Prof.

Anatoly Sachenko
Prof. Anatoly Sachenko
11 Security and Ethical
Challenges
I. LECTURE OVERVIEW
This chapter discusses the threats against, and defenses needed for the performance and security of business
information systems, as well as the ethical implications and societal impacts of information technology.
Section I: Security, Ethical and Societal Challenges of IT
Section II: Security anage!ent of Infor!ation Technology
II. LE"R#I#$ O%&ECTIVES
Learning Objectives
1. Identify several ethical issues in how the use of information technologies in business affects employment,
individuality, working conditions, privacy, crime, health, and solutions to societal problems.
. Identify several types of security management strategies and defenses, and e!plain how they can be used to
ensure the security of business applications of information technology.
". Propose several ways that business managers and professionals can help to lessen the harmful effects and
increase the beneficial effects of the use of information technology.
Prof. Anatoly Sachenko
Prof. Anatoly Sachenko
III. LECTURE #OTES
Section I: Security, Ethical, and Societal Challenges of IT
Introduction
There is no #uestion that the use of information technology in e$business operations presents ma%or security
challenges, poses serious ethical #uestions, and affects society in significant ways.
Analyzing F-Secure, Microsoft, GM, and Verizon
&e can learn a lot from this case about the security and ethical issues in business that arise from the challenges
caused by computer viruses. Take a few minutes to read it, and we will discuss it 'see ($Secure, )icrosoft, *),
and +eri,on- The .usiness /hallenge of /omputer +iruses in Section I01.
Business!" Security, #t$ics, and Society %Figure &&'()
The use of information technology in e$business has ma%or impacts on society, and thus raises serious ethical issues
in the areas such as-
/rime
Privacy
Individuality
2mployment
3ealth
&orking /onditions
#ote- Students should reali,e that information technology could have a beneficial effect as well as a negative
effect in each of the areas listed above.
Ethical Res'onsi(ility of %usiness )rofessionals
As a business end user, you have a responsibility to promote ethical uses of information technology in the
workplace. These responsibilities include properly performing your role as a vital human resource in the e$
business systems you help develop and use in your organi,ations.
The AITP code provides guidelines for ethical conduct in the development and use of information technology.
Prof. Anatoly Sachenko
Prof. Anatoly Sachenko
2nd$users and IS professionals would live up to their ethical responsibilities by voluntarily following such
guidelines.
(or e!ample, you can be a res*onsible end user by-
Acting with integrity
Increasing your professional competence
Setting high standards of personal performance
Accepting responsibility for your work
Advancing the health, privacy, and general welfare of the public
Business #t$ics+
Business et$ics is concerned with the numerous ethical #uestions that managers must confront as part of their
daily business decision$making. )anagers use several important alternatives when confronted with making
ethical decisions on business issues.
These include-
Stoc*holder Theory + 3olds that managers are agents of the stockholders, and their only ethical
responsibility is to increase the profits of the business, without violating the law or engaging in fraudulent
practices.
Social Contract Theory , States that companies have ethical responsibility to all members of society, which
allow corporations to e!ist based on a social contract.
Sta*eholder Theory , )aintains that managers have an ethical responsibility to manage a firm for the benefit
of all of its stakeholders, which are all individuals and groups that have a stake in or claim on a company.
"ec$nology #t$ics %Figure &&',)
)ro'ortionality 4 The good achieved by the technology must outweigh the harm or risk. )oreover, there must be
no alternative that achieves the same or comparable benefits with less harm or risk.
Infor!ed Consent 4 Those affected by the technology should understand and accept the risks.
&ustice 4 The benefits and burdens of the technology should be distributed fairly. Those who benefit should bear
their fair share of the risks, and those who do not benefit should not suffer a significant increase in risk.
ini!i-ed Ris* 4 2ven it %udged acceptable by the other three guidelines, the technology must be implemented so
Prof. Anatoly Sachenko
Prof. Anatoly Sachenko
as to avoid all unnecessary risk.
#t$ical Guidelines+
The Association of Information Technology Professionals 'AITP1, is an organi,ation of professionals in the
computing field. Its code of conduct outlines the ethical considerations inherent in the ma%or responsibilities of an
IS professional.
