Security & Ethical Challenges In

Managing IT

JIM Dharmendra Arora

 A journey into
an IT enabled
business
environment
JIM Dharmendra Arora
Access to unauthorized information
Hmm, my
increment is
lesser than
Khusbhu’s
increment

JIM Dharmendra Arora

Performance (Errors, Speed etc.)

My
Calculator
works
better than
this stupid
box

JIM Dharmendra Arora

 Mere marks
Frauds mudita ke marks
se kam, abhi sab
kuchh crash kar
deta hoon

JIM Dharmendra Arora

Quality Assurance Today all the PCs in
our office got
crashed by some
virus, no work, party
time, thanks to IT
department

JIM Dharmendra Arora

 Misuse
Hurrah!
Won this
game as
well

JIM Dharmendra Arora

Controls Are Needed To Avoid All This

JIM Dharmendra Arora

In a Nutshell
 Effective controls provide Information
System Security i.e. accuracy, integrity,
and safety of information system
activities and resources.
 Controls can minimize errors, fraud, and
destruction in the internetworked
information systems.
 It also provides quality assurance for
information systems.

JIM Dharmendra Arora

What All Should Be Controlled?
Three major types of controls are
required to ensure the quality and
security of information systems

1. Information System Controls

2. Procedural Controls
3. Facility Controls

JIM Dharmendra Arora

 Facility Controls

Procedural Controls

Information System Controls

Managing
Information
System
Performance
&
Security
Input, Processing, Output,
and Storage Controls

Standard Procedures: Documentation

Authorization Requirements: Auditing

Physical Protection: Computer Failure Controls

Telecommunications Controls: Insurance

JIM Dharmendra Arora

Information system Controls
 Controls to monitor and maintain the quality
and security of
o Input (Data entry)
o Processing technique
o Storage methods
o Information output
 Information system controls are methods
and devices that attempt to ensure the
accuracy, validity, and propriety of
information system activities.

JIM Dharmendra Arora

 Processing Controls
Software Controls
Hardware Controls
Fire Walls
Checkpoints

Input Controls Output Controls

Encryption Security Codes
Data Entry Screens Encryption
Error Signals Control Listings
Control Totals Control Totals
End User Feedback

Storage Controls
Security Codes
Encryption
Backup Files
Library Procedures
Database Administration

Information System Controls

JIM Dharmendra Arora
Facility Controls
 Methods to protect an organization’s
computing and network facilities and
their contents from loss or destruction.
 Computer networks and computer
centers needs to be protected from
o Accidents
o Natural disasters
o Sabotage
o Vandalism
o Unauthorized use
o Theft etc.
JIM Dharmendra Arora
Main Facility Controls
 Network Security
o Encryption
o Fire Walls
 Physical Protection Controls
o CCTV
o Electronic locks
o Alarms
 Biometric Controls
o Voice recognition
o Retina scanning
o Finger prints
 Computer Failure Controls
o Fault tolerant computers

JIM Dharmendra Arora

Procedural Controls
Methods that specify how an
organization’s computer and
network resources should be
operated for maximum security.
These help to ensure the accuracy
and integrity of computer and
network operations and system
development activities.

JIM Dharmendra Arora

Main Procedural Controls
 Standard Procedures and Documentation
 Authorization Requirements
 Disaster Recovery
 Controls for End User Computing
 Auditing
o Audit around the computer system-verify
accuracy and propriety of input and output.
o Audit through the computer system- input,
output, software, network gets verified using
test data and creating audit trail.

JIM Dharmendra Arora

 Facility Controls

Procedural Controls

Information System Controls

Managing
Information
System
SUM UP Performance
&
Security
Input, Processing, Output,
and Storage Controls

Standard Procedures: Documentation

Authorization Requirements: Auditing

Physical Protection: Computer Failure Controls

Telecommunications Controls: Insurance

JIM Dharmendra Arora

REFERENCE

Chapter 15 / Managing IT”

Security and Ethical
Challenges /Section I
From
Management Information
Systems by James A. O’Brien

JIM Dharmendra Arora

 Ethical and Societal Challenges of IT

JIM Dharmendra Arora

Ethical and Societal Dimensions of IT

Use of IT in business has major

impacts on society, and thus raises
serious ethical considerations in
areas like privacy, crime, health
working conditions, individuality,
employment and the search for
societal solutions through IT.

