Chapter 13
Security and Ethical
Challenges
Legal/Illegal Test
2
• Download copyrighted material• Illegal
• Upload copyrighted material • Illegal
• Use another person’s photos on your
website
• Illegal
• Post guitar tabs/song lyrics
• Illegal
• Install software on more than one
computer
• Illegal
• Record TV transmissions to your
computer
• Legal
• Using someone else’s wireless
connection
• Illegal3
I. Introduction
Use of IT in business poses security
challenges, ethical questions, and
societal challenges
As a business professional you have the
responsibility to promote Ethical (what
does that mean???) use of IS in the
workplace
4
Computer Crime
Hacking and Cracking
Hacking – obsessive use of computers,
unauthorized use of networked systems
Cracking (black hat or dark-side hacker) – malicious
or criminal hacker
Cyber Theft – many computer crimes involve
theft of money; many firms do not reveal that
they’ve been victims due to bad publicity
Cyber-terrorism – causing physical, real-world
harm or severe disruption of infrastructure
5
III. Computer Crime – using a computer to
do something illegal
Cyber-Warfare – actions by a nation-state to
cause damage or disruption to another nationstate
Unauthorized use at Work – time and resource
theft, this can be a very wide range of actions,
many firms have written policies for
(im)proper use of computers and IT resources
Software Piracy –unauthorized copying of
software
Theft of Intellectual Property – any
infringement of copyrighted materials
6
III. Computer Crime – using a computer to
do something illegal
Computer Viruses and Worms – insert
destructive routines into computer systems to
cause damage
Adware and Spyware
Adware – allows Internet advertisers to display ads
without the consent of the user
Spyware – uses the network connection without
the user’s knowledge or permission, collects and
distributes information about the user
7
Common Hacking Tactics
• Sniffer
– Programs that search individual packets of
data as they pass through the Internet
– Capturing passwords or entire contents
• Phishing or Spoofing
– Faking an e-mail address or Web page to trick
users into passing along critical information
like passwords or credit card numbers
• Dumpster Diving
– Sifting through a company’s garbage to find
information to help break into their
computers
8
Common Hacking Tactics
• Trojan Horse
– A program that, unknown to the user,
contains instructions that exploit a known
vulnerability in some software
• Malicious Applets
– Tiny Java programs that misuse your
computer’s resources, modify files on the hard
disk, send fake e-mail, or steal passwords
• Social Engineering
– Gaining access to computer systems
– By talking unsuspecting company employees
out of valuable information such as passwords 9
Leaving Your Job? Don’t Take Anything
with You
What is an “orphaned account”?
Why are they dangerous?
Why do people take data with them when
they leave an organization?
How many firms monitor or track these
accounts?
What threats does this pose to the firm?
10
IV. Privacy Issues
IT can store and retrieve information
affecting the privacy of the individual
Privacy on the Internet – the Internet
gives users a feeling of anonymity while
making them vulnerable to privacy
violations
Computer Matching – profiling
Computer Monitoring – using a
computer to monitor productivity in the
workplace
11
IV. Privacy Issues
Privacy Laws – many countries regulate
collection and use of personal data
HIPAA – health related privacy laws
Sarbanes-Oxley – standards for publicly held firms
Computer Libel and Censorship – what can and
cannot be said (legally) online
Spamming – indiscriminate sending of unsolicited
email
Flaming – extremely critical, derogatory, vulgar
email
12
Section 2
Security Management of
Information Technology
13
III. Security Issues to Consider
 Need for security vs. need for access?
 Encryption – using a mathematical algorithm to
encode a message before transmission and
descramble it for reception
 Firewalls – a hardware or software gatekeeper that
keeps unauthorized transmissions out of a system
 Denial of Service Attacks – using zombie/slave
computers to overload another system with large
volumes of service requests
 E-Mail Monitoring – firms watch employees use of
email
 Antivirus software
14
III. Inter-Networked Security Defenses
Public Key/Private Key Encryption
15
V. Other Security Measures
Security Codes – login IDs and passwords
Backup Files – duplicate files of data or
programs
Security Monitors – monitor systems for
unauthorized use, fraud, and destruction
Disaster Recovery – getting a system
running again after a disaster
16
V. Other Security Measures
Computer Failure Controls – preventing
computer failure or minimizing its
effects
Fault-Tolerant Systems – providing
backup components in case of a system
failure
17
Biometrics
• Computer devices that measure physical
traits that make each individual unique
• Examples:
– Voice verification
– Fingerprints
– Retina scan
– Hand scan
– Face scan
18
VI. System Controls and Audits
Information System Controls – assure
accuracy, validity, and propriety of IS
activities
Auditing IT Security – IT security should
be periodically examined
19
Ethical Discussion
• Is it good for technology to replace
workers?
20
Corporate Social
Responsibility Theories
• Stockholder Theory
– Managers are agents of the stockholders
– Their only ethical responsibility is to increase the
profits of the business
– Without violating the law or engaging in
fraudulent practices
• Social Contract Theory
– Companies have ethical responsibilities to all
members of society
– Which allow corporations to exist based on a
social contract
21
Corporate Social
Responsibility Theories
• Stakeholder Theory
– Managers have an ethical responsibility to
manage a firm for the benefit of all its
stakeholders
– Stakeholders are all individuals and groups
that have a stake in, or claim on, a company
22
Three Levels of Ethical
Standards
• The law.
• The policies and procedures of the
organization.
• The moral stance individuals take when
faced with decisions not governed by
formal rules.
23
Establishing Ethical
Standards
• The Utilitarian principle (Benefits
people more than hurting someone).
• Kant's categorical imperative (If
everyone does it – universal law).
• The professional ethic.
• The Golden Rule.
• The television test.
• The family test.
24