TUTORIAL: BAP 71 AIS DISCUSSION QUESTIONS

Lecture Week: 11 Chapter 14: Ethics & Cybercrime

DISCUSSION QUESTIONS

14.1 Why should we be concerned about ethics?

Ethical theories are used to help people decide which course of action is best. It is accepted
in business that there should be a certain ethical standard. However, what is that standard
and how is it determined? Is pursuing financial gain and self-interest at the expense of the
environment, the community and the lack of consideration of others acceptable? Should
individuals enter into contracts knowing that they may not be able to meet their commitment?
Should organisations pollute the environment because financially it is not worth installing
anti-pollutant equipment? Should individuals shirk their responsibilities at the expense of
workmates?

14.2 Explain the importance of ethics in business.

Businesses and governments have control of the world’s resources, and managers make
decisions every day that affect those resources and the lives of millions of people. It is
important that those who operate in the business world have an understanding of ethical
theories and philosophies to help guide their decision making.

14.3 Describe the ethical decision making model. Why is it useful to use when
faced with an ethical dilemma?

Ethics is very complex. To be able to make an ethical decision, we must use a framework (or
theories) to make good decisions. Decisions based on intuition and personal feelings do not
always achieve the best outcome. As organisations become more complex with globalisation,
increased regulatory requirements and disruptive technologies, ethical dilemmas involve a
nuanced and considered response.

The stages to go through when making an ethical decision are:

1. Identify the facts.
2. Define the issue(s).
3. Identify the principles that can be applied.
4. Identify possible actions and the stakeholders affected by these actions.
5. Compare steps 3 and 4.
6. Select a course of action.
7. Implement the selected course of action.
 Chapter 14: Ethics and cybercrime

14.4 Discuss some of the ways in which a person’s privacy is threatened through
technology.

Personal information include names and addresses as well as details such as medical records,
bank account details, photos, videos, and even information about a person’s likes, opinions
and work — any information from which they could reasonably be identified.

The person interacting with the AIS is not necessarily aware of what information is being
captured or how it will be used. This raises some ethical concerns for those who design and
use information systems. The organisation has both ethical and legal responsibilities to
respect people’s right to privacy and this affects how the organisation can capture and use
information, particularly as social media use has become more prevalent.

A business can capture extensive information about visitors to its website. When users visit
a website they leave behind electronic footprints, which enable the site owner to identify
what site they came from, what they did while on the site and where they went after viewing
the site. Based on these data, viewers can be profiled and advertising can be targeted to
meet user interests, needs and preferences. Organisations can undertake data mining and
customer profiling, often without the user being aware of it. Radio frequency identification
(RFID) can track products and people.

14.5 Explain the key types of computer crime.

The term ‘cybercrime’ is often used interchangeably with terms such as computer crime,
computer-related crime, e-crime, high-tech crime, cyber fraud and internet crime. The types
of cybercrime include hacking, online scams and fraud, identity theft, attacks on computer
systems and illegal or prohibited online content.

Spam, phishing, identity crime and hacking are threats in the increasingly popular world of e-
commerce. Spam is the sending of unsolicited emails and exposes the organisation to
excessive email traffic and potential viruses and computer attacks. Phishing and identity fraud
affect the validity of transactions that individuals and organisations engage in, as individuals
pretend to be others through the fraudulent use of websites (phishing) or personal details such
as credit card numbers and other identifying traits (identity theft). Hacking is someone gaining
unauthorised access to a system. These areas all represent threats to the effective running of
an accounting information system within the organisation.

14.6 Give examples of the types of fraud that can be perpetrated using technology

Fraud and scams refer to dishonest schemes that take advantage of unsuspecting people to
gain a benefit such as money or access to personal details. Online fraud includes internet
banking fraud, shopping and auction site fraud, scams, spam and identity theft.
14.7 What are the implications of cybercrime for business?

