Chapter - 13: Mcgraw-Hill/Irwin

1
Chapter - 13
McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved.
2
Learning Objectives
Identify ethical issues in how the use of

information technologies in business affects
employment, individuality, working conditions,
privacy, crime, health, and solutions to societal
problems.
3
Learning Objectives (continued)
Identify types of security management strategies

and defenses, and explain how they can be used
to ensure the security of e-business applications.
How can business managers and professionals

help to lessen the harmful effects and increase the
beneficial effects of the use of information
technology?
4
Section I
Security, Ethical, and Societal Challenges
5
Ethical Responsibility
The use of IT presents major security challenges,
poses serious ethical questions, and affects society in
significant ways.
IT raises ethical issues in the areas of..
 Crime
 Privacy
 Individuality
 Employment
 Health
 Working conditions
6
Ethical Responsibility (continued)
But, IT has had beneficial results as well.
So as managers, it is our responsibility to minimize

the detrimental effects and optimize the beneficial
effects.
7
Business Ethics
Basic categories of ethical issues
Employee privacy
Security of company records
Workplace safety
8
Theories of corporate social responsibility
Stockholder theory
Managers are agents of the stockholders.
Their only ethical responsibility is to increase
profit without violating the law or engaging
in fraud
9
Theories of corporate social responsibility (continued)
Social Contract Theory

Companies have ethical responsibilities to all
members of society, which allow corporations to
exist based on a social contract
10

 Firstcondition – companies must enhance
economic satisfaction of consumers and
employees
 Second condition – avoid fraudulent practices,
show respect for employees as human beings, and
avoid practices that systematically worsen the
position of any group in society
11

Stakeholder theory
 Managers have an ethical responsibility to manage a
firm for the benefit of all its stakeholders.
 Stockholders
 Employees
 Customers
 Suppliers
 Local community
12

Sometimes stakeholders are considered to
include
Competitors
Government agencies and special interest

groups
Future generations
13
Technology Ethics
 Four Principles :
 1. Proportionality
Good must outweigh any harm or risk
Must be no alternative that achieves the same
or comparable benefits with less harm or risk
14
Technology Ethics (continued)
 2. Informed consent
Those affected should understand and accept
the risks
 3. Justice
 Benefits and burdens should be distributed
fairly
15
Technology Ethics (continued)
 4. Minimized Risk
Even if judged acceptable by the other three
guidelines, the technology must be
implemented so as to avoid all unnecessary risk
16
 Ethical Guidelines
17
Ethical guidelines (continued)

Responsibilities of end users
Act with integrity
Increase their professional competence
Set high standards of personal performance
Accept responsibility for their work
Advance the health, privacy, and general
welfare of the public

18
Computer Crime
Association of Information Technology

Professionals (AITP) definition includes
The unauthorized use, access, modification, and
destruction of hardware, software, data, or network
resources
Unauthorized release of information
Unauthorized copying of software
19
Computer Crime (continued)
AITP guidelines (continued)

 Denying an end user his/her own hardware,
software, data, or network resources
Using or conspiring to use computer or network
resources to illegally obtain info or tangible
property
20
Hacking
The obsessive use of computers, or the

unauthorized access and use of networked
computer systems
21
Cyber Theft
Involves unauthorized network entry and the
fraudulent alteration of computer databases
22
Unauthorized use at work

Also called time and resource theft
 May range from doing private consulting or
personal finances, to playing video games, to

unauthorized use of the Internet on company
networks
23
Software Piracy
Unauthorized copying of software
Software is intellectual property protected by
copyright law and user licensing agreement
24
Piracy of intellectual property

 Other forms of intellectual property covered by
copyright laws
 Music
 Videos
 Images
 Articles
 Books
 Other written works
25
Computer viruses and worms

Virus
A program that cannot work without being

inserted into another program
Worm
A distinct program that can run unaided
26
Computer crime ( cont’d)
 Adware & Spyware

 Adware
Even though adware software purporting to serve
some useful function and often fulfilling that
function, also allows Internet advertisers to
display advertisements as banners and pop-up ads
without the consent of the computer user.
27
Computer crimes ( cont’d)
 Adware and Spyware (continued)

 Spyware
In the extreme, adware can also collect information
about the user of its host computer and send it over the
internet to its owner. This special class of adware is
called spyware and is defined as any software that
employs users’ Internet connection in the background
without their knowledge or explicit permission.
28
Computer Crimes ( cont’d)
 Few characteristics of Spyware

