Principles of Information Systems, Sixth Edition
Chapter 14
Chapter 14
Security, Privacy, and Ethical Issues in Information
Systems and the Internet
At a Glance
Instructor’s Manual Table of Contents

Chapter Overview

Chapter Outline

Chapter Principles and Objectives

Teacher Notes

Quick Quizzes

Teaching Tips

Further Readings or Resources

Discussion Questions

Projects to Assign

Key Terms
14-1
Principles of Information Systems, Sixth Edition
Chapter 14
Chapter Overview
Chapter 14 emphasizes the importance of encouraging ethical behavior in the workplace as a means of
reducing computer crime, waste, and computer-related health problems. Managers and users at all levels
play a major role in helping organizations achieve the positive benefits of IS. These individuals must also
take the lead in helping to minimize or eliminate the negative consequences of poorly designed and
improperly utilized information systems. For managers and users to have such an influence, they must be
properly educated.
Chapter Outline
Lecture Topics
Computer Waste and Mistakes
Computer Crime
Privacy
The Work Environment
Page #
14-3
14-3
14-5
14-5
Chapter Principles and Objectives
Principles
Policies and procedures must be established to
avoid computer waste and mistakes.
Learning Objectives


Computer crime is a serious and rapidly growing
area of concern requiring management attention.



Jobs, equipment, and working conditions must be
designed to avoid negative health effects.