It is difficult to establish the exact cost to the economy of online fraud, but the worldwide
financial impact is estimated to be more than $US3.7 trillion each year. PwC’s 2014 Global
Economic Crime Survey: The Australian Story found that the total cost of fraud is increasing:
in 2014, 57 per cent of Australian respondents reported that they had experienced economic
crime, an increase of 10 per cent from 2012. The Australian Institute of Criminology cautions
that estimates are difficult to establish; however, their research estimates that fraud cost
Australia $6 billion in 2011. Internal fraudsters are likely to be middle management, aged
between 31 and 40 years, primarily male (however, female fraudsters are on the increase)
and qualified graduates. External fraudsters are increasingly customers.

This is a significant loss to shareholder value and can cause significant reputational damage
for organisations if frauds become public.

14.8 What are the two areas that organisations need to focus on to ensure good
security?

Internal control and risk management are important components of good corporate and IT
governance. Employees are the main risk both inside and outside the organisation. The
digital security ecosystem around the organisation — security technology, organisational
policies and procedures, government regulations — all rely on the effort of humans,
particularly employees that work inside these organisations. Other strategies can include
codes of conduct and registration with professional bodies. These can be ways of
encouraging ethical behaviour and a shared set of attitudes and beliefs throughout the
organisation.

14.9 What are the seven principles that Stajano and Wilson believe organisations
should be aware of when designing security systems?

Stajano and Wilson distilled seven recurring behavioural patterns and related principles that
provide some insight into human behaviour:

1. Distraction principle: This is used in many scams. One example is the Nigerian scam where
the hustler poses as a Nigerian government official with access to tens of millions of dollars
and needs you to move it out of the country. If you accept the deal, you are then asked to pay
for expenses. Unexpected expenses then keep coming up while waiting for the huge sum to
arrive in your account.

2. Social compliance principle: People do not generally question authority. Social compliance
is the foundation for phishing and social engineering. For example, you are more likely to
provide personal information to someone on the phone who purports to be a police officer or
other authority figure.
 Chapter 14: Ethics and cybercrime

3. Herd principle: This is where something is made to look legitimate because everyone else
is doing it. In online auctions, for example, frauds are possible if bidders are in partnership
with the auctioneer. In social networking, multiple aliases can be created to give the
impression that many people share the same idea or have the same opinion.

4. Dishonesty principle: Once a person realises that they have been involved in a scam — if
it relates to something illegal like money laundering (as in the Nigerian example above) or to
pornography — the victim may be reluctant to tell the authorities.

5. Kindness principle: People are nice and want to help. Scammers often take advantage of
this through social networking sites or email, presenting a sad story or a natural disaster where
people are happy to contribute their money. Social engineering also relies on the kindness of
people.

6. Need and greed principle: Once people know our needs and wants, they can manipulate
us. For example, if someone is just about to lose their house because they lost their job, the
promise of a lot of money is very tempting.

7. Time principle: When under time pressure, we make decisions using less reasoning. You
are made an offer you cannot refuse or that asks you to do something quickly. For example,
in a phishing situation, you may have an email that tells you that if you do not log in with your
details you will lose access to your account

14.10 What are the key areas futurists believe will be the future for technology? Do
you agree or disagree with these predictions? What are your predictions for
the next decade?

The Internet of Things (IoT) is a term used to explain the connectivity of devices. Embedded
sensors, processors, software, and connectivity in all types of products which, along with cloud
computing, have the potential to change the way we live, work and play.

Pervasive computing, ubiquitous computing and ambient intelligence are all terms used for
technologies that are integrated into our everyday lives. Many of these technologies are
already invisible and taken for granted. For example, a smartphone’s map function is very
useful, but to use it GPS must be turned on, which tracks the phone’s (and therefore the user’s)
location.

3D printing, robotics, driverless cars, big data and analytics, cloud are all trends that will disrupt
the way we collaborate and work, connect and live.

It is up to us to decide on how technology will be used and integrated into our lives. Students
should think carefully about the issues and how they might make ethical choices for
themselves, their organisations and communities.