11
Chapter 9Chapter 9
Information Systems Information Systems Ethics, Computer Crime, Ethics, Computer Crime,
and Securityand Security
Information Systems TodayInformation Systems TodayLeonard Jessup and Joseph ValacichLeonard Jessup and Joseph Valacich
22
Chapter 9 ObjectivesChapter 9 Objectives
Understand how computer ethics Understand how computer ethics affects IS affects IS
Understand information privacy, Understand information privacy, accuracy, property, and accessibilityaccuracy, property, and accessibility
Understand types of computer crimeUnderstand types of computer crime Understand the terms virus, worm, Understand the terms virus, worm,
Trojan horse, and logic or time bombTrojan horse, and logic or time bomb Understand computer securityUnderstand computer security
33
Information Systems EthicsInformation Systems Ethics
Toffler’s three waves of changeToffler’s three waves of change AgricultureAgriculture Industrial RevolutionIndustrial Revolution Information AgeInformation Age
44
Information Systems EthicsInformation Systems Ethics
Computer LiteracyComputer Literacy Knowing how to use a computerKnowing how to use a computer
Digital DivideDigital Divide That gap between those with computer access That gap between those with computer access
and those who don’t have itand those who don’t have it Computer EthicsComputer Ethics
Standards of conduct as they pertain to the use Standards of conduct as they pertain to the use of information systemsof information systems
55
Information Systems EthicsInformation Systems Ethics
PrivacyPrivacy Protecting one’s personal informationProtecting one’s personal information
Identity theftIdentity theft Stealing of another’s social security number, Stealing of another’s social security number,
credit card number, or other personal credit card number, or other personal informationinformation
66
Information Systems EthicsInformation Systems Ethics
Information accuracyInformation accuracy Deals with authentication and fidelity of Deals with authentication and fidelity of
informationinformation
Information propertyInformation property Deals with who owns information about Deals with who owns information about
individuals and how information can be sold individuals and how information can be sold and exchangedand exchanged
88
Information Systems Information Systems EthicsEthics
Information accessibilityInformation accessibility Deals with what information a person has the Deals with what information a person has the
right to obtain about others and how the right to obtain about others and how the information can be usedinformation can be used
Issues in information accessibilityIssues in information accessibility CarnivoreCarnivore Electronic Communications Privacy Act Electronic Communications Privacy Act
(ECPA)(ECPA) Monitoring e-mailMonitoring e-mail
99
Information Systems Information Systems EthicsEthics
The need for a code of ethical The need for a code of ethical conductconduct Business ethicsBusiness ethics PlagiarismPlagiarism CybersquattingCybersquatting
1010
Computer CrimeComputer Crime Definition:Definition: the act of using a the act of using a
computer to commit an illegal actcomputer to commit an illegal act Authorized and unauthorized computer Authorized and unauthorized computer
accessaccess ExamplesExamples
Stealing time on company computersStealing time on company computers Breaking into government Web sitesBreaking into government Web sites Stealing credit card information Stealing credit card information
1111
Computer CrimeComputer Crime Federal and State LawsFederal and State Laws
Stealing or compromising dataStealing or compromising data Gaining unauthorized computer accessGaining unauthorized computer access Violating data belonging to banksViolating data belonging to banks Intercepting communicationsIntercepting communications Threatening to damage computer systemsThreatening to damage computer systems Disseminating virusesDisseminating viruses
1212
Computer CrimeComputer Crime Hacking and CrackingHacking and Cracking
Hacker – one who gains unauthorized Hacker – one who gains unauthorized computer access, but without doing damagecomputer access, but without doing damage
Cracker – one who breaks into computer Cracker – one who breaks into computer systems for the purpose of doing damagesystems for the purpose of doing damage
1414
Computer CrimeComputer Crime Types of computer crimeTypes of computer crime
Data diddlingData diddling: modifying data: modifying data Salami slicingSalami slicing: skimming small amounts of : skimming small amounts of
moneymoney PhreakingPhreaking: making free long distance calls: making free long distance calls CloningCloning: cellular phone fraud using scanners : cellular phone fraud using scanners CardingCarding: stealing credit card numbers online: stealing credit card numbers online PiggybackingPiggybacking: stealing credit card numbers : stealing credit card numbers
