Tonga Institute of Higher Education IT 245 Management Information Systems Lecture 11 Security, and Ethical Challenges of EBusiness 1 Learning Objectives • Identify several ethical issues in how the use of IT in E-Business affects employment, individuality, working conditions, privacy, crime, health, and solutions to societal problem • Identify several types of security management strategies and defenses, and explain how they can be used to ensure the security of E-business applications. • Propose several ways that business managers and professionals can help to lessen the harmful effects and increase the beneficial effects of the use of IT 2 Section 1- Security, Ethical, and Societal Challenges of E-Commerce IT can support both beneficial or detrimental effects on society in each of the areas: 1. Computer Crime in E-Business: the unauthorized use, access, modification, and destruction of hardware, software, data, or network resources. 3 Computer Crime Activities • • • • • • Hacking Cyber Theft Unauthorized use at Work Software Piracy Piracy of Intellectual Property Computer viruses 4 Privacy Issues • • • • Privacy on the Internet Computer Matching Privacy Laws Computer Libel and Censorship – Spamming – Flaming 5 Health Issues • Heavy use of computers is reportedly causing health problems like job stress, damaged arm, neck muscles, eye strain, radiation exposure etc. • Solution to some of these health problems are based on the science of ERGONOMICS sometime called human factors engineering. Goal is to design healthy work environment that are safe, comfortable and pleasant for people to work in thus increasing morale and productivity 6 Ergonomics which means “fitting the task to the worker” 7 Other Challenges • Employment Challenges – Substituting of human efforts • Computer Monitoring – Computers to monitor productivity and behaviors of employees • Challenges in Working Conditions – Ongoing upgrading of working environment • Challenges to individuality – Negative impact on individuals 8 You and Ethical Responsibility • As a business end user,we have a responsibility to promote ethical uses of IT in the workplace. • As a responsible IT user, it will be our responsibility to make decisions about business activities and the use of IT which may have an ethical dimension that must be considered. 9 Ethical Foundations • Egoism – What is best for a given individual is right. • Natural Law – Humans should promote their own health and life, pursue knowledge of the world and God,pursue close relationship with other people and submit to legitimate authority. • Utilitarianism – Those actions are right that produce the greatest good for the greatest number of people. • Respect for person – People should be treated as an end and not as a means to an end; and actions are right if everyone adopts the moral rule presupposed by the action. 10 Principles of Technology Ethics • Proportionality – The good achieved by the technology must outweigh the harm or risk. • Informed Consent – Those affected by the IT should understand and accept the risks. • Justice – The benefits and burdens of the technology should be disturbed fairly. • Minimized Risk – Even if judged acceptable by the other 3 guidelines, IT must be implemented so as to avoid all unnecessary risk. 11 Ethical Guidelines • Business end users and IS professional would live up to their ethical responsibilities by: – Acting with integrity – Increasing your professional competence – Setting high standards of personal performance – Accepting responsibility for your work – Advancing the health, privacy, and general welfare of the public. 12 AITP Standards of Professional Conduct In recognition of my obligation to my employer I shall: • Avoid conflicts of interest and ensure that my employer is aware of any potential conflicts. • Protect the privacy and confidentiality of all information entrusted to me. • Not withhold and misrepresent information that is relevant or useful to the situation. • Not attempt to use the resources of my employer for personal gain or for any purpose without proper approval. • Not exploit the weaknesses of a computer system for 13 personal gain or personal satisfaction. AITP Stand. Of PC con’t In recognition of my obligation to society I shall: • Use my skill and knowledge to inform the public in all areas of my experience. • To the best of my ability, ensure that the products of my work are used in a socially responsible way. • Support, respect, and abide by the appropriate local, state, provincial and federal laws. • Never misrepresent or withhold information that is germane to a problem or a situation of public concern, not will I allow any such known information to remain unchallenged. • Not use knowledge of a confidential or personal nature 14 in any unauthorized manner to achieve personal gain. Section 2 – Security Management of E-commerce The goal of SM is the accuracy, integrity, and safety of all E-Business processes and resources. Thus, effective SM can minimize errors, fraud, and losses in the internetworked computer-based systems that interconnect today’s e-business enterprise. 15 Security Tools and Defensive Measures. • • • • • • • • • • • Encryption Firewalls Email Monitoring - Policy Virus Defenses Security Codes – multilevel password Backup Files Security Monitors Biometric Security Computer Failure Controls Fault Tolerant Systems Disaster Recovery Plan 16 Essential E-commerce Processes 4 of 5 • Event Notification: Multiple events take place in E-transactions. EC systems are event-driven. Event must be notified to different parties involved in the transactions • Collaboration & Trading : Online/auction Sites for collective buying/selling requires collaboration between business partners. See the following diagram. 17 E-Business System Controls and Audits IS Controls are designed to monitor and maintain the quality and security of the IPOS activities of an information system. • Input Controls – Security codes – Encryption – Data Entry Screens – Error Signals – Control Totals 18 System Controls con’t Processing Controls: • Software controls, Hardware controls, Firewalls, Checkpoints Output Controls • Security codes, Encryption, Control Totals, Control Listings, and End User Feedback. Storage Controls • Security codes, Encryption, Backup Files, Library Procedures, Database Administrator 19 Auditing E-Business Systems E-Business systems should be periodically examined or audited by a company’s internal auditing staff or external auditors from professional accounting firms. Such auditors review and evaluate whether proper and adequate security measures and management policies have been developed and implemented. This typically involves verifying the accuracy and integrity of the E-Business software used as well as the input of data and output produced with secured storage. 20 Auditing IS con’t Audit Trial can be defined as the presence of documentation that allows a transaction to be traced through all stages of its information processing. • Control Logs automatically record all computer network activity on a magnetic disk or devices. 21 Security Management for Internet Users • Use antivirus software and update it often • Use a hard to guess password, mix of numbers and letters and change frequently • Use different password for different applications • Use up to date web browser and email software • Install firewall software • Don’t open e-mail attachment unless you know the source • Confirm the site you are doing business with. 22 SUMMARY • Section 1 – Security, Ethical, and Societal Challenges of E-Business: – – – – – – Computer crime in business Privacy Issues Other Challenges Health Issues Societal Solutions You and Ethical Responsibility • Section II - Security Management of E-Busines – – – – Security Management Internetworked E-Business Defenses Other Security Measures E-Business System Controls and Audit 23