Security and Ethical Challenges of E

advertisement
Tonga Institute of Higher Education
IT 245
Management Information Systems
Lecture 11
Security, and Ethical Challenges of EBusiness
1
Learning Objectives
• Identify several ethical issues in how the use of
IT in E-Business affects employment,
individuality, working conditions, privacy, crime,
health, and solutions to societal problem
• Identify several types of security management
strategies and defenses, and explain how they
can be used to ensure the security of E-business
applications.
• Propose several ways that business managers
and professionals can help to lessen the harmful
effects and increase the beneficial effects of the
use of IT
2
Section 1- Security, Ethical, and
Societal Challenges of E-Commerce
IT can support both beneficial or detrimental
effects on society in each of the areas:
1. Computer Crime in E-Business: the
unauthorized use, access, modification,
and destruction of hardware, software,
data, or network resources.
3
Computer Crime Activities
•
•
•
•
•
•
Hacking
Cyber Theft
Unauthorized use at Work
Software Piracy
Piracy of Intellectual Property
Computer viruses
4
Privacy Issues
•
•
•
•
Privacy on the Internet
Computer Matching
Privacy Laws
Computer Libel and Censorship
– Spamming
– Flaming
5
Health Issues
• Heavy use of computers is reportedly causing
health problems like job stress, damaged arm,
neck muscles, eye strain, radiation exposure etc.
• Solution to some of these health problems are
based on the science of ERGONOMICS
sometime called human factors engineering.
Goal is to design healthy work environment that
are safe, comfortable and pleasant for people to
work in thus increasing morale and productivity
6
Ergonomics which means “fitting the task to the worker”
7
Other Challenges
• Employment Challenges
– Substituting of human efforts
• Computer Monitoring
– Computers to monitor productivity and
behaviors of employees
• Challenges in Working Conditions
– Ongoing upgrading of working environment
• Challenges to individuality
– Negative impact on individuals
8
You and Ethical Responsibility
• As a business end user,we have a
responsibility to promote ethical uses of IT
in the workplace.
• As a responsible IT user, it will be our
responsibility to make decisions about
business activities and the use of IT which
may have an ethical dimension that must
be considered.
9
Ethical Foundations
• Egoism – What is best for a given individual is right.
• Natural Law – Humans should promote their own
health and life, pursue knowledge of the world and
God,pursue close relationship with other people and
submit to legitimate authority.
• Utilitarianism – Those actions are right that produce
the greatest good for the greatest number of people.
• Respect for person – People should be treated as
an end and not as a means to an end; and actions
are right if everyone adopts the moral rule
presupposed by the action.
10
Principles of Technology Ethics
• Proportionality – The good achieved by the
technology must outweigh the harm or risk.
• Informed Consent – Those affected by the IT
should understand and accept the risks.
• Justice – The benefits and burdens of the
technology should be disturbed fairly.
• Minimized Risk – Even if judged acceptable by
the other 3 guidelines, IT must be implemented
so as to avoid all unnecessary risk.
11
Ethical Guidelines
• Business end users and IS professional
would live up to their ethical
responsibilities by:
– Acting with integrity
– Increasing your professional competence
– Setting high standards of personal
performance
– Accepting responsibility for your work
– Advancing the health, privacy, and general
welfare of the public.
12
AITP Standards of Professional
Conduct
In recognition of my obligation to my employer I
shall:
• Avoid conflicts of interest and ensure that my
employer is aware of any potential conflicts.
• Protect the privacy and confidentiality of all information
entrusted to me.
• Not withhold and misrepresent information that is
relevant or useful to the situation.
• Not attempt to use the resources of my employer for
personal gain or for any purpose without proper
approval.
• Not exploit the weaknesses of a computer system for
13
personal gain or personal satisfaction.
AITP Stand. Of PC con’t
In recognition of my obligation to society I shall:
• Use my skill and knowledge to inform the public in all
areas of my experience.
• To the best of my ability, ensure that the products of
my work are used in a socially responsible way.
• Support, respect, and abide by the appropriate local,
state, provincial and federal laws.
• Never misrepresent or withhold information that is
germane to a problem or a situation of public concern,
not will I allow any such known information to remain
unchallenged.
• Not use knowledge of a confidential or personal nature
14
in any unauthorized manner to achieve personal gain.
Section 2 – Security
Management of E-commerce
The goal of SM is the accuracy, integrity,
and safety of all E-Business processes
and resources. Thus, effective SM can
minimize errors, fraud, and losses in the
internetworked computer-based systems
that interconnect today’s e-business
enterprise.
15
Security Tools and Defensive
Measures.
•
•
•
•
•
•
•
•
•
•
•
Encryption
Firewalls
Email Monitoring - Policy
Virus Defenses
Security Codes – multilevel password
Backup Files
Security Monitors
Biometric Security
Computer Failure Controls
Fault Tolerant Systems
Disaster Recovery Plan
16
Essential E-commerce
Processes 4 of 5
• Event Notification: Multiple events take
place in E-transactions. EC systems are
event-driven. Event must be notified to
different parties involved in the
transactions
• Collaboration & Trading : Online/auction
Sites for collective buying/selling requires
collaboration between business partners.
See the following diagram.
17
E-Business System Controls
and Audits
IS Controls are designed to monitor and
maintain the quality and security of the
IPOS activities of an information system.
• Input Controls
– Security codes
– Encryption
– Data Entry Screens
– Error Signals
– Control Totals
18
System Controls con’t
Processing Controls:
• Software controls, Hardware controls, Firewalls,
Checkpoints
Output Controls
• Security codes, Encryption, Control Totals,
Control Listings, and End User Feedback.
Storage Controls
• Security codes, Encryption, Backup Files,
Library Procedures, Database Administrator
19
Auditing E-Business Systems
E-Business systems should be periodically
examined or audited by a company’s internal
auditing staff or external auditors from
professional accounting firms. Such auditors
review and evaluate whether proper and
adequate security measures and management
policies have been developed and
implemented. This typically involves verifying
the accuracy and integrity of the E-Business
software used as well as the input of data and
output produced with secured storage.
20
Auditing IS con’t
Audit Trial can be defined as the presence of
documentation that allows a transaction to be
traced through all stages of its information
processing.
• Control Logs automatically record all computer
network activity on a magnetic disk or devices.
21
Security Management for
Internet Users
• Use antivirus software and update it often
• Use a hard to guess password, mix of numbers
and letters and change frequently
• Use different password for different applications
• Use up to date web browser and email software
• Install firewall software
• Don’t open e-mail attachment unless you know
the source
• Confirm the site you are doing business with.
22
SUMMARY
• Section 1 – Security, Ethical, and Societal
Challenges of E-Business:
–
–
–
–
–
–
Computer crime in business
Privacy Issues
Other Challenges
Health Issues
Societal Solutions
You and Ethical Responsibility
• Section II - Security Management of E-Busines
–
–
–
–
Security Management
Internetworked E-Business Defenses
Other Security Measures
E-Business System Controls and Audit
23
Download