Management Information System 4

MIS300_Ch.8.pdf

Home >Information Systems homework help >Management Information System 4

Management Information Systems – MIS 300

Textbook/material required: Haag, S., & Cummings, M. (2009). Management information systems for the information age. 9 th ed. McGraw-Hill, Inc.

Chapter 8: Ethics

Pages (226-250)

Table of Content 1/2 • Ethics:

• Ethic Structure.

• Intellectual property: • Definition.

• Copyright

• Fair Use (Four factors)

• Software Piracy & MIS

• Piracy: • Definition

• Key logger, Screenshots, Pocket Sniffers, and Emails.

• How you are monitored electronically.

• Identity Theft: • Definition

• How they trap you?

• How to protect yourself from Identify theft. 3

Table of Content 2/2 • Computer Crimes:

• Phishing • Whaling • Pharming • What to do to protect yourself

• Employee Privacy: • Should employees be entitled to privacy?

• Customer Privacy: • Business Dilemma • Technology and customer privacy

• Cookies, SPAM, Adware, and Spyware.

• How to protect yourself

• Security From: • Employees • Outside Threats

• Hackers, Viruses, Worms, and DoS.

• Planning for any eventuality: • Eight key points • Training.

Ethics: p.226-9

• What is Ethics? • It is our personal morals that we use to judge our actions.

• They are governed by two factors: • Basic ethical structure: What we developed while growing up.

• A practical circumstances: that is the gray areas when it is not clear cut black or white decision.

• “One of the elementary lessons of ethics, too often forgotten, is that something is not made morally acceptable merely because most people do it.” p.229

Ethics. p.226-9

• Practically we tend to assess what is right or wrong using variety of considerations:

• Ethical structure: • Consequence: Benefit or harm our decision will have. • Society opinion: What do people think? • Likelihood of effect: Probability of harm or benefit if the action is taken. • Time consequences: How long before the outcome is fully realized? • Relatedness: How much you can identify (put yourself in the shoes of that

person)? • Reach of Result: How many people will be affected by the outcome?

• Sometimes decisions that seem perfectly ethical turn out to be not so ethical*.

• Sometimes decision that seem unethical turns out to have some justifications **.

Different level in Ethics: p.228

Intellectual Property p.229

• What is intellectual property? • “…is intangible creative work that is embodied in physical form.” p.229

• What they mean: Any creative work that is valued beyond the CD, DVD, memory stick, paper or book they are stored in.

• Creative work could be: Music, films, novels, paintings, sculptures, art, inventions, discoveries, and more.

Intellectual Property p.229

• What is Copyright? • “…is the legal protection afforded an expression of idea, such as song, video

game, and some types of proprietary documents”. p.229

• What they mean: Copyright material gives the owner of that material legal right to demand acknowledgement and/or financial compensation for use of their work.

• It is not all about the money*.

Intellectual Property p.229

• Some key symbols when looking for copyright

Intellectual Property p.230

• MIS and Copyright: • Biggest implication has to do with use of Software:

• Sometimes you are allowed to make one ‘backup’ copy of the software.

• Sometimes you are allowed to make copies on several computers provided it is used by ‘one person’.

• Sometimes the license allows a specific copies for use within one organization.

• Copying software without authorization is considered Software Piracy. The software is a Pirated software*.

Privacy p.231

• What is privacy? • “…is the right to be left alone when you want to be, to have control over your

own personal possessions, and not be observed without your consent.” p.231

• What they mean: If what you are doing is legal, then you should not be harassed or suffer.*

• Most victims of privacy know the person who is invading their privacy.

Privacy . p.231

• Privacy and Computers: • Individuals snooping at each other using technology.

• Employers’ collecting information about employees.

• Business collecting information about their customers.

• Hackers stealing your details.

Privacy and other individuals. p.231

• One of the ways to monitor use of computers is to record keyboard strokes: • This will record what web addresses they type.

• What emails they send.

• What logins and passwords are typed.

• This records everything that goes through keyboard. • This is called Key Logger or Key Trapper.

• It is usually software but sometimes hardware.

Privacy and other individuals

Privacy and other individuals. p.231

• Other types of Spying software: • Screenshots: Takes regular screenshot while the user uses the computer.

• This gives indication as to what that person was doing.

• Packet Sniffers: Examines information as it passes by on switches, hubs, servers, or routers.

Privacy and other individuals. p.232

• Are Emails secured way of communication? • No they are not…emails are not encrypted and get copied as they travel between

servers on its way to its final destination.

• Information stored in an email is as secured as information written on a postcard!!

Privacy and other individuals. p.232

• Did you know? • Files when created have information about who created it, date, time, number of

modifications, last update and even the computer that was used to create it?

• DVDs and USB when burned or formatted record hidden information about the date of creation, computer, and hardware registration number.

Privacy and other individuals. p.232 • Did you know?

