Chapter 4 MIS 180

social engineering

: hackers use their social skills to trick people into revealing access credentials or other valuable information

spoofing

: is the forging of the return address on an email so that the message appears to come from someone other than the actual sender. This is not a virus, but rather a way by which virus authors conceal their identities as they send our viruses

packet tampering

consists of altering the contents of packets as they travel over the internet or altering data on computer disks after penetrating a network for example, an attacker might place a tap on a network line to intercept packets as they leave the computer. The attacker could eavesdrop or alter the information as it leaves the network

web log

consists of one line of information for every visitor to a website and is usually stored on a web server

Denial-of-service-attack (DoS)

floods a website with so many requests for service that it slows down or crashes the site

Distributed denial-of-service attack (DDoS)

from multiple computers floods a website with so many requests for requests for service that it slows down or crashes. A common type is the Ping of Death, in which thousands of computers to access a website at the same time, overloading it and shutting it down

information ethics

govern the ethical and moral issues arising from the development and use of information technologies, as well as the creation, collection, duplication, distribution, and processing of information itself (with or without the aid of computer technologies) Ethical dilemmas in this area usually arise not as simple, clear-cut situations but as clashes among competing goals, responsibilities and loyalties Inevitably there will be more than one socially acceptable or "correct" decision

internet censorship

government attempts to control Internet traffic, thus preventing some material from being viewed by a country's citizens

crackers

have criminal intent when hacking

hacktivists

have philosophical and political reasons for breaking into systems and will often deface the website as a protest

trojan-horse-virus

hides inside other software, usually as an attachment or a downloadable file

anti-spam policy

simply states that email users will not send unsolicited emails (or spam) It is difficult to write anti spam policies laws or software because there is no such thing as a universal litmus test for spam One person's spam is another person's newsletter End users have to decide what spam is because it can vary widely not just from one company to the next but from one person to the next

adware

software that generates ads that install themselves on a computer when a person downloads some other program from the Internet

malware

software that is intended to damage or disable computers and computer systems

counterfeit software

software that is manufactured to look like the real thing and sold as such

virus

software written with malicious intent to cause annoyance or damage One of the most common forms of computer vulnerabilities is a virus Some hackers create and leave viruses causing massive computer damage

worm

spreads itself not only from file to file but also from computer to computer The primary difference between a virus and a worm is that a virus must attach to something, such as en executable file, to spread Worms do not need to attach to anything to spread and can tunnel themselves into computers

click fraud

the practice of artificially inflating traffic statistics for online advertisements The abuse of pay per click, pay per call, and pay per conversation revenue models by repeatedly clicking on a link to increase charges or costs for the advertiser

white hat hackers

work at the request of the system owners to find system vulnerabilities and plug the holes

child online protection act (COPA)

a law that protects minors from accessing inappropriate material on the internet

script kiddies or script bunnies

find hacking code on the Internet and click-and-point their way into systems to cause damage or spread viruses

backdoor programs

open a way into the network for future attacks

most common types of viruses

backdoor programs denial of service attack (DoS) distributed denial of service attack (DDoS) polymorphic viruses and worms trojan-horse-virus

there areas where technology can aid in defense against attacks

1) people: authentication and authorization 2) data: prevention and resistance technologies stop intruders from accessing and reading data by means of content filtering, encryption, and firewalls 3) attacks: detection and response

how computer viruses spread

A hacker creates a virus and attaches it to a program, document, or website Thinking the file is legitimate, a user downloads it and the virus infects other files and programs on the computer. Quickly the virus spreads in email attachments and shared files to co-workers and friends

intellectual capital must be protected

An example of intellectual capital is that organizations today are able to mine valuable information such as the identity of the top 20 percent of their customers, who usually produce 80 percent of revenues Organizations address security risks through two lines of defense: the first is people, the second is technology Surprisingly, the biggest problem is people as the majority of information security breaches result from people misusing organizational information

Common Internet Monitoring Technologies

Key Logger or Key Trapper Software Hardware key logger cookie adware spyware (sneakware or stealthware) web log clickstream

social media manager

a person within the organization who is trusted to monitor, contribute, filter, and guide the social media presence of a company, individual, product, or brand

