MIS #3

ethics
the principles and standards that guide our behavior toward other people
information ethics
govern the ethical and moral issues arising from the development and use of information technologies, as well as the creation, collection, duplication, distribution, and processing of information itself
Business issues related to information ethics
1. Intellectual property
2. copyright
3. pirated software
4. counterfeit software
privacy
the right to be left alone when you want to be, to have control over your own personal possessions and not to be observed without your consent
confidentiality
the assurance that messages and information are available only to those who are authorized to view them
______ form the only ethical component of MIS
individuals
_______ does not have ethics, _____ do
information, people
4 tools to prevent information misuse
1. information management
2. information governance
3. information compliance
4. Ediscovery
informational management
examines the organizational resource of information and regulates its definitions, uses, value, and distribution ensuring it has the types of data/information required to function and grow effectively
information governance
method or system of government for information management or control
information compliance
is the act of conforming, acquiescing, or yielding information
Ediscovery
refers to the ability of a company to identify, search, gather, seize, or export digital information in responding to litigation, audit, investigation, or information inquiry
Epolicies
policies and procedures address information management along with the ethical use of computers and the Internet in the business environment
6 epolicies
1. ethical computer use policy
2. information privacy policy
3. acceptable use policy
4. email privacy policy
5. social media policy
6. workplace monitoring policy
ethical computer use policy
contains general principles to guide computer user behavior. It ensures that all users are informed of the rules and, by agreeing to use the system on that basis, consent to abide by the rules
information privacy policy
contains general principles regarding information privacy
acceptable use policy (AUP)
requires a user to agree to follow it to be provided access to corporate email, information systems, and the Internet
nonrepudiation
a contractual stipulation to ensure that ebusiness participants do not deny their online actions
internet use policy
contains general principles to guide the proper use of the Internet
email privacy policy
details the extent to which email messages may be read by others
social media policy
outlines the corporate guidelines or principles governing employee online communications
workplace monitoring policy
unless your company policy specifically states otherwise, your employee may listen, watch, and read most of your workplace communications
information technology monitoring
tracks people’s activities by such measures as number of keystrokes, error rate, and number of transactions processed
employee monitoring policy
explicitly state how, when, and where the company monitors its employees
common monitoring technologies include
1. key logger or key trapper
2. hardware key logger
3. cookie
4. adware
5. spyware
6. web log
7. clickstream
information security
the protection of information from accidental or intentional misuse by persons inside or outside an organization
downtime
refers to a period of time when a system is unavailable
Sources of unplanned downtime
bomb threat, hacker, snowstorm, hail, hurricane, power outage, evacuation, fraud, wind, etc
How much will downtime cost your business?
Financial Performance
Damaged Reputation
Revenue
Other Expenses
hackers
experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge
black-hat hackers
break into other people’s computer systems and may just look around or may steal and destroy information
crackers
have criminal intent when hacking
cyberterrorists
seek to cause harm to people to to destroy critical systems or information and use the Internet as a weapon of mass destruction
hactivists
have philosophical and political reasons for breaking into systems and will often deface the website as a protests
scipt kiddies or script bunnies
find hacking code on the Internet and click-and-point their way to systems to cause damage or spread viruses
white-hat hackers
work at the request of the system owners to find system vulnerabilities and plug holes
virus
software written with malicious intent to cause annoyance or damage
Types of viruses
1. Worm
2. Denial-of-service attack (DoS)
3. Distributed DoS (DDoS)
4. Trojan-horse virus
5. Backdoor program
6. Polymorphic virus
worm
spreads itself, not only from file to file, but also from computer to computer. A virus must attach itself to something, a worm does not.
DOS
floods a website with so many requests for service that it slows down or crashes the site
DDOS
attacks from multiple computers that flood a website with so many requests that is slows down.
Trojan-horse
hides inside other software, usually as an attachment or downloadable file
backdoor
opens a way into the network for future attacks
polymorphic
changes their forms as they propagate
Security threats include
1. elevation of privilege
2. hoaxes
3. malicious code
4. packet tampering
5. sniffer
6. spoofing
7. splogs
7. spyware
elevation of privilege
process by which a user misleads a system into granting unauthorized rights, usually for the purpose of compromising or destroying the system
Hoaxes
attack computer systems by transmitting a virus hoax, with a real virus attached.
malicious code
includes a variety of threats, such as viruses, worms, and trojan horses
packet tampering
consists of altering the contents of packets as they travel over the Internet or altering data on the cuntputer disks after penetrating a network
sniffer
program or device that can monitor data traveling over a network. hackers favorite weapon
spoofing
the forging of the return address on an email so that the message appears to come from someone other than the actual sender.
splogs
(spam blogs) are fake blogs created solely to raise the search engine rank of affiliated websites
spyware
software that comes hidden in free downloadable software and tracks online movements, mines the info stored, or uses a computer’s CPU for some task the user knows nothing about
What is the first line of defense?
PEOPLE!
The biggest issue surrounding information security is not a technical issue, but a ____ issue
PEOPLE!!
Insider
legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident
social engineering
hackers use their social skills to trick people into revealing access credentials or other valuable information
dumpster diving
looking through people’s trash
information security policies
identify the rules required to maintain information security. Ex. never sharing passwords
information security plan
details how an organization will implement the information security policies
3 primary information technology security areas are
1. people
2. data
3. attack
people
authentication and authorization
data
prevention and resistance
attack
detection and response
authentication
a method for confirming users’ identities
authorization
the process of giving someone permission to do or have something
The most secure types of authentication involves 3 things
1. something the user knows
2. something the user has
3. something that is part of the user (thumbprint)
identity theft
the forging of someone’s identity for the purpose of fraud
phishing
a technique to gain personal information for the purpose of identity theft, usually by means of fradulent email
pharming
reroutes requests for legitimate websites to false websites
Downtime can cost an organization anywhere from $___ to $____ per hour
100, 1 million
3 technologies available to help prevent and build resistance include
1. content filtering
2. encryption
3. firewalls
content filtering
occurs when organizations use software that filters content, such as emails, to prevent the accidental or malicious transmission of unauthorized information

prevents emails containing sensitive information from transmitting and stops spam and viruses from spreading

encryption
scrambles information into an alternative form that requires a key or password to decrypt.
firewalls
a hardware and/or software that guard a private network by analyzing incoming and outgoing information for the correct markings
Public key encryption
(PKE) uses two keys: public key that everyone can have and a private key for only the recipent.
certification authority
a trusted third party, such as VeriSign, that validates user identities by means of digital certificates
digital certificate
a data file that identifies individuals or organizations online and is comparable to a digital signature
One of the most common defenses for preventing a security breach is a _____
firewall
Detection and response
IF prevention and resistance strategies fail, detection and response technologies mitigate the damage
intrusion detection software
features full-time monitoring tools that search for patterns in network traffic to identify intruders