1 / 57

Lecture 3 Ethical Issues

Lecture 3 Ethical Issues. Topic Questions. What is the correct ethical stance an organization should take in regards to information systems and users?

liseli
Download Presentation

Lecture 3 Ethical Issues

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Lecture 3 Ethical Issues

  2. Topic Questions What is the correct ethical stance an organization should take in regards to information systems and users? Can management ensure that all users will exercise ethical principles when performing essential or sensitive tasks with the organization’s information systems?

  3. Ethics and Social Responsibility

  4. Ethics

  5. Ethics Personal Moral Code for Doing What Is Right and What Is Wrong People Are Held Accountable for the Consequences of their Actions Outside the Expected Norms Acceptable or Unacceptable Appropriate or Inappropriate

  6. Guides for Human Behavior All Members of Society Follow: Codified Law – The Laws of Society Free Choice – Personal Desires, Not Subject to Laws Ethics – Cultural Actions Between Law and Free Choice

  7. The Self (Roché) • Every Person Is a Combination of: • Attitudes • A Person’s State of Mind • Values • Principles a Person Is Willing to Internalize • Beliefs • Firmly Held Convictions or Truths

  8. The Self (Roché)

  9. Stages of Moral Development Preconventional Follows Rules to Avoid Punishments Conventional Follows the Social Norms Postconventional Follows Higher Order Norms

  10. Value Programming People Internalize Values which Directly Affect Perceptions Between 20 - 30 Years Old Role Models Allow Individuals to Observe a Variety of Behaviors and Select Appropriate Ones Deeply Held Values May Be Changed by a Significant Emotional Event (SEE)

  11. Normative Ethics • General Principles which Determine Rules of Conduct • Provide a Basis from which Such Rules Can Be Deduced • Do not Tell a Person How to Act in a Given Situation • Analyzes the Value Judgments that Justify a Person’s Actions

  12. Moral Rights Fundamental Rights Must Be Respected • Free Consent • Free Speech • Privacy • Due Process • Freedom of Conscience • Life and Safety

  13. Ethical Frameworks Virtue-based Theories Emphasizes Virtue or the Character of the Person Not Concerned About Duty to Rules Not Concerned About the Outcome or Consequences of the Act

  14. Ethical Frameworks Deontological Theories Emphasizes Duty to Rules or Laws Not Concerned at How Much Good Might Come from an Action Concerned About whether the Action Is Prohibited or Made Obligatory by a Rule

  15. Ethical Frameworks Teleological Theories Emphasizes the Attainment of Good Concerned About the Consequences or Outcomes Actions Not Concerned About the Intention Behind the Action

  16. Types of Ethics Ethics of Purpose or Virtue Ethics Based Upon Internalizing Moral Values: Personal Integrity Ethics of Principle Based Upon Principles: Human Rights Honesty, and Justice Ethics of Consequence Based Upon Results: The Ends Justify the Means

  17. Ethical Theories Utilitarian (John Stewart Mill) Greatest Amount of Good Provided Categorical Imperative (Immanuel Kant) Universally Applied Rules Golden Mean (Aristotle) Avoid Excess and Deficiency Extremes

  18. Ethical Theories Individualism (Friedrich Nietzsche) Maximize Personal Gains Foremost Justice(John Rawls) Actions That Are Fair to Those Involved Natural Rights (John Locke) Derived from Nature - Natural Law

  19. Social Responsibility

  20. Social Responsibility • Businesses Must Be Responsible to their Stakeholders • All Action Taken by Management Fall within One of Four Types of Actions on the Social Responsibility Matrix • Actions Will Be: • Legal or Illegal • Responsible or Irresponsible

  21. Social Responsibility Matrix Ethical and Legal Ethical and Illegal Unethical and Legal Unethical and Illegal

  22. Basic Principles Social Responsibility Is Involved at the Institutional, Organizational, and Individual Levels of Business Principle of Legitimacy Principle of Public Responsibility Principle of Managerial Discretion

  23. Carroll’s Pyramid Organizations Have Four Responsibilities to Society Built Similar to a Pyramid Structure Economic – to Be Profitable Legal – to Follow the Laws of Society Ethical – to Do What Is Right Philanthropic – to Give Back to Society