.usiness and end users and IS professionals would live up to their ethical responsibilities by voluntarily following
such guidelines as those outlined in the AITP standard. 5ou can be a responsible end user by-
Acting with integrity
Increasing your professional competence
Setting high standards of personal performance
Accepting responsibility for your work
Advancing the health, privacy, and general welfare of the public
Co!'uter Cri!e
-o.*uter cri.e is a growing threat to society by the criminal or irresponsible actions of computer individuals who
are taking advantage of the widespread use and vulnerability of computers and the Internet and other networks. It
thus presents a ma%or challenge to the ethical use of information technologies. 2$computer crime poses serious
threats to the integrity, safety, and survival of most e$business systems, and thus makes the development of effective
security methods a top priority.
The Association of Information Technology professionals 'ATIP1 defines computer crime as including-
The unauthori,ed use, access, modification, and destruction of hardware, software, data, or network resources.
The unauthori,ed release of information
The unauthori,ed copying of software
6enying an end user access to his or her own hardware, software, data, or network resources
7sing or conspiring to use computer or network resources to illegally obtain information or tangible property.
Penalties for violation of the 7.S. /omputer (raud and Abuse Act include-
1 to 8 years in prison for a first offence
19 years for a second offence
9 years for three or more offences
(ines ranging up to :89,999 or twice the value of stolen data
/ac0ing+ ./igure 00.12
Prof. Anatoly Sachenko
Prof. Anatoly Sachenko
/ac0ing is the obsessive use of computers, or the unauthori,ed access and use of networked computer systems.
Illegal hackers 'also called crackers1 fre#uently assault the Internet and other networks to steal or damage data and
programs. 3ackers can-
)onitor e$mail, &eb server access, or file transfers to e!tract passwords or steal network files, or to plant data
that will cause a system to welcome intruders.
7se remote services that allow one computer on a network to e!ecute programs on another computer to gain
privileged access within a network.
7se Telnet, an Internet tool for interactive use of remote computers, to discover information to plan other
attacks.
-yber-"$eft
)any computer crimes involve the theft of money. In the ma%ority of cases, they are ;inside %obs< that involve
unauthori,ed network entry and fraudulent alternation of computer databases to cover the tracks of the employees
involved.
1naut$orized 1se at 2or0+
Prof. Anatoly Sachenko
Prof. Anatoly Sachenko
The unauthori,ed use of a computer system is called ti.e and resource t$eft. A common e!ample is unauthori,ed
use of company$owned computer networks by employees. This may range from doing private consulting or
personal finances, or playing video games to unauthori,ed use of the Internet on company networks. =etwork
monitoring software called sniffers is fre#uently used to monitor network traffic to evaluate network capacity, as
well as reveal evidence of improper use.
Soft3are 4iracy+
/omputer programs are valuable property and thus are the sub%ect of theft from computer systems. 7nauthori,ed
copying of software or soft3are *iracy is a ma%or form of software theft because software is intellectual property,
which is protected by copyright law and user licensing agreements.
4iracy of !ntellectual 4ro*erty+
Software is not the only intellectual property sub%ect to computer$based piracy. >ther forms of copyrighted
material, such as music, videos, images, articles, books, and other written works are especially vulnerable to
copyright infringement, which most courts have deemed illegal. 6igitised versions can easily be captured by
computer systems and made available for people to access or download at Internet websites, or can be readily
disseminated by e$mail as file attachments. The development of peer$to$peer 'PP1 networking has made digital
versions of copyrighted material even more vulnerable to unauthori,ed use.
-o.*uter Viruses+
>ne of the most destructive e!amples of computer crime involves the creation of co.*uter viruses or worms. They
typically enter a computer system through illegal or borrowed copies of software, or through network links to other
computer systems. A virus usually copies itself into the operating systems programs, and from there to the hard
disk and any inserted floppy disks. +accine programs, and virus prevention and detection programs are available,
but may not work for new types of viruses.
Virus $ is a program code that cannot work without being inserted into another program.
2or. $ is a distinct program that can run unaided.
)ri3acy Issues
The power of information technology to store and retrieve information can have a negative effect on the rig$t to
*rivacy of every individual.
(or e!ample-
/onfidential e$mail messages by employees are monitored by many companies
Personal information is being collected about individuals every time they visit a site on the &orld &ide &eb
/onfidential information on individuals contained in centrali,ed computer databases by credit bureaus,
government agencies, and private business firms has been stolen or misused, resulting in the invasion of
privacy, fraud, and other in%ustices.
7nauthori,ed use of information can seriously damage the privacy of individuals.
