chapter 3 ethics, privacy & security describe the major ethical issues related to information...

Chapter 3 Ethics, Privacy & Security

Describe the major ethical issues related to information technology and identify situations in which they occur.

Identify the many threats to information security

Understand the various defense mechanisms used to protect information systems.

Explain IT auditing and planning for disaster recovery.

Case Study TJX

SWOT

Ethical Issues

Fundamental tenets of ethics include responsibility, accountability, and liability

unethical is not necessarily illegal.

Should organizations monitor employees’ Web surfing and e-mail?

Should organizations sell customer information to other companies?

Ethical Issues

Should organizations audit employees’ computers for unauthorized software or illegally downloaded music or video files?

Privacy issues

Accuracy issues

Property issues

Accessibility issues

Protecting Privacy

The right of privacy is not absolute. Privacy must be balanced against the needs of society

The public’s right to know supersedes the individual’s right of privacy

International Aspects of Privacy

IT’s About Business

Security Outside the Perimeter: LexisNexis

Threats to Information Security

Today’s interconnected, interdependent, wirelessly networked business environment

Governmental legislation

Smaller, faster, cheaper computers and storage devices

Decreasing skills necessary to be a computer hacker

International organized crime taking over cybercrime

Downstream liability

Increased employee use of unmanaged devices

Lack of management support

Threats to Information Systems

Unintentional acts

Natural disasters

Technical failures

Management failures

Deliberate acts

IT’s About Business

The “Hack, Pump, and Dump” Scheme

Protecting Information Resources

Risk management

Risk analysis

Risk mitigation

Risk acceptance

Risk limitation

Risk transference

Protecting Information Resources

Controls

The Difficulties in Protecting Information Resources

Physical Controls

Access Controls

Protecting Information Resources

Authentication

Something the User Is

Something the User Has

Something the User Does

Something the User Knows

IT’s About Business

Providing Least Privilege at UPS

Protecting Information Resources

Communications (network) controls

Firewalls.

Anti-malware systems.

Protecting Information Resources

Whitelisting and Blacklisting

Intrusion Detection Systems

Encryption.

Virtual Private Networking

Secure Socket Layer

IT’s About Business

Using Encryption to Reduce E-Mail Security Risks at Harvard Pilgrim

Ethics, Privacy, and Information Security

Ethics, Privacy, and Information Security

Vulnerability Management Systems

Employee Monitoring Systems

Application Controls

Business Continuity Planning, Backup, and Recovery

hot site

warm site

cold site

off-site data storage

IT’s About Business

The Baltimore Ravens Plan for Business Continuity

Information Systems Auditing

Types of Auditors and Audits

How Is Auditing Executed?