Management Information System Chapter 4 Ethics

Ace your homework & exams now with Quizwiz!

2 reasons why organizations should implement an Internet Use Policy

1. Large amounts of computing resources that Internet users can expend. 2. Numerous materials that some might feel are offensive.

The most secure type of authentication involves:

1. Something the user knows (such as a User ID or Password, the most common, yet ineffective form) 2. Something the user has 3. Something that is part of the user (such as a Fingerprint or Voice Signature, the best and most effective way to manage authentication, can be costly and intrusive)

Nonrepudiation

A contractual stipulation to ensure that ebusiness participants do not deny (repudiate) their online actions.

Smart Card

A device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing.

Cracker

A hacker with criminal intent.

Hardware Key Logger

A hardware device that captures keystrokes on their journey from the keyboard to the motherboard.

Authentication

A method of confirming users' identities.

Key Logger or Key Trapper Software

A program that, when installed on a computer, records every keystroke and mouse click.

Cookie

A small file deposited on a hard drive by a website containing information about customers and their Web activities. Cookies allow websites to record the comings and goings of customers, usually without their knowledge or consent.

Phishing

A technique to gain personal information for the purpose of identity theft, usually by means of fraudulent email.

Worm

A type of virus that spreads itself, not only from file to file, but also from computer to computer. The primary difference between a virus and a worm is that a virus much attach to something, such as an executable file, in order to spread. Worms do not need to attach to anything to spread and can tunnel themselves into computers.

Email can be easily read by:

ANYONE

The only ethical component of MIS?

An Individual

Public Key Encryption (PKE)

An encryption system that uses two keys: a public key for everyone and a private key for the recipient.

Hoaxes

Attack computer systems by transmitting a virus hoax, with a real virus attached. By masking the attack in a seemingly legitimate message, unsuspecting users more readily distribute the message and send the attack on to their co-workers and friends, infecting many users along the way.

Distributed Denial-of-Service (DDoS)

Attacks from multiple computers that flood a website with so many requests for service that it slows down or crashes. A common type is the Ping of Death, in which thousands of computers try to access a website at the same time, overloading it and shutting it down.

6 examples of Viruses

Backdoor program, Denial-of-Service attack (DoS), Distributed denial-of-service attack (DDoS), Polymorphic virus, Trojan-horse virus, and Worm

6 examples of Hackers

Black-hat hacker, Cracker, Cyberterrorist, Hactivist, Script kiddies or script bunnies, and White-hat hacker

Black-Hat Hackers

Break into other people's computer systems and may just look around or may steal and destroy information.

Polymorphic Viruses and Worms

Change their form as they propagate.

Packet Tampering

Consists of altering the contents of packers as they travel over the Internet or altering data on computer disks after penetrating a network. For example, an attacker might place a tap on a network line to intercept packers as they leave the computer. The attacker could eavesdrop or alter the information as it leaves the network.

Web Log

Consists of one line of information for every visitor to a website and is usually stored on a web server.

Information Privacy Policy

Contains general principles regarding information privacy. The unethical use of information typically occurs "unintentionally" when it is used for new purposes.

Ethical Computer Use Policy

Contains general principles to guide computer user behavior. The ethical computer user policy ensures all users are INFORMED of the rules and, by agreeing to use the system on that basis, CONSENT to abide by the rules. Ex. Users will not send spam, Users will not send harmful viruses, Users will not use offensive language or send offensive material

Internet Use Policy

Contains general principles to guide the proper use of the Internet

Technologies available to help prevent and build resistance to attacks include:

Content filtering, Encryption, and Firewalls

Information Security Plan

Details how an organization will implement the information security policies.

Email Privacy Policy

Details the extent to which email messages may be read by others. Organizations can mitigate the risk of email and instant messaging communication tools by implementing and adhering to an email privacy policy.

8 Security threats to ebusniess include:

Elevation of privilege, Hoaxes, Malicious code, Packet tampering, Sniffer, Spoofing, Splogs, and Spyware

The process of sending an Email:

Email sent from Sender's Computer --> Sender's Email Provider's Server --> Recipient's Email Provider's Server --> Recipient's Computer

Hacker

Experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge.

Employee Monitoring Policy

Explicitly state how, when and where the company monitors its employees.

Intrusion Detection Software

Features full-time monitoring tools that search for patterns in network traffic to identify intruders.

Script Kiddies or Script Bunnies

Find hacking code on the Internet and click-and-point their way into systems to cause damage or spread viruses.

Denial-of-Service (DoS)

Floods a website with so many requests for service that it slows down or crashes the site.

Information Ethics

Govern the ethical and moral issues arising form the development and use of information technologies, as well as the creation, collection, duplication, distribution, and processing of information itself.

Firewall

Hardware and/or software that guards a private network by analyzing the information leaving and entering the network. A firewall examines each message that wants entrance to the network, and unless the message has the correct marking, the firewall prevents it from entering the network.

Hactivists

Have philosophical and political reasons for breaking into systems and will often deface the website as a protest.

Trojan-Horse Virus

Hides inside other software, usually as an attachment or a downloadable file.

Information Security Policies

Identify the rules required to maintain information security.

