Principles of Information

Systems, Ninth Edition

Chapter 14
The Personal and Social Impact of
Computers
 Principles and Learning Objectives
• Policies and procedures must be established to
avoid waste and mistakes associated with
computer usage
– Describe some examples of waste and mistakes in
an IS environment, their causes, and possible
solutions
– Identify policies and procedures useful in eliminating
waste and mistakes
– Discuss the principles and limits of an individual’s
right to privacy

Principles of Information Systems, Ninth Edition 2

 Principles and Learning Objectives
(continued)
• Computer crime is a serious and rapidly growing
area of concern requiring management attention
– Explain the types of computer crime and impacts
– Identify specific measures to prevent computer crime

Principles of Information Systems, Ninth Edition 3

 Principles and Learning Objectives
(continued)
• Jobs, equipment, and working conditions must be
designed to avoid negative health effects from
computers
– List the important negative effects of computers on
the work environment
– Identify specific actions that must be taken to ensure
the health and safety of employees

Principles of Information Systems, Ninth Edition 4

 Principles and Learning Objectives
(continued)
• Practitioners in many professions subscribe to a
code of ethics that states the principles and core
values that are essential to their work
– Outline criteria for the ethical use of information
systems

Principles of Information Systems, Ninth Edition

 Computer Waste and Mistakes
• Computer waste
– Inappropriate use of computer technology and
resources
• Computer-related mistakes
– Errors, failures, and other computer problems that
make computer output incorrect or not useful

Principles of Information Systems, Ninth Edition 6

 Computer Waste
• Spam filter
– Software that attempts to block unwanted e-mail
– Some might require first-time e-mailers to be verified
before their e-mails are accepted
• Image-based spam
– New tactic spammers use to circumvent spam-
filtering software

Principles of Information Systems, Ninth Edition 7

 Computer-Related Mistakes
• Common causes
– Unclear expectations and a lack of feedback
– Program development that contains errors
– Incorrect data entry by data-entry clerk

Principles of Information Systems, Ninth Edition 8

 Preventing Computer-Related Waste
and Mistakes
• Preventing waste and mistakes involves:
– Establishing, implementing, monitoring, and
reviewing effective policies and procedures

Principles of Information Systems, Ninth Edition 9

 Establishing Policies and Procedures
• Types of computer-related mistakes
– Data-entry or data-capture errors
– Errors in computer programs
– Mishandling of computer output
– Inadequate planning for and control of equipment
malfunctions
– Inadequate planning for and control of environmental
difficulties

Principles of Information Systems, Ninth Edition 10

Implementing Policies and Procedures
• Policies to minimize waste and mistakes
– Changes to critical tables, HTML, and URLs should
be tightly controlled
– User manual should be available covering operating
procedures
– Each system report should indicate its general
content in its title
– System should have controls to prevent invalid and
unreasonable data entry

Principles of Information Systems, Ninth Edition 11

 Monitoring Policies and Procedures
• Monitor routine practices and take corrective action
if necessary
• Implement internal audits to measure actual results
against established goals

Principles of Information Systems, Ninth Edition 12

 Reviewing Policies and Procedures
• Questions to be answered
– Do current policies cover existing practices
adequately?
– Does the organization plan any new activities in the
future?
– Are contingencies and disasters covered?

Principles of Information Systems, Ninth Edition 13

 Computer Crime
• Highlights of the 2007 Computer Crime and
Security Survey
– Financial fraud, followed by virus attacks, is the
leading cause of financial loss from computer
incidents
– Average annual loss from computer incidents was
$350,424
– A full 46 percent of the respondents said they had
suffered a security incident

Principles of Information Systems, Ninth Edition 14

 The Computer as a Tool to Commit
Crime
• Social engineering
– Using social skills to get computer users to provide
information to access an information system
• Dumpster diving
– Going through trash cans to find secret or
confidential information

Principles of Information Systems, Ninth Edition 15

 Cyberterrorism
• Homeland Security Department’s Information
Analysis and Infrastructure Protection Directorate
– Serves as a focal point for threat assessment,
warning, investigation, and response for threats or
attacks against the country’s critical infrastructure
• Cyberterrorist
– Intimidates or coerces a government or organization
to advance his political or social objectives

