INSC CHAPTER 4.1: INFORMATION ETHICS

WHAT DO USERS AGREE TO IN A TYPICAL ACCEPTABLE USE POLICY?

-not using the service as part of violating any law -not attempting to break the security of any computer network or user -not posting commercial messages to groups without prior permission -not performing an nonrepudiation

ANTI-SPAM POLICY

-simply states that email users will not send unsolicited emails (or spam) -it is difficult to write anti-spam policies, laws, or software because there is no such thing as a universal litmus test for spam -end users have to decide what spam is, because it can vary widely not just from one company to the next, but from one person to the next

PHYSICAL SECURITY

-tangible protection such as alarms, guards, fireproof doors, fences, and vaults -new technologies enable employers to monitor many aspects of their employees' jobs, especially on telephones, computer terminals, through electronic and voice mail, and when employees are using the Internet

EDISCOVERY

-the ability of a company to identify, search, gather, seize, or export digital information in responding to a litigation, audit, investigation, or information inquiry -as the importance of ediscovery grows, so does information governance and information compliance

ACTING ETHICALLY AND LEGALLY ARE NOT ALWAYS THE SAME THING

-the goal for most businesses is to make decisions within quadrant I that are both ethical and legal -there are times when a business will find itself in the position of making a decision in quadrant III, such as hiring child labor in foreign countries, or in quadrant II when a business might pay a foreigner who is getting her immigration status approved because the company is in the process of hiring the person -a business should never find itself operating in quadrant IV -ethics are critical to operating a successful business today

ETHICS

-the principles and standards that guide our behavior towards other people -technology poses new challenges for our ethics

PRIVACY

-the right to be left alone when you want to be, to have control over your personal possessions, and not to be observed without your consent -privacy is related to confidentiality

DEVELOPING INFORMATION MANAGEMENT POLICIES

-treating sensitive corporate information as a valuable resource is good management -building a corporate culture based on ethical principles that employees can understand and implement is responsible management -organizations should develop written policies establishing employee guidelines, employee procedures, and organizational rules for information -these policies set employee expectations about the organization's practices and standards and protect the organization from misuse of computer systems and IT resources -if an organization's employees use computers at work, the organization should, at a minimum, implement epolicies

FOUR BASIC OPTIONS THAT BYOD OFFERS

-unlimited access for personal devices -access only to nonsensitive systems and data -access, but with IT control over personal devices, apps, and stored data -access, but preventing local storage of data on personal devices

UNINTENTIONAL INFORMATION REUSE

INNOVANT has been asked whether it can guarantee that unethical use of credit card information will never occur. In a large majority of cases, the unethical use of information happens not through the malicious scheming of a rogue marketer but, rather, unintentionally. For instance, information is collected and stored for some purpose, such as record keeping or billing. Then, a sales or marketing professional figures out another way to use it internally, share it with partners, or sell it to a trusted third party. The information is "unintentionally" used for new purposes. EXAMPLE: classic example of this type of unintentional information reuse is the Social Security number, which started simply as a way to identify government retirement benefits and then was used as a sort of universal personal ID, found on everything from drivers' licenses to savings accounts

EXAMPLE OF INFORMATION PRIVACY POLICY

Visa created Innovant to handle all its information systems, including its coveted customer information, which details how people are spending their money, in which stores, on which days, and even at what time of day

COMPETITIVE CLICK-FRAUD

a computer crime in which a competitor or disgruntled employee increases a company's search advertising costs by repeatedly clicking the advertiser's link

HARDWARE KEY LOGGER

a hardware device that captures keystrokes on their journey from the keyboard to the motherboard

INFORMATION GOVERNANCE

a method or system of government for information management or control

SOCIAL MEDIA MANAGER

a person within the organization who is trusted to monitor, contribute, filter, and guide the social media presence of the company, individual, product, or brand

TYPOSQUATTING

a problem that occurs when someone registers purposely misspelled variations of well-known domain name --> these variants sometimes lure consumers who make typographical errors when entering a URL

KEY LOGGER/KEY TRAPPER SOFTWARE

a program that records every keystroke and mouse click

DIGITAL RIGHTS MANAGEMENT

a technological solution that allows publishers to control their digital media to discourage, limit, or prevent illegal copying and distribution

OPT IN

a user can opt in to receive emails by choosing to allow permission to incoming emails