2rrors in databases can seriously hurt the credit standing or reputation of individuals.
Some important privacy issues being debated in business and government include the following-
Accessing individuals? private e$mail conversations and computer records, and collecting and sharing
information about individuals gained from their visits to Internet websites and newsgroups 'violation of
privacy1.
Always ;knowing< where a person is, especially as mobile and paging services become more closely associated
Prof. Anatoly Sachenko
Prof. Anatoly Sachenko
with people rather than places 'computer monitoring1
7sing customer information to market additional business services 'computer matching1.
/ollecting telephone numbers and other personal information to build individual customer profiles
'unauthori,ed personal files1.
4rivacy on t$e !nternet+
The Internet is notorious for giving its users a feeling of anonymity, when in actuality@ they are highly visible and
open to violations of their privacy. )ost of the Internet and its &orld &ide &eb and newsgroups are still a wide
open, unsecured, electronic frontier, with no tough rules on what information is personal and private. 5ou can
protect your privacy in several ways-
7se encryption to send e$mail 'both sender and receiver must have encryption software1.
Anonymous remailers to protect your identify when you add comments in newsgroup postings.
Ask Internet service provider not to sell your name and personal information to mailing list providers, and
other marketers.
6ecline to reveal personal data and interest on online service and websites user profiles.
-o.*uter Matc$ing+
-o.*uter .atc$ing is the use of computers to screen and match data about individual characteristics provided by
a variety of computer$based information systems and databases in order to identify individuals for business,
government, or other purposes. 7nauthori,ed use or mistakes in the computer matching of personal data can be a
threat to privacy. (or e!ample, an individual?s personal profile may be incorrectly matched with someone else.
4rivacy La3s+
In the 7S, the (ederal Privacy Act strictly regulates the collection and use of personal data by governmental
agencies. The law specifies that individuals have the right to inspect their personal records, make copies, and
correct or remove erroneous or misleading information.
(ederal Privacy Act specifies that federal agencies-
)ust annually disclose the types of personal data files they maintain.
/annot disclose personal information on an individual to any other individual or agency e!cept under certain
strict conditions.
)ust inform individuals of the reasons for re#uesting personal information from them.
)ust retain personal data records only if it is ;relevant and necessary to accomplish< an agency?s legal
purpose.
)ust establish appropriate administrative, technical, and physical safeguards to ensure the security and
confidentiality of records.
The 7.S. /ongress enacted the 2lectronic /ommunications Privacy Act and the /omputer (raud and Abuse Act in
1ABC. These federal *rivacy la3s are a ma%or attempt to enforce the privacy of computer$based files and
communications. These laws prohibit intercepting data communications messages, stealing or destroying data, or
trespassing in federal$related computer systems.
-o.*uter Libel and -ensors$i*
The opposite side of the privacy debate is-
The right of people to know about matters others may want to keep private 'freedom of information1
The right of people to e!press their opinions about such matters 'freedom of speech1
Prof. Anatoly Sachenko
Prof. Anatoly Sachenko
The right of people to publish those opinions 'freedom of the press1.
Some of the biggest battlegrounds in the debate are the bulletin boards, e$mail bo!es, and online files of the
Internet and public information networks, such as America >nline and the )icrosoft =etwork. The weapons
being used in this battle include spamming, flame mail, libel laws, and censorship.
S*a..ing $ is the indiscriminate sending of unsolicited e$mail messages 'spam1 to many Internet users.
Spamming is the favorite tactic of mass$mailers of unsolicited advertisements, or junk e-mail. /yber criminals to
spread computer viruses or infiltrate many computer systems have also used Spamming.
Fla.ing $ is the practice of sending e!tremely critical, derogatory, and often vulgar e$mail messages 'flame mail1,
or newsgroup postings to other users on the Internet or online services. (laming is especially prevalent on some of
the Internet?s special interest newsgroups. The Internet is very vulnerable to abuse, as it currently lacks formal
policing, and lack of security.
Other Challenges:
The uses of information technologies in e$business systems include ethical and societal impacts of e$business in the
areas of employment, individuality, working conditions, and health.
#.*loy.ent -$allenges+
The impact of IT on e.*loy.ent is a ma%or ethical concern and is directly related to the use of computers to
achieve automation of work activities. The use of e$business technologies has created new %obs and increased
productivity. 3owever, it has also caused a significant reduction in some types of %ob opportunities.