Overview of Epolicies: the epolicies a firm should implement to set employee expectations

Ethical Computer Use Policy Information Privacy Policy Acceptable Use Policy (AUP) Email privacy policy Social media policy Employee Monitoring Policy

hacker weapons

Escalation of Privilege Hoaxes Malicious code packet tampering sniffer spoofing splogs spyware

Ethical Guidelines for Information Management:

Information Secrecy: the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity Information Governance: a method or system of government for information management or control Information Management: examines the organizational resource of information and regulates its definitions, uses, value, and distribution, ensuring that it has the types of data/information required to function and grow effectively Information Compliance: the act of conforming, acquiescing, or yielding information Information Property: an ethical issue that focuses on who owns information about individuals and how information can be sold and exchanged

INFORMATION DOES NOT HAVE ETHICS: PEOPLE DO

Information itself has no ethics, it does not care how it is used it will not stop itself from spamming customers, sharing itself if it is sensitive or personal, or revealing details to third parties - information cannot delete or preserve itself Therefore, it falls to those who own the information to develop ethical guidelines about how to manage it

the cost of downtime

The Cost of Downtime: the costs of downtime are not only associated with lost revenues, but also with financial performance, damage to reputations, and even travel or legal expenses Financial performance: revenue recognition, cash flow, payment guarantees, credit rating, stock price Revenue: direct loss, compensatory payments, lost future revenue, billing losses, investment losses, lost productivity Damaged reputation: customers, suppliers, financial markets, banks, business partners Other expenses: temporary employees, equipment rentals, overtime costs, extra shipping charges, travel expenses, legal obligations

The Four Quadrants where ethical and legal behaviors intersect:

Quadrant 1: Legal and Ethical The goal for most businesses is to make decisions within quadrant 1 Quadrant 2: Illegal but Ethical A business may find itself here where a business may pay a foreigner who is in the process of getting her immigration status approved because the company is in the process of hiring the person Quadrant 3: Unethical but Legal There are times where a business may find itself in the position of making a decision in quadrant 3 such as hiring child labor in foreign countries Quadrant 4: Illegal and Unethical A business should never find itself operating here

black hat hackers

break into other people's computer systems and may just look around or may steal and destroy information

ethical computer use policy

Regardless of what business a company operates, even one that many view as unethical, the company must protect itself from unethical employee behavior (ex: absolute poker employee hacked to see his opponents' hole cards and get money)One essential step in creating an ethical corporate culture is establishing an ethical computer use policy: ethical computer use policy: contains general principles to guide computer user behavior For example, it might explicitly state that users should refrain from playing computer games during working hours This policy ensures that users know how to behave at work and the organization has a published standard to deal with infractions: for example, after appropriate warnings, the company may terminate an employee who spends significant amounts of time playing computer games at work Organizations can legitimately vary in how they expect employees to use computers, but in any approach to controlling such use, the overriding principle should be informed consent: the users should be informed of the rules and, by agreeing to use the system on that basis, consent to abide by them Managers should make a conscientious effort to ensure all users are aware of the policy through formal training and other means If an organization were to only have one epolicy, it should be an ethical computer use policy because that is the starting point and the umbrella for other policies the organization might establish Part of an ethical computer use policy can include a Bring your own device (BYOD) policy: allows employees to use their personal mobile devices and computers to access enterprise data and applications

polymorphic viruses and worms

change their form as they propagate

employee monitoring policy

The best path for an organization planning to engage in employee monitoring is open communication including an Employee monitoring policy: states explicitly how, when, and where the company monitors its employees Several common stipulations an organization can follow when creating an employee monitoring policy include: Be as specific as possible stating when and what (email, IM, Internet, Network activity, etc.) wll be monitored Expressly communicate that the company reserves the right to monitor all employees State the consequences of violating the policy Always enforce the policy the same for everyone Many employees use their company's high speed internet access to shop, browse, and surf the web Most managers do not want their employees conducting personal business during working hours and they implement a Big Brother approach to employee monitoring Many management gurus advocate that organizations whose corporate cultures are based on trust are more successful than those who corporate cultures are based on mistrust Before an organization implements monitoring technology, it should ask itself "what does this say how we feel about our employees?" If the organization really does not trust its employees then perhaps it should find new ones If an organization does trust its employees then it might want to treat them accordingly An organization that follows is employees' every keystroke might be unwittingly undermining the relationships with its employees, and it might find the effects of employee monitoring are often worse than lost productivity from employee web surfing

