The Personal and Social

Impact of Computers

Why Learn About Security, Privacy, and Ethical

Issues in Information Systems and the Internet?
Many nontechnical issues associated with ISs
Human Resource employees need to:
Prevent computer waste and mistakes
Avoid privacy violations
Comply with laws about:
Collecting customer data
Monitoring employees

Employees, IS users, and Internet users need to:

Avoid crime, fraud, privacy invasion

Computer Waste and Mistakes

Computer waste: Inappropriate
use of computer technology and
resources
Cause: improper management of
information systems and
resources
Discarding old software and even
complete computer systems when
they still have value
Building and maintaining complex
systems that are never used to
their fullest extent
Using corporate time and
technology for personal use
Spam

Computer-related mistakes:
Errors, failures, and other
computer problems that make
computer output incorrect or not
useful
Causes
Failure by users to follow proper
procedures
Unclear expectations and a lack
of feedback
Program development that
contains errors
Incorrect data entry by dataentry clerk

Prevention Methods: Policies and

Procedures
Establishing - Establish policies and procedures
regarding efficient acquisition,
use, and disposal of systems and
devices
Training programs for individuals
and workgroups
Manuals and documents on how
computer systems are to be
maintained and used
Approval of certain systems and
applications to ensure
compatibility and costeffectiveness

Implementing - Policies often focus on:

Implementation of source data
automation and the use of data
editing to ensure data accuracy
and completeness
Assignment of clear
responsibility for data accuracy
within each information system

Training is often the key to

acceptance and implementation
of policies and procedures

Policies and Procedures

Monitoring - Monitor routine practices
and take corrective action
if necessary
Implement internal audits
to measure actual results
against established goals
Follow requirements in
Sarbanes-Oxley Act

Reviewing - During review, people should ask

the following questions:
Do current policies cover
existing practices adequately?
Were any problems or
opportunities uncovered during
monitoring?
Does the organization plan any
new activities in the future? If
so, does it need new policies or
procedures on who will handle
them and what must be done?
Are contingencies and disasters
covered?

Computer Crime
Often defies detection
Amount stolen or diverted can be substantial
Crime is clean and nonviolent
Number of IT-related security incidents is
increasing dramatically
Computer crime is now global

The Computer as a Tool to

Commit Crime
Criminals need two capabilities to commit most
computer crimes
Knowing how to gain access to the computer system
Knowing how to manipulate the system to produce the
desired result

Examples
Social engineering
Dumpster diving
Counterfeit and banking fraud using sophisticated
desktop publishing programs and high-quality printers

Cyberterrorism
Cyberterrorist
Someone who intimidates or coerces a government or
organization to advance his or her political or social
objectives by launching computer-based attacks against
computers, networks, and the information stored on them

Homeland Security Departments Information

Analysis and Infrastructure Protection Directorate
Serves as governmental focal point for fighting
cyberterrorism

Identity Theft
Imposter obtains key pieces of personal
identification information, such as Social Security
or drivers license numbers, in order to impersonate
someone else
Information is then used to obtain credit, merchandise,
and/or services in the name of the victim or to provide
the thief with false credentials

Identity Theft and Assumption Deterrence Act of

1998 passed to fight identity theft
9 million victims in 2005

The Computer as the Object

of Crime
Crimes fall into several categories such as:
Illegal access and use
Data alteration and destruction
Information and equipment theft
Software and Internet piracy
Computer-related scams
International computer crime

Illegal Access and Use

Hacker: learns about and uses
computer systems
Criminal hacker (also called a
cracker): gains unauthorized use
or illegal access to computer
systems
Script bunnies: automate the job
of crackers
Insider: employee who
compromises corporate systems
Malware: software programs
that destroy or damage
processing

Virus: computer program file capable of

attaching to disks or other files and
replicating itself repeatedly, typically
without the users knowledge or
permission
Worm: parasitic computer program that
can create copies of itself on the
infected computer or send copies to
other computers via a network

