Lecture Management information systems - Chater 13: Security and ethical challenges
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (2.08 MB, 74 trang )
Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved.
13 - 1
Chapter
13
Security and Ethical
Challenges
Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved.
13 - 2
Learning Objectives
1. Identify several ethical issues in how the
use of information technologies in
business affects employment,
individuality, working conditions, privacy,
crime, health, and solutions of societal
problems.
Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved.
13 - 3
Learning Objectives
2. Identify several types of security
management strategies and defenses,
and explain how they can be used to
ensure the security of business
applications of information technology.
3. Propose several ways that business
managers and professionals can help to
lessen the harmful effects and increase
the beneficial effects of the use of
information technology.
Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved.
13 - 4
Why Study Challenges of IT?
• Information technology in business
presents major security challenges, poses
serious ethical questions, and affects
society in significant ways.
Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved.
13 - 5
Case #1: Computer Viruses
Why do security glitches exist?
• Microsoft and other software companies
have placed a high priority on getting
products out quickly and loading them
with features, rather than attending to
security.
• With a 95% market share, Microsoft’s
Windows desktop operating system is a
fat, juicy target for the bad guys.
Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved.
13 - 6
Case #1: Computer Viruses
• The burden for combating viruses lies
with computer users themselves. Most
large corporations already have basic
antivirus software. But security experts
maintain that they need to come up with
better procedures for frequently updating
their computers with the latest security
patches to programs and inoculations
against new viruses.
Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved.
13 - 7
Case #1: Computer Viruses
1. What security measures should
companies, business professionals, and
consumers take to protect their systems
from being damaged by computer
worms and viruses?
2. What is the ethical responsibility of
Microsoft in helping to prevent the
spread of computer viruses? Have they
met this responsibility? Why or why
not?
Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved.
13 - 8
Case #1: Computer Viruses
3. What are several possible reasons why
some companies (like GM) were
seriously affected by computer viruses,
while others (like Verizon) were not?
4. What are the ethical responsibilities of
companies and business professionals
in helping curb the spread of computer
viruses?
Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved.
13 - 9
IT Security, Ethics and Society
Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved.
13 - 10
Ethical Responsibility
• Business professionals have a
responsibility to promote ethical uses of
information technology in the workplace.
Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved.
13 - 11
Business Ethics
Definition:
• Questions that managers must confront
as part of their daily business decision
making including:
•
•
•
•
Equity
Rights
Honesty
Exercise of Corporate Power
Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved.
13 - 12
Ethical Business Issues Categories
Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved.
13 - 13
Corporate Social Responsibility Theories
• Stockholder Theory – managers are
agents of the stockholders, and their only
ethical responsibility is to increase the
profits of the business without violating
the law or engaging in fraudulent
practices
• Social Contract Theory – companies have
ethical responsibilities to all members of
society, which allow corporations to exist
based on a social contract
Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved.
13 - 14
Corporate Social Responsibility Theories
• Stakeholder Theory – managers have an
ethical responsibility to manage a firm for
the benefit of all its stakeholders, which
are all individuals and groups that have a
stake in or claim on a company
Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved.
13 - 15
Principles of Technology Ethics
• Proportionality – the good achieved by the
technology must outweigh the harm or
risk
• Informed Consent – those affected by the
technology should understand and accept
the risks
Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved.
13 - 16
Principles of Technology Ethics
• Justice – the benefits and burdens of the
technology should be distributed fairly
• Minimized Risk – even if judged
acceptable by the other three guidelines,
the technology must be implemented so
as to avoid all unnecessary risk
Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved.
13 - 17
AITP Standards of Professional Conduct
Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved.
13 - 18
Ethical Guidelines
• Acting with integrity
• Increasing professional competence
• Setting high standards of personal performance
• Accepting responsibility for one’s own work
• Advancing the health, privacy, and general
welfare of the public
Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved.
13 - 19
Computer Crime
• The unauthorized use, access, modification, and
destruction of hardware, software, data, or network
resources
• The unauthorized release of information
• The unauthorized copying of software
• Denying an end user access to his or her own hardware,
software, data, or network resources
• Using or conspiring to use computer or network
resources illegally to obtain information or tangible
property
Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved.
13 - 20
Cyber Crime Safeguards
Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved.
13 - 21
Hacking
Definition:
• The obsessive use of computers, or the
unauthorized access and use of
networked computer systems
Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved.
13 - 22
Common Hacking Tactics
• Denial of Service – hammering a
website’s equipment with too many
requests for information, effectively
clogging the system, slowing performance
or even crashing the site
• Scans – widespread probes of the
Internet to determine types of computers,
services, and connections
Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved.
13 - 23
Common Hacking Tactics
• Sniffer – programs that covertly search
individual packets of data as they pass
through the Internet, capturing passwords
or entire contents
• Spoofing – faking an e-mail address or
Web page to trick users into passing
along critical information like passwords
or credit card numbers
Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved.
13 - 24
Common Hacking Tactics
• Trojan Horse – a program that, unknown
to the user, contains instructions that
exploit a known vulnerability in some
software
• Back Doors – a point hidden point of entry
to be used in case the original entry point
has been detected or blocked
Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved.
13 - 25
