Chapter 13

Security and Ethical

Challenges
Legal/Illegal Test

2
• Download copyrighted material • Illegal
• Upload copyrighted material • Illegal
• Use another person’s photos on your
website • Illegal
• Post guitar tabs/song lyrics • Illegal
• Install software on more than one
computer • Illegal
• Record TV transmissions to your
computer • Legal
• Using someone else’s wireless
connection • Illegal
3
I. Introduction
Use of IT in business poses security
challenges, ethical questions, and
societal challenges
As a business professional you have the
responsibility to promote Ethical (what
does that mean???) use of IS in the
workplace

4
Computer Crime
 Hacking and Cracking
 Hacking – obsessive use of computers,
unauthorized use of networked systems
 Cracking (black hat or dark-side hacker) – malicious
or criminal hacker

 Cyber Theft – many computer crimes involve

theft of money; many firms do not reveal that
they’ve been victims due to bad publicity
 Cyber-terrorism – causing physical, real-world
harm or severe disruption of infrastructure
5
III. Computer Crime – using a computer to
do something illegal
 Cyber-Warfare – actions by a nation-state to
cause damage or disruption to another nation-
state
 Unauthorized use at Work – time and resource
theft, this can be a very wide range of actions,
many firms have written policies for
(im)proper use of computers and IT resources
 Software Piracy –unauthorized copying of
software
 Theft of Intellectual Property – any
infringement of copyrighted materials
6
III. Computer Crime – using a computer to
do something illegal
 Computer Viruses and Worms – insert
destructive routines into computer systems to
cause damage
 Adware and Spyware
 Adware – allows Internet advertisers to display ads
without the consent of the user
 Spyware – uses the network connection without
the user’s knowledge or permission, collects and
distributes information about the user

7
 Common Hacking Tactics
• Sniffer
– Programs that search individual packets of
data as they pass through the Internet
– Capturing passwords or entire contents
• Phishing or Spoofing
– Faking an e-mail address or Web page to trick
users into passing along critical information
like passwords or credit card numbers
• Dumpster Diving
– Sifting through a company’s garbage to find
information to help break into their
computers 8
 Common Hacking Tactics
• Trojan Horse
– A program that, unknown to the user, contains
instructions that exploit a known vulnerability
in some software
• Malicious Applets
– Tiny Java programs that misuse your
computer’s resources, modify files on the hard
disk, send fake e-mail, or steal passwords
• Social Engineering
– Gaining access to computer systems
– By talking unsuspecting company employees
out of valuable information such as passwords 9
 Leaving Your Job? Don’t Take Anything
with You

 What is an “orphaned account”?

 Why are they dangerous?
 Why do people take data with them when they
leave an organization?
 How many firms monitor or track these
accounts?
 What threats does this pose to the firm?

10
IV. Privacy Issues

IT can store and retrieve information

affecting the privacy of the individual
Privacy on the Internet – the Internet
gives users a feeling of anonymity while
making them vulnerable to privacy
violations
Computer Matching – profiling
Computer Monitoring – using a
computer to monitor productivity in the
workplace 11
IV. Privacy Issues
 Privacy Laws – many countries regulate
collection and use of personal data
 HIPAA – health related privacy laws
 Sarbanes-Oxley – standards for publicly held firms

 Computer Libel and Censorship – what can and

cannot be said (legally) online
 Spamming – indiscriminate sending of unsolicited
email
 Flaming – extremely critical, derogatory, vulgar
email

12
 Section 2
Security Management of
Information Technology

13
III. Security Issues to Consider

 Need for security vs. need for access?

 Encryption – using a mathematical algorithm to
encode a message before transmission and
descramble it for reception
 Firewalls – a hardware or software gatekeeper that
keeps unauthorized transmissions out of a system
 Denial of Service Attacks – using zombie/slave
computers to overload another system with large
volumes of service requests
 E-Mail Monitoring – firms watch employees use of
email
 Antivirus software
14
III. Inter-Networked Security Defenses
Public Key/Private Key Encryption

15
V. Other Security Measures

Security Codes – login IDs and passwords

Backup Files – duplicate files of data or
programs
Security Monitors – monitor systems for
unauthorized use, fraud, and destruction
Disaster Recovery – getting a system
running again after a disaster

16
V. Other Security Measures

Computer Failure Controls – preventing

computer failure or minimizing its effects
Fault-Tolerant Systems – providing
backup components in case of a system
failure

17
 Biometrics
• Computer devices that measure physical
traits that make each individual unique
• Examples:
– Voice verification
– Fingerprints
– Retina scan
– Hand scan
– Face scan

18
VI. System Controls and Audits

Information System Controls – assure

accuracy, validity, and propriety of IS
activities
Auditing IT Security – IT security should
be periodically examined

19
 Ethical Discussion
• Is it good for technology to replace workers?

20
 Corporate Social
Responsibility Theories
• Stockholder Theory
– Managers are agents of the stockholders
– Their only ethical responsibility is to increase the
profits of the business
– Without violating the law or engaging in
fraudulent practices
• Social Contract Theory
– Companies have ethical responsibilities to all
members of society
– Which allow corporations to exist based on a
social contract 21
 Corporate Social
Responsibility Theories
• Stakeholder Theory
– Managers have an ethical responsibility to
manage a firm for the benefit of all its
stakeholders
– Stakeholders are all individuals and groups
that have a stake in, or claim on, a company

22
 Three Levels of Ethical
Standards
• The law.
• The policies and procedures of the
organization.
• The moral stance individuals take when
faced with decisions not governed by
formal rules.

23
 Establishing Ethical
Standards
• The Utilitarian principle (Benefits
people more than hurting someone).
• Kant's categorical imperative (If
everyone does it – universal law).
• The professional ethic.
• The Golden Rule.
• The television test.
• The family test.

24