Trojan horse: malicious program

that disguises itself as a useful
application and purposefully does
something the user does not expect
Logic bomb: type of Trojan horse
that executes when specific
conditions occur

Triggers for logic bombs can include

a change in a file by a particular
series of keystrokes or at a specific
time or date

Illegal Access and Use

Tips for avoiding viruses and worms

Install antivirus software on your computer and configure

it to scan all downloads, e-mail, and disks
Update your antivirus software regularly
Back up your files regularly
Do not open any files attached to an e-mail from an
unknown, suspicious, or untrustworthy source
Do not open any files attached to an e-mail unless you
know what it is, even if it appears to come from a friend
or someone you know
Exercise caution when downloading files from the
Internet
Ensure that the source is legitimate and reputable

Information and Equipment Theft

Obtaining identification numbers and passwords to
steal information or disrupt systems
Trial and error, password sniffer program

Software theft
Computer systems and equipment theft
Data on equipment is valuable

Software and Internet

Software Piracy
Software piracy: act of illegally duplicating
software
Internet software piracy: illegally
downloading software from the Internet
Most rapidly expanding type of software piracy
Most difficult form to combat
Examples: pirate Web sites, auction sites that
offer counterfeit software, peer-to-peer
networks
Penalties can be severe

Computer-Related Scams
Examples of Internet scams
Get-rich-quick schemes involving bogus real
estate deals
Free vacations with huge hidden costs
Bank fraud
Fake telephone lotteries

Phishing
Gaining access to personal information by
redirecting user to fake site

International Computer Crime

Computer crime is an international issue
Software industry loses about $9 billion in
revenue annually to software piracy
occurring outside the United States
Terrorists, international drug dealers, and
other criminals might use information
systems to launder illegally obtained funds

Preventing Computer-Related Crime

All states have passed computer
crime legislation
Some believe that these laws are
not effective because:
Companies do not always actively
detect and pursue computer
crime
Security is inadequate
Convicted criminals are not
severely punished

Individual and group efforts are

being made to curb computer
crime, and recent efforts have
met with some success

State and federal agencies

have begun aggressive
attacks on computer
criminals
Computer Fraud and Abuse
Act, 1986
Computer Emergency
Response Team (CERT)
Many states are now
passing new, comprehensive
bills to help eliminate
computer crimes

Crime Prevention by Corporations

Public key infrastructure (PKI): enables users of
an unsecured public network such as the Internet
to securely and privately exchange data
Uses a public and a private cryptographic key pair that is
obtained and shared through a trusted authority

Biometrics: measurement of one of a persons

traits, whether physical or behavioral
Security & Biometric Video
http://www.youtube.com/watch?v=CkRAUnFLYKA

Using Intrusion Detection

Software
Intrusion detection system (IDS):
software that monitors system and network
resources and notifies network security
personnel when it senses a possible intrusion
Suspicious activities: failed login attempts,
attempts to download program to server,
accessing a system at unusual hours
Can provide false alarms
E-mail or voice message alerts may be missed

Internet Laws for Libel and

Protection of Decency
Filtering software helps screen Internet content
Also prevents children from sending personal information
over e-mail or through chat groups

Internet Content Rating Association (ICRA)

Rates Web sites based on authors responses from
questionnaire

Childrens Internet Protection Act (CIPA), 2000

Required filters in federally funded libraries

Libel is an important legal issue on the Internet

Publishing Internet content to the world can subject
companies to different countries laws

Preventing Crime on the

Internet
Develop effective Internet
usage and security policies
for all employees
Use a stand-alone firewall
(hardware and software)
with network monitoring
capabilities
Deploy intrusion detection
systems, monitor them, and
follow up on their alarms

Monitor managers and

employees to make sure
that they are using the
Internet for business
purposes
Use Internet security
specialists to perform
audits of all Internet and
network activities

Privacy Issues
With information systems, privacy deals with the
collection and use or misuse of data
More data and information are produced and used
today than ever before
Data is constantly being collected and stored on
each of us
This data is often distributed over easily accessed
networks and without our knowledge or consent
Concerns of privacy regarding this data must be
addressed

