Fundamentals of Information Systems Fourth Edition Chapter 9 The Personal and Social Impact of...

Fundamentals of Information Systems

Fourth Edition

Chapter 9

The Personal and Social Impact of Computers

Fundamentals of Information Systems, Fourth Edition 2

Principles and Learning Objectives

• Policies and procedures must be established to avoid computer waste and mistakes– Describe some examples of waste and mistakes in

an IS environment, their causes, and possible solutions

– Identify policies and procedures useful in eliminating waste and mistakes

– Discuss the principles and limits of an individual’s right to privacy


Principles and Learning Objectives (continued)

• Computer crime is a serious and rapidly growing area of concern requiring management attention– Explain the types and effects of computer crime– Identify specific measures to prevent computer crime


Principles and Learning Objectives (continued)

• Jobs, equipment, and working conditions must be designed to avoid negative health effects– List the important effects of computers on the work

environment– Identify specific actions that must be taken to ensure

the health and safety of employees– Outline criteria for the ethical use of information

systems


Why Learn About Security, Privacy, and Ethical Issues in Information

Systems and the Internet?

• Many nontechnical issues associated with ISs• Human Resource employees need to:

– Prevent computer waste and mistakes– Avoid privacy violations– Comply with laws about:

• Collecting customer data• Monitoring employees

• Employees, IS users, and Internet users need to: – Avoid crime, fraud, privacy invasion


Computer Waste and Mistakes

• Computer waste– Inappropriate use of computer technology and

resources

• Computer-related mistakes– Errors, failures, and other computer problems that

make computer output incorrect or not useful


Computer Waste

• Cause: improper management of information systems and resources– Discarding old software and even complete

computer systems when they still have value– Building and maintaining complex systems that are

never used to their fullest extent– Using corporate time and technology for personal

use– Spam


Computer-Related Mistakes

• Causes– Failure by users to follow proper procedures– Unclear expectations and a lack of feedback– Program development that contains errors– Incorrect data entry by data-entry clerk


Preventing Computer-Related Waste and Mistakes

• Preventing waste and mistakes involves:– Establishing policies and procedures– Implementing policies and procedures– Monitoring policies and procedures– Reviewing policies and procedures


Establishing Policies and Procedures

• Establish policies and procedures regarding efficient acquisition, use, and disposal of systems and devices

• Training programs for individuals and workgroups

• Manuals and documents on how computer systems are to be maintained and used

• Approval of certain systems and applications to ensure compatibility and cost-effectiveness


Implementing Policies and Procedures

• Policies often focus on:– Implementation of source data automation and the

use of data editing to ensure data accuracy and completeness

– Assignment of clear responsibility for data accuracy within each information system

• Training is often the key to acceptance and implementation of policies and procedures


Monitoring Policies and Procedures

• Monitor routine practices and take corrective action if necessary

• Implement internal audits to measure actual results against established goals

• Follow requirements in Sarbanes-Oxley Act


Reviewing Policies and Procedures

• During review, people should ask the following questions:– Do current policies cover existing practices

adequately? Were any problems or opportunities uncovered during monitoring?

– Does the organization plan any new activities in the future? If so, does it need new policies or procedures on who will handle them and what must be done?

– Are contingencies and disasters covered?


Computer Crime

• Often defies detection

• Amount stolen or diverted can be substantial

• Crime is “clean” and nonviolent

• Number of IT-related security incidents is increasing dramatically

• Computer crime is now global


The Computer as a Tool to Commit Crime

• Criminals need two capabilities to commit most computer crimes– Knowing how to gain access to the computer system– Knowing how to manipulate the system to produce

the desired result• Examples

– Social engineering– Dumpster diving– Counterfeit and banking fraud using sophisticated

desktop publishing programs and high-quality printers


Cyberterrorism

• Cyberterrorist– Someone who intimidates or coerces a government

or organization to advance his or her political or social objectives by launching computer-based attacks against computers, networks, and the information stored on them

• Homeland Security Department’s Information Analysis and Infrastructure Protection Directorate – Serves as governmental focal point for fighting

cyberterrorism


Identity Theft

• Imposter obtains key pieces of personal identification information, such as Social Security or driver’s license numbers, in order to impersonate someone else– Information is then used to obtain credit,

merchandise, and/or services in the name of the victim or to provide the thief with false credentials

• Identity Theft and Assumption Deterrence Act of 1998 passed to fight identity theft

• 9 million victims in 2005


The Computer as the Object of Crime

• Crimes fall into several categories such as:– Illegal access and use– Data alteration and destruction– Information and equipment theft– Software and Internet piracy– Computer-related scams– International computer crime


Illegal Access and Use

• Hacker: learns about and uses computer systems

• Criminal hacker (also called a cracker): gains unauthorized use or illegal access to computer systems

• Script bunnies: automate the job of crackers

• Insider: employee who compromises corporate systems

• Malware: software programs that destroy or damage processing


Illegal Access and Use (continued)

• Virus: computer program file capable of attaching to disks or other files and replicating itself repeatedly, typically without the user’s knowledge or permission

