Chapter 3 Ethics, Privacy & Security Describe the major ethical issues related to information...
-
Upload
giles-chandler -
Category
Documents
-
view
215 -
download
0
Transcript of Chapter 3 Ethics, Privacy & Security Describe the major ethical issues related to information...
Chapter 3 Ethics, Privacy & Security
Describe the major ethical issues related to information technology and identify situations in which they occur.
Identify the many threats to information security
Understand the various defense mechanisms used to protect information systems.
Explain IT auditing and planning for disaster recovery.
Case Study TJX
SWOT
Ethical Issues
Fundamental tenets of ethics include responsibility, accountability, and liability
unethical is not necessarily illegal.
Should organizations monitor employees’ Web surfing and e-mail?
Should organizations sell customer information to other companies?
Ethical Issues
Should organizations audit employees’ computers for unauthorized software or illegally downloaded music or video files?
Privacy issues
Accuracy issues
Property issues
Accessibility issues
Protecting Privacy
The right of privacy is not absolute. Privacy must be balanced against the needs of society
The public’s right to know supersedes the individual’s right of privacy
International Aspects of Privacy
IT’s About Business
Security Outside the Perimeter: LexisNexis
Threats to Information Security
Today’s interconnected, interdependent, wirelessly networked business environment
Governmental legislation
Smaller, faster, cheaper computers and storage devices
Decreasing skills necessary to be a computer hacker
International organized crime taking over cybercrime
Downstream liability
Increased employee use of unmanaged devices
Lack of management support
Threats to Information Systems
Unintentional acts
Natural disasters
Technical failures
Management failures
Deliberate acts
IT’s About Business
The “Hack, Pump, and Dump” Scheme
Protecting Information Resources
Risk management
Risk analysis
Risk mitigation
Risk acceptance
Risk limitation
Risk transference
Protecting Information Resources
Controls
The Difficulties in Protecting Information Resources
Physical Controls
Access Controls
Protecting Information Resources
Authentication
Something the User Is
Something the User Has
Something the User Does
Something the User Knows
IT’s About Business
Providing Least Privilege at UPS
Protecting Information Resources
Communications (network) controls
Firewalls.
Anti-malware systems.
Protecting Information Resources
Whitelisting and Blacklisting
Intrusion Detection Systems
Encryption.
Virtual Private Networking
Secure Socket Layer
IT’s About Business
Using Encryption to Reduce E-Mail Security Risks at Harvard Pilgrim
Ethics, Privacy, and Information Security
Ethics, Privacy, and Information Security
Vulnerability Management Systems
Employee Monitoring Systems
Application Controls
Business Continuity Planning, Backup, and Recovery
hot site
warm site
cold site
off-site data storage
IT’s About Business
The Baltimore Ravens Plan for Business Continuity
Information Systems Auditing
Types of Auditors and Audits
How Is Auditing Executed?