In this chapter, the learning objectives are: Identify several ethical issues regarding how the use of information technologies in business affects employment, individuality, working conditions, privacy, crime, health, and solutions to societal problems; identify several types of security management strategies and defenses and explain how they can be used to ensure the security of business applications of information technology;...
Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved 13 - Chapter 13 Security and Ethical Challenges Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved 13 - Learning Objectives Identify several ethical issues in how the use of information technologies in business affects employment, individuality, working conditions, privacy, crime, health, and solutions of societal problems Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved 13 - Learning Objectives Identify several types of security management strategies and defenses, and explain how they can be used to ensure the security of business applications of information technology Propose several ways that business managers and professionals can help to lessen the harmful effects and increase the beneficial effects of the use of information technology Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved 13 - Why Study Challenges of IT? • Information technology in business presents major security challenges, poses serious ethical questions, and affects society in significant ways Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved 13 - Case #1: Computer Viruses Why security glitches exist? • Microsoft and other software companies have placed a high priority on getting products out quickly and loading them with features, rather than attending to security • With a 95% market share, Microsoft’s Windows desktop operating system is a fat, juicy target for the bad guys Copyrightâ2006,TheMcGrawưHillCompanies,Inc.Allrightsreserved 13 - Case #1: Computer Viruses The burden for combating viruses lies with computer users themselves Most large corporations already have basic antivirus software But security experts maintain that they need to come up with better procedures for frequently updating their computers with the latest security patches to programs and inoculations against new viruses Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved 13 - Case #1: Computer Viruses What security measures should companies, business professionals, and consumers take to protect their systems from being damaged by computer worms and viruses? What is the ethical responsibility of Microsoft in helping to prevent the spread of computer viruses? Have they met this responsibility? Why or why not? Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved 13 - Case #1: Computer Viruses What are several possible reasons why some companies (like GM) were seriously affected by computer viruses, while others (like Verizon) were not? What are the ethical responsibilities of companies and business professionals in helping curb the spread of computer viruses? Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved 13 - IT Security, Ethics and Society Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved 13 - 10 Auditing IT Security • IT security audits review and evaluate whether proper and adequate security measures and management policies have been developed and implemented • This typically involves verifying the accuracy and integrity of the software used, as well as the input of data and output produced by business applications Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved 13 - 60 Security Management for Internet Users Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved 13 - 61 Case #3: Software Patch Management • Keeping abreast of security patches has become an essential business practice for any company • IT managers must be aware of security at every level • If even one critical system is compromised, the entire network can be exposed Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved 13 - 62 Case #3: Software Patch Management Complications of Patch Management: • Volume of nodes that must be serviced • Complexities of heterogeneous environments Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved 13 - 63 Case #3: Software Patch Management What types of security problems are typically addressed by a patch management strategy? Why such problems arise in the first place? What challenges does the process of applying software patches and updates pose for many businesses? What are the limitations of the patching process? Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved 13 - 64 Case #3: Software Patch Management Does the business value of a comprehensive patch management strategy outweigh its costs, limitations, and the demands it places on the IT function? Why or why not? Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved 13 - 65 Case #4: Network Security Systems • Security event management suites automate the process of gathering, consolidating, correlating, and prioritizing data from various security tools including • • • • • • Antivirus software Firewalls Intrusion detection systems Intrusion prevention systems Operating systems Application software Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved 13 - 66 Case #4: Network Security Systems • Security information management tools typically normalize the security events data they collect by converting them into a common format and automatically filtering out duplicate data • The normalized data are then dumped into a central database where correlation software can match data from different systems and look for patterns that might indicate an attack Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved 13 - 67 Case #4: Network Security Systems • Finally, threats are prioritized based on their severity and the importance of the systems that are vulnerable Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved 13 - 68 Case #4: Network Security Systems What is the function of each of the network security tools identified in this case? Visit the websites of security firms Check Point and NetForensics to help you answer What is the value of security information management software to a company? Use the companies in this case as examples Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved 13 - 69 Case #4: Network Security Systems What can smaller firms who cannot afford the cost of such software to properly manage and use the information about security from their network security systems? Give several examples Copyrightâ2006,TheMcGrawưHillCompanies,Inc.Allrightsreserved 13 - 70 Summary The vital role of information technologies and systems in society raises serious ethical and societal issues in terms of their impact on employment, individuality, working conditions, privacy, health, and computer crime Copyrightâ2006,TheMcGrawưHillCompanies,Inc.Allrightsreserved 13 - 71 Summary Business and IT activities involve many ethical considerations Basic principles of technology and business ethics can serve as guidelines for business professionals when dealing with ethical business issues that may arise in the widespread use of information technology in business and society Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved 13 - 72 Summary • One of the most important responsibilities of the management of a company is to assure the security and quality of its ITenabled business activities • Security management tools and policies can ensure the accuracy, integrity, and safety of the information systems and resources of a company, and thus minimize errors, fraud, and security losses in their business activities Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved 13 - 73 Chapter 13 End of Chapter Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved 13 - 74 ...Chapter 13 Security and Ethical Challenges Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved 13 - Learning Objectives Identify several ethical issues in how the use of information. .. health, and solutions of societal problems Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved 13 - Learning Objectives Identify several types of security management strategies and. .. effects and increase the beneficial effects of the use of information technology Copyright © 2006, The McGrawHill Companies, Inc. All rights reserved 13 - Why Study Challenges of IT? • Information