Fundamentals of Information Systems Fourth Edition

Fundamentals of Information Systems Fourth Edition PowerPoint PPT Presentation


  • 197 Views
  • Updated On :
  • Presentation posted in: General

Principles and Learning Objectives. Policies and procedures must be established to avoid computer waste and mistakesDescribe some examples of waste and mistakes in an IS environment, their causes, and possible solutionsIdentify policies and procedures useful in eliminating waste and mistakesDiscuss the principles and limits of an individual's right to privacy.

Download Presentation

Fundamentals of Information Systems Fourth Edition

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


1. Fundamentals of Information Systems Fourth Edition Chapter 9 The Personal and Social Impact of Computers

2. Principles and Learning Objectives Policies and procedures must be established to avoid computer waste and mistakes Describe some examples of waste and mistakes in an IS environment, their causes, and possible solutions Identify policies and procedures useful in eliminating waste and mistakes Discuss the principles and limits of an individual’s right to privacy Fundamentals of Information Systems, Fourth Edition 2

3. Principles and Learning Objectives (continued) Computer crime is a serious and rapidly growing area of concern requiring management attention Explain the types and effects of computer crime Identify specific measures to prevent computer crime Fundamentals of Information Systems, Fourth Edition 3

4. Principles and Learning Objectives (continued) Jobs, equipment, and working conditions must be designed to avoid negative health effects List the important effects of computers on the work environment Identify specific actions that must be taken to ensure the health and safety of employees Outline criteria for the ethical use of information systems Fundamentals of Information Systems, Fourth Edition 4

5. Why Learn About Security, Privacy, and Ethical Issues in Information Systems and the Internet? Many nontechnical issues associated with ISs Human Resource All employees need to: Prevent computer waste and mistakes Avoid privacy violations Comply with laws about: Collecting customer data Monitoring employees Employees, IS users, and Internet users need to: Avoid crime, fraud, privacy invasion Fundamentals of Information Systems, Fourth Edition 5

6. Computer Waste and Mistakes Computer waste Inappropriate use of computer technology and resources. Most courts have ruled that personal use of a organization’s assets should be covered in organization policy – much like a phone use policy. Computer-related mistakes Errors, failures, and other computer problems that make computer output incorrect or not useful Don’t forget that network failures are important when they make the IS inaccessible (Post Office example on page 385) Fundamentals of Information Systems, Fourth Edition 6

7. Computer Waste Cause: improper management of information systems and resources Discarding old software and even complete computer systems when they still have value Building and maintaining complex systems that are never used to their fullest extent Using corporate time and technology for personal use Spam Fundamentals of Information Systems, Fourth Edition 7

8. Computer-Related Mistakes Causes Failure by users to follow proper procedures Unclear expectations and a lack of feedback Program development that contains errors Incorrect data entry by data-entry clerk Fundamentals of Information Systems, Fourth Edition 8

9. Preventing Computer-Related Waste and Mistakes Preventing waste and mistakes involves: Establishing policies and procedures Implementing policies and procedures Monitoring policies and procedures Reviewing policies and procedures There needs to be a clear time frame for review After an event (such as a security breach) After a set calendar duration (such as annually) Fundamentals of Information Systems, Fourth Edition 9

10. Establishing Policies and Procedures Establish policies and procedures regarding efficient acquisition, use, and disposal of systems and devices Training programs for individuals and workgroups Manuals and documents on how computer systems are to be maintained and used Today, this is far more likely to be integrated into the IS itself and much less likely to be a paper manual/document Approval of certain systems and applications to ensure compatibility and cost-effectiveness Fundamentals of Information Systems, Fourth Edition 10

11. Implementing Policies and Procedures Policies often focus on: Implementation of source data automation and the use of data editing to ensure data accuracy and completeness Assignment of clear responsibility for data accuracy within each information system Training is often the key to acceptance and implementation of policies and procedures Fundamentals of Information Systems, Fourth Edition 11

12. Monitoring Policies and Procedures Monitor routine practices and take corrective action if necessary – since organizations and business itself is constantly changing, expect to take action when (not if) necessary Implement internal audits to measure actual results against established goals Follow requirements in Sarbanes-Oxley Act Fundamentals of Information Systems, Fourth Edition 12

13. Reviewing Policies and Procedures During review, people should ask the following questions: Do current policies cover existing practices adequately? Were any problems or opportunities uncovered during monitoring? Does the organization plan any new activities in the future? If so, does it need new policies or procedures on who will handle them and what must be done? Are contingencies and disasters covered? Like hurricanes, theft by a trusted employee, prolonged disruption of electrical service, loss of network capabilities, etc Fundamentals of Information Systems, Fourth Edition 13

