FundamentalsofInformationSystems,SeventhEdition
FundamentalsofInformationSystems,SeventhEdition 1
Chapter 9The Personal and Social
Impact of Computers
PrinciplesandLearningObjectives(continued)
• Computercrimeisaseriousandrapidlygrowingareaofconcernrequiringmanagementattention– Explainthetypesofcomputercrimeandtheireffects
– Identifyspecificmeasurestopreventcomputercrime
FundamentalsofInformationSystems,SeventhEdition 2
PrinciplesandLearningObjectives(continued)
• Jobs,equipment,andworkingconditionsmustbedesignedtoavoidnegativehealtheffectsfromcomputers– Listtheimportantnegativeeffectsofcomputersontheworkenvironment
– Identifyspecificactionsthatmustbetakentoensurethehealthandsafetyofemployees
FundamentalsofInformationSystems,SeventhEdition 3
PrinciplesandLearningObjectives(continued)
• Practitionersinmanyprofessionssubscribetoacodeofethicsthatstatestheprinciplesandcorevaluesthatareessentialtotheirwork– Outlinecriteriafortheethicaluseofinformationsystems
FundamentalsofInformationSystems,SeventhEdition 4
WhyLearnAboutthePersonalandSocialImpactoftheInternet?
• Bothopportunitiesandthreats:– SurroundawiderangeofnontechnicalissuesassociatedwiththeuseofinformationsystemsandtheInternet
• Youneedtoknowaboutthetopicsinthischapter:– Tohelpavoidbecomingavictimofcrime,fraud,privacyinvasion,andotherpotentialproblem
FundamentalsofInformationSystems,SeventhEdition 5
ComputerCrime
• 300,000crimesreportedtoTheInternetCrimeComputerCenterin2010
• Twomostcommononlinecomputercrimes:– Undeliveredmerchandiseornonpayment– IdentitytheftusingnamesandphotosofU.S.governmentofficials
FundamentalsofInformationSystems,SeventhEdition 6
TheComputerasaTooltoCommitCrime
• Computercriminalneedstwocapabilitiestocommitcrime:– Howtogainaccesstothecomputersystem– Howtomanipulatethesystemtogetthedesiredresult
• Socialengineering:– Usingsocialskillstogetcomputeruserstoprovideinformationtoaccessaninformationsystem
• Dumpsterdiving:– Goingthroughtrashcanstofindsecretorconfidentialinformation
FundamentalsofInformationSystems,SeventhEdition 7
Cyberterrorism• HomelandSecurityDepartment’sInformationAnalysisandInfrastructureProtection-Directorate:– Servesasafocalpointforthreatassessment,warning,investigation,andresponseforthreatsorattacksagainstthecountry’scriticalinfrastructure
• Cyberterrorist:– Intimidatesorcoercesagovernmentororganizationtoadvancehisorherpoliticalorsocialobjectives
FundamentalsofInformationSystems,SeventhEdition 8
IdentityTheft
• Imposterobtainspersonalidentificationinformationinordertoimpersonatesomeoneelse:– Toobtaincredit,merchandise,andservicesinthenameofthevictim
– Tohavefalsecredentials
FundamentalsofInformationSystems,SeventhEdition 9
InternetGambling
• Globalonlinegamblingmarketover$30billion
• Lawsregardinglegalityofonlinegamblingquiteconfusing
• RevenuesgeneratedbyInternetgamblingrepresentamajoruntappedsourceofincomeforstateandfederalgovernments
FundamentalsofInformationSystems,SeventhEdition 10
TheComputerasaTooltoFightCrime
• Informationsystemscanbeusedtofightcrimeinmanyways:
• LeadsOnlineWeb-basedservicesystem:– Usedbylawenforcementtorecoverstolenproperty
– Containshundredsofmillionsofrecordsinitsdatabase
– Allowslawenforcementofficerstosearchthedatabasebyitemserialnumberorbyindividual
FundamentalsofInformationSystems,SeventhEdition 11
MonitoringCriminals• JusticeXchange:–Web-baseddatasharingsystem– ProvidesinformationaboutoffendersheldinparticipatingjailsacrosstheUnitedStates
• OffenderWatch:–Web-basedsystemusedtotrackregisteredsexoffenders
– Storestheregisteredoffender’saddress,physicaldescription,andvehicleinformation
– PubliccanaccessdatabaseFundamentalsofInformationSystems,
SeventhEdition 12
AssessingCrimeRiskforaGivenArea
• CAPIndexprovidesquickoverviewofcrimeriskatagivenaddress
• OthercommonGISsystemsinclude:– TheNationalEquipmentRegistry– TheCompStatprogram– CargoNet
