Download pdf - Fundamentals of Information Systems, Seventh EditionFundamentals of Information Systems, Seventh Edition Fundamentals of Information Systems, Seventh Edition 1 Chapter 9 The Personal

FundamentalsofInformationSystems,SeventhEdition

FundamentalsofInformationSystems,SeventhEdition 1

Chapter 9The Personal and Social

Impact of Computers

PrinciplesandLearningObjectives(continued)

• Computercrimeisaseriousandrapidlygrowingareaofconcernrequiringmanagementattention– Explainthetypesofcomputercrimeandtheireffects

– Identifyspecificmeasurestopreventcomputercrime



• Jobs,equipment,andworkingconditionsmustbedesignedtoavoidnegativehealtheffectsfromcomputers– Listtheimportantnegativeeffectsofcomputersontheworkenvironment

– Identifyspecificactionsthatmustbetakentoensurethehealthandsafetyofemployees



• Practitionersinmanyprofessionssubscribetoacodeofethicsthatstatestheprinciplesandcorevaluesthatareessentialtotheirwork– Outlinecriteriafortheethicaluseofinformationsystems


WhyLearnAboutthePersonalandSocialImpactoftheInternet?

• Bothopportunitiesandthreats:– SurroundawiderangeofnontechnicalissuesassociatedwiththeuseofinformationsystemsandtheInternet

• Youneedtoknowaboutthetopicsinthischapter:– Tohelpavoidbecomingavictimofcrime,fraud,privacyinvasion,andotherpotentialproblem


ComputerCrime

• 300,000crimesreportedtoTheInternetCrimeComputerCenterin2010

• Twomostcommononlinecomputercrimes:– Undeliveredmerchandiseornonpayment– IdentitytheftusingnamesandphotosofU.S.governmentofficials


TheComputerasaTooltoCommitCrime

• Computercriminalneedstwocapabilitiestocommitcrime:– Howtogainaccesstothecomputersystem– Howtomanipulatethesystemtogetthedesiredresult

• Socialengineering:– Usingsocialskillstogetcomputeruserstoprovideinformationtoaccessaninformationsystem

• Dumpsterdiving:– Goingthroughtrashcanstofindsecretorconfidentialinformation


Cyberterrorism• HomelandSecurityDepartment’sInformationAnalysisandInfrastructureProtection-Directorate:– Servesasafocalpointforthreatassessment,warning,investigation,andresponseforthreatsorattacksagainstthecountry’scriticalinfrastructure

• Cyberterrorist:– Intimidatesorcoercesagovernmentororganizationtoadvancehisorherpoliticalorsocialobjectives


IdentityTheft

• Imposterobtainspersonalidentificationinformationinordertoimpersonatesomeoneelse:– Toobtaincredit,merchandise,andservicesinthenameofthevictim

– Tohavefalsecredentials


InternetGambling

• Globalonlinegamblingmarketover$30billion

• Lawsregardinglegalityofonlinegamblingquiteconfusing

• RevenuesgeneratedbyInternetgamblingrepresentamajoruntappedsourceofincomeforstateandfederalgovernments


TheComputerasaTooltoFightCrime

• Informationsystemscanbeusedtofightcrimeinmanyways:

• LeadsOnlineWeb-basedservicesystem:– Usedbylawenforcementtorecoverstolenproperty

– Containshundredsofmillionsofrecordsinitsdatabase

– Allowslawenforcementofficerstosearchthedatabasebyitemserialnumberorbyindividual


MonitoringCriminals• JusticeXchange:–Web-baseddatasharingsystem– ProvidesinformationaboutoffendersheldinparticipatingjailsacrosstheUnitedStates

• OffenderWatch:–Web-basedsystemusedtotrackregisteredsexoffenders

– Storestheregisteredoffender’saddress,physicaldescription,andvehicleinformation

– PubliccanaccessdatabaseFundamentalsofInformationSystems,

SeventhEdition 12

AssessingCrimeRiskforaGivenArea

• CAPIndexprovidesquickoverviewofcrimeriskatagivenaddress

• OthercommonGISsystemsinclude:– TheNationalEquipmentRegistry– TheCompStatprogram– CargoNet


