Unit-V: Security and Ethical Challenges
Ethical responsibilities of Business Professionals – Business, technology. Computer crime – Hacking, cyber theft, unauthorized use at work. Piracy – software and intellectual property. Privacy – Issues and the Internet Privacy. Challenges – working condition, individuals. Health and Social Issues, Ergonomics and cyber terrorism.
MIS - Security & Ethical Issues
Security of an Information System
Information system security refers to the way the system is defended against unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
There are two major aspects of information system security −
● Security of the information technology used − securing the system from malicious cyber-attacks that tend to break into the system and to access critical private information or gain control of the internal
systems.
● Security of data − ensuring the integrity of data when critical issues, arise such as natural disasters, computer/server malfunction, physical theft etc. Generally an off-site backup of data is kept for such
problems.
Guaranteeing effective information security has the following key aspects −
● Preventing the unauthorized individuals or systems from accessing the information.
● Maintaining and assuring the accuracy and consistency of data over its entire life-cycle.
● Ensuring that the computing systems, the security controls used to protect it and the communication channels used to access it,
functioning correctly all the time, thus making information available in all situations.
● Ensuring that the data, transactions, communications or documents are genuine.
● Ensuring the integrity of a transaction by validating that both parties involved are genuine, by incorporating authentication features such as "digital signatures".
● Ensuring that once a transaction takes place, none of the parties can deny it, either having received a transaction, or having sent a
transaction. This is called 'non-repudiation'.
● Safeguarding data and communications stored and shared in network systems.
Information Systems and Ethics
Information systems bring about immense social changes, threatening the existing distributions of power, money, rights, and obligations. It also raises new kinds of crimes, like cyber-crimes.
Following organizations promote ethical issues −
● The Association of Information Technology Professionals (AITP) ● The Association of Computing Machinery (ACM)
● The Institute of Electrical and Electronics Engineers (IEEE)
● Computer Professionals for Social Responsibility (CPSR)
The ACM Code of Ethics and Professional Conduct
● Strive to achieve the highest quality, effectiveness, and dignity in both the process and products of professional work.
● Acquire and maintain professional competence.
● Know and respect existing laws pertaining to professional work. ● Accept and provide appropriate professional review.
● Give comprehensive and thorough evaluations of computer systems and their impacts, including analysis and possible risks.
● Honor contracts, agreements, and assigned responsibilities.
● Improve public understanding of computing and its consequences. ● Access computing and communication resources only when authorized to do so.
The IEEE Code of Ethics and Professional Conduct IEEE code of ethics demands that every professional vouch to commit themselves to the highest ethical and professional conduct and agree −
● To accept responsibility in making decisions consistent with the safety, health and welfare of the public, and to disclose promptly factors that might endanger the public or the environment;
● To avoid real or perceived conflicts of interest whenever possible, and to disclose them to affected parties when they do exist;
● To be honest and realistic in stating claims or estimates based on available data;
● To reject bribery in all its forms;
● To improve the understanding of technology, its appropriate
application, and potential consequences;
● To maintain and improve our technical competence and to undertake technological tasks for others only if qualified by training or
experience, or after full disclosure of pertinent limitations;
● To seek, accept, and offer honest criticism of technical work, to acknowledge and correct errors, and to credit properly the
contributions of others;
● To treat fairly all persons regardless of such factors as race, religion, gender, disability, age, or national origin;
● To avoid injuring others, their property, reputation, or employment by false or malicious action;
● To assist colleagues and co-workers in their professional development and to support them in following this code of ethics.
Management Information Systems (MIS): What Do They Mean for Businesses?
MIS stands for management information systems, which is the department that oversees hardware and software solutions dedicated to making critical business decisions. These information systems are designed to gather and analyze data and produce business reports that help management with critical decision-making.
Generally, the chief information officer (CIO) or chief technology officer (CTO) will decide when to implement an MIS in an organization, and IT or MIS directors will achieve that solution. These directors will also be responsible for implementing new policies regarding the MIS, as well as making sure that all new policies and solutions fall in line with existing IT policies, including training employees on the new system.
While information systems have been in use for decades, the acceleration of technological growth in our society means that these information systems have become increasingly digital and complex.
Functions and Benefits of Management Information Systems
At its core, an MIS is meant to take in data, either automatically or via manual input, and generate a report to help management make critical business decisions. The following are a few of the benefits of using an MIS:
● Companies can gain better organizational visibility via the data and reports generated by MIS.
● MIS reports can help identify an enterprise’s strengths and weaknesses, which can lead to strategically reproducing strengths and successes, as well as exercising weaknesses and failures.
● MIS can help improve operational efficiency, product development, and business-critical decision-making.
