1
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
CHAPTER 15
IMPLEMENTING IT:
ETHICS, IMPACTS,
AND SECURITY
2
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
Learning Objectives
 Describe the major ethical issues related to information
technology and identify situations in which they occur
 Identify the major impacts of information technology on
organizational structure, power, jobs, supervision, and
decision making
 Understand the potential dehumanization of people by
computers and other potential negative impacts of
information technology
 Identify some of the major societal effects of
information technology
 Describe the many threats to information security
 Understand the various defense mechanisms of
information systems
 Explain IT auditing and planning for disaster recovery
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
3
Chapter Overview
Ethical Issues
Impacts of IT on
Organizations and Jobs
• A Framework
• How will
for Ethics
Organizations be
• Protecting Privacy
changed?
• Protecting
• How will Jobs be
Intellectual Property Changed?
•Other Considerations
Societal Impacts and
Internet Communities
• Improved Quality
of life
• Internet Communities
• Telecommuting
Security is a Concern
for Everyone
• Threats to
information Systems
• Systems Vulnerability
• Computer Crimes
Impacts on Individuals at
Work
• Will my Job be Eliminated?
• Dehumanization and
Psychological Impacts
• Impact on Health and Safety
• Other Impacts
Protecting
Information Systems
• Defence Strategies: How do
we Protect IT?
• Auditing Information
Systems
• Disaster Recovery Planning
• Security in the 21st Century
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
4
Case: Music Retailer Finds
Commerce in Communities
 The Business Problem
 N2K, a retailer in the music industry, merged
with an Internet Music store called Music
Boulevard (www.musicblvd.com), but sales were small
The Solution
 The company created genre-specific sites where each is
focused on the specific needs of an Internet community.
 The Internet is viewed as a network that provides new kinds
of “spaces,” a world of online communities and virtual chat
room.
The Results
 Increased sales dramatically
 High level of members’ loyalty to the site
 Minimal inventory cost
5
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
Case (continued…)
What have we learned from this case??
 The concept of internet communities can
offer the opportunity to significantly
increase an online company’s revenue and
profit
 IT has had an impact on society as well as on
corporate operations and marketing methods
6
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
Ethical Issues
Ethics is a branch of philosophy that deals with
what is considered to be right and wrong
What is unethical is not necessarily illegal
Codes of ethics is a collection of principles
intended as a guide for members of a company
or an association
Ethics differ in countries and
companies
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
7
Ethical Issues (continued …)
A Framework for Ethics Issues
Privacy
Issues
Accuracy
Issues
Property
Issues
 What information about oneself should an individual
be required to reveal to others?
 What kind of surveillance can an employer use on its
employees?
 Who is responsible for the authenticity, fidelity, and
accuracy of information collected?
 How can we ensure that information will be processed
properly and presented accurately to users?
 Who owns the information?
 What are the just and fair prices for its exchange?
Accessibility  Who is allowed to access information?
 How much should be charged for permitting
Issues
accessibility to information?
8
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
Ethical Issues (continued …)
Protecting Privacy
 privacy - different things to different people
 four stages of privacy
 solitude intimacy anonymity reserve
 too expensive, cumbersome, and complex to
invade information privacy
 personal computers, powerful software, large
databases, and the internet have created an
entirely new dimension of accessing and using
personal data
9
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
Ethical Issues (continued …)
Electronic Surveillance (monitoring computer users)
 American Civil Liberties Union (ACLU) estimates
that tens of millions of computer users are monitored
Personal Information in Databases
 people may not appreciate the intrusion of vendors
 commercial companies advise individuals about how
to protect their rights, and it monitors several database
10
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
Ethical Issues (continued …)
Information on Internet Bulletin Boards and
Newsgroups
 how does society keep owners of bulletin
boards from disseminating information that
may be offensive to readers?
 highlights the conflict between freedom of
speech, privacy, and ethics
Privacy codes and Polices
 helps organizations avoid legal problems
11
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
International Aspects of Privacy
Guidelines to protect individuals’ privacy in
the electronic age in Europe are very strict
 Collection limitation
 Data quality
 Purpose specification
 Use limitation
 Security safeguards
 Openness
 Individual participation
12
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
Data
Collection
 Data should be collected on individuals only for the purpose of accomplishing a
legitimate business objective.
