Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All...

66
Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin

Transcript of Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All...

Page 1: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

Security and Ethical Challenges

Chapter 11

Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin

Page 2: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-2

Learning Objectives

Identify several ethical issues regarding how the use of information technologies in business affects– Employment– Individuality– Working conditions– Privacy– Crime– Health– Solutions to societal problems

Page 3: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-3

Learning Objectives

Identify several types of security management strategies and defenses– Explain how they can be used to ensure the

security of business applications of information technology

Propose ways that business managers and professionals can help lessen the harmful effects, and increase the beneficial effects, of the use of information technology

Page 4: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-4

IT Security, Ethics, and Society

Information technology has both beneficial and detrimental effects on society and people

Information technology has both beneficial and detrimental effects on society and people

Manage work activitiesto minimize the detrimental effects

Strive tooptimize the beneficial effects

Page 5: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-5

Business Ethics

Ethical responsibilities of business professionals

Promote ethical uses of information technology

Accept the ethical responsibilities of your job

Properly perform your role as a human resource

Consider the ethical dimensionsof activities and decisions

Page 6: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-6

IT Security, Ethics, and Society

Page 7: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-7

Categories of Ethical Business Issues

Page 8: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-8

Corporate Social Responsibility Theories

Stockholder Theory

Stockholder Theory

Social Contract Theory

Social Contract Theory

Stakeholder Theory

Stakeholder Theory

Managers are agents of

stockholders. Their ethical

responsibility is to increase

profits without violating laws or

engaging in fraud

Companies have an ethical

responsibility to all members of

society

Managers have an ethical

responsibility to manage a firm for the benefit

of all its stakeholders

Page 9: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-9

Principles of Technology Ethics

Page 10: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-10

Ethical Guidelines of the AITP

Page 11: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-11

Responsible Professional Guidelines

A responsible professional

Acts with integrity

Increases personal competence

Sets high standards of personal performance

Accepts responsibility for his/her work

Advances the health, privacy, and general welfare of the public

Page 12: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-12

Computer Crime

– Unauthorized use, access, modification, or destruction of hardware, software, data, or network resources

– The unauthorized release of information– The unauthorized copying of software– Denying an end user access to his/her own

hardware, software, data, or network resources

– Using or conspiring to use computer or network resources illegally to obtain information or tangible property

Page 13: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-13

Corporate Protection Mechanisms

Page 14: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-14

Hacking

Hacking

The obsessive use of computers

Unauthorized access/use of networked computers

Breaking and Entering

Hacking into a computer system and reading files, but neither stealing nor damaging anything

Cracker

A malicious or criminal hacker who maintainsknowledge of vulnerabilities found for private advantage

Page 15: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-15

Common Hacking Tactics

Page 16: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-16

Cyber Theft

Many computer crimes involve theft of moneyMany computer crimes involve theft of money

Most are “inside jobs” that involve unauthorized network entry and alteration of databases to cover

the tracks of the employees involved

Many attacks occur through the Internet

Most companies don’t reveal that they have been targets or victims of cyber crime

Page 17: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-17

Cyberterrorism

The leveraging of an organization’s or government’s computers and information– Particularly through the Internet

– To cause physical, real-world harm or severe disruption of infrastructure

Can have serious, large-scale influence– Can weaken a country’s economy

– Can affect Internet-based businesses

Page 18: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-18

Cyberterrorism

Life-support at Antarctic research station turned off

Release of untreated sewage into waterways

Examples of Cyberterrorism

Nonessential systems shut down in nuclear power plants

Estonian government ministry and banks knocked offline

No successful attacks reported yet in the U.S.