FundamentalsofInformationSystems,SeventhEdition 13
TheComputerastheObjectofCrime
• Crimesfallintoseveralcategories:– Illegalaccessanduse– Dataalterationanddestruction– Informationandequipmenttheft– SoftwareandInternetpiracy– Computer-relatedscams– Internationalcomputercrime
FundamentalsofInformationSystems,SeventhEdition 14
FundamentalsofInformationSystems,SeventhEdition 15
IllegalAccessandUse
• Hacker:– Learnsaboutandusescomputersystems
• Criminalhacker:– Gainsunauthorizeduseorillegalaccesstocomputersystems
• Scriptbunny:– Automatesthejobofcrackers
• Insider:– Employeewhocomprisescorporatesystems
FundamentalsofInformationSystems,SeventhEdition 16
IllegalAccessandUse(continued)• Virus:– Programfilecapableofattachingtodisksorotherfilesandreplicatingitselfrepeatedly
• Worm:– Parasiticcomputerprogramsthatreplicatebut,unlikeviruses,donotinfectothercomputerprogramfiles
• Trojanhorse:– Maliciousprogramthatdisguisesitselfasausefulapplicationorgameandpurposefullydoessomethingtheuserdoesnotexpect
FundamentalsofInformationSystems,SeventhEdition 17
IllegalAccessandUse(continued)• Rootkit:– Setofprogramsthatenableitsusertogainadministratorlevelaccesstoacomputerornetwork
• Logicbomb:– TypeofTrojanhorsethatexecuteswhenspecificconditionsoccur
• Variant:–Modifiedversionofavirusthatisproducedbyvirus’sauthororanotherperson
FundamentalsofInformationSystems,SeventhEdition 18
Spyware
• Softwareinstalledonapersonalcomputerto:– Interceptortakepartialcontroloveruser’sinteractionwiththecomputerwithoutknowledgeorpermissionoftheuser
• SimilartoaTrojanhorseinthat:– UsersunknowinglyinstallitwhentheydownloadfreewareorsharewarefromtheInternet
FundamentalsofInformationSystems,SeventhEdition 19
InformationandEquipmentTheft
• Passwordsniffer:– Smallprogramhiddeninanetworkthatrecordsidentificationnumbersandpasswords
• Portablecomputerssuchaslaptopsandportablestoragedevicesareespeciallyeasyforthievestotake:– Dataandinformationstoredinthesesystemsaremorevaluablethantheequipment
FundamentalsofInformationSystems,SeventhEdition 20
PatentandCopyrightViolations
• Softwarepiracy:– Actofunauthorizedcopyingordistributionofcopyrightedsoftware
– Penaltiescanbesevere• Digitalrightsmanagement:– Theuseofanyofseveraltechnologiestoenforcepoliciesforcontrollingaccesstodigitalmedia
FundamentalsofInformationSystems,SeventhEdition 21
PatentandCopyrightViolations(continued)
• Patentinfringement:– Occurswhensomeonemakesunauthorizeduseofanother’spatent
– Penaltyisuptothreetimesthedamagesclaimedbythepatentholder
FundamentalsofInformationSystems,SeventhEdition 22
Computer-RelatedScams
• Phishing:– Perpetratorsendemailthatlooksasifitcamefromalegitimateinstitution
– Recipientaskedtoprovidepersonalidentificationinformationsuchapinnumberandpassword
• Overthepastfewyears:– Creditcardcustomersofvariousbankshavebeentargetedbyscamartiststryingtogetpersonalinformationusingphishing
FundamentalsofInformationSystems,SeventhEdition 23
Computer-RelatedScams(continued)
• Vishing:– Similartophishing– Insteadofusingthevictim’scomputer,itusesthevictim’sphone
FundamentalsofInformationSystems,SeventhEdition 24
InternationalComputerCrime
• Computercrimebecomesmorecomplexwhenitcrossesborders
• Moneylaundering:– Disguisingillegallygainedfundssothattheyseemlegal
FundamentalsofInformationSystems,SeventhEdition 25
PreventingComputer-RelatedCrime
• Greateremphasisplacedonpreventionanddetectionofcomputercrimeby:– Privateusers– Companies– Employees– Publicofficials
FundamentalsofInformationSystems,SeventhEdition 26
CrimePreventionbyStateandFederalAgencies
• Stateandfederalagenciesaggressivelyattackingcomputercriminals
• ComputerFraudandAbuseActof1986:–Mandatespunishmentbasedonthevictim’sdollarloss
• ComputerEmergencyResponseTeam(CERT):– Respondstonetworksecuritybreaches–Monitorssystemsforemergingthreats
