11

Security and Ethical Challenges

11

Learning Objectives

Identify ethical issues in how the use of information technologies in business affects employment, individuality, working conditions, privacy, crime, health, and solutions to societal problems.

11 Learning Objectives (continued)

Identify types of security management strategies and defenses, and explain how they can be used to ensure the security of e-business applications. How can business managers and professionals help to lessen the harmful effects and increase the beneficial effects of the use of information technology?
3

11

Section I

Security, Ethical, and Societal Challenges

11

Ethical Responsibility

The use of IT presents major security challenges, poses serious ethical questions, and affects society in significant ways. IT raises ethical issues in the areas of..
Crime Privacy Individuality Employment Health Working conditions
5

11 Ethical Responsibility (continued)

But, IT has had beneficial results as well. So as managers, it is our responsibility to minimize the detrimental effects and optimize the beneficial effects.

11 Ethical Responsibility (continued)

Business Ethics
Basic categories of ethical issues
Employee privacy Security of company records Workplace safety

11 Ethical Responsibility (continued)

Theories of corporate social responsibility
Stockholder theory
Managers are agents of the stockholders. Their only ethical responsibility is to increase profit without violating the law or engaging in fraud

Ethical Responsibility (continued)

Theories of corporate social responsibility

Stockholder theory
Managers are agents of the stockholders. Their only ethical responsibility is to increase profit without violating the law or engaging in fraud

11 Ethical Responsibility (continued)

Theories of corporate social responsibility (continued)
Social Contract Theory
Companies have ethical responsibilities to all members of society, which allow corporations to exist based on a social contract

10

11 Ethical Responsibility (continued)

Theories of corporate social responsibility (continued)
First condition companies must enhance economic satisfaction of consumers and employees Second condition avoid fraudulent practices, show respect for employees as human beings, and avoid practices that systematically worsen the position of any group in society

11

11 Ethical Responsibility (continued)

Theories of corporate social responsibility (continued)
Stakeholder theory
Managers have an ethical responsibility to manage a firm for the benefit of all its stakeholders.
Stockholders Employees Customers Suppliers Local community

12

11 Ethical Responsibility (continued)

Theories of corporate social responsibility (continued)
Sometimes stakeholders are considered to include Competitors Government agencies and special interest groups Future generations

13

11 Ethical Responsibility (continued) Technology Ethics

Four Principles
Proportionality
Good must outweigh any harm or risk Must be no alternative that achieves the same or comparable benefits with less harm or risk

Informed consent
Those affected should understand and accept the risks

Justice
Benefits and burdens should be distributed fairly
14

11 Ethical Responsibility (continued)

Technology Ethics (continued)
Minimized Risk
Even if judged acceptable by the other three guidelines, the technology must be implemented so as to avoid all unnecessary risk

15

11 Ethical Responsibility (continued)

Ethical Guidelines

16

11 Ethical Responsibility (continued) Ethical guidelines (continued)

Responsible end users
Act with integrity Increase their professional competence Set high standards of personal performance Accept responsibility for their work Advance the health, privacy, and general welfare of the public

17

11

Computer Crime

Association of Information Technology Professionals (AITP) definition includes

The unauthorized use, access, modification, and destruction of hardware, software, data, or network resources Unauthorized release of information Unauthorized copying of software
18

11

Computer Crime (continued)

AITP guidelines (continued) Denying an end user his/her own hardware, software, data, or network resources Using or conspiring to use computer or network resources to illegally obtain info or tangible property

19

11

Computer Crime (continued)

Hacking
The obsessive use of computers, or the unauthorized access and use of networked computer systems

Cyber Theft
Involves unauthorized network entry and the fraudulent alteration of computer databases

20

Computer Crime (continued)

Unauthorized use at work

Also called time and resource theft May range from doing private consulting or personal finances, to playing video games, to unauthorized use of the Internet on company networks

21

11

Computer Crime (continued)

Software Piracy
Unauthorized copying of software
Software is intellectual property protected by copyright law and user licensing agreements

22

11

Computer Crime (continued)

Piracy of intellectual property

Other forms of intellectual property covered by copyright laws
Music Videos Images Articles Books Other written works
23

11

Computer Crime (continued)

Computer viruses and worms

Virus
A program that cannot work without being inserted into another program

Worm
A distinct program that can run unaided

24

11

Privacy Issues

IT makes it technically and economically feasible to collect, store, integrate, interchange, and retrieve data and information quickly and easily.
Benefit increases efficiency and effectiveness But, may also have a negative effect on individuals right to privacy
25

11

Privacy Issues (continued)

Examples of important privacy issues

Accessing private e-mail and computer records & sharing information about individuals gained from their visits to websites and newsgroups Always knowing where a person is via mobile and paging services

26

11

Privacy Issues (continued)

Examples of important privacy issues (continued)

Using customer information obtained from many sources to market additional business services Collecting personal information to build individual customer profiles

27

11

Privacy Issues (continued)

Privacy on the Internet

Users of the Internet are highly visible and open to violations of privacy Unsecured with no real rules Cookies capture information about you every time you visit a site That information may be sold to third parties

28

11

Privacy Issues (continued)

Privacy on the Internet (continued)

Protect your privacy by
Encrypting your messages Post to newsgroups through anonymous remailers Ask your ISP not to sell your information to mailing list providers and other marketers Decline to reveal personal data and interests online

29

11

Privacy Issues (continued)

Computer matching
Computer profiling and matching personal data to that profile
Mistakes can be a major problem

30

11

Privacy Issues (continued)

Privacy laws
Attempt to enforce the privacy of computer-based files and communications Electronic Communications Privacy Act Computer Fraud and Abuse Act

31

11

Privacy Issues (continued)

Computer Libel and Censorship

The opposite side of the privacy debate
Right to know (freedom of information) Right to express opinions (freedom of speech) Right to publish those opinions (freedom of the press) Spamming Flaming

32

11

Other Challenges

Employment
New jobs have been created and productivity has increased, yet there has been a significant reduction in some types of jobs as a result of IT.

