Chapter 8
Protecting People and Information
Threats and Safeguards
MAIN MAP
Recall
Introduction
n
To handle information in a
responsible way you must understand:
t
The importance of ethics in the
ownership and use of information.
t
The importance to people of personal
privacy and the ways in which it can be compromised.
t
The value of information to an
organization.
t
Threats to information and how to
protect against them (security).
t
The need to plan for the worst-case
scenario (disaster recovery)
Introduction
Figure
8.1
Chapter Overview
page 298
Introduction
n
The most important part of IT system
is
t
The people who use it and
t
How they are affected by it
n
In an electronic age we can affect
more people’s lives in more ways than ever before
n
How we view and handle information is
largely determined by our ethics
Introduction
n
Examples on how we view and handle
information is largely determined by our ethics:
t
Employee searching organization’s
database to get personal information on friends
t
Developing systems and selling them
before they are tested completely
t
Copying and distributing software
they have no right to do
t
People breaking into computer systems
to steal passwords
ETHICS
Ethics
n Ethical people
t Have integrity
t You can definitely trust
t Are enthusiastic about the rights of others as they are about their own
rights
Ethics
n Ethics - the principles and standards that guide our behaviour toward other
people.
Ethics
n To behave in an ethical fashion is
not simple to do since some situations are complex and ambiguous
n
Our
sense of ethics shifts over time and from culture to culture
Ethics
Two Factors That
Determine How You Decide Ethical Issues
n
There are two factors that affect how you make your
decision when you are faced with an ethical dilemma (figure 8.2)
n Your basic
ethical structure
n The set of
practical circumstances involved in the decision that you are trying to make
Ethics
Two Factors That
Determine How You Decide Ethical Issues
n
Your basic ethical structure, which
you developed as you grew up. They exist at several levels
n The outside level: take a couple of paper clips, send a personal email on
company’s time
n The middle level: Access personal records for personal reasons, reading
someone else’s email
n The innermost level: embezzling funds, selling confidential company
information to competitors
Ethics
Two Factors That
Determine How You Decide Ethical Issues
n
The set of practical circumstances involved in the
decision that you’re trying to make — that is, all the shades of gray in what
are rarely black or white decisions.
Ethics
Two Factors That
Determine How You Decide Ethical Issues
Figure
8.2
Your ethical structure
page 299
Ethics
Two Factors That
Determine How You Decide Ethical Issues
n
The practical circumstances
surrounding decisions include:
t
Consequences - how much or how little benefit or harm will come from a
particular decision?
n
Society’s opinion - what is your
perception of what society really thinks of your intended action?
n
Likelihood of effect - what is the
probability of the harm or benefit that will occur if you take the action?
Ethics
Two Factors That
Determine How You Decide Ethical Issues
n
Time to consequences - what length of
time will it take for the benefit or harm to take effect?
n
Relatedness - how much do you
identify with the person or persons who will receive the benefit or suffer the
harm?
n
Reach of result - how many people
will be affected by your action?
Ethics
Guidelines for
Ethical Computer System Use
n
Central to the ethical use of
computers and information are the issues of
t
Ownership
t
Responsibility
t
Personal privacy
t
Access
n
To make things even worse, different
countries have different views on these issues
Ethics
Guidelines for
Ethical Computer System Use
n
Central to the ethical use of
computers and information are the issues of
t Ownership: The rights to
information and intellectual property
t Responsibility: Deals with who is
accountable for the accuracy and completeness of information
t Personal privacy: Addresses the
question of who owns personal information
t Access: Deals with who can use,
view, store and process what information
Ethics
Guidelines for
Ethical Computer System Use
n
In the figure below you see the four quadrants of
ethical and legal behaviour.
n
You’re pretty safe if you can manage to stay in
quadrant I.
Ethics
Guidelines for
Ethical Computer System Use
Figure
8.3
Ethical Dimensions of Information
page 301
Ethics
Guidelines for
Ethical Computer System Use
n
Resources you look when you need to clarify issues
related to ethics and computers:
t Ombudsperson
t Company’s
code of ethics
t The ACM
Ethics
Guidelines for
Ethical Computer System Use
n
The ten commandments of computer
ethics:
t
Do not use a computer to harm other
people
t
Do not interfere with other people’s
computer work
t
Do not snoop around in other people’s
computer files
t
Do not use a computer to steal
t
Do not use a computer to bear false
witness
t
Do not copy or use proprietary
software for which you have not paid
t
Do not use other people’s computer
resources without authorization or proper compensation
t
Do not appropriate other people’s
intellectual output
t
Always think about the social
consequences of the IT system you are involved in
t
Always use a computer in ways that
insure consideration and respect for your fellow humans
Ethics
Intellectual Property
n
One most common ethical issue is intellectual property
which is related to the use and/or copying of proprietary software
n Will you do the
right thing?
