Implementing It: Ethics, Impacts, and Security

1
Introduction to Information Technology

Turban, Rainer and Potter
Chapter 15 Implementing IT: Ethics, Impacts, and Security
CHAPTER 15
IMPLEMENTING IT:
ETHICS, IMPACTS,
AND SECURITY

Learning Objectives
Describe the major ethical issues related to information
technology and identify situations in which they occur
Identify the major impacts of information technology on
organizational structure, power, jobs, supervision, and
decision making
Understand the potential dehumanization of people by
computers and other potential negative impacts of
information technology
Identify some of the major societal effects of
information technology
Describe the many threats to information security
Understand the various defense mechanisms of
information systems
Explain IT auditing and planning for disaster recovery

Chapter Overview
Ethical Issues
Impacts of IT on
Organizations and Jobs
A Framework
How will
for Ethics
Organizations be
Protecting Privacy
changed?
Protecting
How will Jobs be
Intellectual Property Changed?
Other Considerations
Societal Impacts and
Internet Communities
Improved Quality
of life
Telecommuting
Security is a Concern
for Everyone
Threats to
information Systems
Systems Vulnerability
Computer Crimes
Impacts on Individuals at
Work
Will my Job be Eliminated?
Dehumanization and
Psychological Impacts
Impact on Health and Safety
Other Impacts
Protecting
Information Systems
Defence Strategies: How do
we Protect IT?
Auditing Information
Systems
Disaster Recovery Planning
Security in the 21st Century

Case: Music Retailer Finds

Commerce in Communities
The Business Problem
N2K, a retailer in the music industry, merged

with an Internet Music store called Music
Boulevard (www.musicblvd.com), but sales were small
The Solution
The company created genre-specific sites where each is

focused on the specific needs of an Internet community.
The Internet is viewed as a network that provides new kinds
of spaces, a world of online communities and virtual chat
room.
The Results
Increased sales dramatically

High level of members loyalty to the site
Minimal inventory cost

Case (continued)
What have we learned from this case??
The concept of internet communities can
offer the opportunity to significantly
increase an online companys revenue and
profit
IT has had an impact on society as well as on
corporate operations and marketing methods

Ethical Issues
Ethics is a branch of philosophy that deals with
what is considered to be right and wrong
What is unethical is not necessarily illegal
Codes of ethics is a collection of principles
intended as a guide for members of a company
or an association
Ethics differ in countries and
companies

Ethical Issues (continued )

A Framework for Ethics Issues
Privacy
Issues
Accuracy
Issues
Property
Issues
What information about oneself should an individual

be required to reveal to others?
What kind of surveillance can an employer use on its
employees?
Who is responsible for the authenticity, fidelity, and
accuracy of information collected?
How can we ensure that information will be processed
properly and presented accurately to users?
Who owns the information?
What are the just and fair prices for its exchange?
Accessibility Who is allowed to access information?

How much should be charged for permitting
Issues
accessibility to information?


Protecting Privacy
privacy - different things to different people
four stages of privacy
solitude intimacy anonymity reserve
too expensive, cumbersome, and complex to

invade information privacy
personal computers, powerful software, large
databases, and the internet have created an
entirely new dimension of accessing and using
personal data


Electronic Surveillance (monitoring computer users)
American Civil Liberties Union (ACLU) estimates
that tens of millions of computer users are monitored
Personal Information in Databases

people may not appreciate the intrusion of vendors
commercial companies advise individuals about how
to protect their rights, and it monitors several database
10


Information on Internet Bulletin Boards and
Newsgroups
how does society keep owners of bulletin
boards from disseminating information that
may be offensive to readers?
highlights the conflict between freedom of
speech, privacy, and ethics
Privacy codes and Polices

helps organizations avoid legal problems
11

International Aspects of Privacy

Guidelines to protect individuals privacy in
the electronic age in Europe are very strict
Collection limitation
Data quality
Purpose specification
Use limitation
Security safeguards
Openness
Individual participation
12

