Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
ETHICS AND INFORMATION
SECURITY
Ethics (from the Ancient Greek "ethikos" meaning "Theory of living")
attempts to understand the nature of morality; to distinguish that which is
right from that which is wrong. Ethics in plain words means studying and
analyzing right from wrong; good from bad. Information security deals with
several di#erent "trust" aspects of information. Information security is not
con$ned to computer systems, nor to information in an electronic or
machine-readable form. It applies to all aspects of safeguarding or protecting
information or data, in whatever form.
SECTION 4.1 - ETHICS
Information Ethics
Developing Information Management Policies
SECTION 4.2 - INFORMATION SECURITY
Protecting Intellectual Assets
The First Line of Defense—People
The Second Line of Defense—Technology
4
CHAPTER
SECTION 4.1
ethics
Advances in technology make it easier for people to copy everything from
music to pictures. Technology poses new challenges for our ethics — the
principles and standards that guide our behavior toward other people.
LEARNING OUTCOMES
Learning Outcome 4.1: Explain the ethical issues in the use of
information technology.
Information ethics govern the ethical and moral issues arising from the
development and use of information technologies, as well as the creation,
collection, duplication, distribution, and processing of information itself (with
or without the aid of computer technologies). Ethical dilemmas in this area
usually arise not as simple, clear-cut situations but as clashes between
competing goals, responsibilities, and loyalties. Inevitably, there will be more
than one socially acceptable or “correct” decision. For this reason, acting
ethically and legally are not always the same.
Learning Outcome 4.2: Identify the six epolicies organizations
should implement to protect themselves.
An ethical computer use policy contains general principles to guide
computer user behavior. For example, it might explicitly state that
users should refrain from playing computer games during working
hours.
An information privacy policy contains general principles regarding
information privacy.
An acceptable use policy (AUP) is a policy that a user must agree to
follow in order to be provided access to corporate email, information
systems, and to the Internet.
An email privacy policy details the extent to which email messages
may be read by others.
A social media policy outlines the corporate guidelines or principles
governing employee online communications.
An employee monitoring policy states explicitly how, when, and where
the company monitors its employees.
CLASSROOM OPENER
NOT-SO-GREAT BUSINESS DECISIONS – Scrushy Faces 30
Years in Prison
Richard Scrushy, former chief executive of HealthSouth, was convicted of
bribing Don Siegelman, former governor of Alabama, for a seat on the state's
hospital regulatory board, which oversaw some of his company's facilities.
The verdict came a year and a day after Mr. Scrushy was found not guilty of
involvement in a $2.7 billion accounting fraud at HealthSouth, which he built
from scratch into America's largest provider of rehabilitative healthcare. Mr.
Siegelman, a Democrat who was governor from 1999 to 2003, was also
convicted of bribery and mail fraud, following a seven-week trial and 11 days
of jury deliberations. Prosecutors accused Mr. Siegelman of operating a "pay
to play" scheme in which companies and contractors gave political donations
in return for contracts and favors. The pair could each face up to 30 years in
jail for the crimes.
UBS, the Swiss investment bank, was embroiled in the case through its role
as former banker to HealthSouth. A former UBS banker testi$ed that the
bank had helped engineer Mr. Scrushy's payment to the lottery campaign by
forgiving $250,000 in fees it was owed by a healthcare company through
which the donation was funneled.
Mike Martin, HealthSouth's former chief $nancial o@cer, told the jury he had
put pressure on UBS, at Mr. Scrushy's behest, to help $nance the donation.
Mr. Scrushy denied the donation was a bribe, arguing he wanted to foster
good relations with the governor and support his push to improve public
education through a lottery.
HealthSouth was among the raft of US companies where large scale frauds
were discovered in the wake of the accounting scandals at Enron and
WorldCom.
CLASSROOM EXERCISE
What Right Do I Have?
Bring a USB drive into class
At the beginning of class state that you found the USB drive and does it
belong to anyone?
How can you determine whose USB drive it is?
Should you plug it into your computer and read the information?
Is that ethical?
What if the drive has all of the salaries of everyone at college or all of the
grades for every student?
What if the drive contains a virus that wipes out your computer?
What should you do?
CLASSROOM EXERCISE
Analyzing an Ethical Computer Use Policy
Break your students into groups and ask them to develop and de$ne several
ethical computer use policies that would be appropriate for your school or for
a business of your choice. Have your students present their policies to the
entire class.
Examples: Users will not send spam
Users will not send harmful viruses
Users will not use o#ensive language or send o#ensive material
Additional exercise: Have your students research the Internet for current
lawsuits based on o#ensive email. Could the lawsuit have been prevented
through the implementation of an ethical computer use policy?
CLASSROOM EXERCISE
Great Video on Lack of Privacy on Facebook
Many students believe that what they put on the Internet is their property and they have
automatic privacy. This is a great video to open their eyes to what is put on the Internet stays on
the Internet.
http://www.forbes.com/sites/jacobmorgan/2014/08/19/privacy-is-completely-and-utterly-dea
d-and-we-killed-it/
CLASSROOM EXERCISE
Bogus Computer Expert Goes From Witness to Federal
Prison
Interesting article. I discussed the article in my class and asked my students
what could happen to a business if it followed the advice of a "fake" expert.
Perhaps knowing something about IT could help them in the future if they
encounter a fake expert. I also asked them if this could happen in other
areas not just IT, such as Accounting Field, Finance Field, Management Field,
etc.
