Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
CHAPTER four
CLOSING MATERIAL
OPENING CASE QUESTIONS
FIVE WAYS HACKERS GET INTO YOUR BUSINESS
1 Knowledge: De%ne information ethics and information security
and explain whether they are important to help prevent hackers
from gaining access to an organization.
Advances in technology make it easier for people to copy everything
from music to pictures. Technology poses new challenges for our ethics
— the principles and standards that guide our behavior toward other
people. Information ethics govern the ethical and moral issues arising
from the development and use of information technologies, as well as the
creation, collection, duplication, distribution, and processing of
information itself (with or without the aid of computer technologies).
2 Comprehension: Identify two epolicies that a business could
implement to ensure the protection of sensitive corporate data
from hackers.
Students can choose any of the six epolicies a business would want to
include to protect its information.
• An ethical computer use policy contains general principles to guide
computer user behavior. For example, it might explicitly state that
users should refrain from playing computer games during working
hours.
• An information privacy policy contains general principles regarding
information privacy.
• An acceptable use policy (AUP) is a policy that a user must agree to
3 Application: Demonstrate how a business can use authentication
and authorization technologies to prevent hackers from gaining
access to organizational systems.
Authentication and authorization: Authentication is a method for
4 Analysis: Analyze how a business can use prevention and
resistance technologies to safeguard its employees from hackers
and viruses.
Prevention and resistance: Content ,ltering occurs when organizations
use software that ,lters content, such as emails, to prevent the
accidental or malicious transmission of unauthorized information.
5 Synthesis: Explain why hackers want to gain access to
organizational data.
Data includes the keys to the kingdom and if a hacker gains access to
your sensitive corporate data they can easily destroy your business.
Information security policies identify the rules required to maintain
information security, such as requiring users to log o3 before leaving for
lunch or meetings, never sharing passwords with anyone, and changing
6 Evaluate: Evaluate additional ways hackers can gain access to
organizational data.
Hackers can walk through the smoking door. They could social engineer
an employee to allow them in or to accidently provide their username
REVIEW QUESTIONS
1. What are ethics and why are they important to a company?
As it becomes easier for people to copy everything from words and data
to music and video, the ethical issues surrounding copyright infringement
2. What is the relationship between information management,
governance, and compliance?
Information management examines the organizational resource of
information and regulates its de,nitions, uses, value, and distribution
ensuring it has the types of data/information required to function and
3. Why are epolicies important to a company?
Organizations should develop written policies establishing employee
guidelines, employee procedures, and organizational rules for information.
These policies set employee expectations about the organization’s
practices and standards and protect the organization from misuse of
4. What is the correlation between privacy and con%dentiality?
Privacy is the right to be left alone when you want to be, to have control
over your personal possessions, and not to be observed without your
consent. Privacy is related to con,dentiality, which is the assurance that
5. What is the relationship between adware and spyware?
Adware is software that, while purporting to serve some useful function
and often ful,lling that function, also allows Internet advertisers to display
6. What are the positive and negative e<ects associated with
monitoring employees?
The best path for an organization planning to engage in employee
monitoring is open communication including an employee monitoring
7. What is the relationship between hackers and viruses?
Hackers are experts in technology who use their knowledge to break into
8. Why is security a business issue, not just a technology issue?
The ,rst line of defense for security are people. People need to be
educated about security issues. Without people adhering to security
9. What are the growing issues related to employee communication
methods and what can a company do to protect itself?
Employees communicate on mobile devices, tablets, and computers. All
of the methods of communication need to be secure and protected. If one
10. How can a company participating in ebusiness keep its
information secure?
Information security takes people and technology. Informing the people
about security policies and security issues will help to ensure the
information is safe. The company must also implement all of the security
11. What technologies can a company use to safeguard
information?
Authentication and authorization technologies such as biometcis and
passwords can protect access. Prevention and resistance technologies
12. Why is ediscovery important to a company?
Ediscovery (or electronic discovery) refers to the ability of a company to
identify, search, gather, seize, or export digital information in responding
13. What are the reasons a company experiences downtime?
Downtime can occur for many number of reasons from ,res, :oods,
tornados, sinks over:owing, and mice easting the power wires.
14. What are the costs associated with downtime?
Costs from downtime include revenue losses, damaged reputation, and
poor performance.
CLOSING CASE ONE QUESTIONS
Targeting Target
1 How did the hackers steal Target’s customer data?
The biggest retail hack in U.S. history wasn’t particularly inventive, nor
did it appear destined for success. In the days prior to Thanksgiving
2013, someone installed malware in Target’s security and payments
2 What types of technology could big retailers use to prevent
identity thieves from stealing information?
Authentication and authorization technologies will help retailers prevent
hackers from accessing their systems. Prevention and resistance
technologies can help to ensure hackers can’t access the networks by
installing ,rewalls and antivirus software. Prevention and resistance:
Content ,ltering occurs when organizations use software that ,lters
3 What can organizations do to protect themselves from hackers
looking to steal account data?
