1 / 16

CHAPTER 3

CHAPTER 3. Ethics, Privacy and Information Security. LEARNING OBJECTIVES. Describe the major ethical issues related to information technology and identify situations in which they occur. Describe the many threats to information security.

tam
Download Presentation

CHAPTER 3

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CHAPTER 3 Ethics, Privacy and Information Security

  2. LEARNING OBJECTIVES • Describe the major ethical issues related to information technology and identify situations in which they occur. • Describe the many threats to information security. • Understand the various defense mechanisms used to protect information systems. • Explain IT auditing and planning for disaster recovery.

  3. Ethical Issues • – branch of philosophy that deals with what is considered to be right and wrong. • – a collection of principles that are intended to guide decision making by members of an organization. • Ethics • Code of Ethics

  4. Fundamental Tenets of Ethics • – accepting any consequences of decisions and/or actions. • – determining who is responsible. • – means that individuals have the right to recover the damages done to them by other individuals, organizations, or systems. • Responsibility • Accountability • Liability

  5. The Four Categories of Ethical Issues • Privacy Issues • Accuracy Issues • Property Issues • Accessibility Issues

  6. Threats to Privacy • Data aggregators, digital dossiers, and profiling • Electronic Surveillance • Personal Information in Databases • Information on Internet Bulletin Boards, Newsgroups, and Social Networking Sites

  7. Protecting Privacy • Privacy Codes and Policies • Opt-out Model • Opt-in Model • – organization’s guidelines with respect to protecting the privacy of customers, clients, and employees. • – collect personal information until the customer specifically requests that the data not be collected. • – prohibited from collecting any personal information unless the customer specifically authorizes it.

  8. Factors Increasing the Threats to Information Security • Today’s interconnected, interdependent, wirelessly-networked business environment • Government legislation • Smaller, faster, cheaper computers and storage devices • Decreasing skills necessary to be a computer hacker

  9. Factors Increasing the Threats to Information Security (continued) • International organized crime turning to cybercrime • Downstream liability • Increased employee use of unmanaged devices • Lack of management support

  10. Key Information Security Terms • Threat • Exposure • Vulnerability • Risk

  11. Categories of Threats to Information Systems • Unintentional acts • Natural disasters • Technical failures • Management failures • Deliberate acts

  12. Risk Management • Risk • Risk management • Risk analysis • Risk mitigation

  13. Risk Mitigation Strategies • Risk acceptance • Risk limitation • Risk transference

  14. Access Controls • Authentication • Something the user is • Something the user has • Something the user does • Something the user knows

  15. Network Controls • Firewalls • Antivirus software • Whitelisting and Blacklisting software • Encryption • Digital Certificates • VPN • Employee Monitoring Systems

  16. What organizations can do... • Business Continuity Planning • Backup • Recovery • Information Security Auditing

More Related