acceptable use policy (AUP)

a policy that a user must agree to follow to be provided access to corporate email, information systems, and the Internet Many businesses and educational facilities require employees or students to sign an acceptable use policy before gaining network access When signing up with an email provider, each customer is typically presented with an AUP, which states the user agrees to adhere to certain stipulations Users agree to the following in a typical acceptable use policy Not using the service as part of violating any law Not attempting to break the security of any computer network or user Not posting commercial messages to groups without prior permission Not performing any nonrepudiation

typosquatting

a problem that occurs when someone registers purposely misspelled variations of well-known domain names These variants sometimes lure customers who make typographical errors when entering a URL

key logger or key trapper software

a program that records every key stroke and mouse click

cookie

a small file deposited on a hard drive by a website containing information about customers and their web activities. Cookies allow websites to record the comings and goings of customers, usually without their knowledge or consent

spyware

a special class of adware that collects data about the user and transmits it over the Internet without the user's knowledge or permission Spyware programs collect specific data about the user ranging from general demographics such as name, address, and browsing habits to credit card numbers, social security numbers, and usernames and passwords Spyware is a clear threat to privacy a software that comes hidden in free downloadable software and tracks online movements, mines the information stored on a computer, or uses a computer's CPU and storage for some task the user knows nothing about

phishing

a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate sources/businesses The messages appear to be genuine with official looking formats and logos, and typically ask for verification of important information such as passwords and account numbers, ostensibly for accounting or auditing purposes Since the emails look authentic, up to one in five recipients responds with the information and becomes a victim of identity theft and other fraud You should never click on emails sking you to verify your identity as companies will never contact you directly asking for your username or password

ransomware

a form of malicious software that infects your computer and asks for money. Simplelocker is a new ransomware program that encrypts your personal files and demands payment for the files' decryption keys. Ransomware is malware for data kidnapping, an exploit in which the attacker encrypts the victim's data and demands payment for the decryption key Ransomware spreads through email attachments, infected programs and compromised websites A ransomware malware program may also be called a cryptovirus, crypto trojan, or cryptoworm Attackers may use one of several different approaches to extort money from their victims After a victim discovers he cannot open a file, he recieves an email ransom note demanding a relatively small amount of money in exchange for a private key. The attacker warns that if a ransom is not paid by a certain date, the private key will be destroyed and the data will be lost forever The victim is duped into believing he or she is the subject of a police inquiry. After being informed that unlicensed software or illegal web content has been found on his computer, the victim is given instructions for how to pay an electronic fine The malware surreptitiously encrypts the victim's data but does nothing else. In this approach, the data kidnapper anticipates that the victim will look on the Internet for how to fix the problem and makes money by selling anti-ransomware software on legitimate websites To protect against data kidnapping, experts urge that users backup data on a regular basis If an attack occurs, do not pay a ransom. Instead, wipe the disk drive clean and restore data from the backup

information security

a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization Information security is the primary tool an organization can use to combat the threats associated with downtime Understanding how to secure information systems is critical to keeping downtime to a minimum and uptime to a maximum ("time is money" should say "uptime is money" to accurately reflect the crucial interdependence between MIS and business processes) Hackers and viruses are two of the hottest issues facing information security

drive-by hacking

a computer attack where an attacker accesses a wireless computer network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network

competitive click-fraud

a computer crime where a competitor or disgruntled employee increases a company's search advertising costs by repeatedly clicking on the advertiser's link

nonrepudiation

a contractual stipulation to ensure that ebusiness participants do not deny (repudiate) their online actions A nonrepudiation clause is typically contained in an acceptable use policy