OPT OUT

a user can opt out of receiving emails by choosing to deny permission to incoming emails

THREAT

an act or object that poses a danger to assets

TEERGRUBBING

an anti-spamming approach by which the receiving computer launches a return attack against the spammer, sending email messages back to the computer that originated the suspected spam

BRING YOUR OWN DEVICE (BYOD)

an ethical computer use policy that allows employees to use their personal mobile devices and computers to access enterprise data and applications

INFORMATION PROPERTY

an ethical issue that focuses on who owns information about individuals and how information can be sold and exchanged

PATENT

an exclusive right to make, use, and sell an invention and is granted by a government to the inventory

WEB LOG

consists of one line of information for every visitor to a website and is usually stored on a web server

INFORMATION PRIVACY POLICY

contains general principles regarding information privacy --> an organization that wants to protect its information should develop this policy

INFORMATION MANAGEMENT

examines the organizational resource of information and regulates its definitions, uses, value, and distribution, ensuring that it has the types of data/information required to function and grow effectively

FAIR INFORMATION PRACTICES

general term for a set of standards governing the collection and use of personal data and addressing issues of privacy and accuracy

INFORMATION ETHICS

govern the ethical moral issues arising from the development and use of information technologies as well as the creation, collection, duplication, distribution, and processing of information itself (with or without the aid of computer technologies)

INTERNET CENSORSHIP

government attempts to control internet traffic, thus preventing some material from being viewed by a country's citizens

CYBERBULLYING

includes threats, negative remarks, or defamatory comments transmitted through the internet or posted on the website

DOES INFORMATION HAVE ETHICS?

information itself does not have ethics, it falls to those who own the information to develop ethical guidelines about how to manage it

INTELLECTUAL PROPERTY

intangible creative work that is embodied in physical form and includes copyrights, trademarks, and patents

CHILD ONLINE PROTECTION ACT (COPA)

passed to protect minors from accessing inappropriate material on the internet

EPOLICIES

policies and procedures that address information management along with the ethical use of computers and the internet in the business environment

CLICKSTREAM

records information about a customer during a web surfing session such as what websites were visited, how long the visit was, what ads were viewed, and what was purchased

ACCEPTABLE USE POLICY (AUP)

requires a user to agree to follow it to be provided access to corporate email, information systems, and the internet

MAIL BOMB

sends a massive amount of email to a specific person or system that can cause that user's server to stop functioning

SPYWARE (SNEAKWARE OR STEALTHWARE)

software that comes hidden in free downloadable software and tracks online movements, mines the information stores on a computer, or uses a computer's CPU and storage for some task the user knows nothing about

ADWARE

software that generates ads that install themselves on a computer when a person downloads some other program from the internet

COUNTERFEIT SOFTWARE

software that is manufactured to look like the real thing an sold as such

CLICK-FRAUD

the abuse of pay-per-click, pay-per-call, or pay-per-conversion revenue models by repeatedly clicking a link to increase charges or costs for the advertiser

INFORMATION COMPLIANCE

the act of conforming, acquiescing, or yielding information

CONFIDENTIALITY

the assurance that messages and information remain available only to those authorized to view them

EMPLOYEE MONITORING POLICY

the best path for an organization planning to engage in employee monitoring is open communication, including this policy states explicitly how, when, and where the company monitors its employees

INFORMATION SECRECY

the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity

CYBERVANDALISM

the electronic defacing of an existing website

COPYRIGHT

the legal protection afforded an expression of an idea, such as a song, book, or video game

SOCIAL MEDIA MONITORING

the process of monitoring and responding to what is being said about a company, individual, product, or brand

WEBSITE NAME STEALING

the theft of a website's name that occurs when someone, posing as a site's administrator, changes the ownership of the domain name assigned to the website to another website owner

PIRATED SOFTWARE

the unauthorized use, duplication, distribution, or sale of copyrighted software

WORKPLACE MIS MONITORING

tracks people's activities by such measures as number of keystrokes, error rate, and number of transactions processed

SPAM

unsolicited email, it plagues employees at all levels within an organization, from receptionist to CEO, and clogs email systems and siphons MIS resources away from legitimate business projects

NONREPUDIATION

-a contractual stipulation to ensure that ebusiness participants do not deny (repudiate) their online actions -a nonrepudiation clause is typically contained in an acceptable use policy

COOKIE

-a small file deposited on a hard drive by a website containing information about customers and their web activities -allows website to record the coming and goings of customers, usually without their knowledge or consent

SOCIAL MEDIA POLICY

-allows companies to protect themselves by implementing this policy that outlines the corporate guidelines or principles governing employee online communications -having a single social media policy might not be enough to ensure that the company's online reputation is protected

SEVERAL COMMON STIPULATIONS AN ORGANIZATION CAN FOLLOW WHEN CREATING AN EMPLOYEE MONITORING POLICY INCLUDE WHAT?