FundamentalsofInformationSystems,SeventhEdition 27
CrimePreventionbyCorporations
• Companiestakingcomputercrimeseriously– Encryptionusedtoencodedata– Role-basedsystemaccessliststocontrolsystemaccess
– Separationofdutiestopreventcollusion– Useoffingerprintauthenticationdevicestogainaccess
FundamentalsofInformationSystems,SeventhEdition 28
CrimePreventionbyCorporations(continued)
• Guidelinestoprotectyourcomputerfromcriminalhackers:– Installstronguserauthenticationandencryptioncapabilitiesonyourfirewall
– Installthelatestsecuritypatches– Disableguestaccountsandnulluseraccounts– Turnaudittrailson– ConsiderinstallingcallerID– InstallacorporatefirewallbetweenyourcorporatenetworkandtheInternet
FundamentalsofInformationSystems,SeventhEdition 29
UsingIntrusionDetectionSoftware
• Usingintrusiondetectionsoftware:– Intrusiondetectionsystem(IDS):• Monitorssystemandnetworkresources• Notifiesnetworksecuritypersonnelwhenitsensesapossibleintrusion• Canprovidefalsealarms
FundamentalsofInformationSystems,SeventhEdition 30
SecurityDashboard
• SecurityDashboard:– Providescomprehensivedisplayonasinglecomputerscreenof:• Allthevitaldatarelatedtoanorganization’ssecuritydefenses,includingthreats,exposures,policycompliance,andincidentalerts
FundamentalsofInformationSystems,SeventhEdition 31
FundamentalsofInformationSystems,SeventhEdition 32
UsingManagedSecurityServiceProviders
• Usingmanagedsecurityserviceproviders(MSSPs):–Manyorganizationsareoutsourcingtheirnetworksecurityoperations
FundamentalsofInformationSystems,SeventhEdition 33
GuardingAgainstTheftofEquipmentandData
• Organizationsneedtotakestrongmeasurestoguardagainstthetheftofcomputerhardwareandthedatastoredsuchas:– Setguidelinesonwhatkindofdatacanbestoredonlaptops
– Encryptdataonlaptops– Securelaptops– Providetrainingonsafehandlingoflaptops– Installtrackingsoftware
FundamentalsofInformationSystems,SeventhEdition 34
CrimePreventionforIndividualsandEmployees
• Identitytheft:– Toprotectyourself,regularlycheckcreditreportswithmajorcreditbureaus
• Malwareattacks:– Antivirusprogramsruninthebackgroundtoprotectyourcomputer
–Manye-mailservicesandISPprovidersofferfreeantivirusprotection
FundamentalsofInformationSystems,SeventhEdition 35
CrimePreventionforIndividualsandEmployees(continued)
• Computerscams:– Tipstohelpyouavoidbecomingavictim:• Don’tagreetoanythinginahigh-pressuremeetingorseminar• Don’tjudgeacompanybasedonappearances• Avoidanyplanthatpayscommissionssimplyforrecruitingadditionaldistributors• Bewareofshills• Bewareofacompany’sclaimthatitcansetyouupinaprofitablehome-basedbusiness
FundamentalsofInformationSystems,SeventhEdition 36
PrivacyIssues
• Issueofprivacy:– Dealswiththerighttobeleftaloneortobewithdrawnfrompublicview
• Dataisconstantlybeingcollectedandstoredoneachofus
• Thisdataisoftendistributedovereasilyaccessednetworksandwithoutourknowledgeorconsent
• Whoownsthisinformationandknowledge?FundamentalsofInformationSystems,
SeventhEdition 37
PrivacyandtheFederalGovernment
• Thefederalgovernment:– Hasimplementedanumberoflawsaddressingpersonalprivacy
• EuropeanUnion:– Hasdata-protectiondirectivethatrequiresfirmstransportingdataacrossnationalboundariestohavecertainprivacyproceduresinplace
FundamentalsofInformationSystems,SeventhEdition 38
PrivacyatWork
• EmployersusingtechnologyandcorporatepoliciestomanageworkerproductivityandprotecttheuseofISresources.
• EmployersconcernedaboutinappropriateWebsurfing,withoverhalfofemployersmonitoringWebactivityoftheiremployees.
• Organizationsalsomonitoremployees’e-mail,withmorethanhalfretainingandreviewingmessages.
FundamentalsofInformationSystems,SeventhEdition 39
PrivacyatWork(continued)
• Mostemployerstodayhaveapolicythatexplicitlyeliminatesanyexpectationofprivacywhenanemployeeusesanycompany-ownedcomputer,server,ore-mailsystem.