● Certain types of MIS like office automation systems can help with communication and organization between personnel.
● Stellar customer data management and analysis can lead to better marketing and promotional decisions.
● MIS can help reduce downtime for decision-making while providing a company a competitive advantage.
What is Hacking?
Hacking is the activity of identifying weaknesses in a computer system or a network to exploit the security to gain access to personal data or business data. An example of computer hacking can be: using a password cracking algorithm to gain access to a computer system.
Computers have become mandatory to run a successful businesses. It is not enough to have isolated computers systems; they need to be networked to facilitate communication with external businesses. This exposes them to the outside world and hacking. System hacking means using computers to commit fraudulent acts such as fraud, privacy invasion, stealing corporate/personal data, etc. Cyber crimes cost many
organizations millions of dollars every year. Businesses need to protect themselves against such attacks.
Introduction of Cybercrime
Cybercrime is the activity of using computers and networks to perform illegal activities like spreading computer viruses, online bullying, performing unauthorized electronic fund transfers, etc. Most cybercrime hacks are committed through the internet, and some cybercrimes are performed using Mobile phones via SMS and online chatting applications.
Type of Cybercrime
● The following list presents the common types of cybercrimes: ● Computer Fraud: Intentional deception for personal gain via the use of computer systems.
● Privacy violation: Exposing personal information such as email addresses, phone number, account details, etc. on social media, hacking a websites, etc.
● Identity Theft: Stealing personal information from somebody and impersonating that person.
● Sharing copyrighted files/information: This involves distributing copyright protected files such as eBooks and computer programs etc. ● Electronic funds transfer: This involves gaining an un-authorized access to bank computer networks and making illegal fund transfers. ● Electronic money laundering: This involves the use of the computer to launder money.
● ATM Fraud: This involves intercepting ATM card details such as account number and PIN numbers. These details are then used to withdraw funds from the intercepted accounts.
● Denial of Service Attacks: This involves the use of computers in multiple locations to attack servers with a view of shutting them down.
● Spam: Sending unauthorized emails. These emails usually contain advertisements.
What is Ethical Hacking?
Ethical Hacking is identifying weakness in computer systems and/or computer networks and coming with countermeasures that protect the weaknesses. Ethical hackers must abide by the following rules.
● Get written permission from the owner of the computer system and/or computer network before hacking.
● Protect the privacy of the organization been hacked. ● Transparently report all the identified weaknesses in the computer system to the organization.
● Inform hardware and software vendors of the identified weaknesses.
Why Ethical Hacking?
● Information is one of the most valuable assets of an organization. Keeping information secure can protect an organization’s image and save an organization a lot of money.
● Fake hacking can lead to loss of business for organizations that deal in finance such as PayPal. Ethical hacking puts them a step ahead of the cyber criminals who would otherwise lead to loss of business.
Legality of Ethical Hacking
Ethical Hacking is legal if the hacker abides by the rules stipulated in the above section on the definition of ethical hacking. The International Council of E-Commerce Consultants (EC-Council) provides a certification program that tests individual’s skills. Those who pass the examination are awarded with certificates. The certificates are supposed to be renewed after some time.
Summary
● Hacking is identifying and exploiting weaknesses in computer systems and/or computer networks.
● Cybercrime is committing a crime with the aid of computers and information technology infrastructure.
● Ethical Hacking is about improving the security of computer systems and/or computer networks.
● Ethical Hacking is legal.
Software Piracy and Intellectual Property - An Understanding
The world throughout the years has seen a quick development in Information innovation, progression in different innovations, and digitalization. This development has likewise brought about the development of crimes and unlawful digital exercises, for example, hacking and programming theft. Software organizations have been profoundly tainted by theft which isn't simply unsafe to the product designers yet, in addition, hurting the clients of this product. Innovation progression has made it simple for anybody to duplicate the projects, copy them and offer them to the market.
The utilization of PCs software has made the existence of individuals simpler and manual work has been totally changed into specialized work however maltreatment of such instruments has made significant issues, for example, theft which is a continuous issue for different nations on the planet. It is an unquestionable truth that software piracy and violations identifying with it are blasting all throughout the planet in this century because of the progression of advances and digitalization and credit ought to be given to the Internet. Because of the Internet, this issue has now become a transnational issue. Such encroachment of protected software because of the web has not just made the financial issue the proprietor/maker yet, in addition, the client of such programming.
