Textbook Notes (367,852)
Canada (161,454)
York University (12,778)
ADMS 2511 (127)
Chapter 3

AMDS 2511 Chapter 3

4 Pages
138 Views
Unlock Document

Department
Administrative Studies
Course
ADMS 2511
Professor
Cristobal Sanchez- Rodriguez
Semester
Fall

Description
CHAPTER 3: ETHICS, PRIVACY AND INFORMATION SECURITY 3.1 ETHICAL ISSUES - Ethics: refers to the principles of right and wrong that individuals use to make choices to guide their behaviors. - Code of Ethics: a collection of principles intended to guide decision making by members of the organization - Fundamental tenets of ethics include responsibility, accountability and liability - Responsibility: you accept the consequences of your decisions and actions - Accountability: provides for a determination of who is responsible for actions that were taken. - Liability: a legal concept implying that individuals have the right to recover the damages done to them by other individuals, organizations or systems - Diversity and ever-expanding use of IT applications have created a variety of ethical issues: o Privacy Issues involve the collection, storage and dissemination of information about individuals  What information about oneself should an individual be required to reveal to others?  What kind of surveillance can an employer use on its employee?  What types of personal information can people keep to themselves and not be forced to reveal to others?  What information about individuals should be kept in databases, and how secure is the information there? o Accuracy Issues involve the authenticity, integrity and accuracy of information that is collected and processed  Who is responsible for the authenticity, integrity and accuracy of the information collected?  How can we ensure that the information will be processed properly and presented accurately to users?  How can we ensure that errors in databases, data transmissions and data processing are accidental and not intentional?  Who is held accountable for errors in information? o Property issues involve the ownership and value of information  Who owns the information?  What are the just and fair prices for its exchange?  How should one handle software piracy?  Can corporate computers be used for private purposes? o Accessibility issues revolve around who should have access to information and whether they should have to pay for this access  Who is allowed to access information?  How much should companies charge for permitting accessibility to information?  Who will be provided with the equipment needed for accessing information? Protecting Privacy - Privacy: is the right to be left alone and to be free of unreasonable personal intrusion - Information privacy is the right to determine when and to what extent information about yourself can be gathered or communicated to others - Rapid advances in IT have made it easier to collect, store and integrate data on individuals in large databases. Surveillance cameras in public places and at work, credit card transactions; telephone calls, etc. - Digital dossier: an electronic description of a person’s habits. Process of forming a digital dossier is called Profiling Electronic Surveillance is rapidly increasing. Monitoring is done my employers, the government and other institutions (URL Filtering) Personal Information in Databases Information on Internet Bulletin Boards, Newsgroups and Social Networking Sites Privacy Codes and Policies - Privacy policies or Privacy codes are an organizations guidelines with respect to protecting the privacy of customers, clients and employees - Opt-out model: permits the company to collect personal information until the customer specifically requests that the data not be collected - P3P (platform for privacy preference) automatically communicates privacy policies between an electronic commerce website and visitors to that site - Canada’s privacy legislation is called Personal Information Protection and Electronic Document Act (PIPEDA) International Aspects of Privacy - The transfer of data in and out of a nation without the knowledge of either the authorities or the individuals involved raises a number of privacy issues 3.2 THREATS TO INFORMATION SECURITY - A number of factors are contributing to the increasing vulnerability of organizational information assets. o Today’s interconnected, interdependent, wirelessly networked business environment. Trusted network vs. untrusted o Government legislation o Smaller, faster, cheaper computers and storage devices o Decreasing skills necessary to be a computer hacker o International organized crime taking over cybercrime  Cybercrime: illegal activity taking place over computer networks  Cyberextortion: occurs when individuals attack an organization’s website and then demand money from the website owners to call of the attack o Downstream liability o Increased employee use of unmanaged devices o Lack of management support - Threat: any danger to which a system may be exposed - Exposure: of an information resource is the harm, loss, or damage that can result if a threat compromises that resource - Vulnerability: the possibility that the system will suffer harm by a threat - Risk: the likelihood that a threat will occur - Information System Controls: are the procedures, devices or software aimed at preventing a compromise to the system Threats to Information Systems 1. Unintentional acts  Human Errors (Most serious)  Deviation in the quality of service from service providers  Environmental hazards: dirt, dust, humidity and static electricity, which are harmful to the safe operation of computing equip. 2. Natural disasters 3. Technical failures: problems with hardware and software 4. Management failures: a lack of funding for information security efforts and a lack of interest in those efforts 5. Deliberate acts  Espionage or trespass: an unauthorized person attempts to gain illegal access to organizational information  Information extortion: an attack either threatens to steal or actually steals information from a company  Sabotage or vandalism  Theft of equipment or information: Pod slurping or dumpster diving  Identity thef
More Less

Related notes for ADMS 2511

Log In


OR

Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


OR

By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.


Submit