Stair Principles
Download
Report
Transcript Stair Principles
CHAPTER
14
Security, Privacy,
and Ethical Issues
in Information Systems
and the Internet
Computer Waste
and Mistakes
Computer Waste
U.S. government
Largest single user and mis-user of information systems in
the world
Number of unused computer hours in federal agencies may
run into the hundreds of millions
Private sector
Employees playing computer games, sending unimportant
e-mail, or accessing the Internet
Junk e-mail and fax documents advertising products or
services not wanted or requested
Computer-Related Mistakes
Despite many people’s distrust, computers
themselves rarely make mistakes.
Mistakes can be caused by unclear expectations
and a lack of feedback by users that do not follow
proper procedures.
Types of
Computer-Related Mistakes
[Table 14.2]
Preventing Computer-Related Waste
and Mistakes
Establish policies and procedures
Implement policies and procedures
Monitor
Review policies and procedures
Computer Crime
The Computer as a
Tool to Commit Crime
Can be used to gain access to information and
money
Emergence of new types of crime with growth of
the Internet and telecommunications technology
Communications and phone fraud costs
consumers and companies an estimated $2-$4
billion each year
The Computer as
the Object of Crime
Illegal access and use
Data alteration and destruction
Information and equipment theft
Software and Internet piracy
Computer scams
International computer crime
Illegal Access and Use
Hacker
A person who enjoys computer technology and spends
time learning and using computer systems
Criminal hacker (or cracker)
A computer-savvy person who attempts to gain
unauthorized or illegal access to computer systems
Data Alteration and Destruction
Virus
A program that attaches itself to other programs
Worm
An independent program that replicates its own program
files until it destroys other systems/programs or interrupts
operations of networks and computer systems
Data Alteration and Destruction
Application virus
Infects executable application files
System virus
Infects operating system program or other system files
Logic bomb
An application or system virus designed to “explode” or
execute at a specified time and date
Document virus
Attaches itself to a document file
Information and
Equipment Theft
Data and information represent assets that can
also be stolen.
Password sniffer
A small program hidden in a network or computer system
that records identification numbers and passwords
Software and Internet Piracy
Software piracy
Illegally duplicating software
Internet piracy
Illegally gaining access to and using the Internet
Computer Scams
Get-rich-quick schemes offered by scam artists
over the Internet
In most cases, only the scam artist gets rich.
International Computer Crime
Becomes more complicated when it crosses
borders
Estimated that more than 90 percent of software
in use in some countries is pirated
Preventing
Computer-Related Crime
State and federal agencies
Computer Emergency Response Team (CERT)
Corporations
Biometrics
Systems that can scan fingerprints, handprints, and retinal images
to prevent unauthorized access to important data and computer
resources
Using Antivirus Programs
Install a virus scanner and run it often.
Update the virus scanner often.
Scan all diskettes before copying or running programs
from them.
Install software only from sealed packages produced by a
known software company.
Follow careful downloading practices.
If you detect a virus, take immediate action.
Internet Laws and Protection for
Libel and Decency
The Telecommunications Act of 1996 includes the
Communications Decency Act.
With increased popularity of networks and the
Internet, libel and decency have become
important legal issues.
Preventing Crime
on the Internet
Internet security can include firewalls and a
number of methods to secure financial
transmissions.
A firewall can include hardware and software
combinations that act as a barrier between an
organization’s information system and the outside
world.
Privacy
Privacy Issues
Privacy and the federal government
Privacy at work
E-mail privacy issues
Privacy and the Internet
Fairness in Information Use
Selling data (on customers, employees, etc.) to
other companies is lucrative.
Issues
Knowledge
Control
Notice
Consent
Federal Privacy
Laws and Regulations
Privacy Act of 1974
Other federal privacy laws
[Table 14.7]
State Privacy Laws and Regulations
Issues to be considered
Use of social security numbers and medical records
Disclosure of unlisted telephone numbers by telephone
companies and credit reports by credit bureaus
Disclosure of bank and personal financial information
Use of criminal files
Corporate Privacy Policies
Even though privacy laws for private
organizations are not very restrictive, most
organizations are very sensitive to privacy issues
and fairness.
Protecting Individual Privacy
Find out what is stored about you in existing
databases.
Be careful when you share information about
yourself.
Be proactive to protect your privacy.
The Work Environment
Health Concerns
Repetitive motion disorder
A health problem caused by working with computer
keyboards and other equipment
Also known as repetitive stress injury (RSI)
Carpal tunnel syndrome (CTS)
Aggravation of the pathway for nerves that travel through
the wrist
Avoiding Health and
Environmental Problems
Ergonomics
The study of designing and positioning computer
equipment
Avoiding injury
How to Reduce RSI
Maintain good posture and positioning.
Don’t ignore pain or discomfort.
Use stretching and strengthening exercises.
Find a good physician.
After treatment, start back slowly and pace
yourself.
Ethical Issues in
Information Systems
Organizations with
Codes of Ethics
Association of Information Technology
Professionals (AITP)
Formerly the Data Processing Management Association
(DPMA)
Association for Computing Machinery (ACM)
Institute of Electrical and Electronics Engineers
(IEEE)
Computer Professionals for Social Responsibility
(CPSR)
The AITP Code of Ethics
Obligation to management
Obligation to fellow AITP members
Obligation to society
Obligation to college or university
Obligation to the employer
Obligation to country
The ACM Code of Professional
Conduct
Act at all times with integrity.
Strive to increase own competence and the
competence and prestige of the profession.
Accept responsibility for own work.
Act with professional responsibility.
Use special knowledge and skills for the
advancement of human welfare.