bug bounty program

a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs Also called vulnerability rewards programs as they provide financial compensation as a reward for identifying software vulnerabilities that have the potential to be exploited Typically, payment amounts are commensurate with the size of the organization, the difficulty in hacking the system, and the potential impact of the bug Examples: Mozilla pays a $3,000 flat rate bounty for bugs Facebook has paid as much as $20,000 for a simple bug report Google pays Chrome operating system bug reporters on average $700,000 per year Microsoft paid United Kingdom researcher James Forshaw $100,000 for an attack vulnerability in Windows 8.1 Apple pays $200,000 for a flaw in the iOS secure boot firmware components While the use of white-hat ethical hackers to find bugs is effective, such programs can also be controversial To limit potential risk, some organizations are offering closed bug bounty programs that require an invitation Apple, for example, has limited bug bounty participation to a few dozen researchers

pretexting

a form of social engineering in which one individual lies to obtain confidential information about another individual

fair information practices

a general term for a set of standards governing the collection and use of personal data and addressing issues of privacy and accuracy Different organizations and countries have their own terms for these concerns UK: "Data Protection" European Union "Personal Data Privacy" The Organization for Economic Co-operation and Development (OECD) has written Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, which can b found on their website

hardware key logger

a hardware device that captures keystrokes on their journey from the keyboard to the motherboard

digital rights management

a technological solution that allows publishers to control their digital media to discourage, limit, or prevent illegal copying and distribution Ethically Questionable or Unacceptable Information Technology Use: few hard and fast rules exist for always determining what is ethical - many people can either justify or condemn these actions (knowing the law is important but that knowledge will not always help because what is legal might not be ethical and what might be ethical is not always legal) At and T Equifax example that it is legal but it might not be ethical Individuals copy, use, and distribute software employees search organization databases for sensitive corporate and personal info Organizations collect, buy, and use information without checking the validity or accuracy of the information Individuals create and spread viruses that can cause trouble for those using and maintaining IT systems Individuals hack into computer systems to steal proprietary information Employees destroy or steal proprietary organization information such as schematics, sketches, customer lists, and reports

scareware

a type of malware designed to trick victims into giving up personal information to purchase or download useless and potentially dangerous software Scareware often takes advantage of vulnerabilities in a computer's browser to generate pop ups that resemble system error messages The warnings, which are designed to look authentic, typically alert the user that a large number of infected files have been found on the computing device The user is then prompted to a call a phone number or click on a hyperlink to get the infection cleaned up If the user calls the phone number, they ar e urged the share credit card info in order to make a purchase for bogus software or are sent to a website to download a "clean up" software application that actually contains malware and infects the computer If the user falls for the wscam, he will not only lose the money he paid for for the useless software, he may also make his computer unusable

opt in

a user can opt in to receive emails by choosing to allow permissions to incoming emails

bring your own device (BYOD) policy

allows employees to use their personal mobile devices and computers to access enterprise data and applications (part of an ethical computer use policy) BYOD policies offer four basic options including: Unlimited access for personal devices Access only to non sensitive systems and data access, but with IT control over personal devices, apps, and stored data Access, but preventing local storage of data on personal devices

threat

an act or object that poses a danger to assets

patent

an exclusive right to make, use, and sell an invention granted by a government to the inventor

teergrubing

anti-spamming approach where the receiving computer launches a return attack against the spammer, sending email messages back to the computer that originated the suspected span

splogs (spam blogs)

are fake blogs created solely to raise the search engine rank of affiliated websites. Even blogs that are legitimate are plagued by spam, with spammers taking advantage of the comment feature of most blogs to comment with links to spam sites

hoaxes

attack computer systems by transmitting a virus hoax, with a real virus attached. By masking the attack in a seemingly legitimate message, unsuspecting users more readily distribute the message and send the attack on to their coworkers and friends, infecting many users along the way

