Professional Documents
Culture Documents
Pertemuan ke-2
Universitas Bunda Mulia
Kompetensi Khusus
• Mahasiswa dapat menjelaskan isu etika dan privasi yang
berhubungan dengan etika dalam penggunaan teknologi
informasi dan ancaman serta tindakan penaggulangan
pelanggaran teknologi informasi
Materi
1. Ethical Issues
2. Privacy
3. Introduction to Information Security
4. Unintentional Threats to Information System
5. Deliberate Threats to Information System
6. Information Security Controls
1. Ethical Issues
1.1 Ethics?
• Ethics refers to the principles of right and wrong that
individuals use to make choices that guide their behavior.
Deciding what is right or wrong is not always easy or clear-cut.
Fortunately, there are many frameworks that can make ethical
decisions.
1.2 Ethical Frameworks
• There are many sources for ethical standards. Here we
consider four widely used standards:
1. The utilitarian approach,
2. The rights approach,
3. The fairness approach, and
4. The common good approach
1.2.1 The Utilitarian Approach (Lanj)
• The utilitarian approach states that an ethical action is the one
that provides the most good or does the least harm.
• The ethical corporate action would be the one that produces
the greatest good and does the least harm for all affected
parties customers, employees, shareholders, the community,
and the physical environment.
1.2.1The Right Approach (Lanj)
9. Supervisory Control & Data Acquisition (SCADA) 10. Cyberterrorism and Cyberwarface.
Attacks
6. Information Security Controls
6.1 Information Security Controls
• To protect their information assets, organizations implement
controls, or defense mechanisms (Countermeasures)
• Controls are designed to protect all of the components of an
information system, including data, software, hardware, and
network.
• Controls are intended to prevent accidental hazards, deter
intentional acts, detect problems as early as possible, enhance
damage recovery.
6.2 Types of Control
• In this section, we will learn types of controls such as:
1. Physical Control,
2. Access Control,
6.1.1 Physical Controls
• Physical controls prevent unauthorized individuals from
gaining access to a company’s facilities. Common physical
controls include walls, doors, fencing, gates, locks, badges,
guards, and alarm systems. More sophisticated physical
controls include pressure sensors, temperature sensors, and
motion detectors. One shortcoming of physical controls is that
can be inconvenient to employees.
6.1.1 Physical Controls (Lanj)
• Organizations also implement physical security measures that
limit computer users to acceptable login times and locations.
These controls also limit the number of unsuccessful login
attempts, and they require all employees to log off their
computers when they leave for the day. In addition, they set
the employees’ computers to automatically log off the user
after a certain period of disuse
6.1.2 Access Controls
• Access controls restrict unauthorized individuals from using
information resources. These controls involve two major
functions: authentication and authorization.
6.1.2 Access Controls (Lanj)
• Authentication confirms the identity of the person requiring
access. After the person is authenticated (identified), the next
step is authorization.
• Authorization determines which actions, rights, or privileges
the person has, based on his or her verified identity.
Summary:
• Ethics refers to the principles of right and wrong that
individuals use to make choices that guide their behavior
• Fundamental tenets of ethics include responsibility,
accountability, and liability.
• Major ethical issues related to IT are privacy, accuracy,
property and access to information
Summary (Lanj)…