• Thecourtshaveruledthat,withoutareasonableexpectationofprivacy,thereisnoFourthAmendmentprotectionfortheemployee.
FundamentalsofInformationSystems,SeventhEdition 40
PrivacyandE-Mail
• Federallawpermitsemployerstomonitore-mailsentandreceivedbyemployees
• E-mailmessagesthathavebeenerasedfromharddiskscanberetrievedandusedinlawsuits
• Useofe-mailamongpublicofficialsmightviolate“openmeeting”laws
FundamentalsofInformationSystems,SeventhEdition 41
PrivacyandInstantMessaging
• Toprotectyourprivacyandyouremployer’sproperty:– DonotsendpersonalorprivateIMsatwork– Chooseanonrevealing,nongender-specific,unprovocativeIMscreenname
– Donotopenfilesorclicklinksinmessagesfrompeopleyoudonotknow
– NeversendsensitivepersonaldatasuchascreditcardnumbersviaIM
FundamentalsofInformationSystems,SeventhEdition 42
PrivacyandPersonalSensingDevices
• RFIDtags:–Microchipswithantenna– Embeddedinmanyoftheproductswebuy:• Medicinecontainers,clothing,computerprinters,carkeys,librarybooks,tires
– Generateradiotransmissionsthat,ifappropriatemeasuresarenottaken,canleadtopotentialprivacyconcerns
FundamentalsofInformationSystems,SeventhEdition 43
PrivacyandtheInternet• HugepotentialforprivacyinvasionontheInternet:– E-mailmessages– VisitingaWebsite– BuyingproductsovertheInternet
• PlatformforPrivacyPreferences(P3P):– Screeningtechnology
• Socialnetworkservices:– Parentsshoulddiscusspotentialdangers,checktheirchildren’sprofiles,andmonitortheiractivities
FundamentalsofInformationSystems,SeventhEdition 44
PrivacyandtheInternet(continued)
• Children’sOnlinePrivacyProtectionAct(COPPA)– DirectedatWebsitescateringtochildren– Requiressiteownerstopostcomprehensiveprivacypoliciesandtoobtainparentalconsentbeforetheycollectanypersonalinformationfromchildrenunder13yearsofage
• Websiteoperatorsareliableforcivilpenaltiesofupto$11,000perviolation
FundamentalsofInformationSystems,SeventhEdition 45
InternetLibelConcerns
• Libel:– Publishinganintentionallyfalsewrittenstatementthatisdamagingtoaperson’sororganization’sreputation
• Individuals:– CanpostinformationtotheInternetusinganonymouse-mailaccountsorscreennames
–MustbecarefulwhattheypostontheInternettoavoidlibelcharges
FundamentalsofInformationSystems,SeventhEdition 46
PrivacyandFairnessinInformationUse
• Sellinginformationtoothercompaniescanbesolucrativethatmanycompanieswillstoreandsellthedatatheycollectoncustomers,employees,andothers–Whenisthisinformationstorageandusefairandreasonabletothepeoplewhosedataisstoredandsold?
– Dopeoplehavearighttoknowaboutdatastoredaboutthemandtodecidewhatdataisstoredandused?
FundamentalsofInformationSystems,SeventhEdition 47
FilteringandClassifyingInternetContent
• Filteringsoftware:– HelpscreenInternetcontent
• Children’sInternetProtectionAct(CIPA)– SchoolsandlibrariessubjecttoCIPAdonotreceivethediscountsofferedbythe“E-Rate”programunlesstheycertifythattheyhavecertainInternetsafetymeasuresinplacetoblockorfilter“visualdepictionsthatareobscene,childpornography,orareharmfultominors”
FundamentalsofInformationSystems,SeventhEdition 48
PrivacyActof1974
• Providesprivacyprotectionfromfederalagencies
• AppliestoallfederalagenciesexcepttheCIAandlawenforcementagencies
• Requirestrainingforallfederalemployeeswhointeractwitha“systemofrecords”undertheact
FundamentalsofInformationSystems,SeventhEdition 49
ElectronicCommunicationsPrivacyAct
• Dealswiththreemainissues– Protectionofcommunicationswhileintransitfromsendertoreceiver– Protectionofcommunicationsheldinelectronicstorage– Prohibitionofdevicestorecorddialing,routing,addressing,and
signalinginformationwithoutasearchwarrant– Prohibitsgovernmentfrominterceptingelectronicmessagesunlessit
obtainsacourtorderbasedonprobablecause.– Prohibitsaccesstowireandelectroniccommunicationsforstored
communicationsnotreadilyaccessibletothegeneralpublic
FundamentalsofInformationSystems,SeventhEdition 50
Gramm-Leach-BlileyAct
– Requiresfinancialinstitutionstoprotectcustomers’nonpublicdata
– Assumesthatallcustomersapproveofthefinancialinstitutions’collectingandstoringtheirpersonalinformation.