information privacy policy

contains general principles regarding information privacy Visa created Inovant to handle all its information systems, including its coveted customer information, which details how people are spending their money, in which stores, on what days, and even at what time of day Just imagine what a sales and marketing department could do if it gained access to this info: for this reason, Inovant bans the use of Visa's customer information for anything outside of its intended purpose: billing Innovant's privacy specialists developed a strict credit card information privacy policy, which it follows Now, Inovant is being asked if it can guarantee that unethical use of credit card info will never occur In a large majority of cases, the unethical use of information happens not through the malicious scheming of a rogue marketer, but rather unintentionally For instance, info is collected and stored for some purpose, such as record keeping or billing. Then, a sale or marketing professional figures out another way to use it internally, share it with partners, or sell it to a trusted third party The info is "unintentionally" used for new purposes The classic example of this type of unintentional information reuse is the Social Security number, which started simply as a way to identify government retirement benefits and then was used as a sort of universal personal ID, found on everything from drivers' licenses to savings accounts

internet use policy

contains general principles to guide the proper use of the Internet Some organizations go as far as to create a unique information management policy focusing solely on Internet use Because of the larger amounts of computing resources that Internet users can expend, it is essential that such use is legitimate In addition, the Internet contains numerous materials that some believe are offensive, making regulating in the workplace a requirement Generally, an Internet use policy: Describes the Internet services available to users Defines the organization's position on the purpose of Internet access and what restrictions, if any, are placed on that access Describes user responsibility for citing sources, properly handling offensive material, and protecting the organization's good name Stats the ramifications if the policy is violated

opt out

customer specifically chooses to deny permission of receiving emails/deny permission to incoming emails

information security plan

details how an organization will implement the information security policies The best way a company can safeguard itself from people is by implementing and communicating its information security plan This becomes ever more important with Web 2.0 and s the use of mobile devices, remote workforce, and contractors is growing

email privacy policy

details the extent to which email messages may be read by others Email is so pervasive in organizations that it requires its own specific policy: most woking professionals use email as their prefered means of corporate communications While email and instant messaging are common business communication tools, there are risks associated with using them For instance, a sent email is stored on at least three or four computers: simply deleting an email from one computer does not delete it from the others The sender's computer Sender's Email Provider's Server Recipient's Email Provider's Server Recipient's computer One major problem with email is the user's expectations of privacy To a large extent, this expectation is based on the false assumption that email privacy protection exists somehow analogous to that of US first-class mail Generally, the organization that owns the email system can operate the system as penly or as privately as it wishes Surveys indicate that the majority of large firms regularly read and analyze employees' email looking for confidential data leaks such as unannounced financial results or the sharing of trade secrets that result in the violation of an email privacy policy and eventual termination of the employee so that means that if the organization wants to read everyone's email, it can do so Basically, using work email for anything other than work is not a good idea A typical email privacy policy: Defines legitimate email users and explains what happens to accounts after a person leaves the organization Explains backup procedure so users will know that at some point, even if a message is deleted from their computer, it is still stored by the company Describes the legitimate grounds for reading email and the process required before such action is performed Discourages sending junk email or spam to anyone who does not want to receive Prohibits attempting to mail bomb a site: Mail bomb Informs users that the organization has no control over email once it has been transmitted outside the organization

hackers

experts in technology who use their knowledge to break into computers and computer networks, either for profit or motivated by the challenge Smoking is not just bad for a person's health, it seems it is also bad for company security as hackers regularly use smoking entrances to gain building access - once inside they pose as employees from the MIS department and either ask for permission to use an employee's computer to access the corporate network or find a conference room where they simply plug in their own laptop

information security policies

identify the rules required to maintain information security, such as requiring users to log off before leaving for lunch or meetings, never sharing passwords with anyone, and changing passwords every 30 days A few details managers should consider surrounding people and information security policies include defining the best practices for: Applications allowed to be placed on the corporate network, especially various file sharing applications (Kazaz), IM software, and entertainment or freeware created by unknown sources (iPhone applications) Corporate computer equipment used for personal reason on personal networks Password creation and maintenance including minimum password length, characters to be included while choosing passwords, and frequency of password changes Personal computer equipment allowed to connect to the corporate network Virus protection including how often the system should be scanned and how frequently the software should be updated. This could also include if downloading attachments is allowed and practices for safe downloading from trusted and untrustworthy services