Privacy and the Federal

Government
U.S. federal government is perhaps the largest
collector of data
Over 4 billion records exist on citizens, collected
by about 100 federal agencies
U.S. National Security Agency (NSA) had secretly
collected phone call records of tens of millions of
U.S. citizens after the September 11, 2001
terrorist attacks
Ruled unconstitutional and illegal by a federal judge in
August 2006

Privacy at Work
There is conflict between rights of workers who
want their privacy and the interests of companies
that demand to know more about their employees
Workers might be monitored via computer
technology that can:
Track every keystroke made by a worker
Know when the worker is not using the keyboard or
computer system
Estimate how many breaks he or she is taking

Many workers consider monitoring dehumanizing

E-Mail Privacy
Federal law permits employers to monitor email sent and received by employees
E-mail messages that have been erased from
hard disks can be retrieved and used in
lawsuits
Use of e-mail among public officials might
violate open meeting laws

Privacy and the Internet

Huge potential for privacy invasion on the Internet
E-mail is a prime target

Platform for Privacy Preferences (P3P): screening

technology that shields users from Web sites that
do not provide the level of privacy protection they
desire
Childrens Online Privacy Protection Act (COPPA),
1998: require privacy policies and parental consent
Potential dangers on social networking Web sites

Corporate Privacy Policies

Should address a customers knowledge, control,
notice, and consent over the storage and use of
information
May cover who has access to private data and when
it may be used
A good database design practice is to assign a
single unique identifier to each customer
Single record describing all relationships with the
company across all its business units
Can apply customer privacy preferences consistently
throughout all databases

Individual Efforts to Protect Privacy

Find out what is stored about you in existing
databases
Be careful when you share information about
yourself
Be proactive to protect your privacy
When purchasing anything from a Web site, make
sure that you safeguard your credit card numbers,
passwords, and personal information

Health Concerns
Working with computers can
cause occupational stress
Training and counseling can often
help the employee and deter
problems
Computer use can affect physical
health as well
Strains, sprains, tendonitis,
repetitive motion disorder,
carpal tunnel syndrome

Concerns about emissions from

improperly maintained and used
equipment, display screens, and
cell phones

Many computer-related
health problems are caused
by a poorly designed work
environment
Ergonomics: science of
designing machines,
products, and systems to
maximize the safety,
comfort, and efficiency of
the people who use them

Ethics
Principles of right and wrong used by
individuals as free moral agents to guide
behavior
Moral dimensions of the information age
Information rights & obligations
Property rights
Accountability & control
System quality
Quality of life

Moral dimensions of the

information age
Information rights & obligations
Property rights
Accountability & control
System quality
Quality of life

Ethics in an information
society
Ethical analysis:
Identify, describe facts
Define conflict, identify values
Identify stakeholders
Identify options
Identify potential consequences

Ethics in an information
society
Ethical principles:

Treat others as you want to be treated

If action not right for everyone, not right For
anyone
If action not repeatable, not right at any time
Put value on outcomes, understand consequences
Incur least harm or cost
No free lunch

Information rights
Privacy: right to be left alone
Fair information practices (FIP):
No secret personal records
Individuals can access, amend information about them
Use info only with prior consent
Managers accountable for damage done by systems
Governments can intervene

Intellectual property
Intellectual property: intangible creations protected by law
Trade secret: intellectual work or product belonging to
business, not in public domain
Copyright: statutory grant protecting intellectual property
from copying by others
Trade Mark: legally registered mark, device, or name to
distinguish ones goods
Patent: legal document granting owner exclusive monopoly on
an invention for 17 years

Ethical Issues in Information

Systems
Code of ethics: states the principles and core
values that are essential to a set of people and thus
governs their behavior
ACM code of ethics and professional conduct
Contribute to society and human well-being
Avoid harm to others
Be honest and trustworthy
Be fair and take action not to discriminate
Honor property rights including copyrights and patents
Give proper credit for intellectual property
Respect the privacy of others
Honor confidentiality