Management Information System Chapter 4 Ethics
2 reasons why organizations should implement an Internet Use Policy
1. Large amounts of computing resources that Internet users can expend. 2. Numerous materials that some might feel are offensive.
The most secure type of authentication involves:
1. Something the user knows (such as a User ID or Password, the most common, yet ineffective form) 2. Something the user has 3. Something that is part of the user (such as a Fingerprint or Voice Signature, the best and most effective way to manage authentication, can be costly and intrusive)
Nonrepudiation
A contractual stipulation to ensure that ebusiness participants do not deny (repudiate) their online actions.
Smart Card
A device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing.
Cracker
A hacker with criminal intent.
Hardware Key Logger
A hardware device that captures keystrokes on their journey from the keyboard to the motherboard.
Authentication
A method of confirming users' identities.
Key Logger or Key Trapper Software
A program that, when installed on a computer, records every keystroke and mouse click.
Cookie
A small file deposited on a hard drive by a website containing information about customers and their Web activities. Cookies allow websites to record the comings and goings of customers, usually without their knowledge or consent.
Phishing
A technique to gain personal information for the purpose of identity theft, usually by means of fraudulent email.
Worm
A type of virus that spreads itself, not only from file to file, but also from computer to computer. The primary difference between a virus and a worm is that a virus much attach to something, such as an executable file, in order to spread. Worms do not need to attach to anything to spread and can tunnel themselves into computers.
Email can be easily read by:
ANYONE
The only ethical component of MIS?
An Individual
Public Key Encryption (PKE)
An encryption system that uses two keys: a public key for everyone and a private key for the recipient.
Hoaxes
Attack computer systems by transmitting a virus hoax, with a real virus attached. By masking the attack in a seemingly legitimate message, unsuspecting users more readily distribute the message and send the attack on to their co-workers and friends, infecting many users along the way.
Distributed Denial-of-Service (DDoS)
Attacks from multiple computers that flood a website with so many requests for service that it slows down or crashes. A common type is the Ping of Death, in which thousands of computers try to access a website at the same time, overloading it and shutting it down.
6 examples of Viruses
Backdoor program, Denial-of-Service attack (DoS), Distributed denial-of-service attack (DDoS), Polymorphic virus, Trojan-horse virus, and Worm
6 examples of Hackers
Black-hat hacker, Cracker, Cyberterrorist, Hactivist, Script kiddies or script bunnies, and White-hat hacker
Black-Hat Hackers
Break into other people's computer systems and may just look around or may steal and destroy information.
Polymorphic Viruses and Worms
Change their form as they propagate.
Packet Tampering
Consists of altering the contents of packers as they travel over the Internet or altering data on computer disks after penetrating a network. For example, an attacker might place a tap on a network line to intercept packers as they leave the computer. The attacker could eavesdrop or alter the information as it leaves the network.
Web Log
Consists of one line of information for every visitor to a website and is usually stored on a web server.
Information Privacy Policy
Contains general principles regarding information privacy. The unethical use of information typically occurs "unintentionally" when it is used for new purposes.
Ethical Computer Use Policy
Contains general principles to guide computer user behavior. The ethical computer user policy ensures all users are INFORMED of the rules and, by agreeing to use the system on that basis, CONSENT to abide by the rules. Ex. Users will not send spam, Users will not send harmful viruses, Users will not use offensive language or send offensive material
Internet Use Policy
Contains general principles to guide the proper use of the Internet
Technologies available to help prevent and build resistance to attacks include:
Content filtering, Encryption, and Firewalls
Information Security Plan
Details how an organization will implement the information security policies.
Email Privacy Policy
Details the extent to which email messages may be read by others. Organizations can mitigate the risk of email and instant messaging communication tools by implementing and adhering to an email privacy policy.
8 Security threats to ebusniess include:
Elevation of privilege, Hoaxes, Malicious code, Packet tampering, Sniffer, Spoofing, Splogs, and Spyware
The process of sending an Email:
Email sent from Sender's Computer --> Sender's Email Provider's Server --> Recipient's Email Provider's Server --> Recipient's Computer
Hacker
Experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge.
Employee Monitoring Policy
Explicitly state how, when and where the company monitors its employees.
Intrusion Detection Software
Features full-time monitoring tools that search for patterns in network traffic to identify intruders.
Script Kiddies or Script Bunnies
Find hacking code on the Internet and click-and-point their way into systems to cause damage or spread viruses.
Denial-of-Service (DoS)
Floods a website with so many requests for service that it slows down or crashes the site.
Information Ethics
Govern the ethical and moral issues arising form the development and use of information technologies, as well as the creation, collection, duplication, distribution, and processing of information itself.
Firewall
Hardware and/or software that guards a private network by analyzing the information leaving and entering the network. A firewall examines each message that wants entrance to the network, and unless the message has the correct marking, the firewall prevents it from entering the network.
Hactivists
Have philosophical and political reasons for breaking into systems and will often deface the website as a protest.
Trojan-Horse Virus
Hides inside other software, usually as an attachment or a downloadable file.