14. Computer Crime Often defies detection Amount stolen or diverted can be substantial Crime is “clean” and nonviolent Number of IT-related security incidents is increasing dramatically especially since the population is growing and the % of the population with access to IT is rapidly growing Computer crime is now global Fundamentals of Information Systems, Fourth Edition 14

15. The Computer as a Tool to Commit Crime Criminals need two capabilities to commit most computer crimes Knowing how to gain access to the computer system Knowing how to manipulate the system to produce the desired result Examples Social engineering Dumpster diving Counterfeit and banking fraud using sophisticated desktop publishing programs and high-quality printers Fundamentals of Information Systems, Fourth Edition 15

16. Cyberterrorism Cyberterrorist Someone who intimidates or coerces a government or organization to advance his or her political or social objectives by launching computer-based attacks against computers, networks, and the information stored on them Homeland Security Department’s Information Analysis and Infrastructure Protection Directorate Serves as governmental focal point for fighting cyberterrorism May be done through private contractors (such as this week’s advertisements by General Dynamics) Fundamentals of Information Systems, Fourth Edition 16

17. Identity Theft Imposter obtains key pieces of personal identification information, such as Social Security or driver’s license numbers, in order to impersonate someone else Information is then used to obtain credit, merchandise, and/or services in the name of the victim or to provide the thief with false credentials Identity Theft and Assumption Deterrence Act of 1998 passed to fight identity theft 9 million victims in 2005 Fundamentals of Information Systems, Fourth Edition 17

18. The Computer as the Object of Crime Crimes fall into several categories such as: Illegal access and use Data alteration and destruction Information and equipment theft Software and Internet piracy Computer-related scams International computer crime (since laws covering what defines a computer related crime can vary between countries) Fundamentals of Information Systems, Fourth Edition 18

19. Illegal Access and Use Hacker: learns about and uses computer systems Criminal hacker (also called a cracker): gains unauthorized use or illegal access to computer systems Script bunnies: automate the job of crackers Insider: employee who compromises corporate systems Malware: software programs that destroy or damage processing Fundamentals of Information Systems, Fourth Edition 19

20. Illegal Access and Use (continued) Virus: computer program file capable of attaching to disks or other files and replicating itself repeatedly, typically without the user’s knowledge or permission Worm: parasitic computer program that can create copies of itself on the infected computer or send copies to other computers via a network (popular for ‘denial of service’ attacks) Fundamentals of Information Systems, Fourth Edition 20

21. Illegal Access and Use (continued) Trojan horse: malicious program that disguises itself as a useful application and purposefully does something the user does not expect Logic bomb: type of Trojan horse that executes when specific conditions occur Triggers for logic bombs can include a change in a file by a particular series of keystrokes or at a specific time or date Fundamentals of Information Systems, Fourth Edition 21

22. Illegal Access and Use (continued) Tips for avoiding viruses and worms Install antivirus software on your computer and configure it to scan ALL downloads, e-mail, and disks Update your antivirus software regularly Back up your files regularly Do not open any files attached to an e-mail from an unknown, suspicious, or untrustworthy source Fundamentals of Information Systems, Fourth Edition 22

23. Illegal Access and Use (continued) Tips for avoiding viruses and worms (continued): Do not open any files attached to an e-mail unless you know what it is, even if it appears to come from a friend or someone you know Exercise caution when downloading files from the Internet Ensure that the source is legitimate and reputable Fundamentals of Information Systems, Fourth Edition 23

24. Using Antivirus Programs Antivirus program: software that runs in the background to protect your computer from dangers lurking on the Internet and other possible sources of infected files Tips on using antivirus software Run and update antivirus software often, better yet, have them automatically run themselves Scan all diskettes and CDs before using them Install software only from a sealed package or secure, well-known Web site Follow careful downloading practices If you detect a virus, take immediate action Fundamentals of Information Systems, Fourth Edition 24

25. Using Antivirus Programs (continued) Fundamentals of Information Systems, Fourth Edition 25

26. Information and Equipment Theft Obtaining identification numbers and passwords to steal information or disrupt systems Trial and error, password sniffer program Software theft Computer systems and equipment theft Data on equipment is valuable Fundamentals of Information Systems, Fourth Edition 26

27. Software and Internet Software Piracy Software piracy: act of illegally duplicating software Internet software piracy: illegally downloading software from the Internet Most rapidly expanding type of software piracy Most difficult form to combat Examples: pirate Web sites, auction sites that offer counterfeit software, peer-to-peer networks Penalties can be severe If the site is willing to provide you with pirated software, it is probable that it is infecting your computer with viruses Fundamentals of Information Systems, Fourth Edition 27

28. Computer-Related Scams Examples of Internet scams Get-rich-quick schemes involving bogus real estate deals “Free” vacations with huge hidden costs Bank fraud Fake telephone lotteries Phishing Gaining access to personal information by redirecting user to fake site Fundamentals of Information Systems, Fourth Edition 28