Data
Collection
Data should be collected on individuals only for the purpose of accomplishing a

legitimate business objective.
Data should be adequate, relevant, and not excessive in relation to the business
objective.
Individuals must give their consent before data pertaining to them can be gathered.
Data
Accuracy
Sensitive data gathered on individuals should be verified before it is entered into the
database.
Data should be accurate and, where and when necessary, keep current.
The file should be made available so the individual can ensure that the data are correct.
If there is disagreement about the accuracy of the data, the individuals version should
be noted and included with any disclosure of the file.
Data
Confidentiality
Privacy Policy Guidelines A Sampler
Computer security procedures should be implemented to provide reasonable

assurance against unauthorized disclosure of data. They should include physical,
technical, and administrative security measures.
Third parties should not be given access to data without the individuals knowledge
or permission, except as required by law.
Disclosures of data, other than the most routine, should be noted and maintained for
as long as the data are maintained.
Data should not be disclosed for reasons incompatible with the business objective for
which they are collected.
13

Protecting Intellectual Property

Intellectual property - the intangible property
created by individuals or corporations
Protected under
Copyright - a statutory grant that provides the
creators of intellectual property with ownership of
it for 28 years
Trade secret - intellectual work such as a
business plan which is a company secret and is not
based on public information
Patent - a document that grants the holder
exclusive rights on an invention for 17 years
14

The Impacts of IT
on Organizations and Jobs
How will organizations be changed?
Flatter organizational hierarchies
It is reasonable to assume that fewer managerial
levels will exist in many organizations, and there
will be fewer staff and line managers.
Changes in supervision
an employees work is performed online and stored
electronically introducing the possibility for greater
electronic supervision.
Powers and status

Knowledge is power.

15
The Impacts of IT
on Organizations and Jobs
How will jobs be changed?
Job content
Changes in job content occur when work
is redesigned
Employee career ladders

the use of IT may short-cut a portion of
learning curve by capturing and more
efficiently managing knowledge
The managers job

It can change the manner in which many
decisions are made and consequently
change managers jobs.
16

Impacts on Individuals at Work

Will my Job be Eliminated?
IT can significantly increase the productivity of
employees, restructuring their job content and
changing the skill requirement of many jobs.
Because computers are becoming smarter and
more capable as time passes, the competitive
advantage of replacing people with machines is
increasing rapidly.
But many computer-related job are being
created.

17

(continues )
Dehumanization
computers reduce or eliminate the human element that
was present in the non-computerized systems
computer-supported activities may dehumanize people
Psychological impacts
people may feel depression and loneliness if they work and
shop from their living rooms
the lack of social contacts could be damaging to childrens
development if they are schooled at home through IT
Job satisfaction
Some jobs may become more routine and less satisfying

18

(continues )
Impacts on Health and Safety

Job stress - computerization has created an ever-increasing
workload on many people
Video display terminals (VDTs) - radiation exposure

has been associated with cancer and other health-related
problems
Repetitive strain injuries - backaches and muscle tension

in the wrists and fingers
Lessening the Negative Impact on Health and Safety

- ergonomic techniques focus on creating an environment for
workers that are well lit, comfortable and safe
Drug Store
Department Store
Education and
Medical System
Supermarket
Education
Administration
and Records
Computer
Assisted
Education
Money Oared
Real Estate
Stocks
Integrated
Financial
Database
Entertainment
, Business,
and Education
Home
Information System
Hospital
Administration
and Treatment
Central Medical
Database
Public and Private

Service System
Environmental
and appliances
Security
Travel
Reservations
Leisure Time System
Insurance and
Brokerage
Accounting
and Legal
Police and
Fire
Theatre and
Entertainment
Hotel
Reservations
19
Information Systems and

the Individuals
The Individual
Electronic Funds Transfer / Electric Commerce
Financial System
Consumer
System
20

Societal Impacts
Improved Quality of Life
Opportunities for people with disabilities
The integration of intelligent systems, such as speech
and vision recognition, into a computer-based
information system can create new employment
opportunities for people with disabilities.
Improvements in heath care
IT brought about major improvements in health care
delivery, ranging from better and faster diagnoses, to
expedited research and development of new drugs, to
more accurate monitoring of critically ill patients.
21

Societal Impacts (continued )

Improved Quality of Life
Help for the consumer
IT systems help the lay person perform
tasks that require expertise.
Robots performing hard and hazardous labor
Robots can work in uncomfortable or
dangerous environments.
Crime fighting
Improvement in education and other benefits
22

