IST 1101

Foundations of Information
Systems and Technology

Chapter 4 – Information systems in

business/organizations/community
(Part 2)
 Chapter 4 Outline
• Part 1
– Trend of Business Support Systems
– Strategic role of IS
– Introduction to electronic services
• Part 2
– Social, security, and ethical issues associated with
information systems
• Social: communal/common/societal/community
– Legal implications of information systems
– Ethical implications of information systems
Social implications of information systems (1)
1. Ease of access and availability of information
systems or services due to the rapid advances in
technology
2. Existence of Information rich & poor communities
 Widespread use of computers is dividing society
into information poor people (having limited
access to computers) & information rich people
(having easy access to computers)
3. Educational qualifications achieved due to ICTs
 Modern ICT allows citizens to study,
communicate, and participate in society
development.
Social implications of information systems (2)
4. Improved way of working of Knowledge workers
– People who add value by processing existing
information to create new information that could be
used to define and solve problems.
– Information systems have improved the quality of work
done by knowledge workers
5. Online retail businesses are supported
 Information systems have led to and supported online
businesses to enable internet shopping
 etc
Social and Security Issues/challenges
• Today computers have taken over human processors
because their operations overtake the limitations of
human processors. E.g.:
– They are cheap with respect to cost and
performance
– Can quickly process large volumes of data
• Consequently, majority of people have resorted to
using computers to improve their “ways of working”
• This has also provided “great opportunities” to
those who depend on fraud and crime/illegal
operations to survive or prosper.
Social and Security Issues/challenges
• A lot of data processing that takes place in an
Information System is not visible to the human
eye, thus control measures must be taken to
ensure that all business transactions are
correctly recorded & processed.
• ISs are used by human beings, and so are
vulnerable to deliberate abuse or accidental
misuse
– Thus, there is need to explore and understand
a number of social and security related issues
Social and Security Issues challenges
A. Security issues within the organisation
B. Security issues beyond the organisation
C. Operational problems and errors
D. Computer monitoring and invasion of privacy
E. Computers and unemployment
 A. Security Risks Within an organization
• A1. Processing of fraudulent transactions
• A2. Unauthorised access to data and program
files
• A3. Physical theft or damage of equipment
A1. Processing of fraudulent transactions (1)
• Fraud – the manipulation of organisation records to conceal
or hide an illegal act, e.g. theft of funds or other assets
– Computers “simplify” schemes of defrauding an
organisation, especially if security and control measures
are ignored.
– In manual systems, fraud is limited using “separation of
duties”, where at least two people are involved in a
process such that each one effectively controls activities
of the others.
• In a computerised IS, the opportunity to commit fraud
increases because separate duties/functions are automated
& bundled into a module, thus a single clerk/official is
responsible for running a complete transaction.
 A1. Processing of fraudulent transactions (2)
• Examples of fraudulent transactions include:
– Entering fictitious transactions:
• An Information system is used in the normal way too enter
forged transactions, but this is possible if governance or
control in the process/function that is being compromised is
loose.
– Modification of computer files:
• This requires more technical expertise to be able to
compromise the master file which has status information of
each file.
– Unauthorised changes to programs:
• Is usually limited to staff with programming expertise.
• E.g. skimming or salami technique, where a small amount is
deducted from each individual salary cheque and added to
a select individual’s payment.
 A1. Processing of fraudulent transactions (3)
• How can an organization limit fraud?
a) It must stress the need for honesty and ethical
behaviour in all business activities.
b) It must reduce the level of opportunity to commit fraud
by using, e.g.:
– Strong internal controls,
– Separation of duties,
– Restricted access to sensitive applications,
– Audit trails to record the origin of every transaction,
– Sequential numbering of events to ensure that
records cannot be deleted or reports destroyed.
A1. Processing of fraudulent transactions (4)
• How can an organization limit fraud (continued)?
c) When an organization discovers a case of fraud, action
must be taken against the offender.
– Some organizations do not prosecute guilty
employees for fear of the possible negative
publicity/image that the organization may receive in
the press
– This encourages criminals to repeat the activity in
their new working environment.
