Review Exam 2 ISM 3003 Chapter 4 4 1 Explain the ethical issues in the use of information technology Topic Information Ethics Ethics the principals and standards that guide our behavior toward other people Information ethics govern the ethical and moral issues arising from the development and use of information technologies as well as the creation collection duplication distribution and processing of information itself o Privacy The right to be left alone when you want to be to have control over your own personal possessions and not to be observed without your consent to those who are authorized to view them the assurance that messages and information are available only o Confidentiality Intellectual property intangible creative work that is embodied in physical form and includes copyrights trademarks and patents Copyright legal protection afforded an expression of an idea such as a song book or video game Pirated software unauthorized use duplication distribution or sale of copyrighted software Counterfeit software software that is manufactured to look like the real thing and sold as such Digital rights management a technological solution that allows publishers to control their digital media to discourage limit or prevent illegal copying and distribution Tools to prevent information misuse o Information management examines the organizational resource of information and regulates its definitions uses value and distribution ensuring that it has the types of data information required to function and grow effectively o Information governance method or system of government for information management or control o Information compliance act of conforming acquiescing or yielding information o Information secrecy the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity o Information property an ethical issue that focuses on who owns information about individuals and how information can be sold and exchanged 4 2 Identify the six e policies organizations should implement to protect themselves Topic Developing Information Management Policies Ethical computer use policy contains general principles to guide computer user behavior o Ensures all users are informed of the rules and by agreeing to use the system on that basis consent to abide by the rules Information privacy policy contains general principles regarding information privacy o the unethical use of information typically occurs unintentionally when it is used for new purposes Acceptable use policy requires a user to agree to follow it to be provided access to corporate email information systems and the internet o Nonrepudiation a contractual stipulation to ensure that ebusiness participants do not deny their online actions o Internet use policy contains general principles to guide the proper use of the internet Email privacy policy details the extent to which email messages may be read by others o Organizations can mitigate the risk of email and instant messaging communication tools by implementing and adhering to an email privacy policy o Spam unsolicited email o Anti spam policy simply states that email users will not send unsolicited emails Social media policy outlines the corporate guidelines or principles governing employee online communications Workplace monitoring policy o Information technology monitoring tracks people s activities by such measures as number of keystrokes error rate and number of transactions processed o Employee monitoring policy explicitly state how when and where the company monitors its employees 4 3 Describe the relationships and differences between hackers and viruses Topic Protecting Intellectual Assets Hacker experts in technology who use their knowledge to break into computers and computer networks either for profit or just motivated by the challenge o Black hat hacker break into other people s computers systems and may just look around or may steal and destroy information o Cracker criminal intent while looking o Cyberterrorist o Hacktivist have philosophical and political reasons for breaking to systems and will often deface the website as protest o Script kiddies bunnies find hacking code on the internet and click and point their way into systems to cause damage or spread viruses o White hat hackers work at the request of the system owners to find system vulnerabilities and plug the holes Virus software written with malicious intent to cause annoyance or damage o Backdoor program open a way into the network for future attacks o Denial of service attack floods a website with so many requests for service that it slows down or crashes o Distributed denial of service attack attacks from multiple computers that flood a website with so many requests for service that it slows down or crashes A common type is Ping of Death in which thousands of computers try to access a website at the same time overloading it and shutting it down o Polymorphic virus change their form as hey propagate o Trojan horse virus hides inside other software usually as an attachment or a o Worm spreads itself not only from file to file but also from computer to downloaded able file computer 4 4 Describe the relationship between information security policies and an information security plan Topic The First Line of Defense People The first line of defense an organization should follow to help combat insider issues is to develop information security policies and an information security plan o Information security policies identify the rules required to maintain information security such as requiring users to log off before leaving for lunch or meetings never sharing passwords with anyone and changing passwords every 30 days o Information security plan details how an organization will implement the information security policies 4 5 Provide an example of each of the three primary information security areas 1 authentication and authorization 2 prevention and resistance and 3 detection and response Topic The Second Line of Defense Technology 1 Authentication and authorization people a Authentication confirming user s identities b Authorization the process of giving someone permission to do or have something Identity theft i ii Phishing technique to gain personal information for the purpose of identity theft usually by means of fraudulent email iii Pharming reroutes requests for legitimate websites to false websites 2 Prevention and resistance data a