14-2
Describe some examples of waste and mistakes
in an IS environment, their causes, and possible
solutions.
Identify policies and procedures useful in
eliminating waste and mistakes.
Explain the types and effects of computer
crime.
Identify specific measures to prevent computer
crime.
Discuss the principles and limits of an
individual’s right to privacy.
List the important effects of computers on the
work environment.
Identify specific actions that must be taken to
ensure the health and safety of employees.
Outline criteria for the ethical use of
information systems.
Principles of Information Systems, Sixth Edition
Chapter 14
Teacher Notes
Computer Waste and Mistakes
The U.S. government is the largest single user of information systems in the world. It should come as no
surprise then that it is also perhaps the largest misuser. The government is not unique in this regard as the
same type of waste and misuse found in the public sector also exists in the private sector. Some companies
discard old software and even complete computer systems when they still have value. Others waste
corporate resources to build and maintain complex systems never used to their fullest extent. A less
dramatic, yet still relevant, example of waste is the amount of company time and money employees may
waste playing computer games, sending unimportant e-mail, or accessing the Internet. Junk e-mail, also
called spam, and junk faxes also cause waste.
Despite many people’s distrust, computers themselves rarely make mistakes. Even the most sophisticated
hardware cannot produce meaningful output if users do not follow proper procedures. Mistakes can be
caused by unclear expectations and a lack of feedback, or a programmer might develop a program that
contains errors. In other cases, a data entry clerk might enter the wrong data. Unless errors are caught early
and prevented, the speed of computers can intensify mistakes. As information technology becomes faster,
more complex, and more powerful, organizations and individuals face increased risks of experiencing the
results of computer-related mistakes.
To remain profitable in a competitive environment, organizations must use all resources wisely. Preventing
computer-related waste and mistakes like those just described should therefore be a goal, and should also
involve: (1) establishing, (2) implementing, (3) monitoring, and (4) reviewing effective policies and
procedures.
Quick Quiz
1.
Who is the largest single user of information systems in the world?
ANSWER: U.S. Government
2.
What is another name for junk e-mails?
ANSWER: Spam
3.
True or False: The speed of computers can intensify mistakes?
ANSWER: True
4.
What can help prevent computer-related waste and mistakes?
ANSWER: Policies and procedures
14-3
Principles of Information Systems, Sixth Edition
Chapter 14
Computer Crime
A computer can be used as a tool to gain access to valuable information and as the means to steal thousands
or millions of dollars. It is, perhaps, a question of motivation as many individuals who commit computerrelated crime claim they do it for the challenge, not for the money. Credit card fraud, whereby a criminal
illegally gains access to another’s line of credit with stolen credit card numbers, is a major concern for
today’s banks and financial institutions.
In general, criminals need two capabilities to commit most computer crimes. First, the criminal needs to
know how to gain access to the computer system and second, he/she must know how to manipulate the
system to produce the desired result. Frequently, a critical computer password has been talked out of an
individual, a practice called social engineering, or the attackers simply go through the garbage (dumpster
diving) for important pieces of information that can help crack the computers or convince someone at the
company to give them more access.
Identity theft is a crime in which an imposter obtains key pieces of personal identification information, such
as social security or driver’s license numbers, in order to impersonate someone else. The information is
then used to obtain credit, merchandise, and services in the name of the victim, or to provide the thief with
false credentials. In addition, there are over 2,000 Web sites that offer digital tools, for free, that will let
people snoop, crash computers, hijack control of a machine, or retrieve a copy of every keystroke.
A computer can also be the object of a crime, rather than the tool for committing one. Tens of millions of
dollars of computer time and resources are stolen every year. Each time system access is illegally obtained,
data or computer equipment is stolen or destroyed, or software is illegally copied, the computer becomes
the object of crime. These crimes fall into several categories: illegal access and use, data alteration and
destruction, information and equipment theft, software and Internet piracy, computer-related scams, and
international computer crime.
Quick Quiz
1.
_____ is a crime in which an imposter obtains key pieces of personal identification
information, such as social security or driver’s license numbers, in order to impersonate
someone else.
ANSWER: Identity theft
2.
Wannabe crackers with little technical savvy who download programs that automate the job
of breaking into computers are called ____.
ANSWER: script bunnies
3.
A(n) _____ is a person that enjoys computer technology and spends time learning and using
computer systems.
ANSWER: hacker
4.
A computer-savvy person that attempts to gain unauthorized access to computer systems is
normally referred to as a(n) _____.
ANSWER: cracker
14-4
Principles of Information Systems, Sixth Edition
Chapter 14
Privacy
The issue of privacy deals with the right to be left alone or to be withdrawn from public view. With
information systems, privacy deals with the collection and use, or misuse of data. Data is constantly being
collected and stored on each of us, and is often distributed over easily accessed networks without our
knowledge or consent. This issue must be addressed.
The right to privacy at work is also an important issue. Currently, the rights of workers who want their
privacy, and the interests of companies that demand to know more about their employees are in conflict. Email also raises some interesting issues about work privacy. Federal law permits employers to monitor email sent and received by employees. Furthermore, e-mail messages that have been erased from hard disks
may be retrieved and used in lawsuits because the laws of discovery demand that companies produce all
relevant business documents.
Some people assume that there is no privacy on the Internet and that you use it at your own risk. Others
believe that companies with Web sites should have strict privacy procedures and be accountable for privacy
invasion. However, the courts are not clear on this issue. Regardless of your view, the potential for privacy
invasion on the Internet is huge. People wanting to invade your privacy could be anyone from criminal
hackers to marketing companies to corporate bosses. Your personal and professional information can be
seized on the Internet without your knowledge or consent.
Quick Quiz
1.
_____ is a screening technology that shields users from Web sites that do not provide the
level of privacy protection they desire
ANSWER: Platform for Privacy Preferences (P3P)
2.
Federal law permits employers to monitor _____ sent and received by employees.
ANSWER: e-mail
3.
A good database design practice is to assign a single unique _____ to each customer
ANSWER: identifier
The Work Environment
The use of computer-based information systems has changed the makeup of the workforce. Jobs that
require IS literacy have increased, and many less-skilled positions have been eliminated. Corporate
programs, such as reengineering and continuous improvement, bring with them the concern that, as
business processes are restructured and ISs are integrated within them, the people involved in these
processes will be removed. However, the growing field of computer technology and IS has opened up
numerous avenues to professionals and nonprofessionals of all backgrounds. Enhanced telecommunications
has been the impetus for new types of business and has created global markets in industries once limited to
domestic markets.
Organizations can increase employee effectiveness by paying attention to the health concerns in today’s
work environment. For some people, working with computers can cause occupational stress. Computer use
may affect physical health as well. Strains, sprains, tendonitis, and other problems account for more than 60
percent of all occupational illnesses and about a third of workers’ compensation claims, according to the
Joyce Institute in Seattle. Other work-related health hazards involve emissions from improperly maintained
and used equipment.
14-5
Principles of Information Systems, Sixth Edition
Chapter 14
Many computer-related health problems are minor and are caused by poorly designed work environments.
The computer screen may be hard to read, with glare and poor contrast. Desks and chairs may also be
uncomfortable. Keyboards and computer screens may be fixed in place or difficult to move. The hazardous
activities associated with these unfavorable conditions are collectively referred to as work stressors.
Although these problems may not be of major concern to casual users of computer systems, continued
stressors such as repetitive motion, awkward posture, and eyestrain may cause more serious and long-term
injuries. If nothing else, these problems can severely limit productivity and performance.
Quick Quiz
1.
What injury can be caused by performing the same action over and over?
ANSWER: Repetitive stress injury (RSI)
2.
What term is used to describe an aggravation of the pathway for nerves that travel through the
wrist?
ANSWER: Carpal Tunnel Syndrome (CTS)
3.
What study results in the design and placement of equipment for employee safety and health?
ANSWER: Ergonomics
4.
True or False: Exercise can help prevent repetitive stress injuries.
ANSWER: True
Teaching Tips






