Professional Documents
Culture Documents
McGraw-Hill/Irwin
4-2
4-3
SECTION 4.1
ETHICS
McGraw-Hill/Irwin
4-5
LEARNING OUTCOMES
1. Explain the ethical issues surrounding information technology 2. Identify the differences between an ethical computer use policy and an acceptable computer use policy
3. Describe the relationship between an email privacy policy and an Internet use policy
4-6
LEARNING OUTCOMES
4. Explain the effects of spam on an organization 5. Summarize the different monitoring technologies and explain the importance of an employee monitoring policy
4-7
ETHICS
Ethics the principles and standards that guide our behavior toward other people Issues affected by technology advances
Intellectual property Copyright Fair use doctrine Pirated software Counterfeit software
4-8
ETHICS
Privacy is a major ethical issue
Privacy the right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent Confidentiality the assurance that messages and information are available only to those who are authorized to view them
4-9
ETHICS
One of the main ingredients in trust is privacy Primary reasons privacy issues lost trust for ebusiness
4-10
INFORMATION ETHICS
Individuals form the only ethical component of IT Individuals copy, use , and distribute software Search organizational databases for sensitive and personal information Individuals create and spread viruses Individuals hack into computer systems to steal information Employees destroy and steal information
4-11
4-12
4-13
4-14
4-15
4-16
4-17
4-18
4-19
4-20
4-21
4-22
4-23
4-24
Anti-Spam Policy
Spam unsolicited email
Spam accounts for 40% to 60% of most organizations email and cost U.S. businesses over $14 billion in 2005
Anti-spam policy simply states that email users will not send unsolicited emails (or spam)
4-25
4-26
Monitoring Technologies
Monitoring tracking peoples activities by such measures as number of keystrokes, error rate, and number of transactions processed Common monitoring technologies include:
Key logger or key trapper software Hardware key logger Cookie Adware Spyware Web log Clickstream
4-27
4-28
4-29
SECTION 4.2
INFORMATION SECURITY
McGraw-Hill/Irwin
4-31
LEARNING OUTCOMES
6. Describe the relationship between information security policies and an information security plan
7. Summarize the five steps to creating an information security plan 8. Provide an example of each of the three primary security areas: (1) authentication and authorization, (2) prevention and resistance, and (3) detection and response 9. Describe the relationships and differences between hackers and viruses
4-32
Downtime
4-33
Downtime
How Much Will Downtime Cost Your Business?
4-34
4-35
4-36
4-37
4-38
The first line of defense an organization should follow to help combat insider issues is to develop information security policies and an information security plan
Information security policies Information security plan
4-39
4-40
4-41
4-42
4-43
This is the most common way to identify individual users and typically contains a user ID and a password
This is also the most ineffective form of authentication Over 50 percent of help-desk calls are password related
4-44
Identity theft the forging of someones identity for the purpose of fraud Phishing a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent email
4-45
Smart cards and tokens are more effective than a user ID and a password
Tokens small electronic devices that change user passwords automatically Smart card a device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing
4-46
This is by far the best and most effective way to manage authentication
Biometrics the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting
4-47
4-48
Content Filtering
Content filtering - prevents emails containing sensitive information from transmitting and stops spam and viruses from spreading
4-49
Encryption
If there is an information security breach and the information was encrypted, the person stealing the information would be unable to read it
Encryption Public key encryption (PKE)
4-50
Encryption
4-51
Firewalls
One of the most common defenses for preventing a security breach is a firewall
Firewall hardware and/or software that guards a private network by analyzing the information leaving and entering the network
4-52
Firewalls
Sample firewall architecture connecting systems located in Chicago, New York, and Boston
4-53
4-54
4-55
4-56
4-57
4-58
4-59
4-60
4-61
4-62
CLOSING CASE THREE Executive Dilemmas in the Information Age 1. Explain why understanding technology, especially in the areas of security and ethics, is important for a CEO. How do CEOs actions affect the organizational culture? 2. Identify why executives in nontechnological industries need to worry about technology and its potential business ramifications
4-63
3. Describe why continuously learning about technology allows an executive to better analyze threats and opportunities 4. Identify three things that a CTO, CPO, or CSO could do to prevent the above issues
4-64
4-65
4-66