Security and Ethical Challenges

IT Security, Ethics, and Society

• IT has both beneficial

and detrimental effects
on society and people
– Manage work
activities to minimize
the detrimental
effects of IT
– Optimize the
beneficial effects
 Business Ethics
• Ethics questions that managers confront as
part of their daily business decision making
include:
– Equity
– Rights
– Honesty
– Exercise of corporate power
Categories of Ethical Business Issues
Corporate Social Responsibility Theories
• Stockholder Theory
– Managers are agents of the stockholders
– Their only ethical responsibility is to increase the profits of the
business without violating the law or engaging in fraudulent practices
• Social Contract Theory
– Companies have ethical responsibilities to all members of society,
who allow corporations to exist
• Stakeholder Theory
– Managers have an ethical responsibility to manage a firm for the
benefit of all its stakeholders
– Stakeholders are all individuals and groups that have a stake in, or
claim on, a company
 Principles of Technology Ethics
• Proportionality - The good achieved by the technology must
outweigh the harm or risk; there must be no alternative that
achieves the same or comparable benefits with less harm or risk
• Informed Consent - Those affected by the technology should
understand and accept the risks
• Justice
– The benefits and burdens of the technology should be
distributed fairly
– Those who benefit should bear their fair share of the risks, and
those who do not benefit should not suffer a significant increase
in risk
• Minimized Risk - Even if judged acceptable by the other three
guidelines, the technology must be implemented so as to avoid all
unnecessary risk
 Computer Crime
• Computer crime includes
– Unauthorized use, access, modification, or
destruction of hardware, software, data, or network
resources
– The unauthorized release of information
– The unauthorized copying of software
– Denying an end user access to his/her own hardware,
software, data, or network resources
– Using or conspiring to use computer or network
resources illegally to obtain information or tangible
property
 Hacking
• Hacking is
– The obsessive use of computers
– The unauthorized access and use of networked
computer systems
• Electronic Breaking and Entering
– Hacking into a computer system and reading files, but
neither stealing nor damaging anything
• Cracker
– A malicious or criminal hacker who maintains knowledge
of the vulnerabilities found for
private advantage
 Cyber Theft
• Many computer crimes involve the theft of money
• The majority are “inside jobs” that involve
unauthorized network entry and alternation of
computer databases to cover the tracks of the
employees involved
• Many attacks occur through the Internet
• Most companies don’t reveal that they have been
targets or victims of cybercrime
 Unauthorized Use at Work
• Unauthorized use of computer systems and
networks is time and resource theft
– Doing private consulting
– Doing personal finances
– Playing video games
– Unauthorized use of the Internet or company networks
• Sniffers
– Used to monitor network traffic or capacity
– Find evidence of improper use
Internet Abuses in the Workplace

– General email abuses

– Unauthorized usage and access
– Copyright infringement/plagiarism
– Newsgroup postings
– Transmission of confidential data
– Pornography
– Hacking
– Non-work-related download/upload
– Leisure use of the Internet
– Use of external ISPs
– Moonlighting
 Software Piracy
• Software Piracy
– Unauthorized copying of computer programs
• Licensing
– Purchasing software is really a payment
for a license for fair use
– Site license allows a certain number of copies
 Theft of Intellectual Property
• Intellectual Property
– Copyrighted material
– Includes such things as music, videos, images,
articles, books, and software
• Copyright Infringement is Illegal
– Peer-to-peer networking techniques have made it
easy to trade pirated intellectual property
• Publishers Offer Inexpensive Online Music
– Illegal downloading of music and video is
down and continues to drop
 Viruses and Worms
• A virus is a program that cannot work without being
inserted into another program
– A worm can run unaided
• These programs copy annoying or destructive
routines into networked computers
– Copy routines spread the virus
• Commonly transmitted through
– The Internet and online services
– Email and file attachments
– Disks from contaminated computers
– Shareware
 Adware and Spyware
• Adware
– Software that purports to serve a useful purpose,
and often does
– Allows advertisers to display pop-up and banner
ads without the consent of the computer users
• Spyware
– Adware that uses an Internet connection in the
background, without the user’s permission
or knowledge
– Captures information about the user and sends it
over the Internet
 Spyware Problems
• Spyware can steal private information and also
– Add advertising links to Web pages
– Redirect affiliate payments
– Change a users home page and search settings
– Make a modem randomly call premium-rate phone
numbers
– Leave security holes that let Trojans in
– Degrade system performance
• Removal programs are often not completely
successful in eliminating spyware
 Privacy Issues
• The power of information technology to store
and retrieve information can have a negative
effect on every individual’s right to privacy
– Personal information is collected with every
visit to a Web site
– Confidential information stored by credit
bureaus, credit card companies, and the
government has been stolen or misused
 Opt-in Versus Opt-out
• Opt-In
– You explicitly consent to allow data to be compiled
about you
– This is the default in Europe
• Opt-Out
– Data can be compiled about you unless you
specifically request it not be
– This is the default in the U.S.
 Privacy Issues
• Violation of Privacy
– Accessing individuals’ private email conversations and computer records
– Collecting and sharing information about individuals gained from their
visits to Internet websites
• Computer Monitoring
– Always knowing where a person is
– Mobile and paging services are becoming more closely associated with
people than with places
• Computer Matching
– Using customer information gained from many sources to market
additional business services
• Unauthorized Access of Personal Files
– Collecting telephone numbers, email addresses, credit card numbers,
and other information to build customer profiles
 Protecting Your Privacy on the Internet