-o.*uter Monitoring+
>ne of the most e!plosive ethical issues concerning the #uality of working conditions in e$business is co.*uter
.onitoring. /omputers are being used to monitor the productivity and behavior of employees while they work.
Supposedly, computer monitoring is done so employers can collect productivity data about their employees to
increase the efficiency and #uality of service.
/omputer monitoring has been critici,ed as unethical because-
It is used to monitor individuals, not %ust work, and is done continually, thus violating workers? privacy and
personal freedom.
Is considered an invasion of the privacy of employees, because in many cases, they do not know that they are
being monitored, or don?t know how the information is being used.
2mployee?s right of due process may be harmed by the improper use of collected data to make personnel
decisions.
It increases the stress on employees who must work under constant electronic surveillance.
It has been blamed for causing health problems among monitored workers.
.lamed for robbing workers of the dignity of their work.
-$allenges in 2or0ing -onditions+
Information technology has eliminated some monotonous or obno!ious tasks in the office and the factory that
formerly had to be performed by people. Thus, IT can be said to upgrade the quality of work. Though, many
automated operations are also critici,ed for relegating people to a ;do$nothing< standby role.
Prof. Anatoly Sachenko
Prof. Anatoly Sachenko
-$allenges to !ndividuality+
A fre#uent criticism of e$business systems concerns their negative effect on the individuality of people. /omputer$
based systems are critici,ed as-
.eing impersonal systems that dehumani,e and depersonali,e activities, since they eliminate the human
relationships present in noncomputer systems. 3umans feel a loss of identity.
3umans feel a loss of individuality as some systems re#uire a regimentation of the individual, and demanding
strict adherence to detailed procedures.
/omputer$based systems can be ergonomically engineered to accommodate $u.an factors that-
)inimi,e depersonali,ation and regimentation.
6esign software that is ;people$oriented< and ;user$friendly.<
4ealth Issues: ./igure 00.052
The use of IT in the workplace raises a variety of $ealt$ issues. 3eavy use of computers is reportedly causing
health problems such as-
Dob stress
6amaged arm and neck muscles
2ye strain
Eadiation e!posure
6eath by computer$caused accidents
#rgono.ics+
Solutions to some health problems are based on the science of ergono.ics, sometimes called human factors
engineering. The goal of ergonomics is to design healthy work environments that are safe, comfortable, and
pleasant for people to work in, thus increasing employee morale and productivity.
Prof. Anatoly Sachenko
Prof. Anatoly Sachenko
2rgonomics stresses the healthy design of the workplace, workstations, computers and other machines, and even
software packages. >ther health issues may re#uire ergonomic solutions emphasi,ing %ob design, rather than
workplace design.
Societal Solutions
/omputers and networks like the Internet, and other information technology can have many beneficial effects on
society. Information technology can be used to solve human and societal problems through societal solutions such
as-
)edical diagnosis
/omputer$assisted instruction
*overnmental program planning
2nvironmental #uality control
Faw enforcement
Prof. Anatoly Sachenko
Prof. Anatoly Sachenko
IV. LECTURE #OTES 6con7t8
Section II: Security anage!ent of Infor!ation Technology
!ntroduction
There are many significant threats to the security of information systems in business. .usiness managers and
professionals alike are responsible for the security, #uality, and performance of the e$business systems in their
business units.
"naly-ing $eisinger 4ealth Syste!s and 9u )ont
&e can learn a lot from this case about the security management issues and challenges in securing company data
resources and process control networks. Take a few minutes to read it, and we will discuss it 'See *eisinger 3ealth
Systems and 6u Pont- Security )anagement in Section I01.
Tools of Security anage!ent
The goal of security .anage.ent is the accuracy, integrity, and safety of all e$business processes and resources.
2ffective security management can minimi,e errors, fraud, and losses in the internetworked computer$based
systems that interconnect today?s e$business enterprises.
Internet:or*ed Security 9efense
Security of today?s internetworked e$business enterprises is a ma%or management challenge. +ital network links
and business flows need to be protected from e!ternal attack by cyber criminals or subversion by the criminal or
irresponsible acts of insiders. This re#uires a variety of security tools and defensive measures and a coordinated
security management program.
#ncry*tion
#ncry*tion of data has become an important way to protect data and other computer network resources especially
on the Internet, intranets, and e!tranets.