 A2. Unauthorised data access (1)
• Password protection is the most common method of protecting
corporate data.
– Criminals bypass the password method in various ways.
a) Fraudulent transactions are often carried out by unauthorised
users who manage to gain access to the corporate network by
using the login details of another user
– This is usually achieved using a terminal spoof, a terminal
spoof is a program that runs on a machine and looks like the
normal login screen.
b) Criminals make use of an unattended computer that has been
left on by a user who has logged in to the network and then
left the office
– Time-out or screen-saver programs with password
protection provide a simple barrier to this.
 A2. Unauthorised data access (2)
c) Some criminals develop offending codes (called
Trojan horse) that they add to a program, which will
activate under certain conditions to create an
undesirable situation.
d) Some criminals use the back-door technique, i.e. when
programmers are building systems, they may try to
bypass all the access security procedures to speed up
the development time.
– If these “back doors” are not removed, the
programmer can gain illegal entry into the system.
 A3. Sabotage and Theft (1)
• One time the theft of computer hardware was very rare
because computers were the size of “small houses” and were
hidden in secure computer installations
• Today theft of computers is rampant because computers have
become portable.
– Mobile computing devices are more vulnerable to theft
– The most effective first line of defence is to devise measures
to limit (physical) access to equipment.
– Restrictions to entry can be based on electronic locks,
activated by using:
• Swipe cards or advanced biometric devices that identify
the individual based on characteristics such as
fingerprints or the pattern of the retina.
 A3. Sabotage and Theft (2)
• Theft also relates to the copying of programs and data
resources in an organisation
– Stealing customer lists together with the details of the
amount and type of business
• Software piracy is theft of software programs by making
illegal copies of the programs rather than purchase the
package.
– This type of theft is more difficult to identify, since the
original product has not physically disappeared.
– If pirated software is found on your computer, then
you are by all means the “thief”.
 A3. Sabotage and Theft (3)
• Computer theft also covers the illegal use of computer
time.
– This involves doing own work or third party work on
organization computers
– Computer hackers spending time searching for
networks to which they can gain access, but not with
the aim of doing harm
– All these forms of theft can result in criminal charges
of theft of computer time
B. Security Risks beyond an organization
• B1. Hackers vs. Firewalls
• B2. Eavesdropping vs. data encryption
• B3. Viruses vs. anti-virus
 B1. Hackers vs. Firewalls (1)
• Hackers
– Hackers are users from outside the organisation,
who penetrate a computer system.
– Hackers have various motives, e.g.:
• To prove that they can bypass network security
• To maliciously damage data
• To steal sensitive information
• To enter fraudulent transactions
• Initiate a denial-of-service (dos) attack:
– Hackers flood a targeted web site with
requests to render it inaccessible for genuine
business customers.
 B1. Hackers vs. Firewalls (2)
• For more details on:
– Hacking, cybervandalism, hacktivism, and
data breaches
– Read pages 263 to 270 in the e-book titled “E-
Commerce: business, technology, society” by
K.C. Laudon and C. G. Traver (10th Edition)
 B1. Hackers vs. Firewalls (2)
• Firewall
• Firewall is an additional system that enforces access
control policy between two networks, especially
between a corporate network and the Internet.
• Firewall monitors all external communications, checks
user authorisation and maintains a log of all attempts
to access the network.
• Firewall can be used to:
– Check for the presence of viruses
– Check for the downloading of unauthorised
software
– Check to guard against denial-of-service attacks
B2. Eavesdropping vs. data encryption (1)
• Data that is in the process of being
communicated from one source to another is
vulnerable to eavesdropping
– Sniffing: “is a type of eavesdropping program
that monitors information traveling over a
network, enabling hackers to steal
proprietary information from anywhere on a
network, including e-mail messages, company
files, and confidential reports.”
• Read more about sniffing & eavesdropping from
the e-commerce book page 269, page 318
B2. Eavesdropping vs. data encryption (2)
• To overcome all forms of eavesdropping,
• Data Encryption techniques or algorithms
can be used to:
– Scramble data into an unreadable form,
– Improve data privacy
– Prevent any unauthorised changes to the
message,
– Protect the confidentiality of data within
the organisation
 B3. Viruses
• A computer virus is a program that invades a
computer system, normally by residing in
corrupt files.