malicious code

includes a variety of threats such as viruses, worms, and Trojan horses

intellectual property

intangible creative work that is embodied in physical form and includes copyrights, trademarks, and patents

escalation of privilege

is a process by which a user misleads a system into granting unauthorized rights, usually for the purpose of compromising or destroying the system For example, an attacker might log onto a network by using a guest account and then exploit a weakness in the software that lets the attacker change the quest privileges to administrative privileges

sniffer

is a program or device that can monitor data travelling over a network. Sniffers can show all the data being transmitted over a network, including passwords and sensitive information. Sniffers tend to be a favorite weapon in the hacker's arsenal

insiders

legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident For example, many individuals freely give up their passwords or write them on sticky notes next to their computers, leaving the door wide open for hackers

dumpster diving

looking through people's trash, another way hackers obtain information

destructive agents

malicious agents designed by spammers and other Internet attackers to farm email addresses off websites or deposit spyware on machines

Spyware (sneakware, stealthware)

oftware that comes hidden in free downloadable software and tracks online movements, mines the information stored on a computer, or uses a computer's CPU and storage for some task the user knows nothing about

adware

oftware, while purporting to serve some useful function and often fulfilling that function, also allows Internet advertisers to display advertisements without the consent of the computer user Not all adware programs are spyware and used correctly it can generate revenue for a company allowing users to receive free products.

epolicies

olicies and procedures that address information management along with the ethical use of computers and the Internet in the business environment If an organization's employees use computers at work, the organization should, at a minimum, implement policies

social media policy

outline the corporate guidelines on principles governing employee online communications The use of social media can contribute many benefits to an organization and implemented correctly it can become a huge opportunity for employees to build brands but there also tremendous risks as a few employees representing an entire company can cause tremendous damage (Domino's and passing gas on sandwiches on YouTube, Domino's didn't have a Twitter so they did not know about the damaging tweets reacting to it Having a single social media policy might not be enough to esure the company's online reputation is protected Additional, more specific, social media policies a company might choose to implement include: Employee online communication policy detailing brand communication Employee blog and personal blog policies Employee social network and personal social network policies Employee Twitter, corporate Twitter, and personal Twitter policies Employee LinkedIn Policy Employee Facebook usage and brand usage policy Corporate Youtube Policy

clickstream

records information about a customer during a web surfing session such as what websites were visited, how long the visit was, what ads were viewed, and what was purchased

downtime

refers to a period of time when a system is unavailable Unplanned downtime can strike at any time for any number of reasons from tornados, to sink overflows, to network failures to power outages Sources of Unplanned Downtime: Bomb threat Burst pipe Chemical spill Construction Corrupted data Earthquake Electrical short Epidemic Equipment failure Evacuation Explosion Fire Flood Fraud Frozen pipe Hacker Hall Hurricant Ice storm Insects Lightning Network failure Plane crash Power outage Power surge Rodents Sabotage Shredded data Snowstorm Sprinkler malfunction Static electricity Strike Terrorism Theft Tornado Train derailment Smoke damage Vandalism Vehicle crash Virus Water damage (various) Wind Although natural disasters may appear to be the most devastating causes of MIS outages, they are hardly the most frequent or most expensive A few questions managers should ask when determining the cost of downtime are How many transactions can the company afford to lose without significantly harming business Does the company depend upon one of more mission-critical applications to conduct business? How much revenue will the company lose for every hour a critical application is unavailable? What is the productive cost associated with each hour of downtime? How will collaborative business processes with partners, suppliers, and customers be affected by an unexpected IT outage? What is the total cost of lost productivity and lost revenue during unplanned downtime?