Communities of Interest : provide place for
people to interact with each other on a specific topic
Communities of Relations : be organized
around certain life experiences
Communities of Fantasy : provide place for
participants create imaginary environments
Communities of Transactions : facilitate buying
and selling
Communities of Professionals : support
professional communication and the exchange of
valuable work or research-related information

23
Telecommuting
Benefits
To the employees
Less stress
Ability to go to school
while working
Improved family life
Money is saved
Commuting time is
saved
Ability to control
schedule and manage
time better
Employment
opportunities
for housebound people
To the organization
To society
Increased productivity
Less use of
Reduced real estate cost
fossil fuels
Reduced cost of parking Fewer
Ability to retain
traffic
skilled employees
problems;
Ability to tap remote
including
labor pool
less air
Lower labor and
pollution
absenteeism cost
More
Better interaction of
business for
employees with clients
suburbs and
and suppliers
rural areas
24

Telecommuting (continued )
Telecommuting and Productivity
Increase productivity by
increased motivation and satisfaction
reduced absenteeism
forces managers to manage by results instead
of by overseeing
Reduce productivity by
some employees need to work with others
not all jobs can be done while telecommuting
not all managers can participate

25
Security
Security Threats
Database
Database
Access rules
Radiation
Systems Software
Hardware
Processor
Tap
Crosstalk
Terminals
Systems
Programmer
Operator
Authorizer
Application
Programmer
External Environment
Terminal User

26
Computer Crimes
Types of computer crimes
computers are the target of the crime
computers are the medium of the attack by creating an
environment in which a crime or fraud can occur
computers are the tool by which the crime is perpetrated
computers are used to intimidate or deceive
Criminals
hackers - outsider people who penetrate a computer system
crackers - malicious hackers who may represent a serious
problem for organizations

27
Computer Crime (continues ...)

Computer Crime
Methods of Attack
Data tampering
Programming fraud
Viruses
receiving its name from the programs ability to
attach itself to other computer programs, causing
them to become viruses themselves
Representative federal laws

Computer Fraud and Abuse Act (1986)
Computer Security act of 1987
28

Protecting Information Systems

Some of the reasons that make it complex
or expensive to defend information systems
Hundreds of potential threats exists.
Computing resources may be situated in many
locations.
Many individuals control information assets.
Computer networks can be outside the
organization and difficult to protect.
People tend to violate security procedures
because the procedures are inconvenient

29

(continued )
Defense strategies
Controls for prevention and deterrence - prevent
errors from occurring, deter criminals from attacking the
system, deny access to unauthorized people
Detection - the earlier it is detected, the earlier it is to

combat and the less damage
Limitation - minimizing losses once a malfunction has

occurred
Recovery - explains how to fix a damaged information

system as quickly as possible
Correction - prevent the problem from occurring again

30

(continued )
General Controls - protect the system regardless of

the specific application
Physical controls
provides protection against most natural hazards
as well as against some human-created hazards
Access controls
restrict unauthorized user access to a portion of
a computer system or to the entire system
31


(continued )
General Controls (CONT)

Biometric controls
verify the identity of a person, based on
physiological or behavioral characteristics
hand geometry, blood vessel pattern in the
retina of an eye, voice, signature, keystroke
dynamics, facial thermography, fingerprints
Data security controls
protect data from accidental or intentional
disclosure to unauthorized persons, or from
unauthorized modification or destruction
32


(continued )
Application controls - protect specific

application
Input controls
prevent data alteration or loss
Processing controls
allow only authorized users to access
certain programs or facilities
monitor the computers use by individuals
Output controls
ensure that outputs are sent only to
authorized personnel

33
Network Protections and Firewalls

Access Control
guards against unauthorized dial-in attempts
Encryption
encodes regular digitized text into unreadable
scrambled text or numbers, to be decoded upon receipt
Cable Testers
finds almost any fault that can occur with LAN cabling
Firewalls
enforces an access control policy between two networks
do not protect against viruses

34
Auditing Information Systems

Audit
additional layer of controls or safeguards
Types of Auditors and Audits

internal auditor
audit information systems
external auditor
reviews the findings of the internal audit
and the inputs, processing, and outputs of
information systems

