Business Driven Information Systems Ch. 4

Copyright
the legal protection afforded an expression of an idea, such as a song, book or video game
Intellectual property
intangible creative work that is embodied in physical form and includes copyrights, trademarks and patents
Ethics
the principles and standards that guide our behavior toward other people
Privacy
the right to be left alone when you want to be, to have control over your personal possessions, and not to be observed without your consent
Confidentiality
the assurance that messages and information will remain available only to those authorized to use them
Information ethics
govern the ethical and moral issues arising from the development and use of information technologies, as well as the creation, collection, duplication, distribution, and processing of information itself
Pirated software
unauthorized use, duplication, distribution, or sale of copyrighted software
Counterfeit software
software that is manufactured to look like the real thing and sold as such
Information management
examines the organizational resource of information and regulates its definitions, uses, value and distribution ensuring it has the types of data/information required to function and grow effectively
Information governance
a method or system of government for information management or control
Information compliance
act of conforming, acquiescing or yielding information
Ediscovery
refers to the ability of a company to identify, search, gather, seize or export digital information in responding to a litigation, audit, investigation, or information inquiry
Epolicies
policies and procedures that address information management along with the ethical use of computers and the internet in the business environment
Ethical computer use policy
contains general principles to guide computer user behavior. It ensures all users are informed of the rules and, by agreeing to use the system on that basis, consent to abide by the rules.
Information privacy policy
contains general principles regarding information privacy. The unethical use of information typically occurs ” unintentionally” when it is used for new purposes.
Acceptable use policy (AUP)
requires a user to agree to follow it to be provided access to corporate email, information systems and the internet
Nonrepudiation
a contractual stipulation to ensure that ebusiness participants do not deny (repudiate) their online actions
Internet use policy
contains general principles to guide the proper use of the internet
Email privacy policy
details the extent to which email messages may be ready by others. Organizations can mitigate the risk of email and instant messaging and adhering to an email privacy policy.
Mail bomb
sends a massive amount of email to a specific person or system that can cause that user’s server to stop functioning
Spam
unsolicited email
Anti-spam policy
simply states that email users will not send unsolicited emails ( or spam)
Social media policy
outlining the corporate guidelines or principles governing employee online communications
Information technology monitoring
tracks people’s activities by such measures as number of keystrokes, error rate, and number of transactions processed
Employee monitoring policy
stating explicitly how, when, and where the company monitors its employees
Downtime
refers to a period of time when a system is unavailable
Information security
a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization
Hackers
experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge.
Virus
software written with malicious intent to cause annoyance or damage
Adware
software that, while purporting to server some useful function and often fulfilling that function, allows internet advertisers to display advertisements without the consent of the computer user
Spyware
a special class of adware that collects data bout the user and transmits it over the internet without the user’s knowledge or permission
Insiders
legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident
Social engineering
hackers use their social skills to trick people into revealing access credentials or other valuable information
Dumpster diving
looking through people’s trash
Information security policies
identify the rules required to maintain information security, such as requiring users to log off before leaving lunch or meetings, never sharing passwords with anyone, and changing passwords every 30 days
Information security plan
details how an organization will implement the information security policies
Identity theft
the forging of someone’s identity for the purpose of fraud
Phishing
a technique to gain personal information for the purpose of identity theft, usually by the means of fraudulent emails that look as though they came from legitimate businesses
Pharming
reroutes requests for legitimate websites to false websites
Authentication
method for confirming users’ identities.

The most secure type of authentication involves
1. SOmething the user know
2. SOmething the user has
3. Something that is part of the user

Authorization
the process of providing a user with permission including access levels and abilities such as file access, hours of access, and amount of allocated storage space
Tokens
small electronic devices that change user passwords automatically
Smart card
device about the size of a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing
Biometrics
the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting
Content filtering
occurs when organizations use software that filters content, such as emails, to prevent the accidental or malicious transmission of unauthorized information
Encryption
scrambles information into an alternative form that requires a key or password to decrypt
Public key encryption (PKE)
uses two keys: a public key that everyone can have and a private key for only the recipient
Certificate authority
a trusted third party, such as verisign, that validates user identities by means of digital certificates
Digital certificate
a data file that identifies individuals or organizations online and is comparable to a digital signature
Firewall
hardware and/or software that guard a private network by analyzing incoming and outgoing information for the correct markings
Antivirus software
scans and searches hard drives to prevent, detect and remove known viruses, adware and spyware
Intrusion detection software (IDS)
features full-time monitoring tools that search for patterns in network traffic to identify intruders
Business Issues related to information ethics
Intellectual property
copyright
Pirate software
Counterfeit software
Digital rights management
Privacy
THe right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent
Confidentiality
The assurance that messages and information are available only to those who are authorized to view them.
Individual form the only ethical component of MIS
Individual copy use, and distribute softwate
Search organizational databases for sensitive and personal information
Individuals create and spread viruses
Individuals hack into computer systems to steal information
Employees destroy and steal information
Tools to prevent information misuse
Information management
Information governance
Information compliance
Ediscovery
Workplace monitoring policy
Workplace monitoring is a concern for many employees, organizations can be held financially responsible for their employees’ actions. The dilemma surrounding employee monitoring in the workplace is that an organization is placing itself at risk if it fails to monitor its employees, however,some people feel that monitoring employees is unethical.
Common monitoring technologies include
Key logger or key trapper software
Hardware key logger
cookie
Adware
Spyware
Web log
Clickstream
Security threats to ebusiness include
elevation o privilege
Hoaxes
Malicious code
Packet tampering
Sniffer
Spoofing
Splogs
Spyware
The first line of defence- People
Organizations must enable employees, customers, and partners to access information electronically. The biggest issue surrounding information security is not a technical issue, but a people issue.
– Insiders
– Social Engineering
– Dumpster diving
The first line of defense an organization should follow to help combat insiders issues is to develop information security policies and an information security plan
There are three primary information technology security areas
People- Autentication and authorization
Data- Prevention and resistence
Attacks- Detection and response