Introduction to Information Technology
Turban, Rainer and Potter
John Wiley & Sons, Inc.
Copyright 2005
Chapter 12
1
IT Ethics, Impacts, and Security
Chapter 12
2
Chapter Outline
Ethical Issues
Impact of IT on organizations and jobs
Impacts on individuals at work
Societal impacts and Internet communities
IS vulnerability and computer crimes
Protecting information resources
“ Copyright 2005 John Wiley & Sons Inc.”
Chapter 12
3
Learning Objectives
Describe the major ethical issues related to information
technology and identify situations in which they occur.
Identify the major impacts of information technology on
organizational structure, power, jobs, supervision, and decision
making.
Understand the potential dehumanization of people by
computers and other potential negative impacts of information
technology.
Identify some of the major societal effects of information
technology.
Describe the many threats to information security.
Understand the various defense mechanisms used to protect
information systems.
Explain IT auditing and planning for disaster recovery.
“ Copyright 2005 John Wiley & Sons Inc.”
Chapter 12
4
12.1 Ethical Issues
Ethics. A branch of philosophy that deals with what is
considered to be right and wrong.
Code of ethics. A collection of principles intended as
a guide for the members of company or an
organization.
Ethical issues can be categorized into four types:
Privacy
Accuracy
Property
Accessibility
“ Copyright 2005 John Wiley & Sons Inc.”
Chapter 12
5
Protecting Privacy
Privacy. The right to be left alone and to be
free of unreasonable personal intrusions
Two rules have been followed fairly closely in
past court decision in many countries:
The right of privacy is not absolutes. Privacy
must be balanced against the needs of society
The public’s right to know is superior to the
individual’s right of privacy.
“ Copyright 2005 John Wiley & Sons Inc.”
Chapter 12
6
Protecting Privacy cont…
Electronic surveillance. The tracking of
people‘s activities, online or offline, with the
aid of computers.
Privacy policies/codes. An organization’s
guidelines with respect to protecting the
privacy of customers, clients, and employees.
.
“ Copyright 2005 John Wiley & Sons Inc.”
Chapter 12
7
Protecting Intellectual Property
Intellectual property. The intangible property created
by individuals or corporations, which is protected
under trade secret, patent, and copyright, laws.
Trade secret. Intellectual work such as a business
plan, that is a company secret and is not based on
public information.
Patent. A document that grants the holder exclusive
rights on an invention or process for 20 years.
Copyright. A grant that provides the creator of
intellectual property with ownership of it for the life of
the creator plus 70 years.
“ Copyright 2005 John Wiley & Sons Inc.”
Chapter 12
8
12.2 Impacts of IT on organizations and
Jobs
 The use of information technologies, most
recently the web, has brought many
organizational changes in areas such as
structure, authority, power, job content,
employee career ladders, supervision and
manager’s job.
“ Copyright 2005 John Wiley & Sons Inc.”
Chapter 12
9
How will organizations change?
 Fatter organization hierarchies.
 Changes in supervision.
 Power and status.
“ Copyright 2005 John Wiley & Sons Inc.”
Chapter 12
10
How will job change?
Job content
Employee career ladders
The manager’s job
“ Copyright 2005 John Wiley & Sons Inc.”
Chapter 12
11
12.3 Impacts on Individuals at Work
Will my job be eliminated?
Dehumanization and psychological impacts
Dehumanization: Loss of identity
Information anxiety: Disquiet caused by an
overload of information
Impacts on health and safety
Ergonomics: The science of adapting machines
and work environment to people.
“ Copyright 2005 John Wiley & Sons Inc.”
Chapter 12
12
12.4 Societal Impact and
Internet Communities
Opportunities for people with disabilities
Quality-of-life improvements
Technology and privacy
The digital divide
Free speech versus censorship
Controlling spam
Virtual communities
“ Copyright 2005 John Wiley & Sons Inc.”
Chapter 12
13
Technology and privacy
Scanning crowds for criminals
Cookies and individual privacy
Digital millennium Copyright Act and Privacy
“ Copyright 2005 John Wiley & Sons Inc.”
Chapter 12
14
The Digital Divide
The gap in computer technology in general,
and now in web technology, between those
who have such technology and those who do
not.
Cybercafés: Public places in which Internet
terminals are available usually for a small fee.
“ Copyright 2005 John Wiley & Sons Inc.”
Chapter 12
15
Free speech versus censorship
Controlling spam.