Page 19: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-19

Unauthorized Use at Work

Unauthorized use of computer systems and networks is time and resource theft– Doing private consulting– Doing personal finances– Playing video games– Unauthorized use of Internet or company

networks

Sniffers– Monitor network traffic or capacity to find

evidence of improper use

Page 20: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-20

Internet Abuses in the Workplace

General emailabuses

Plagiarism

Unauthorizeduse and access

Newsgrouppostings

Copyrightinfringement

Transmission ofconfidential data

Moonlighting

Hacking

Use ofexternal ISPs

Pornography

Leisure useof Internet

Non-work-relateddownloads or

upload

Page 21: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-21

Software Piracy

Software Piracy– Unauthorized copying of computer programs

Licensing– Purchasing software is really a payment

for a license for fair use

– Site license allows a certain number of copies

– Public domain software is not copyrighted

A third of the software industry’s revenues are lost to piracy

Page 22: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-22

Theft of Intellectual Property

Intellectual Property– Copyrighted material– Includes music, videos, images, articles, books,

and software

Copyright Infringement is Illegal– Peer-to-peer networking techniques have made

it easy to trade pirated intellectual property

Publishers Offer Inexpensive Online Music– Illegal downloading of music and video is

down and continues to drop

Page 23: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-23

Viruses and Worms

A virus is a program that cannot work without being inserted into another program– A worm is a distinct program that can run unaided

These programs copy annoying or destructive routines into networked computers– Copy routines spread the virus

Commonly transmitted through– The Internet and online services– Email and file attachments– Disks from contaminated computers– Shareware

Page 24: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-24

Top Five Virus Families of all Time

My Doom, 2004– Spread via email and over Kazaa file-sharing

network– Installs a back door on infected computers– Infected email poses as returned message

or one that can’t be opened correctly, urging recipient to click on attachment

– Opens up TCP ports that stay open even after termination of the worm

– Upon execution, Notepad is opened, filled with nonsense characters

Page 25: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-25

Top Five Virus Families of all Time

Netsky, 2004– Mass-mailing worm that spreads by emailing

itself to all email addresses found on infected computers

– Tries to spread via peer-to-peer file sharing by copying itself into the shared folder

– Renames itself to pose as one of 26 other common files along the way

Page 26: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-26

Top Five Virus Families of all Time

SoBig, 2003– Mass-mailing email worm that arrives as

an attachmentExamples: Movie_0074.mpg.pif, Document003.pif

– Scans all .WAB, .WBX, .HTML, .EML, and .TXT files looking for email addresses to which it can send itself

– Also attempts to download updates for itself

Page 27: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-27

Top Five Virus Families of all Time

Klez, 2002– Mass-mailing email worm that arrives

with a randomly named attachment– Exploits a known vulnerability in MS

Outlook to auto-execute on unpatched clients– Tries to disable virus scanners and then copy

itself to all local and networked drives with a random file name

– Deletes all files on the infected machine and any mapped network drives on the 13th of all even-numbered months

Page 28: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-28

Top Five Virus Families of all Time

Sasser, 2004– Exploits a Microsoft vulnerability to spread

from computer to computer with no user intervention

– Spawns multiple threads that scan local subnets for vulnerabilities

Page 29: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-29

The Cost of Viruses, Trojans, Worms

Cost of the Top Five Virus Families

115 million computers in 200 countries infected in 2004

Up to 11 million computers permanently infected

Total economic damage was $166 to $202 billion in 2004

Average damage per computer is $277 to $366

Page 30: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-30

Adware and Spyware

AdwareAdware

1. Software that purports to serve a useful purpose, and often does

2. Allows advertisers to display pop-up and banner ads without the consent of the computer user

1. Software that purports to serve a useful purpose, and often does

2. Allows advertisers to display pop-up and banner ads without the consent of the computer user

SpywareSpyware

1. Adware that uses an Internet connection in the background, without the user’s permission or knowledge

2. Captures information about the user and sends it over the Internet

1. Adware that uses an Internet connection in the background, without the user’s permission or knowledge

2. Captures information about the user and sends it over the Internet

Page 31: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-31

Spyware Problems

Spyware can steal private information and…– Add advertising links to Web pages– Redirect affiliate payments– Change a users home page and search

settings– Make a modem randomly call premium-rate

phone numbers– Leave security holes that let Trojans in– Degrade system performance

Spyware often can’t be eliminated

Page 32: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-32

Privacy Issues

The power of information technology to store and retrieve information can have a negative effect on every individual’s right to privacy– Personal information is collected with every

visit to a Web site– Confidential information stored by credit

bureaus, credit card companies, and the government has been stolen or misused

Page 33: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-33

Opt-in Versus Opt-out

Opt-In

You must explicitly consent to allow data to be compiled about you

This is the default in Europe

Opt-Out

Data can be compiled about you unless you specifically request that it not be

This is the default in the U.S.