Ethics
Intellectual Property
n Intellectual
property - intangible
creative work that is embodied in physical form.
n Copyright - the legal protection afforded an expression of an
idea, such as a song, video game, and some types of proprietary documents.
Ethics
Intellectual Property
n Fair Use Doctrine - says that you may use copyrighted material in certain situations — for
example, in the creation of new work or, within certain limits, for teaching
purposes.
n Copyright disputes is whether the copyright holder has been or is likely
to be denied income because of the infringement
Ethics
Intellectual Property
n
Pirated software - the
unauthorized use, duplication, distribution or sale of copyrighted software
n
Losses in revenue to businesses is estimated at $12
billion a year
Ethics
Intellectual Property
n Counterfeit software - software that is manufactured to look like the real thing and sold as
such.
PRIVACY
Privacy
The right to be left alone when you
want to be, to have control over your own personal possessions, and not to be
observed without your consent.
Privacy
n Privacy has two dimensions:
t Psychologically: The need for personal space.
t Legally: The necessity for self-protection.
Privacy
n Topics to be discussed in relation to privacy:
t … and other individuals
t … and employees
t … and consumers
t … and government agencies
t … and international trade
t Laws on privacy
Privacy
Privacy and Other
Individuals
n Other individuals such as family
member, co-workers or associates could be electronically invading your privacy:
t Curiosity?
t Get your password?
Privacy
Privacy and Other
Individuals
n There are some situations where you
have the right to snoop:
t Finding out if your child is in contact with someone or something
undesirable
t See snoop ware programs.
Privacy
Privacy and Other
Individuals
n Key logger, or key
trapper, software,
-a program, when installed on a computer, records every keystroke and mouse
click.
Privacy
Privacy and Other
Individuals
n To disable activity
programs-monitoring programs
Privacy
Privacy and Other
Individuals
n
E-mail is completely insecure.
t Each e-mail you send results in at least 3 or 4 copies
being stored on different computers.
t You can take measures to protect your e-mail.
t You can encrypt your email
Privacy
Privacy and Other
Individuals
Figure
8.7
The E-Mail You Send is Stored on Many Computers
page 308
Privacy
Privacy and Employees
n
Companies need information about
their employees and customers to be effective in the marketplace.
n
63% of companies monitored employee
Internet connections including about two-thirds of the 60 billion electronic
messages sent by 40 million e-mail users.
Privacy
Privacy and Employees
n
After you are hired your employer can monitor
t Where you go
t What you do
t What you say
t What you
write in emails
At
during working hours.
Privacy
Privacy and Employees
n Another reason employers would
want to monitor their workers use of IT resources is to avoid wasting resources
or “cyberslacking”. This includes:
t Pornographic websites
t News sites
t Chatting
t Gaming
t Trading stocks
t Participating in auctions
t Shopping
t other
Privacy
Privacy and Employees
n
Reasons for seeking and storing
personal information on employees.
t
Hire the best people possible and
avoid being sued for failing to adequately investigate backgrounds.
t
Ensure staff members are conducting
themselves appropriately.
t
Held liable for the actions of
employees.
Privacy
Privacy and Employees
n
There are software that checks for incoming and
outgoing email:
t
The Trojan Horse
t
Inspection programs to check certain level of email to
and from the same address
t Hardware key
logger - a hardware
device that captures keystrokes on their journey from the keyboard to the
motherboard.
Privacy
Privacy and Consumers
n
There is a business dilemma when it
comes to privacy and the consumer. Customers want businesses to:
t
Know who they are, but they want them
to leave them alone.
t
Provide what they want, but they
don’t want businesses knowing too much about their habits and preferences.
t
Tell them about products and services
they might like to have, but don’t want to be inundated with ads.
Privacy
Privacy and Consumers
n
In a relatively large web site, 100 million hits a day
is possible
n
200 bytes of information per hit
n
This is 20gbytes per day
n
This amount of information makes the electronic
customer relationship systems the fastest growing area of software development
Privacy
Privacy and Consumers
n Technology related to the privacy of the consumer:
t Cookies
t Spyware
" The trojan horse approach
Privacy
Privacy and Consumers
n Cookie - a small record deposited on your hard disk by a Web site containing
information about you and your Web activities.
n Adware - software to generate ads that
installs itself on your computer when you download some other (usually free)
program from the Web.
n Trojan-horse software - software you don’t want hidden inside software you do want.
