Principles of Information Systems Eighth Edition

advertisement
Principles of Information
Systems
Eighth Edition
Chapter 14
The Personal and Social Impact of
Computers
Principles and Learning Objectives
• Policies and procedures must be established to
avoid computer waste and mistakes
– Describe some examples of waste and mistakes in
an IS environment, their causes, and possible
solutions
– Identify policies and procedures useful in eliminating
waste and mistakes
– Discuss the principles and limits of an individual’s
right to privacy
Principles of Information Systems, Eighth Edition
2
Principles and Learning Objectives
(continued)
• Computer crime is a serious and rapidly growing
area of concern requiring management attention
– Explain the types and effects of computer crime
– Identify specific measures to prevent computer crime
Principles of Information Systems, Eighth Edition
3
Principles and Learning Objectives
(continued)
• Jobs, equipment, and working conditions must be
designed to avoid negative health effects
– List the important effects of computers on the work
environment
– Identify specific actions that must be taken to ensure
the health and safety of employees
– Outline criteria for the ethical use of information
systems
Principles of Information Systems, Eighth Edition
4
Why Learn About Security, Privacy,
and Ethical Issues in Information
Systems and the Internet?
• Many nontechnical issues associated with ISs
• Human Resource employees need to:
– Prevent computer waste and mistakes
– Avoid privacy violations
– Comply with laws about:
• Collecting customer data
• Monitoring employees
• Employees, IS users, and Internet users need to:
– Avoid crime, fraud, privacy invasion
Principles of Information Systems, Eighth Edition
5
Computer Waste and Mistakes
• Computer waste
– Inappropriate use of computer technology and
resources
• Computer-related mistakes
– Errors, failures, and other computer problems that
make computer output incorrect or not useful
– Caused mostly by human error
Principles of Information Systems, Eighth Edition
6
Computer Waste
• Cause: improper management of information
systems and resources
– Discarding old software and computer systems when
they still have value
– Building and maintaining complex systems that are
never used to their fullest extent
– Using corporate time and technology for personal
use
– Spam
Principles of Information Systems, Eighth Edition
7
Computer-Related Mistakes
• Common causes
–
–
–
–
Failure by users to follow proper procedures
Unclear expectations and a lack of feedback
Program development that contains errors
Incorrect data entry by data-entry clerk
Principles of Information Systems, Eighth Edition
8
Preventing Computer-Related Waste
and Mistakes
• Effective policies and procedures must be:
–
–
–
–
Established สร้าง
Implemented ทา
Monitored ติดตาม
Reviewed ทบทวน
Principles of Information Systems, Eighth Edition
9
Establishing Policies and Procedures
• Establish policies and procedures regarding
efficient acquisition, use, and disposal of systems
and devices
• Identify most common types of computer-related
mistakes
• Training programs for individuals and workgroups
• Manuals and documents on how computer systems
are to be maintained and used
• Approval of certain systems and applications
before they are implemented and used
Principles of Information Systems, Eighth Edition
10
Implementing Policies and Procedures
• Policies often focus on:
– Implementation of source data automation
– Use of data editing to ensure data accuracy and
completeness
– Assignment of clear responsibility for data accuracy
within each information system
• Training is very important for acceptance and
implementation of policies and procedures
Principles of Information Systems, Eighth Edition
11
Monitoring Policies and Procedures
• Monitor routine practices and take corrective action
if necessary
• Implement internal audits to measure actual results
against established goals
• Follow requirements in Sarbanes-Oxley Act
– Requires companies to document underlying
financial data to validate earnings reports
Principles of Information Systems, Eighth Edition
12
Reviewing Policies and Procedures
• Do current policies cover existing practices
adequately?
– Were any problems or opportunities uncovered
during monitoring?
• Does the organization plan any new activities in the
future?
– If so, does it need new policies or procedures on
who will handle them and what must be done?
• Are contingencies and disasters covered?