Software Piracy –
Software Piracy is the unapproved duplicating or dispersion of protected software. This should be possible by duplicating, downloading, sharing, selling, or introducing various duplicates onto an individual or work PCs. As per Nasscom, software theft includes the
utilization, proliferation, or circulation of the product without having gotten the communicated authorization of the product creator. (1)
Software piracy is essentially a demonstration done by any individual whereby he duplicates, downloads, offers, sells, or introduces a duplicate of the product without the consent of the product creator where the product creator partakes in the selective right of copyright. Fundamentally at whatever point individual buys software he simply gets a permit to utilize the product, not the copyright. In India Software programs are given copyright insurance and any individual who utilizes them without consent will submit the offense of theft on unapproved utilization of copyright materials. In any case, duplicating software for reinforcement reasons for existing isn't restricted however any
demonstration which will abuse the selective privileges of the copyright holder will include the lawful arrangements against such people.
Intellectual Property –
Intellectual property is any result of the human intellect that the law shields from unapproved use by others. The ownership of intellectual property inherently creates a limited monopoly on protected property. (2) Intellectual property generally involves four classes: patent, copyright, trademark, and trade secrets. Intellectual property rights are the rights given to persons over the creations of their minds. They usually give the creator an exclusive right over the use of his/her creation for a certain period of time. (3)
India being a signatory to the TRIPs Agreement had adjusted its law so that it gives the greatest security to the intellectual property in a global norm. In India, the product is treated as a scholarly work and likewise, Copyright security has been given to the product. The current patent law isn't in any thoughtful prepared to stretch out its security to programming, consequently, programming has been given assurance under the Indian Copyright Act, 1957.
Legal Framework under Indian Copyright Act, 1957 –
Under the Indian Copyright Act, software piracy can be attempted under both civil and criminal law. The base prison term for software copyright encroachment is seven days, and the greatest prison term is three years. Legal fines range from at least 50,000 to a
limit of 200,000 rupees. Sections of The IT Act, 2000 can likewise be applied dependent on the situation of piracy.
Section 13 (1) (a) of the Indian Copyright Act, 1957 (4) offer security to all types of unique works. The PC program is remembered as unique artwork of the Act and accordingly, its encroachment will draw in genuine corrective and civil actions. The 1994 amendment likewise added arrangements for severe discipline for the demonstration of encroachment of protected software programs. The Act plainly expresses that any demonstration which is finished by an unapproved individual with the product which was legitimate to be finished by the approved licensee individual will add up to the demonstration of encroachment. The Act accommodates common cures like orders, harms, and other managerial measures taken by the regulatory experts for the insurance of protected software.
Section 51 (a) (ii) of the Indian Copyright Act, 1957 (5) states that when an individual allows any spot to be utilized for communication of the protected software or other work to the general population for creating benefit this will add up to the encroachment of copyright. The expression "communication to the public” is characterized in Sec. 2(ff) of the Act (6) as hearing, appreciating, or seeing the issue of protected work however it comes up short on the risk of the Internet Service Providers as it doesn't give any express arrangements to envelop the responsibility of Service suppliers like different nations.
3 Major Internet Privacy Issues and How to Avoid Them
Internet is the fastest way of connecting with the world but, unfortunately, it is not the safest one. The internet is full of scams and gambles, and you are on the verge of security risks when you choose to be online.
Most internet users are least bothered about their online privacy and are unaware of the plausible risks associated with it. Not only your privacy but your safety is also endangered, especially when you are using the internet to carry out important and secretive tasks like online banking and sharing crucial business files.
Three Major Issues Concerning Online Privacy
Online users are incredibly vulnerable to security threats, and there is a long list of issues associated with their safety. Here we are discussing only the major issues concerning online privacy.
Spying and Snooping
When you are online, you are spied by a number of trackers for various purposes. Trackers keep a record of your search history and track all your online activities through various means. This provides them a clear picture of who you are and your interests, which is a breach of online privacy policy and makes you a public property. Most of the time, this tracking is for advertisement purposes only and it allows advertisers to show ads according to your taste and interests. But sometimes this information is used by cybercriminals to carry out unauthorized and illegal activities risking your online existence.
Information Mishandling
There are various sites on the internet that need your personal information to get access to their services. These sites often store cookies and save your personal information and later use it for various purposes. Most of the time this information is not encrypted and can be accessed by anyone. This mishandling of personal information may lead to serious consequences. The modern trend of e-banking and e-business portals have multiplied the risks associated with online privacy. By sharing your bank details and crucial files on the internet, you are paving ways for burglars and making yourself vulnerable to cybercriminals.
Location Tracking
Most of the internet users proudly upload their social media posts highlighting their current location along with tagging friends and family members. It's fun and exciting to share your life events with friends and family, but this data does not remain restricted to your expected audience only. This same data is stored on the social media site you are using and stays there forever, often without you knowing (though you may have given consent through a terms and services agreement). Along with social media apps, Google Maps and other apps also ask for your location and by turning on your location you are providing first-hand information to the world about where exactly you are and what your next move is, which is certainly risky and insecure.