 Data should be adequate, relevant, and not excessive in relation to the business
objective.
 Individuals must give their consent before data pertaining to them can be gathered.
Data
Accuracy
 Sensitive data gathered on individuals should be verified before it is entered into the
database.
 Data should be accurate and, where and when necessary, keep current.
 The file should be made available so the individual can ensure that the data are correct.
 If there is disagreement about the accuracy of the data, the individual’s version should
be noted and included with any disclosure of the file.
Data
Confidentiality
Privacy Policy Guidelines A Sampler
 Computer security procedures should be implemented to provide reasonable
assurance against unauthorized disclosure of data. They should include physical,
technical, and administrative security measures.
 Third parties should not be given access to data without the individual’s knowledge
or permission, except as required by law.
 Disclosures of data, other than the most routine, should be noted and maintained for
as long as the data are maintained.
 Data should not be disclosed for reasons incompatible with the business objective for
which they are collected.
13
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
Protecting Intellectual Property
Intellectual property - the intangible property
created by individuals or corporations
Protected under
 Copyright - a statutory grant that provides the
creators of intellectual property with ownership of
it for 28 years
 Trade secret - intellectual work such as a business
plan which is a company secret and is not based
on public information
 Patent - a document that grants the holder
exclusive rights on an invention for 17 years
14
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
The Impacts of IT
on Organizations and Jobs
How will organizations be changed?
 Flatter organizational hierarchies
 It is reasonable to assume that fewer managerial
levels will exist in many organizations, and there
will be fewer staff and line managers.
 Changes in supervision
 an employee’s work is performed online and stored
electronically introducing the possibility for greater
electronic supervision.
 Powers and status
 Knowledge is power.
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
15
The Impacts of IT
on Organizations and Jobs
How will jobs be changed?
 Job content
 Changes in job content occur when work
is redesigned
 Employee career ladders
 the use of IT may short-cut a portion of
learning curve by capturing and more
efficiently managing knowledge
 The manager’s job
 It can change the manner in which many
decisions are made and consequently
change managers’ jobs.
16
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
Impacts on Individuals at Work
Will my Job be Eliminated?
 IT can significantly increase the productivity of
employees, restructuring their job content and
changing the skill requirement of many jobs.
 Because computers are becoming “smarter” and
more capable as time passes, the competitive
advantage of replacing people with machines is
increasing rapidly.
 But many computer-related job are being
created.
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
17
Impacts on Individuals at Work
(continues …)
Dehumanization
 computers reduce or eliminate the human element that
was present in the non-computerized systems
 computer-supported activities may dehumanize people
 Psychological impacts
 people may feel depression and loneliness if they work and
shop from their living rooms
 the lack of social contacts could be damaging to children’s
development if they are schooled at home through IT
 Job satisfaction
 Some jobs may become more routine and less satisfying
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
18
Impacts on Individuals at Work
(continues …)
Impacts on Health and Safety
 Job stress - computerization has created an ever-increasing
workload on many people
 Video display terminals (VDTs) - radiation exposure
has been associated with cancer and other health-related
problems
 Repetitive strain injuries - backaches and muscle tension
in the wrists and fingers
 Lessening the Negative Impact on Health and Safety
- ergonomic techniques focus on creating an environment for
workers that are well lit, comfortable and safe
Drug Store
Department Store
Education and
Medical System
Supermarket
Education
Administration
and Records
Computer
Assisted
Education
Money Oared
Real Estate
Stocks
Integrated
Financial
Database
Entertainment
, Business,
and Education
Home
Information System
Hospital
Administration
and Treatment
Central Medical
Database
Public and Private
Service System
Environmental
and appliances
Security
Travel
Reservations
Leisure Time System
Insurance and
Brokerage
Accounting
and Legal
Police and
Fire
Theatre and
Entertainment
Hotel
Reservations
19
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
Information Systems and
the Individuals
The Individual
Electronic Funds Transfer / Electric Commerce
Financial System
Consumer
System
20
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
Societal Impacts
Improved Quality of Life
 Opportunities for people with disabilities
 The integration of intelligent systems, such as speech
and vision recognition, into a computer-based
information system can create new employment
opportunities for people with disabilities.