Principles of Information Systems, Eighth Edition
13
Computer Crime
•
•
•
•
Often defies detection
Amount stolen or diverted can be substantial
Crime is “clean” and nonviolent
Number of IT-related security incidents is
increasing dramatically
• Computer crime is now global
Principles of Information Systems, Eighth Edition
14
The Computer as a Tool to Commit Crime
• Criminals need two capabilities to commit most computer
crimes
– Knowing how to gain access to computer system
– Knowing how to manipulate the system to produce
desired results
• Examples
– Social engineering เทคนิคการเข้าระบบโดยใช้ช่องโหว่จากพฤติกรรมของผูใ้ ช้ เช่น
phishing
– Dumpster diving พฤติกรรมการรื้ อค้นขยะเพื่อหาสิ่ งที่มีประโยชน์ จึงอาจใช้เป็ น
ช่องทางในการหาข่าวและความลับของคู่แข่ง
– Counterfeit and banking fraud using sophisticated
desktop publishing programs and high-quality printers
Principles of Information Systems, Eighth Edition
15
Cyberterrorism
• Cyberterrorist: intimidates or coerces a
government or organization to advance his or her
political or social objectives by launching computerbased attacks against computers, networks, and
information stored on them การข่มขู่หรื อใช้อานาจบังคับให้รฐั บาล
หรื อองค์กรทาตามที่ผกู้ ่อการร้ายต้องการ เช่น การโจมตีต่างๆ
• Homeland Security Department’s Information
Analysis and Infrastructure Protection Directorate
– Serves as governmental focal point for fighting
cyberterrorism
Principles of Information Systems, Eighth Edition
16
Identity Theft
• Imposter obtains personal identification information
such as Social Security or driver’s license numbers
in order to impersonate someone else การปลอมแปลงหรื อ
การได้ขอ้ มูลส่ วนตัวของคนอื่นมา เพื่อจะได้เป็ นคนนั้น
– To obtain credit, merchandise, and services in the
name of the victim
– To have false credentials
• Identity Theft and Assumption Deterrence Act of
1998 passed to fight identity theft
• 9 million victims in 2005
Principles of Information Systems, Eighth Edition
17
The Computer as the Object of Crime
• Crimes fall into several categories
Illegal access and use การเข้าสู่ระบบหรื อใช้งาน แบบไม่ถูกต้อง
Data alteration and destruction การเปลี่ยนข้อมูลและทาลายข้อมูล
Information and equipment theft การขโมยข้อมูลและอุปกรณ์
Software and Internet piracy การลักลอบใช้ซอฟต์แวร์โดยไม่ได้รับ
อนุญาต
– Computer-related scams การโกงต่างๆที่เกี่ยวข้องกับคอมพิวเตอร์
– International computer crime อาชญากรรมคอมพิวเตอร์ขา้ มชาติ
–
–
–
–
Principles of Information Systems, Eighth Edition
18
Illegal Access and Use
• Hacker: learns about and uses computer systems
• Criminal hacker (also called a cracker): gains
unauthorized use or illegal access to computer
systems
• Script bunny: automates the job of crackers พวกที่เขียน
script เองไม่เป็ นแต่ใช้ของคนอื่น เพื่อสร้างความประทับใจให้กบั คนในกลุ่ม
• Insider: employee who comprises corporate
systems
• Malware: software programs that destroy or
damage processing
Principles of Information Systems, Eighth Edition
19
Illegal Access and Use (continued)
• Virus: program file capable of attaching to disks or
other files and replicating itself repeatedly
• Worm: parasitic computer program that can create
copies of itself on infected computer or send copies
to other computers via a network
Principles of Information Systems, Eighth Edition
20
Illegal Access and Use (continued)
• Trojan horse: program that appears to be useful
but purposefully does something user does not
expect
• Logic bomb: type of Trojan horse that executes
when specific conditions occur
• Variant: modified version of a virus that is
produced by virus’s author or another person
Principles of Information Systems, Eighth Edition
21
Using Antivirus Programs
• Antivirus program: program or utility that prevents
viruses and recovers from them if they infect a
computer
• Tips on using antivirus software
– Run and update antivirus software often
– Scan all diskettes and CDs before using them
– Install software only from a sealed package or
secure, well-known Web site
– Follow careful downloading practices
– If you detect a virus, take immediate action
Principles of Information Systems, Eighth Edition
22
Using Antivirus Programs (continued)
Antivirus software should be used and updated often
Principles of Information Systems, Eighth Edition
23
Information and Equipment Theft
• Obtaining identification numbers and passwords to
