Introduction to Information Technology Turban, Rainer and ...rafea/CSCE201/slides/ch12.pdfChapter 12 2 IT Ethics, Impacts, and Security . “ Copyright 2005 John Wiley & Sons Inc.”

Chapter 12 1

Introduction to Information Technology Turban, Rainer and Potter John Wiley & Sons, Inc.Copyright 2005

Chapter 12 2

IT Ethics, Impacts, and Security

Chapter 12 3“ Copyright 2005 John Wiley & Sons Inc.”

Chapter Outline

Ethical IssuesImpact of IT on organizations and jobsImpacts on individuals at workSocietal impacts and Internet communitiesIS vulnerability and computer crimesProtecting information resources


Learning ObjectivesDescribe the major ethical issues related to information technology and identify situations in which they occur.Identify the major impacts of information technology on organizational structure, power, jobs, supervision, and decisionmaking. Understand the potential dehumanization of people by computers and other potential negative impacts of information technology.Identify some of the major societal effects of information technology.Describe the many threats to information security. Understand the various defense mechanisms used to protect information systems.Explain IT auditing and planning for disaster recovery.


Ethics. A branch of philosophy that deals with what is considered to be right and wrong.Code of ethics. A collection of principles intended as a guide for the members of company or an organization.Ethical issues can be categorized into four types:

Privacy issues: collection, storage, and dissemination of information about individualsAccuracy issues: authenticity, fidelity, and accuracy of information collected and processedProperty issues: ownership, and value of information (intellectual property)Accessibility issues: right to access information and payment of fees to access it.

12.1 Ethical Issues


Protecting Privacy

Privacy. The right to be left alone and to be free of unreasonable personal intrusions

Two rules have been followed fairly closely in past court decision in many countries:

The right of privacy is not absolutes. Privacy must be balanced against the needs of society The public’s right to know is superior to the individual’s right of privacy.


Electronic surveillance. The tracking of people‘s activities, online or offline, with the aid of computers.Privacy policies/codes. An organization’s guidelines with respect to protecting the privacy of customers, clients, and employees. .

Protecting Privacy cont…


Intellectual property. The intangible property created by individuals or corporations, which is protected under trade secret, patent, and copyright, laws.Trade secret. Intellectual work such as a business plan, that is a company secret and is not based on public information. Patent. A document that grants the holder exclusive rights on an invention or process for 20 years.Copyright. A grant that provides the creator of intellectual property with ownership of it for the life of the creator plus 70 years.

Protecting Intellectual Property


The use of information technologies, most recently the web, has brought many organizational changes in areas such as structure, authority, power, job content, employee career ladders, supervision and manager’s job.

12.2 Impacts of IT on organizations and Jobs


How will organizations change?

Flatter organization hierarchies.More employees per supervisorShrinking of Middle Management

Changes in supervision.Electronic and remote supervisionLess emphasis on office policies

Power and statusConflict on control of corporate informationPower redistribution


How will job change?

Job contentHigher level of computing literacy

Employee career laddersE-learning may shortcut a portion of the learning curveHow will high-level human expertise be acquired with minimal experience in low level tasks

The manager’s jobIT tends to reduce the time necessary to complete any step in the decision making processLeadership qualities attributed to physical presence may be lessened


Will my job be eliminated?Dehumanization and psychological impacts Dehumanization: Loss of identityInformation anxiety: Disquiet caused by an overload of information Impacts on health and safetyErgonomics: The science of adapting machines and work environment to people.

12.3 Impacts on Individuals at Work


12.4 Societal Impact and Internet Communities

Opportunities for people with disabilitiesQuality-of-life improvements

Robot RevolutionImprovements in healthcareCrime fighting

Technology and privacyThe digital divideFree speech versus censorshipControlling spamVirtual communities


Scanning crowds for criminalsCookies and individual privacyDigital millennium Copyright Act and Privacy

Technology and privacy


The Digital Divide

The gap in computer technology in general, and now in web technology, between those who have such technology and those who do not.Cybercafés: Public places in which Internet terminals are available usually for a small fee.