  24. Carroll’s Pyramid

  25. Business Response or Action Organizations Respond in Four Manners Obtrusive Fight Compliance All the Way Defensive Do Only those Actions which Are Legally Required Accommodation Accept Responsibility for Acting Ethically ProactiveTake the Social Initiative, Be the Leader in Social Responsibility

  26. Ethical Management • Management Has the Responsibility to Provide Ethical Direction and Guidance in Four Main Areas • Leadership • Code of Ethics • Principles • Policies

  27. Managing Ethically • Provide Leadership by Example • Distribute a Formal Statement of the Firm’s Values and Code of Ethics • Communicate Basic Principles which Describes the Corporate Culture • Ensure Policiesand Procedures Exist to Use In Certain Ethical Situations

  28. Evaluating Ethical Issues Action Taken Must Address Three Areas Utility Greatest Good for the Greatest Amount of People Individual Rights Person’s Rights Are Not Violated Justice Is the Action Right

  29. All Ethical Issues Can Be Weighed Based upon How Much One Values their Integrity

  30. Securing Information Systems

  31. Computer Security

  32. Computer Security Issues Configuration Weaknesses Issues with How the Physical System Is Designed for Interaction with Users Technology Weaknesses Issues with How the Technology upon which Systems are Created Interact Policy Weaknesses Issues with Completeness of Policies Concerning the System’s Use

  33. Basics of Information Security No One Mechanism Makes a Computer or an Information System Secure Requires Different Actions Is an Ongoing Process Infiltrators Defy Stereotypes

  34. IT Security Physical Security Guards Against Theft and Damage Data Integrity Guards Against Loss of Information Data Security Guards Against Unauthorized Access

  35. Managing IT Security

  36. Threats • Dangerous Actions that Can Cause Harm • Degree of Threat Is Dependent Upon • Attacker’s Skills • Attacker’s Knowledge • Attacker’s Resources • Attacker’s Motives • Attacker’s Authority

  37. Types of System Attackers Rogue User Authorized User Accessing Restricted Data Bogie Unauthorized User Subverting System Security Terrorist Blackmailing Others to Gain Access

  38. Types of System Attackers Cracker Accessing Systems for Personal Gain Hacktivist Cracker with a Cause Script Kiddie Wannabe Cracker Lacking Sufficient Skills

  39. Types of System Attackers Journeyman Experienced Hacker with Numerous Tools White Hat Hacker The Ethical Hacker Finding Security Holes Black Hat Hacker The Stereotypical Hacker Doing No Good for Personal Reasons

  40. Assets Targeted Business Information and Trade Secrets Application Services Infecting Memory Registry Settings Disrupting Operations Audit Settings Group and System Privileges Access Permissions

  41. Threats to Electronic Data • Interference • Active Involvement • Spam • Denial of Service • Passive Involvement • Viruses • Worms

  42. Threats to Electronic Data • Interception of Message Stream • Active Involvement • Connection / Session Hijacking • Spoofing – Redirecting Web pages • Passive Involvement • Capture Data in Transit • Network Traffic Analysis

  43. Threats to Electronic Data • Impersonation • Active Involvement • IP Address Spoofing • Crack (Decrypt) Passwords • Passive Involvement • Trap Door Bypassing Security • Trojan Horse Reconfiguring System

  44. Computer Viruses

  45. Computer Viruses Fred Cohen, PH.D. Dissertation, 1986 A “virus” may be loosely defined as a sequence of symbols which, upon interpretation in a give environment, causes other sequences of symbols in that environment to be modified so as to contain (possibly evolved) viruses.

  46. Computer Viruses • If we consider programs as sequences of symbols and computer systems as environments, viruses are programs that may attach themselves to other programs and cause them to become viruses as well.

  47. Informal Definition A program that can 'infect' other programs by modifying them to include a, possibly evolved, copy of itself. With the infection property, a virus can spread throughout a computer system or network using the authorizations of every user using it to infect their programs. Every program that gets infected may also act as a virus and thus the infection spreads.

  48. Types of Computer Viruses • WORM • A Self-contained Program or Set of Programs that Is Able to Spread Functional Copies of the Virus or Virus Segments to Other Computer Systems (Usually Via Network Connections)

  49. Types of Computer Viruses • Trojan Horse • A Program that Performs a Hidden Function and that, Had the Function Been Documented, Some Users Would Not Approve of the Function

More Related