Principles of Information Systems, Ninth Edition 16

 Identity Theft
• Imposter obtains personal identification information
in order to impersonate someone else
– To obtain credit, merchandise, and services in the
name of the victim
– To have false credentials
• Identity Theft and Assumption Deterrence Act of
1998
– Passed to fight identity theft

Principles of Information Systems, Ninth Edition 17

 Internet Gambling
• Revenues generated by Internet gambling
– Represent a major untapped source of income for
the state and federal governments
• Study prepared by PriceWaterhouseCoopers
– Estimates that taxation of Internet gambling would
yield between $8.7 billion and $42.8 billion

Principles of Information Systems, Ninth Edition

 The Computer as the Object of Crime
• Crimes fall into several categories
– Illegal access and use
– Data alteration and destruction
– Information and equipment theft
– Software and Internet piracy
– Computer-related scams
– International computer crime

Principles of Information Systems, Ninth Edition 19

 Illegal Access and Use
• Hacker
– Learns about and uses computer systems
• Criminal hacker
– Gains unauthorized use or illegal access to
computer systems
• Script bunny
– Automates the job of crackers
• Insider
– Employee who comprises corporate systems

Principles of Information Systems, Ninth Edition 20

 Illegal Access and Use (continued)
• Virus
– Program file capable of attaching to disks or other
files and replicating itself repeatedly
• Worm
– Parasitic computer programs that replicate but,
unlike viruses, do not infect other computer program
files
• Trojan horse
– Malicious program that disguises itself as a useful
application or game and purposefully does
something the user does not expect

Principles of Information Systems, Ninth Edition 21

 Illegal Access and Use (continued)
• Rootkit
– Set of programs that enable its user to gain
administrator level access to a computer or network
• Logic bomb
– Type of Trojan horse that executes when specific
conditions occur
• Variant
– Modified version of a virus that is produced by virus’s
author or another person

Principles of Information Systems, Ninth Edition 22

 Using Antivirus Programs
• Antivirus program
– Runs in the background to protect your computer
from dangers lurking on the Internet
• Tips on using antivirus software
– Run and update antivirus software often
– Scan all removable media
– Install software only from a sealed package or
secure, well-known Web site
– Follow careful downloading practices

Principles of Information Systems, Ninth Edition 23

 Spyware
• Software installed on a personal computer to:
– Intercept or take partial control over user’s
interaction with the computer without knowledge or
permission of the user
• Number of personal computers infected with
spyware has become epidemic

Principles of Information Systems, Ninth Edition

 Information and Equipment Theft
• Password sniffer
– Small program hidden in a network that records
identification numbers and passwords
• Measures to protect the data on laptops
– Have clear guidelines on what kind of data can be
stored on vulnerable laptops
– Data stored should be encrypted
– Laptops should be secured using a lock and chain
device

Principles of Information Systems, Ninth Edition 25

 Safe Disposal of Personal Computers
• Deleting files and emptying the Recycle Bin
– Does not make it impossible for determined
individuals to view the data
• Use disk-wiping software utilities that overwrite all
sectors of your disk drive making all data
unrecoverable

Principles of Information Systems, Ninth Edition

 Patent and Copyright Violations
• Software piracy
– Act of unauthorized copying or distribution of
copyrighted software
– Penalties can be severe
• Patent infringement
– Occurs when someone makes unauthorized use of
another’s patent

Principles of Information Systems, Ninth Edition

 Computer-Related Scams
• Tips to help you avoid becoming a scam victim
– Do not agree to anything in a high-pressure meeting
– Do not judge a company based on appearances
– Beware of shills
– Do your homework
– Get in writing the refund, buy-back, and cancellation
policies of any company you deal with

Principles of Information Systems, Ninth Edition 28

 International Computer Crime
• CleverPath software
– Used by customers in the finance, banking, and
insurance industries to eliminate money laundering
and fraud
– Automates manual tracking and auditing processes
required by regulatory agencies
– Helps companies handle frequently changing
reporting regulations

