1

Legal, Ethical and Security issues

Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 2

Technology: a double-edged sword

• Technology can be the source of many benefits, including the

ability to combat disease and crime and to achieve major cost
savings and efficiencies for business.

• At the same time, digital technology creates new opportunities for

invading your privacy and using information that could cause you
harm.

Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 3

Technology: a double-edged sword

• A manager, should be sensitive to both the positive and

negative impacts of information systems for the firm, the
employees, and the customers.

• A manager needs to learn how to resolve ethical

dilemmas involving information systems and be aware of
the laws related to information technology and data.

Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 4

The Dark Side of Big Data

• There’s a dark side to big data, and it has to do with privacy. We can
now collect or analyze data on a much larger scale than ever before
and use what we have learned about individuals in ways that may be
harmful to them.
• Targeting financially vulnerable individuals: data brokers now sell
reports that specifically highlight and target financially vulnerable
individuals.

Real-Life Scenarios
• Example: Online advertisers targeting individuals with ads for
expensive payday loans because they appear desperate for quick cash.

Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 5

The Dark Side of Big Data

• For example, a data broker might provide a report on retirees with

little or no savings to a company offering high-cost loans, or other
financially risky products. Very few rules or regulations exist to
prevent targeting of vulnerable groups.

• Privacy laws and regulations haven’t caught up with big data

technology.

Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 6

Ethical, Social, and Political Issues are

Raised by Information Systems
• Ethical issues in information systems have been given new
urgency by the rise of the Internet and e-commerce.

• Internet and digital firm technologies make it easier than ever to

assemble, integrate, and distribute information, unleashing new
concerns about the appropriate use of customer information, the
protection of personal privacy, and the protection of intellectual
property.

Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 7

Ethical, Social, and Political Issues

are Raised by Information Systems
• Other pressing ethical issues that information systems raise
include establishing accountability for the consequences of
information systems, and setting standards to safeguard
system quality that protects the safety of the individual.

Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 8

Business Intelligence Tools

• Advances in Business intelligence tools are another
technological trend that heightens ethical concerns because
companies and government agencies can find out highly detailed
personal information about individuals.

• Think of all the ways you generate digital information about

yourself—credit card purchases; banking records; local, state,
and federal government records (including court and police
records); and visits to websites.

Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 9

Business Intelligence Tools

• Put together and mined properly, this information could reveal
not only your credit information but also your driving habits,
your tastes, your associations, what you read and watch, and
your political interests.

Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 10

Information Rights: Privacy and

Freedom in the Internet Age (1 of 3)
• Privacy
– Claim of individuals to be left alone, free from surveillance
or interference from other individuals, organizations, or
state; claim to be able to control information about yourself
• In the United States, privacy protected by:
– First Amendment (freedom of speech and association)
– Fourth Amendment (unreasonable search and seizure)
– Additional federal statues (e.g., Privacy Act of 1974)

Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 11

Information Rights: Privacy and

Freedom in the Internet Age (2 of 3)
• Most American and European privacy law is based on a regime
called Fair Information Practices (FIP) first set forth in a
report written in 1973 by a federal government advisory
committee and updated most recently in 2010 to take into
account new privacy-invading technology
– Set of principles governing the collection and use of
information
– After information is gathered about an individual to complete a
transaction, the record may not be used to support other activities
without the individual’s consent

Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 12

Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 13

EU General Data Protection Regulation

(GDP R)
• In Europe, privacy protection is much more stringent than in the
United States. Unlike the United States, European countries do
not allow businesses to use personally identifiable information
without consumer’s prior consent.
• The directive requires companies to inform people when they
collect information about them and disclose how it will be stored
and used. Customers must provide their informed consent
before any company can legally use data about them, and they
have the right to access that information, correct it, and request
that no further data be collected

Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 14

EU General Data Protection Regulation

(GDP R)
• E U member nations cannot transfer personal data to countries
without similar privacy protection
– Applies across all E U countries to any firms operating in E
U or processing data on E U citizens or residents
– Allowing individuals to remove personal data from social
platforms like Facebook and prevent them from collecting
any new information.

Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 15

Internet Challenges to Privacy

• Websites track searches that have been conducted, the websites
and web pages visited, the online content a person has accessed,
and what items that person has inspected or purchased over the
web.

• This monitoring and tracking of website visitors occurs in the

background without the visitor’s knowledge

Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 16

Internet Challenges to Privacy

• It is conducted not just by individual websites but by advertising

networks such as Microsoft Advertising, Yahoo, and Google’s

that are capable of tracking personal browsing behavior across

thousands of websites.

Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 17

Internet Challenges to Privacy

• Cookies
– Identify browser and track visits to site
• Spyware
– Secretly installed on user’s computer
– May transmit user’s keystrokes or display unwanted ads
• Google services and behavioral targeting
– Google possesses the largest collection of personal information in
the world

Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 18

Figure 4.3 How Cookies Identify Web

Visitors

1. The Web server reads the user's Web browser and determines the operating system,
browser name, version number, Internet address, and other information.
2. The server transmits a tiny text file with user identification information called a
cookie, which the user's browser receives and stores on the user's computer.
3. When the user returns to the Web site, the server requests the contents of any cookie
it deposited previously in the user's computer.
4. The Web server reads the cookie, identifies the visitor, and calls up data on the user.
Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 19

Technical Solutions
• Solutions include:
– Email encryption
– Anonymity tools
– Anti-spyware tools
• Browser offer “Do not track” options: their browser will send a
request to websites requesting the user’s behavior not be tracked.
• Overall, technical solutions have failed to protect users from
being tracked from one site to another

Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 20

Property Rights: Intellectual Property

• Information technology has made it difficult to protect
intellectual property because computerized information can be
so easily copied or distributed on networks.
• Protected in four main ways:
– Copyright
– Patents
– Trademarks
– Trade secret

Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 21

Challenges to Intellectual Property

Rights
• Digital media different from physical media
– Ease of replication
– Ease of transmission (networks, Internet)
– Ease of alteration
– Difficulties in establishing uniqueness

Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 22

Why Systems are Vulnerable

• Security
– Policies, procedures, and technical measures used to
prevent unauthorized access, alteration, theft, or
physical damage to information systems
• Controls
– Methods, policies, and organizational procedures that
ensure safety of organization’s assets; accuracy and
reliability of its accounting records; and operational
adherence to management standards

Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 23

Figure 8.1 Contemporary Security

Challenges and Vulnerabilities

Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 24

Internet Vulnerabilities
• Network open to anyone
• When the Internet becomes part of the corporate network,
the organization’s information systems are even more
vulnerable to actions from
• E-mail, I M
– Interception
– Attachments with malicious software
– Transmitting trade secrets

Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
Malicious Software: Viruses, Worms,
25

Trojan Horses, and Spyware

• Viruses
• Worms
• Trojan horse
• Ransomware
• Spyware
– Key loggers
– Other types
 Reset browser home page
 Redirect search requests

Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 26

What is the Business Value of

Security and Control?
• Failed computer systems can lead to significant or total
loss of business function
• Firms now are more vulnerable than ever
– Confidential personal and financial data
– Trade secrets, new products, strategies
• A security breach may cut into a firm’s market value almost
immediately
• Inadequate security and controls also bring forth issues of
liability

Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 27

Tools and Technologies for

Safeguarding Information Systems
• Identity management software
– Automates keeping track of all users and privileges
– Assigning each user a unique digital identity for
accessing each system.
– Authenticates users, protecting identities, controlling
access
• Authentication
– Password systems
– Smart cards
– Biometric authentication
– Two-factor authentication
Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 28

Tools and Technologies for

Safeguarding Information Systems
• Firewall
– Prevents unauthorized users from accessing private
networks
– The firewall identifies names, IP addresses,
applications, and other characteristics of incoming
traffic.
– It checks this information against the access rules that
the network administrator has programmed into the
system.

Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 29

Tools and Technologies for

Safeguarding Information Systems
• Intrusion detection system
– Monitors hot spots on corporate networks to detect and
deter intruders
– Scanning software looks for patterns indicative of known
methods of computer attacks such as bad passwords,
– Checks to see whether important files have been removed
or modified, and sends warnings of vandalism or system
administration errors.
• Antivirus and antispyware software
– Checks computers for presence of malware and can
often eliminate it as well
Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 30

Ensuring System Availability

• Online transaction processing requires 100% availability
• Fault-tolerant computer systems
– Contain redundant hardware, software, and power
supply components that create an environment that
provides continuous, uninterrupted service
• Disaster recovery planning
– Devises plans for restoration of disrupted services

Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 31

Ensuring Software Quality

• Software metrics: Objective assessments of system in
form of quantified measurements
– Number of transactions
– Online response time
• Early and regular testing
• Walkthrough: Review of specification or design document
by small group of qualified people
• Debugging: Process by which errors are eliminated

Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 32

The Role of Auditing

• Information systems audit
– Examines firm’s overall security environment as well as
controls governing individual information systems
• Security audits
– Review technologies, procedures, documentation,
training, and personnel
– May even simulate disaster to test responses
• List and rank control weaknesses and the probability of
occurrence
• Assess financial and organizational impact of each threat

Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved
 33

Figure 8.4 Sample Auditor’s List of

Control Weaknesses

Copyright © 2020, 2018, 2016 Pearson Education, Inc. All Rights Reserved