Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
1
CHAPTER 15IMPLEMENTING IT:ETHICS, IMPACTS,AND SECURITY
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
2
Learning Objectives Describe the major ethical issues related to information
technology and identify situations in which they occur Identify the major impacts of information technology on
organizational structure, power, jobs, supervision, and decision making
Understand the potential dehumanization of people by computers and other potential negative impacts of information technology
Identify some of the major societal effects of information technology
Describe the many threats to information security Understand the various defense mechanisms of information
systems Explain IT auditing and planning for disaster recovery
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
3
Chapter OverviewEthical Issues
• A Framework for Ethics• Protecting Privacy• Protecting Intellectual Property
Impacts of IT on Organizations and Jobs• How will Organizations be changed?• How will Jobs be Changed?•Other Considerations
Impacts on Individuals at Work• Will my Job be Eliminated?• Dehumanization and Psychological Impacts• Impact on Health and Safety• Other Impacts
Societal Impacts and Internet Communities
• Improved Quality of life• Internet Communities• Telecommuting
Security is a Concern for Everyone
• Threats to information Systems• Systems Vulnerability• Computer Crimes
Protecting Information Systems
• Defence Strategies: How do we Protect IT?• Auditing Information Systems• Disaster Recovery Planning• Security in the 21st Century
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
4
Case: Music Retailer Finds Commerce in Communities
The Business Problem
The Solution The company created genre-specific sites where each is focused on the specific needs of
an Internet community. The Internet is viewed as a network that provides new kinds of “spaces,” a world of
online communities and virtual chat room.
N2K, a retailer in the music industry, merged with an Internet Music store called MusicBoulevard (www.musicblvd.com), but sales were small
The Results Increased sales dramatically High level of members’ loyalty to the site Minimal inventory cost
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
5
What have we learned from this case??
Case (continued…)
IT has had an impact on society as well as on corporate operations and marketing methods
The concept of internet communities can offer the opportunity to significantly increase an online company’s revenue and profit
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
6
Ethical Issues
Ethics is a branch of philosophy that deals with what is considered to be right and wrong
What is unethical is not necessarily illegal Codes of ethics is a collection of principles
intended as a guide for members of a company or an association
Ethics differ in countries and companies
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
7
Ethical Issues (continued …) A Framework for Ethics Issues
Privacy Issues
What information about oneself should an individual be required to reveal to others?What kind of surveillance can an employer use on its employees?
Accuracy Issues
Who is responsible for the authenticity, fidelity, and accuracy of information collected?How can we ensure that information will be processed properly and presented accurately to users?
Property Issues
Who owns the information?What are the just and fair prices for its exchange?
Accessibility Issues
Who is allowed to access information?How much should be charged for permitting accessibility to information?
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
8
Ethical Issues (continued …)
Protecting Privacy privacy - different things to different people four stages of privacy
solitude intimacy anonymity reserve
too expensive, cumbersome, and complex to invade information privacy
personal computers, powerful software, large databases, and the internet have created an entirely new dimension of accessing and using personal data
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
9
Electronic Surveillance (monitoring computer users) American Civil Liberties Union (ACLU) estimates
that tens of millions of computer users are monitored
Personal Information in Databases people may not appreciate the intrusion of vendors commercial companies advise individuals about how
to protect their rights, and it monitors several database
Ethical Issues (continued …)
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
10
Information on Internet Bulletin Boards and Newsgroups how does society keep owners of bulletin boards
from disseminating information that may be offensive to readers?
highlights the conflict between freedom of speech, privacy, and ethics
Privacy codes and Polices helps organizations avoid legal problems
Ethical Issues (continued …)
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
11
Guidelines to protect individuals’ privacy in the electronic age in Europe are very strict
International Aspects of Privacy
Collection limitation Data quality
Purpose specification Use limitation
Security safeguards Openness
Individual participation
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
12
Privacy Policy Guidelines - A Sampler
Dat
a C
olle
ctio
n Data should be collected on individuals only for the purpose of accomplishing a legitimate business objective.
Data should be adequate, relevant, and not excessive in relation to the business objective.
Individuals must give their consent before data pertaining to them can be gathered.
Dat
a A
ccu
racy
Sensitive data gathered on individuals should be verified before it is entered into the database.
Data should be accurate and, where and when necessary, keep current. The file should be made available so the individual can ensure that the data are correct. If there is disagreement about the accuracy of the data, the individual’s version should
be noted and included with any disclosure of the file.
Dat
a C
onfi
den
tial
ity
Computer security procedures should be implemented to provide reasonable assurance against unauthorized disclosure of data. They should include physical, technical, and administrative security measures.
Third parties should not be given access to data without the individual’s knowledge or permission, except as required by law.
Disclosures of data, other than the most routine, should be noted and maintained for as long as the data are maintained.
Data should not be disclosed for reasons incompatible with the business objective for which they are collected.
