I ch15

Introduction to Information Technology
Turban, Rainer and Potter

Chapter 15 Implementing IT: Ethics, Impacts, and Security
CHAPTER 15
IMPLEMENTING IT:
ETHICS, IMPACTS,
AND SECURITY
Learning Objectives
Describe the major ethical issues related to information
technology and identify situations in which they occur
Identify the major impacts of information technology on
organizational structure, power, jobs, supervision, and
decision making
Understand the potential dehumanization of people by
computers and other potential negative impacts of
information technology
Identify some of the major societal effects of
information technology
Describe the many threats to information security
Understand the various defense mechanisms of
information systems
Explain IT auditing and planning for disaster recovery
Chapter Overview
Ethical Issues Impacts of IT on Impacts on Individuals at
Organizations and Jobs Work
• A Framework • How will • Will my Job be Eliminated?
for Ethics Organizations be • Dehumanization and
• Protecting Privacy changed? Psychological Impacts
• Protecting • How will Jobs be • Impact on Health and Safety
Intellectual Property Changed? • Other Impacts
•Other Considerations
Societal Impacts and Security is a Concern Protecting

Internet Communities for Everyone Information Systems
• Improved Quality • Threats to • Defence Strategies: How do
of life information Systems we Protect IT?
• Internet • Systems Vulnerability • Auditing Information
Communities • Computer Crimes Systems
• Telecommuting • Disaster Recovery Planning
• Security in the 21st Century
Case: Music Retailer Finds
Commerce in Communities
 The Business Problem
N2K, a retailer in the music industry, merged
with an Internet Music store called Music
Boulevard (www.musicblvd.com), but sales were small
The Solution
The company created genre-specific sites where each is
focused on the specific needs of an Internet community.
The Internet is viewed as a network that provides new kinds
of “spaces,” a world of online communities and virtual chat
room.
The Results
Increased sales dramatically
High level of members’ loyalty to the site
Minimal inventory cost
Case (continued…)
What have we learned from this case??

The concept of internet communities can
offer the opportunity to significantly
increase an online company’s revenue and
profit
IT has had an impact on society as well as on
corporate operations and marketing methods
Ethical Issues
Ethics is a branch of philosophy that deals

with what is considered to be right and wrong
What is unethical is not necessarily illegal
Codes of ethics is a collection of principles
intended as a guide for members of a company
or an association
Ethics differ in countries and
companies
Ethical Issues (continued …)

A Framework for Ethics Issues
Privacy  What information about oneself should an individual
Issues be required to reveal to others?
 What kind of surveillance can an employer use on its
employees?
Accuracy  Who is responsible for the authenticity, fidelity, and
Issues accuracy of information collected?
 How can we ensure that information will be processed
properly and presented accurately to users?
Property  Who owns the information?
Issues  What are the just and fair prices for its exchange?
Accessibility  Who is allowed to access information?
Issues  How much should be charged for permitting
accessibility to information?

Protecting Privacy
privacy - different things to different people
four stages of privacy
solitude intimacy anonymity reserve
too expensive, cumbersome, and complex to
invade information privacy
personal computers, powerful software, large
databases, and the internet have created an
entirely new dimension of accessing and using
personal data
Electronic Surveillance (monitoring computer users)

American Civil Liberties Union (ACLU) estimates
that tens of millions of computer users are monitored
Personal Information in Databases
people may not appreciate the intrusion of vendors
commercial companies advise individuals about how
to protect their rights, and it monitors several database

Information on Internet Bulletin Boards
and Newsgroups
how does society keep owners of bulletin
boards from disseminating information that
may be offensive to readers?
highlights the conflict between freedom of
speech, privacy, and ethics
Privacy codes and Polices
helps organizations avoid legal problems
International Aspects of Privacy
Guidelines to protect individuals’ privacy in

the electronic age in Europe are very strict
Collection limitation Data quality
Purpose specification Use limitation
Security safeguards Openness
Individual participation
Privacy Policy Guidelines -

A Sampler
 Data should be collected on individuals only for the purpose of accomplishing a
Collection
legitimate business objective.