33

11

Other Challenges (continued)

Computer Monitoring
Concerns workplace privacy
Monitors individuals, not just work Is done continually. May be seen as violating workers privacy & personal freedom Workers may not know that they are being monitored or how the information is being used May increase workers stress level May rob workers of the dignity of their work
34

11 Other Challenges (continued)

Working Conditions
IT has eliminated many monotonous, obnoxious tasks, but has created others

Individuality
Computer-based systems criticized as impersonal systems that dehumanize and depersonalize activities Regimentation
35

11

Health Issues

Job stress Muscle damage Eye strain Radiation exposure Accidents Some solutions
Ergonomics (human factors engineering)
Goal is to design healthy work environments

36

11

Health Issues (continued)

37

11

Societal Solutions

Beneficial effects on society

Solve human and social problems
Medical diagnosis Computer-assisted instruction Governmental program planning Environmental quality control Law enforcement Crime control Job placement
38

11

Section II

Security Management

39

11 Tools of Security Management

Goal
Minimize errors, fraud, and losses in the e-business systems that interconnect businesses with their customers, suppliers, and other stakeholders

40

11

Tools of Security Management (continued)

41

11 Internet worked Security Defenses

Encryption
Passwords, messages, files, and other data is transmitted in scrambled form and unscrambled for authorized users Involves using special mathematical algorithms to transform digital data in scrambled code Most widely used method uses a pair of public and private keys unique to each individual
42

11

Internet worked Security Defenses (continued)

Firewalls
Serves as a gatekeeper system that protects a companys intranets and other computer networks from intrusion
Provides a filter and safe transfer point Screens all network traffic for proper passwords or other security codes

43

11

Internet worked Security Defenses (continued)

Denial of Service Defenses

These assaults depend on three layers of networked computer systems
Victims website Victims ISP Sites of zombie or slave computers

Defensive measures and security precautions must be taken at all three levels
44

11

Internet worked Security Defenses (continued)

E-mail Monitoring
Spot checks just arent good enough anymore. The tide is turning toward systematic monitoring of corporate email traffic using content-monitoring software that scans for troublesome words that might compromise corporate security.

45

11 Internet worked Security Defenses (continued)

Virus Defenses
Protection may accomplished through
Centralized distribution and updating of antivirus software Outsourcing the virus protection responsibility to ISPs or to telecommunications or security management companies

46

11

Other Security Measures

Security codes
Multilevel password system
Log onto the computer system Gain access into the system Access individual files

47

11

Other Security Measures (continued)

Backup Files
Duplicate files of data or programs File retention measures Sometimes several generations of files are kept for control purposes

48

11

Other Security Measures (continued)

Security Monitors
Programs that monitor the use of computer systems and networks and protect them from unauthorized use, fraud, and destruction

49

11

Other Security Measures (continued)

Biometric Security
Measure physical traits that make each individual unique
Voice Fingerprints Hand geometry Signature dynamics Keystroke analysis Retina scanning Face recognition and Genetic pattern analysis
50

11

Other Security Measures (continued)

Computer Failure Controls

Preventive maintenance of hardware and management of software updates Backup computer system Carefully scheduled hardware or software changes Highly trained data center personnel

51

11

Other Security Measures (continued)

Fault Tolerant Systems

Computer systems that have redundant processors, peripherals, and software
Fail-over Fail-safe Fail-soft

52

11

Other Security Measures (continued)

Disaster Recovery
Disaster recovery plan
Which employees will participate and their duties What hardware, software, and facilities will be used Priority of applications that will be processed

53

11

System Controls and Audits

Information System Controls

Methods and devices that attempt to ensure the accuracy, validity, and propriety of information system activities Designed to monitor and maintain the quality and security of input, processing, and storage activities

54

11

System Controls and Audits (continued)

Auditing Business Systems

Review and evaluate whether proper and adequate security measures and management policies have been developed and implemented Testing the integrity of an applications audit trail

55

11

Discussion Questions

What can be done to improve ecommerce security on the Internet? What potential security problems do you see in the increasing use of intranets and extranets in business? What might be done to solve such problems?
56

11 Discussion Questions (continued)

What artificial intelligence techniques can a business use to improve computer security and fight computer crime? What are your major concerns about computer crime and privacy on the Internet? What can you do about it?
57

11 Discussion Questions (continued)

What is disaster recovery? How could it be implemented at your school or work? Is there an ethical crisis in ebusiness today? What role does information technology play in unethical business practices?
58

11 Discussion Questions (continued)

What business decisions will you have to make as a manager that have both an ethical and IT dimension? What would be examples of one positive and one negative effect of the use of ebusiness technologies in each of the ethical and societal dimensions illustrated in the chapter?
59

11

References

James A. O'Brien; George M. Marakas. Management Information Systems: Managing Information Technology in the Business Enterprise 6th Ed., Boston: McGraw-Hill/ Irwin,2004

60