- Not all adware programs are spyware
- Spyware program collect information about
people ranging from general demographics like
name, address and Internet surfing habits to credit
card, national id no., user names, passwords or
other personal information.
- Spyware is considered as a clear threat to
public privacy.
29
Privacy Issues
IT makes it technically and economically feasible to

collect, store, integrate, interchange, and retrieve data
and information quickly and easily.
 Benefit – increases efficiency and effectiveness
But, may also have a negative effect on individual’s
right to privacy
30
Privacy Issues (continued)
Examples of important privacy issues

Accessing private e-mail and computer records &
sharing information about individuals gained from
their visits to websites and newsgroups
 Always knowing where a person is via mobile and
paging services
31
Examples of important privacy issues (continued)

Using customer information obtained from many
sources to market additional business services
Collecting personal information to build individual
customer profiles
32
Privacy on the Internet

Users of the Internet are highly visible and open to
violations of privacy
Unsecured with no real rules
Cookies capture information about you every time
you visit a site

That information may be sold to third parties
33
Privacy on the Internet (continued)

Protect your privacy by
 Encryptingyour messages
Post to newsgroups through anonymous
remailers
Ask your ISP not to sell your information to
mailing list providers and other marketers
 Decline to reveal personal data and interests
online
34
Computer Matching
 Computer profiling and matching personal data to that
profile.
 Individuals have been mistakenly arrested and jailed
because their physical profiles or personal data have

been used by profiling software to match them
incorrectly with the wrong individual.
 Information extracted from the databases of sales
transaction processing systems, Internet websites or

newsgroup people visit and sold to information brokers.
35
Privacy laws
Attempt to enforce the privacy of computer-based
files and communications
‘Electronic
Communications Privacy Act’
‘Computer Fraud and Abuse Act’
36
Computer Libel and Censorship

The opposite side of the privacy debate
Right to know (freedom of information)
Right to express opinions (freedom of speech)
Right to publish those opinions (freedom of the
press)
Spamming
Flaming
37
Other Challenges
Employment
New jobs have been created and productivity has

increased, yet there has been a significant reduction
in some types of jobs as a result of IT.
38
Other Challenges (continued)
Computer Monitoring
Concerns workplace privacy
 Monitors individuals, not just work
 Is done continually. May be seen as violating
workers’ privacy & personal freedom

 Workers may not know that they are being monitored
or how the information is being used

 May increase workers’ stress level
 May rob workers dignity at their work
39
Working Conditions
 IT has eliminated many monotonous, obnoxious
tasks, but has created others
40
Individuality
Computer-based systems criticized as impersonal

systems that dehumanize and depersonalize
activities
Regimentation
41
Health Issues
Jobstress
Muscle damage
Eye strain
Radiation exposure
Accidents
Some solutions
Ergonomics (human factors engineering)
Goal is to design healthy work environments
42
Health Issues (continued)
43
Societal Solutions
Beneficial effects on society
Solve human and social problems
 Medical diagnosis
 Computer-assisted instruction
 Governmental program planning
 Environmental quality control
 Law enforcement
 Crime control
 Job placement
44
Section II
Security Management
45
Tools of Security Management
Goal
Minimize errors, fraud, and losses in the e-

business systems that interconnect businesses with
their customers, suppliers, and other stakeholders
46
Tools of Security Management (continued)
47
Internetworked Security Defenses
 Internetworked Security Defenses

Five major Tools:
1. Encryption
2. Firewalls
3. Denial of Service Defenses
4. E-mail Monitoring
5. Virus Defenses
48
Internetworked Security Defense ( continued)
 1. Encryption
Passwords, messages, files, and other data is
transmitted in scrambled form and unscrambled
for authorized users
Involves using special mathematical algorithms to
transform digital data in scrambled code

Most widely used method uses a pair of public
and private keys unique to each individual
49
Internetworked Security Defenses (continued)
 2. Firewalls
Serves as a “gatekeeper” system that protects a
company’s intranets and other computer networks
from intrusion
Provides a filter and safe transfer point
 Screens all network traffic for proper passwords
or other security codes
50
 3. Denial of Service Defenses

These assaults depend on three layers of
networked computer systems
Victim’s website
Victim’s ISP
Sites of “zombie” or slave computers
Defensive measures and security precautions must
be taken at all three levels

