Chapter 121 Introduction to Information Technology Turban, Rainer and Potter John Wiley & Sons, Inc. Copyright 2005.

Chapter 12 1

Introduction to Information Technology Turban, Rainer and Potter John Wiley & Sons, Inc.Copyright 2005

Chapter 12 2

IT Ethics, Impacts, and Security

Chapter 12 3“ Copyright 2005 John Wiley & Sons Inc.”

Chapter Outline

Ethical Issues Impact of IT on organizations and jobs Impacts on individuals at work Societal impacts and Internet communities IS vulnerability and computer crimes Protecting information resources


Learning Objectives

Describe the major ethical issues related to information technology and identify situations in which they occur.Identify the major impacts of information technology on organizational structure, power, jobs, supervision, and decision making. Understand the potential dehumanization of people by computers and other potential negative impacts of information technology.Identify some of the major societal effects of information technology.Describe the many threats to information security. Understand the various defense mechanisms used to protect information systems.Explain IT auditing and planning for disaster recovery.


Ethics. A branch of philosophy that deals with what is considered to be right and wrong.

Code of ethics. A collection of principles intended as a guide for the members of company or an organization.

Ethical issues can be categorized into four types:Privacy

Accuracy

Property

Accessibility

12.1 Ethical Issues


Protecting Privacy

Privacy. The right to be left alone and to be free of unreasonable personal intrusions

Two rules have been followed fairly closely in past court decision in many countries:

The right of privacy is not absolutes. Privacy must be balanced against the needs of society

The public’s right to know is superior to the individual’s right of privacy.


Electronic surveillance. The tracking of people‘s activities, online or offline, with the aid of computers.

Privacy policies/codes. An organization’s guidelines with respect to protecting the privacy of customers, clients, and employees. .

Protecting Privacy cont…


Intellectual property. The intangible property created by individuals or corporations, which is protected under trade secret, patent, and copyright, laws.

Trade secret. Intellectual work such as a business plan, that is a company secret and is not based on public information.

Patent. A document that grants the holder exclusive rights on an invention or process for 20 years.

Copyright. A grant that provides the creator of intellectual property with ownership of it for the life of the creator plus 70 years.

Protecting Intellectual Property


The use of information technologies, most recently the web, has brought many organizational changes in areas such as structure, authority, power, job content, employee career ladders, supervision and manager’s job.

12.2 Impacts of IT on organizations and Jobs


How will organizations change?

Fatter organization hierarchies.Changes in supervision.Power and status.


How will job change?

Job content

Employee career ladders

The manager’s job


Will my job be eliminated?Dehumanization and psychological impacts Dehumanization: Loss of identityInformation anxiety: Disquiet caused by an overload of information Impacts on health and safetyErgonomics: The science of adapting machines and work environment to people.

12.3 Impacts on Individuals at Work


12.4 Societal Impact and Internet Communities

Opportunities for people with disabilitiesQuality-of-life improvementsTechnology and privacyThe digital divideFree speech versus censorshipControlling spamVirtual communities


Scanning crowds for criminals Cookies and individual privacy Digital millennium Copyright Act and Privacy

Technology and privacy


The Digital Divide

The gap in computer technology in general, and now in web technology, between those who have such technology and those who do not.

Cybercafés: Public places in which Internet terminals are available usually for a small fee.


Free speech versus censorship

Controlling spam.

Spamming. The practice of indiscriminately broadcasting message over the Internet .


Groups of people with similar interests who interact and communicate via the Internet

Virtual communities


Identity theft. Crime in which someone uses the personal information of others to create a false identity and then uses it for some fraud.

12.5 IS Vulnerability and Computer Crimes


Security Terms

Term Definition

Backup An extra copy of data and/or programs, kept in a secured location (s)

Decryption Transformation of scrambled code into readable data after transmission

Encryption Transmission of data into scrambled code prior to transmission

Exposure The harm, loss, or damage that can result if something has gone wrong in information system.

Fault tolerance The ability of an information system to continue to operate (usually for a limited time and/or at reduced level) when a failure occurs

Information system controls The procedure, devices, or software that attempt to ensure that system performs as planned.

Integrity (of data) The procedure, devices or software that attempt to ensure that the system performs as planned.

Risk A guarantee of the accuracy, completeness, and reliability of data, system integrity is provided by the integrity of its components and their integration

Threats (or hazards) The likelihood that a threat will materialize

Vulnerability Given that a threat exists, the susceptibility of the system to harm caused by the threat.


Hacker. An outside person who has penetrated a computer system, usually with no criminal intent.Cracker. A malicious hacker.Social engineering. Getting around security systems by tricking computer users into revealing sensitive information or gaining unauthorized access privileges. Cybercrimes. Illegal activities executed on the Internet.Identify theft. A criminal (the identity thief) poses as someone else. Cyberwar. War in which a country’s information systems could be paralyzed from a massive attack by destructive software.Virus. Software that can attach itself to (‘’infect’’) other computer programs without the owner of the program being aware of the infection.

Type of computer crimes and criminals


Security TermsMethod Definition

Virus Secret instructions inserted into programs (or data) that are innocently ordinary tasks. The secret instructions may destroy or alter data as well as spread within or between computer systems

Worm A program that replicates itself and penetrates a valid computer system. It may spread within a network, penetrating all connected computers.

Trojan horse An illegal program, contained within another program, that ‘’sleep' until some specific event occurs then triggers the illegal program to be activated and cause damage.

Salami slicing A program designed to siphon off small amounts of money from a number of larger transactions, so the quantity taken is not readily apparent.

Super zapping A method of using a utility ‘’zap’’ program that can bypass controls to modify programs or data

Trap door A technique that allows for breaking into a program code, making it possible to insert additional instructions.

Logic bomb An instruction that triggers a delayed malicious act

Denial of services Too many requests for service, which crashes the site

Sniffer A program that searches for passwords or content in packet of data as they pass through the Internet

Spoofing Faking an e-mail address or web-page to trick users to provide information instructions

Password cracker A password that tries to guess passwords (can be very successful)

War dialling Programs that automatically dial thousands of telephone numbers in an attempt to identify one authorized to make a connection with a modem, then one can use that connection to break into databases and systems

Back doors Invaders to a system create several entry points, even if you discover and close one, they can still get in through others

Malicious applets Small Java programs that misuse your computer resource, modify your file, send fake e-mail, etc


12.6 Protecting Information Resources

Controls Securing your PC Concluding thoughts about computer Auditing information systems Disaster recovery planning


Disaster recovery. The chain of events linking planning to protection to recovery.Disaster avoidance. A security approach oriented toward prevention.Backup location. Location where, in the event of a major disaster, an extra copy of data and/ or key programs are kept.Hot site. Location at which vendors provide access to a fully configured backup data center.

Protecting Information Resources cont…


All rights reserved. Reproduction or translation of this work beyond that permitted in section 117 of the United States Copyright Act without express permission of the copyright owner is unlawful. Request for information should be addressed to the permission department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The publisher assumes no responsibility for error, omissions, or damages caused by the use of these programs or from the use of the information herein.

Chapter 121 Introduction to Information Technology Turban, Rainer and Potter John Wiley & Sons, Inc. Copyright 2005.

Documents

privacy privacy

right of privacy

potter john wiley sons

privacy cont slide

jobs slide

intellectual property

information security

security slide