 Improvements in heath care
 IT brought about major improvements in health care
delivery, ranging from better and faster diagnoses, to
expedited research and development of new drugs, to
more accurate monitoring of critically ill patients.
21
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
Societal Impacts (continued …)
Improved Quality of Life
 Help for the consumer
 IT systems help the lay person perform
tasks that require expertise.
 Robots performing hard and hazardous labor
 Robots can work in uncomfortable or
dangerous environments.
 Crime fighting
 Improvement in education and other benefits
22
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
Internet Communities
Communities of Interest : provide place for
people to interact with each other on a specific topic
 Communities of Relations : be organized
around certain life experiences
 Communities of Fantasy : provide place for
participants create imaginary environments
Communities of Transactions : facilitate buying
and selling
Communities of Professionals : support
professional communication and the exchange of
valuable work or research-related information
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
23
Telecommuting
 Benefits
To the employees
• Less stress
• Ability to go to school
while working
• Improved family life
• Money is saved
• Commuting time is
saved
• Ability to control
schedule and manage
time better
• Employment
opportunities
for housebound people
To the organization
To society
• Increased productivity
• Less use of
• Reduced real estate cost
fossil fuels
• Reduced cost of parking • Fewer
• Ability to retain
traffic
skilled employees
problems;
• Ability to tap remote
including
labor pool
less air
• Lower labor and
pollution
absenteeism cost
• More
• Better interaction of
business for
employees with clients
suburbs and
and suppliers
rural areas
24
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
Telecommuting (continued …)
 Telecommuting and Productivity
 Increase productivity by
 increased motivation and satisfaction
 reduced absenteeism
 forces managers to manage by results instead
of by overseeing
 Reduce productivity by
 some employees need to work with others
 not all jobs can be done while telecommuting
 not all managers can participate
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
25
Security
Security Threats
Database
Database
Access rules
Radiation
Systems Software
Hardware
Processor
Tap
Crosstalk
Terminals
Systems
Programmer
Operator
Authorizer
Application
Programmer
External Environment
Terminal User
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
26
Computer Crimes
Types of computer crimes
 computers are the target of the crime
 computers are the medium of the attack by creating an
environment in which a crime or fraud can occur
 computers are the tool by which the crime is perpetrated
 computers are used to intimidate or deceive
Criminals
 hackers - outsider people who penetrate a computer system
 crackers - malicious hackers who may represent a serious
problem for organizations
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
27
Computer Crime (continues ...)
Computer Crime
 Methods of Attack
 Data tampering
 Programming fraud
 Viruses
 receiving its name from the program’s ability to
attach itself to other computer programs, causing
them to become viruses themselves
 Representative federal laws
 Computer Fraud and Abuse Act (1986)
 Computer Security act of 1987
28
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
Protecting Information Systems
Some of the reasons that make it complex
or expensive to defend information systems
 Hundreds of potential threats exists.
 Computing resources may be situated in many
locations.
 Many individuals control information assets.
 Computer networks can be outside the
organization and difficult to protect.