Principles of Information Systems, Ninth Edition 29

 Preventing Computer-Related Crime
• Efforts to curb computer crime is being made by
– Private users
– Companies
– Employees
– Public officials

Principles of Information Systems, Ninth Edition 30

 Crime Prevention by State and
Federal Agencies
• Computer Fraud and Abuse Act of 1986
– Punishment based on the victim’s dollar loss
• Computer Emergency Response Team (CERT)
– Responds to network security breaches
– Monitors systems for emerging threats

Principles of Information Systems, Ninth Edition 31

 Crime Prevention by Corporations
• Guidelines to protect your computer from criminal
hackers
– Install strong user authentication and encryption
capabilities on your firewall
– Install the latest security patches
– Disable guest accounts and null user accounts
– Turn audit trails on
– Consider installing caller ID
– Install a corporate firewall between your corporate
network and the Internet

Principles of Information Systems, Ninth Edition 32

Principles of Information Systems, Ninth Edition
 Using Intrusion Detection Software
• Intrusion detection system (IDS)
– Monitors system and network resources
– Notifies network security personnel when it senses a
possible intrusion
– Can provide false alarms

Principles of Information Systems, Ninth Edition 34

 Security Dashboard
• Provides comprehensive display on a single
computer screen of:
– All the vital data related to an organization’s security
defenses including threats, exposures, policy
compliance, and incident alerts

Principles of Information Systems, Ninth Edition

Principles of Information Systems, Ninth Edition 36
 Using Managed Security Service
Providers (MSSPs)
• Many are outsourcing their network security
operations to:
– Managed security service providers (MSSPs) such
as Counterpane, Guardent, Internet Security
Services, Riptech, and Symantec

Principles of Information Systems, Ninth Edition 37

 Filtering and Classifying Internet
Content
• Filtering software
– Help screen Internet content
• Internet Content Rating Association (ICRA)
– Goals are to protect children from potentially harmful
material, while also safeguarding free speech on the
Internet

Principles of Information Systems, Ninth Edition

 Internet Libel Concerns
• Geolocation tools
– Match user’s IP address with outside information to
determine actual geographic location
• Internet publishers
– Can limit the reach of their published speech to
avoid potential legal risks
• Individuals
– Must be careful what they post on the Internet to
avoid libel charges

Principles of Information Systems, Ninth Edition

 Preventing Crime on the Internet

• To help prevent crime on the Internet

– Develop effective Internet usage and security
policies
– Use a stand-alone firewall with network monitoring
capabilities
– Deploy intrusion detection systems, monitor them,
and follow up on their alarms
– Use Internet security specialists to perform audits of
all Internet and network activities

Principles of Information Systems, Ninth Edition 40

 Privacy Issues

• Issue of privacy
– Deals with the right to be left alone or to be
withdrawn from public view
• Data is constantly being collected and stored on
each of us

Principles of Information Systems, Ninth Edition 41

 Privacy and the Federal Government
• Data collectors
– U.S. federal government
– State and local governments
– Commercial and nonprofit organizations
• European Union
– Has data-protection directive that requires firms
transporting data across national boundaries to have
certain privacy procedures in place

Principles of Information Systems, Ninth Edition 42

 Privacy at Work
• Recent poll
– 78 percent of companies monitor their employees
while at work in one form or another
• Survey
– Nearly one-third of companies have fired an
employee for violating corporate e-mail policies

Principles of Information Systems, Ninth Edition 43

 E-Mail Privacy
• Federal law
– Permits employers to monitor e-mail sent and
received by employees
• E-mail messages that have been erased from hard
disks can be retrieved and used in lawsuits
• Use of e-mail among public officials might violate
“open meeting” laws

Principles of Information Systems, Ninth Edition 44

 Instant Messaging Privacy
• Do not send personal or private IMs at work
• Choose a nonrevealing, nongender-specific,
unprovocative IM screen name
• Do not open files or click links in messages from
people you do not know
• Never send sensitive personal data such as credit
card numbers via IM

