Chapter 8: Protecting People and Information Threats and Safeguards Management Information Systems...
-
Upload
josephine-fleming -
Category
Documents
-
view
227 -
download
0
Transcript of Chapter 8: Protecting People and Information Threats and Safeguards Management Information Systems...
Chapter 8:Protecting Peopleand Information
Threats and Safeguards
Management Information Systemsfor the Information Age
Lecture Map
EthicsEthics
RiskRiskMgmtMgmt SecuritySecurity
CapitalCapitalAssetAsset
PrivacyPrivacy
Information
This chapter focuses on Information as it relates to its use, ownership, role, and protection
Chapter 8: Protecting People & Information Slide 3
Responsibility for Information
To handle information responsibly, you must understand:
The importance of ethics in the ownership and use of information.The importance to people of personal privacy and the ways in which it can be compromised.The value of information to an organization.Threats to information and how to protect against them (security).The need to plan for the worst-case scenario (disaster recovery)
Chapter 8: Protecting People & Information Slide 4
Questionable Computer Use
Employees search organizational databanks (i.e., DMV) for information on friends and associatesPeople copy, use, and distribute software as if the only costs are the medium it is stored onHackers break into computer systems and steal passwords, credit card numbers, and personal account informationSpouses can track each other’s Web activities and read each other’s e-mail messages and other private documentsOrganizations base important decisions on information they’ve mined from the Web
Ethics
EthicsEthics
RiskRiskMgmtMgmt SecuritySecurity
CapitalCapitalAssetAsset
PrivacyPrivacy
Information
Chapter 8: Protecting People & Information Slide 6
Ethics: Introduction
Ethics Defined:Ethics are the principals and standards that guide our behavior toward other peopleEthical people have integrity and are trustworthy
The Issue:How you deal with information (collect, store, and distribute) depends on your sense of ethicsEthical dilemmas arise from a clash between competing goals, responsibilities, and loyaltiesWhat is legal is not always ethical, and vice-versa
Chapter 8: Protecting People & Information Slide 7
Ethics: Considerations
Severity of ConsequencesTime to ConsequencesSociety’s Perception or OpinionProbability or Likelihood of EffectRelatedness, Empathy, IdentificationReach of Result in terms of Scope
Chapter 8: Protecting People & Information Slide 8
Ethics: Guidelines for Technology
OwnershipWho owns or has the rights to creative works, information, and other intellectual property?
ResponsibilityWho is accountable for the accuracy and completeness of information?
Personal PrivacyWho owns personal information? Collector/ee?
AccessWho can use, view, store, and process what information?
Chapter 8: Protecting People & Information Slide 9
Ethics: ACM’s Computer Ethics
Don’t use a computer to harm other peopleDon’t interfere with other people’s computer workDon’t snoop around in other people’s computer filesDon’t use a computer to stealDon’t use a computer to pretend to be someone other than who you areDon’t copy or use software for which you’ve not paidDon’t use other’s resources without permissionDon’t appropriate other people’s intellectual outputAlways think about the social consequences of ITAlways use a computer in ways that ensure respect for your fellow humans
Chapter 8: Protecting People & Information Slide 10
Ethics: Intellectual Property
Intellectual property is intangible, creative work published in physical form, such as music, books, paintings, and softwareCopyright is the legal protection afforded to intellectual property; patent law is used more for protecting inventions/processesFair Use Doctrine specifies how you may use (or how much you may use) copyrighted material in the creation of new works or for teaching purposesPirated software is the unauthorized use, duplication, distribution, and/or sale of softwareCounterfeit software is re-manufactured software
Privacy
EthicsEthics
RiskRiskMgmtMgmt SecuritySecurity
CapitalCapitalAssetAsset
PrivacyPrivacy
Information
Chapter 8: Protecting People & Information Slide 12
Privacy: Introduction
Privacy Defined:The right to be left alone when you want to be; to have control over your personal possessions; and not to be observed without your consent
The Issue:There are many ways to invade a person’s privacy using technology!