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
13
Intellectual property - the intangible property created by individuals or corporations
Protected under Copyright - a statutory grant that provides the creators
of intellectual property with ownership of it for 28 years Trade secret - intellectual work such as a business plan
which is a company secret and is not based on public information
Patent - a document that grants the holder exclusive rights on an invention for 17 years
Protecting Intellectual Property
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
14
How will organizations be changed? Flatter organizational hierarchies
It is reasonable to assume that fewer managerial levels will exist in many organizations, and there will be fewer staff and line managers.
Changes in supervision an employee’s work is performed online and stored
electronically introducing the possibility for greater electronic supervision.
Powers and status Knowledge is power.
The Impacts of ITon Organizations and Jobs
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
15
How will jobs be changed? Job content
Changes in job content occur when work is redesigned
Employee career ladders the use of IT may short-cut a portion of
learning curve by capturing and more efficiently managing knowledge
The manager’s job It can change the manner in which many
decisions are made and consequently change managers’ jobs.
The Impacts of ITon Organizations and Jobs
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
16
Impacts on Individuals at Work
Will my Job be Eliminated? IT can significantly increase the productivity of
employees, restructuring their job content and changing the skill requirement of many jobs.
Because computers are becoming “smarter” and more capable as time passes, the competitive advantage of replacing people with machines is increasing rapidly.
But many computer-related job are being created.
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
17
Impacts on Individuals at Work (continues …)
Dehumanization computers reduce or eliminate the human element that was
present in the non-computerized systems computer-supported activities may dehumanize people Psychological impacts
people may feel depression and loneliness if they work and shop from their living rooms
the lack of social contacts could be damaging to children’s development if they are schooled at home through IT
Job satisfaction Some jobs may become more routine and less satisfying
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
18
Impacts on Health and Safety Job stress - computerization has created an ever-increasing
workload on many people
Video display terminals (VDTs) - radiation exposure has been associated with cancer and other health-related problems
Repetitive strain injuries - backaches and muscle tension in the wrists and fingers
Lessening the Negative Impact on Health and Safety - ergonomic techniques focus on creating an environment for workers that are well lit, comfortable and safe
Impacts on Individuals at Work (continues …)
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
19
Information Systems and the Individuals
The Individual
Electronic Funds Transfer / Electric Commerce
Leisure Time System
Hot
el
Res
erva
tion
s
The
atre
and
E
nter
tain
men
t
Tra
vel
Res
erva
tion
s
Public and Private Service System
Poli
ce a
nd
Fire
Acc
ount
ing
and
Leg
al
Insu
ranc
e an
d B
roke
rage
HomeInformation System
Secu
rity
Env
iron
men
tal
and
appl
ianc
es
Ent
erta
inm
ent
, Bus
ines
s,
and
Edu
cati
onEducation and
Medical System
Cen
tral
Med
ical
D
atab
ase
Hos
pita
l A
dmin
istr
atio
n an
d T
reat
men
t
Com
pute
r A
ssis
ted
Edu
cati
on
Edu
cati
on
Adm
inis
trat
ion
and
Rec
ords
Financial System
Inte
grat
ed
Fina
ncia
l D
atab
ase
Mon
ey O
ared
R
eal E
stat
e St
ocks
Consumer System
Supe
rmar
ket
Dep
artm
ent S
tore
Dru
g St
ore
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
20
Societal Impacts Improved Quality of Life
Opportunities for people with disabilities The integration of intelligent systems, such as speech and vision
recognition, into a computer-based information system can create new employment opportunities for people with disabilities.
Improvements in heath care IT brought about major improvements in health care delivery,
ranging from better and faster diagnoses, to expedited research and development of new drugs, to more accurate monitoring of critically ill patients.
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
21
Societal Impacts (continued …)
Improved Quality of Life Help for the consumer
IT systems help the lay person perform tasks that require expertise.
Robots performing hard and hazardous labor Robots can work in uncomfortable or
dangerous environments. Crime fighting Improvement in education and other benefits
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
22
Internet Communities Communities of Interest : provide place for people to
interact with each other on a specific topic Communities of Relations : be organized around certain
life experiences Communities of Fantasy : provide place for participants
create imaginary environments Communities of Transactions : facilitate buying and selling Communities of Professionals : support professional
communication and the exchange of valuable work or research-related information
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
23
Telecommuting Benefits
To the employees• Less stress• Ability to go to school while working• Improved family life• Money is saved• Commuting time is saved• Ability to control schedule and manage time better• Employment opportunities for housebound people
To the organization• Increased productivity• Reduced real estate cost• Reduced cost of parking• Ability to retain skilled employees• Ability to tap remote labor pool• Lower labor and absenteeism cost• Better interaction of employees with clients and suppliers
To society• Less use of fossil fuels• Fewer traffic problems; including less air pollution• More business for suburbs and rural areas
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
24
Telecommuting (continued …)
Telecommuting and Productivity Increase productivity by
increased motivation and satisfaction reduced absenteeism forces managers to manage by results instead
of by overseeing Reduce productivity by
some employees need to work with others not all jobs can be done while telecommuting not all managers can participate
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
25
Security Security Threats
Processor
Hardware
Systems Software
ApplicationProgrammer
Terminals
Terminal UserSystems
Programmer
External Environment
Database
Radiation
Operator
Authorizer
DatabaseAccess rules
Crosstalk
Tap
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
26
Types of computer crimes computers are the target of the crime computers are the medium of the attack by creating an environment
in which a crime or fraud can occur computers are the tool by which the crime is perpetrated computers are used to intimidate or deceive
Criminals hackers - outsider people who penetrate a computer system
crackers - malicious hackers who may represent a serious problem for organizations
Computer Crimes
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
27
Computer Crime Methods of Attack
Data tampering Programming fraud
Viruses receiving its name from the program’s ability to attach itself to
other computer programs, causing them to become viruses themselves
Representative federal laws Computer Fraud and Abuse Act (1986) Computer Security act of 1987
Computer Crime (continues ...)
