1 / 79

Security and Ethical Challenges

Module V – Management Challenges. Security and Ethical Challenges. Learning Objectives. Identify several ethical issues in how the use of information technologies in business affects employment, individuality, working conditions, privacy crime, health, and solutions to societal problems.

travis-ryan
Download Presentation

Security and Ethical Challenges

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Module V – Management Challenges Security and Ethical Challenges

  2. Learning Objectives • Identify several ethical issues in how the use of information technologies in business affects employment, individuality, working conditions, privacy crime, health, and solutions to societal problems. • Identify several types of security management strategies and defences, and explain how they can be used to ensure the security of business applications of information technology. • Propose several ways that business managers and professionals can help to lessen the harmful effects and increase the beneficial effects of the use of information technology.

  3. Security and Ethics Section I • Major Security Challenges • Serious Ethical Questions • Threats to Business and Individuals • Real World Case 1- F-Secure, Microsoft, GM, and Verizon: The Business Challenge of Computer Viruses Click to go to Case 1

  4. Security and Ethics Business/IT Security, Ethics, and Society Privacy Employment Business/IT Security Ethics and Society Health Crime Working Conditions Individuality

  5. Security and Ethics Ethical Responsibility • Business Ethics • Stockholder Theory • Social Contract Theory • Stakeholder Theory

  6. Security and Ethics Ethical Responsibility

  7. Security and Ethics Technology Ethics

  8. Security and Ethics Ethical Guidelines

  9. Security and Ethics Enron Corporation: Failure in Business Ethics • Drove Stock Prices Higher Never Mentioning Any Weaknesses • Promised Much – Delivered Little • Finally Admitted Overstated Earnings by $586 Million in 1997 • 1998 Third Quarter Loss $638 Million – Filed Bankruptcy • Greed and Mismanagement Destroyed a Potentially Successful Business Plan

  10. Security Management • Security is 6 to 8% of IT Budget in Developing Countries • 63% Have or Plan to Have Position of Chief Privacy or Information Officer in the Next Two Years • 40% Have a Chief Privacy Officer and Another 6% Intend One in the Next Two Years • 39% Acknowledge that their Systems Have Been Compromised in the Past Year • 24% Have Cyber Risk Insurance and 5% Intend to Acquire Such Coverage

  11. Security Management Security Technology Used Antivirus 96% Virtual Private Networks 86% Intrusion-Detection Systems 85% Content Filtering/Monitoring 77% Public-Key Infrastructure 45% Smart Cards 43% Biometrics 19%

  12. Security Management PayPal, Inc. Cybercrime on the Internet • Online Payment Processing Company • Observed Questionable Accounts Being Opened • Froze Accounts Used to Buy Expensive Goods For Purchasers in Russia • Used Sniffer Software and Located Users Capturing PayPal Ids and Passwords • More than $100,000 in Fraudulent Charges • Crooks Arrested by FBI

  13. Security Management Computer Crime • Hacking • Cyber Theft • Unauthorized Use of Work • Piracy of Intellectual Property • Computer Viruses and Worms

  14. Security Management Examples of Common Hacking

  15. Security Management Recourse Technologies: Insider Computer Crime • Link Between Company Financial Difficulty and Insider Computer Crimes • Use of “Honey Pots” Filled with Phony Data to Attract Hackers • Software Catches Criminal Activity in Seconds • Crime Exposed and Stopped

  16. Security Management Internet Abuses in the Workplace

  17. Security Management Network Monitoring Software

  18. Security Management AGM Container Controls: Stealing Time and Resources • The Net Contains Many Productivity Distractions • Remedies Include Monitoring Internet Use and Blocking Sites Unrelated to Work • Importance of Telling Employees About Monitoring • Use of Software Monitoring Provided Rebuttal Answers To Web Use Discussions

  19. Security Management Copying Music CDs: Intellectual Property Controversy • RIAA Crack Down on Music Piracy • Web Sites Fighting Back • 140 Million Writable Drives In Use • Billions of Blank CDs Sold While Music CD Sales Are Going Down • Pirates Reluctant to Go Away

  20. Security Management Facts About Recent Computer Viruses and Worms

  21. Security Management University of Chicago: The Nimda Worm • Nimda Worm Launch Sept. 18, 2001 Mass Mailing of Malicious Code Attacking MS-Windows • Took Advantage of Back Doors Previously Left Behind • In Four Hours the University of Chicago’s Web Servers were Scanned by 7,000 Unique IP Addresses Looking for Weaknesses • Many Servers Had to Be Disconnected

  22. Privacy Issues Right to Privacy Privacy on the Internet Acxiom, Inc. Challenges to Consumer Privacy • Acxiom – 30 Years Amassing Massive Database • Sells Data to Subscribers • Use by Telemarketers and Credit Firms

  23. Privacy Issues Right to Privacy • Computer Profiling • Computer Matching • Privacy Laws • Computer Libel and Censorship • Spamming • Flaming

  24. Privacy Issues Other Challenges • Employment Challenges • Working Conditions • Individuality Issues • Health Issues

  25. Privacy Issues Ergonomics

  26. Privacy Issues Ergonomics • Job Stress • Cumulative Trauma Disorders (CTDs) • Carpal Tunnel Syndrome • Human Factors Engineering • Societal Solutions