Principles of Information Systems, Ninth Edition

Privacy and Personal Sensing Devices
• RFID tags
– Microchips with antenna
– Embedded in many of the products we buy
• medicine containers, clothing, computer printers, car
keys, library books, tires
– Generate radio transmissions that if appropriate
measures are not taken, can lead to potential privacy
concerns

Principles of Information Systems, Ninth Edition

 Privacy and the Internet
• Huge potential for privacy invasion on the Internet
– E-mail messages
– Visiting a Web site
– Buying products over the Internet
• Platform for Privacy Preferences (P3P)
– Screening technology
• Social network services
– Parents should discuss potential dangers, check
their children’s profiles, and monitor their activities

Principles of Information Systems, Ninth Edition 47

 Fairness in Information Use

• The Privacy Act of 1974

– Provides privacy protection from federal agencies
• Gramm-Leach-Bliley Act
– Requires financial institutions to protect customers’
nonpublic data
• USA Patriot Act
– Internet service providers and telephone companies
must turn over customer information
• Other federal privacy laws
– Federal law passed in 1992 bans unsolicited fax
advertisements
Principles of Information Systems, Ninth Edition 48
Principles of Information Systems, Ninth Edition
 Corporate Privacy Policies
• Should address
– Customer’s knowledge, control, notice, and consent
over storage and use of information
• 1999 Gramm-Leach-Bliley Financial Services
Modernization Act
– Requires all financial service institutions to
communicate their data privacy rules and honor
customer preferences

Principles of Information Systems, Ninth Edition 50

Principles of Information Systems, Ninth Edition
 Individual Efforts to Protect Privacy
• To protect personal privacy
– Find out what is stored about you in existing
databases
– Be careful when you share information about
yourself
– Be proactive to protect your privacy
– When purchasing anything from a Web site, make
sure that you safeguard your credit card numbers,
passwords, and personal information

Principles of Information Systems, Ninth Edition 52

 The Work Environment
• Use of computer-based information systems has
changed the workforce
– Jobs that require IS literacy have increased
– Less-skilled positions have decreased
• Enhanced telecommunications
– Has been the impetus for new types of business
– Has created global markets in industries once limited
to domestic markets

Principles of Information Systems, Ninth Edition 53

 Health Concerns
• Occupational stress
• Seated immobility thromboembolism (SIT)
• Carpal tunnel syndrome (CTS)
• Video display terminal (VDT) bill
– Employees who spend at least four hours a day
working with computer screens should be given 15-
minute breaks every two hours

Principles of Information Systems, Ninth Edition 54

 Avoiding Health and Environment
Problems
• Work stressors
– Hazardous activities associated with unfavorable
conditions of a poorly designed work environment
• Ergonomics
– Science of designing machines, products, and
systems to maximize safety, comfort, and efficiency
of people who use them

Principles of Information Systems, Ninth Edition 55

 Ethical Issues in Information Systems
• Code of ethics
– States the principles and core values essential to a
set of people and, therefore, govern their behavior
– Can become a reference point for weighing what is
legal and what is ethical

Principles of Information Systems, Ninth Edition 56

 Summary
• Computer waste
– The inappropriate use of computer technology and
resources in both the public and private sectors
• Preventing waste and mistakes involves
– Establishing, implementing, monitoring, and
reviewing effective policies and procedures
• Some crimes use computers as tools
• Cyberterrorist
– Intimidates or coerces a government or organization
to advance his political or social objectives

Principles of Information Systems, Ninth Edition 57

 Summary (continued)
• Prevention and detection of computer crime
– Antivirus software
– Intrusion detection system (IDS)
• Privacy issues
– A concern with government agencies, e-mail use,
corporations, and the Internet
• Businesses
– Should develop a clear and thorough policy about
privacy rights for customers, including database
access

Principles of Information Systems, Ninth Edition 58

 Summary (continued)
• Computers have:
– Changed the makeup of the workforce
– Eliminated some jobs
– Expanded and enriched employment opportunities
• Ergonomics
– The study of designing and positioning computer
equipment
• Ethics
– Determine generally accepted and discouraged
activities within a company and society at large
Principles of Information Systems, Ninth Edition 59