2ncryption characteristics include-
Passwords, messages, files, and other data can be transmitted in scrambled form and unscrambled by computer
systems for authori,ed users only.
2ncryption involves using special mathematical algorithms, or keys, to transform digital data into a scrambled
code before they are transmitted, and to decode the data when they are received.
The most widely used encryption method uses a pair of public and private keys uni#ue to each individual. (or
e!ample- e$mail could be scrambled and encoded using a uni#ue public key for the recipient that is known to
the sender. After the e$mail is transmitted, only the recipient?s secret private key could unscramble the
message.
2ncryption programs are sold as separate products or built into other software used for the encryption process.
There are several competing software encryption standards, but the top two are ESA and P*P.
Fire3alls
Another important method for control and security on the Internet and other networks is the use of fire:all
computers and software. A network fire wall can be a communications processor, typically a router, or a dedicated
server, along with fire wall software.
Prof. Anatoly Sachenko
Prof. Anatoly Sachenko
(ire wall computers and software characteristics include-
A fire wall serves as a ;gatekeeper< computer system that protects a company?s intranets and other computer
networks from intrusion by serving as a filter and safe transfer point for access to and from the Internet and
other networks.
A fire wall computer screens all network traffic for proper passwords and other security codes, and only allows
authori,ed transmissions in and out of the network.
(ire walls have become an essential component of organi,ations connecting to the Internet, because of its
vulnerability and lack of security.
(ire walls can deter, but not completely prevent, unauthori,ed access 'hacking1 into computer networks. In
some cases, a fire wall may allow access only from trusted locations on the Internet to particular computers
inside the fire wall. >r it may allow only ;safe< information to pass.
In some cases, it is impossible to distinguish safe use of a particular network service from unsafe use and so all
re#uests must be blocked. The fire wall may then provide substitutes for some network services that perform
most of the same functions but are not as vulnerable to penetration.
5enial of Service 5efenses
The Internet is e!tremely vulnerable to a variety of assaults by criminal hackers, especially denial of service '6>S1
attacks. 6enial of service assaults via the Internet depend on three layers of networked computer systems, and
these are the basic steps e$business companies and other organi,ations can take to protect their websites form
denial of service and other hacking attacks.
The victim?s website
The victim?s Internet service provider 'ISP1
The sites of ;,ombie< or slave computers that were commandeered by the cyber criminals.
e-Mail Monitoring
Internet and other online e$mail systems are one of the favorite avenues of attack by hackers for spreading
computer viruses or breaking into networked computers. 2$mail is also the battleground for attempts by companies
to enforce policies against illegal, personal, or damaging messages by employees, and the demands of some
employees and others, who see such policies as violations of privacy rights.
Virus 5efenses
)any companies are building defenses against the spread of viruses by centrali,ing the distribution and updating
of antivirus software, as a responsibility of there IS departments. >ther companies are outsourcing the virus
protection responsibility to their Internet service providers or to telecommunications or security management
companies.
Other Security easures:
A variety of security measures are commonly used to protect e$business systems and networks. These include both
hardware and software tools like fault$tolerant computers and security monitors, and security policies and
procedures like passwords and backup files.
Prof. Anatoly Sachenko
Prof. Anatoly Sachenko
Security -odes+
Typically, a multilevel *ass3ord system is used for security management.
(irst, an end user logs on to the computer system by entering his or her uni#ue identification code, or user I6.
The end user is then asked to enter a password in order to gain access into the system.
=e!t, to access an individual file, a uni#ue file name must be entered.
Bac0u* Files
Bac0u* files, which are duplicate files of data or programs, are another important security measure.
(iles can be protected by file retention measures that involve storing copies of files from previous periods.
Several generations of files can be kept for control purposes.
Security Monitors
System security .onitors are programs that monitor the use of computer systems and networks and protect them
from unauthori,ed use, fraud, and destruction.
Security monitor programs provide the security measures needed to allow only authori,ed users to access the
networks.
Security monitors also control the use of the hardware, software, and data resources of a computer system.
Security monitors can be used to monitor the use of computer networks and collect statistics on any attempts at
improper use.