Free speech versus censorship

Controlling spam.Spamming. The practice of indiscriminately broadcasting message over the Internet .


Groups of people with similar interests who interact and communicate via the Internet

Virtual communities


Identity theft. Crime in which someone uses the personal information of others to create a false identity and then uses it for some fraud.

12.5 IS Vulnerability and Computer Crimes


Security TermsTerm Definition

Backup An extra copy of data and/or programs, kept in a secured location (s)

Decryption Transformation of scrambled code into readable data after transmission

Encryption Transmission of data into scrambled code prior to transmission

Exposure The harm, loss, or damage that can result if something has gone wrong in information system.

Fault tolerance The ability of an information system to continue to operate (usually for a limited time and/or at reduced level) when a failure occurs

Information system controls The procedure, devices, or software that attempt to ensure that system performs as planned.

Integrity (of data) The procedure, devices or software that attempt to ensure that the system performs as planned.

Risk A guarantee of the accuracy, completeness, and reliability of data, system integrity is provided by the integrity of its components and their integration

Threats (or hazards) The likelihood that a threat will materialize

Vulnerability Given that a threat exists, the susceptibility of the system to harm caused by the threat.


Hacker. An outside person who has penetrated a computer system, usually with no criminal intent.Cracker. A malicious hacker.Social engineering. Getting around security systems by trickingcomputer users into revealing sensitive information or gaining unauthorized access privileges. Cybercrimes. Illegal activities executed on the Internet.Identify theft. A criminal (the identity thief) poses as someone else. Cyberwar. War in which a country’s information systems could be paralyzed from a massive attack by destructive software.Virus. Software that can attach itself to (‘’infect’’) other computer programs without the owner of the program being aware of the infection.

Type of computer crimes and criminals


Security TermsMethod Definition

Virus Secret instructions inserted into programs (or data) that are innocently ordinary tasks. The secret instructions may destroy or alter data as well as spread within or between computer systems

Worm A program that replicates itself and penetrates a valid computer system. It may spread within a network, penetrating all connected computers.

Trojan horse An illegal program, contained within another program, that ‘’sleep' until some specific event occurs then triggers the illegal program to be activated and cause damage.

Salami slicing A program designed to siphon off small amounts of money from a number of larger transactions, so the quantity taken is not readily apparent.

Super zapping A method of using a utility ‘’zap’’ program that can bypass controls to modify programs or data

Trap door A technique that allows for breaking into a program code, making it possible to insert additional instructions.

Logic bomb An instruction that triggers a delayed malicious act

Denial of services Too many requests for service, which crashes the site

Sniffer A program that searches for passwords or content in packet of data as they pass through the Internet

Spoofing Faking an e-mail address or web-page to trick users to provide information instructions

Password cracker A password that tries to guess passwords (can be very successful)

War dialling Programs that automatically dial thousands of telephone numbers in an attempt to identify one authorized to make a connection with a modem, then one can use that connection to break into databases and systems

Back doors Invaders to a system create several entry points, even if you discover and close one, they can still get in through others

Malicious applets Small Java programs that misuse your computer resource, modify your file, send fake e-mail, etc


12.6 Protecting Information Resources

ControlsGeneral control is the security established to protect a computer system regardless of the specific application

Securing your PCConcluding thoughts about computerAuditing information systemsDisaster recovery planning


Disaster recovery. The chain of events linking planning to protection to recovery.Disaster avoidance. A security approach oriented toward prevention.Backup location. Location where, in the event of a major disaster, an extra copy of data and/ or key programs are kept.Hot site. Location at which vendors provide access to a fully configured backup data center.

Protecting Information Resources cont…


All rights reserved. Reproduction or translation of this work beyond that permitted in section 117 of the United States Copyright Act without express permission of the copyright owner is unlawful. Request for information should be addressed to the permission department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The publisher assumes no responsibility for error, omissions, or damages caused by the use of these programs or from the use of the information herein.

Documents

Introduction to Information Technology Turban, Rainer and ...rafea/CSCE201/slides/ch12.pdfChapter 12 2 IT Ethics, Impacts, and Security . “ Copyright 2005 John Wiley & Sons Inc.”