Security, Privacy, and Ethical Issues in Information Systems and the Internet

3/16/00

Social Issues in Information Systems (Table 14.1)

Waste and Mistakes
Crime
Privacy
Health Concerns
Ethical Issues

Computer Waste and Mistakes (Table 14.2)

Waste: Mismanagement of Information Systems and resources

Experts estimate $5,000 per year wasted by computer users

Poorly trained users trying to do something they really don't know how
1. Word processor trying to implement a new, complex format required by job
2. User trying to create complex spreadsheet format not required by job
Sending personal email
Surfing the Internet for personal items
Games
Spam

Preventing Computer-Related Waste and Mistakes (Table 14.3)

Better training
Better controls
1. Limit user rights so they can't do anything except their job
  1. No write access to data they shouldn't change
  2. No access to features of applications they don't need
  3. No access to Internet
  4. (reductio ad absurdem) No access to computers or phones- eliminates 100% of computer/phone waste. Why isn't this a good idea?
2. Supervise users closesly and enforce rules
  1. Check browser history file
  2. Check all email messages
  3. Check all phone calls
  4. Check log of all computer usage

Computer Crime

The computer as a tool to commit crime: Gaining access to information
The computer as the object of crime: Illegal access and use; Data alteration and destruction; Information and equipment theft; Software and Internet piracy; Computer scams; International computer crime
Hacker ( 2 defs, 1 criminal): 1. A person who enjoys computer technology and spends/wastes (lots of own) time learning/using/playing with computer systems.; 2. A person who uses a computer to commit break into unauthorized data
Cracker - always criminal; from Criminal Hacker: A computer-savvy person who attempts to gain unauthorized or illegal access to computer systems.
Data Alteration: The intentional use of illegal and destructive programs to alter or destroy data.
Virus: A program that attaches itself to other programs. A virus cannot run by itself, but infects other programs. The simplest virus only reproduces itself. Anything more is called payload which can be anything from a cute message ("Hi, you're infected(:-o)) to erasing your hard drive. Really nasty payloads are rare: the viruses kill themselves before they spread all over the world.
Worm: An independent program that replicates its own program files until it destroys other systems and programs or interrupts the operation of networks and computer systems.
Trojan: A program which appears to do one thing but has a destructive payload hidden inside; Example: an old Trojan started to draw a photo of a woman, head and legs first; before it reached the middle, it had erased the hard drive; Example: a program that appears to be the usual network logon, but is actually emailing usernames and passwords to a cracker
Application Viruses: Infects executable application files such as word processing.
System Virus: Typically infects operating systems programs or other system files.
Logic Bomb: An application or system virus designed to “explode” or execute at a specified time and date.
Macro Virus: Uses an application’s own macro programming language to distribute itself. Very easy to write, so most common virus. Latest payload: mails copies of itself from recipient's machine to all people recipient has recently sent email. The email seems to be from recipient.
Password Sniffer: A small program hidden in a network or a computer system that records identification numbers and passwords.

Computer Crime (Table 14.4)

How to Respond to a Security Incident

Follow organization's rules
Forward email to postmaster
Run virus program
Backups
Table 14.5

Official U.S. Information About Viruses, Worms, etc: The Computer Incident Advisory Capability This site has more than you ever want to know about viruses and hoaxes about viruses.

Software Piracy: The act of illegally duplicating software.
Internet Piracy: The act of illegally gaining access to and using the Internet.

Preventing Computer Crime

Crime prevention by state and federal agencies
Crime prevention by corporations
Biometrics: The measurement of a living trait, whether physical or behavioral, for the purpose of protecting important data and information systems.

Common Methods Used to Commit Computer Crime (Table 14.7)

Preventing Computer Crime (Table 14.8)

Software Publishers Association (SPA): An organization formed by a number of leading software companies to audit and check for software licenses.

Preventing Computer Crime

Antivirus Programs
Program or utilities that prevent viruses or help recover from them if they infect a computer.
Proper Use of Antivirus Software: 1. Install a virus scanner and run it often.; 2. Update the virus scanner often.; 3. Scan all diskettes before copying or running programs from them.; 4. Install software only from a sealed package produced by a known software company.; 5. Follow careful downloading practices.; 6. If you detect a virus, take immediate action.

Preventing Crime on the Internet

Develop effective Internet and security policies for all employees.
Use a stand-alone firewall (hardware and software) with network monitoring capabilities.
Monitor managers and employees to make sure they are using the Internet for business purposes only.
Use Internet security specialists to perform audits of all Internet and network activities.

Privacy Issues

Privacy and the federal government
Privacy at work
E-mail privacy issues
Privacy and the Internet

Fairness in Information Use (Table 14.9)

Federal Privacy Laws and Regulations (Table 14.10)

Protecting Individual Privacy

Find out what is stored about you in existing databases.
Be careful when you share information about yourself.
Be proactive to protect your privacy.

The Work Environment - Health Concerns

Ergonomics: The study of designing and positioning computer equipment to reduce health problems.
Repetitive Motion Disorder: Health problems caused by working with computer keyboards and other equipment.
Repetitive Stress Injury (RSI): Such problems as tendinitis, tennis elbow, the inability to hold objects, and sharp pain in the fingers.
Carpal Tunnel Syndrome (CTS): The aggravation of the pathway for nerves that travel through the wrist (the carpal tunnel).

Avoiding Health and Environmental Problems - Reducing RSI

Maintain good posture and positioning.
Don't ignore pain or discomfort.
Use stretching and strengthening exercises.
Find a good physician.
After treatment, start back slowly and pace yourself.

Medical Problems on the Internet (Table 14.11) Actually, a list of health related sites. Mostly, out of date. I like the American Medical Association site for allopathic medicine.

Beyond the text, there's lots out there. Most of it rubbish. I found a site that says you can fight cancer by taking drain cleaner.

Try to identify real doctors, valid advice. People are trying to develop new standards, new methods for verifying and validating medical sites.

Drugs via internet. Recent crackdown in Thailand. What would Anna say?

Ethical Issues in Information Systems

Organizations that promote ethical issues
- The Association of Information Technology Professionals (AITP)
- The Association of Computing Machinery (ACM)
- The Institute of Electrical and Electronics Engineers (IEEE)
- Computer Professionals for Social Responsibility (CPSR)

AITP Code of Ethics (Figure 14.2)

The ACM Code of Professional Conduct

Strive to achieve the highest quality, effectiveness, and dignity in both the process and products of professional work.
Acquire and maintain professional competence.
Know and respect existing laws pertaining to professional work.
Accept and provide appropriate professional review.
Give comprehensive and thorough evaluations of computer systems and their impacts, including analysis and possible risks.
Honor contracts, agreements, and assigned responsibilities.
Improve public understanding of computing and its consequences.
Access computing and communication resources only when authorized to do so.