Privacy
Privacy and Consumers
n Spyware (also called sneakware or
stealthware) - software that
comes hidden in free downloadable software and tracks your online movements,
mines the information stored on your computer, or uses your computer’s CPU and
storage for some task you know nothing about.
Privacy
Privacy and Consumers
n You can detect trojan horse software
n
To checkout free software for spyware
n
To prevent your computer from
automatically communicating over the internet without your approval
t
www.zonelabs.com
Privacy
Privacy and Consumers
n As a consumer, if you want to protect
your information about your surfing habits: www.anonymizer.com
To protect yourself from web habit monitoring software such
as:
t Web
log
- consists of one line of information for every visitor to a Web site and is
usually stored on a Web server.
t Clickstream
- records information
about you during a Web surfing session such as what Web sites you visited, how
long you were there, what ads you looked at, and what you bought.
t Anonymous
Web browsing (AWB) services
- hides your identity from the Web sites you visit.
Privacy
Privacy and
Government Agencies
n
Government agencies have about 2,000
databases containing personal information on individuals.
n
The various branches of government
need information to administer entitlement programs, such as social security,
welfare, student loans, law enforcement, and so on.
Privacy
Privacy and
Government Agencies
n
Law enforcement
t Royal
Canadian Mounted Police (RCMP)
t Canadian
Security Intelligence Service (CSIS)
t Criminal
Intelligence Service Canada (CISC)
t Correctional
Service of Canada (CSC)
t National
Crime Prevention Strategy
Privacy
Privacy and
Government Agencies
n
Other Federal agencies
t Canada
Customs and Revenue Agency (CCRA)
t Statistics
Canada
t Human
Resources Development Canada
t Office of
the Privacy Commissioner of Canada
Privacy
Privacy and
International Trade
n Safe-harbor
principles - a set of
rules to which U.S. businesses that want to trade with the European Union (EU)
must adhere.
Privacy
Privacy and
International Trade
n
The rights granted to EU citizens
include the consumer’s right to:
t
Know the marketer’s source of
information.
t
Check personal identifiable
information for accuracy.
t
Correct any incorrect information.
t
Specify that information can’t be
transferred to a third party without the consumer’s consent.
t
Know the purpose for which the
information is being collected.
Privacy
Laws on Privacy
n
The Health Insurance Portability and
Accountability (HIPAA) act seeks to:
t
Limit release and use of health
information.
t
Right to access your medical records.
t
Specify circumstances of access.
t
Disclosure if recipient signs
protection agreement.
INFORMATION
Information
Information as Raw
Material
n
Information in an organization plays dual roles
n
Information has two functions in an organization
t As raw
material
t As capital
Information
Information as Raw
Material
n
Raw materials are the components from
which a product is made.
n
Wood, glue, and screws are raw
materials for a chair.
n
Almost everything you buy has
information as part of the product.
n
The most successful companies place
the highest value on information.
Information
Figure
8.8
Information as Raw Material and Capital
page 318
Information
Information as
Capital
n
Capital is the asset you use to
produce a product or service.
n
Buildings, trucks, and machinery are
assets.
n
Information is capital since it is
used by companies to provide products and services.
SECURITY
Security
n Sabotage to companies costs them
close to $10 billion every year
n Hard disks crash
n Computer parts fail
n Hackers gain access and do
mischief
n Thieves
n Disgruntled employees and
associates can cause damage
Security
n
… and employees
n
… and collaboration partners
n
… and outside threats
n Security precautions
t Backups
t Antivirus software
t Firewalls
t Access authorization
t encryption
Security
Security and
Employees
n
Most of the press reports are about
outside attacks on computer systems, but actually, companies are in far more
danger of losing money from employee misconduct than they are from outsiders.
n
White-collar crime accounts for about
$400 billion in losses every year.
Security
Security and
Employees
Figure
8.9
Statistics on White Collar Crime
page 319
Security
Security and
Collaboration Partners
n
If you use collaboration systems
representative of other companies can gain access to your systems.
n Grid computing - harnesses far-flung computers together by way of the Internet or a
virtual private network to share CPU power, databases, and database
storage.
