Unit : V

Lecture by:

Surendra Shrestha, PhD

Unit-V
Security and Ethical Challenges: IS
controls - facility control and
procedural control - Risks to online
operations - Denial of service,
spoofing - Ethics for IS professional Societical challenges of Information
technology.

INFORMATION SYSTEM CONTROL

Information systems include all of the tools and
technology used by companies to gather data, plan and
coordinate resources and make decisions. Reliance on
technology and shared data access presents several
security and ethics issues for organizations.
Ethical questions are involved in many strategic
decisions, such as investment in human resources,
modernization, product development and service,
marketing, environmental decisions, and executive
salaries.

Security Issues

Information system security is so important to

companies that many hire experts in the field to

help secure their technology and information. This

includes securing technology and Internet

communication from hackers and other threats.

Ethical Issues
Advancements in technology present many new ethical

dilemmas for organizations. Appropriate use of

technology and information, confidentiality, proper use

of equipment and information, and other factors related

to access and dissemination of data collected with
company technology should be addressed in information
systems ethics codes.

Objectives of Ethical challenges

Identify ethical issues in how the use of
information technologies in business affects
employment, individuality, working
conditions, privacy, crime, health, and

solutions to societal problems.

Ethical Responsibility

What is Computer Crime?

The unauthorized use, access, modification, and

destruction of hardware, software, data, or

network resources

Unauthorized release of information

Unauthorized copying of software

Types of Computer Crime

Computer Crime
Hacking
The obsessive use of computers, or the unauthorized
access and use of networked computer systems
Cyber Theft
Involves unauthorized network entry and the
fraudulent alteration of computer databases
Unauthorized use at work
Also called time and resource theft
May range from doing private consulting or personal
finances, to playing video games, to unauthorized use
of the Internet on company networks

Piracy of intellectual property

Other forms of intellectual property covered by
copyright laws
Music, Videos, Images, Articles, Books
Software Piracy
Unauthorized copying of software
Computer viruses and worms
Virus
A program that cannot work without being
inserted into another program
Worm
A distinct program that can run unaided

Privacy Issues
Privacy issues are at the top of the list in regards

to ethical use of information.

Loss of control

Misuse of information
Risk to physical privacy

Risk of identity theft

Unwanted intrusions into daily life

Privacy on the Internet

Users of the Internet are highly visible and
open to violations of privacy
Unsecured with no real rules
Cookies capture information about you every
time you visit a site
That information may be sold to third parties

Privacy laws
Attempt to enforce the privacy of
computer-based files and
communications
Electronic Communications Privacy Act

Computer Fraud and Abuse Act

Employment Challenges

Other Challenges
Health Issues
- Job stress
- Muscle damage
- Eye strain
- Radiation exposure
- Accidents
Individuality
Computer-based systems criticized as impersonal systems that
dehumanize and depersonalize activities
Working Conditions

IT has eliminated many monotonous, obnoxious tasks, but has created

others

Factors in the Workplace

Security Measures
Encryption
Passwords, messages, files, and other data is
transmitted in scrambled form and unscrambled for
authorized users

Involves using special mathematical algorithms to

transform digital data in scrambled code

Most widely used method uses a pair of public and

private keys unique to each individual

Firewalls
Serves as a gatekeeper system that protects
a companys intranets and other computer
networks from intrusion
Provides a filter and safe transfer point
Screens all network traffic for proper
passwords or other security codes

Denial of Service Defenses

These assaults depend on three layers of

networked computer systems

Victims website

Victims ISP
Sites of zombie or slave computers

Defensive measures and security precautions

must be taken at all three levels

 E-mail Monitoring
Spot checks just arent good enough anymore. The tide is
turning toward systematic monitoring of corporate e-mail traffic

using content-monitoring software that scans for troublesome

words that might compromise corporate security.
Virus Defenses
Protection may accomplished through
Centralized distribution and updating of antivirus software
Outsourcing the virus protection responsibility to ISPs or to
telecommunications or security management companies

Security codes
Multilevel password system
Log onto the computer system, Gain access into the
system, Access individual files

Backup Files
Duplicate files of data or programs
File retention measures

Sometimes several generations of files are kept for control

purposes

Security Monitors
Programs that monitor the use of computer systems and networks and
protect them from unauthorized use, fraud, and destruction
Biometric Security
Measure physical traits that make each individual unique
Voice
Fingerprints
Hand geometry
Signature dynamics
Retina scanning
Face recognition and Genetic pattern analysis

System Controls and Audits

Information System Controls
Methods and devices that attempt to ensure the accuracy,
validity, and propriety of information system activities
Designed to monitor and maintain the quality and security of
input, processing, and storage activities
Auditing Business Systems

Review and evaluate whether proper and adequate security

measures and management policies have been developed and
implemented

Testing the integrity of an applications audit trail

Facility control:
The Facility Assignment and Control System (FACS) is an
integrated Network component system that most perhaps and
hackers know of from an old file named 'FACS FACTS. While

this file provides an accurate description of the FACS system, it

is lacking in detail and length. Any malicious use of this
information is strictly prohibited

FACS can be described as a full-featured outside plant and

central office facilities assignment system. For the people who
are unfamiliar with these terms, the outside plant is the portion
of the telephone network.

The component systems are:

PREMIS - Premise Information System

SOAC - Service Order Analysis & Control

LFACS - Loop Facility Assignment and Control

System
COSMOS - Computers System for Main Frame

Operations
WM

- Work Manager

Procedural control:
Procedural control is a method of providing air traffic
control services without the use of radar. It is used in regions
of the world, specifically sparsely-populated land areas and
oceans, where radar coverage is either prohibitively expensive
or is simply not feasible. It also may be used at very low-

traffic airports, or at other airports at night when the traffic

levels may not justify staffing the radar control positions, or as
a back-up system in the case of radar failure.