Bio.etric Security
These are security measures provided by computer devices, which measure physical traits that make each
individual uni#ue. This includes-
+oice verification
(ingerprints
3and geometry
Signature dynamics
Geystroke analysis
Eetina scanning
(ace recognition
*enetic pattern analysis
-o.*uter Failure -ontrols-
A variety of controls are needed to prevent computer failure or to minimi,e its effects. /omputer systems may fail
due to-
Power failure
2lectronic circuitry malfunctions
Telecommunications network problems
3idden programming errors
/omputer operator errors
2lectronic vandalism
The information services department typically takes steps to prevent e#uipment failure and to minimi,e its
detrimental effects.
(or e!ample-
Prof. Anatoly Sachenko
Prof. Anatoly Sachenko
Programs of preventative maintenance of hardware and management of software updates are commonplace
7sing computers e#uipped with automatic and remote maintenance capabilities
2stablishing standards for electrical supply, air conditioning, humidity control, and fire prevention standards
Arrange for a backup computer system capability with disaster recovery organi,ations.
Scheduling and implementing ma%or hardware or software changes to avoid problems.
Training and supervision of computer operators.
7sing fault tolerant computer systems 'fail-safe and fail-soft capabilities1
Fault "olerant Syste.s + ./igure 00.502
)any firms use fault tolerant computer systems that have redundant processors, peripherals, and software that
provide a fail-over capability to back up components in the event of system failure.
Fail-Safe - (ail$Safe refers to computer systems that continue to operate at the same level of performance
after a ma%or failure.
Fail-Soft - (ail$soft refers to computer systems that continue to operate at a reduced but acceptable level after
a system failure.
5isaster 6ecovery
3urricanes, earth#uakes, fires, floods, criminal and terrorist acts, and human error can all severely damage an
organi,ationHs computing resources, and thus the health of the organi,ation itself. )any companies, especially
online e$commerce retailers and wholesalers, airlines, banks, and Internet service providers, for e!ample, are
crippled by losing even a few hours of computing power. That is why it is important for organi,ations to develop
disaster recovery procedures and formali,e them in a disaster recovery plan. It specifies which employees will
participate in disaster recovery, and what their duties will be@ what hardware, software, and facilities will be used@
and the priority of applications that will be processed. Arrangements with other companies for use of alternative
facilities as a disaster recovery site and off site storage of an organi,ationHs databases are also part of an effective
recovery effort.
Prof. Anatoly Sachenko
Prof. Anatoly Sachenko
Syste! Controls and "udits ./igure 00.552:
The development of information system controls and the accomplishment of e$business systems audits are two
other types of security management.
!nfor.ation Syste.s -ontrols+
Information systems controls are methods and devices that attempt to ensure the accuracy, validity, and propriety of
information system activities. Information System 'IS1 controls must be developed to ensure proper data entry,
processing techni#ues, storage methods, and information output. IS controls are designed to monitor and
maintain the #uality and security of the input, processing, output, and storage activities of any information system.
Auditing !" Syste.s
2$business systems should be periodically e!amined, or audited, by a company?s internal auditing staff or
e!ternal auditors from professional accounting firms. Such audits should review and evaluate whether proper
and ade#uate security measures and management policies have been developed and implemented.
An important ob%ective of e$business system audits is testing the integrity of an application audit trail. An audit
trail can be defined as the presence of documentation that allows a transaction to be traced through all stages of its
information processing. The audit trail of manual information systems was #uite visible and easy to trace@
however, computer$based information systems have changed the form of the audit trail.
Su!!ary
; Ethical and Societal 9i!ensions. The vital role of information technologies and systems in society raises
serious ethical and societal issues in terms of their impact on employment, individuality, working conditions,
privacy, health, and computer crime as illustrated in (igure 11..
2mployment issues include the loss of %obs due to computeri,ation and automation of work versus the %obs
Prof. Anatoly Sachenko
Prof. Anatoly Sachenko
created to supply and support new information technologies and the business applications they make possible. The
impact on working condition involves the issues of computer monitoring of employees and the #uality of the
working conditions of %obs that make heavy use of information technologies. The effect of IT of individuality
addresses the issues of the depersonali,ation, regimentation, and infle!ibility of some computeri,ed business
systems.
3ealth issues are raised by heavy use of computer workstations for long periods of time by employees which
may cause work$related health disorders. Serious privacy issues are raised by the use of IT to access or collect
private information without authori,ation, as well as for computer profiling, computer matching, computer
monitoring, and computer libel and censorship. /omputer crime issues surround activities such as hacking,
computer viruses and worms, cyber theft, unauthori,ed use at work, software piracy, and piracy of intellectual
property.