• Modern cars are fitted with Event Data Recorders (EDR), like a airplane blackbox that records and stores information.

• In case of accident, information such as your speed, your breaking time, time of collision, and seat belts are saved.

Privacy and other individuals. p.232

Identity Theft: p.232

• What is Identity Theft? • “…is the forging of someone’s identity for the purpose of fraud. The fraud is

often for financial gain…”p.232

• What they mean: Someone pretending to be you to gain access to your bank account, use your credit card (Online or in the shops), apply for loan, get social benefits money, or just to hide from the law under new identity.

• While most of the time you would not know the person who tried to steal your identity, 43% of identify theft in US is by someone who knows them…called ‘friendly fraud’.

Identity Theft: p.232

• How do thieves steal your identify? • Hack your email, bank account, social media account…etc.

• Find information in your rubbish.

• Trap you with one of their fake emails: • A general in Nigeria who wants to hide money in your bank account…

• A generous person who you never met and is dying of cancer wants to leave all his money for you!

• A lottery you never entered but some how you won millions!

• Emails suggesting your bank / email/ social media account is suspended wanting you to login to ‘reactivate’ your account.

• Emails or messages your computer is infected and you need to go to a website to download anti-virus*

Identity Theft: p.232

• Trap you with one of their fake emails: • An email suggesting you can get your hands on drugs that would otherwise be difficult or

impossible to get hold on.

• An email claiming to sell expensive brand watches / sun glasses or other goods at much cheaper prices.

• An email claiming you have a bill to pay or a payment due from a company you never heard off*.

• An email from a lady / man who claims they know you want to chat – even if they state your name.**

• Emails luring you to visit a website that turns out to be bugged.

• These emails will ask you for your bank details, click on a link, or to open attachment – which is an infected file.

Identity Theft: p.232

• What to do? • NEVER EVER respond to them, this will make you a target for even more emails

as they will add you to multiple lists of emails.

• NEVER EVER click on any of the links, even if you are very curious to see what will happen. Many times they contain viruses and worms on these websites that will infect your computer.

• All these are examples of electronic communications intending to ‘trap’ you to steal your personal information is called ‘Phishing’ – sounds like Fishing!

Identity Theft:

Many email services allow you to report Phishing emails:

Hotmail.com Yahoo.com

Gmail.com

Identity Theft: p.235

• Phishing tends to send the ‘net’ out to millions with hope of getting few gullible individuals,

• some are targeted to specific individuals – these are called ‘Spear Phishing’: • They may know some information and they need more, so they target this

individual.

• Sometimes they are paid to try to hack someone’s account.

Identity Theft: p.235

• If the target is a person of very high position, we call it ‘Whaling’: • These are high target or people who hold access to very sensitive information.

• Specific high position military, politicians, businesses, bankers, scientists,…etc.

• Because they would know the individual, they would make such emails took very genuine.

• These individuals need to get well trained on spotting these kind of emails.

Identity Theft: p.235

• Finally, some hackers (by email clicking or viruses) try to re-route your web access

• so you type googlemail.com but they send you to gogglemail.com

• A hacked website that may look exactly like the email service, bank, shopping website, or social media you wanted.

• this is called Pharming (sounds like Farming!)

Identity Theft:

Identity Theft: p.235

• So one of the first lines of defense is to check the web address you are visiting.

• But Hackers are clever…now they have a away to cover the address so that you could be fooled.

• What you should look out for is the ‘safety’ symbols as well – the browser lock and the secure web address.

Identity Theft: p.235

Identity Theft: p 235

• What to do? • When you visit a secured website, learn the ‘security’ symbols of your browsers

(as they differ from one another).

• Never click on a link in an email (even from friends), type the address yourself making sure it is the right web address.

• Examine the security symbols before you login.

Identity Theft: p.235

• What to do? • If you still end up falling for it and you put your login/password and you do not

get in because it is a fake website • Immediately report it to your bank to block the card.

• Report it to your IT administrator of the genuine website to lock your account.

• Go onto the actual website and change your password.

• Go to any websites or account that you have used the same password and change them.

Identity Theft: p.236

Employee’s Privacy: p.235

• Should employees be entitled for privacy at work? • Yes they should but limits should be set so employees do not abuse this privacy

to: • Use company time / systems to do private or illegal activities:

• Personal banking, gambling, socializing, sending jokes, hacking systems, watching movies…etc.

• In the US 60% of companies monitor employee’s emails.

• Where an employee abuses the system to commit a crime, the company maybe sued!

Employee’s Privacy: p.235

• How do employers track their employees? • Using the Key logger (Software or Hardware)

• Using the Screenshot software.

• Sniffer software on the server to monitor email and web surfing activities.

• “Employers have the legal right to monitor the use of their resources and that includes the time they paying for it.” p.237

Customer’s Privacy: p.238

• Some business dilemma: • Customers want businesses to know who they are, but to leave them alone.

