INTRODUCTION TO MANAGEMENT

INFORMATION SYSTEMS
MIFS101
 CHAPTER 5
SECURITY AND PRIVACY

© Cengage Learning 2015

 OBJECTIVES

• Explain Ethics
• Challenges related to Ethical issues
• Privacy and related things
• Security and its importance
• Human behavior

© Cengage Learning 2015 3

 5.1 ETHICS
• Ethics, privacy, and security issues underscore how the human element is so tightly
linked with the other three components of information systems: Technology, Processes,
and Data.
• Ethics refers to a system of moral principles that human beings use to judge right and
wrong and to develop rules of conduct.
• Two ethical systems are widely adopted.
• One system emphasizes natural laws and rights, it judges the morality of an action
based on how well it adheres to broadly accepted rules.
• A second system, called utilitarianism, considers the consequences of an action,
weighing its good effects against its harmful ones.
© Cengage Learning 2015 4
 5.2 ETHICS AND THE LAW
• Laws are grounded in ethical principles, such as the protection of private property and
free speech.
• Some laws have less to do with ethics and instead come into existence.
• Laws don’t cover all ethical principles, so just because an action is legal does not mean it
is ethical.

© Cengage Learning 2015 5

 5.3 PRIVACY
• Privacy is a fundamental human right.
• Information privacy, which refers to the protection of data about individuals.
• Convenience
• Disclose personal data for ease of use
• Earn trust by adhere to organization’s privacy policy:
• state the data collected and why and ensure the data protection
• Anonymity
• protect identity
• Protect criminals and spammers
• Surveillance
• Monitor all the processes inside organization ( e-mails, web surfing)
• Untrust issues
© Cengage Learning 2015 6
 5.3 INFORMATION SECURITY
• Information Security is the protection of an organization’s information assets against
misuse, disclosure, unauthorized access, or destruction.
• Many threats to information security arise both inside and outside the organization.
• Threats can be natural events or human-made, accidental, or deliberate.
• Risk managers consider many issues with a clear understanding of what information
assets need protection.
• Governments must secure classified documents, and companies must protect their
trade secrets.

© Cengage Learning 2015 7

 5.3 INFORMATION SECURITY
• Risk management will answer the below questions and managing the threats.
• What information needs protection?
• What are the major threats from inside and outside the organization?
• What are the Organization’s weaknesses, strengths and vulnerabilities?
• What would be the impact of the risk?
• How can be mitigate the risks?
• An organization’s risk assessment must examine its vulnerabilities.
• Once it has analyzed, the organization can evaluate controls that fill in security gaps
and protect against specific threats.

© Cengage Learning 2015 8

 5.4 IDENTIFYING THREATS
• Many kind of attempts to install malware (malicious software) designed to attack
systems that launched by cyber criminals.
• The cyber criminals capture user IDs, passwords, credit card numbers, and other
sensitive information.
• One of the attack is the Distributed Denial of Service (DDoS), directed to a single site,
causing it to slow or just crash. These attacks cost organizations many millions of
dollars in downtime, lost business, and lost client.
• Another type of attack is Phishing attack, typically start with an e-mail which is asked to
click on a link. Recipients click that which appears to be a genuine website, where they
give their personal details.

© Cengage Learning 2015 9

 5.5 ADMINISTRATIVE SECURTY CONTROLS
• Administrative security controls include all the processes, policies, and plans to enhance
information security and ensure it can recover.
• They may restrict the Internet sites employees can visit.
• Industries handle sensitive information will need to put very strict policies in place and
ensure employees adhere to them.
• Incident response plan is necessary to react when the problem arise in the organization.

© Cengage Learning 2015 10

 5.6 TECHNICAL SECURITY CONTROLS
• Technical controls for preventing unauthorized access.
• Multi-factor authentication combines two or more authentication strategies, creating
much stronger security against unauthorized access to sensitive information.
• A powerful technical control that protects sensitive data is encryption.
• For Internet transmission, a popular strategy is, one to encrypt the data and the other
to decrypt it.
• The most important defense tool is the firewall, a technical control that inspects
incoming and outgoing traffic and either blocks or permits it.

© Cengage Learning 2015 11

 5.7 HUMAN SECURITY CONTROLS
• Human memory make the password, the most widely used authentication strategy, a serious
vulnerability.
• People tend to create very weak passwords that are easy to remember or easy to crack.
• Technical controls can force users to embed numbers and nonalphabetic characters and
change them frequently, the results are still not promising.
• Users write the passwords down and reuse them on multiple systems.
• To reduce the intellectually with multiple passwords, implement the single sign-on, and gain
access to multiple software applications.
• To educate people about the risk that we should give awareness in Organization policies &
procedures, Laws and regulations, Security tools and Social engineering forms.

© Cengage Learning 2015 12

 SUMMARY
1. Ethics is a system of moral principles used to judge right from wrong.
2.Information ethics focuses on the storage and transmission of digitized data, and raises both
ethical and legal issues.
3. Privacy is under considerable pressure because of the growing volume of personal information
online, the complexity of privacy settings and privacy policies.
4. Information security ensures the protection of an organization’s information assets against
misuse, disclosure, unauthorized access, or destruction.
5. Organizations use risk management to identify assets needing protection, identify threats, assess
vulnerabilities, determine the impact of each risk.
6.Human beings prize productivity highly and Social engineering tactics take advantage of human
behavioral tendencies to manipulate people into disclosing sensitive information.
7.Training in security awareness and ethical decision making can help counteract these weaknesses.

© Cengage Learning 2015 13