Chapter Six

Ethical and Security Issues

Security of an Information System

Information System Security refers to the way the system is defended against unauthorized
access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

There are two major aspects of information system security −

 Security of the information technology used − securing the system from malicious cyber-
attacks that tend to break into the system and to access critical private information or gain
control of the internal systems.
 Security of data − ensuring the integrity of data when critical issues, arise such as natural
disasters, computer/server malfunction, physical theft etc. Generally an off-site backup of
data is kept for such problems.

Guaranteeing effective information security has the following key aspects −

 Preventing the unauthorized individuals or systems from accessing the information.

 Maintaining and assuring the accuracy and consistency of data over its entire life-cycle.
 Ensuring that the computing systems, the security controls used to protect it and the
communication channels used to access it, functioning correctly all the time, thus making
information available in all situations.
 Ensuring that the data, transactions, communications or documents are genuine.
 Ensuring the integrity of a transaction by validating that both parties involved are
genuine, by incorporating authentication features such as "digital signatures".
 Ensuring that once a transaction takes place, none of the parties can deny it, either having
received a transaction, or having sent a transaction. This is called 'non-repudiation'.
 Safeguarding data and communications stored and shared in network systems.

MIS _Chapter Six By: Tagel W. STBC 2012E.C Page 1

Cyber Crime & Cyber Security

The crime that involves and uses computer devices and Internet, is known as Cybercrime.

Cybercrime can be committed against an individual or a group; it can also be committed against
government and private organizations. It may be intended to harm someone’s reputation,
physical harm, or even mental harm.

Cybercrime can cause direct harm or indirect harm to whoever the victim is.

However, the largest threat of cybercrime is on the financial security of an individual as well as
the government.

Cybercrime causes loss of billions of USD every year.

Types of Cybercrime

Following are some of the major types of cybercrime −

Hacking

It is an illegal practice by which a hacker breaches the computer’s security system of someone
for personal interest.

Child pornography

It is one of the most heinous crimes that is brazenly practiced across the world. Children are
sexually abused and videos are being made and uploaded on the Internet.

Copyright infringement

If someone infringes someone’s protected copyright without permission and publishes that with
his own name, is known as copyright infringement.

Money laundering

Illegal possession of money by an individual or an organization is known as money laundering.

It typically involves transfers of money through foreign banks and/or legitimate business. In
other words, it is the practice of transforming illegitimately earned money into the legitimate
financial system.

MIS _Chapter Six By: Tagel W. STBC 2012E.C Page 2

Cyber-extortion

When a hacker hacks someone’s email server, or computer system and demands money to
reinstate the system, it is known as cyber-extortion.

Cyber-terrorism

Normally, when someone hacks government’s security system or intimidates government or

such a big organization to advance his political or social objectives by invading the security
system through computer networks, it is known as cyber-terrorism.

Cyber Security

Cyber security is a potential activity by which information and other communication systems
are protected from and/or defended against the unauthorized use or modification or exploitation
or even theft.

Likewise, cyber security is a well-designed technique to protect computers, networks, different

programs, personal data, etc., from unauthorized access.

All sorts of data whether it is government, corporate, or personal need high security; however,
some of the data, which belongs to the government defense system, banks, defense research and
development organization, etc. are highly confidential and even small amount of negligence to
these data may cause great damage to the whole nation. Therefore, such data need security at a
very high level.

How to Secure Data?

Let us now discuss how to secure data. In order to make your security system strong, you need
to pay attention to the following −

 Security Architecture

 Network Diagram

 Security Assessment Procedure

 Security Policies

MIS _Chapter Six By: Tagel W. STBC 2012E.C Page 3

  Risk Management Policy

 Backup and Restore Procedures

 Disaster Recovery Plan

 Risk Assessment Procedures

Once you have a complete blueprint of the points mentioned above, you can put better security
system to your data and can also retrieve your data if something goes wrong.

Information Systems and Ethics

Information systems bring about immense social changes, threatening the existing distributions
of power, money, rights, and obligations. It also raises new kinds of crimes, like cyber-crimes.