Fair use doctrine

In certain situations, it is legal to use copyrighted material.

Malicious Code

Includes a variety of threats such as viruses, worms, and Trojan horses.

5 tools to prevent information misuse

Information Management, Information Governance, Information Compliance, Information Secrecy, and Information Property

The first line of defense an organization should follow to help combat insider issues is to develop:

Information Security Policies and Information Security Plans

Intellectual Property

Intangible creative work that is embodied in physical form.

5 Business Issues related to information ethics

Intellectual Property, Copyright, Pirated Software, Counterfeit Software, and Digital Rights Management

Elevation of Privilege

Is a process by which a user misleads a system into granting unauthorized rights, usually for the purpose of compromising or destroying the system. For example, an attacker might log on to a network by using a guest account, and then exploit a weakness in the software that lets the attacker change the guest privileges to administrative privileges.

Sniffer

Is a program or device that can monitor data traveling over a network. Sniffers can show all the data being transmitted over a network, including passords and sensitive information. Sniffers tend to be a favorite weapon in the hacker's arsenal.

Spoofing

Is the forging of the return address on an email so that the email message appears to come from someone other than the actual sender. This is not a virus but rather a way by which virus authors conceal their identities as they send out viruses.

7 common monitoring technologies include:

Key logger or key trapper software, Hardware key logger, Cookie, Adware, Spyware, Web log, and Clickstream

Is acting ethically and legally the same thing?

No, they are not always the same thing.

Content Filtering

Occurs when organizations use software that filters content prevent the transmission of unauthorized information.

Workplace Monitoring Policy

Organizations can be held financially responsible for their employees' actions. The dilemma surrounding employee monitoring in the workplace is that an organization is placing itself at risk if it fails to monitor its employees, however, some people feel that monitoring employees is unethical.

Social Media Policy

Outlines the corporate guidelines or principles governing employee online communications. Organizations must protect their online reputations and continuously monitor blogs, message boards, social networking sites, an media sharing sites.

Spyware (Sneakware or Stealthware)

Software that comes hidden in free downloadable software and tracks online movements, mines the information stored on a computer, or uses a computer's CPU and storage for some task the user knows nothing about.

Counterfeit Software

Software that is manufactured to look like the real thing and sold as such.

Spyware

Software the comes hidden in free downloadable software and tracks online movements, mines the information stored on a computer, or uses a computer's CPU and storage for some task the user knows nothing about.

Virus

Software written with malicious intent to cause annoyance or damage.

Most common act of violating privacy on the internet?

Someone forwarding or bcc (blind carbon copy) an email without the person's knowledge or consent.

The second line of defense is:

TECHNOLOGY

Confidentiality

The assurance that messages and information are available only to those who are authorized to view them.

White-Hat Hackers

Work at the request of the system owners to find system vulnerabilities and plus the holes.

The 3 primary information technology security areas are:

People --> Authentication and Authorization Data --> Prevention and Resistance Attacks --> Detection and Response

What do the 4 quadrants stand for?

Quadrant I: Legal and Ethical (Amazon) Quadrant II: Illegal but Ethical (the government ruled that Microsoft was breaking antitrust laws and operating a monopoly, althoughMicrosoft felt it was oeprating ethically and legally) Quadrant III: Legal but Unethical (Some Lawyers) Quadrant IV: Illegal and Unethical (Drug Dealers)

Clickstream

Records information about a customer during a Web surfing session such as what websites were visited, how long the visit was, what ads were viewed, and what was purchased.

Downtime

Refers to a period of time when a system is unavailable.

Acceptable Use Policy (AUP)

Requires a user to agree to follow it to be provided access to corporate email, information systems, and the Internet. Also includes, Nonrepudiation and Internet Use Policy.

Pharming

Reroutes requests for legitimate websites to false websites.

Encryption

Scrambles information into an alternative form that requires a key or password to decrypt the information.

Cyberterrorists

Seek to cause harm to people or to destroy critical systems or information and use the Internet as a weapon of mass destruction.

Anti-Spam Policy

Simply states that email users will not send unsolicited emails (or spam).

Tokens

Small electronic devices that change user passwords automatically

Adware

Software generates ads that install themselves on a computer when a person downloads some other program from the Internet.

Identity Theft

The forging of someone's identity for the purpose of fraud.

Biometrics

The identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting.

Copyright

The legal protection afforded an expression of an idea, such as a song, video game, and some types of proprietary documents.

Ethics

The principles and standards that guide our behavior toward other people.

Authorization

The process of giving someone permission to do or have something.

Information Security

The protection of information from accidental or intentional misuse by persons inside or outside an organization.

Privacy

The right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent.

Pirated Software

The unauthorized use, duplication, distribution, or sale of copyrighted software.

Information Technology Monitoring

Tracks people's activities by such measures as number of keystrokes, error rate, and number of transactions processed.

Spam

Unsolicited email

Backdoor Programs

Viruses that open a way into the network for future attacks.


Related study sets

Physics Color, Reflection, Refraction

View Set

Prepare for Minor Surgical Procedures

View Set

Ch 13 The Roaring Life of the 20s

View Set

Islamic Empires, Byzantine Empire, and Middle Ages in Europe

View Set