TheComputerastheObjectofCrime

• Crimesfallintoseveralcategories:– Illegalaccessanduse– Dataalterationanddestruction– Informationandequipmenttheft– SoftwareandInternetpiracy– Computer-relatedscams– Internationalcomputercrime



IllegalAccessandUse

• Hacker:– Learnsaboutandusescomputersystems

• Criminalhacker:– Gainsunauthorizeduseorillegalaccesstocomputersystems

• Scriptbunny:– Automatesthejobofcrackers

• Insider:– Employeewhocomprisescorporatesystems


IllegalAccessandUse(continued)• Virus:– Programfilecapableofattachingtodisksorotherfilesandreplicatingitselfrepeatedly

• Worm:– Parasiticcomputerprogramsthatreplicatebut,unlikeviruses,donotinfectothercomputerprogramfiles

• Trojanhorse:– Maliciousprogramthatdisguisesitselfasausefulapplicationorgameandpurposefullydoessomethingtheuserdoesnotexpect


IllegalAccessandUse(continued)• Rootkit:– Setofprogramsthatenableitsusertogainadministratorlevelaccesstoacomputerornetwork

• Logicbomb:– TypeofTrojanhorsethatexecuteswhenspecificconditionsoccur

• Variant:–Modifiedversionofavirusthatisproducedbyvirus’sauthororanotherperson


Spyware

• Softwareinstalledonapersonalcomputerto:– Interceptortakepartialcontroloveruser’sinteractionwiththecomputerwithoutknowledgeorpermissionoftheuser

• SimilartoaTrojanhorseinthat:– UsersunknowinglyinstallitwhentheydownloadfreewareorsharewarefromtheInternet


InformationandEquipmentTheft

• Passwordsniffer:– Smallprogramhiddeninanetworkthatrecordsidentificationnumbersandpasswords

• Portablecomputerssuchaslaptopsandportablestoragedevicesareespeciallyeasyforthievestotake:– Dataandinformationstoredinthesesystemsaremorevaluablethantheequipment


PatentandCopyrightViolations

• Softwarepiracy:– Actofunauthorizedcopyingordistributionofcopyrightedsoftware

– Penaltiescanbesevere• Digitalrightsmanagement:– Theuseofanyofseveraltechnologiestoenforcepoliciesforcontrollingaccesstodigitalmedia


PatentandCopyrightViolations(continued)

• Patentinfringement:– Occurswhensomeonemakesunauthorizeduseofanother’spatent

– Penaltyisuptothreetimesthedamagesclaimedbythepatentholder


Computer-RelatedScams

• Phishing:– Perpetratorsendemailthatlooksasifitcamefromalegitimateinstitution

– Recipientaskedtoprovidepersonalidentificationinformationsuchapinnumberandpassword

• Overthepastfewyears:– Creditcardcustomersofvariousbankshavebeentargetedbyscamartiststryingtogetpersonalinformationusingphishing


Computer-RelatedScams(continued)

• Vishing:– Similartophishing– Insteadofusingthevictim’scomputer,itusesthevictim’sphone


InternationalComputerCrime

• Computercrimebecomesmorecomplexwhenitcrossesborders

• Moneylaundering:– Disguisingillegallygainedfundssothattheyseemlegal


PreventingComputer-RelatedCrime

• Greateremphasisplacedonpreventionanddetectionofcomputercrimeby:– Privateusers– Companies– Employees– Publicofficials


CrimePreventionbyStateandFederalAgencies

• Stateandfederalagenciesaggressivelyattackingcomputercriminals

• ComputerFraudandAbuseActof1986:–Mandatespunishmentbasedonthevictim’sdollarloss

• ComputerEmergencyResponseTeam(CERT):– Respondstonetworksecuritybreaches–Monitorssystemsforemergingthreats


