Saturday 4 May 2013

Chapter 3: Information Systems: Ethics, Privacy and Information Security


 
3.1 Ethical Issues:

·       Ethics: are principals of right or wrong that any individual use to guide a certain action or behaviour.
·        Code of Ethics: is a collection of principles that are intended to guide decision making by members of an organization.

·       Fundamental Tenets of Ethics:

o   Responsibility: is a social force that binds you to your obligations.
o   Accountability: is the responsibility to someone or for some activity.
o   Liability: anything that is owed to someone else for example, individuals have the right to recover the damages done to them by other individuals, organizations, or systems.

·       Ethical issues:

o   Privacy Issues.
      o   Accuracy Issues.

o   Property Issues.

o   Accessibility Issues.

·       Threats to Privacy:

o   Electronic Surveillance.

o   Personal Information in Databases.

o   Information on Internet Bulletin Boards, Newsgroups, and Social Networking Sites.


·       Protecting Privacy:

o   Privacy Codes and Policies:

§  Opt-out Model: the organization collects personal information from the customers.

§  Opt-in Model: the organization is prohibited from collecting information from the customer.


3.2 Threats to Information Security:

·       Factors Increasing the Threats to Information Security:

o   Today’s interconnected, interdependent, wirelessly-networked business environment.
     o   Government legislation.
o   Smaller, faster, cheaper computers and storage devices.
o   Decreasing skills necessary to be a computer hacker.
o   International organized crime turning to cybercrime.
o   Downstream liability.
o   Increased employee use of unmanaged devices.
o   Lack of management support.
 

·       Categories of Threats to Information Systems:

o   Unintentional acts:

§  Human errors.
§  Deviations in quality of service by service providers (e.g., utilities or heavy equipments).
§  Environmental hazards (e.g., dirt and static electricity).

o   Natural disasters:

§  Floods, Earthquake, Hurricanes and fires.
 

o   Technical failures:

§  Problems with hardware and software.
 

o   Management failures:

§  Lack of funding for information security efforts for example lack of leadership causes the information security of the organization to suffer.

o   Deliberate acts:

§  Information Extortion.

§  Identity Theft.
§  Theft of Equipment and Information.
§  Software attack.
§  A supervisory control and data acquisition (SCADA) system is a large-scale, distributed, measurement and control system.
 
 
3.3 Protecting Information Resources:
·       Risk Management:
o   Risk analysis
o   Risk mitigation:
§  Risk Acceptance. Accept the potential risk, continue operating with no controls, and absorb any damages that occur.
§  Risk limitation. Limit the risk by implementing controls that minimize the impact of threat.
§  Risk transference. Transfer the risk by using other means to compensate for the loss, such as purchasing insurance.
·       Controls:
o   Physical controls:
§  Physical protection of computer facilities and resources from unauthorized individuals through walls, door locks or alarm system.
 
o   Access controls:
§  Restriction of unauthorized user access to computer resources; use biometrics and passwords controls for user identification.
o   Communications (network) controls:
§  The protection of data across networks and include border security controls, authentication and authorization.
o   Application controls:
§  Protect specific applications.
·       Business Continuity Planning, Backup, and Recovery:
o   Hot Site is a fully configured computer facility, with all services, communications links, and physical plant operations.
o   Warm Site provides many of the same services and options of the hot site, but it typically does not include the actual applications the company runs.
o   Cold Site provides only rudimentary services and facilities and so does not supply computer hardware or user workstations.

·       Information Systems Auditing:
o   Types of Auditors and Audits:
§  Internal: Performed by corporate internal auditors.
§  External: Reviews internal audit as well as the inputs, processing and outputs of information systems.
·       IS Auditing Procedure:
o   Auditing around the computer means verifying processing by checking for known outputs or specific inputs.
o   Auditing through the computer means inputs, outputs and processing are checked.
o   Auditing with the computer means using a combination of client data, auditor software, and client and auditor hardware.
 

Chapter 7: Wireless Technologies and the Modern Organization


 
7.1 Wireless Technologies:

·       Wireless devices: are small devices which produced for people who travel from one place to another. It will save and allocate their time between personal and professional obligations.
o   Capabilities of Wireless Devices:
§  Bluetooth, Wi- Fi, Digital Camera, GPS, QWERTY keyboard…


·       Wireless Transmission Media:
o   Microwave transmission systems
o   Satellite transmission:

§  Geostationary (GEO)
§  Medium-earth-orbit (MEO)
§  Low-earth-orbit (LEO)
o   Radio transmission
o   Infrared: red light that is not visible for human eyes and it is used in remote control in VCR.DVD and CD.
 
7.2 Wireless Computer Networks and Internet Access:
 
·       Short range wireless networks:
o   Bluetooth.
o   Ultra Wideband Network (UWB).
o   Near Field Communication Network (NFC).
·       Medium range wireless networks:
o   Wireless Fidelity (Wi-Fi).
o   Wireless Mesh Networks.
·       Wide area wireless networks:
o   Cellular Radio:
§  1st Generation: analog signals and low bandwidth.
§  2nd Generation: digital signals for voice and data communication up to 10 Kbps.
§  2.5 Generation: digital voice and data communication up to 144 Kbps.
§  3rd Generation: digital voice and data communication up to 384 Kbps.
o   Wireless Broadband or WIMAX: is more secured and can access to rural areas.
 
7.3 Mobile Computing and Mobile Commerce:
 
·       Mobile computing: designed for people who travel and do their work from anywhere. It has 2 characteristics:
o   Mobility: they can carry the mobile device to any place.
o   Broad reach: when they carry an open mobile, they can be reached even they are in a great distance.
o   These two characteristics created five value-added attributes that break the barriers of geography and time:
§  Ubiquity
§  Convenience
§  Instant connectivity
§  Personalization
§  Localization of products and services

·       Mobile Commerce: is driven by 5 factors, which are:
o   Widespread availability of mobile devices.
o   No need for a PC.
o   The “Cell phone culture”.
o   Declining prices.
o   Bandwidth improvement.
 
·       Mobile Commerce Applications:
o   Financial Services:
o   Mobile Banking
o   Wireless Electronic Payment Systems
o   Micropayments
o   Mobile (Wireless) Wallets
o   Wireless Bill Payments
o   Intra business Applications
o   Accessing Information via:
§  Mobile Portal
§  Voice Portal
o   Location-Based Applications:
o   Shopping from Wireless Devices.
o   Location-based Advertising.
o   Location-based Services.
o   Wireless Telemedicine.
o   Telemetry Application.
 
7.4 Pervasive Computing:
 
·       Radio frequency identification (RFID): technology allows manufacturers to attach tags with antennas and computer chips on goods and then track their movement through radio signals.
·       Wireless sensor networks (WSNs): are networks of interconnected, battery-powered, wireless sensors that are placed into the physical environment.
 
7.5 Wireless Security:
·       major threats to wireless networks:
o   Rogue access point: is an unauthorized access point to a wireless network.
o   War driving: is the act of locating WLANs while driving around a city or elsewhere.
o   Eavesdropping: refers to efforts by unauthorized users to try to access data traveling over wireless networks.
o   RF (Radio frequency) jamming: is when a person or a device intentionally or unintentionally interferes with your wireless network transmissions.