)anager, business professionals, and IS specialists can help solve the problems of improper use of IT by
assuring their ethical responsibilities for the ergonomic design, beneficial use, and enlightened management of
information technologies in our society.
; Ethical Res'onsi(ility in %usiness. .usiness and IT activities involve many ethical considerations. .asic
principles of technology and business ethics can serve as guidelines for business professionals when dealing with
ethical business issues that may arise in the widespread use of information technology in business and society.
2!amples include theories of corporate social responsibility, which outline the ethical responsibility of management
and employees to a company?s stockholders, stakeholders, and society, and the four principles of technology ethics
summari,ed in (igure 11.I.
; Security anage!ent. >ne of the most important responsibilities of the management of a company is to assure
the security and #uality of its IT$enables business activities. Security management tools and policies can ensure the
accuracy, integrity, and safety of the information systems and resources of a company, and thus minimi,e errors,
fraud, and security losses in their business activities. 2!amples mentioned in the chapter include the use of
encryption of confidential business data, firewalls, e$mail monitoring, antivirus software, security codes, backup
files, security monitors, biometric security measures, computer failure controls, fault tolerant systems, disaster
recovery measures, information systems controls, and security audits of business systems.
Prof. Anatoly Sachenko
Prof. Anatoly Sachenko
IV. <E= TERS "#9 CO#CE)TS , 9E/I#E9
"nti3irus Soft:are 6>?58:
Is a software program that is designed to find and eliminate computer viruses.
"udit Trail 6>?@8:
Periodically e!amining the accuracy and integrity of information systems.
"uditing e,(usiness Syste!s 6>?18:
An information services department should be periodically e!amined 'audited1 by internal auditing personnel. In
addition, periodic audits by e!ternal auditors from professional accounting firms are a good business practice.
%ac*u' /iles 6>?>8:
.ackup files are duplicate files of data or programs. These files may be stored off$premises, that is, in a location
away from the computer center, sometimes in special storage vaults in remote locations.
%io!etric Security 6>?A8:
/omputer$based security methods that measure physical traits and characteristics such as fingerprints, voice prints,
retina scans, and so on.
%usiness Ethics 6>B?8:
An area of ethical philosophy concerned with developing ethical principles and promoting ethical behavior and
practices in the accomplishment of business tasks and decision$making.
Co!'uter Cri!e 6>BC8-
/riminal actions accomplished through the use of computer systems, especially with intent to defraud, destroy, or
make unauthori,ed use of computer system resources.
Co!'uter atching 6>AD8:
7sing computers to screen and match data about individual characteristics provided by a variety of computer$based
information systems and databases in order to identify individuals for business, government, or other purposes.
Co!'uter onitoring 6>A08:
7sing computers to monitor the behavior and productivity of workers on the %ob and in the workplace.
Co!'uter Virus 6>>?8-
Program code that copies its destructive program routines into the computer systems of anyone who accesses
computer systems which have used the program, or anyone who uses copies of data or programs taken from such
computers. This spreads the destruction of data and programs among many computer users. Technically, a virus
will not run unaided, but must be inserted into another program, while a worm is a distinct program that can run
unaided.
9enial of Ser3ice 6>?08:
Is a process whereby hackers overwhelm a website with re#uests for service from captive computers.
9isaster Reco3ery 6>?18:
)ethods for ensuring that an organi,ation recovers from natural and human$caused disasters that affect its
computer$based operations.
Encry'tion 6>A@8-
To scramble data or convert it, prior to transmission, to a secret code that masks the meaning of the data to
unauthori,ed recipients. Similar to enciphering.
Ergono!ics 6>AB8:
The science and technology emphasi,ing the safety, comfort, and ease of use of human$operated machines such as
computers. The goal of ergonomics is to produce systems that are user friendly, that is, safe, comfortable, and easy
to use. 2rgonomics is also called human factors engineering.
Prof. Anatoly Sachenko
Prof. Anatoly Sachenko
Ethical and Societal I!'acts of %usinessEIT 6>AD8:
These include '11 employment, '1 individuality, '"1 health, 'I1 privacy, '81 societal solutions, and 'C1 working
conditions.
Ethical and Societal I!'acts of e,(usiness + E!'loy!ent 6>AD8-
The impact of IT on employment is a ma%or ethical concern and is directly related to the use of computers to
achieve automation. IT has created new %obs and increased productivity@ however, it has also caused a significant
reduction in some types of %ob opportunities.