Data
 Data should be adequate, relevant, and not excessive in relation to the business
objective.
 Individuals must give their consent before data pertaining to them can be gathered.
 Sensitive data gathered on individuals should be verified before it is entered into the
database.
Accuracy
 Data should be accurate and, where and when necessary, keep current.
Data
 The file should be made available so the individual can ensure that the data are correct.
 If there is disagreement about the accuracy of the data, the individual’s version should
be noted and included with any disclosure of the file.
 Computer security procedures should be implemented to provide reasonable
Confidentiality
assurance against unauthorized disclosure of data. They should include physical,

technical, and administrative security measures.
 Third parties should not be given access to data without the individual’s knowledge
Data
or permission, except as required by law.

 Disclosures of data, other than the most routine, should be noted and maintained for
as long as the data are maintained.
 Data should not be disclosed for reasons incompatible with the business objective for
which they are collected.
Protecting Intellectual Property

Intellectual property - the intangible property
created by individuals or corporations
Protected under
Copyright - a statutory grant that provides the
creators of intellectual property with ownership of
it for 28 years
Trade secret - intellectual work such as a
business plan which is a company secret and is not
based on public information
Patent - a document that grants the holder
exclusive rights on an invention for 17 years
The Impacts of IT
on Organizations and Jobs
How will organizations be changed?
Flatter organizational hierarchies
It is reasonable to assume that fewer managerial
levels will exist in many organizations, and there
will be fewer staff and line managers.
Changes in supervision
an employee’s work is performed online and stored
electronically introducing the possibility for greater
electronic supervision.
Powers and status
Knowledge is power.
The Impacts of IT
on Organizations and Jobs
How will jobs be changed?
Job content
Changes in job content occur when work
is redesigned
Employee career ladders
the use of IT may short-cut a portion of
learning curve by capturing and more
efficiently managing knowledge
The manager’s job
It can change the manner in which many
decisions are made and consequently
change managers’ jobs.
Impacts on Individuals at Work

Will my Job be Eliminated?
IT can significantly increase the productivity of
employees, restructuring their job content and
changing the skill requirement of many jobs.
Because computers are becoming “smarter” and
more capable as time passes, the competitive
advantage of replacing people with machines is
increasing rapidly.
But many computer-related job are being
created.

(continues …)
Dehumanization
computers reduce or eliminate the human element that
was present in the non-computerized systems
computer-supported activities may dehumanize people
Psychological impacts
people may feel depression and loneliness if they work and
shop from their living rooms
the lack of social contacts could be damaging to children’s
development if they are schooled at home through IT
Job satisfaction
Some jobs may become more routine and less satisfying

(continues …)
Impacts on Health and Safety
Job stress - computerization has created an ever-increasing
workload on many people
Video display terminals (VDTs) - radiation exposure
has been associated with cancer and other health-related
problems
Repetitive strain injuries - backaches and muscle tension
in the wrists and fingers
Lessening the Negative Impact on Health and Safety
- ergonomic techniques focus on creating an environment for
workers that are well lit, comfortable and safe
Hotel
Reservations
Theatre and
Police and Entertainment
Fire
Travel
Accounting Reservations
Leisure Time System

and Legal
Service System
Insurance and Security
Public and Private

Brokerage
Environmental
and appliances
Home
Entertainment
Central Medical , Business,
Database
Information System
and Education
the Individuals
Hospital
Administration
The Individual
and Treatment
Integrated
Computer Financial
Assisted Database
Education
Education and
Medical System
Education Money Oared

Administration Real Estate
and Records Stocks
Financial System
Information Systems and
Electronic Funds Transfer / Electric Commerce
Supermarket
Department Store
System
Consumer
Drug Store
Societal Impacts
Improved Quality of Life
Opportunities for people with disabilities
The integration of intelligent systems, such as speech
and vision recognition, into a computer-based
information system can create new employment
opportunities for people with disabilities.
Improvements in heath care
IT brought about major improvements in health care
delivery, ranging from better and faster diagnoses, to
expedited research and development of new drugs, to
more accurate monitoring of critically ill patients.
Societal Impacts (continued …)