• Customers want businesses to know what they want, but not to know too much about them.

• Customers want businesses not to send them too many ads but still tell them of products/services they want.

Customer’s Privacy: p.238

• Technology can help: • Personalized messages and recommendations (Example of Amazon.com)

• Greets you by name

• Makes recommendations based on your previous purchases or products trending at the moment.

• Constantly accumulating information from visits, page visits, and purchases.

• Targeted adverts based on your web visits. • (DoubleClick web trafficking company*)

Customer’s Privacy: p.238

Tools used to monitor customers: - Cookies: a harmless.txt files left on your computer that keep track of

your login to a website and remember login and sometimes the password.

- Unique Cookies (used by one single company).

- Common Cookies (used by several companies like ones created by DoubleClick).

- Spam: Blanket emails to many customers, this is now generally illegal unless the customer has clearly subscribed to this service.

- Adware: Software that generate adverts while you use it – like in Apps.

- Spyware: malicious software that collects information about you and your computer and reports it back without your permission.

Customer’s Privacy: p.238

How to protect yourself?

- Good Anti-virus software will warn you of Spyware activities.

- Good Anti-virus could even block these activities.

- Good browsers would allow you to monitor cookies and even disable them*.

- You could use (AWB) or Anonymous Web Browsing a service offered online or by some browsers.

Security: p.244

 A company has to consider threats from:

1. Employees

2. Outside threats

3. Planning for any eventuality.

Security: p244

1. Employees: • 75% of computer crime in US is done by company insider!!

• The average embezzlement* by nonmanagerial employee theft is $60,000 while managerial theft are on average $250,000!!

• How do they do it? • Make fake claims, repairs, or orders.

• Sell intellectual property information or customer’s information.

• Steal equipment's.

Security: p244

1. Employees: • Fraud examiners have a rule of thumb:

• About 10% of employees are honest.

• About 10% of employees will steal.

• The remaining 80% will depend on the circumstance.

• Most of these theft are done by employee strapped for cash, have easy access to the money, and believe the risk of getting caught is minimal.

Security: p244

2. Outside threat: • Competitors trying to know your next product/service.

• Competitors trying to get your customer lists.

• Cyber vandals (Hackers) try to damage your system for fun.

• Cyber Crime: Virus, warms, and DoS.

Security: p244

2. Outside threat:

• What is a hacker? • A person who breaks into a computer without authorization.

• They tend to be IT knowledgeable people who aim to: • Benefit financially

• Have ideology behind the attack (or political)

• Crackers: a variation on hackers who are paid to do so by the company to test the security of their systems.

Security: p244

2. Outside threat:

• What is a Computer virus? • “…is software that is written with malicious intent to cause annoyance or

damage.” p.246

• Some virus only put silly messages or slow your system, they are called Benign viruses.

• Some damage your system, these are called malicious.

Security: p244

2. Outside threat:

• What is a Computer warm? • “…is a type of virus that spread itself, not just from file to file, but from computer

to computer via email and other internet traffic.” p.246

• Both Viruses and Warms are picked up from • Opening attachments from spam emails.

• Opening web links from spam emails.

• Visiting websites bugged.

• Using pirated software from infected source.

Security: p244

2. Outside threat:

• What is Denial of Service (DoS)? • “…floods a server or network with so many requests for service that it slows

down or crashes”.p247

• Is a form of attack that can come from a virus or people.

• Many companies were subject to these attacked: Ebay, Amazon, Yahoo, Google…etc*

Security Precaution: p247

3. Planning for any eventuality: 1. Business Continuity Planning (remember!!):

• Plays a major role here.

2. Up-to-date Anti-virus software.

3. Latest Anti-spyware (if not included in your anti-virus).

4. Spam protection (linked to your company’s outlook).

5. Anti-Phishing software (if not included already in your anit-virus).

6. Have firewall installed (software or hardware) protect from hackers and unauthorized access internally.

7. Blocking of websites: none work related websites including illegal websites.

8. Access Authentication: Making sure all internal and external access is authenticated with right levels of access.

Security Precaution: p247

3. Planning for any eventuality (continuing): • Access Authentication: Depending on the importance of the information and its

sensitivity you may recommend: • Adding several security checks such as Card access?

• Regular change of password (every 60 days)

• Biometric (finger scanning/facial recognition/ Iris recognition).

• Encryption: Where communications such as emails are scrambled so they can only be read by the authorized system.

Security Precaution: p247

3. But how can YOU protect your business and people around you? • Training!

• Train your family /friends/ and fellow employees to look out to these threats.

• Read about the latest threats.

• As an MIS professional it is YOUR duty to protect the company system’s. • Failure to follow simple procedure would mean you failed the business.

• Sometimes it is down to you to organize the training.

The End