Ethical and Societal I!'acts of e,(usiness + 4ealth 6>AB8:
IT in the workplace raises a variety of health issues including health problems such as %ob stress, damaged arm and
neck muscles, eyestrain, radiation e!posure, and even death by computer$caused accidents.
Ethical and Societal I!'acts of e,(usiness + Indi3iduality 6>A58:
/omputer$based systems are critici,ed as being impersonal systems that dehumani,e and depersonali,e activities,
and eliminate the human relationships present in manual systems. 3umans feel a loss of individuality as some
systems re#uire a regimentation of the individual, and demand strict adherence to detailed procedures.
Ethical and Societal I!'acts of e,(usiness , Societal Solutions 6>A>8:
IT can have many beneficial effects on society. It is being used to solve human and societal problems through
societal applications such as medical diagnosis, computer$assisted instruction, governmental program planning,
environmental #uality control, and law enforcement.
Ethical and Societal I!'acts of e,(usiness , Wor*ing Conditions 6>A58:
IT has eliminated some monotonous and obno!ious tasks formerly performed by people. IT has upgraded the
#uality of work, but is also being critici,ed for relegating people to a ;do$nothing< standby role.
Ethical /oundations 6>B?8:
2thical choices may result from decision$making processes or behavioral stages. These include egoism, natural law,
utilitarianism, and respect for persons.
/ault Tolerant 6>?A8-
/omputers with multiple central processors, peripherals, and system software that are able to continue operations
even if there is a ma%or hardware or software failure.
/ire:all 6>A@8:
A computer that protects computer networks from intrusion by screening all network traffic and serving as a safe
transfer point for access to and from other networks.
/la!ing 6>AD8:
(laming is the practice of sending e!tremely critical, derogatory, and often$vulgar e$mail messages 'flame mail1, or
electronic bulletin board postings to other users on the Internet or online services.
4ac*ing 6>>08:
'11 obsessive use of a computer, '1 the unauthori,ed access and use of computer systems.
Infor!ation Syste! Controls 6>?18-
)ethods and devices that attempt to ensure the accuracy, validity, and propriety of information system activities.
Information system controls monitor and maintain the #uality and security of the input, processing, output, and
storage activities of any information system.
Intellectual )ro'erty )iracy 6>>A8-
/opyrighted material, such as software, music, videos, images, articles, books, and other written works are
especially vulnerable to copyright infringement, which most courts have deemed illegal.
)ass:ords 6>?>8:
A password is used as a security method, which enables computer systems to identify eligible users and determine
Prof. Anatoly Sachenko
Prof. Anatoly Sachenko
which types of information they are authori,ed to receive.
)ri3acy Issues 6>>18-
Faws that regulate the collection, access, and use of personal data.
Res'onsi(le )rofessional 6>B@8:
2nd user that acts with integrity and competence in the use of IT.
Security anage!ent 6>A18:
Passwords, identification codes, account codes, and other codes that limit the access and use of computer$based
system resources to authori,ed users.
Soft:are )iracy 6>>A8-
7nauthori,ed copying of software.
S'a!!ing 6>AD8:
Spamming is the indiscriminate sending of unsolicited e$mail to many Internet users. Spamming is the favorite
tactic of mass$mailers of unsolicited advertisements, or junk e-mail.
Syste! Security onitor 6>?>8:
Software that controls access and use of a computer system.
Unauthori-ed Use 6>>B8:
The unauthori,ed use of a computer system is called time and resource theft. A common e!ample is unauthori,ed
use of company$owned computer networks by employees.
+. 6IS/7SSI>= J72STI>=S
&hat can be done to improve e$commerce security on the InternetK
&hat potential security problems do you see in the increasing use of intranets and
e!tranets in businessK &hat might be done to solve such problemsK
&hat artificial intelligence techni#ues can a business use to improve computer security and
fight computer crimeK
&hat are your ma%or concerns about computer crime and privacy on the InternetK &hat
can you do about itK
&hat is disaster recoveryK 3ow could it be implemented at your school or workK
Is there an ethical crisis in e$business todayK &hat role does information technology play
in unethical business practicesK
&hat business decisions will you have to make as a manager that have both an ethical and
IT dimensionK
&hat would be e!amples of one positive and one negative effect of the use of e$business
technologies in each of the ethical and societal dimensions illustrated in the chapterK