Improved Quality of Life
Help for the consumer
IT systems help the lay person perform
tasks that require expertise.
Robots performing hard and hazardous labor
Robots can work in uncomfortable or
dangerous environments.
Crime fighting
Improvement in education and other benefits
Internet Communities
Communities of Interest : provide place for
people to interact with each other on a specific topic
 Communities of Relations : be organized
around certain life experiences
 Communities of Fantasy : provide place for
participants create imaginary environments
Communities of Transactions : facilitate
buying and selling
Communities of Professionals : support
professional communication and the exchange of
valuable work or research-related information
Telecommuting
 Benefits
To the employees To the organization To society
• Less stress • Increased productivity • Less use of
• Ability to go to school • Reduced real estate cost fossil fuels
while working • Reduced cost of parking • Fewer
• Improved family life • Ability to retain traffic
• Money is saved skilled employees problems;
• Commuting time is • Ability to tap remote including
saved labor pool less air
• Ability to control
• Lower labor and pollution
schedule and manage
time better absenteeism cost • More
• Employment • Better interaction of business for
opportunities employees with clients suburbs and
for housebound people and suppliers rural areas
Telecommuting (continued …)
 Telecommuting and Productivity
Increase productivity by
increased motivation and satisfaction
reduced absenteeism
forces managers to manage by results instead
of by overseeing
Reduce productivity by
some employees need to work with others
not all jobs can be done while telecommuting
not all managers can participate
Security
Security Systems Software
Threats
Database Hardware Tap Application
Programmer
Database Processor Crosstalk
Access rules
Terminals
Radiation Systems
Programmer Terminal User
Operator
Authorizer External Environment

Computer Crimes
Types of computer crimes
computers are the target of the crime
computers are the medium of the attack by creating an
environment in which a crime or fraud can occur
computers are the tool by which the crime is perpetrated
computers are used to intimidate or deceive
Criminals
hackers - outsider people who penetrate a computer system
crackers - malicious hackers who may represent a serious
problem for organizations
Computer Crime (continues ...)

Computer Crime
Methods of Attack
Data tampering
Programming fraud
Viruses
receiving its name from the program’s ability to
attach itself to other computer programs, causing
them to become viruses themselves
Representative federal laws
Computer Fraud and Abuse Act (1986)
Computer Security act of 1987
Protecting Information Systems

Some of the reasons that make it complex
or expensive to defend information systems
Hundreds of potential threats exists.
Computing resources may be situated in many
locations.
Many individuals control information assets.
Computer networks can be outside the
organization and difficult to protect.
People tend to violate security procedures
because the procedures are inconvenient

(continued …)
Defense strategies
Controls for prevention and deterrence - prevent
errors from occurring, deter criminals from attacking the
system, deny access to unauthorized people
Detection - the earlier it is detected, the earlier it is to
combat and the less damage
Limitation - minimizing losses once a malfunction has
occurred
Recovery - explains how to fix a damaged information
system as quickly as possible
Correction - prevent the problem from occurring again

(continued …)
General Controls - protect the system regardless
of the specific application
Physical controls
provides protection against most natural hazards
as well as against some human-created hazards
Access controls
restrict unauthorized user access to a portion of
a computer system or to the entire system

(continued …)
General Controls (CONT’)
Biometric controls
verify the identity of a person, based on
physiological or behavioral characteristics
hand geometry, blood vessel pattern in the
retina of an eye, voice, signature, keystroke
dynamics, facial thermography, fingerprints
Data security controls
protect data from accidental or intentional
disclosure to unauthorized persons, or from
unauthorized modification or destruction

(continued …)
Application controls - protect specific
application
Input controls
prevent data alteration or loss
Processing controls
allow only authorized users to access
certain programs or facilities
monitor the computer’s use by individuals
Output controls
ensure that outputs are sent only to
authorized personnel
Network Protections and Firewalls

