CHAPTER 7:

MANAGING INFORMATION
TECHNOLOGY

Part II: Security and Ethical Challenges

Learning Objectives
 Identify several ethical issues in how the use
of information technologies in business
affects: employment, individuality, working
conditions, Privacy, crime, health, etc.
 Identify several types of security
management strategies and defenses, and
explain how they can be used to ensure the
security of business applications of
information technology
 Propose several ways to lessen the harmful
effects and increase the beneficial effects of
the use of IT
Chapter 7: Security and Ethical
Challenges 2
Threats of IS
 What are the threats of IS on:
◦ Organisations
◦ Society
◦ Individuals
Impact of information systems on
Organizations and society
 Impact on organizations
◦ Information system is one of the resources’ of an
organization which poses a major resource
management challenge.
◦ affects operational efficiency, employee
productivity, and customer service & satisfaction.
◦ is a major source of information & support needed
for effective decision making .
◦ affects organizational structure because it can
reduce the layers & numbers of middle level
management.
Impact of Information systems on
society:
Advantages
 a shift on employment - employment is increasing

in information sector because the economy is heavily

dependent on the creation, management &
distribution of information.
 usage of internet services:-the number of services

available to home users is growing. Electronic mail,

education service & video games, home banking, etc.
 Change on life style - individuals can do their jobs

independent of their workplace. Information systems

have created the opportunity for high standard of
living and increasing leisure time.
Problems:
◦ A growing gap between “ information
rich” and “information poor”.
◦ A threat to privacy - the incremental
gathering of data by many organizations has
made individuals to lose control over the use of
their own data.
◦ The computer Viruses: are created by
computer gangsters to steal, distort or destroy
the data resources of business organisations
and individuals.
◦ using Internets to disseminate wrong
information and pornographic films to abuse and
spoil the minds of children and young people.
IT Security, Ethics, and
Society
 IT has both
beneficial
and detrimental
effects on society
and people
 Objective: Manage
work activities to
minimize the
detrimental effects
of IT and Optimize
the beneficial
effects
Chapter 7: Security and Ethical
Challenges 7
Business Ethics
 Ethics questions that managers confront as
part of their daily business decision making
include:
◦ Equity
◦ Rights
◦ Honesty
◦ Exercise of corporate power

Chapter 7: Security and Ethical

Challenges 8
I. Computer Crime
 Is a growing threat caused by irresponsible actions of
a small minority of computer professional and end
users who are taking advantage of the widespread
use of computers and IT in our society.
 Computer crime includes
◦ Unauthorized use, access, modification, or destruction of
hardware, software, data, or network resources
◦ The unauthorized release of information
◦ The unauthorized copying of software
◦ Denying an end user access to his/her own hardware,
software, data, or network resources
◦ Using or conspiring to use computer or network resources
illegally to obtain information or tangible property

Chapter 7: Security and Ethical

Challenges 9
Computer Crime (Cont’d)

Cyber
Hacking
Theft

Computer
Viruses

Unauthorized
Piracy
Use at work
1.1. Hacking
 Hacking: The unauthorized access and use of
networked computer systems and reading files, but
neither stealing nor damaging anything
 Cracker: is a hacker with criminal intent of gaining
unauthorized access by finding weaknesses in the
security protections employed by Web sites and
computer systems, often taking advantage of
various features of the Internet
 Hackers and crackers try to retrieve passwords,
access or steal network files, overload computer
systems, or damage data and programs.

Chapter 7: Security and Ethical

Challenges 11
1.2. Cyber Theft
 Many computer crimes involve the theft of money
that occur through the Internet
 The majority are “inside jobs” that involve
unauthorized network entry and alteration of
computer databases to cover the tracks of the
employees involved in the theft.
◦ More recent examples involve using the Internet
to access major banks’ computer systems.
 Most companies don’t reveal that they have been
targets or victims of cybercrime for fear of loss of
customer confidence.

Chapter 7: Security and Ethical Challenges 12

1.3. Unauthorized Use at Work (Service theft)
◦ time and resource theft through unauthorized use of
computer systems and networks by employees
 This may include:
◦ Doing private consulting
◦ Doing personal finances
◦ Playing video games
◦ Unauthorized use of the Internet or company networks
1.4. Software Piracy
◦ Unauthorized copying of computer programs, which is
intellectual property protected by copy right law.
◦ Such piracy results in millions of dollars of lost profits by
software publishers.