by spyingby spying Social engineeringSocial engineering: tricking employees to : tricking employees to
gain accessgain access Dumpster divingDumpster diving: finding private info in : finding private info in
garbage cansgarbage cans SpoofingSpoofing: stealing passwords through a false : stealing passwords through a false
login pagelogin page
1515
Computer CrimeComputer Crime Software piracySoftware piracy
North America – 25%North America – 25% Western Europe – 34%Western Europe – 34% Asia / Pacific – 51%Asia / Pacific – 51% Mid East / Africa – 55%Mid East / Africa – 55% Latin America – 58%Latin America – 58% Eastern Europe – 63%Eastern Europe – 63%
1616
Computer CrimeComputer Crime Computer viruses and destructive Computer viruses and destructive
codecode Virus – a destructive program that disrupts the Virus – a destructive program that disrupts the
normal functioning of computer systemsnormal functioning of computer systems Types:Types:
Worm: usually does not destroy files; copies itselfWorm: usually does not destroy files; copies itself Trojan horses: Activates without being detected; Trojan horses: Activates without being detected;
does not copy itselfdoes not copy itself Logic or time bombs: A type of Trojan horse that Logic or time bombs: A type of Trojan horse that
stays dormant for a period of time before activatingstays dormant for a period of time before activating
1717
Computer SecurityComputer Security Computer SecurityComputer Security – precautions taken – precautions taken
to keep computers and the information to keep computers and the information they contain safe from unauthorized they contain safe from unauthorized accessaccess
1818
Computer SecurityComputer Security Recommended SafeguardsRecommended Safeguards
Implement a security plan to prevent break-Implement a security plan to prevent break-insins
Have a plan if break-ins do occurHave a plan if break-ins do occur Make backups!Make backups! Only allow access to key employeesOnly allow access to key employees Change passwords frequentlyChange passwords frequently Keep stored information secureKeep stored information secure Use antivirus softwareUse antivirus software Use biometrics for access to computing Use biometrics for access to computing
resourcesresources Hire trustworthy employeesHire trustworthy employees
1919
Computer SecurityComputer Security EncryptionEncryption – the process of encoding – the process of encoding
messages before they enter the messages before they enter the network or airwaves, then decoding network or airwaves, then decoding them at the receiving end of the them at the receiving end of the transfertransfer
2020
Computer SecurityComputer Security How encryption worksHow encryption works
Symmetric secret key systemSymmetric secret key system Both sender and recipient use the same keyBoth sender and recipient use the same key Key management can be a problemKey management can be a problem
Public key technologyPublic key technology A private key and a public keyA private key and a public key
Certificate authorityCertificate authority A trusted middleman verifies that a Web site is a A trusted middleman verifies that a Web site is a
trusted site (provides public keys to trusted partners)trusted site (provides public keys to trusted partners) Secure socket layers (SSL)Secure socket layers (SSL)
2121
Computer SecurityComputer Security Other encryption approachesOther encryption approaches
Pretty good privacy (PGP)Pretty good privacy (PGP) Phil ZimmermanPhil Zimmerman
Clipper ChipClipper Chip
2222
Computer SecurityComputer Security Internet SecurityInternet Security
Firewall – hardware and software designed to Firewall – hardware and software designed to keep unauthorized users out of network keep unauthorized users out of network systemssystems
2323
Computer SecurityComputer Security Virus preventionVirus prevention
Install antivirus softwareInstall antivirus software Make backupsMake backups Avoid unknown sources of sharewareAvoid unknown sources of shareware Delete e-mails from unknown sourcesDelete e-mails from unknown sources If your computer gets a virus…If your computer gets a virus…
2424
Computer SecurityComputer Security How to maintain your privacy onlineHow to maintain your privacy online
Choose Web sites monitored by privacy Choose Web sites monitored by privacy advocatesadvocates
Avoid “cookies”Avoid “cookies” Visit sites anonymouslyVisit sites anonymously Use caution when requesting confirming e-Use caution when requesting confirming e-
mailmail
2525
Computer SecurityComputer Security Avoid getting conned in cyberspaceAvoid getting conned in cyberspace
Internet auctionsInternet auctions Internet accessInternet access International modem dialingInternational modem dialing Web crammingWeb cramming Multilevel marketing (pyramid schemes)Multilevel marketing (pyramid schemes) Travel/vacationsTravel/vacations Business opportunitiesBusiness opportunities InvestmentsInvestments Health-care productsHealth-care products
Top Related