Page 34: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-34

Additional Privacy Issues

Violation of Privacy– Accessing individuals’ private email

conversations and computer records– Collecting and sharing information about

individuals gained from their visits to Internet websites

Computer Monitoring– Always knowing where a person is– Mobile and paging services are becoming

more closely associated with people than with places

Page 35: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-35

Privacy Issues

Computer Matching– Using customer information gained from many

sources to market additional business services

Unauthorized Access of Personal Files– Collecting telephone numbers, email

addresses, credit card numbers, and other information to build customer profiles

Page 36: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-36

Protecting Your Privacy on the Internet

Ways to protect your privacy– Encrypt email– Send newsgroup postings through anonymous

remailers– Ask your ISP not to sell your name and

information to mailing list providers and other marketers

– Don’t reveal personal data and interests on online service and website user profiles

Page 37: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-37

Computer Matching and Profiling

Unauthorized information about you sold to information brokers or other companies

Barrage of unsolicited promotionalmaterial and sales contacts

Individuals mistakenly arrested and jailed

Problems caused by mistakes in profiling and computer matching of personal data

Privacy violations

Page 38: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-38

Privacy Laws

Electronic Communications Privacy Act and Computer Fraud and Abuse Act– Prohibit intercepting data communications

messages, stealing or destroying data, or trespassing in federal computer systems

U.S. Computer Matching and Privacy Act– Regulates the matching of data held in

federal agency files to verify eligibility for federal programs

Page 39: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-39

Privacy Laws

Other laws impacting privacy and howmuch a company spends on compliance

Sarbanes-Oxley

Health Insurance Portability & Accountability Act (HIPAA)

Gramm-Leach-Bliley

USA PATRIOT Act

California Security Breach Law

Securities and Exchange Commission rule 17a-4

Page 40: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-40

Computer Libel and Censorship

The opposite side of the privacy debate… – Freedom of information, speech, and press

Biggest battlegrounds– Bulletin boards– Email boxes– Online files of Internet and public networks

Weapons used in this battle– Spamming– Flame mail– Libel laws– Censorship

Page 41: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-41

Computer Libel and Censorship

Spamming

Indiscriminate sending of unsolicited email messages to many Internet users

Flaming

Sending extremely critical, derogatory, and often vulgar email messages or newsgroup postings to other Internet users or online services

Especially prevalent on special-interest newsgroups

Page 42: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-42

Cyberlaw

Laws intended to regulate activities over the Internet via electronic communication devices

Encompasses a wide varietyof legal and political issues

Includes intellectual property, privacy,freedom of expression, and jurisdiction

Page 43: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-43

Cyberlaw

The intersection of technology and the law is controversial– Some feel the Internet should not be regulated– Encryption and cryptography make traditional

form of regulation difficult– The Internet treats censorship as damage and

simply routes around it

Cyberlaw only began to emerge in 1996– Debate continues regarding the applicability

of legal principles derived from issues that had nothing to do with cyberspace

Page 44: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-44

Other Challenges

Employment– IT creates new jobs and increases productivity

– It can also cause significant reductions in job opportunities, as well as requiring new job skills

Computer Monitoring– Using computers to monitor the productivity

and behavior of employees as they work

– Criticized as unethical; it monitors individuals, not just work, and is done constantly

– Criticized as invasion of privacy because many employees do not know they are being monitored

Page 45: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-45

Other Challenges

IT has eliminated monotonous or obnoxious tasks

Working Conditions

But, some skilled craftsperson jobs have been replaced by jobs requiring routine, repetitive tasks or standby roles

Dehumanizes and depersonalizes activities because computers eliminate human relationships

Inflexible systems

Individuality

Page 46: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-46

Health Issues

Cumulative Trauma Disorders (CTDs)

Disorders suffered by people who sit at a PC or terminal and do fast-paced repetitive keystroke jobs