29. International Computer Crime Computer crime is an international issue Software industry loses about $9 billion in revenue annually to software piracy occurring outside the United States Terrorists, international drug dealers, and other criminals might use information systems to launder illegally obtained funds Fundamentals of Information Systems, Fourth Edition 29

30. Preventing Computer-Related Crime All states have passed computer crime legislation Some believe that these laws are not effective because: Companies do not always actively detect and pursue computer crime – for a number of reasons, one is the fear of embarrassment Security is inadequate Convicted criminals are not severely punished Individual and group efforts are being made to curb computer crime, and recent efforts have met with some success Fundamentals of Information Systems, Fourth Edition 30

31. Crime Prevention by State and Federal Agencies State and federal agencies have begun aggressive attacks on computer criminals Computer Fraud and Abuse Act, 1986 Computer Emergency Response Team (CERT) Many states are now passing new, comprehensive bills to help eliminate computer crimes Fundamentals of Information Systems, Fourth Edition 31

32. Crime Prevention by Corporations Public key infrastructure (PKI): enables users of an unsecured public network such as the Internet to securely and privately exchange data Uses a public and a private cryptographic key pair that is obtained and shared through a trusted authority Biometrics: measurement of one of a person’s traits, whether physical or behavioral Fundamentals of Information Systems, Fourth Edition 32

33. Crime Prevention by Corporations (continued) Fundamentals of Information Systems, Fourth Edition 33

34. Crime Prevention by Corporations (continued) Fundamentals of Information Systems, Fourth Edition 34

35. Crime Prevention by Corporations (continued) Companies are joining together to fight crime Software and Information Industry Alliance (SIIA): original antipiracy organization Microsoft financed the formation of a second antipiracy organization, the Business Software Alliance (BSA) Other software companies, including Apple, Adobe, Hewlett-Packard, and IBM, now contribute to the BSA Fundamentals of Information Systems, Fourth Edition 35

36. Using Intrusion Detection Software Intrusion detection system (IDS): software that monitors system and network resources and notifies network security personnel when it senses a possible intrusion Suspicious activities: failed login attempts, attempts to download program to server, accessing a system at unusual hours Can provide false alarms E-mail or voice message alerts may be missed Fundamentals of Information Systems, Fourth Edition 36

37. Using Managed Security Service Providers (MSSPs) Managed security service provider (MSSP): organization that monitors, manages, and maintains network security for both hardware and software for its client companies Sifts through alarms and alerts from all monitoring systems May provide scanning, blocking, and filtering capabilities Fundamentals of Information Systems, Fourth Edition 37

38. Internet Laws for Libel and Protection of Decency Filtering software helps screen Internet content Also prevents children from sending personal information over e-mail or through chat groups Internet Content Rating Association (ICRA) Rates Web sites based on authors’ responses from questionnaire Children’s Internet Protection Act (CIPA), 2000 Required filters in federally funded libraries Libel is an important legal issue on the Internet Publishing Internet content to the world can subject companies to different countries’ laws Fundamentals of Information Systems, Fourth Edition 38

39. Preventing Crime on the Internet Develop effective Internet usage and security policies for all employees – i.e. the organization polices its own employees Use a stand-alone firewall (hardware and software) with network monitoring capabilities Deploy intrusion detection systems, monitor them, and follow up on their alarms Fundamentals of Information Systems, Fourth Edition 39

40. Preventing Crime on the Internet (continued) Monitor managers and employees to make sure that they are using the Internet for business purposes Use Internet security specialists to perform audits of all Internet and network activities Fundamentals of Information Systems, Fourth Edition 40

41. Privacy Issues With information systems, privacy deals with the collection and use or misuse of data More data and information are produced and used today than ever before Data is constantly being collected and stored on each of us This data is often distributed over easily accessed networks and without our knowledge or consent Concerns of privacy regarding this data must be addressed Fundamentals of Information Systems, Fourth Edition 41

42. Privacy and the Federal Government U.S. federal government is perhaps the largest collector of data Over 4 billion records exist on citizens, collected by about 100 federal agencies U.S. National Security Agency (NSA) had secretly collected phone call records of tens of millions of U.S. citizens after the September 11, 2001 terrorist attacks Ruled unconstitutional and illegal by a federal judge in August 2006 Fundamentals of Information Systems, Fourth Edition 42

43. Privacy at Work There is conflict between rights of workers who want their privacy and the interests of companies that demand to know more about their employees Workers might be monitored via computer technology that can: Track every keystroke made by a worker Know when the worker is not using the keyboard or computer system Estimate how many breaks he or she is taking Many workers consider monitoring dehumanizing Fundamentals of Information Systems, Fourth Edition 43

