ADMS2511 - Chapter 3 notes

5 Pages
Unlock Document

Administrative Studies
ADMS 2511
Cristobal Sanchez- Rodriguez

Chapter 3 – Ethics, Privacy, and Information Security ETHICAL ISSUES – Ethics are the principles of right and wrong that individuals use to make choices to guide their behaviors. Companies develop a code of ethics to guide decision making. Fundamentals of ethics are responsibility, accountability, and liability. Unethical does not always mean illegal. The Sarbanes-Oxley Act was passed in 2002 after the Enron and Worldcom incidents which requires public companies to certify financial reports. Ethical problems are on the rise due to the computers increasing in processing speed. The diversity of IT applications has created the following ethical issues: 1. Privacy issues – collecting, storing, and disseminating information about individuals 2. Accuracy issues – authenticity, fidelity, and accuracy of information 3. Property issues – the ownership and value of information 4. Accessibility issues – who should have access to information Protecting privacy – privacy is the right to be left alone. Information privacy is the right to determine what information about you is divulged. Data gathered about you is called digital dossier. This process is called profiling. • Electronic surveillance – employees have very little protection against surveillance from employers. According to law, employers can read emails and track internet usage. URL filtering can be employed to block access to sites etc. • Personal information in databases – credit reporting agencies are example of personal information databases. Institutions such as banks, telephone companies etc. also keep information in databases. The privacy concern is under what circumstances and where the information is kept and how secure is it. • Information on internet bulletin boards, newsgroups, and social networking sites – online blogs and social sites can contain derogatory information that can harm job applications. Companies like Reputation Defender can destroy damaging content for clients. • Privacy codes and policies – these are guidelines to protect customers’ information. Opt- out model of informed consent permits companies to collect data until otherwise stated. Opt-in model prohibits them from collecting information unless otherwise authorized. International aspects of privacy – the privacy laws are different among countries which obstructs uniform standards for privacy among borders. EU data protection is stricter than the U.S. THREATS TO INFORMATION SECURITY – These factors contribute to increasing vulnerability of organizational information assets. 1. Interconnected, interdependent, wireless network business environment – due to always being connected to the internet, the information is exposed through trusted and untrusted networks. Wireless medium in itself is non-secure. 2. Government legislation – this may require companies to disclose their privacy policies to customers and offer opt-out option to customers. 3. Smaller, faster, cheaper computers – things like USB sticks make it easy to steal and move information. Technology to steal information is also becoming cheaper. 4. Decreasing skill to become a hacker – the internet contains programs called scripts that users with limited skill can download and attack IS connected to the internet. 5. International organized crime taking over cybercrime – organized crime has taken over cybercrime to commit non-violent but lucrative cyber-crimes. The crimes can be committed from anywhere in the world. 6. Downstream liability – if company A’s systems are used to hack company B’s systems, the first one will be liable for damages since company B is downstream in this attack from company A. 7. Increased employee use of unmanaged devices – devices like mobile phones, customers’ computers etc. can be used to invade IT breaches. 8. Lack of management support – management must ensure whether the security guidelines are being followed properly or not. Threats to information systems – the threats to IS can be classified under: 1. Unintentional Threats – acts with no malicious intent a. Human errors – HR and IS employees have access to sensitive information. Secondly, consultants, janitors, and guards also have access to IS, and information assets. Human errors by these two categories of employees due to laziness or lack of information can pose a huge problem. i. Social engineering and reverse social engineering – an attack where the perpetrator tricks a legitimate employee into providing company information such as passwords. Practices such as loading spyware on flash drives or changing a help desk number to collect privileged information fall under this. In social engineering, the attacker approaches the employees. In reverse engineering, the employees approach the attacker. ii. Deviations in the quality of service by service providers – when a product or service is not delivered as expected, for e.g. an internet connection, service disruptions etc. iii. Environmental hazards – dirt, dust, humidity are harmful to safe operation of computing equipment. b. Natural Disasters – floods, earthquakes, hurricanes, tornadoes, lightning, and natural fires can cause loss of data. c. Technical Failures – problems with hardware or software. Faulty chips or Bugs in programs are a form of technical failure.
More Less

Related notes for ADMS 2511

Log In


Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.