Access Control
guards against unauthorized dial-in attempts
Encryption
encodes regular digitized text into unreadable
scrambled text or numbers, to be decoded upon receipt
Cable Testers
finds almost any fault that can occur with LAN cabling
Firewalls
enforces an access control policy between two networks
do not protect against viruses
Auditing Information Systems

Audit
additional layer of controls or safeguards
Types of Auditors and Audits
internal auditor
audit information systems
external auditor
reviews the findings of the internal audit
and the inputs, processing, and outputs of
information systems
How is Auditing Executed?
Auditing
around
the computer
Auditing
through
the computer
Auditing
with
the computer
Disaster Recovery Planning

Disaster Recovery of Information Systems
the chain of events linking planning to
protection to recovery from a disaster
keep the business running after a disaster
occurs
Disaster Avoidance
an approach oriented toward prevention
Back-up Arrangements
an extra copy of data and/or programs are
kept in another location
Disaster Recovery Planning

(continued …)
Planning for a recovery from Disasters
Isolate data that change frequently
Keep management and technical
procedures separate
Don’t include data in the plan if it can be
obtained elsewhere after the disaster
Write a plan that is independent of
organization, positions, and personnel
Gather data on a daily basis
IT Security in the 21st Century

Computer control and security are
receiving increased attention
almost 70 percent of all U.S. corporations
have battled computer viruses
the latest technologies need to be
employed to protect against viruses and
computer crimes
using intelligent systems for detecting
intruders and crimes
How Technologies Improved

IT Security
Area IT Solution
Improved systems reliability Fault tolerance systems, multiple disks
Early or real time detection Intelligent agents monitor performance,
of intrusion, failures, or compare to standards, analyze profiles
noncompliance with rules (e.g., Network Associates Inc.)
Auditing information systems Neural computer can detect fraud and
expert systems evaluate controls
Troubleshooting Quick diagnosis by expert system,
especially on networks and the Internet
Disaster planning Internet-based expert systems for self-
assessment including planning and
disaster recovery
Access protection Smart cards
What’s in IT for Me?

For Accounting
Accountant involved in Web-based auditing,
security of data, and fraud prevention and
detection programs
For Finance
Finance and banking industry is concerned
about security and auditing in electronic
commerce, computer criminals, the hazards
and the available controls
What’s in IT for Me? (continued …)

 For Marketing
Marketers do not want to be sued because of
invasion of privacy in data collected, nor do
they want their innovative marketing strategies
to fall into the hands of competitors
For Human Resources Management
Motivation, supervision, career development,
recruiting, and more are all affected by IT
Telecommuting is implemented by HRM

I ch15

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

I ch15

Uploaded by

Copyright:

Available Formats

Introduction to Information Technology

Turban, Rainer and Potter

Societal Impacts and Security is a Concern Protecting

What have we learned from this case??

Ethics is a branch of philosophy that deals

Ethical Issues (continued …)

Ethical Issues (continued …)

Ethical Issues (continued …)

Electronic Surveillance (monitoring computer users)

Ethical Issues (continued …)

International Aspects of Privacy

Guidelines to protect individuals’ privacy in

Privacy Policy Guidelines -

legitimate business objective.

assurance against unauthorized disclosure of data. They should include physical,

or permission, except as required by law.

Protecting Intellectual Property

Impacts on Individuals at Work

Impacts on Individuals at Work

Impacts on Individuals at Work

Leisure Time System

Public and Private

Education Money Oared

Electronic Funds Transfer / Electric Commerce

Societal Impacts (continued …)

Authorizer External Environment

Computer Crime (continues ...)

Protecting Information Systems

Protecting Information Systems

Protecting Information Systems

Protecting Information Systems

Protecting Information Systems

Network Protections and Firewalls

Auditing Information Systems

How is Auditing Executed?

Disaster Recovery Planning

Disaster Recovery Planning

IT Security in the 21st Century

How Technologies Improved

What’s in IT for Me?

What’s in IT for Me? (continued …)

You might also like