• A virus can replicate itself and spread to other
files and computer systems.
• Some viruses are merely advertise their presence,
but others corrupt the files they infect and even
destroy databases
• So you need an “anti-virus” installed on your
computer
 C. Operational Problems and Errors (1)
1. Dependency: Users of on-line and real-time systems are
usually totally reliant on the computer to perform their
tasks, and any breakdown seriously affects business.
– If a transaction processing system of a large
supermarket fails on a busy day, all point of sale
terminals linked can’t obtain price and other
product information until the problem is fixed.
– Have you been at the bank & been requested to
wait until the system is up so that you can be
served? If YES, then you now know effects of
“dependency”
– There must be a contingency plan to cover such
emergencies & enable availability and reliability of the
service needed.
C. Operational Problems and Errors (2)
2. Illogical Processes
• Usually computer errors are due to hardware
malfunction or the corruption of data.
• But errors such as incorrect reports result from
illogical errors in functions/modules made by
the developer.
• These issues can be overcome by adding
reasonability checks in the computer
programmes
D. Computer Monitoring and Privacy
1. Computer Monitoring
– Computer users on an organization network can be
monitored, so that the resultant information can be
used to judge the performance of each individual
user.
– The question is, how far can this process go before it
becomes an invasion of privacy?
2. Invasion of Privacy
– Privacy is a right of everyone
– But if criminal actions have increased, authorities have
to intercept and read your private “stuff”
– When organisations obtain information about
individuals and use it for commercial advantage.
 E. Computers and Unemployment
• Advances in information technology have
provided business with cheap, reliable processing
power
• But they have also begun to impact on
employment levels.
 Legal implications of information systems
• Due to the various social and security issues, regulatory
authorities have put in place laws/acts/regulations that
govern information processing, storage, and use.
• Examples include:
– The Data Protection Act
– The Computer Misuse Act 1990
– Copyright, Designs and Patents Act
• The Regulation of Investigatory Powers Act 2000
• The Freedom of Information (Scotland) Act 2002
– Health and safety regulations
• These acts are available via the Internet.
Self Study Task – Individual – Task 4.2.1
• Which laws, regulations, policies on ICT issues
have been developed in Uganda?
 Economic implications of ICT
• Most jobs in ICT require that some further education
and training is carried out after leaving school
– Programmer/analyst
– Web administrator
– Network administrator
– Database manager
– Project leader and Senior analyst
– IT manager
• What is the main role or responsibility of the above
positions in an organization? – details are in the
notes
Ethical implications of information systems
• Ethics refers to principles of right and wrong that individuals
(acting as free moral agents) use to make choices to guide their
behaviour
• Information systems and ethics
– Information systems raise new ethical questions because they
create opportunities for:
• Intense social change, threatening existing distributions of
power, money, rights, and obligations
• New kinds of crime
• ethics in information systems: principles of right and wrong that
individuals (acting as free moral agents) use to make choices to
guide their behaviour when developing, using, and maintaining
information systems
Ethical implications of information systems
1. Netiquette: User’s guide to the polite way you use the web and
e-mail, whether on the Internet or an Intranet
2. Intellectual property rights
– Intellectual property is a form of knowledge that society has
decided can be assigned specific property rights.
– These rights have some resemblance to ownership rights over
physical property or land
 Censorship
• There is now control over what can be shown and
communicated, and unacceptable material (whether
written or visual) about an organization
– Regulating the content of the Internet
 Privacy and encryption
 ICT and global citizenship
 Exploratory Reading Class Task 4.2.2
• Briefly discuss at least 5 fascinating computer crimes
that have been publicized over the past years.
• Briefly discuss at least 5 incidences where criminals
who were first charged with a computer crime, but
were later offered professional positions to help
authorities solve computer crime-related issues.
• Briefly explain the impact of at least 5 deadly
computer viruses
• Briefly list at least 5 computer anti-viruses