Transcript Chapter 3 Ethics, Privacy & Security

Chapter 3 Ethics, Privacy & Security
Describe the major ethical issues related to information technology
and identify situations in which they occur.
Identify the many threats to information security
Understand the various defense mechanisms used to protect
information systems.
Explain IT auditing and planning for disaster recovery.
 Case Study TJX
 SWOT
Ethical Issues
 Fundamental tenets of ethics include responsibility,
accountability, and liability
 unethical is not necessarily illegal.
 Should organizations monitor employees’ Web surfing
and e-mail?
 Should organizations sell customer information to other
companies?
Ethical Issues
 Should organizations audit employees’ computers for
unauthorized software or illegally downloaded music or
video files?
 Privacy issues
 Accuracy issues
 Property issues
 Accessibility issues
Protecting Privacy
 The right of privacy is not absolute. Privacy must be
balanced against the needs of society
 The public’s right to know supersedes the individual’s right
of privacy
 International Aspects of Privacy
IT’s About Business
 Security Outside the Perimeter: LexisNexis
Threats to Information Security
 Today’s interconnected, interdependent, wirelessly networked business
environment
 Governmental legislation
 Smaller, faster, cheaper computers and storage devices
 Decreasing skills necessary to be a computer hacker
 International organized crime taking over cybercrime
 Downstream liability
 Increased employee use of unmanaged devices
 Lack of management support
Threats to Information Systems
 Unintentional acts
 Natural disasters
 Technical failures
 Management failures
 Deliberate acts
IT’s About Business
 The “Hack, Pump, and Dump” Scheme
Protecting Information Resources
 Risk management
 Risk analysis
 Risk mitigation
 Risk acceptance
 Risk limitation
 Risk transference
Protecting Information Resources
 Controls
 The Difficulties in Protecting Information Resources
 Physical Controls
 Access Controls
Protecting Information Resources
 Authentication
 Something the User Is
 Something the User Has
 Something the User Does
 Something the User Knows
IT’s About Business
 Providing Least Privilege at UPS
Protecting Information Resources
 Communications (network) controls
 Firewalls.
 Anti-malware systems.
Protecting Information Resources
 Whitelisting and Blacklisting
 Intrusion Detection Systems
 Encryption.
 Virtual Private Networking
 Secure Socket Layer
IT’s About Business
 Using Encryption to Reduce E-Mail Security Risks at
Harvard Pilgrim
Ethics, Privacy, and Information
Security
Ethics, Privacy, and Information
Security
 Vulnerability Management Systems
 Employee Monitoring Systems
 Application Controls
Business Continuity Planning, Backup,
and Recovery
 hot site
 warm site
 cold site
 off-site data storage
IT’s About Business
 The Baltimore Ravens Plan for Business Continuity
Information Systems Auditing
 Types of Auditors and Audits
 How Is Auditing Executed?