Chapter 2

The Personal and Social Impact of Computers

Copyright 2012 Nelson Education Ltd.

Principles and Learning Objectives

In April 2011, Sony had a problem. What was the problem? Who was impacted?

Tyler Olson/Shutterstock.com

Discuss:

Barone Firenze/Shutterstock.com

What are some of the problems that IS can create What do companies need to do to avert problems What do individuals need to do to protect identity
Copyright 2012 Nelson Education Ltd. 2-2

What You Will Learn

How to avoid waste and mistakes Establishing policies and procedures for prevention Need for security to prevent computer crime How to avoid negative health effects Designing positive working conditions Why a code of ethics is essential

Copyright 2012 Nelson Education Ltd.

2-3

Why Learn About the Personal and Social Impact?

To understand that IS issues are both technical and non-technical To recognize socially responsible IS To avoid becoming a victim of computer crime To prevent identity theft

Copyright 2012 Nelson Education Ltd.

2-4

Computer Waste and Mistakes

Computer waste:
Poor system design Output not needed

Computer-related mistakes:
System does not work properly Incorrect results Wasted hw and sw investment

PozitivStudija/Shutterstock.com

Copyright 2012 Nelson Education Ltd.

2-5

Another Waste Of Resources = Spam

Origin of spam
SPiced hAM (canned luncheon meat) Applied to unwanted items; from Monty Python sketch

Spam filter:
Lawrence Cruciana/Shutterstock.com

Blocks spam 95% of e-mail is spam

Copyright 2012 Nelson Education Ltd.

2-6

Good Policies and Procedures

Input of data checked for errors Only authorized users allowed to access system User manual easy to read and accessible Computer programs thoroughly tested Procedures for malfunctioning equipment Procedures for environmental issues Assurance that computing capacity is sufficient Data current and up-to-date Program changes tightly controlled

Copyright 2012 Nelson Education Ltd.

2-7

Monitoring Policies and Procedures

Check routine practices
Take corrective action if necessary

Implement internal audits

Measure actual results against established goals Ensure that users are authorized

Kletr/Shutterstock.com

Copyright 2012 Nelson Education Ltd.

2-8

Reviewing Policies and Procedures

Are current policies adequate? What new activities are planned in the future? Are contingencies and disasters covered?

Copyright 2012 Nelson Education Ltd.

2-9

Augusto Cabral/Shutterstock.com

Computer Crime
Undelivered merchandise or non-payment Identity theft Credit card fraud Auction fraud

Tyler Olson/Shutterstock.com

Copyright 2012 Nelson Education Ltd.

2-10

The Computer as a Tool to Commit Crime

Social engineering:
Cleverly asking users for information Phishing
Slavoljub Pantelic/Shutterstock.com

Dumpster diving:
Larry Powell/Shutterstock.com

Looking for confidential waste in trash

Copyright 2012 Nelson Education Ltd.

2-11

Cyberterrorism
CCIRC
Canadian Cyber Incident Response Centre

IMPACT
International Multilateral Partnership Against Cyber Terrorism

Threats:
From other states

hornyak/Shutterstock.com

Targets
Infrastructure Communications Network Major installations
Copyright 2012 Nelson Education Ltd. 2-12

Identity Theft
Personal information compromised
Phishing (asking by e-mail) Vishing (asking by phone) Stolen from a company
Example: Sony Playstation

Purpose
Steal from bank account Use of credit card Access to personal services

Copyright 2012 Nelson Education Ltd.

2-13

Internet Gambling
$21 billion in 2010 20% per annum growth rate Source of income for governments
BUT what will happen if governments start taxing gambling in their jurisdiction?

Copyright 2012 Nelson Education Ltd.

2-14

The Computer as a Tool to Fight Crime

Leads Online Web-based service system:
Database of stolen property More than 250 million records Search by item serial number or by individual

Monitoring Sex Offenders

Web-based system Database of offenders address, description, and car GPS tracking devices and special software
Tracks movement of offenders

Copyright 2012 Nelson Education Ltd.

2-15

Use of Geographic Information Systems

Used by law enforcement agencies Analysis of patterns Identification of areas at risk

Copyright 2012 Nelson Education Ltd.

2-16

Common Methods Used to Commit Computer Crimes

Copyright 2012 Nelson Education Ltd.

2-17

Illegal Access and Use

Hacker:
Unauthorized access for the fun of it

Criminal hacker (cracker):

Unauthorized access to steal or harm
Photomak/Shutterstock.com

Script bunny:
Automates the job of crackers

Insider:
Employee who comprises corporate systems

Copyright 2012 Nelson Education Ltd.

2-18

Common Types of Malware

Type of Malware Description

Logic bomb Rootkit

Trojan horse Variant Virus Worm

Trojan horse which triggers when a specific condition occurs Enables hacker to gain administrator-level access
Malicious program that disguises itself as an application or game Modified version of a virus created by amending original code File that attaches itself to other files and replicates itself repeatedly Parasitic program like a virus, but does not infect other programs
Copyright 2012 Nelson Education Ltd. 2-19

Other Dangers
Spyware:
Form of Trojan horse Can capture keystrokes

Password sniffer:

cg-art/Shutterstock.com

Small program hidden in a network Records identification numbers and passwords

Stealing small devices:

Laptops Memory sticks Data is the value
Copyright 2012 Nelson Education Ltd. 2-20

Patent and Copyright Violations

Protection of Intellectual Property (IP) Software piracy:
CAAST
Canadian Alliance Against Software Theft

BSA
Business Software Alliance

Klara Viskova/Shutterstock.com

Patent infringement:
Use of anothers patent

Copyright 2012 Nelson Education Ltd.