Security
Security and Outside
Threats
n 85% of large companies and governmental agencies were broken into during
2001.
n Hackers - very knowledgeable computer users who use their knowledge to invade
other people’s computers.
Security
Security and Outside
Threats
Figure 8.10
Hacker Types
page 322
Security
Security and Outside
Threats
n Computer virus (or simply a virus)
- is software that is written with malicious intent to cause annoyance or
damage.
n Worm - a type of virus that spreads itself, not just from file to file, but
from computer to computer via e-mail and other Internet traffic.
n Denial-of-service attack (DoS) - floods a Web site with so many requests for service that it
slows down or crashes.
Security
Security and Outside
Threats
Figure
8.11
The Genealogy of Viruses
page 323
Security
Security and Outside
Threats
n Computer viruses can’t:
t Hurt your hardware (i.e. monitors, printers, or
processor.)
t Hurt any files they weren’t designed to attack.
t Infect files on write-protected disks.
Security
Security Precautions
n Risk management - consists of the identification of risks or threats, the implementation of
security measures, and the monitoring of those measures for effectiveness.
Security
Security Precautions
n Risk assessment - the process of evaluating IT
assets, their importance to the organization, and their susceptibility to
threats, to measure the risk exposure of these assets.
n Risk assessment asks:
t What can go wrong?
t How likely is it to go wrong?
t What are the possible
consequences if it does go wrong?
Security
Security Precautions
n Backup - the process of making a copy of the information stored on a computer.
n Anti-virus software - detects and removes or quarantines computer viruses.
n Firewall - hardware and/or software that protects computers from intruders.
Security
Security Precautions
n Biometrics - the use of physical characteristics — such as your
fingerprint, the blood vessels in the retina of your eye, the sound of your
voice, or perhaps even your breath — to provide identification.
Security
Security Precautions
n Encryption – scrambles the contents of a file so that you can’t read it without
having the right decryption key.
n Public key encryption (PKE) - an encryption system that uses two keys: a public key that
everyone can have and a private key for only the recipient.
Security
Security Precautions
n Intrusion-detection software - looks for people on the
network who shouldn’t be there or who are acting suspiciously.
n Security auditing software - checks out your computer or network for potential weaknesses.
DISASTER RECOVERY
Disaster Recovery
n What if something catastrophic
happens?
n About 250 natural disasters occur
worldwide annually
n As a company, you need to be
prepared.
t
Banks by law have a disaster recovery
plan
Disaster Recovery
n Intrusion-detection software - looks for people on the
network who shouldn’t be there or who are acting suspiciously.
n Security auditing software - checks out your computer or network for potential weaknesses.
Disaster Recovery
n
A good disaster recovery plan will take
into consideration
t Customers
t Facilities
t Knowledge workers
t Business information
t Computer equipment
t Computer communications
infrastructure
Disaster Recovery
Figure 8.12
Disaster Recovery Plan
page 330
Closing Case Study One
Protecting More than
Health
q What might
staff want to steal from a hospital?
What would motivate them?
q What
security measures can be taken to protect hospital property?
Closing Case Study Two
Is the Safe Harbor
Safe for U.S. Businesses?
n
European countries and Australia have passed laws
protecting the privacy of name-linked information of consumers.
n
Would you like to have stronger privacy laws in
Canada?
Summary
Student Learning
Outcomes
n Define ethics and describe the
two factors that affect how you make a decision concerning an ethical issue.
n Define and describe intellectual
property, copyright, Fair Use Doctrine, and pirated and counterfeit software.
n Define privacy and describe the
ways in which it can be threatened.
Summary
Student Learning
Outcomes
n
Describe the two ways that
information is valuable to business.
n Describe the ways in which
companies are vulnerable to computer attacks.
n Define risk management and risk
assessment and describe the seven security measures that companies can take to
protect their information.
Summary
Assignments & Exercises
n
Helping a friend
n
Find Anti-virus software
n
Find out what happened in the U.S.
n
Find out what happened in Canada
n
Investigate monitoring systems
n
Check out the Computer Ethics
Institute’s advice
Real Hot Electronic
Commerce
Making Travel
Arrangements on the Internet
n
Airlines
n
Trains and busses
n
Rental cars
n
Road conditions and maps
n
Lodging
n
One-stop travel sites
n
Destination information
Visit the Web to Learn More
www.mcgrawhill.ca/college/haag
n
Airlines
n
Trains and busses
n
Rental cars
n
Road conditions and maps
n
Lodging
n
One-stop travel sites
n
Destination information