Following organizations promote ethical issues −

 The Association of Information Technology Professionals (AITP)

 The Association of Computing Machinery (ACM)
 The Institute of Electrical and Electronics Engineers (IEEE)
 Computer Professionals for Social Responsibility (CPSR)

The ACM Code of Ethics and Professional Conduct

 Strive to achieve the highest quality, effectiveness, and dignity in both the process and
products of professional work.
 Acquire and maintain professional competence.
 Know and respect existing laws pertaining to professional work.
 Accept and provide appropriate professional review.
 Give comprehensive and thorough evaluations of computer systems and their impacts,
including analysis and possible risks.
 Honor contracts, agreements, and assigned responsibilities.
 Improve public understanding of computing and its consequences.
 Access computing and communication resources only when authorized to do so.

MIS _Chapter Six By: Tagel W. STBC 2012E.C Page 4

The IEEE Code of Ethics and Professional Conduct

IEEE code of ethics demands that every professional vouch to commit themselves to the highest
ethical and professional conduct and agree −

 To accept responsibility in making decisions consistent with the safety, health and
welfare of the public, and to disclose promptly factors that might endanger the public or
the environment;
 To avoid real or perceived conflicts of interest whenever possible, and to disclose them to
affected parties when they do exist;
 To be honest and realistic in stating claims or estimates based on available data;
 To reject bribery in all its forms;
 To improve the understanding of technology, its appropriate application, and potential
consequences;
 To maintain and improve our technical competence and to undertake technological tasks
for others only if qualified by training or experience, or after full disclosure of pertinent
limitations;
 To seek, accept, and offer honest criticism of technical work, to acknowledge and correct
errors, and to credit properly the contributions of others;
 To treat fairly all persons regardless of such factors as race, religion, gender, disability,
age, or national origin;
 To avoid injuring others, their property, reputation, or employment by false or malicious
action;
 To assist colleagues and co-workers in their professional development and to support
them in following this code of ethics.

Ethical and Legal Basis for Privacy Protection

“Database privacy concerns the protection of information about individuals… it is based on a

balance of confidentiality, integrity and availability.”

Protecting Your Privacy

MIS _Chapter Six By: Tagel W. STBC 2012E.C Page 5

 àSome things to consider when choosing a privacy protection system:

 Knowledge of Technology
 Understanding of Technology
 Implementation of Technology
 Financial Burden

Authentication Methods

à Three main types of authentication techniques

• What you know-à Login, Passwords, Key Card, ID Card, Token, USB Jump Drive
• What you have-à What You Have Physical object is needed in order to gain access
• What you are-à Biometrics- Fingerprint Scanners, Voice Print Recognition, Hand
and/or Palm Geometry, Retinal Scan, Iris Scan, Facial Scan

Course Summary

An efficient information system creates an impact on the organization's function, performance,

and productivity.

Nowadays, information system and information technology have become a vital part of any
successful business and is regarded as a major functional area like any other functional areas
such as marketing, finance, production and human resources, etc.

Thus, it is important to understand the functions of an information system just like any other
functional area in business. A well maintained management information system supports the
organization at different levels.

Many firms are using information system that cross the boundaries of traditional business
functions in order to re-engineer and improve vital business processes all across the enterprise.
This typical has involved installing −

 Enterprise Resource Planning (ERP)

MIS _Chapter Six By: Tagel W. STBC 2012E.C Page 6

  Supply Chain Management (SCM)
 Customer Relationship Management (CRM)
 Transaction Processing System (TPS)
 Executive Information System (EIS)
 Decision Support System (DSS)
 Knowledge Management Systems (KMS)
 Content Management Systems (CMS)

The strategic role of Management Information System involves using it to develop products,
services, and capabilities that provide a company major advantages over competitive forces it
faces in the global marketplace.

We need an MIS flexible enough to deal with changing information needs of the organization.
The designing of such a system is a complex task. It can be achieved only if the MIS is planned.
We understand this planning and implementation in management development process.

Decision support system is a major segment of organizational information system, because of its
influential role in taking business decisions. It helps all levels of managers to take various
decisions.

End of the Course!!!

----------------Good Luck!!!--------------

MIS _Chapter Six By: Tagel W. STBC 2012E.C Page 7