Bài giảng Information Systems in Business - Chapter 13 Security and Ethical Challenges

Security and Ethical ChallengesChapter13McGraw-Hill/IrwinCopyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved.Learning ObjectivesIdentify several ethical issues regarding how the use of information technologies in business affects employment, individuality, working conditions, privacy, crime, health, and solutions to societal problems.Identify several types of security management strategies and defenses and explain how they can be used to ensure the security of business applications of information technology.Learning ObjectivesPropose several ways that business managers and professionals can help lessen the harmful effects and increase the beneficial effects of the use of information technology.Corporate Social Responsibility TheoriesStockholder TheoryManagers are agents of the stockholdersOnly responsible to increase profits without violating the law or fraudSocial Contract TheoryResponsible to all of societyStakeholder TheoryResponsible to anyone affected by companyPrinciples of Technology EthicsProportionalityGood must outweigh the harm or riskInformed ConsentThose affected should understand and accept risksJusticeBenefits and burdens distributed fairlyMinimized Risk Avoid all unnecessary riskHackingObsessive use of computersUnauthorized access and use of networked computer systemsElectronic Breaking and EnteringAccessing without stealing nor damagingCracker (black hat or darkside hacker)Maintains knowledge of vulnerabilities for private advantageCommon Hacking TacticsFigure 13.7Cyber TheftMost involve theft of money“Inside jobs” Unauthorized activityAttacks through the InternetMost companies don’t reportCyberterrorismUse IT to attack electronic infrastructure, exchange information or make threatsTerror related More political motivation than criminalExamplesAttempt to disrupt life support at Antarctic research stationRelease of untreated sewage in AustraliaShut down of government network and banks in EstoniaNon-deliberate shut down of systems at nuclear reactorSoftware PiracyUnauthorized copying of computer programs LicensingPurchase – payment for fair useSite license – allows a certain number of copiesShareware – allows copiesPublic Domain – not copyrightedSoftware industry losses ⅓ to ½ of revenuesMillions of copies in educational market 90% pirated software in ChinaSales negligibleTheft of Intellectual PropertyIntellectual PropertyCopyrighted materialMusic, videos, images, articles, books, softwareCopyright Infringement is IllegalEasy to trade pirated intellectual propertyPublishers Offer Inexpensive Online MusicIllegal downloading is decliningAdware and SpywareAdwareUseful software allows ads without consent SpywareType of AdwareCan steal private information Add advertising links to Web pagesRedirect affiliate paymentsChange a users home page and search settingsMake modem call premium-rate numbersLeave security holes that let Trojans inDegrade system performanceRemoval often not completely successfulComputer Libel and CensorshipThe opposite side of the privacy debate Freedom of information, speech, and pressBiggest battlegroundsBulletin boardsEmail boxesOnline files of Internet and public networksWeapons used in this battleSpammingFlame mailLibel lawsCensorshipHealth IssuesCumulative Trauma Disorders (CTDs)Disorders caused by fast-paced repetitive keystroke jobsCarpal Tunnel SyndromePainful, crippling ailment of the hand and wristTypically requires surgery to cureErgonomicsDesigning healthy work environmentsSocietal SolutionsUse IT to solve human and social problemsMedical diagnosisComputer-assisted instruction (CAI)Computer based training (CBT)Governmental program planningEnvironmental quality controlLaw enforcementJob placementDetrimental effectsActions without ethical responsibilityDenial of Service AttacksDepend on three layers of networked computer systemsThe victim’s websiteThe victim’s Internet service providerZombie or slave computers commandeered by cybercriminalsDefenseAt Zombie MachinesSet and enforce security policiesScan for vulnerabilitiesAt the ISPMonitor and block traffic spikesAt the Victim’s WebsiteCreate backup servers and network connections