steal information or disrupt systems
– Trial and error, password sniffer program
• Software theft
• Computer systems and equipment theft
– Data on equipment is valuable
Principles of Information Systems, Eighth Edition
24
Software and Internet Software Piracy
• Software is protected by copyright laws กฎหมายลิขสิ ทธิ์
• Copyright law violations การละเมิดกฎหมายลิขสิ ทธิ์
– Making additional copies
– Loading the software onto more than one machine
• Software piracy: act of illegally duplicating
software การทาซ้ าซอฟต์แวร์แบบผิดกฎหมาย
• Internet-based software piracy
– Most rapidly expanding type of software piracy and
most difficult form to combat
– Examples: pirate Web sites, auction sites with
counterfeit software, peer-to-peer networks
Principles of Information Systems, Eighth Edition
25
Computer-Related Scams
• Examples of Internet scams โกง
–
–
–
–
–
Get-rich-quick schemes
“Free” vacations with huge hidden costs
Bank fraud
Fake telephone lotteries
Selling worthless penny stocks
• Phishing
– Gaining access to personal information by
redirecting user to fake site
การหลอกลวงทางอินเทอร์เน็ตที่หลอกให้เหยือ่ เข้าไปในเว็บไซต์ปลอม เพื่อกรอกข้อมูล
ส่ วนตัวหรื อเป็ นความลับลงไป
Principles of Information Systems, Eighth Edition
26
International Computer Crime
• Computer crime becomes more complex when it is
committed internationally
• Large percentage of software piracy takes place
across borders
• Threat of terrorists, international drug dealers, and
other criminals using information systems to
launder illegally obtained funds
• Computer Associates International’s CleverPath for
Global Compliance software
Principles of Information Systems, Eighth Edition
27
Preventing Computer-Related Crime
• Efforts to curb computer crime being made by:
–
–
–
–
Private users
Companies
Employees
Public officials
Principles of Information Systems, Eighth Edition
28
Crime Prevention by State and
Federal Agencies
• Computer Fraud and Abuse Act of 1986
– Punishment based on the victim’s dollar loss
• Computer Emergency Response Team (CERT)
ศูนย์ประสานงานการรักษาความปลอดภัยคอมพิวเตอร์
– Responds to network security breaches
– Monitors systems for emerging threats
• Newer and tougher computer crime legislation is
emerging การออกกฎหมายที่เกี่ยวกับอาชญากรรมทางคอมพิวเตอร์
Principles of Information Systems, Eighth Edition
29
Crime Prevention by Corporations
• Public key infrastructure (PKI) เป็ นระบบป้ องกันข้อมูลการสื่ อสาร
ผ่านเครื อข่าย โดยใช้ key คู่ (คือ public keyและprivate key) ในการเข้าและถอดรหัส
ข้อมูล โดยมี Certificate Authority เป็ นผูอ้ อกให้ มีวตั ถุประสงค์เพื่อปกปิ ดข้อมูลให้เป็ น
ความลับในระหว่างการส่ ง-รับข้อมูล
– Allows users of an unsecured public network such
as the Internet to securely and privately exchange
data
– Use of a public and a private cryptographic key pair,
obtained and shared through a trusted authority
• Biometrics: measurement of one of a person’s
traits, whether physical or behavioral
Principles of Information Systems, Eighth Edition
30
Crime Prevention by Corporations
(continued)
•
•
•
•
เพิ่ม ลบ เปลี่ยนข้อมูลที่นาเข้าระบบ เช่น การลบข้อมูลการขาดเรี ยน
เปลี่ยนแปลงหรื อพัฒนาระบบเพื่อใช้ก่ออาชญากรรม เช่นการเปลี่ยนโปรแกรมคานวณดอกเบี้ยเงินฝากของธนาคาร
เลือกหรื อเปลี่ยนแปลงแฟ้ มข้อมูล เช่น การเปลี่ยนเกรดจาก C เป็ น A
การใช้งานระบบคอมพิวเตอร์เพื่อก่ออาชญากรรม เช่น ลอบเข้าระบบของรัฐบาล
Table 14.3: Common Methods Used to Commit Computer Crimes
Principles of Information Systems, Eighth Edition
31
Crime Prevention by Corporations
(continued)
5. ทาให้ผลลัพธ์ที่ได้ออกมาไม่ถูกต้องหรื อนาไปใช้ในการที่ผดิ เช่น การขโมยข้อมูลลูกค้าจากถังขยะของบริ ษทั
6. การขโมยทรัพยากรต่างๆ เช่น hardware software และเวลา เช่น การcopyโปรแกรมมาใช้งานโดยไม่จ่ายเงิน
7. ขายสิ นค้าที่ไม่มีค่าบนอินเทอร์เน็ต เช่น การส่ง e-mail ขายของที่ไม่มีค่าหรื อไม่มีประโยชน์
8. การ blackmail ลักลอบนาข้อมูลที่เป็ นความลับหรื อมีประโยชน์มาเปิ ดเผย
9. การ blackmail โดยการข่มขู่เพื่อให้ได้สิ่งที่ตอ้ งการเรี ยกร้อง
Table 14.3: Common Methods Used to Commit Computer Crimes
(continued)
Principles of Information Systems, Eighth Edition
32
Using Intrusion Detection Software
• Intrusion detection system (IDS) ระบบตรวจจับการบุกรุ ก คิด
ตาม ตรวจสอบ
– Monitors system and network resources ติดตามดูแลระบบ
และทรัพยากรเครื อข่าย
– Notifies network security personnel when it senses a
possible intrusion, such as:
• Repeated failed logon attempts