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
28
Some of the reasons that make it complex or expensive to defend information systems Hundreds of potential threats exists. Computing resources may be situated in many
locations. Many individuals control information assets. Computer networks can be outside the
organization and difficult to protect. People tend to violate security procedures
because the procedures are inconvenient
Protecting Information Systems
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
29
Defense strategies Controls for prevention and deterrence - prevent
errors from occurring, deter criminals from attacking the system, deny access to unauthorized people
Detection - the earlier it is detected, the earlier it is to combat and the less damage
Limitation - minimizing losses once a malfunction has occurred
Recovery - explains how to fix a damaged information system as quickly as possible
Correction - prevent the problem from occurring again
Protecting Information Systems (continued …)
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
30
Protecting Information Systems (continued …)
General Controls - protect the system regardless of the specific application
Physical controls
provides protection against most natural hazards as well as against some human-created hazards
Access controls
restrict unauthorized user access to a portion of a computer system or to the entire system
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
31
Protecting Information Systems (continued …)
General Controls (CONT’)
Biometric controls verify the identity of a person, based on physiological or behavioral characteristics hand geometry, blood vessel pattern in the retina of an eye, voice, signature, keystroke
dynamics, facial thermography, fingerprints Data security controls
protect data from accidental or intentional disclosure to unauthorized persons, or from unauthorized modification or destruction
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
32
Protecting Information Systems (continued …)
Application controls - protect specific application Input controls
prevent data alteration or loss Processing controls
allow only authorized users to access certain programs or facilities monitor the computer’s use by individuals
Output controls ensure that outputs are sent only to authorized personnel
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
33
Access Control guards against unauthorized dial-in attempts
Encryption encodes regular digitized text into unreadable scrambled text or
numbers, to be decoded upon receipt
Cable Testers finds almost any fault that can occur with LAN cabling
Firewalls enforces an access control policy between two networks do not protect against viruses
Network Protections and Firewalls
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
34
Audit additional layer of controls or safeguards
Types of Auditors and Audits internal auditor
audit information systems external auditor
reviews the findings of the internal audit and the inputs, processing, and outputs of information systems
Auditing Information Systems
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
35
How is Auditing Executed?
Auditing around
the computerAuditing through
the computerAuditingwith
the computer
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
36
Disaster Recovery of Information Systems the chain of events linking planning to protection to
recovery from a disaster keep the business running after a disaster occurs
Disaster Avoidance an approach oriented toward prevention
Back-up Arrangements an extra copy of data and/or programs are kept in
another location
Disaster Recovery Planning
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
37
Planning for a recovery from Disasters Isolate data that change frequently Keep management and technical procedures
separate Don’t include data in the plan if it can be
obtained elsewhere after the disaster Write a plan that is independent of
organization, positions, and personnel Gather data on a daily basis
Disaster Recovery Planning (continued …)
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
38
IT Security in the 21st Century
Computer control and security are receiving increased attention
almost 70 percent of all U.S. corporations have battled computer viruses
the latest technologies need to be employed to protect against viruses and computer crimes
using intelligent systems for detecting intruders and crimes
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
39
How Technologies Improved IT Security
Area IT SolutionFault tolerance systems, multiple disksImproved systems reliabilityIntelligent agents monitor performance, compare to standards, analyze profiles(e.g., Network Associates Inc.)
Early or real time detection of intrusion, failures, or noncompliance with rules
Neural computer can detect fraud and expert systems evaluate controls
Auditing information systems
Quick diagnosis by expert system, especially on networks and the Internet
Troubleshooting
Internet-based expert systems for self-assessment including planning and disaster recovery
Disaster planning
Smart cardsAccess protection
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
40
For Accounting Accountant involved in Web-based auditing,
security of data, and fraud prevention and detection programs
For Finance Finance and banking industry is concerned
about security and auditing in electronic commerce, computer criminals, the hazards and the available controls
What’s in IT for Me?
Introduction to Information TechnologyTurban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
41
What’s in IT for Me? (continued …)
For Marketing Marketers do not want to be sued because of
invasion of privacy in data collected, nor do they want their innovative marketing strategies to fall into the hands of competitors
For Human Resources Management Motivation, supervision, career development,
recruiting, and more are all affected by IT Telecommuting is implemented by HRM