Painful, crippling ailment of the hand and wrist

Typically requires surgery to cure

Carpal Tunnel Syndrome

Page 47: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-47

Ergonomics

Designing healthy work environments

Safe, comfortable,

pleasant place for

people to work

Safe, comfortable,

pleasant place for

people to work

Increases employee

morale and productivity

Increases employee

morale and productivity

Also called human factors

engineering

Also called human factors

engineering

Page 48: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-48

Ergonomic Factors

Page 49: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-49

Societal Solutions

Using information technologies to

solve human and social problems

Medical diagnosis

Computer-assisted instruction

Government program planning

Environmental quality control

Law enforcement

Job placement

Page 50: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-50

Societal Solutions

Detrimental effects of information technology– Often caused by individuals or organizations

not accepting ethical responsibility for their actions

Page 51: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-51

Security Management of IT

The Internet was developed for inter-operability, not impenetrability– Business managers and professionals alike are

responsible for the security, quality, and performance of business information systems

– Hardware, software, networks, and data resources must be protected by a variety of security measures

Page 52: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-52

Security Management

The goal of securitymanagement is the accuracy, integrity, and safety of allinformation system processes and resources

Page 53: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-53

Internetworked Security Defenses

Encryption– Data is transmitted in scrambled form– It is unscrambled by computer systems for

authorized users only– The most widely used method uses a pair

of public and private keys unique to each individual

Page 54: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-54

Public/Private Key Encryption

Page 55: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-55

Internetworked Security Defenses

Firewalls

Gatekeeper system that protects a company’s intranets and other computer networks

from intrusion

Provides a filter and safe transfer point for access to/from the Internet and other networks

Important for individuals who connect to the Internet with DSL or cable modems

Can deter hacking, but can’t prevent it

Page 56: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-56

Internet and Intranet Firewalls

Page 57: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-57

Denial of Service Attacks

The victim’s ISPThe victim’s ISP

The victim’s websiteThe victim’s website

Zombie or slave computers commandeered by

cyber criminals

Zombie or slave computers commandeered by

cyber criminals

Denial of service attacks

depend on three layers

of networked computer systems

Denial of service attacks

depend on three layers

of networked computer systems

Page 58: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-58

Defending Against Denial of Service

At victim’s Website Create backup servers and network connections

At the ISP Monitor & block traffic spikes

At Zombie machines Set/enforce security policies

Scan for vulnerabilities

Page 59: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-59

Internetworked Security Defenses

Email Monitoring– Use content monitoring software to scan

for troublesome words

Virus Defenses– Centralize the updating and distribution of

antivirus software– Use a security suite that integrates virus

protection with firewalls, Web security, and content blocking features

Page 60: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-60

Other Security Measures

Security Codes– Multilevel password system– Encrypted passwords– Smart cards with microprocessors

Backup Files– Duplicate files of data or programs

Security Monitors– Monitor the use of computers and networks– Protects them from unauthorized use, fraud,

and destruction

Page 61: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-61

Other Security Measures

Computer devices measure physical traits that make each individual unique

Voice recognition, fingerprints, retina scan

Biometrics

Prevents computer failures or minimizes its effects

Preventive maintenance

Computer Failure Controls

Arrange backups with a disaster recover organization

Page 62: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-62

Other Security Measures

In the event of a system failure, fault-tolerant systems have redundant processors, peripherals, and software– Fail-over: shifts to back up components– Fail-safe: the system continues to operate at

the same level– Fail-soft: the system continues to operate at

a reduced but acceptable level

Page 63: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-63

Other Security Measures

A disaster recovery plan contains formalizedprocedures to follow in the event of a disaster

Which employees will participate

What their duties will be

What hardware, software, and facilities will be used

Priority of applications that will be processed

Use of alternative facilities

Offsite storage of databases

Page 64: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-64

Information System Controls

Page 65: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-65

Auditing IT Security

IT Security Audits– Performed by internal or external auditors– Review and evaluation of security measures

and management policies– Goal is to ensure that that proper and

adequate measures and policies are in place

Page 66: Security and Ethical Challenges Chapter 11 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

11-66

Protecting Yourself from Cyber Crime