-be as specific as possible stating when and what (email, IM, Internet, network activity, etc.) will be monitored -expressly communicate that the company reserves the right to monitor all employees -state the consequences of violating the policy -always enforce the policy the same for everyone

ETHICAL COMPUTER USE POLICY

-contains general principles to guide computer user behavior -organizations can vary in how they expect employees to use computers, but in any approach to controlling such use, the overriding principle should be informed consent --> the users should be informed of the rules and, by agreeing to use the system on that basis, consent to abide by them -managers should make a conscientious effort to ensure all users are aware of the policy through formal training and other means --> if an organization were to have only one epolicy, it should be an ethical computer use policy because that is the starting point and the umbrella for any other policies the organization might establish

INTERNET USE POLICY

-contains general principles to guide the proper use of the internet -because of the large amounts of computing resources that internet users can expend, it is essential for such use to be legitimate -the internet contains numerous materials that some believe are offensive, making regulation in the workplace a requirement

EXAMPLES OF UNACCEPTABLE INTERNET USE

-cybervandalism -typosquatting -website name stealing

WHAT DOES A TYPICAL EMAIL PRIVACY POLICY CONTAIN?

-defines legitimate email users and explains what happens to accounts after a person leaves the organization -explains backup procedure so users will know that at some point, even if a message is deleted from their computer, it is still stored by the company -describes the legitimate grounds for reading email and the process required before such action is performed -discourages sending junk email or spam to anyone who does not want to receive it -prohibits attempting to mail bomb a site -informs users that the organization has no control over email once it has been transmitted outside the organization

WHAT DOES AN INTERNET USER POLICY GENERALLY DO?

-describes the Internet services available to users -defines the organization's position on the purpose of Internet access and what restrictions, if any, are placed on that access -describes user responsibility for citing sources, properly handling offensive material, and protecting the organization's good name -states the ramifications if the policy is violated

EMAIL PRIVACY POLICY

-details the extent to which email messages may be read by others -email is so pervasive in organizations that it requires its own specific policy -most working professionals use email as their preferred means of corporate communications

WHAT IS INCLUDED IN SOCIAL MEDIA POLICIES THAT A COMPANY MIGHT CHOOSE TO IMPLEMENT?

-employee online communication policy detailing brand communication -employee blog and personal blog policies -employee social network and personal social network policies -employee Twitter, corporate Twitter, and personal Twitter policies -employee LinkedIn policy -employee Facebook usage and brand -corporate YouTube policy

OVERVIEW OF EPOLICIES

-ethical computer use policy -email privacy policy -information privacy policy -social media policy -acceptable use policy -workplace monitoring policy

ETHICALLY QUESTIONABLE OR UNACCEPTABLE INFORMATION TECHNOLOGY USE

-individuals copy, use, and distribute software -employees search organizational database for sensitive corporate and personal information -organizations collect, buy, and use information without checking the validity or accuracy of the information -individuals create and spread viruses that cause trouble for those using and maintaining IT systems -individuals hack into computer systems to steal proprietary information -employees destroy or steal proprietary organization information such as schematics, sketches, customer lists, and reports

ETHICAL GUIDELINES FOR INFORMATION MANAGEMENT

-information secrecy -information governance -information management -information compliance -information property

EXAMPLE OF ETHICAL COMPUTER USE POLICY

-it might explicitly state that users should refrain from playing computer games during work hours --> this policy ensures that users know how to behave at work and the organization has a published standard to deal with infractions -after appropriate warnings, the company may terminate an employee who spends amounts of time playing computer games at work

INTERNET MONITORING TECHNOLOGIES

-key logger/key trapper software -hardware key logger -cookie -adware -spyware (sneakware or stealthware) -web log -clickstream