Security
Cards (36)
- Principles
- Policies and procedures must be established to avoid computer waste and mistakes
- Computer crime is a serious and rapidly growing area of concern requiring management attention
- Jobs, equipment, and working conditions must be designed to avoid negative health effects
- Computer waste
- Inappropriate use of computer technology and resources
- Computer-related mistakes: Errors, failures, and other computer problems that make computer output incorrect or not useful, caused mostly by human error
- Causes of computer waste
- Improper management of information systems and resources
- Discarding old software and computer systems when they still have value
- Building and maintaining complex systems that are never used to their fullest extent
- Using corporate time and technology for personal use
- Spam
- Common causes of computer-related mistakes
- Failure by users to follow proper procedures
- Unclear expectations and a lack of feedback
- Program development that contains errors
- Incorrect data entry by data-entry administrators
- Preventing computer-related waste and mistakes1. Establish effective policies and procedures2. Implement policies and procedures3. Monitor policies and procedures4. Review policies and procedures
- Establishing policies and procedures
- Establish policies and procedures regarding efficient acquisition, use, and disposal of systems and devices
- Identify most common types of computer-related mistakes
- Training programs for individuals and workgroups
- Manuals and documents on how computer systems are to be maintained and used
- Approval of certain systems and applications before they are implemented and used
- Implementing policies and procedures
- Implementation of source data automation
- Use of data editing to ensure data accuracy and completeness
- Assignment of clear responsibility for data accuracy within each information system
- Training is very important for acceptance and implementation of policies and procedures
- Monitoring policies and procedures1. Monitor routine practices and take corrective action if necessary2. Implement internal audits to measure actual results against established goals
- Reviewing policies and procedures1. Do current policies cover existing practices adequately?2. Were any problems or opportunities uncovered during monitoring?3. Does the organization plan any new activities in the future?4. If so, does it need new policies or procedures on who will handle them and what must be done?5. Are contingencies and disasters covered?
- Computer crime
- Often defies detection
- Amount stolen or diverted can be substantial
- Crime is "clean" and nonviolent
- Number of IT-related security incidents is increasing dramatically
- Computer crime is now global
- Identity theft
- Imposter obtains personal identification information such as Social Security or driver's license numbers in order to impersonate someone else
- To obtain credit, merchandise, and services in the name of the victim
- To have false credentials
- Cyberterrorism
- Cyberterrorist intimidates or coerces a government or organization to advance his or her political or social objectives by launching computer-based attacks against computers, networks, and information stored on them
- Homeland Security Department's Information Analysis and Infrastructure Protection Directorate serves as governmental focal point for fighting cyberterrorism
- Illegal access and use 1
- Criminal hacker (also called a cracker) gains unauthorized use or illegal access to computer systems
- Script kiddie is a cracker who lacks programming knowledge
- Insider is an employee who comprises corporate systems
- Malware: software programs that destroy or damage processing
- Virus: program file capable of attaching to disks or other files and replicating itself repeatedly
- Illegal access and use 2
- Worm: parasitic computer program that can create copies of itself on infected computer or send copies to other computers via a network
- Trojan horse: program that appears to be useful but purposefully does something user does not expect
- Logic bomb: type of Trojan horse that executes when specific conditions occur
- Variant: modified version of a virus that is produced by virus's author or another person
- Using antivirus programs1. Run and update antivirus software often2. Scan all diskettes and CDs before using them3. Install software only from a sealed package or secure, well-known website4. Follow careful downloading practices5. If you detect a virus, take immediate action
- Software and Internet software piracy
- Software is protected by copyright laws
- Copyright law violations: making additional copies, loading the software onto more than one machine
- Software piracy: act of illegally duplicating software
- Internet-based software piracy is the most rapidly expanding type of software piracy and most difficult form to combat
- Examples of Internet scams
- Get-rich-quick schemes
- "Free" holidays with huge hidden costs
- Bank fraud
- Fake telephone lotteries
- Selling worthless penny stocks
- Phishing: gaining access to personal information by redirecting user to fake site
- Crime prevention by the state
- Many "computer laws" have been passed by governments, e.g. Data Protection Act and Computer Misuse Act
- Crime prevention by organizations
- Encrypt sensitive data
- Insist on strong passwords
- Conduct audits
- Restrict physical access
- Crime prevention by individuals
- Take steps to protect privacy and prevent computer-related crimes
- PrivacyWith information systems, privacy deals with the collection and use or misuse of data
- More and more information on all of us is being collected, stored, used, and shared among organizationsWho owns this information and knowledge?
- Privacy at work
- Rights of workers who want their privacy versus interests of companies that demand to know more about their employees
- Workers can be closely monitored via computer technology: track every keystroke, determine what workers are doing, estimate breaks
- Many workers consider monitoring to be dehumanizing
- mail privacy
- Most countries have a law that permits employers to monitor e-mail sent and received by employees
- E-mail messages that have been erased from hard disks can be retrieved and used in lawsuits
- Privacy and the Internet
- Huge potential for privacy invasion on the Internet: e-mail messages, visiting Web sites, buying products
- Platform for Privacy Preferences (P3P): screening technology
- Potential dangers on social networking Web sites
- Individual efforts to protect privacy1. Find out what is stored about you in existing databases2. Be careful when you share information about yourself3. Be proactive to protect your privacy4. Safeguard credit card numbers, passwords, and personal information when purchasing from Web sites
- The work environment
- Use of computer-based information systems has changed the workforce: jobs requiring IS literacy have increased, less-skilled positions have decreased
- Despite increasing productivity and efficiency, computers and information systems can raise other concerns
- Health concerns
- Occupational stress
- Repetitive stress injury (RSI)
- Carpal tunnel syndrome (CTS)
- Emissions from improperly maintained and used equipment
- Increase in traffic accidents due to drivers using mobile phones, laptops, or other devices while driving
- ErgonomicsScience of designing machines, products, and systems to maximize safety, comfort, and efficiency of people who use them
- Steps to reduce RSI and develop a better work environment
- Taken by employers, individuals, and hardware manufacturing companies
- Ethical issues in Information Systems 1
- Laws do not provide a complete guide to ethical behaviour
- Many IS-related organizations have codes of ethics for their members, e.g. British Computer Society
- ACM's code of ethics and professional conduct
- Be fair and take action not to discriminate
- Honor property rights including copyrights and patents
- Give proper credit for intellectual property
- Respect the privacy of others
- Honor confidentiality
- PrinciplesFundamental truths or rules that serve as a foundation for behavior or thought; in the context of computer use, principles might include following established procedures to ensure proper use of equipment, adhering to policies that protect against computer crime, and prioritizing ergonomic considerations to promote positive health effects
- Policies and proceduresEstablished rules and guidelines that outline how an organization expects its members to behave; in the context of computer use, policies and procedures might include guidelines for disposing of outdated computer equipment to minimize waste, protocols for reporting and responding to computer crime, and standards for setting up workstations to promote employee health and comfort
- Computer crimeIllegal activity that involves a computer or network; examples of computer crime might include hacking or unauthorized access to a computer system, spreading malware or viruses, and using a computer to commit fraud or identity theft
- Jobs, equipment, and working conditionsFactors that can impact an employee's health and well-being while using a computer; considerations might include providing ergonomic equipment to promote good posture and reduce strain, encouraging regular breaks and stretching to prevent repetitive stress injuries, and ensuring that workspaces are well-ventilated and free from glare to reduce eye strain and fatigue