35
How is Auditing Executed?

Auditing
around
the computer
Auditing
through
the computer
Auditing
with
the computer
36


Disaster Recovery of Information Systems
the chain of events linking planning to
protection to recovery from a disaster
keep the business running after a disaster
occurs
Disaster Avoidance
an approach oriented toward prevention
Back-up Arrangements
an extra copy of data and/or programs are
kept in another location
37


(continued )
Planning for a recovery from Disasters

Isolate data that change frequently
Keep management and technical
procedures separate
Dont include data in the plan if it can be
obtained elsewhere after the disaster
Write a plan that is independent of
organization, positions, and personnel
Gather data on a daily basis
38

IT Security in the 21st Century

Computer control and security are
receiving increased attention
almost 70 percent of all U.S. corporations
have battled computer viruses
the latest technologies need to be
employed to protect against viruses and
computer crimes
using intelligent systems for detecting
intruders and crimes

39
How Technologies Improved

IT Security
Area
Improved systems reliability
Early or real time detection
of intrusion, failures, or
noncompliance with rules
Auditing information systems
Troubleshooting
Disaster planning
Access protection
IT Solution
Fault tolerance systems, multiple disks
Intelligent agents monitor performance,
compare to standards, analyze profiles
(e.g., Network Associates Inc.)
Neural computer can detect fraud and
expert systems evaluate controls
Quick diagnosis by expert system,
especially on networks and the Internet
Internet-based expert systems for selfassessment including planning and
disaster recovery
Smart cards

40
Whats in IT for Me?

For Accounting
Accountant involved in Web-based auditing,
security of data, and fraud prevention and
detection programs
For Finance
Finance and banking industry is concerned
about security and auditing in electronic
commerce, computer criminals, the hazards
and the available controls

41
Whats in IT for Me? (continued )

For Marketing
Marketers do not want to be sued because of
invasion of privacy in data collected, nor do
they want their innovative marketing strategies
to fall into the hands of competitors
For Human Resources Management

Motivation, supervision, career development,
recruiting, and more are all affected by IT
Telecommuting is implemented by HRM

Implementing It: Ethics, Impacts, and Security

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Implementing It: Ethics, Impacts, and Security

Uploaded by

Copyright:

Available Formats

1

Introduction to Information Technology

Introduction to Information Technology

Introduction to Information Technology

Introduction to Information Technology

Case: Music Retailer Finds

N2K, a retailer in the music industry, merged

The company created genre-specific sites where each is

Increased sales dramatically

Introduction to Information Technology

Introduction to Information Technology

Introduction to Information Technology

Ethical Issues (continued )

What information about oneself should an individual

Accessibility Who is allowed to access information?

Introduction to Information Technology

Ethical Issues (continued )

too expensive, cumbersome, and complex to

Introduction to Information Technology

Ethical Issues (continued )

Personal Information in Databases

Introduction to Information Technology

Ethical Issues (continued )

Privacy codes and Polices

Introduction to Information Technology

International Aspects of Privacy

Introduction to Information Technology

Data should be collected on individuals only for the purpose of accomplishing a

Privacy Policy Guidelines A Sampler

Computer security procedures should be implemented to provide reasonable

Introduction to Information Technology

Protecting Intellectual Property

Introduction to Information Technology

Powers and status

Introduction to Information Technology

Employee career ladders

The managers job

Introduction to Information Technology

Impacts on Individuals at Work

Introduction to Information Technology

Impacts on Individuals at Work

Introduction to Information Technology

Impacts on Individuals at Work

Impacts on Health and Safety

Video display terminals (VDTs) - radiation exposure

Repetitive strain injuries - backaches and muscle tension

Lessening the Negative Impact on Health and Safety

Public and Private

Leisure Time System

Information Systems and

Introduction to Information Technology

Introduction to Information Technology

Societal Impacts (continued )

Introduction to Information Technology

Introduction to Information Technology

Introduction to Information Technology

Introduction to Information Technology

Introduction to Information Technology

Introduction to Information Technology

Computer Crime (continues ...)

Representative federal laws

Introduction to Information Technology

Protecting Information Systems