The courtroom star witness pleaded guilty to faking his credentials, possibly
putting several cases in question.
http://www.informationweek.com/news/showArticle.jhtml?
articleID=199500244
CLASSROOM EXERCISE
Device Cheating Debate
Banning baseball caps during tests was obvious -- students were writing the
answers under the brim. Then, schools started banning cell phones, realizing
students could text message the answers to each other. Now, schools across
the country are targeting digital media players and cell phones as a potential
cheating device. Devices can be hidden under clothing, with just an ear bud
and a wire snaking behind an ear and into a shirt collar to give them away,
school o@cials say.
Ask your students to debate For and Against a ban on electronic devices in
your schools.
Students downloading formulas onto digital media players
Some students say bans ine#ective as cheaters will $nd another way
CLASSROOM EXERCISE
Who is Reading Your Email?
Ask your students...Do they know who is reading their email? Their text
messages? Their phone calls?
Did you know that more than one-quarter of U.S. companies have $red an
employee in the last year for violating email policies?
I Was Fired For Hitting Reply All
http://www.thegrindstone.com/2012/01/27/career-management/i-was-fired-because-of-reply-all-t
errifying-true-story-545/
CLASSROOM EXERCISE
HOT MIS SKILLS - SECURITY
The IT security job market is booming -- but that doesn't mean everyone is
automatically getting a job, or the right job. And just like the threat
landscape is rapidly evolving, so are the quali$cations and qualities needed
for positions in the security profession.
There's a conundrum between supply and demand: Employers are looking for
security candidates who can $ll a speci$c need, such as incident response or
risk management, while security pros on the job hunt want to build on their
existing skills and advance their careers. "But employers don't want to hire
someone to get experience on their dime," says Lee Kushner, president of LJ
Kushner and Associates, an IT security recruitment $rm.
Ask your students to read the article and answer the following:
• Why is IT security critical for a company? Do you think this is an area that
is going to grow or shrink over the next decade?
• List the six hot skills and rank them in order of importance for an online
business. Be sure to include the justi$cation for your ranking.
• Of the six hot skills which one interests you the most? What can you do to
ensure you have the skills to get the job you want?
http://www.darkreading.com/vulnerability_management/security/governm
ent/showArticle.jhtml?
articleID=224701863&cid=nl_DR_DAILY_2010-05-14_h
CLASSROOM EXERCISE
PEOPLE IN PRISON ARE BETTER THAN THOSE FOUND IN
CORPORATE AMERICA
Former Qwest chief executive o@cer Joe Nacchio sported a shaved head,
goatee, black-framed glasses and a khaki prison jumpsuit for a hearing in
Denver in which he was granted a waiver from attending his resentencing in
June. Nacchio, who is serving a six-year prison term in Pennsylvania for
criminal insider trading, received a federal escort to U.S. District Court in
Denver to attend the hearing. In spring 2007, Nacchio was convicted on 19
counts of illegal insider trading connected to his sale of $52 million in Qwest
stock in early 2001. A year into his prison term, and appearing slimmer
than he did during his trial, Nacchio told Krieger on Tuesday that he has met
"plenty of $ne people" behind bars. "As a matter of fact, I'd go so far to say
I've met better people in prison than people I used to work with," said
Nacchio, who once referred to U S West workers as "clowns."
Ask your students to read the article and discuss the following:
• Are white collar criminals, such as Joe Nacchio, Ken Lay from Enron,
and Bernie Mado# the Ponzi scam king, worse than common criminals?
• What are the corporate social responsibilities associated with corporate
executives?
• Who are the people primarily hurt when CEOs act unethically and
illegally?
• Do you agree that the government should have the right to monitor
public corporations? What about private corporations?
http://www.denverpost.com/statistics/ci_15018083?source=pkg
CLASSROOM EXERCISE
HACKER SENTENCED TO 20 YEARS WHILE WORKING AS AN
UNDERCOVER INFORMANT
Convicted TJX hacker Albert Gonzalez was sentenced to 20 years and a day,
and $ned $25,000 on Friday for his role in breaches into Heartland Payment
Systems, 7-Eleven and other companies. The sentence will run concurrently
with a 20-year sentence he received on Thursday in two other cases
involving hacks into TJX, O@ce Max, Dave & Busters restaurants and others,
so it adds only one day to his total prison term. Restitution will be decided at
a future hearing. “I understand the road to redemption will be long,” said
Gonzalez, 28, before the sentence was pronounced.
http://www.wired.com/threatlevel/2010/03/heartland-sentencing/?
utm_source=feedburner&utm_medium=feed&utm_campaign=Feed
%3A+wired%2Findex+%28Wired%3A+Index+3+
%28Top+Stories+2%29%29
Ask your students to read the article and discuss the following:
• Do you agree with Albert Gonzalez’s sentence ?
• Considering Albert Gonzalez didn’t pro$t from the data theft is his
sentence appropriate?
• Gonzalez’s crimes were committed mostly between 2005 and 2008
while he was drawing a $75,000 salary working for the U.S. Secret Service
as a paid undercover informant. How do you think being a paid
undercover informant contributed to Gonzalez’s crime?
CORE MATERIAL
The core chapter material is covered in detail in the PowerPoint slides. Each
slide contains detailed teaching notes including exercises, class activities,
questions, and examples. Please review the PowerPoint slides for detailed
notes on how to teach and enhance the core chapter material.
