Chapter 14
Security, Privacy, & Ethical Issues in IS & the
Internet
Chapter 14 IS for Management2
Social Issues in Information Systems
Access/collection/distribution of information Privacy Computer waste & mistakes Health concerns Computer crime Ethical issues
Chapter 14 IS for Management3
Computer Waste
Mismanagement of IS & resourcesComputer games on company timeUnimportant &/or personal e-mail (spam) Internet overuse/surfingOther non-work related activities
Chapter 14 IS for Management4
Computer-Related Mistakes
Data-entry or capture errors Errors in computer programs Errors in handling files Mishandling of computer output Inadequate planning for & control of equipment
malfunctions Inadequate planning for & control of environmental
difficulties
Chapter 14 IS for Management5
Preventing Computer-Related Waste & Mistakes
All changes tightly controlled User manuals available to cover operations Reports indicate general content & time period/date Controls to prevent invalid/unreasonable data entry Controls to ensure data input is valid, applicable, &
posted in the right time period Proper procedures to ensure correct input data
Chapter 14 IS for Management6
Computer Crime
The computer the tool to commit crime: gaining access to information
The computer as the object of crime– Illegal access & use
– Data alteration & destruction
– Information & equipment theft
– Software & Internet piracy
– Computer scams
– International computer crime
Chapter 14 IS for Management7
Computer Criminals
Hacker: A person who enjoys computer technology & spends time learning & using computer systems
Criminal Hacker (Cracker): A computer-savvy person who attempts to gain unauthorized or illegal access to computer systems
Chapter 14 IS for Management8
Computer Crimes
Data Alteration Virus
– System Virus– Application Virus– Macro
Worm Logic bomb Password sniffer Antivirus innoculation
Chapter 14 IS for Management9
Piracy
Software: The act of illegally duplicating software Internet: The act of illegally gaining access to &
using the Internet
Chapter 14 IS for Management10
Provincial & federal agencies Corporations
Biometrics: The measurement of a living trait, physical or behavioral, for the purpose of protecting important data & information systems (fingerprints, eyeprints, etc.)
Computer Crime Prevention
Chapter 14 IS for Management11
Preventing Viruses
Antivirus Programs– Program(s) that prevents viruses or helps to recover from them if
they infect a computer
– Only useful if kept up to date
Chapter 14 IS for Management12
Preventing Internet Crime
Support legislation to provide severe penalties for those who commit Internet crime
Develop effective Internet security policies Use a stand-alone firewall (hardware & software)
with network monitoring capabilities Monitor managers & employees to ensure they only
use the Internet for business Hire Internet security specialists to perform audits
of all Internet and network activities
Chapter 14 IS for Management13
Privacy
Privacy & the Feds Privacy at work E-mail privacy Privacy & the Internet
Chapter 14 IS for Management14
Health Concerns @ Work
Ergonomics: The study of designing & positioning equipment/furniture to reduce health problems
Repetitive Motion Disorder: Condition caused by working with keyboards & other equipment
Repetitive Stress Injury (RSI): Conditions such as tendinitis or tennis elbow, characterized by inability to hold objects & sharp pain in the fingers
Carpal Tunnel Syndrome (CTS): Condition resulting from aggravation of pathway (tunnel) for nerves that go through the wrist
Chapter 14 IS for Management15
Ethical Issues in IS: The PAPA Model
Mason (1986) proposed that all ethical issues involving information fall into four categories:
Property
Accuracy
Privacy
Access
Chapter 14 IS for Management16
Property
Whose property is the data anyway?
Who owns the data?
Who owns the programs/applications?
Who controls what is done with the data/programs?
Who holds the copyright?
Has this been pirated?
Chapter 14 IS for Management17
Accuracy
How accurate does it have to be?
Does the level of accuracy affect everyone equally?
Who is responsible/liable for accuracy?
Chapter 14 IS for Management18
Privacy
Do others know things about us that we wish they didn’t?
Who says how information about us is distributed/ sold for purposes other than those for which we gave out this information?
Can information/data about us be combined in ways that might not reflect reality?
Chapter 14 IS for Management19
Access
Security & Control– Who has access?
– Are people treated equally who need access?
– How is access authorization authorized/communicated?
– What penalties are there for illegal/unethical access?
Equality– Do some groups of people have more access than others?
– Why?
– Should something be done to equalize access?
Chapter 14 IS for Management20
Brabston’s Extension to the PAPA Model
Equity
How is automation handled in terms of replacing people with machines?
How are people “laid off”, reskilled, relocated when automation puts them out of a job?
What can companies do to ethically lay people off?
Are these situations & solutions handled equitably?
Chapter 14 IS for Management21
Ethical Issues in Information Systems
Organizations That Promote Ethical Issues– The Association of Information Technology
Professionals (AITP) (formerly DPMA)
– The Association of Computing Machinery (ACM)
– The Institute of Electrical & Electronics Engineers (IEEE)
– Computer Professionals for Social Responsibility (CPSR)
– Canadian Information Processing Society (CIPS)
Chapter 14 IS for Management22
Case
AOL security, page 662
Top Related