44. E-Mail Privacy Federal law permits employers to monitor e-mail sent and received by employees on the organization’s resources (network, computer, software, etc) E-mail messages that have been erased from hard disks can be retrieved and used in lawsuits – e-mail is almost never actually erased from a computer Use of e-mail among public officials might violate “open meeting” laws unless is subject to the same public document policy as other communications Fundamentals of Information Systems, Fourth Edition 44

45. Privacy and the Internet Huge potential for privacy invasion on the Internet E-mail is a prime target Platform for Privacy Preferences (P3P): screening technology that shields users from Web sites that do not provide the level of privacy protection they desire Children’s Online Privacy Protection Act (COPPA), 1998: require privacy policies and parental consent Potential dangers on social networking Web sites Fundamentals of Information Systems, Fourth Edition 45

46. Fairness in Information Use Fundamentals of Information Systems, Fourth Edition 46

47. Fairness in Information Use (continued) The Privacy Act of 1974: provides privacy protection from federal agencies Gramm-Leach-Bliley Act: requires financial institutions to protect customers’ nonpublic data USA Patriot Act: allows law enforcement and intelligence agencies to gather private information Other laws regulate fax advertisements, credit card bureaus, the IRS, video rental store, telemarketers, etc. Fundamentals of Information Systems, Fourth Edition 47

48. Corporate Privacy Policies Should address a customer’s knowledge, control, notice, and consent over the storage and use of information May cover who has access to private data and when it may be used A good database design practice is to assign a single unique identifier to each customer Single record describing all relationships with the company across all its business units Can apply customer privacy preferences consistently throughout all databases Fundamentals of Information Systems, Fourth Edition 48

49. Individual Efforts to Protect Privacy Find out what is stored about you in existing databases (this is very hard to do, many organizations collect so much data they don’t realize what they have. That is the rationale for data mining.) Be careful when you share information about yourself Be proactive to protect your privacy When purchasing anything from a Web site, make sure that you safeguard your credit card numbers, passwords, and personal information Fundamentals of Information Systems, Fourth Edition 49

50. The Work Environment Computer technology and information systems have opened up numerous avenues to professionals and nonprofessionals Enhanced telecommunications has: Been the impetus for new types of business Created global markets in industries once limited to domestic markets Despite increasing productivity and efficiency, computers and information systems can raise other concerns Fundamentals of Information Systems, Fourth Edition 50

51. Health Concerns Working with computers can cause occupational stress Training and counseling can often help the employee and deter problems Computer use can affect physical health as well Strains, sprains, tendonitis, repetitive motion disorder, carpal tunnel syndrome Concerns about emissions from improperly maintained and used equipment, display screens, and cell phones Fundamentals of Information Systems, Fourth Edition 51

52. Avoiding Health and Environmental Problems Many computer-related health problems are caused by a poorly designed work environment Ergonomics: science of designing machines, products, and systems to maximize the safety, comfort, and efficiency of the people who use them Fundamentals of Information Systems, Fourth Edition 52

53. Ethical Issues in Information Systems Code of ethics: states the principles and core values that are essential to a set of people and thus governs their behavior Fundamentals of Information Systems, Fourth Edition 53

54. Ethical Issues in Information Systems (continued) ACM code of ethics and professional conduct Contribute to society and human well-being Avoid harm to others Be honest and trustworthy Be fair and take action not to discriminate Honor property rights including copyrights and patents Fundamentals of Information Systems, Fourth Edition 54

55. Ethical Issues in Information Systems (continued) ACM code of ethics and professional conduct (continued) Give proper credit for intellectual property Respect the privacy of others Honor confidentiality Fundamentals of Information Systems, Fourth Edition 55

56. Summary Preventing computer-related waste and mistakes requires establishing, implementing, monitoring, and reviewing policies and procedures Criminals need two capabilities to commit most computer crimes: knowing how to gain access to the computer system and knowing how to manipulate the system to produce the desired result Fundamentals of Information Systems, Fourth Edition 56

57. Summary (continued) Categories of crimes in which the computer is the object of crime: illegal access and use, data alteration and destruction, information and equipment theft, software and Internet piracy, computer-related scams, and international computer crime Intrusion detection system (IDS): software that monitors system and network resources and notifies network security personnel when it senses a possible intrusion Fundamentals of Information Systems, Fourth Edition 57

58. Summary (continued) With information systems, privacy deals with the collection and use or misuse of data Ergonomics: science of designing machines, products, and systems to maximize the safety, comfort, and efficiency of the people who use them Code of ethics: states the principles and core values that are essential to a set of people and thus governs their behavior Fundamentals of Information Systems, Fourth Edition 58

  • Login