Information security policies identify the rules required to maintain
information security, such as requiring users to log o3 before leaving for
lunch or meetings, never sharing passwords with anyone, and changing
4 In a team, research the Internet and %nd the best ways to
protect yourself from identity theft.
http://www.consumer.gov/idtheft/
This is the Federal Trade Commission national resource about identity
theft. The Website o3ers a one-stop national resource to learn about the
crime of identity theft. It provides detailed information to help you
Deter, Detect, and Defend against identity theft. While there are no
CLOSING CASE TWO
To Share or Not to Share
1. De%ne information ethics and information security and explain
why each is critical to any business.
Advances in technology make it easier for people to copy everything
from music to pictures. Technology poses new challenges for our ethics
— the principles and standards that guide our behavior toward other
people. Information ethics govern the ethical and moral issues arising
2. Identify two epolicies that a business could implement to
ensure the protection of sensitive corporate date.
Students can choose any of the six epolicies a business would want to
include to protect its information.
oAn ethical computer use policy contains general principles to
guide computer user behavior. For example, it might explicitly
state that users should refrain from playing computer games
during working hours.
oAn information privacy policy contains general principles
regarding information privacy.
3. Demonstrate how a business can use authentication and
authorization technologies to prevent information theft.
Authentication and authorization: Authentication is a method for
con,rming users’ identities. Once a system determines the
authentication of a user, it can then determine the access privileges (or
4. Analyze how a business can use prevention and resistance
technologies to safeguard its employees form hackers and
viruses.
Prevention and resistance: Content ,ltering occurs when organizations
use software that ,lters content, such as emails, to prevent the
accidental or malicious transmission of unauthorized information.
5. Propose a plan to implement information security plans to
ensure your critical information is safe and protected.
Information security policies identify the rules required to maintain
information security, such as requiring users to log o3 before leaving for
lunch or meetings, never sharing passwords with anyone, and changing
6. Evaluate the information security issues facing a business and
identify its three biggest concerns.
If the wrong person is on the team that builds the outsourced
CRITICAL BUSINESS THINKING
Instructor Note: There are few right or wrong answers in the business
world. There are really only e?cient and ine?cient, and e3ective and
ine3ective business decisions. If there were always right answers businesses
would never fail. These questions were created to challenge your students to
1. CHEERLEADER CHARGED $27,750 FOR FILE SHARING 37 SONGS
Project Purpose: To understand the costs associated with violating
copyrights.
Potential Solution: This is an amazing story to share with your students
2. POLICE RECORDS FOUND IN OLD COPY MACHINES
Project Purpose: To see an example of unintended information privacy
violations.
Potential Solution: Again, another excellent example of how information
privacy can be violated without even knowing as I’m sure most of your
3. FIREWALL DECISIONS
Project Purpose: To analyze a business decision regarding ,rewalls
Potential Responses: The total cost of the investment for three years
is $125,000 (80 + (15 *3)). The company is currently losing $250,000 per
4. PREVENTING IDENTIFY THEFT
Project Purpose: To use di3erent types of information security
surrounding identity theft
Potential Responses: Student answers to this question will vary
depending on when you access the Websites. The important part of this
activity is for your students to learn how to protect their identity from
theft. The Federal Trade Commission national resource about identity theft
Website o3ers a one-stop national resource to learn about the crime of
5.DISCUSSING THE THREE AREAS OF INFORMATION SECURITY
Project Purpose: To explain and identify information security
weaknesses
Potential Responses: An information security policy identi,es the rules
required to maintain information security. The information security policies
could include reprimands for leaving a computer unsecured, require users
to logo3 systems when attending meetings or leaving for lunch, changing
passwords every 30 days, and not allowing spam from company email,
6. SPYING ON EMAIL
Project Purpose: To analyze the ethics surrounding email monitoring
Potential Responses: Student answers will vary depending on their
personal ethics. Some students will feel that monitoring children’s
communications is a parent’s right, while others will feel strongly against
this type of behavior.
Ethical email monitoring: a boss monitoring an employee’s email who
7. STEALING SOFTWARE
Project Purpose: To demonstrate ethical decisions in relation to pirated
software
Potential Responses: Your students’ reaction to the statement will vary
based on their individual ethics. Some students will agree with the right of
8. Censoring Google
Project Purpose: To demonstrate global ethical dilemmas
Potential Responses: There are a number of interesting videos online
discussing the censorship issues and China. Ask your students to review
the videos and determine issues associated with censorship. Many of
BBC Story On China Censorship- Video
http://news.bbc.co.uk/2/hi/asia-paci,c/8582233.stm
Google to Stop Censoring China
http://www.youtube.com/watch?v=hPvG3QW8AzI
9. Sources are not Friends
Project Purpose: To demonstrate problems with social media
Potential Responses: If you can open your students eyes to the issues
surrounding social networks at work you will be doing them a huge favor.
There are so many examples on the Internet of people who are out sick or