51
 4. E-mail Monitoring
“Spot checks just aren’t good enough anymore.
The tide is turning toward systematic monitoring
of corporate e-mail traffic using content-monitoring
software that scans for troublesome words that
might compromise corporate security.”
52
 5. Virus Defenses
Protection may accomplished through
Centralized distribution and updating of
antivirus software
Outsourcing the virus protection responsibility
to ISPs or to telecommunications or security
management companies
53
Other Security Measures
Security codes
Multilevel password system
Log onto the computer system
Gain access into the system
Access individual files
54
Other Security Measures (continued)
Backup Files
Duplicate files of data or programs
File retention measures
Sometimes several generations of files are kept
for control purposes
55
Security Monitors
Programs that monitor the use of computer
systems and networks and protect them from
unauthorized use, fraud, and destruction
56
Biometric Security
 Measure physical traits that make each individual unique
 Voice
 Fingerprints
 Hand geometry
 Signature dynamics
 Keystroke analysis
 Retina scanning
 Face recognition and Genetic pattern analysis
57
Computer Failure Controls

 Preventive maintenance of hardware and
management of software updates
 Backup computer system
Carefully scheduled hardware or software changes
 Highly trained data center personnel
58
Fault Tolerant Systems

Computer systems that have redundant processors,
peripherals, and software
 Fail-over : Uses redundant processors, peripherals and
software for back up.
 Fail-safe : Computer systems continues to operate at the
same level even if there is a major hardware or software

failure.
 Fail-soft: Computer systems can continue to operate at a
reduced but acceptable level in the event of a major system

failure.
59
Disaster Recovery
Disaster recovery plan
Which employees will participate and their
duties
What hardware, software, and facilities will be
used
Priority of applications that will be processed
60
System Controls and Audits
Information System Controls

Methods and devices that attempt to ensure the
accuracy, validity, and propriety of information
system activities
Designed to monitor and maintain the quality and
security of input, processing, and storage activities
61
System Controls and Audits (continued)
Auditing Business Systems

Review and evaluate whether proper and adequate
security measures and management policies have
been developed and implemented
Testing the integrity of an application’s audit trail
62
Discussion Questions
What can be done to improve e-commerce
security on the Internet?
What potential security problems do you see in

the increasing use of intranets and extranets in
business? What might be done to solve such
problems?
63
Discussion Questions (continued)
What artificial intelligence techniques can a

business use to improve computer security and
fight computer crime?
What are your major concerns about computer

crime and privacy on the Internet? What can you
do about it?
64
What is disaster recovery? How could it be

implemented at your school or work?
Is there an ethical crisis in e-business today?

What role does information technology play in
unethical business practices?
65
What business decisions will you have to make

as a manager that have both an ethical and IT
dimension?
What would be examples of one positive and one

negative effect of the use of e-business
technologies in each of the ethical and societal
dimensions illustrated in the chapter?

Chapter - 13: Mcgraw-Hill/Irwin

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Chapter - 13: Mcgraw-Hill/Irwin

Uploaded by

Copyright:

Available Formats

1

Identify ethical issues in how the use of

Learning Objectives (continued)

Identify types of security management strategies

How can business managers and professionals

Security, Ethical, and Societal Challenges

Ethical Responsibility (continued)

But, IT has had beneficial results as well.

So as managers, it is our responsibility to minimize

Ethical Responsibility (continued)

Ethical Responsibility (continued)

Theories of corporate social responsibility

Ethical Responsibility (continued)

Theories of corporate social responsibility (continued)

Social Contract Theory

Ethical Responsibility (continued)

Theories of corporate social responsibility (continued)

Ethical Responsibility (continued)

Theories of corporate social responsibility (continued)

Ethical Responsibility (continued)

Theories of corporate social responsibility (continued)

Government agencies and special interest

Ethical Responsibility (continued)

Must be no alternative that achieves the same

or comparable benefits with less harm or risk

Ethical Responsibility (continued)

Technology Ethics (continued)

Ethical Responsibility (continued)

Technology Ethics (continued)

Ethical Responsibility (continued)

Ethical Responsibility (continued)

Ethical guidelines (continued)

Set high standards of personal performance

Accept responsibility for their work

Advance the health, privacy, and general

welfare of the public

Association of Information Technology

Unauthorized copying of software

Computer Crime (continued)

AITP guidelines (continued)

Computer Crime (continued)

The obsessive use of computers, or the

Computer Crime (continued)

Computer Crime (continued)

Unauthorized use at work

personal finances, to playing video games, to

Computer Crime (continued)

Computer Crime (continued)

Piracy of intellectual property

 Other written works

Computer Crime (continued)

Computer viruses and worms

A program that cannot work without being

A distinct program that can run unaided

Computer crime ( cont’d)

 Adware & Spyware

Computer crimes ( cont’d)

 Adware and Spyware (continued)

Computer Crimes ( cont’d)

 Few characteristics of Spyware

IT makes it technically and economically feasible to

Privacy Issues (continued)

Examples of important privacy issues