1 / 23

Chapter 3 Ethics, Privacy & Security

Chapter 3 Ethics, Privacy & Security. Describe the major ethical issues related to information technology and identify situations in which they occur . Identify the many threats to information security Understand the various defense mechanisms used to protect information systems.

irving
Download Presentation

Chapter 3 Ethics, Privacy & Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 3 Ethics, Privacy & Security Describe the major ethical issues related to information technology and identify situations in which they occur. Identify the many threats to information security Understand the various defense mechanisms used to protect information systems. Explain IT auditing and planning for disaster recovery.

  2. Case Study TJX • SWOT

  3. Ethical Issues • Fundamental tenets of ethics include responsibility, accountability, and liability • unethical is not necessarily illegal. • Should organizations monitor employees’ Web surfing and e-mail? • Should organizations sell customer information to other companies?

  4. Ethical Issues • Should organizations audit employees’ computers for unauthorized software or illegally downloaded music or video files? • Privacy issues • Accuracy issues • Property issues • Accessibility issues

  5. ProtectingPrivacy • The right of privacy is not absolute. Privacy must be balanced against the needs of society • The public’s right to know supersedes the individual’s right of privacy • International Aspects of Privacy

  6. IT’s About Business • Security Outside the Perimeter: LexisNexis

  7. Threats to Information Security • Today’s interconnected, interdependent, wirelessly networked business environment • Governmental legislation • Smaller, faster, cheaper computers and storage devices • Decreasing skills necessary to be a computer hacker • International organized crime taking over cybercrime • Downstream liability • Increased employee use of unmanaged devices • Lack of management support

  8. Threats to Information Systems • Unintentional acts • Natural disasters • Technical failures • Management failures • Deliberate acts

  9. IT’s About Business • The “Hack, Pump, and Dump” Scheme

  10. Protecting Information Resources • Risk management • Risk analysis • Risk mitigation • Risk acceptance • Risklimitation • Risktransference

  11. Protecting Information Resources • Controls • The Difficulties in Protecting Information Resources • Physical Controls • Access Controls

  12. Protecting Information Resources • Authentication • Something the User Is • Something the User Has • Something the User Does • Something the User Knows

  13. IT’s About Business • Providing Least Privilege at UPS

  14. Protecting Information Resources • Communications (network) controls • Firewalls. • Anti-malware systems.

  15. Protecting Information Resources • Whitelisting and Blacklisting • Intrusion Detection Systems • Encryption. • Virtual Private Networking • Secure Socket Layer

  16. IT’s About Business • Using Encryption to Reduce E-Mail Security Risks at Harvard Pilgrim

  17. Ethics, Privacy, and Information Security

  18. Ethics, Privacy, and Information Security • Vulnerability Management Systems • Employee Monitoring Systems • Application Controls

  19. Business Continuity Planning, Backup, and Recovery • hot site • warmsite • cold site • off-site data storage

  20. IT’s About Business • The Baltimore Ravens Plan for Business Continuity

  21. Information Systems Auditing • Types of Auditors and Audits • How Is Auditing Executed?

More Related