Invite a speaker from the University health center to discuss work-related and computerrelated health problems.
Use an on-line chat room and encourage students to discuss various ethical issues in an anonymous
fashion.
Use classroom debates to make stands on either side of ethical issues.
Ask students to develop their own ethical standards for computer use in the College of Business.
Take an anonymous survey about software and digital music piracy. Discuss the results.
Bring in a diskette that has a virus and demonstrate to students how viruses can be removed with
appropriate software. Be careful on this one!
Further Readings or Resources
Readings
Baird, R., Ramsower, R.M., Rosenbaum, S.E. eds. 2000. Cyberethics : Social & Moral Issues in the
Computer Age. Prometheus Books.
E-mail Virus Protection Handbook, Syngress Media Inc. 2000.
Schmauder, P. (2000). Virus Proof : The Ultimate Guide to Protecting Your PC, Prima Publishing.
Computer Viruses Sites
http://www.f-secure.com/
http://www.virusbtn.com/
14-6
Principles of Information Systems, Sixth Edition
Chapter 14
Computer Ethics Sites
http://www.ethics.ubc.ca/resources/computer/
http://www.brook.edu/its/cei/cei_hp.htm
Discussion Questions
Some interesting topics of discussion in this chapter include the following:



Discuss Information systems use in public schools.
Discuss the issue of free speech versus protection of children on-line.
Discuss the impact of viruses on organizations.
Projects to Assign
1.
2.
3.
Assign Review Questions: 1, 3, 8, 11, and 15.
Assign Problem Solving Exercise 1.
Assign Team Activity 3 or Web Exercise 2 or Case 3.
Key Terms







Antivirus programs - programs or utilities that prevent viruses and recover from them if they
infect a computer.
Application virus - infect executable application files such as word processing programs.
Ergonomics - the study of designing and positioning computer equipment for employee health
and safety.
Hacker - a person who enjoys computer technology and spends time learning and using
computer systems.
Identity theft - a crime in which an imposter obtains key pieces of personal identification
information, such as social security or driver’s license numbers, in order to impersonate someone
else.
Virus - a program that attaches itself to other programs.
Worm - an independent program that replicates its own program files until it interrupts the
operation of networks and computer systems.
14-7