Chapter 8: Protecting People & Information Slide 13
Privacy: And Other Individuals
Software Surveillance & MonitoringKey Loggers and Key Trappers (Spector Pro)Record keystrokes, mouse clicks, Websites visited, applications run, and passwords enteredWebcam control/automation (i.e., babysitters)
Combating Software Surveillancewww.idcide.comwww.trapware.comwww.lavasoftusa.comwww.safer-networking.org www.anonymizer.comwww.surfsecret.com
Chapter 8: Protecting People & Information Slide 14
Privacy: And Employees
Corporate monitoring of e-mailCompanies can be sued for what their employees send to each other and to people outside of the company
CyberslackingCompanies want to avoid wasting resources
Employer’s RightsLegal right to monitor the use of their resources and that includes the time they’re paying you forNo expectation of privacy when using company resources
Chapter 8: Protecting People & Information Slide 15
Privacy: And Consumers
Webmetrics (DoubleClick.net)Cookies
Small files placed on your computer that contain information on where you’ve been and what you’ve done; for personalization/customization
SpywareAdware (ad-supported software)Can track your online movements, mine your computer for data, and commandeer CPU powerA firewall can stop your computer from sending data outside of your network, as well as protecting your network from outside attacks
Chapter 8: Protecting People & Information Slide 16
Privacy: And the Law
Canadian Privacy LawThe Privacy Act mandates how information may be collected and disseminated by governmentPersonal Information Protection and Electronic Documents Act (PIPEDA) in effect since 2001
Applies only to personal information collected and disclosed while conducting commercial activities, but exempts names, titles, business addresses, and telephone numbers
Chapter 8: Protecting People & Information Slide 17
Privacy: Law Enforcement
Law enforcementRoyal Canadian Mounted Police (RCMP)Canadian Security Intelligence Service (CSIS)Criminal Intelligence Service Canada (CISC)Correctional Service of Canada (CSC)National Crime Prevention Strategy
Other Federal agenciesCanada Customs and Revenue Agency (CCRA)Statistics CanadaHuman Resources Development CanadaOffice of the Privacy Commissioner of Canada
Information
EthicsEthics
RiskRiskMgmtMgmt SecuritySecurity
CapitalCapitalAssetAsset
PrivacyPrivacy
Information
Chapter 8: Protecting People & Information Slide 19
Information: As An Asset
As Raw Material:Used in the actual creation or construction of the product or service you marketConsider GPS systems, professional and consulting services, and Internet Web access
As Capital:Used to produce the product or service you market; consider an eCRM and data warehouseYou typically incur a cost in acquiring information (capital), and you expect a return on that investment
Security
EthicsEthics
RiskRiskMgmtMgmt SecuritySecurity
CapitalCapitalAssetAsset
PrivacyPrivacy
Information
Chapter 8: Protecting People & Information Slide 21
Security: Introduction
Security Issues:Internal Employee FraudIndustrial EspionageFunds and Data EmbezzlementOpen Collaborative Systems with PartnersGrid Computing and Theft of Resource Power
Internet Dot-Cons:Internet Auction FraudWeb Hosting, Design, and ISP ScamsMulti-Level Marketing/Pyramid ScamsGet-Rich-Quick and Work-at-Home ScamsAdult-Oriented Sites and Credit Card Scams
Chapter 8: Protecting People & Information Slide 22
Security: Outside Threats
Hackers, Hacktivists, and Crackers Gaining unauthorized access to computers and information systems through network computing
Viruses, Worms, and Denial-of-ServiceViruses cannot hurt your hardware or any data on your computer it wasn’t designed to attack
Monitoring Network Activity85% of large companies andgovernmental agencies werebroken into during 2001
Chapter 8: Protecting People & Information Slide 23
Security: Precautions
BackupsIncremental versus FullOn-site and Off-Site
AntiVirus SoftwareNorton and McAfee are the market leaders
FirewallsHardware (routers) and software (ZoneAlarm)
Access Authorization
Biometrics (i.e., fingerprints, facial recognition)
Encryption
Risk Management & Assessment
EthicsEthics
RiskRiskMgmtMgmt SecuritySecurity
CapitalCapitalAssetAsset
PrivacyPrivacy
Information
Chapter 8: Protecting People & Information Slide 25
Risk Management and Assessment
Risk ManagementIdentification of risks or threatsImplementation of security measuresMonitoring of those measures for effectiveness
Risk AssessmentEvaluate IT assets and what can go wrong?What is the probability that it will go wrong?What are the worst-case scenario consequences?Too much security can hamper ability to do jobToo little security can leave you vulnerable
Chapter 8: Protecting People & Information Slide 26
Disaster Recovery
Takes into consideration the following:Customers (reassurance)Facilities (hot/cold)Knowledge workersBusiness informationComputer equipmentCommunications infrastructure
Chapter 8: Protecting People & Information Slide 27
XLM E: Internet and Web
World Wide WebSearch EnginesInternet TechnologiesConnecting to the Internet