PART2

avatar
Created by
CHRYSLLER

Cards (85)

  • Manager's responsibilities
    • Developing, enforcing, and explaining corporate ethics policies
  • Historically, corporate management has paid much more attention to financial integrity and personnel policies than to the information systems area
  • Based on what you will have learned after reading this chapter, it will be clear your corporation should have an ethics policy in the information systems (IS) area covering such issues as privacy, property, accountability, system quality, and quality of life
  • Challenge for managers
    • Educating non-IS managers about the need for these policies
    • Educating your workforce
  • Corporations with developed corporate IS codes of ethics

    • FedEx
    • IBM
    • American Express
    • Merck & Co
  • Most firms have not developed these codes of ethics, leaving their employees unsure about expected correct behavior
  • There is some dispute concerning a general code of ethics versus a specific information systems code of ethics
  • Moral dimensions for an IS-specific set of ethical standards
    • Information rights and obligations
    • Property rights and obligations
    • System quality
    • Quality of life
    • Accountability and control
  • Information rights and obligations
    1. Employee e-mail and Internet privacy
    2. Workplace monitoring
    3. Treatment of corporate information
    4. Policies on customer information
  • Property rights and obligations
    1. Software licenses
    2. Ownership of firm data and facilities
    3. Ownership of software created by employees on company hardware
    4. Software copyrights
    5. Contractual relationships with third parties
  • System quality
    1. General levels of data quality and system error that can be tolerated
    2. Requirement for all systems to attempt to estimate data quality and system error probabilities
  • Quality of life
    1. Purpose of systems is to improve the quality of life for customers and for employees
    2. Achieving high levels of product quality, customer service, and employee satisfaction and human dignity
    3. Proper ergonomics, job and workflow design, and human resources development
  • Accountability and control
    1. Single individual responsible for all information systems
    2. Others responsible for individual rights, the protection of property rights, system quality, and quality of life
    3. Responsibilities for control of systems, audits, and management
    4. Potential liabilities of systems officers and the corporation
  • Information systems have made many businesses successful today. Some companies such as Google, Facebook, EBay, etc. would not exist without information technology.
  • Improper use of information technology can create problems for the organization and employees.
  • Cyber-crime
    The use of information technology to commit crimes
  • Types of cyber-crime
    • Identity theft
    • Copyright infringement
    • Click fraud
    • Advance Fee Fraud
    • Hacking
    • Computer virus
  • Identity theft
    When a cyber-criminal impersonates someone else's identity to practice malfunction
  • Phishing
    1. Creating fake websites that look like legitimate business websites or emails
    2. Using fake Wi-Fi hotspots that look like legitimate ones
  • A former state department employee used email phishing to gain access to email and social media accounts of hundreds of women and accessed explicit photos.
  • Copyright infringement
    The unauthorized use of copyrighted materials
  • Click fraud
    When a person clicks an advertising link with no intention of knowing more about the click but to make more money
  • Advance Fee Fraud
    When a criminal pretends to be a close relative of a very rich well-known person who died and asks for financial assistance, promising to reward later
  • Hacking
    Used to by-pass security controls to gain unauthorized access to a system
  • Computer virus
    Unauthorized programs that can annoy users, steal sensitive data or be used to control equipment that is controlled by computers
  • MIS security
    Measures put in place to protect information system resources from unauthorized access or being compromised
  • Security vulnerabilities
    Weaknesses in a computer system, software, or hardware that can be exploited by the attacker to gain unauthorized access or compromise a system
  • Social engineering
    The goal is to gain the trust of the users of the system
  • Measures to eliminate or minimize the damage from computer viruses
    1. Using Anti-Virus software
    2. Following laid down security best practices
  • Measures to prevent unauthorized access
    1. Using a combination of username and password
    2. Adding the use of mobile devices such as phones to provide an extra layer of security
    3. Asking questions to users during signup such as what town they grew up in, the name of their first pet, etc.
  • Measures to prevent data loss
    1. Keeping backups of the data at remote places
    2. Making backups periodically and putting them in more than one remote area
  • Biometric Identification

    Using fingerprint or other biometric data for authentication purposes
  • Ethics
    Rules of right and wrong that people use to make choices to guide their behaviors
  • Ethics in MIS seek to protect and safeguard individuals and society by using information systems responsibly.
  • ICT policy

    A set of guidelines that defines how an organization should use information technology and information systems responsibly
  • Guidelines included in an ICT policy
    • Purchase and usage of hardware equipment and how to safely dispose them
    • Use of licensed software only and ensuring that all software is up to date with latest patches for security reasons
    • Rules on how to create passwords (complexity enforcement), changing passwords, etc.
    • Acceptable use of information technology and information systems
    • Training of all users involved in using ICT and MIS
  • Information system security
    The way the system is defended against unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction
  • Major aspects of information system security
    • Security of the information technology used
    • Security of data
  • Guaranteeing effective information security
    • Preventing the unauthorized individuals or systems from accessing the information
    • Maintaining and assuring the accuracy and consistency of data over its entire life-cycle
    • Ensuring that the computing systems, the security controls used to protect it and the communication channels used to access it, functioning correctly all the time, thus making information available in all situations
    • Ensuring that the data, transactions, communications or documents are genuine
    • Ensuring the integrity of a transaction by validating that both parties involved are genuine, by incorporating authentication features such as "digital signatures"
    • Ensuring that once a transaction takes place, none of the parties can deny it, either having received a transaction, or having sent a transaction. This is called 'non-repudiation'
    • Safeguarding data and communications stored and shared in network systems
  • Information systems bring about immense social changes, threatening the existing distributions of power, money, rights, and obligations. It also raises new kinds of crimes, like cyber-crimes