Spamming. The practice of indiscriminately
broadcasting message over the Internet .
“ Copyright 2005 John Wiley & Sons Inc.”
Chapter 12
16
Virtual communities
Groups of people with similar interests who
interact and communicate via the Internet
“ Copyright 2005 John Wiley & Sons Inc.”
Chapter 12
17
12.5 IS Vulnerability and Computer
Crimes
Identity theft. Crime in which someone uses
the personal information of others to create a
false identity and then uses it for some fraud.
“ Copyright 2005 John Wiley & Sons Inc.”
Chapter 12
18
Security Terms
Term
Definition
Backup
An extra copy of data and/or programs, kept in a secured location (s)
Decryption
Transformation of scrambled code into readable data after transmission
Encryption
Transmission of data into scrambled code prior to transmission
Exposure
The harm, loss, or damage that can result if something has gone wrong in
information system.
Fault tolerance
The ability of an information system to continue to operate (usually for a limited
time and/or at reduced level) when a failure occurs
Information system controls
The procedure, devices, or software that attempt to ensure that system
performs as planned.
Integrity (of data)
The procedure, devices or software that attempt to ensure that the system
performs as planned.
Risk
A guarantee of the accuracy, completeness, and reliability of data, system
integrity is provided by the integrity of its components and their integration
Threats (or hazards)
The likelihood that a threat will materialize
Vulnerability
Given that a threat exists, the susceptibility of the system to harm caused by
the threat.
“ Copyright 2005 John Wiley & Sons Inc.”
Chapter 12
19
Type of computer crimes and criminals
Hacker. An outside person who has penetrated a computer
system, usually with no criminal intent.
Cracker. A malicious hacker.
Social engineering. Getting around security systems by tricking
computer users into revealing sensitive information or gaining
unauthorized access privileges.
Cybercrimes. Illegal activities executed on the Internet.
Identify theft. A criminal (the identity thief) poses as someone
else.
Cyberwar. War in which a country’s information systems could
be paralyzed from a massive attack by destructive software.
Virus. Software that can attach itself to (‘’infect’’) other computer
programs without the owner of the program being aware of the
infection.
“ Copyright 2005 John Wiley & Sons Inc.”
Chapter 12
20
Security Terms
Method
Definition
Virus
Secret instructions inserted into programs (or data) that are innocently ordinary tasks. The secret instructions may
destroy or alter data as well as spread within or between computer systems
Worm
A program that replicates itself and penetrates a valid computer system. It may spread within a network, penetrating all
connected computers.
Trojan horse
An illegal program, contained within another program, that ‘’sleep' until some specific event occurs then triggers the
illegal program to be activated and cause damage.
Salami slicing
A program designed to siphon off small amounts of money from a number of larger transactions, so the quantity taken
is not readily apparent.
Super zapping
A method of using a utility ‘’zap’’ program that can bypass controls to modify programs or data
Trap door
A technique that allows for breaking into a program code, making it possible to insert additional instructions.
Logic bomb
An instruction that triggers a delayed malicious act
Denial of services
Too many requests for service, which crashes the site
Sniffer
A program that searches for passwords or content in packet of data as they pass through the Internet
Spoofing
Faking an e-mail address or web-page to trick users to provide information instructions
Password cracker
A password that tries to guess passwords (can be very successful)
War dialling
Programs that automatically dial thousands of telephone numbers in an attempt to identify one authorized to make a
connection with a modem, then one can use that connection to break into databases and systems
Back doors
Invaders to a system create several entry points, even if you discover and close one, they can still get in through
others
Malicious applets
Small Java programs that misuse your computer resource, modify your file, send fake e-mail, etc
“ Copyright 2005 John Wiley & Sons Inc.”
Chapter 12
21
12.6 Protecting Information Resources
Controls
Securing your PC
Concluding thoughts about computer
Auditing information systems
Disaster recovery planning
“ Copyright 2005 John Wiley & Sons Inc.”
Chapter 12
22
Protecting Information Resources cont…
Disaster recovery. The chain of events linking
planning to protection to recovery.
Disaster avoidance. A security approach
oriented toward prevention.
Backup location. Location where, in the event
of a major disaster, an extra copy of data and/
or key programs are kept.
Hot site. Location at which vendors provide
access to a fully configured backup data
center.
“ Copyright 2005 John Wiley & Sons Inc.”
Chapter 12
23