Post on 17-Jan-2016
Security And EthicalChallenges of IT
Oktalia Juwita, S.Kom., M.MT.
Dasar-dasar Sistem Informasi – IKU1102
IT Security, Ethics, and Society
IT has both beneficial and detrimental effects on society and people Manage work
activities to minimize the detrimental effects of IT
Optimize the beneficial effects
Business Ethics
Ethics questions that managers confront as part of their daily business decision making include:EquityRightsHonestyExercise of corporate power
Categories of Ethical Business
Issues
Corporate Social Responsibility Theories
• Stockholder Theoryo Managers are agents of the stockholderso Their only ethical responsibility is to increase the profits
of the business without violating the law or engaging in fraudulent practices
• Social Contract Theoryo Companies have ethical responsibilities to all members
of society, who allow corporations to exist• Stakeholder Theory
o Managers have an ethical responsibility to manage a firm for the benefit of all its stakeholders
o Stakeholders are all individuals and groups that have a stake in, or claim on, a company
Principles of Technology
Ethics
• Proportionality
• Informed Consent
• Justice
• Minimized Risk
AITP Standards of Professional Conduct
Responsible Professional
Guidelines
• A responsible professionalo Acts with integrityo Increases personal competenceo Sets high standards of personal
performanceo Accepts responsibility for his/her worko Advances the health, privacy, and general
welfare of the public
Computer Crimeo Unauthorized use, access, modification, or
destruction of hardware, software, data, or network resources
o The unauthorized release of informationo The unauthorized copying of softwareo Denying an end user access to his/her own
hardware, software, data, or network resources
o Using or conspiring to use computer or network resources illegally to obtain information or tangible property
Privacy Issues
• The power of information technology to store and retrieve information can have a negative effect on every individual’s right to privacyo Personal information is collected with every
visit to a Web siteo Confidential information stored by credit
bureaus, credit card companies, and the government has been stolen or misused
Privacy Issues
• Violation of Privacyo Accessing individuals’ private email
conversations and computer recordso Collecting and sharing information about
individuals gained from their visits to Internet websites
• Computer Monitoringo Always knowing where a person iso Mobile and paging services are becoming more
closely associated with people than with places
Privacy Issues (cont’)
• Computer Matchingo Using customer information gained from many
sources to market additional business services• Unauthorized Access of Personal Files
o Collecting telephone numbers, email addresses, credit card numbers, and other information to build customer profiles
Other Challenges• Employment
o IT creates new jobs and increases productivityo It can also cause significant reductions in job
opportunities, as well as requiring new job skills
• Computer Monitoringo Using computers to monitor the productivity
and behavior of employees as they worko Criticized as unethical because it monitors
individuals, not just work, and is done constantly
o Criticized as invasion of privacy because many employees do not know they are being monitored
Other Challenges (cont’)
• Working Conditionso IT has eliminated monotonous or obnoxious
taskso However, some skilled craftsperson jobs have
been replaced by jobs requiring routine, repetitive tasks or standby roles
• Individualityo Dehumanizes and depersonalizes activities
because computers eliminate human relationships
o Inflexible systems
Health Issues• Cumulative Trauma Disorders (CTDs)
o Disorders suffered by people who sit at a PC or terminal and do fast-paced repetitive keystroke jobs
• Carpal Tunnel Syndromeo Painful, crippling ailment of the hand
and wristo Typically requires surgery to cure
Ergonomics
• Designing healthy work environmentso Safe, comfortable, and pleasant for people to
work ino Increases employee morale and productivityo Also called human factors engineering
Ergonomics Factors
Societal Solutions• Using information technologies to solve human
and social problemso Medical diagnosiso Computer-assisted instructiono Governmental program planningo Environmental quality controlo Law enforcemento Job placement
• The detrimental effects of ITo Often caused by individuals or organizations
not accepting ethical responsibility for their actions
Discussion Questions
1. What can be done to improve the security of business uses of the internet? Give several examples of security measures and technologies you would use
2. What potential security problems do you see in the increasing use of intranets and extranets in business? What might be done to solve such problems? Give several examples
3. Is there an ethical crisis in business today? What role dose information technology play in unethical business practise?
Security Management of IT
• The Internet was developed for inter-operability, not impenetrabilityo Business managers and professionals alike
are responsible for the security, quality, and performance of business information systems
o Hardware, software, networks, and data resources must be protected by a variety of security measures
Security Management
The goal of securitymanagement is the accuracy, integrity, and safety of allinformation system processes and resources
Internetworked Security
Defenses
• Encryptiono Data is transmitted in scrambled formo It is unscrambled by computer systems for
authorized users onlyo The most widely used method uses a pair of
public and private keys unique to each individual
Internetworked Security
Defenses
• Firewallso A gatekeeper system that protects a
company’s intranets and other computer networks from intrusion
o Provides a filter and safe transfer point for access to/from the Internet and other networks
o Important for individuals who connect to the Internet with DSL or cable modems
o Can deter hacking, but cannot prevent it
Internetworked Security
Defenses
Denial of Service Attacks• Denial of service attacks depend on
three layers of networked computer systemso The victim’s websiteo The victim’s Internet service provideroZombie or slave computers that have
been commandeered by the cybercriminals
Internetworked Security
Defenses
• Email Monitoringo Use of content monitoring software that
scans for troublesome words that might compromise corporate security
• Virus Defenseso Centralize the updating and distribution of
antivirus softwareo Use a security suite that integrates virus
protection with firewalls, Web security, and content blocking features
Other Security Measures
• Security Codeso Multilevel password systemo Encrypted passwordso Smart cards with microprocessors
• Backup Fileso Duplicate files of data or programs
• Security Monitorso Monitor the use of computers and networkso Protects them from unauthorized use, fraud, and
destruction
Other Security Measures
(cont’)
• Biometricso Computer devices measure physical traits that make
each individual unique• Voice recognition, fingerprints, retina scan
• Computer Failure Controlso Prevents computer failures or minimizes its effectso Preventive maintenanceo Arrange backups with a disaster recovery
organization
Information System Controls
• Methods and devices that attempt to ensure the accuracy, validity, and propriety of information system activities
Auditing IT Security
• IT Security Auditso Performed by internal or external auditorso Review and evaluation of security
measures and management policies
o Goal is to ensure that that proper and adequate measures and policies are in place
Protecting Yourself from
Cybercrime
Continued to next session-Thank you-