CrimePreventionbyCorporations

• Companiestakingcomputercrimeseriously– Encryptionusedtoencodedata– Role-basedsystemaccessliststocontrolsystemaccess

– Separationofdutiestopreventcollusion– Useoffingerprintauthenticationdevicestogainaccess


CrimePreventionbyCorporations(continued)

• Guidelinestoprotectyourcomputerfromcriminalhackers:– Installstronguserauthenticationandencryptioncapabilitiesonyourfirewall

– Installthelatestsecuritypatches– Disableguestaccountsandnulluseraccounts– Turnaudittrailson– ConsiderinstallingcallerID– InstallacorporatefirewallbetweenyourcorporatenetworkandtheInternet


UsingIntrusionDetectionSoftware

• Usingintrusiondetectionsoftware:– Intrusiondetectionsystem(IDS):• Monitorssystemandnetworkresources• Notifiesnetworksecuritypersonnelwhenitsensesapossibleintrusion• Canprovidefalsealarms


SecurityDashboard

• SecurityDashboard:– Providescomprehensivedisplayonasinglecomputerscreenof:• Allthevitaldatarelatedtoanorganization’ssecuritydefenses,includingthreats,exposures,policycompliance,andincidentalerts



UsingManagedSecurityServiceProviders

• Usingmanagedsecurityserviceproviders(MSSPs):–Manyorganizationsareoutsourcingtheirnetworksecurityoperations


GuardingAgainstTheftofEquipmentandData

• Organizationsneedtotakestrongmeasurestoguardagainstthetheftofcomputerhardwareandthedatastoredsuchas:– Setguidelinesonwhatkindofdatacanbestoredonlaptops

– Encryptdataonlaptops– Securelaptops– Providetrainingonsafehandlingoflaptops– Installtrackingsoftware


CrimePreventionforIndividualsandEmployees

• Identitytheft:– Toprotectyourself,regularlycheckcreditreportswithmajorcreditbureaus

• Malwareattacks:– Antivirusprogramsruninthebackgroundtoprotectyourcomputer

–Manye-mailservicesandISPprovidersofferfreeantivirusprotection


CrimePreventionforIndividualsandEmployees(continued)

• Computerscams:– Tipstohelpyouavoidbecomingavictim:• Don’tagreetoanythinginahigh-pressuremeetingorseminar• Don’tjudgeacompanybasedonappearances• Avoidanyplanthatpayscommissionssimplyforrecruitingadditionaldistributors• Bewareofshills• Bewareofacompany’sclaimthatitcansetyouupinaprofitablehome-basedbusiness


PrivacyIssues

• Issueofprivacy:– Dealswiththerighttobeleftaloneortobewithdrawnfrompublicview

• Dataisconstantlybeingcollectedandstoredoneachofus

• Thisdataisoftendistributedovereasilyaccessednetworksandwithoutourknowledgeorconsent

• Whoownsthisinformationandknowledge?FundamentalsofInformationSystems,

SeventhEdition 37

PrivacyandtheFederalGovernment

• Thefederalgovernment:– Hasimplementedanumberoflawsaddressingpersonalprivacy

• EuropeanUnion:– Hasdata-protectiondirectivethatrequiresfirmstransportingdataacrossnationalboundariestohavecertainprivacyproceduresinplace


PrivacyatWork

• EmployersusingtechnologyandcorporatepoliciestomanageworkerproductivityandprotecttheuseofISresources.

• EmployersconcernedaboutinappropriateWebsurfing,withoverhalfofemployersmonitoringWebactivityoftheiremployees.

• Organizationsalsomonitoremployees’e-mail,withmorethanhalfretainingandreviewingmessages.


PrivacyatWork(continued)

• Mostemployerstodayhaveapolicythatexplicitlyeliminatesanyexpectationofprivacywhenanemployeeusesanycompany-ownedcomputer,server,ore-mailsystem.