• Worm: parasitic computer program that can create copies of itself on the infected computer or send copies to other computers via a network



• Trojan horse: malicious program that disguises itself as a useful application and purposefully does something the user does not expect

• Logic bomb: type of Trojan horse that executes when specific conditions occur– Triggers for logic bombs can include a change in a file

by a particular series of keystrokes or at a specific time or date



• Tips for avoiding viruses and worms– Install antivirus software on your computer and

configure it to scan all downloads, e-mail, and disks– Update your antivirus software regularly– Back up your files regularly– Do not open any files attached to an e-mail from an

unknown, suspicious, or untrustworthy source



• Tips for avoiding viruses and worms (continued):– Do not open any files attached to an e-mail unless

you know what it is, even if it appears to come from a friend or someone you know

– Exercise caution when downloading files from the Internet

• Ensure that the source is legitimate and reputable


Using Antivirus Programs

• Antivirus program: software that runs in the background to protect your computer from dangers lurking on the Internet and other possible sources of infected files

• Tips on using antivirus software– Run and update antivirus software often– Scan all diskettes and CDs before using them– Install software only from a sealed package or

secure, well-known Web site– Follow careful downloading practices– If you detect a virus, take immediate action


Using Antivirus Programs (continued)

Table 9.2: Antivirus Software


Information and Equipment Theft

• Obtaining identification numbers and passwords to steal information or disrupt systems– Trial and error, password sniffer program

• Software theft

• Computer systems and equipment theft– Data on equipment is valuable


Software and Internet Software Piracy

• Software piracy: act of illegally duplicating software

• Internet software piracy: illegally downloading software from the Internet– Most rapidly expanding type of software piracy– Most difficult form to combat– Examples: pirate Web sites, auction sites that offer

counterfeit software, peer-to-peer networks– Penalties can be severe


Computer-Related Scams

• Examples of Internet scams– Get-rich-quick schemes involving bogus real estate

deals– “Free” vacations with huge hidden costs– Bank fraud– Fake telephone lotteries

• Phishing– Gaining access to personal information by

redirecting user to fake site


International Computer Crime

• Computer crime is an international issue

• Software industry loses about $9 billion in revenue annually to software piracy occurring outside the United States

• Terrorists, international drug dealers, and other criminals might use information systems to launder illegally obtained funds


Preventing Computer-Related Crime

• All states have passed computer crime legislation

• Some believe that these laws are not effective because:– Companies do not always actively detect and pursue

computer crime– Security is inadequate– Convicted criminals are not severely punished

• Individual and group efforts are being made to curb computer crime, and recent efforts have met with some success


Crime Prevention by State and Federal Agencies

• State and federal agencies have begun aggressive attacks on computer criminals

• Computer Fraud and Abuse Act, 1986

• Computer Emergency Response Team (CERT)

• Many states are now passing new, comprehensive bills to help eliminate computer crimes


Crime Prevention by Corporations

• Public key infrastructure (PKI): enables users of an unsecured public network such as the Internet to securely and privately exchange data– Uses a public and a private cryptographic key pair

that is obtained and shared through a trusted authority

• Biometrics: measurement of one of a person’s traits, whether physical or behavioral


Table 9.3: Common Methods Used to Commit Computer Crimes

Crime Prevention by Corporations (continued)


Table 9.3: Common Methods Used to Commit Computer Crimes (continued)




• Companies are joining together to fight crime– Software and Information Industry Alliance (SIIA):

original antipiracy organization– Microsoft financed the formation of a second

antipiracy organization, the Business Software Alliance (BSA)

– Other software companies, including Apple, Adobe, Hewlett-Packard, and IBM, now contribute to the BSA


Using Intrusion Detection Software

• Intrusion detection system (IDS): software that monitors system and network resources and notifies network security personnel when it senses a possible intrusion– Suspicious activities: failed login attempts, attempts

to download program to server, accessing a system at unusual hours

– Can provide false alarms– E-mail or voice message alerts may be missed


Using Managed Security Service Providers (MSSPs)

• Managed security service provider (MSSP): organization that monitors, manages, and maintains network security for both hardware and software for its client companies– Sifts through alarms and alerts from all monitoring

systems– May provide scanning, blocking, and filtering

capabilities


Internet Laws for Libel and Protection of Decency

• Filtering software helps screen Internet content– Also prevents children from sending personal

information over e-mail or through chat groups• Internet Content Rating Association (ICRA)

– Rates Web sites based on authors’ responses from questionnaire

• Children’s Internet Protection Act (CIPA), 2000– Required filters in federally funded libraries

• Libel is an important legal issue on the Internet– Publishing Internet content to the world can subject

companies to different countries’ laws


Preventing Crime on the Internet

• Develop effective Internet usage and security policies for all employees

• Use a stand-alone firewall (hardware and software) with network monitoring capabilities

• Deploy intrusion detection systems, monitor them, and follow up on their alarms


Preventing Crime on the Internet (continued)

• Monitor managers and employees to make sure that they are using the Internet for business purposes

