business driven management systems

8/9/2019 Business Driven Management Systems

1/46

1

© 2014 by McGraw -Hil l Educa

t ion. This is proprietary mater ial solely for autho rized instructor

use. Not author ized for sale or dis t r ibut ion in any manner . This document m ay not be c opied,scann ed, duplic ated, forward ed, distr ib uted, or posted on a website, in whole or part.

CHAPTER FOUR

ETHICS AND

INFORMATIONSECURITY

MIS BUSINESSCONCERNS


2/46

2

CHAPTER OVERVIEW

SECTION 4.1 – Ethics

• Information Ethics

• Developing Information Management Policies

• Ethics in the Workplace

SECTION 4.2 – Information Security

• Protecting Intellectual Assets• The First Line of Defense - People

• The Second Line of Defense - Technology


3/46

3

© 2014 by McGraw -Hil l Educa

t ion. This is proprietary mater ial solely for autho rized instructor

use. Not author ized for sale or dis t r ibut ion in any manner . This document m ay not be c opied,scann ed, duplic ated, forward ed, distr ib uted, or posted on a website, in whole or part.

SECTION 4.1

Ethics


4/46

4

LEARNING OUTCOMES

1. Explain the ethical issues in the use of theinformation age

2. Identify the six epolicies an organizationshould implement to protect themselves


5/46

5

INFORMATION ETHICS

Ethics – The principles andstandards that guide our behaviortoward other people

Information ethics – Govern theethical and moral issues arisingfrom the development and use ofinformation technologies, as wellas the creation, collection,duplication, distribution, andprocessing of information itself


6/46

6

INFORMATION ETHICS

Business issues related to information ethics

• Intellectual property

• Copyright• Pirated software

• Counterfeit software

• Digital rights management


7/46

7

INFORMATION ETHICS

Privacy is a major ethical issue

• Privacy – The right to be left alone when

you want to be, to have control over yourown personal possessions, and not to beobserved without your consent

• Confidentiality – the assurance that

messages and information are availableonly to those who are authorized to viewthem


8/46

8

INFORMATION ETHICS

Individuals form the only ethicalcomponent of MIS

• Individuals copy, use , and distribute software

• Search organizational databases for sensitiveand personal information

• Individuals create and spread viruses

• Individuals hack into computer systems tosteal information

• Employees destroy and steal information


9/46

9

INFORMATION ETHICS

Acting ethically and legally are not always thesame


10/46

10

Information Does Not Have Ethics,

People Do Information does not care how it is used, it will

not stop itself from sending spam, viruses, orhighly-sensitive information

Tools to prevent information misuse

• Information management

• Information governance

• Information compliance

• Ediscovery


11/46

11

DEVELOPING INFORMATION

MANAGEMENT POLICIES Organizations strive to build a corporate culture

based on ethical principles that employees canunderstand and implement


12/46

12

Ethical Computer Use Policy

Ethical computer use policy – Contains general principles to guidecomputer user behavior

The ethical computer user policyensures all users are informed of therules and, by agreeing to use the

system on that basis, consent toabide by the rules


13/46

13

Information Privacy Policy

The unethical use of information typicallyoccurs “unintentionally” when it is used for new

purposes

Information privacy policy - Containsgeneral principles regarding informationprivacy


14/46

14

Acceptable Use Policy

Acceptable use policy (AUP) – Requires auser to agree to follow it to be provided accessto corporate email, information systems, and theInternet

Nonrepudiation – A contractual stipulation toensure that ebusiness participants do not deny

their online actions

Internet use policy – Contains generalprinciples to guide the proper use of the Internet


15/46


16/46

16

Email Privacy Policy


17/46


18/46

18

Social Media Policy

Social media policy – Outlines the corporate

guidelines or principlesgoverning employee onlinecommunications


19/46

19

WORKPLACE MONITORING

POLICY Workplace monitoring is a concern for many

employees

Organizations can be held financiallyresponsible for their employees’ actions

The dilemma surrounding employee monitoring

in the workplace is that an organization isplacing itself at risk if it fails to monitor itsemployees, however, some people feel thatmonitoring employees is unethical


20/46

20


POLICY Information technology

monitoring – Tracks people’sactivities by such measures as

number of keystrokes, error rate,and number of transactionsprocessed

Employee monitoring policy – Explicitly state how, when, andwhere the company monitors itsemployees


21/46

21


POLICY Common monitoring technologies include:

• Key logger or key trapper software

• Hardware key logger• Cookie

• Adware

• Spyware

• Web log

• Clickstream


22/46

23


23/46

23

LEARNING OUTCOMES

3. Describe the relationships and differencesbetween hackers and viruses

4. Describe the relationship between informationsecurity policies and an information securityplan

5. Provide an example of each of the threeprimary security areas: (1) authentication andauthorization, (2) prevention and resistance,and (3) detection and response

24


24/46

24

PROTECTING INTELLECTUAL ASSETS

Organizational information isintellectual capital - it must beprotected

Information security – Theprotection of information fromaccidental or intentional misuse by

persons inside or outside anorganization

Downtime – Refers to a period oftime when a system is unavailable

25


25/46

25

PROTECTING INTELLECTUAL

ASSETS Sources of Unplanned Downtime

26


26/46

26

PROTECTING

INTELLECTUAL ASSETS

How Much Will Downtime Cost Your Business?

27


27/46

27

Security Threats Caused by

Hackers and Viruses Hacker – Experts in technology who use their

knowledge to break into computers and computernetworks, either for profit or just motivated by thechallenge

• Black-hat hacker

• Cracker

• Cyberterrorist• Hactivist

• Script kiddies or script bunnies

• White-hat hacker

28


28/46

28


Hackers and Viruses Virus - Software written with malicious intent to

cause annoyance or damage

• Backdoor program• Denial-of-service attack (DoS)

• Distributed denial-of-service attack (DDoS)

• Polymorphic virus

• Trojan-horse virus• Worm

29


29/46

29

Security Threats Caused by Hackers

and Viruses

How Computer Viruses Spread

30


30/46

30


Hackers and Viruses Security threats to ebusiness include

• Elevation of privilege

• Hoaxes• Malicious code

• Packet tampering

• Sniffer• Spoofing

• Splogs

• Spyware

31


31/46

31

THE FIRST LINE OF DEFENSE - PEOPLE

Organizations must enable employees, customers,and partners to access information electronically

The biggest issue surrounding information securityis not a technical issue, but a people issue

• Insiders

• Social engineering

• Dumpster diving

32


32/46

32

THE FIRST LINE OF DEFENSE - PEOPLE

The first line of defense an organization shouldfollow to help combat insider issues is to develop

information security policies and an informationsecurity plan

• Information security policies

• Information security plan

33


33/46

33

THE SECOND LINE OF DEFENSE -

TECHNOLOGY

There are three primary information technologysecurity areas

34


34/46

34

Authentication and Authorization

Identity theft – The forging ofsomeone’s identity for the purpose

of fraud

Phishing – A technique to gainpersonal information for thepurpose of identity theft, usually by

means of fraudulent email

Pharming – Reroutes requests forlegitimate websites to false

websites

35


35/46

Authentication and Authorization

Authentication – A method for confirming users’identities

Authorization – The process of giving someonepermission to do or have something

The most secure type of authentication involves

1. Something the user knows2. Something the user has

3. Something that is part of the user

36


36/46

Something the User Knows Such As a User ID

and Password

This is the most common way toidentify individual users and

typically contains a user ID and apassword

This is also the most ineffective

form of authentication Over 50 percent of help-desk

calls are password related

37


37/46

Smart cards and tokens are moreeffective than a user ID and apassword

• Tokens – Small electronic devices thatchange user passwords automatically

• Smart card – A device that is around the

same size as a credit card, containingembedded technologies that can storeinformation and small amounts ofsoftware to perform some limited

processing

Something the User Knows Such As a User ID

and Password

38


38/46

Something That Is Part Of The User Such As a

Fingerprint or Voice Signature

This is by far the best and most effectiveway to manage authentication

• Biometrics – The identification of a userbased on a physical characteristic, such as afingerprint, iris, face, voice, or handwriting

Unfortunately, this method can be costly

and intrusive

39


39/46

Prevention and Resistance

Downtime can cost an organization anywherefrom $100 to $1 million per hour

Technologies available to help prevent andbuild resistance to attacks include

1. Content filtering

2. Encryption

3. Firewalls

40


40/46


Content filtering - Preventsemails containing sensitive

information from transmittingand stops spam and virusesfrom spreading

41


41/46


If there is an information security breach andthe information was encrypted, the personstealing the information would be unable to

read it

• Encryption

• Public key encryption (PKE)

• Certificate authority

• Digital certificate

42


42/46


43


43/46


One of the most commondefenses for preventing asecurity breach is a firewall

Firewall – Hardware and/orsoftware that guards a privatenetwork by analyzing the

information leaving andentering the network

44


44/46


Sample firewall architecture connecting systems located inChicago, New York, and Boston


45/46

46


46/46

LEARNING OUTCOME REVIEW

Now that you have finished the chapterplease review the learning outcomes in

your text

business driven management systems

Documents