• Thecourtshaveruledthat,withoutareasonableexpectationofprivacy,thereisnoFourthAmendmentprotectionfortheemployee.


PrivacyandE-Mail

• Federallawpermitsemployerstomonitore-mailsentandreceivedbyemployees

• E-mailmessagesthathavebeenerasedfromharddiskscanberetrievedandusedinlawsuits

• Useofe-mailamongpublicofficialsmightviolate“openmeeting”laws


PrivacyandInstantMessaging

• Toprotectyourprivacyandyouremployer’sproperty:– DonotsendpersonalorprivateIMsatwork– Chooseanonrevealing,nongender-specific,unprovocativeIMscreenname

– Donotopenfilesorclicklinksinmessagesfrompeopleyoudonotknow

– NeversendsensitivepersonaldatasuchascreditcardnumbersviaIM


PrivacyandPersonalSensingDevices

• RFIDtags:–Microchipswithantenna– Embeddedinmanyoftheproductswebuy:• Medicinecontainers,clothing,computerprinters,carkeys,librarybooks,tires

– Generateradiotransmissionsthat,ifappropriatemeasuresarenottaken,canleadtopotentialprivacyconcerns


PrivacyandtheInternet• HugepotentialforprivacyinvasionontheInternet:– E-mailmessages– VisitingaWebsite– BuyingproductsovertheInternet

• PlatformforPrivacyPreferences(P3P):– Screeningtechnology

• Socialnetworkservices:– Parentsshoulddiscusspotentialdangers,checktheirchildren’sprofiles,andmonitortheiractivities


PrivacyandtheInternet(continued)

• Children’sOnlinePrivacyProtectionAct(COPPA)– DirectedatWebsitescateringtochildren– Requiressiteownerstopostcomprehensiveprivacypoliciesandtoobtainparentalconsentbeforetheycollectanypersonalinformationfromchildrenunder13yearsofage

• Websiteoperatorsareliableforcivilpenaltiesofupto$11,000perviolation


InternetLibelConcerns

• Libel:– Publishinganintentionallyfalsewrittenstatementthatisdamagingtoaperson’sororganization’sreputation

• Individuals:– CanpostinformationtotheInternetusinganonymouse-mailaccountsorscreennames

–MustbecarefulwhattheypostontheInternettoavoidlibelcharges


PrivacyandFairnessinInformationUse

• Sellinginformationtoothercompaniescanbesolucrativethatmanycompanieswillstoreandsellthedatatheycollectoncustomers,employees,andothers–Whenisthisinformationstorageandusefairandreasonabletothepeoplewhosedataisstoredandsold?

– Dopeoplehavearighttoknowaboutdatastoredaboutthemandtodecidewhatdataisstoredandused?


FilteringandClassifyingInternetContent

• Filteringsoftware:– HelpscreenInternetcontent

• Children’sInternetProtectionAct(CIPA)– SchoolsandlibrariessubjecttoCIPAdonotreceivethediscountsofferedbythe“E-Rate”programunlesstheycertifythattheyhavecertainInternetsafetymeasuresinplacetoblockorfilter“visualdepictionsthatareobscene,childpornography,orareharmfultominors”


PrivacyActof1974

• Providesprivacyprotectionfromfederalagencies

• AppliestoallfederalagenciesexcepttheCIAandlawenforcementagencies

• Requirestrainingforallfederalemployeeswhointeractwitha“systemofrecords”undertheact


ElectronicCommunicationsPrivacyAct

• Dealswiththreemainissues– Protectionofcommunicationswhileintransitfromsendertoreceiver– Protectionofcommunicationsheldinelectronicstorage– Prohibitionofdevicestorecorddialing,routing,addressing,and

signalinginformationwithoutasearchwarrant– Prohibitsgovernmentfrominterceptingelectronicmessagesunlessit

obtainsacourtorderbasedonprobablecause.– Prohibitsaccesstowireandelectroniccommunicationsforstored

communicationsnotreadilyaccessibletothegeneralpublic


Gramm-Leach-BlileyAct

– Requiresfinancialinstitutionstoprotectcustomers’nonpublicdata

– Assumesthatallcustomersapproveofthefinancialinstitutions’collectingandstoringtheirpersonalinformation.


