View
228
Download
1
Tags:
Embed Size (px)
Citation preview
Introduction to MIS
Chapter 14
MIS Impact on Society
Copyright 1994-1996 by Jerry Post
The IT Environment
Operations
Tactics
StrategyGovernment
Consumers
Employees
CultureBusinesses
Privacy
Education
Company
Horror Stories Security Pacific--Oct.
1978 Stanley Mark Rifkin Electronic Funds Transfer $10.2 million Switzerland Soviet Diamonds Came back to U.S.
Equity Funding--1973 The Impossible Dream Stock Manipulation
• Insurance
• Loans
• Fake computer records
Horror Stories Clifford Stoll--1989
The Cuckoo’s Egg Berkeley Labs Unix--account not balance Monitor, false information Track to East German spy
Old Techniques Salami slice Bank deposit slips Trojan Horse Virus
Robert Morris--1989 Graduate Student Unix “Worm” Internet--tied up for 3 days
Privacy
credit cardsorganizations
loans & licenses
financialpermitscensus
transportation data
financialregulatoryemploymentenvironmental
subscriptionseducation
purchases phone
criminal recordcomplaintsfinger prints
medicalrecords
Privacy Problems TRW--1991
Norwich, VT Listed everyone delinquent on
property taxes
Terry Dean Rogan Lost wallet Impersonator, 2 murders and 2
robberies NCIC database Rogan arrested 5 times in 14
months Sued and won $55,000 from LA
Employees 26 million monitored
electronically 10 million pay based on statistics
Privacy Problems San Francisco Chronicle--
1991 Person found 12 others using her
SSN Someone got 16 credit cards from
another’s SSN, charged $10,000 Someone discovered
unemployment benefits had already been collected by 5 others
Jeffrey McFadden--1989 SSN and DoB for William Kalin
from military records Got fake Kentucky ID Wrote $6000 in bad checks Kalin spent 2 days in jail Sued McFadden, won $10,000
Privacy Laws Minimal in US
Credit reports• Right to add comments
• 1994 disputes settled in 30 days
• 1994 some limits on access to data Bork Bill--can’t release video rental data Educational data--limited availability 1994 limits on selling state/local data
Europe France and some other controls European Union, controls but undecided 1995 EU Privacy Controls
Telecommuting
AdvantagesDecreased overhead.Flexibility in part-time workers.
DisadvantagesHarder to evaluate workers.Harder to manage workers.
The Firm
AdvantagesReduced commuting costs.Flexible schedule.
DisadvantagesLoss of personal contacts.Distractions.
Employees
Suburbanwork centers
Electronic Transactions
ConsumerVendor (data)
Customer choosesproduct, sends IDor digital cash number.
NetBill(1) Price, product decryption key, customer code are sent to third party.
NetBill(2) Accounts are debited and credited. Product key is sent to customer.
Trusted Party
Conversion to“real” money.
Bank
Digital Cash(B) “Cash” amount is verified and added to vendor account.
Digital Cash(A) Consumer purchases a cash value that can be used only once.
Threats to Information
Accidents & Disasters Employees Consultants Business Partnerships Outsiders PCs & Viruses
Employees & Consultants
Links to businesspartners
Virus hiding ingame software
Outsidehackers
Security Categories Physical attack & disasters
Backup--off-site Cold/Shell site Hot site Disaster tests Personal computers!
Logical Unauthorized disclosure Unauthorized modification Unauthorized withholding
$$
Virus
Game Program
01 23 05 06 77 033A 7F 3C 5D 83 9419 2C 2E A2 87 6202 8E FA EA 12 7954 29 3F 4F 73 9F
1
2 3
1. User runs program that contains hidden virus
2. Virus copies itself into other programs on the computer
3. Virus spreads until a certain date, henit deletes files, etcetera.
Virus code
Infected Disk
Virus DamageDamage Percent firms
reportingproblem 1991
Percent firmsreporting
problem 1996Loss of productivity 62 81
Message and lockup 41 62
Corrupted files 38 59
Lost data 30 39
Unreliable applications 24 35
System crash 23 30
Dataquest, Inc; Computerworld 12/2/91National Computer Security Association; Computerworld 5/6/96
Manual v Automated Data
Amount of data Identification of usersDifficult to detect changesSpeed
Search Copy
Statistical InferenceCommunication Lines
User Identification
Passwords Dial up service found 30% of
people used same word People choose obvious Post-It notes
Hints Don’t use real words Don’t use personal names Include non-alphabetic Change often Use at least 6 characters
Alternatives: Biometrics Finger/hand print Voice recognition Retina/blood vessels DNA ?
Password generator cards Comments
Don’t have to remember Reasonably accurate Price is dropping Nothing is perfect
Security Controls
Access Control Ownership of data Read, Write, Execute,
Delete Dial-back modems
Security Monitoring Access logs Violations Lock-outs
Alternatives Audits Physical Access Employee screening
Encryption Single Key (DES) Dual Key (RSA)
Encryption: Dual Key
MakikoTakao
Message
Public Keys
Makiko 29Takao 17
Message
Encrypted
Private Key13 Private Key
37UseTakao’sPublic key
UseTakao’sPrivate key
Makiko sends message to Takao that only he can read.
Dual Key: Authentication
Makiko
TakaoPublic Keys
Makiko 29Takao 17
Private Key13
Private Key37
UseTakao’sPublic key
UseTakao’sPrivate key
Takao sends message to Makiko:His key guarantees it came from him.Her key prevents anyone else from reading message.
Message
Message
Encrypt+T
Encrypt+T+M
Encrypt+M
UseMakiko’s
Public key
UseMakiko’s
Private key
Transmission
Clipper Chip
Encrypted conversation
Escrow keys
Clipper chipin phones
Intercept
Decrypted conversation
Judicial orgovernment office
Computer Use in HealthcareComputer Usage in Healthcare (1993)
0.0%
5.0%
10.0%
15.0%
20.0%
25.0%
30.0%
35.0%
40.0%
45.0%
50.0%
Analys
is
Book
keep
ing
Bullet
in bo
ards
Calend
ar
Comm
unica
tions
CAD
Datab
ases
Deskt
op p
ublis
hing
Educa
tion
Games
Graph
ics
Inven
tory
Invoic
es
Lear
n to
use
Progr
amm
ing
Sales
Sprea
dshe
et
Telem
arke
ting
Wor
dpro
cess
ingOth
er
Don't k
now
Per
cent
of a
ll W
orke
rs U
sing
App
licat
ion
All workers
Healthcare