ediscovery (electronic discovery

refers to the ability of a company to identify, search, gather, seize, or export digital information in responding to a litigation, audit, investigation, or information inquiry As the importance of ediscovery grows, so does information governance and information compliance Digital information frequently serves as key evidence in legal proceedings and it is far easier to search, organize, and filter than paper documents Digital information is also extremely difficult to destroy, especially if it is on a corporate network or sent via email In fact, the only reliable way to truly obliterate digital information is to destroy the hard drives where the file was stored

cyberterrorists

seek to cause harm to people or destroy critical systems or information and use the internet as a weapon of mass destruction

mail bomb

senda massive amount of email to a specific person or system that can cause the user's server to stop functioning

physical security

tangible protection such as alarms, guards, fireproof doors, fences, and vaults

confidentiality

the assurance that messages and information remain available only to those authorized to view them

information secrecy

the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity

cyber vandalism

the electronic defacing of an existing website

identity theft

the forging of someone's identity for the purpose of fraud The fraud is often financial because thieves apply for and use credit cards or loans in the victim's name Two means of stealing an identity are fishing and pharming

copyright

the legal protection afforded an expression of an idea, such as a song, book, or video game

rule 41

the part of the US Federal rules of Criminal Procedure that covers the search and seizure of physical and digital evidence Rule 41 originally granted a federal magistrate judge the authority to issue a warrant to search and seize a person or properly located within that judge's district if the person or property is part of a criminal investigation or trial In April 2016, the Judicial Conference of the US proposed an amendment to Rule 41 that allows a federal magistrate judge to issue a warrant that allows an investiagtor to gain remote access to a digital device suspected in a crime, even if the device is located outside of the geographic jurisdiction of the judge issuing the warrant An important goal of the amendment to Rule 41 is to prevent criminals from hiding the location of a computing device with anonymization technology in order to make detection and persecution more difficult Privacy advocates are concerned that the amendment will expand the government's authority to legally hack individuals and organizations and monitor any computer suspected of being part of a botnet In addition to giving the government the authority to seize or copy the information on a digital device no matter where the device is located, the amendment also allows investigators who are investigating a crime that spans five or more judicial districts to go to one judge for warrants instead of having to request warrants from judges in each jurisdiction

ethics

the principles and standards that guide our behavior toward other people Technology poses new problems for our ethics as it becomes easier for people to copy everything from words and data to music and video

social media monitoring

the process of monitoring and responding to what is being said about a company, individual, product, or bench This usually falls to the social media manager Organizations must protect their online reputations and continuously monitor blogs, message boards, social networking sites, and media sharing sites However, monitoring the hundreds of social media sites can quickly become overwhelming To combat these issues, a number of companies specialize in online social media monitoring; for example, Trackur.com creates digital dashboards that allow executives to view at a glance the date published, source, tite, and summary of every item tracked The dashboard not only highlights what is being said but also the influence of the particular person, blog, or social media site

privacy

the right to be left alone when you want to be, to have control over your personal possessions, and not to be observed without your consent The protection of customer's privacy is one of the largest, and murkiest, ethical issues facing organizations today It is related to confidentiality Each time employees make a decision about a privacy issue, the outcome could sink the company Trust among companies, customers, partners, and suppliers it he support structure of ebusiness Privacy is one of its main ingredients Customer's concerns that their privacy will be violated because of their interactions on the web continue to be one of the primary barriers to the growth of ebusiness

website name stealing

the theft of a website's name that occurs when someone, posing a site's administrator, changes the ownership of the domain name assigned to the website to another website owner

pirated software

the unauthorized use, duplication, distribution, or sale of copyrighted software

cyberbullying

threats, negative, remarks, or defamatory comments transmitted via the Internet or posted on a website

workplace MIS monitoring

tracks people's activities by such measures as number of keystrokes, error rate, and the number of transactions processed Employe monitoring is not a choice, it is a risk management obligation Michael Soden, CEO of the Bank of Ireland issued a mandate stating that company employees could not surf illicit websites with company equipment and he hired Hewlett-Packard to run the MIS department and illicit websites were discovered on Soden's own computer forcing him to resign Monitoring employees is one of the biggest challenges CIOs face when developing information management policies New technologies make it possible for employers to monitor many aspects of their employees' jobs, especially on telephones, computer terminals, through electronic and voice mail,a nd when employees are using the Internet Such monitoring is virtually unregulated Therefore, unless company policy specifically states otherwise (and even this is not assured), your employer may listen, watch, and read most of your workplace communications

spam

unsolicited email It plagues employees at all levels within an organization, from receptionist to CEO, and clogs email systems and siphons MIS resources away from legitimate business projects