 People tend to violate security procedures
because the procedures are inconvenient
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
29
Protecting Information Systems
(continued …)
Defense strategies
 Controls for prevention and deterrence - prevent
errors from occurring, deter criminals from attacking the
system, deny access to unauthorized people
 Detection - the earlier it is detected, the earlier it is to
combat and the less damage
 Limitation - minimizing losses once a malfunction has
occurred
 Recovery - explains how to fix a damaged information
system as quickly as possible
 Correction - prevent the problem from occurring again
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
30
Protecting Information Systems
(continued …)
General Controls - protect the system regardless of
the specific application
 Physical controls
 provides protection against most natural hazards
as well as against some human-created hazards
 Access controls
 restrict unauthorized user access to a portion of
a computer system or to the entire system
31
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
Protecting Information Systems
(continued …)
General Controls (CONT’)
 Biometric controls
 verify the identity of a person, based on
physiological or behavioral characteristics
 hand geometry, blood vessel pattern in the
retina of an eye, voice, signature, keystroke
dynamics, facial thermography, fingerprints
 Data security controls
 protect data from accidental or intentional
disclosure to unauthorized persons, or from
unauthorized modification or destruction
32
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
Protecting Information Systems
(continued …)
Application controls - protect specific
application
 Input controls
 prevent data alteration or loss
 Processing controls
 allow only authorized users to access
certain programs or facilities
 monitor the computer’s use by individuals
 Output controls
 ensure that outputs are sent only to
authorized personnel
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
33
Network Protections and Firewalls
Access Control
 guards against unauthorized dial-in attempts
Encryption
 encodes regular digitized text into unreadable
scrambled text or numbers, to be decoded upon receipt
Cable Testers
 finds almost any fault that can occur with LAN cabling
Firewalls
 enforces an access control policy between two networks
 do not protect against viruses
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
34
Auditing Information Systems
Audit
 additional layer of controls or safeguards
Types of Auditors and Audits
 internal auditor
 audit information systems
 external auditor
 reviews the findings of the internal audit
and the inputs, processing, and outputs of
information systems
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
35
How is Auditing Executed?
Auditing
around
the computer
Auditing
through
the computer
Auditing
with
the computer
36
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
Disaster Recovery Planning
Disaster Recovery of Information Systems
 the chain of events linking planning to
protection to recovery from a disaster
 keep the business running after a disaster
occurs
Disaster Avoidance
 an approach oriented toward prevention
Back-up Arrangements
 an extra copy of data and/or programs are
kept in another location
37
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
Disaster Recovery Planning
(continued …)
Planning for a recovery from Disasters
 Isolate data that change frequently
 Keep management and technical
procedures separate
 Don’t include data in the plan if it can be
obtained elsewhere after the disaster
 Write a plan that is independent of
organization, positions, and personnel
 Gather data on a daily basis
38
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
IT Security in the 21st Century
Computer control and security are
receiving increased attention
 almost 70 percent of all U.S. corporations
have battled computer viruses
 the latest technologies need to be
employed to protect against viruses and
computer crimes
 using intelligent systems for detecting
intruders and crimes
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
39
How Technologies Improved
IT Security
Area
Improved systems reliability
Early or real time detection
of intrusion, failures, or
noncompliance with rules
Auditing information systems
Troubleshooting
Disaster planning
Access protection
IT Solution
Fault tolerance systems, multiple disks
Intelligent agents monitor performance,
compare to standards, analyze profiles
(e.g., Network Associates Inc.)
Neural computer can detect fraud and
expert systems evaluate controls
Quick diagnosis by expert system,
especially on networks and the Internet
Internet-based expert systems for selfassessment including planning and
disaster recovery
Smart cards
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
40
What’s in IT for Me?
For Accounting
 Accountant involved in Web-based auditing,
security of data, and fraud prevention and
detection programs
For Finance
 Finance and banking industry is concerned
about security and auditing in electronic
commerce, computer criminals, the hazards
and the available controls
Introduction to Information Technology
Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
41
What’s in IT for Me? (continued …)
 For Marketing
 Marketers do not want to be sued because of
invasion of privacy in data collected, nor do
they want their innovative marketing strategies
to fall into the hands of competitors
For Human Resources Management
 Motivation, supervision, career development,
recruiting, and more are all affected by IT
 Telecommuting is implemented by HRM