CHAPTER 7:

MANAGING INFORMATION
TECHNOLOGY

Security and Ethical Challenges

Learning Objectives
 Identify several ethical issues in how the use of
information technologies in business affects:
employment, individuality, working conditions,
Privacy, crime, health, etc.
 Identify several types of security management
strategies and defenses, and explain how they can
be used to ensure the security of business
applications of information technology
 Propose steps to lessen the harmful effects and
increase the beneficial effects of the use of IT
2
Impact of information systems on Organizations
and society

 Impact on organizations
 Information system is one of the resources’ of an
organization which poses a major resource
management challenge.
 affects operational efficiency, employee productivity,
and customer service & satisfaction.
 is a major source of information & support needed for
effective decision making .
 affects organizational structure because it can reduce
the layers & numbers of middle level management.

3
Impact of Information systems on society:

Advantages
 A shift on employment - employment is increasing in
information sector because the economy is heavily
depending on the creation, management & distribution of
information.
 Usage of internet services:-the number of services
available to home users is growing. Electronic mail,
education service & video games, home banking, etc.
 Change on life style - individuals can do their jobs
independent of their workplace. Information systems have
created the opportunity for high standard of living and
increasing leisure time.

4
Ethics and Social Issues
 Ethics
 Principles of right and wrong that can be used by individuals
acting as free moral agents to make choices to guide their
behavior
 Information technology and Information Systems have
indeed raised new questions for both individuals and
societies within the ethical arena.
 They create opportunities for intense social change;
threatening existing distributions of power, money, rights
and obligations.

5
Ethical & Social Issues
 Ethical, Social, and Political Issues
Model
 Ethical, social, and political issues are closely linked. (See next
slide)
 The ethical dilemma you may face as a manager of information
systems typically is reflected in social and political debate.

6
Ethical & Social Issues

7
 Ethical & Social Issues
 Ethical, Social, and Political Issues
Model
 Imagine society as a more or less calm pond on a summer day, a
delicate ecosystem in partial equilibrium with individuals and with
social and political institutions.
 Individuals know how to act in this pond because social institutions
(family, education, organizations) have developed well-honed rules of
behavior, and these are backed by laws developed in the political
sector that prescribe behavior and promise sanctions for violations.
 Now toss a rock into the center of the pond. But imagine instead of a
rock that the disturbing force is a powerful shock of new information
technology and systems hitting a society more or less at rest.
 What happens? ripples, of course.

8
Ethical & Social Issues
 Ethical, Social, and Political Issues
Model
 Suddenly individual actors are confronted with new situations often
not covered by the old rules.
 Social institutions cannot respond overnight to these ripples—it
may take years to develop etiquette, expectations, social
responsibility, “politically correct” attitudes, or approved rules.
 Political institutions also require time before developing new laws
and often require the demonstration of real harm before they act.
In the meantime, you may have to act.
 You may be forced to act in a legal “gray area.”

9
 IT Security, Ethics, and Society

 IT has both beneficial

and detrimental
effects on society and
people
 Objective: Manage
work activities to
minimize the
detrimental effects of
IT and Optimize the
beneficial effects

10
I. Computer Crime
 Is a growing threat caused by irresponsible actions of few
computer professional and end users, who are taking
advantage of the widespread use of computers and IT in
our society.
 Computer crime includes
 Unauthorized use, access, modification, or destruction of
hardware, software, data, or network resources
 The unauthorized release of information
 The unauthorized copying of software
 Denying an end user access to his/her own hardware, software,
data, or network resources
 Using or conspiring to use computer or network resources illegally
to obtain information or tangible property

11
Computer Crime (Cont’d)

Cyber
Hacking
Theft

Computer
Viruses

Unauthorized
Piracy
Use at work

12
 1.1. Hacking

 Hacking: The unauthorized access and use of networked

computer systems and reading files, but neither stealing
nor damaging anything
 Cracker: is a hacker with criminal intent of gaining
unauthorized access by finding weaknesses in the security
protections employed by Web sites and computer systems
 Hackers and crackers try to retrieve passwords, access or
steal network files, overload computer systems, or damage
data and programs.

13
1.2. Cyber Theft

 Many computer crimes involve the theft of money

that occur through the Internet
 The majority are “inside jobs” that involve
unauthorized network entry and alteration of
computer databases to cover the tracks of the
employees involved in the theft.
 More recent examples involve using the Internet

to access major banks’ computer systems.