USAPatriotAct

– PassedinresponsetotheSeptember11terrorismacts

– Proponentsarguethatitgivesnecessarynewpowerstobothdomesticlawenforcementandinternationalintelligenceagencies.

– Criticsarguethatthelawremovesmanyofthechecksandbalancesthatpreviouslyallowedthecourtstoensurethatlawenforcementagenciesdidnotabusetheirpowers.


CorporatePrivacyPolicies

–Mostorganizationsrealizethatinvasionsofprivacycanhurttheirbusiness,turnawaycustomers,anddramaticallyreducerevenuesandprofits

–Mostorganizationsmaintainprivacypolicies,eventhoughtheyarenotrequiredbylaw

– Policiesshouldaddressacustomer’sknowledge,control,notice,andconsentoverthestorageanduseofinformation


IndividualEffortstoProtectPrivacy

• Toprotectpersonalprivacy:– Findoutwhatisstoredaboutyouinexistingdatabases

– Becarefulwhenyoushareinformationaboutyourself

– Beproactivetoprotectyourprivacy– TakeextracarewhenpurchasinganythingfromaWebsite


TheWorkEnvironment

• Useofcomputer-basedinformationsystemshaschangedtheworkforce:– JobsthatrequireISliteracyhaveincreased– Less-skilledpositionshavedecreased

• Enhancedtelecommunications:– Hasbeentheimpetusfornewtypesofbusiness– Hascreatedglobalmarketsinindustriesoncelimitedtodomesticmarkets


HealthConcerns

• Occupationalstress• Seatedimmobilitythromboembolism(SIT)• Carpaltunnelsyndrome(CTS)• Videodisplayterminal(VDT)bill:– Employeeswhospendatleastfourhoursadayworkingwithcomputerscreensshouldbegiven15-minutebreakseverytwohours


AvoidingHealthandEnvironmentProblems

• Workstressors:– Hazardousactivitiesassociatedwithunfavorableconditionsofapoorlydesignedworkenvironment

• Ergonomics:– Scienceofdesigningmachines,products,andsystemstomaximizesafety,comfort,andefficiencyofpeoplewhousethem


EthicalIssuesinInformationSystems

• Codeofethics:– Statestheprinciplesandcorevaluesessentialtoasetofpeopleand,therefore,governtheirbehavior

– Canbecomeareferencepointforweighingwhatislegalandwhatisethical


EthicalIssuesinInformationSystems(continued)

–Mishandlingofthesocialissuesdiscussedinthischapter—includingwasteandmistakes,crime,privacy,health,andethics—candevastateanorganization

– Preventionoftheseproblemsandrecoveryfromthemareimportantaspectsofmanaginginformationandinformationsystemsascriticalcorporateassets


Summary• Somecrimesusecomputersastools• Cyberterrorist:– Intimidatesorcoercesagovernmentororganizationtoadvancehisorherpoliticalorsocialobjectives


Summary(continued)• Todetectandpreventcomputercrimeuse:– Antivirussoftware– Intrusiondetectionsystems(IDSs)

• Privacyissues:– Aconcernwithgovernmentagencies,e-mailuse,corporations,andtheInternet

• Businesses:– Shoulddevelopaclearandthoroughpolicyaboutprivacyrightsforcustomers,includingdatabaseaccess


Summary(continued)• Computer-relatedscams:– Havecostpeopleandcompaniesthousandsofdollars

• Ergonomics:– Thestudyofdesigningandpositioningcomputerequipment

• Codeofethics:– Statestheprinciplesandcorevaluesthatareessentialtothemembersofaprofessionororganization