Five Possible Ways to Protect Against Online Privacy Threats There’s no way to completely avoid threats and attacks, but still, there are some steps you can take to avoid being victim on the internet. Here are some measures that should be followed:
Use a VPN
There are various ways of protecting your online privacy, but the most successful and certain way is through VPN. It is a tool that provides an encrypted tunnel for all your online activities, which means it encodes all the information transferred between you and your host site and leaves no chances of snooping and spying. It also provides you an anonymous IP and disguises your actual identity, hiding your geographical location and making your online existence more safe and secure.
There are various VPN available including free and paid ones. Some VPN work on a small scale and have access to a few countries only while others are international ones with access to most parts of the world.
Conduct Safe Browsing
Hackers can easily track your activities and get into your system through your browser. It’s highly recommended to keep your browser updated to the latest version. Avoid using spammy websites that asks for user details. You can also block ads on your browser and take extra time to actually read privacy policies before giving your consent.
Keep Your System Up-to-Date
Keep your system up to date to ensure that you don’t miss out any feature and security fixes. If you find it a hassle to manually apply updates, you can always use tools to automate your software updates. Regularly scan your system or it’s better to keep auto scan on in your system.
Use Anti-Virus
A strong anti-virus program will keep your device free from all types of malware, such as spyware, viruses, Trojans, etc. You can also use a good anti-virus that will keep you updated if it found something wrong in your system. Using anti-virus is essential as it helps you to get real time updates.
Adjust Your Settings on Social Media Take advantage of the options that are available to you. Big Internet companies such as Facebook and Google usually give you options to opt out of some, if not all, of their personalization and tracking.
Common Problems in Management Information Systems
Today’s businesses run on technology. Every client interaction and internal process relies heavily on the computer systems that power everything. Management information systems (MIS) is a general term to encompass the various technologies that exist in organizations today, as well as the personnel necessary to manage it all. Common problems include failure to strategize, meeting organizational needs, hiring and retaining good employees, staying current and integrating all your technologies.
Lack of Strategy
Many of the most common MIS issues can be traced back to a lack of a solid strategy. Information systems leaders are well aware of the many tools available to gather data on their network. But putting that information to use is often a challenge.
At one time, technology departments served as a separate operation, providing tech support and keeping an organization’s server equipment running. Today, MIS leadership often sits alongside other business leaders, working together to ensure that the technology being used supports the overall mission of the company moving forward.
Meeting Organizational Needs
MIS plays an ever-increasing role in organizations, with professionals relying on technology for every aspect of operations. Sales and marketing rely heavily on customer relationship software to track client interactions, for instance, while accounting needs its own software for billing, invoicing and financial tracking.
With more than half of all companies now relying on big data analytics, MIS is playing an even more important role. Before making a decision, today’s management teams are likely to pull reports on existing activity to ensure they use facts rather than make educated guesses.
Understanding Ethical and Social Issues Related to Systems
In the past 10 years, we have witnessed, arguably, one of the most ethically challenging periods for U.S. and global business. In today’s new legal environment, managers who violate the law and are convicted will most likely spend time in prison. Ethics refers to the principles of right and wrong that individuals, acting as free moral agents, use to make choices to guide their behaviors. When using information systems, it is essential to ask, “What is the ethical and socially responsible course of actin?”
A Model for Thinking about Ethical, Social and Political Issues
Ethical, social, and political issues are closely linked. The ethical dilemma you may face as a manager of information systems typically is reflected in social and political debate.
Fig. The Relationship Between Ethical, Social, and Political Issues In An Information Society Key Technology Trends that Raise Ethical Issues
Profiling – the use of computers to combine data from multiple sources and create electronic dossiers of detailed information on individuals.
Nonobvious relationship awareness (NORA) – a more powerful profiling capabilities technology, can take information about people from many disparate sources, such as employment applications, telephone records, customer listings, and “wanted” lists, and correlated relationships to find obscure hidden connections that might help identify criminals or terrorists.
Fig. Nonobvious relationship awareness (NORA)
Ethics In An Information Society
Basic Concepts: Responsibility, Accountability, and Liability
Ethical choices are decisions made by individuals who are responsible for the consequences of their actions. Responsibility is a key element and means that you accept the potential costs, duties, and obligations for the decisions you make. Accountability is a feature of systems and social institutions and means mechanisms are in place to determine who took responsible action, and who is responsible. Liability is a feature of political systems in which a body of laws is in place that permits individuals to recover the damages done to them by other actors, systems, or organizations. Due process is a related feature of law-governed societies and is a process in which laws are known and understood, and there is an ability to appeal to higher authorities to ensure that the laws are applied correctly.
No comments:
Post a Comment