• There are multiple ways to protect your privacy

– Encrypt email
– Send newsgroup postings through anonymous
remailers
– Ask your ISP not to sell your name and information
to mailing list providers and
other marketers
– Don’t reveal personal data and interests on
online service and website user profiles
 Privacy Laws
• Electronic Communications Privacy Act
and Computer Fraud and Abuse Act
– Prohibit intercepting data communications messages, stealing or
destroying data, or trespassing in federal-related computer systems
• U.S. Computer Matching and Privacy Act
– Regulates the matching of data held in federal agency files to verify
eligibility for federal programs
• Other laws impacting privacy and how
much a company spends on compliance
– Sarbanes-Oxley
– Health Insurance Portability and Accountability Act (HIPAA)
– Gramm-Leach-Bliley
– USA Patriot Act
– California Security Breach Law
– Securities and Exchange Commission rule 17a-4
 Cyberlaw
• Laws intended to regulate activities over the Internet or via electronic
communication devices
– Encompasses a wide variety of legal and political issues
– Includes intellectual property, privacy, freedom of expression, and
jurisdiction
• The intersection of technology and the law is controversial
– Some feel the Internet should not be regulated
– Encryption and cryptography make traditional form of regulation
difficult
– The Internet treats censorship as damage and simply routes
around it
• Cyberlaw only began to emerge in 1996
– Debate continues regarding the applicability of legal principles
derived from issues that had nothing to do with cyberspace
 Other Challenges
• Employment
– IT creates new jobs and increases productivity
– It can also cause significant reductions in job opportunities, as well as requiring new
job skills
• Computer Monitoring
– Using computers to monitor the productivity and behavior of employees as they work
– Criticized as unethical because it monitors individuals, not just work, and is done
constantly
– Criticized as invasion of privacy because many employees do not know they are being
monitored
• Working Conditions
– IT has eliminated monotonous or obnoxious tasks
– However, some skilled craftsperson jobs have been replaced by jobs requiring
routine, repetitive tasks or standby roles
• Individuality
– Dehumanizes and depersonalizes activities because computers eliminate human
relationships
– Inflexible systems
 Health Issues
• Cumulative Trauma Disorders (CTDs)
– Disorders suffered by people who sit at a
PC or terminal and do fast-paced repetitive
keystroke jobs
• Carpal Tunnel Syndrome
– Painful, crippling ailment of the hand
and wrist
– Typically requires surgery to cure
 Ergonomics Ergonomics
Factors
• Designing healthy work
environments
– Safe, comfortable,
and pleasant for
people to work in
– Increases employee
morale and
productivity
– Also called human
factors engineering
 Societal Solutions
• Using information technologies to solve human
and social problems
– Medical diagnosis
– Computer-assisted instruction
– Governmental program planning
– Environmental quality control
– Law enforcement
– Job placement
• The detrimental effects of IT
– Often caused by individuals or organizations not
accepting ethical responsibility for their actions
 Security Management of IT
• The Internet was developed for inter-
operability, not impenetrability
– Business managers and professionals alike
are responsible for the security, quality, and
performance of business information systems
– Hardware, software, networks, and data
resources must be protected by a variety
of security measures
 Security Management

• The goal of security

management is the
accuracy, integrity,
and safety of all
information system
processes and
resources
 Internetworked Security Defenses

• Encryption
– Data is transmitted in scrambled form
– It is unscrambled by computer systems for
authorized users only
– The most widely used method uses a pair of public
and private keys unique to each individual
 Internetworked Security Defenses

• Firewalls
– A gatekeeper system that protects a company’s
intranets and other computer networks from
intrusion
– Provides a filter and safe transfer point for
access to/from the Internet and other networks
– Important for individuals who connect to the
Internet with DSL or cable modems
– Can deter hacking, but cannot prevent it