978-0073402987 Chapter 4 Chapter 4 Closing Material Part 2

Type

Quiz

Book Title

Business Driven Information Systems 5th Edition

ISBN 13

978-0073402987

April 4, 2019

CHAPTER four

CLOSING MATERIAL

OPENING CASE QUESTIONS

FIVE WAYS HACKERS GET INTO YOUR BUSINESS

1 Knowledge: De%ne information ethics and information security

and explain whether they are important to help prevent hackers

from gaining access to an organization.

Advances in technology make it easier for people to copy everything

from music to pictures. Technology poses new challenges for our ethics

— the principles and standards that guide our behavior toward other

people. Information ethics govern the ethical and moral issues arising

from the development and use of information technologies, as well as the

creation, collection, duplication, distribution, and processing of

information itself (with or without the aid of computer technologies).

2 Comprehension: Identify two epolicies that a business could

implement to ensure the protection of sensitive corporate data

from hackers.

Students can choose any of the six epolicies a business would want to

include to protect its information.

• An ethical computer use policy contains general principles to guide

computer user behavior. For example, it might explicitly state that

users should refrain from playing computer games during working

hours.

• An information privacy policy contains general principles regarding

information privacy.

• An acceptable use policy (AUP) is a policy that a user must agree to

3 Application: Demonstrate how a business can use authentication

and authorization technologies to prevent hackers from gaining

access to organizational systems.

Authentication and authorization: Authentication is a method for

4 Analysis: Analyze how a business can use prevention and

resistance technologies to safeguard its employees from hackers

and viruses.

Prevention and resistance: Content ,ltering occurs when organizations

use software that ,lters content, such as emails, to prevent the

accidental or malicious transmission of unauthorized information.

5 Synthesis: Explain why hackers want to gain access to

organizational data.

Data includes the keys to the kingdom and if a hacker gains access to

your sensitive corporate data they can easily destroy your business.

Information security policies identify the rules required to maintain

information security, such as requiring users to log o3 before leaving for

lunch or meetings, never sharing passwords with anyone, and changing

6 Evaluate: Evaluate additional ways hackers can gain access to

organizational data.

Hackers can walk through the smoking door. They could social engineer

an employee to allow them in or to accidently provide their username

REVIEW QUESTIONS

1. What are ethics and why are they important to a company?

As it becomes easier for people to copy everything from words and data

to music and video, the ethical issues surrounding copyright infringement

2. What is the relationship between information management,

governance, and compliance?

Information management examines the organizational resource of

information and regulates its de,nitions, uses, value, and distribution

ensuring it has the types of data/information required to function and

3. Why are epolicies important to a company?

Organizations should develop written policies establishing employee

guidelines, employee procedures, and organizational rules for information.

These policies set employee expectations about the organization’s

practices and standards and protect the organization from misuse of

4. What is the correlation between privacy and con%dentiality?

Privacy is the right to be left alone when you want to be, to have control

over your personal possessions, and not to be observed without your

consent. Privacy is related to con,dentiality, which is the assurance that

5. What is the relationship between adware and spyware?

Adware is software that, while purporting to serve some useful function

and often ful,lling that function, also allows Internet advertisers to display

6. What are the positive and negative e<ects associated with

monitoring employees?

The best path for an organization planning to engage in employee

monitoring is open communication including an employee monitoring

7. What is the relationship between hackers and viruses?

Hackers are experts in technology who use their knowledge to break into

8. Why is security a business issue, not just a technology issue?

The ,rst line of defense for security are people. People need to be

educated about security issues. Without people adhering to security

9. What are the growing issues related to employee communication

methods and what can a company do to protect itself?

Employees communicate on mobile devices, tablets, and computers. All

of the methods of communication need to be secure and protected. If one

10. How can a company participating in ebusiness keep its

information secure?

Information security takes people and technology. Informing the people

about security policies and security issues will help to ensure the

information is safe. The company must also implement all of the security

11. What technologies can a company use to safeguard

information?

Authentication and authorization technologies such as biometcis and

passwords can protect access. Prevention and resistance technologies

12. Why is ediscovery important to a company?

Ediscovery (or electronic discovery) refers to the ability of a company to

identify, search, gather, seize, or export digital information in responding

13. What are the reasons a company experiences downtime?

Downtime can occur for many number of reasons from ,res, :oods,

tornados, sinks over:owing, and mice easting the power wires.

14. What are the costs associated with downtime?

Costs from downtime include revenue losses, damaged reputation, and

poor performance.

CLOSING CASE ONE QUESTIONS

Targeting Target

1 How did the hackers steal Target’s customer data?

The biggest retail hack in U.S. history wasn’t particularly inventive, nor

did it appear destined for success. In the days prior to Thanksgiving

2013, someone installed malware in Target’s security and payments

2 What types of technology could big retailers use to prevent

identity thieves from stealing information?

Authentication and authorization technologies will help retailers prevent

hackers from accessing their systems. Prevention and resistance

technologies can help to ensure hackers can’t access the networks by

installing ,rewalls and antivirus software. Prevention and resistance:

Content ,ltering occurs when organizations use software that ,lters

3 What can organizations do to protect themselves from hackers

looking to steal account data?