• Attempts to download a program to a server
• Access to a system at unusual hours
– Can provide false alarms
– E-mail or voice message alerts may be missed
Principles of Information Systems, Eighth Edition
33
Using Managed Security Service
Providers (MSSPs)
• Managed security service provider (MSSP):
organization that monitors, manages, and
maintains network security for both hardware and
software for its client companies
บริ ษทั หรื อผูใ้ ห้บริ การดูแลรักษาความปลอดภัยข้อมูลขององค์กร และป้ องกันภัยจากการ
ใช้อินเทอร์เน็ต
– Sifts through alarms and alerts from all monitoring
systems
– May provide scanning, blocking, and filtering
capabilities
– Useful for small and midsized companies
Principles of Information Systems, Eighth Edition
34
Internet Laws for Libel and Protection
of Decency
• Filtering software
– Screens Internet content to protect children
– Prevents children from sending personal information
over e-mail or through chat groups
• Internet Content Rating Association (ICRA) rating
system for Web sites
• Children’s Internet Protection Act (CIPA)
– Requires filters in federally funded libraries
Principles of Information Systems, Eighth Edition
35
Internet Laws for Libel and Protection
of Decency (continued)
• Libel: publishing an intentionally false written
statement that is damaging to a person’s reputation
• Can online services be sued for libel for content
that someone else publishes on their service?
• การหมิ่นประมาททางอินเทอร์เน็ต ฟ้ องร้องได้
Principles of Information Systems, Eighth Edition
36
Preventing Crime on the Internet
• Develop effective Internet usage and security
policies
• Use a stand-alone firewall with network monitoring
capabilities
• Deploy intrusion detection systems, monitor them,
and follow up on their alarms
• Monitor managers’ and employees’ use of Internet
• Use Internet security specialists to perform audits
of all Internet and network activities
Principles of Information Systems, Eighth Edition
37
Privacy Issues
• With information systems, privacy deals with the
collection and use or misuse of data
• More and more information on all of us is being
collected, stored, used, and shared among
organizations
• Who owns this information and knowledge?
Principles of Information Systems, Eighth Edition
38
Privacy and the Federal Government
• Data collectors
– U.S. federal government
– State and local governments
– Profit and nonprofit organizations
• U.S. National Security Agency (NSA)’s program to
wiretap telephone and Internet traffic of U.S.
residents
Principles of Information Systems, Eighth Edition
39
Privacy at Work
• Rights of workers who want their privacy versus
interests of companies that demand to know more
about their employees
• Workers can be closely monitored via computer
technology
– Track every keystroke made by a user
– Determine what workers are doing while at the
keyboard
– Estimate how many breaks workers are taking
• Many workers consider monitoring dehumanizing
Principles of Information Systems, Eighth Edition
40
E-Mail Privacy
• Federal law permits employers to monitor e-mail
sent and received by employees
• E-mail messages that have been erased from hard
disks can be retrieved and used in lawsuits
• Use of e-mail among public officials might violate
“open meeting” laws
Principles of Information Systems, Eighth Edition
41
Privacy and the Internet
• Huge potential for privacy invasion on the Internet
– E-mail messages
– Visiting a Web site
– Buying products over the Internet
• Platform for Privacy Preferences (P3P): screening
technology นโยบายในการคุม้ ครองสิ ทธิส่วนบุคคล เช่น cookies
• Children’s Online Privacy Protection Act (COPPA),
1998: requires privacy policies and parental
consent
• Potential dangers on social networking Web sites
Principles of Information Systems, Eighth Edition
42
Fairness in Information Use
Table 14.4: The Right to Know and the Ability to Decide
Principles of Information Systems, Eighth Edition
43
Fairness in Information Use
(continued)
• The Privacy Act of 1974: provides privacy
protection from federal agencies
• Gramm-Leach-Bliley Act: requires financial
institutions to protect customers’ nonpublic data
• USA Patriot Act: allows law enforcement and
intelligence agencies to gather private information
• Other laws regulate fax advertisements, credit-card
bureaus, the IRS, video rental stores,
telemarketers, etc.