Information Security Policies
Identify the rules required to maintain information security.
Fair use doctrine
In certain situations, it is legal to use copyrighted material.
Malicious Code
Includes a variety of threats such as viruses, worms, and Trojan horses.
5 tools to prevent information misuse
Information Management, Information Governance, Information Compliance, Information Secrecy, and Information Property
The first line of defense an organization should follow to help combat insider issues is to develop:
Information Security Policies and Information Security Plans
Intellectual Property
Intangible creative work that is embodied in physical form.
5 Business Issues related to information ethics
Intellectual Property, Copyright, Pirated Software, Counterfeit Software, and Digital Rights Management
Elevation of Privilege
Is a process by which a user misleads a system into granting unauthorized rights, usually for the purpose of compromising or destroying the system. For example, an attacker might log on to a network by using a guest account, and then exploit a weakness in the software that lets the attacker change the guest privileges to administrative privileges.
Sniffer
Is a program or device that can monitor data traveling over a network. Sniffers can show all the data being transmitted over a network, including passords and sensitive information. Sniffers tend to be a favorite weapon in the hacker's arsenal.
Spoofing
Is the forging of the return address on an email so that the email message appears to come from someone other than the actual sender. This is not a virus but rather a way by which virus authors conceal their identities as they send out viruses.
7 common monitoring technologies include:
Key logger or key trapper software, Hardware key logger, Cookie, Adware, Spyware, Web log, and Clickstream
Is acting ethically and legally the same thing?
No, they are not always the same thing.
Content Filtering
Occurs when organizations use software that filters content prevent the transmission of unauthorized information.
Workplace Monitoring Policy
Organizations can be held financially responsible for their employees' actions. The dilemma surrounding employee monitoring in the workplace is that an organization is placing itself at risk if it fails to monitor its employees, however, some people feel that monitoring employees is unethical.
Social Media Policy
Outlines the corporate guidelines or principles governing employee online communications. Organizations must protect their online reputations and continuously monitor blogs, message boards, social networking sites, an media sharing sites.
Spyware (Sneakware or Stealthware)
Software that comes hidden in free downloadable software and tracks online movements, mines the information stored on a computer, or uses a computer's CPU and storage for some task the user knows nothing about.
Counterfeit Software
Software that is manufactured to look like the real thing and sold as such.
Spyware
Software the comes hidden in free downloadable software and tracks online movements, mines the information stored on a computer, or uses a computer's CPU and storage for some task the user knows nothing about.
Virus
Software written with malicious intent to cause annoyance or damage.
Most common act of violating privacy on the internet?
Someone forwarding or bcc (blind carbon copy) an email without the person's knowledge or consent.
The second line of defense is:
TECHNOLOGY
Confidentiality
The assurance that messages and information are available only to those who are authorized to view them.
White-Hat Hackers
Work at the request of the system owners to find system vulnerabilities and plus the holes.
The 3 primary information technology security areas are:
People --> Authentication and Authorization Data --> Prevention and Resistance Attacks --> Detection and Response
What do the 4 quadrants stand for?
Quadrant I: Legal and Ethical (Amazon) Quadrant II: Illegal but Ethical (the government ruled that Microsoft was breaking antitrust laws and operating a monopoly, althoughMicrosoft felt it was oeprating ethically and legally) Quadrant III: Legal but Unethical (Some Lawyers) Quadrant IV: Illegal and Unethical (Drug Dealers)
Clickstream
Records information about a customer during a Web surfing session such as what websites were visited, how long the visit was, what ads were viewed, and what was purchased.
Downtime
Refers to a period of time when a system is unavailable.
Acceptable Use Policy (AUP)
Requires a user to agree to follow it to be provided access to corporate email, information systems, and the Internet. Also includes, Nonrepudiation and Internet Use Policy.
Pharming
Reroutes requests for legitimate websites to false websites.
Encryption
Scrambles information into an alternative form that requires a key or password to decrypt the information.
Cyberterrorists
Seek to cause harm to people or to destroy critical systems or information and use the Internet as a weapon of mass destruction.
Anti-Spam Policy
Simply states that email users will not send unsolicited emails (or spam).
Tokens
Small electronic devices that change user passwords automatically
Adware
Software generates ads that install themselves on a computer when a person downloads some other program from the Internet.
Identity Theft
The forging of someone's identity for the purpose of fraud.
Biometrics
The identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting.
Copyright
The legal protection afforded an expression of an idea, such as a song, video game, and some types of proprietary documents.
Ethics
The principles and standards that guide our behavior toward other people.
Authorization
The process of giving someone permission to do or have something.
Information Security
The protection of information from accidental or intentional misuse by persons inside or outside an organization.
Privacy
The right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent.
Pirated Software
The unauthorized use, duplication, distribution, or sale of copyrighted software.
Information Technology Monitoring
Tracks people's activities by such measures as number of keystrokes, error rate, and number of transactions processed.
Spam
Unsolicited email
Backdoor Programs
Viruses that open a way into the network for future attacks.