2-21

Crime Prevention by Government

Legislation Canadian Cyber Incident Response centre (CCIR) Computer Emergency Response Team (CERT):
Responds to network security breaches Monitors systems for emerging threats

Copyright 2012 Nelson Education Ltd.

2-22

Crime Prevention by Corporations

Install a firewall to protect internal computer network Strong user authentication and encryption Install the latest security patches Disable guest accounts and null user accounts Turn audit trails on Install caller ID

Copyright 2012 Nelson Education Ltd.

2-23

Intrusion Detection
Intrusion
Unauthorized users Too many attempts

Intrusion detection software (IDS)

Monitors system and network resources Notifies security personnel intrusion is sensed

Security Dashboard
Threats, exposures, compliance, alerts

Outsourcing
Managed Security Service Providers (MSSPs)
Copyright 2012 Nelson Education Ltd. 2-24

Crime Prevention for Individuals and Employees

Protection from identity theft:
Regularly check credit reports with major credit bureaus Contract with service companies Insure against identity theft

Protection from malware attacks:

Run anti-virus programs Keep it up to date Scan incoming e-mails Scan removable media (e.g., CDs and USBs)

Copyright 2012 Nelson Education Ltd.

2-25

Avoiding Computer Scams

Dont agree to anything in a high-pressure meeting Dont judge a company based on appearances Avoid any plan that pays commissions simply for recruiting additional distributors Beware of shills (people who lie about their earnings) Beware of a companys claim that it can set you up in a profitable home-based business

Copyright 2012 Nelson Education Ltd.

2-26

Privacy: E-mail and Instant Messaging

E-mail and federal law:
Employers may monitor employees e-mail Erased e-mails can be retrieved and used in lawsuits

Instant Messaging (IM) Privacy

Do not send personal IMs at work Choose nonrevealing, unprovocative IM name Do not open files or click links from unknown people Never send sensitive personal data via IM

Copyright 2012 Nelson Education Ltd.

2-27

Privacy and Personal Sensing Devices

RFID tags:
Microchips with antenna Embedded in many of the products we buy
medicine containers clothing computer printers car keys library books

Albert Lozano/Shutterstock.com

Collection of data about personal habits

Copyright 2012 Nelson Education Ltd.

2-28

Privacy and the Internet

Trail of
E-mail messages Web sites visited Products bought

Social networks:
Facebook, MySpace Caution about what you post and privacy settings
Tish1/Shutterstock.com

Platform for Privacy Preferences (P3P):

Privacy policies will be scanned to alert users

Copyright 2012 Nelson Education Ltd.

2-29

Internet Content Concerns

Libel:
Publishing An Intentionally False Written Statement Damages A Persons Or Organizations Reputation

Individuals:
Information Can Be Posted Anonymously Or With False Names

Internet Content Rating Association (ICRA):

Protects Children From Potentially Harmful Material Safeguards Free Speech On The Internet

Copyright 2012 Nelson Education Ltd.

2-30

Fairness in Information Use

PIPEDA (Personal Information Protection and Electronic Documents Act)
Individual must consent to collection of their data

ECPA (Electronic Commerce Protection Act)

Aimed at spam and malware Illegal to install software that sends a message without consent of user Commercial messages only sent to consenting customer

Copyright 2012 Nelson Education Ltd.

2-31

Individual Efforts to Protect Privacy

Find out what is stored about you in existing databases Be careful when you share information about yourself Be proactive to protect your privacy Take extra care when purchasing anything via the Web

Copyright 2012 Nelson Education Ltd.

2-32

The Changing Work Environment

Jobs
Jobs that require IS literacy have increased Less-skilled positions have decreased

Business
Expansion from local markets to global markets Creation of new jobs through reengineering Closer contact with the customer via the Internet

Copyright 2012 Nelson Education Ltd.

2-33

Health Concerns
Occupational stress Seated immobility thromboembolism (SIT) Carpal tunnel syndrome (CTS) Legislation
San Francisco: Video display terminal (VDT) bill
For employees who are at VDTs more than 4 hrs per day 15 minute breaks every 2 hours

Copyright 2012 Nelson Education Ltd.

2-34

Avoiding Health and Environment Problems

Create favourable conditions Design the environment to fit the work Ergonomics:
Science of designing products and systems to maximize:
Safety, comfort, and efficiency of people who use them

Copyright 2012 Nelson Education Ltd.

2-35

C Squared Photo Studios/Photodisc/Getty Images

Ethical Issues in Information Systems

Code of ethics:
Principles and core values essential to a set of people Governs behaviour Reference point for what is legal and ethical

Is it ethical or illegal or both?

Companies reading an employees e-mail Downloading music to your iPod Future employers checking you out on Facebook

Copyright 2012 Nelson Education Ltd.

2-36

Summary of Principles
Establish policies and procedures to avoid computer waste and mistakes Be aware of the risks of computer crime Design jobs, equipment and work conditions so that negative health effects are avoided Be familiar with and practice the code of ethics to which your profession subscribes

Copyright 2012 Nelson Education Ltd.

2-37