Exam 2 ITM 309 1 Ethics Security o Ethics Root word ethikos ancient Greek Theory of living Distinguish right from wrong good from bad The principles and standards that guide our behavior toward other people o Information ethics Govern the ethical and moral issues arising from the development and use of information technologies as well as the creation collection duplication distribution and processing of information itself Intellectual property intangible creative work in some physical form include copyright trademarks and patents Copyright legal protection to ideas songs movies Pirated software unauthorized use duplication distribution or sale of copyrighted software Counterfeit software look like the same thing software manufactured to look like the real thing and sold as such Digital rights management put on copyright protection Technological solution that allows publishers to control their digital media to discourage limit or prevent illegal coping and distribution o Privacy major issue Privacy The right to be left alone when you want to be to have control over your own personal possessions and not to be observed without your consent Confidentiality the assurance that messages and information are available only to those who are authorized to view them o Individuals form the only ethical component of MIS Individuals copy use and distribute software Search organizational databases for sensitive and personal information Individuals create and spread viruses Individuals hack into computer systems to steal information Employees destroy and steal information o Ethics in the Workplace Workplace monitoring is a concern for many employees company owns assets has right to own them Organizations can be held financially responsible for their employees actions dilemma monitoring employees organization is placing itself at risk if it fails to monitor its employees however some people feel that monitoring employees is unethical Workplace monitoring 82 electronic monitoring of physical security 63 monitored internet usage 43 stored email messages o Developing Information management examines organizational resource of info and regulates its definitions uses value distribution ensuring it has data required to function Policies Put in place to secure assets Organizations strive to build a corporate culture based on ethical principles that employees can understand and implement Policies typically include Ethical computer use policy cyberbulling click fraud are unethical o Contains general principles to guide computer use behavior Most important rule Information privacy policy contains general principles regarding information policy o Visa created Inovant Acceptable use policy requires a user to agree to follow it to be provided access to corporate email information systems and the Internet Email privacy policy details the extent to which email messages may be read by others Social media policy outlining corporate guidelines governing employee online communications blog policies Twitter FB LinkedIn youTube Workplace monitoring policy tracks people activities by such measures as number of keystrokes error rate and number of transactions processed Ethics 101 for Interns Article o Take personal responsibility for integrity take time to learn o Practice good records management keep confidential put company policies documents locked away o Privacy intellectual property and security use guidelines with where to take USB laptops o Intern rights working conditions respect co workers don t engage in inappropriate work behavior o Consumer protection don t use unapproved materials sources methods o Health safety and environmental protection don t perform jobs with special training 2 Ethics Security Protecting Intellectual Assets o Organizational information is intellectual capital it must be protected o Information security The protection of information from accidental or intentional misuse by persons inside or outside an organization primary tool an organization can use to combat the threats associated with downtime o Downtime Refers to a period of time when a system is unavailable How much downtime will cost your assets o Financial Performance Revenue Cash flow Credit rating stock price payment guarantee Direct loss compensatory payments lost future revenue investment losses lost productivity Customers suppliers financial markets banks business o Revenue o Damaged Reputation partners o Other Expenses Temporary expenses equipment rentals overtime costs extra shipping charges travel expenses legal obligations Balance of security Productivity o Lack of security First line of defense People High risk low cost open access no productivity loss Open access lead to data loss productivity loss o Overly restrictive security Low risk High cost restrictive access productivity loss Overly restrictive may lead to non compliance with security process may lead to loss of security o Optimal balance of security and productivity Balanced costs and risk Restiveness of security policy balanced by peoples acceptance of policies o Organizations must enable employees customers and partners to access information electronically o The biggest issue surrounding information security is not a technical issue but a people issue Insiders legit users who purposely accidentally misuse their access to the environment and cause some business affecting incident Social engineering hackers use their social skills to tricks people into revealing access credentials Dumpster diving looking through one s trash o The first line of defense an organization should follow to help combat insider issues is to develop information security policies and an information security plan Information security policies identify rules required to maintain info security such as requiring users to log off changing password every 30 days Information security plan details how an organization will implement the information security policies Second line of defense technology once an organization protected its intellectual capital by arming its people with detailed info security plan can begin to focus on deploying technology to help combat attackers Security Area 1 Authentication Authorization Authentication A method for confirming users identities once confirmed can determine access privileges Authorization The process of giving someone permission to do or have something The most secure type of authentication involves all three Something the user knows user ID and