FundamentalsofInformationSystems,SeventhEdition 51
USAPatriotAct
– PassedinresponsetotheSeptember11terrorismacts
– Proponentsarguethatitgivesnecessarynewpowerstobothdomesticlawenforcementandinternationalintelligenceagencies.
– Criticsarguethatthelawremovesmanyofthechecksandbalancesthatpreviouslyallowedthecourtstoensurethatlawenforcementagenciesdidnotabusetheirpowers.
FundamentalsofInformationSystems,SeventhEdition 52
CorporatePrivacyPolicies
–Mostorganizationsrealizethatinvasionsofprivacycanhurttheirbusiness,turnawaycustomers,anddramaticallyreducerevenuesandprofits
–Mostorganizationsmaintainprivacypolicies,eventhoughtheyarenotrequiredbylaw
– Policiesshouldaddressacustomer’sknowledge,control,notice,andconsentoverthestorageanduseofinformation
FundamentalsofInformationSystems,SeventhEdition 53
IndividualEffortstoProtectPrivacy
• Toprotectpersonalprivacy:– Findoutwhatisstoredaboutyouinexistingdatabases
– Becarefulwhenyoushareinformationaboutyourself
– Beproactivetoprotectyourprivacy– TakeextracarewhenpurchasinganythingfromaWebsite
FundamentalsofInformationSystems,SeventhEdition 54
TheWorkEnvironment
• Useofcomputer-basedinformationsystemshaschangedtheworkforce:– JobsthatrequireISliteracyhaveincreased– Less-skilledpositionshavedecreased
• Enhancedtelecommunications:– Hasbeentheimpetusfornewtypesofbusiness– Hascreatedglobalmarketsinindustriesoncelimitedtodomesticmarkets
FundamentalsofInformationSystems,SeventhEdition 55
HealthConcerns
• Occupationalstress• Seatedimmobilitythromboembolism(SIT)• Carpaltunnelsyndrome(CTS)• Videodisplayterminal(VDT)bill:– Employeeswhospendatleastfourhoursadayworkingwithcomputerscreensshouldbegiven15-minutebreakseverytwohours
FundamentalsofInformationSystems,SeventhEdition 56
AvoidingHealthandEnvironmentProblems
• Workstressors:– Hazardousactivitiesassociatedwithunfavorableconditionsofapoorlydesignedworkenvironment
• Ergonomics:– Scienceofdesigningmachines,products,andsystemstomaximizesafety,comfort,andefficiencyofpeoplewhousethem
FundamentalsofInformationSystems,SeventhEdition 57
EthicalIssuesinInformationSystems
• Codeofethics:– Statestheprinciplesandcorevaluesessentialtoasetofpeopleand,therefore,governtheirbehavior
– Canbecomeareferencepointforweighingwhatislegalandwhatisethical
FundamentalsofInformationSystems,SeventhEdition 58
EthicalIssuesinInformationSystems(continued)
–Mishandlingofthesocialissuesdiscussedinthischapter—includingwasteandmistakes,crime,privacy,health,andethics—candevastateanorganization
– Preventionoftheseproblemsandrecoveryfromthemareimportantaspectsofmanaginginformationandinformationsystemsascriticalcorporateassets
FundamentalsofInformationSystems,SeventhEdition 59
Summary• Somecrimesusecomputersastools• Cyberterrorist:– Intimidatesorcoercesagovernmentororganizationtoadvancehisorherpoliticalorsocialobjectives
FundamentalsofInformationSystems,SeventhEdition 60
Summary(continued)• Todetectandpreventcomputercrimeuse:– Antivirussoftware– Intrusiondetectionsystems(IDSs)
• Privacyissues:– Aconcernwithgovernmentagencies,e-mailuse,corporations,andtheInternet
• Businesses:– Shoulddevelopaclearandthoroughpolicyaboutprivacyrightsforcustomers,includingdatabaseaccess
FundamentalsofInformationSystems,SeventhEdition 61
Summary(continued)• Computer-relatedscams:– Havecostpeopleandcompaniesthousandsofdollars
• Ergonomics:– Thestudyofdesigningandpositioningcomputerequipment
• Codeofethics:– Statestheprinciplesandcorevaluesthatareessentialtothemembersofaprofessionororganization
FundamentalsofInformationSystems,SeventhEdition 62