10 06 2014 Exam 2 10 6 14 INFORMATION ETHICS Origin o Ethikos ancient Greek o Theory of living o Distinguish Right from wrong Good from bad Your honor code o Professional values and standards Integrity Respect Continuous improvement o Code Violations o Amendments Ethics The principles and standards that guide our behavior toward other people Information ethics Govern the ethical and moral issues arising from the development and use of information technologies as well as the creation collection duplication distribution and processing of information itself Business issues related to information ethics o Intellectual property intangible body created in a physical form o Copyright legal protection of an idea song video games etc More prevalent as we become more digital o Pirated software sale of copyright material o Counterfeit software software that looks like the right thing and sold as such o Digital rights management copyright prevention and control Privacy is a major ethical issue o Privacy The right to be left alone when you want to be to have control over your own personal possessions and not to be observed without your consent How comfortable you feel with your data o Confidentiality the assurance that messages and information are available only to those who are authorized to view them Pizza Video Discussion What do you think of the Pizza Video o Person on phone knows everything about you when you are ordering pizza Could this happen today o Yes caller id FB etc How secure do you feel with your personal data INFORMATION ETHICS Individuals form the only ethical component of MIS o Individuals copy use and distribute software o Search organizational databases for sensitive and personal information o Individuals create and spread viruses o Individuals hack into computer systems to steal information o Employees destroy and steal information o Not really complex its all about people ETHICS IN THE WORKPLACE Workplace monitoring is a concern for many employees Organizations can be held financially responsible for their employees actions The dilemma surrounding employee monitoring in the workplace is that an organization is placing itself at risk if it fails to monitor its employees however some people feel that monitoring employees is unethical DEVELOPING INFORMATION MANAGEMENT POLICIES Organizations strive to build a corporate culture based on ethical principles that employees can understand and implement Policies typically include o Ethical computer use policy o Information privacy policy cannot play video games o Acceptable use policy must accept the policy to get access o Email privacy policy what emails may be read by others o Social media policy online communication o Workplace monitoring policy they tell us how we do it where we do it ETHICS 101 FOR INTERNS An intern is updating customer contact data files for his employer and decides to keep a copy of the files for himself As he begins his formal job search the intern contacts these customers to inquire about employment ETHICS 101 FOR INTERNS Take personal responsibility for integrity learn the code Practice good records management don t leave confidential documents around Privacy intellectual property and security interns should not carry confidential data on a laptop or USB drive Intern rights and working conditions don t send inappropriate emails Consumer protection interns should not use unapproved resources or processes in order to meet a deadline Health safety and environmental protection preform jobs that need special training and only work if you are certified to work those specific jobs PROTECTING INTELLECTUAL ASSETS Organizational information is intellectual capital it must be protected Information security The protection of information from accidental or intentional misuse by persons inside or outside an organization Downtime Refers to a period of time when a system is unavailable PROTECTING INTELLECTUAL ASSETS How Much Will Downtime Cost Your Business Security Productivity Balance Will vary by industry enterprise If you have more things to secure your budget for security will be high THE FIRST LINE OF DEFENSE PEOPLE 33 of security incidences happen from the people who work in the company accidental or intentionally happens within the walls of the company Organizations must enable employees customers and partners to access information electronically The biggest issue surrounding information security is not a technical issue but a people issue o Insiders could be legitimate users who could misuse information accidentally or intentionally o Social engineering o Dumpster diving The first line of defense an organization should follow to help combat insider issues is to develop information security policies and an information security plan o Information security policies o Information security plan THE SECOND LINE OF DEFENSE TECHNOLOGY There are three primary information technology security areas AUTHENTICATION AND AUTHORIZATION o Authentication A method for confirming users identities o Authorization The process of giving someone permission to do or have something o The most secure type of authentication involves 1 Something the user knows user ID and password most common is often ineffective 2 Something the user has smart cards 3 Something that is part of the user biometrics finger prints PREVENTION AND RESISTANCE o Downtime can cost an organization anywhere from 100 to 1 million per hour if the internet is down the company may be down o Technologies available to help prevent and build resistance to attacks include Content filtering Encryption Encrypt it then scramble it so that if anyone intercepts it they can t tell what it is Firewalls Protection of the private network from the public Sample firewall architecture connecting systems located in Chicago New York and Boston DETECTION AND RESPONSE o If prevention and resistance strategies fail and there is a security breach an organization can use detection and response technologies to mitigate the damage o Intrusion detection software Features full time monitoring tools that search for patterns in network traffic to identify intruders o Breach can get all the information within minutes 85 of the time Company will not realize breach for weeks 85 of the time IT Enabling Growth GE Guest Speaker Quiz GE it shared purpose positions GE and GE customers for success Which of he following is not a component of GE s IT shared purpose Which of the following is not one of the