Chapter 7: Security and Ethical

Challenges 13
1.5. Computer viruses
 A virus is a program that spreads destructive
program routines to destroy the contents of
memory, hard disks, and other storage
devices.
 Commonly transmitted through
◦ The Internet and online services
◦ Email and file attachments
◦ Disks from contaminated computers

Chapter 7: Security and Ethical Challenges 14

2. Privacy Issues
information technology can have a negative effect on
every individual’s right to privacy.
 Violation of Privacy
◦ Accessing individuals’ private email conversations and
computer records
◦ Collecting and sharing information about individuals
gained from their visits to Internet websites
◦ Unauthorized Access of Personal Files
 Computer Monitoring:
◦ Tracking where a person because mobile and paging services are
more closely associated with people rather than places
◦ monitoring the productivity and behavior of employees
 Criticized as unethical because it monitors individuals, not just work
 Criticized as invasion of privacy because many employees do not
know they are being monitored
Chapter 7: Security and Ethical
Challenges 15
3. Computer Libel and
Censorship
 The opposite side of the privacy debate…
◦ Freedom of information, speech, and press
 Biggest battlegrounds - bulletin boards, email
boxes, and online files of Internet and public
networks
 Weapons used in this battle can be:
◦ Spamming - Indiscriminate sending of unsolicited email
messages to many Internet users
◦ Flaming: The practice of sending extremely critical, offensive, and often
improper email messages or newsgroup posting to other users on the
Internet or online services

Chapter 7: Security and Ethical

Challenges 16
Cyberlaw
 Cyber law only began to emerge in 1996
 Laws intended to regulate activities over the Internet
or via electronic communication devices
◦ Encompasses a wide variety of legal and political
issues
◦ Includes intellectual property, privacy, freedom of
expression, and jurisdiction
 Debate continues regarding the applicability of legal
principles to the use of internet technology

Chapter 7: Security and Ethical

Challenges 17
5. Employment Challenges of IT

Lost Job Lost

Opportunities Individuality

Working
Conditions

Health
Security Management
Issues
Employment Challenges
 IT has created new jobs and increased productivity;
While it has caused a significant reduction in some types of
job opportunities.
 Working Conditions
◦ computers have eliminated monotonous or unpleasant tasks,
thereby improving the quality of work.
◦ Computerized systems can depersonalize human transactions,
forcing people to confront and respond to impersonal
programmed logic which lessens the importance of empathy
◦ Information systems also often require strict adherence to
detailed procedures, which undrmines human ideals of
flexibility.
 However, widespread use of personal computers and
the Internet has dramatically improved the
development of people-oriented and personalized
systems.
Chapter 7: Security and Ethical
Challenges 19
Health Issues
 Heavy use of computers is linked to
◦ eyestrain,
◦ damaged arm,
◦ neck muscles, and
◦ radiation exposure.
 Ergonomics (Also called human factors
engineering) is the science that seeks Solutions
to some of these health problems
 The Goal of ergonomics is to design healthy work
environments that are Safe, comfortable, and pleasant for
people to work

Chapter 7: Security and Ethical

Challenges 20
Ergonomics (Cont’d)
 Ergonomics examines three major factors in
the workplace:
◦ The tools used by the worker; e.g. computer
screens, computer human interfaces, etc.;
◦ The work environment, e.g. lighting, work
surfaces, climate etc.; and
◦ The job content and context, e.g. characteristics
of the task, shift work, rest breaks etc.

Chapter 7: Security and Ethical Challenges 21

Security Management of IT
 Business managers and
professionals are
responsible to adhere to
the goal of security
management, which is to
ensure the accuracy,
integrity, Quality and
safety of all information
system resources
(Hardware, software,
networks, and data
resources).
Chapter 7: Security and Ethical
Challenges 22
Internetworked Security
Defenses
 Encryption: uses to protect data that is transmitted via the
Internet, intranets, or extranets.
 Installing multiple intrusion-detection systems e.g. firewalls,
and multiple routers to control incoming traffic in order to
reduce choke points.
 Centralizing, distribution and updating of antivirus software to
Build defenses against the spread of computer viruses
 Setting and enforcing security policies such as e-mail
monitoring policy to prevent the infiltration of destructive
programs like Trojan Horses.

Chapter 7: Security and Ethical Challe 23

nges
Internet and Intranet
Firewalls

Chapter 7: Security and Ethical

Challenges 24
Other Security Measures
(Cont’d)
 Security Codes. The use of passwords to control
access to information assets.
 Backup Files. Such files may be stored off-premises
and can be a key component in disaster recovery.
 Security Monitors. are programs that
◦ Monitor the use of hardware, software, and data
resources of a computer.
◦ collect statistics on any attempt of misuse.
 Biometric Security Controls: include such
detection devices as voice recognition and fingerprinting,
which must correspond to the authorized person before
admitting personnel to the system.

Chapter 7: Security and Ethical

Challenges 25
Security and control
issues
Three major areas of control
 Information System Controls
◦ Methods and devices that
ensures the accuracy, validity,
and propriety of information
system activities
 Procedural controls Include:
◦ Separation of duties
◦ Standard procedures and
documentation
◦ Authorization requirements
◦ Auditing
 Physical control Include:
◦ Physical protection
◦ Computer failure controls
◦ Telecommunications controls
◦ Insurance

Chapter 7: Security and Ethical

Challenges 26
The End