JIM Dharmendra Arora

 Societal Health
Solutions Privacy

ETHICAL
&
Employment SOCIETAL Individuality
DIMENSIONS
OF
IT

Working
Conditions Crime

JIM Dharmendra Arora

 Another way-PAPA
 Richard Mason summarized four basic ethical issues concerned with IT,
with the acronym PAPA

Privacy Accuracy Property Accessibility

What to reveal? Who is responsible Who owns the What information
Under what for accuracy, information? What does a person or
conditions? authenticity and are the fair an organization
With what fidelity of practices of its have right to
safeguards? information? exchange? Who obtain, under what
owns the channel? conditions, and
JIM withArora
Dharmendra what
safeguards?
 Societal Health
Solutions Privacy

ETHICAL
&
Employment SOCIETAL Individuality
DIMENSIONS
OF
IT

Working
Conditions Crime

JIM Dharmendra Arora

IT & Employment
Problems
Impact of IT on employment;
Major ethical concern
IT has cut certain jobs.
Solution
But it has also created many
new jobs, and has increased
productivity.
JIM Dharmendra Arora
 Societal Health
Solutions Privacy

ETHICAL
&
Employment SOCIETAL Individuality
DIMENSIONS
OF
IT

Working
Conditions Crime

JIM Dharmendra Arora

IT & Individuality
Problems
 Computerization eliminate human
relationships.
 Identity is replaced by number.
 Inflexibility; strict procedures to follow.
Solutions
 People oriented user friendly information
systems can be developed.
 Internet, Chat, Video Conferencing etc.

JIM Dharmendra Arora

 Societal Health
Solutions Privacy

ETHICAL
&
Employment SOCIETAL Individuality
DIMENSIONS
OF
IT

Working
Conditions Crime

JIM Dharmendra Arora

IT & Working Conditions
Problems
 Few of the jobs created by IT are quite
repetitive & routine.
 In some cases it has limited the quality work of
people to pushing few buttons.
 Computer monitoring- still controversial.
Solutions
 IT has eliminated monotonous and obnoxious
tasks in offices and factories.
 People can concentrate on more challenging
tasks rather that performing routine activities
as they are been taken care by automation.

JIM Dharmendra Arora

 Societal Health
Solutions Privacy

ETHICAL
&
Employment SOCIETAL Individuality
DIMENSIONS
OF
IT

Working
Conditions Crime

JIM Dharmendra Arora

Privacy Issues
Problems
 Negative effect on right to privacy of and
individual.
o Internet
o Corporate email
o Computer matching
o Spamming
o Flaming

Solutions
 Privacy laws.
 Awareness among the users.
JIM Dharmendra Arora
 Societal Health
Solutions Privacy

ETHICAL
&
Employment SOCIETAL Individuality
DIMENSIONS
OF
IT

Working
Conditions Crime

JIM Dharmendra Arora

Computer Crime
Problems
 Hackers/Crackers
 Money theft
 Service theft
 Software theft
 Date alteration or theft
 Computer viruses
Solutions
 Cyber laws
 Cyber police
 Awareness among users
 Tools/Software to protect against computer crime

JIM Dharmendra Arora

Computer Virus
 It is a piece of programming code usually disguised as
something else that causes some unexpected and usually
undesirable event.
 A virus is often designed in a manner that it automatically
spreads to other computers through infected floppies, CD,
network, internet etc.
 Three classes of virus (other creatures)
o File infectors: those viruses which attach themselves to program
files, usually .com or .exe files. As the progam gets loaded, the
virus is loaded as well
o System or boot record infectors: viruses that infect executable
code in certain system areas (called boot sector) on a disk. It
generally crashes the computer
o Macro viruses: Generally infect Ms-Office applications (Word,
Excel, Powerpoint), typically insert unwanted words or phrases.

JIM Dharmendra Arora

Worms
 A worm is a self replicating piece of
programming code that does not alter
files but resides in active memory and
duplicates itself.
 Worms use parts of an operating system
that are automatic and usually invisible
to the user.
 It is common for worms to be noticed
only when their uncontrolled replication
consumes system resources, slowing or
halting other tasks.
JIM Dharmendra Arora
Viruses, worms and other creatures
 Computer Virus- A program code that cannot work
without being inserted into another program.
 Worm- A distinct program that can run unaided.
 Both spread through infected computer.
 Hazardous in nature; meant to destroy data; choke
network; slow down processing; steal data.
Remedies
 Avoid using software/messages from questionable
sources.
 Be aware about latest virus threats.
 Use updated anti-virus programs like Norton, McAfee etc.
 Have bootable disk and system backup

JIM Dharmendra Arora

 Societal Health
Solutions Privacy

ETHICAL
&
Employment SOCIETAL Individuality
DIMENSIONS
OF
IT

Working
Conditions Crime

JIM Dharmendra Arora

Health Issues
Problems
 Job stress
 Damaged arm and neck muscles
 Eye strain
 Radiation exposure etc.
Solutions
 Ergonomics (sometimes called human
factor engineering)-design healthy work
environments that are safe, comfortable
and pleasant for the people to work in.
JIM Dharmendra Arora
 Societal Health
Solutions Privacy

ETHICAL
&
Employment SOCIETAL Individuality
DIMENSIONS
OF
IT

Working
Conditions Crime

JIM Dharmendra Arora

Societal Solutions
 In what way IT is serving the society?
 IT helps in solving human and social
problems by virtue of
o Medical diagnosis
o Computer aided instructions
o Governmental program planning
o Environmental quality control
o And law enforcement.

JIM Dharmendra Arora

Last words of wisdom
As an employee (a manager, end user or an IT
professional, accept your ethical responsibilities
that come with your work activities.
JIM Dharmendra Arora