features
13-66
Backup Files
Duplicate files of data or programs
Security Monitors
Monitor the use of computers and networks
Protects them from unauthorized use, fraud,
and destruction
13-67
13-71
Auditing IT Security
IT Security Audits
Performed by internal or external
auditors
Review and evaluation of security
measures
and management policies
Goal is to ensure that that proper and
adequate measures and policies are in
place
13-72
13-73
13-78