Information security policies identify the rules required to maintain

information security, such as requiring users to log o3 before leaving for

lunch or meetings, never sharing passwords with anyone, and changing

4 In a team, research the Internet and %nd the best ways to

protect yourself from identity theft.

http://www.consumer.gov/idtheft/

This is the Federal Trade Commission national resource about identity

theft. The Website offer a one-stop national resource to learn about the

crime of identity theft. It provides detailed information to help you

Deter, Detect, and Defend against identity theft. While there are no

CLOSING CASE TWO

To Share or Not to Share

1. De%ne information ethics and information security and explain

why each is critical to any business.

Advances in technology make it easier for people to copy everything

from music to pictures. Technology poses new challenges for our ethics

— the principles and standards that guide our behavior toward other

people. Information ethics govern the ethical and moral issues arising

2. Identify two epolicies that a business could implement to

ensure the protection of sensitive corporate date.

Students can choose any of the six epolicies a business would want to

include to protect its information.

oAn ethical computer use policy contains general principles to

guide computer user behavior. For example, it might explicitly

state that users should refrain from playing computer games

during working hours.

oAn information privacy policy contains general principles

regarding information privacy.

3. Demonstrate how a business can use authentication and

authorization technologies to prevent information theft.

Authentication and authorization: Authentication is a method for

con,rming users’ identities. Once a system determines the

authentication of a user, it can then determine the access privileges (or

4. Analyze how a business can use prevention and resistance

technologies to safeguard its employees form hackers and

viruses.

Prevention and resistance: Content ,ltering occurs when organizations

use software that ,lters content, such as emails, to prevent the

accidental or malicious transmission of unauthorized information.

5. Propose a plan to implement information security plans to

ensure your critical information is safe and protected.

Information security policies identify the rules required to maintain

information security, such as requiring users to log o3 before leaving for

lunch or meetings, never sharing passwords with anyone, and changing

6. Evaluate the information security issues facing a business and

identify its three biggest concerns.

If the wrong person is on the team that builds the outsourced

CRITICAL BUSINESS THINKING

Instructor Note: There are few right or wrong answers in the business

world. There are really only e?cient and ine?cient, and effective and

ineffective business decisions. If there were always right answers businesses

would never fail. These questions were created to challenge your students to

1. CHEERLEADER CHARGED $27,750 FOR FILE SHARING 37 SONGS

Project Purpose: To understand the costs associated with violating

copyrights.

Potential Solution: This is an amazing story to share with your students

2. POLICE RECORDS FOUND IN OLD COPY MACHINES

Project Purpose: To see an example of unintended information privacy

violations.

Potential Solution: Again, another excellent example of how information

privacy can be violated without even knowing as I’m sure most of your

3. FIREWALL DECISIONS

Project Purpose: To analyze a business decision regarding ,rewalls

Potential Responses: The total cost of the investment for three years

is $125,000 (80 + (15 *3)). The company is currently losing $250,000 per

4. PREVENTING IDENTIFY THEFT

Project Purpose: To use different types of information security

surrounding identity theft

Potential Responses: Student answers to this question will vary

depending on when you access the Websites. The important part of this

activity is for your students to learn how to protect their identity from

theft. The Federal Trade Commission national resource about identity theft

Website offer a one-stop national resource to learn about the crime of

5.DISCUSSING THE THREE AREAS OF INFORMATION SECURITY

Project Purpose: To explain and identify information security

weaknesses

Potential Responses: An information security policy identi,es the rules

required to maintain information security. The information security policies

could include reprimands for leaving a computer unsecured, require users

to logo3 systems when attending meetings or leaving for lunch, changing

passwords every 30 days, and not allowing spam from company email,

6. SPYING ON EMAIL

Project Purpose: To analyze the ethics surrounding email monitoring

Potential Responses: Student answers will vary depending on their

personal ethics. Some students will feel that monitoring children’s

communications is a parent’s right, while others will feel strongly against

this type of behavior.

Ethical email monitoring: a boss monitoring an employee’s email who

7. STEALING SOFTWARE

Project Purpose: To demonstrate ethical decisions in relation to pirated

software

Potential Responses: Your students’ reaction to the statement will vary

based on their individual ethics. Some students will agree with the right of

8. Censoring Google

Project Purpose: To demonstrate global ethical dilemmas

Potential Responses: There are a number of interesting videos online

discussing the censorship issues and China. Ask your students to review

the videos and determine issues associated with censorship. Many of

BBC Story On China Censorship- Video

http://news.bbc.co.uk/2/hi/asia-paci,c/8582233.stm

Google to Stop Censoring China

http://www.youtube.com/watch?v=hPvG3QW8AzI

9. Sources are not Friends

Project Purpose: To demonstrate problems with social media

Potential Responses: If you can open your students eyes to the issues

surrounding social networks at work you will be doing them a huge favor.

There are so many examples on the Internet of people who are out sick or