Principles of Information Systems, Eighth Edition
44
Corporate Privacy Policies
• Should address a customer’s knowledge, control,
notice, and consent over storage and use of
information
• May cover who has access to private data and
when it may be used
• A good database design practice is to assign a
single unique identifier to each customer
Principles of Information Systems, Eighth Edition
45
Individual Efforts to Protect Privacy
• Find out what is stored about you in existing
databases เก็บข้อมูลเกี่ยวกับตนเองอะไรไว้บา้ งในฐานข้อมูล
• Be careful when you share information about yourself
ระมัดระวังการshareข้อมูลของตนเอง
• Be proactive to protect your privacy ป้ องกันข้อมูลส่ วนตัวของ
ตนเอง
• When purchasing anything from a Web site, make
sure that you safeguard your credit card numbers,
passwords, and personal information เมื่อมีการซื้อขายในเว็บไซต์
ให้ระมัดระวังเกี่ยวกับข้อมูลให้มาก เช่นข้อมูลส่ วนตัว เลขที่บตั รเครดิต รหัสผ่าน
Principles of Information Systems, Eighth Edition
46
The Work Environment
• Use of computer-based information systems has
changed the workforce
– Jobs that require IS literacy have increased
– Less-skilled positions have decreased
• Computer technology and information systems
have opened up numerous avenues to
professionals and nonprofessionals
• Despite increasing productivity and efficiency,
computers and information systems can raise other
concerns
Principles of Information Systems, Eighth Edition
47
Health Concerns
• Occupational stress ความเครี ยด
• Repetitive stress injury (RSI) อาการที่เกิดจากการนัง่ ทางานอยูห่ น้า
เครื่ องนานๆ แบบไม่ถูกสุ ขลักษณะ
• Carpal tunnel syndrome (CTS) เส้นประสาทที่ขอ้ มือถูกกด
• Emissions from improperly maintained and used
equipment ใช้อุปกรณ์หรื อเครื่ องมือไม่เหมาะสม
• Increase in traffic accidents due to drivers using
cell phones, laptops, or other devices while driving
ใช้มือถือ โน๊ตบุ๊คหรื ออุปกรณ์อื่นๆ ขณะขับรถ
Principles of Information Systems, Eighth Edition
48
Avoiding Health and Environment
Problems
• Work stressors: hazardous activities associated
with unfavorable conditions of a poorly designed
work environment ตัวก่อความเครี ยดในงาน, ความเครี ยด ,แรงกดดัน
ความต้องการสาเร็ จ เป็ นต้น
• Ergonomics: science of designing machines,
products, and systems to maximize safety, comfort,
and efficiency of people who use them การยศาสตร์
• Employers, individuals, and hardware
manufacturing companies can take steps to reduce
RSI and develop a better work environment
Principles of Information Systems, Eighth Edition
49
Avoiding Health and Environment
Problems (continued)
Research has shown that developing certain ergonomically correct habits can
reduce the risk of RSI when using a computer
Principles of Information Systems, Eighth Edition
50
Ethical Issues in Information Systems
• Laws do not provide a complete guide to ethical
behavior
• Many IS-related organizations have codes of ethics
for their members
• American Computing Machinery (ACM): oldest
computing society founded in 1947
• ACM’s code of ethics and professional conduct
– Contribute to society and human well-being
– Avoid harm to others
– Be honest and trustworthy
Principles of Information Systems, Eighth Edition
51
Ethical Issues in Information Systems
(continued)
• ACM’s code of ethics and professional conduct
(continued)
– Be fair and take action not to discriminate
– Honor property rights including copyrights and
patents
– Give proper credit for intellectual property
– Respect the privacy of others
– Honor confidentiality
Principles of Information Systems, Eighth Edition
52
Summary
• Computer waste: inappropriate use of computer
technology and resources
• Computer-related mistakes: errors, failures, and
other computer problems that make computer
output incorrect or not useful; caused mostly by
human error
• Preventing computer-related waste and mistakes
requires establishing, implementing, monitoring,
and reviewing effective policies and procedures
Principles of Information Systems, Eighth Edition
53
Summary (continued)
• Criminals need two capabilities to commit most
computer crimes: knowing how to gain access to a
computer system and knowing how to manipulate
the system to produce desired results
• Crimes in which computer is the tool:
cyberterrorism, identity theft, etc.
• Crimes in which computer is the object of crime:
illegal access and use, data alteration and
destruction, information and equipment theft,
software and Internet piracy, computer-related
scams, and international computer crime
Principles of Information Systems, Eighth Edition
54
Summary (continued)
• Efforts to curb computer crime are being made by
state and federal agencies, corporations, and
individuals
• With information systems, privacy deals with the
collection and use or misuse of data
• Ergonomics: science of designing machines,
products, and systems to maximize safety, comfort,
and efficiency of people who use them
• Many IS-related organizations have codes of ethics
for their members
Principles of Information Systems, Eighth Edition
55
Download