 Most companies don’t reveal that they have been
targets or victims of cybercrime for fear of loss of
customer confidence.
14
 1.3. Unauthorized Use at
Work (Service theft)

 Time and resource theft through unauthorized use of

computer systems and networks by employees
 This may include:
 Doing private consulting
 Doing personal finances
 Playing video games
 Unauthorized use of the Internet or company networks
1.4. Software Piracy
 Unauthorized copying of computer programs, which is
intellectual property protected by copy right law.
 Such piracy results in millions of dollars of lost profits
by software publishers.
15
1.5. Computer viruses

 A virus is a program that spreads destructive

program routines to destroy the contents of memory,
hard disks, and other storage devices.
 Commonly transmitted through
 The Internet and online services
 Email and file attachments
 Disks from contaminated computers

16
2. Privacy Issues

information technology can have a negative effect on every

individual’s right to privacy.
Violation of Privacy


 Accessing individuals’ private email conversations and

computer records
 Collecting and sharing information about individuals gained

from their visits to Internet websites

 Unauthorized Access of Personal Files

 Computer Monitoring: Tracking where a person is, mobile and paging

services are becoming more closely associated with people rather than
places

17
3. Employment Challenges of IT
Lost Job Lost
Opportunities Individuality

Working
Conditions

Health
Security Management
Issues

18
3. Employment Challenges

 The impact of information technologies on employment is a major

ethical concern to managers of today’s e-business.
 Information technology has created new jobs and
increased productivity; While it has caused a significant
reduction in some types of job opportunities.
 Computer Monitoring: Using computers to monitor the productivity and
behavior of employees as they work
 Criticized as unethical because it monitors individuals, not just work,
and is done constantly
 Criticized as invasion of privacy because many employees do not
know they are being monitored

19
 Employment Challenges (Cont’d)
 Working Conditions

 Computers have eliminated monotonous or unpleasant tasks in

the office place, thereby improving the quality of work as they
have made some jobs repetitive and routine.
 Computerized systems can depersonalize human transactions,

forcing people to confront and respond to impersonal

programmed logic which lessens the importance of empathy
 Information systems also often require strict adherence to

detailed procedures, which is incompatible with human ideals of

flexibility.
 However, widespread use of personal computers and the Internet
has dramatically improved the development of people-oriented and
personalized systems.

20
 4. Health Issues
 Heavy use of computers is linked to
 eyestrain,
 damaged arm,
 neck muscles, and
 radiation exposure.
 Ergonomics (Also called human factors engineering)
is the science that seeks Solutions to some of these
health problems
 The Goal of ergonomics is to design healthy work environments that
are Safe, comfortable, and pleasant for people to work

21
Ergonomics (Cont’d)
 Ergonomics examines three major
factors in the workplace:
 The tools used by the worker; e.g. computer
screens, computer human interfaces, etc.;
 The work environment, e.g. lighting, work
surfaces, climate etc.; and
 The job content and context, e.g. characteristics
of the task, shift work, rest breaks etc.

22
Security Management of IT

 Business managers and

professionals are responsible
to adhere to the goal of
security management, which is
to ensure the accuracy,
integrity, Quality and safety of
all information system
resources (Hardware,
software, networks, and data
resources).

23
 Internetworked Security Defenses
 Encryption: uses to protect data that is transmitted via the
Internet, intranets, or extranets.
 Installing multiple intrusion-detection systems e.g. firewalls,
and multiple routers to control incoming traffic in order to
reduce choke points.
 Centralizing, distribution and updating of antivirus software to
Build defenses against the spread of computer viruses
 Setting and enforcing security policies such as e-mail
monitoring policy to prevent the infiltration of destructive
programs like Trojan Horses.

24
Other Security Measures (Cont’d)
 Security Codes. The use of passwords to control access
to information assets.

Backup Files. Such files may be stored off-premises and
can be a key component in disaster recovery.
 Security Monitors. are programs that
 Monitor the use of hardware, software, and data resources
of a computer.
 collect statistics on any attempt of misuse.
 Biometric Security Controls: include such detection
devices as voice recognition and fingerprinting, which must
correspond to the authorized person before admitting personnel
to the system.

25
 Security and control issues
Three major areas of control
Information System Controls
 Methods and devices that
ensures the accuracy, validity,
and propriety of information
system activities
Procedural controls Include:
 Separation of duties

 Standard procedures and

documentation
 Authorization requirements

 Auditing

Physical control Include:

 Physical protection

 Computer failure controls

 Telecommunications controls

 Insurance
26
The End

27