Chapter 3: Information Systems: Ethics, Privacy and Information Security

 

3.1 Ethical Issues:

·       Ethics: are principals of right or wrong that any individual use to guide a certain action or behaviour.

·        Code of Ethics: is a collection of principles that are intended to guide decision making by members of an organization.

·       Fundamental Tenets of Ethics:

o   Responsibility: is a social force that binds you to your obligations.

o   Accountability: is the responsibility to someone or for some activity.

o   Liability: anything that is owed to someone else for example, individuals have the right to recover the damages done to them by other individuals, organizations, or systems.

·       Ethical issues:

o   Privacy Issues.

      o   Accuracy Issues.

o   Property Issues.

o   Accessibility Issues.

·       Threats to Privacy:

o   Electronic Surveillance.

o   Personal Information in Databases.

o   Information on Internet Bulletin Boards, Newsgroups, and Social Networking Sites.

·       Protecting Privacy:

o   Privacy Codes and Policies:

§  Opt-out Model: the organization collects personal information from the customers.

§  Opt-in Model: the organization is prohibited from collecting information from the customer.

3.2 Threats to Information Security:

·       Factors Increasing the Threats to Information Security:

o   Today’s interconnected, interdependent, wirelessly-networked business environment.

     o   Government legislation.

o   Smaller, faster, cheaper computers and storage devices.

o   Decreasing skills necessary to be a computer hacker.

o   International organized crime turning to cybercrime.

o   Downstream liability.

o   Increased employee use of unmanaged devices.

o   Lack of management support.

 

·       Categories of Threats to Information Systems:

o   Unintentional acts:

§  Human errors.

§  Deviations in quality of service by service providers (e.g., utilities or heavy equipments).

§  Environmental hazards (e.g., dirt and static electricity).

o   Natural disasters:

§  Floods, Earthquake, Hurricanes and fires.

 

o   Technical failures:

§  Problems with hardware and software.

 

o   Management failures:

§  Lack of funding for information security efforts for example lack of leadership causes the information security of the organization to suffer.

o   Deliberate acts:

§  Information Extortion.

§  Identity Theft.

§  Theft of Equipment and Information.

§  Software attack.

§  A supervisory control and data acquisition (SCADA) system is a large-scale, distributed, measurement and control system.

 

 

3.3 Protecting Information Resources:

·       Risk Management:

o   Risk analysis

o   Risk mitigation:

§  Risk Acceptance. Accept the potential risk, continue operating with no controls, and absorb any damages that occur.

§  Risk limitation. Limit the risk by implementing controls that minimize the impact of threat.

§  Risk transference. Transfer the risk by using other means to compensate for the loss, such as purchasing insurance.

·       Controls:

o   Physical controls:

§  Physical protection of computer facilities and resources from unauthorized individuals through walls, door locks or alarm system.

 

o   Access controls:

§  Restriction of unauthorized user access to computer resources; use biometrics and passwords controls for user identification.

o   Communications (network) controls:

§  The protection of data across networks and include border security controls, authentication and authorization.

o   Application controls:

§  Protect specific applications.

·       Business Continuity Planning, Backup, and Recovery:

o   Hot Site is a fully configured computer facility, with all services, communications links, and physical plant operations.

o   Warm Site provides many of the same services and options of the hot site, but it typically does not include the actual applications the company runs.

o   Cold Site provides only rudimentary services and facilities and so does not supply computer hardware or user workstations.

·       Information Systems Auditing:

o   Types of Auditors and Audits:

§  Internal: Performed by corporate internal auditors.

§  External: Reviews internal audit as well as the inputs, processing and outputs of information systems.

·       IS Auditing Procedure:

o   Auditing around the computer means verifying processing by checking for known outputs or specific inputs.

o   Auditing through the computer means inputs, outputs and processing are checked.

o   Auditing with the computer means using a combination of client data, auditor software, and client and auditor hardware.

 

Chapter 7: Wireless Technologies and the Modern Organization

 

7.1 Wireless Technologies:

·       Wireless devices: are small devices which produced for people who travel from one place to another. It will save and allocate their time between personal and professional obligations.

o   Capabilities of Wireless Devices:

§  Bluetooth, Wi- Fi, Digital Camera, GPS, QWERTY keyboard…

·       Wireless Transmission Media:

o   Microwave transmission systems

o   Satellite transmission:

§  Geostationary (GEO)

§  Medium-earth-orbit (MEO)

§  Low-earth-orbit (LEO)

o   Radio transmission

o   Infrared: red light that is not visible for human eyes and it is used in remote control in VCR.DVD and CD.

 

7.2 Wireless Computer Networks and Internet Access:

 

·       Short range wireless networks:

o   Bluetooth.

o   Ultra Wideband Network (UWB).

o   Near Field Communication Network (NFC).

·       Medium range wireless networks:

o   Wireless Fidelity (Wi-Fi).

o   Wireless Mesh Networks.

·       Wide area wireless networks:

o   Cellular Radio:

§  1^st Generation: analog signals and low bandwidth.

§  2^nd Generation: digital signals for voice and data communication up to 10 Kbps.

§  2.5 Generation: digital voice and data communication up to 144 Kbps.

§  3^rd Generation: digital voice and data communication up to 384 Kbps.

o   Wireless Broadband or WIMAX: is more secured and can access to rural areas.

 

7.3 Mobile Computing and Mobile Commerce:

 

·       Mobile computing: designed for people who travel and do their work from anywhere. It has 2 characteristics:

o   Mobility: they can carry the mobile device to any place.

o   Broad reach: when they carry an open mobile, they can be reached even they are in a great distance.

o   These two characteristics created five value-added attributes that break the barriers of geography and time:

§  Ubiquity

§  Convenience

§  Instant connectivity

§  Personalization

§  Localization of products and services

·       Mobile Commerce: is driven by 5 factors, which are:

o   Widespread availability of mobile devices.

o   No need for a PC.

o   The “Cell phone culture”.

o   Declining prices.

o   Bandwidth improvement.

 

·       Mobile Commerce Applications:

o   Financial Services:

o   Mobile Banking

o   Wireless Electronic Payment Systems

o   Micropayments

o   Mobile (Wireless) Wallets

o   Wireless Bill Payments

o   Intra business Applications

o   Accessing Information via:

§  Mobile Portal

§  Voice Portal

o   Location-Based Applications:

o   Shopping from Wireless Devices.

o   Location-based Advertising.

o   Location-based Services.

o   Wireless Telemedicine.

o   Telemetry Application.

 

7.4 Pervasive Computing:

 

·       Radio frequency identification (RFID): technology allows manufacturers to attach tags with antennas and computer chips on goods and then track their movement through radio signals.

·       Wireless sensor networks (WSNs): are networks of interconnected, battery-powered, wireless sensors that are placed into the physical environment.

 

7.5 Wireless Security:

·       major threats to wireless networks:

o   Rogue access point: is an unauthorized access point to a wireless network.

o   War driving: is the act of locating WLANs while driving around a city or elsewhere.

o   Eavesdropping: refers to efforts by unauthorized users to try to access data traveling over wireless networks.

o   RF (Radio frequency) jamming: is when a person or a device intentionally or unintentionally interferes with your wireless network transmissions.