• Use Internet security specialists to perform audits of all Internet and network activities


Privacy Issues

• With information systems, privacy deals with the collection and use or misuse of data

• More data and information are produced and used today than ever before

• Data is constantly being collected and stored on each of us

• This data is often distributed over easily accessed networks and without our knowledge or consent

• Concerns of privacy regarding this data must be addressed


Privacy and the Federal Government

• U.S. federal government is perhaps the largest collector of data

• Over 4 billion records exist on citizens, collected by about 100 federal agencies

• U.S. National Security Agency (NSA) had secretly collected phone call records of tens of millions of U.S. citizens after the September 11, 2001 terrorist attacks– Ruled unconstitutional and illegal by a federal judge

in August 2006


Privacy at Work

• There is conflict between rights of workers who want their privacy and the interests of companies that demand to know more about their employees

• Workers might be monitored via computer technology that can:– Track every keystroke made by a worker– Know when the worker is not using the keyboard or

computer system– Estimate how many breaks he or she is taking

• Many workers consider monitoring dehumanizing


E-Mail Privacy

• Federal law permits employers to monitor e-mail sent and received by employees

• E-mail messages that have been erased from hard disks can be retrieved and used in lawsuits

• Use of e-mail among public officials might violate “open meeting” laws


Privacy and the Internet

• Huge potential for privacy invasion on the Internet

• E-mail is a prime target

• Platform for Privacy Preferences (P3P): screening technology that shields users from Web sites that do not provide the level of privacy protection they desire

• Children’s Online Privacy Protection Act (COPPA), 1998: require privacy policies and parental consent

• Potential dangers on social networking Web sites


Fairness in Information Use

Table 9.4: The Right to Know and the Ability to Decide


Fairness in Information Use (continued)

• The Privacy Act of 1974: provides privacy protection from federal agencies

• Gramm-Leach-Bliley Act: requires financial institutions to protect customers’ nonpublic data

• USA Patriot Act: allows law enforcement and intelligence agencies to gather private information

• Other laws regulate fax advertisements, credit card bureaus, the IRS, video rental store, telemarketers, etc.


Corporate Privacy Policies

• Should address a customer’s knowledge, control, notice, and consent over the storage and use of information

• May cover who has access to private data and when it may be used

• A good database design practice is to assign a single unique identifier to each customer– Single record describing all relationships with the

company across all its business units– Can apply customer privacy preferences consistently

throughout all databases


Individual Efforts to Protect Privacy

• Find out what is stored about you in existing databases

• Be careful when you share information about yourself

• Be proactive to protect your privacy

• When purchasing anything from a Web site, make sure that you safeguard your credit card numbers, passwords, and personal information


The Work Environment

• Computer technology and information systems have opened up numerous avenues to professionals and nonprofessionals

• Enhanced telecommunications has:– Been the impetus for new types of business– Created global markets in industries once limited to

domestic markets

• Despite increasing productivity and efficiency, computers and information systems can raise other concerns


Health Concerns

• Working with computers can cause occupational stress

• Training and counseling can often help the employee and deter problems

• Computer use can affect physical health as well– Strains, sprains, tendonitis, repetitive motion

disorder, carpal tunnel syndrome

• Concerns about emissions from improperly maintained and used equipment, display screens, and cell phones


Avoiding Health and Environmental Problems

• Many computer-related health problems are caused by a poorly designed work environment

• Ergonomics: science of designing machines, products, and systems to maximize the safety, comfort, and efficiency of the people who use them


Ethical Issues in Information Systems

• Code of ethics: states the principles and core values that are essential to a set of people and thus governs their behavior


Ethical Issues in Information Systems (continued)

• ACM code of ethics and professional conduct– Contribute to society and human well-being– Avoid harm to others– Be honest and trustworthy– Be fair and take action not to discriminate– Honor property rights including copyrights and

patents


Ethical Issues in Information Systems (continued)

• ACM code of ethics and professional conduct (continued)– Give proper credit for intellectual property– Respect the privacy of others– Honor confidentiality


Summary

• Preventing computer-related waste and mistakes requires establishing, implementing, monitoring, and reviewing policies and procedures

• Criminals need two capabilities to commit most computer crimes: knowing how to gain access to the computer system and knowing how to manipulate the system to produce the desired result


Summary (continued)

• Categories of crimes in which the computer is the object of crime: illegal access and use, data alteration and destruction, information and equipment theft, software and Internet piracy, computer-related scams, and international computer crime

• Intrusion detection system (IDS): software that monitors system and network resources and notifies network security personnel when it senses a possible intrusion


Summary (continued)

• With information systems, privacy deals with the collection and use or misuse of data

• Ergonomics: science of designing machines, products, and systems to maximize the safety, comfort, and efficiency of the people who use them

• Code of ethics: states the principles and core values that are essential to a set of people and thus governs their behavior

Fundamentals of Information Systems Fourth Edition Chapter 9 The Personal and Social Impact of...

Documents

Transcript of Fundamentals of Information Systems Fourth Edition Chapter 9 The Personal and Social Impact of...