  27. Security Management of Information Technology Section II • Business Value of Security Management • Protection for all Vital Business Elements Real World Case 2- Geisinger Health Systems and Du Pont: Security Management of Data Resources and Process Control Networks Click to go to Case 2

  28. Security Management of Information Technology Tools of Security Management

  29. Security Management of Information Technology • Need for Security Management Caused by Increased Use of Links Between Business Units • Greater Openness Means Greater Vulnerabilities • Better Use of Identifying, Authenticating Users and Controlling Access to Data • Theft Should Be Made as Difficult as Possible Providence Health and Cervalis: Security Management Issues

  30. Security Management of Information Technology • Encryption • Public Key • Private Key Graphically… Internetworked Security Defenses

  31. Security Management of Information Technology Encryption

  32. Security Management of Information Technology Firewalls External Firewall Blocks Outsiders 1 Internal Firewall Blocks Restricted Materials 2 3 4 5 Intranet Server Host System Use of Passwords and Browser Security 3 Performs Authentication and Encryption 4 Firewall Router Router 1 Careful Network Interface Design 5 2 Internet Firewall 4 Intranet Server

  33. Security Management of Information Technology • Worldwide Search for Active IP Addresses • Sophisticated Probes Scan Any Home or Work Location • Personal Firewalls Help Block Intruders • Firewalls Generally Good at Protecting Computers from Most Hacking Efforts Barry Nance: Testing PC Firewall Security

  34. Security Management of Information Technology • MTV.com Website Targeted for Distributed Denial of Service (DDOS) Attacks During Fall Peak Periods • Some People Try to Crash MTV Sites • Parent Viacom Installed Software to Filter out DDOS Attacks • Website Downtime Reduced MTV Networks: Denial of Service Defenses

  35. Security Management of Information Technology Defending Against Denial of Service Attacks

  36. Security Management of Information Technology • e-Sniff Monitoring Device Searches e-Mail by Key Word or Records of Web Sites Visited • 82% of Businesses Monitor Web Use • Close to 100% of Workers Register Some Improper Use Sonalysts, Inc.: Corporate e-Mail Monitoring

  37. Security Management of Information Technology • Much Software Was Unable to Stop Nimda Worm • Software Alone is Often Not Enough to Clean System • Until Better Software is Developed, A Complete System Disconnect and Purge May Be the Only Solution TrueSecure and 724 Inc.: Limitations of Antivirus Software

  38. Security Management of Information Technology Example Security Suite Interface

  39. Security Management of Information Technology Other Security Measures • Security Codes • Multilevel Password System • Smart Cards • Backup Files • Child, Parent, Grandparent Files • System Security Monitors • Biometric Security

  40. Security Management of Information Technology Example Security Monitor

  41. Security Management of Information Technology Evaluation of Biometric Security

  42. Security Management of Information Technology Computer Failure Controls • Fault Tolerant Systems • Fail-Over • Fail-Safe • Fail-Soft • Disaster Recovery

  43. Security Management of Information Technology Methods of Fault Tolerance

  44. Security Management of Information Technology Visa International: Fault Tolerant Systems • Only 100% Uptime is Acceptable • Only 98 Minutes of Downtime in 12 Years • 1 Billion Transactions Worth $2 Trillion in Transactions a Year • 4 Global Processing Centers • Multiple Layers of Redundancy and Backup • Software Testing and Art Form

  45. Systems Controls and Audits • Information System Controls • Garbage-In, Garbage-Out (GIGO) • Auditing IT Security • Audit Trails • Control Logs

  46. Storage Controls Systems Controls and Audits Processing Controls Software Controls Hardware Controls Firewalls Checkpoints Input Controls Output Controls Security Codes Encryption Data Entry Screens Error Signals Control Totals Security Codes Encryption Control Totals Control Listings End User Feedback Security Codes Encryption Backup Files Library Procedures Database Administration

  47. Summary • Ethical and Societal Dimensions • Ethical Responsibility in Business • Security Management

  48. Antivirus software Audit trail Auditing business systems Backup files Biometric security Business ethics Computer crime Computer matching Computer monitoring Computer virus Denial of service Disaster recovery Encryption Ergonomics Ethical and Societal Impacts of business/IT Employment Health Individuality Societal Solutions Working Conditions Ethical foundations Fault tolerant Firewall Flaming Hacking Information system controls Intellectual property piracy Passwords Privacy issues Responsible professional Security management Software piracy Spamming System security monitor Unauthorized use KEY TERMS

  49. Optional Case Studies Real World Case 1 F-Secure– MicrosoftGM and Verizon: The BusinessChallenge of Computer Viruses Click to go to Case 1 Real World Case 2 Geisinger Health Systems and DuPont: Security Management of Data Resources and Process Control Networks Click to go to Case 2 Real World Case 3 Banner Health – Arlington County and Others: Security Management of Windows Software Click to go to Case 3 Real World Case 4 Online Resources – Lehman Brothers and Others: Managing Network Security Systems Click to go to Case 4

  50. Next... Enterprise and Global Management of Information Technology Chapter 12

More Related