《管理信息系统十一单元》由会员分享,可在线阅读,更多相关《管理信息系统十一单元(30页珍藏版)》请在金锄头文库上搜索。
1、1,INFORMATION ETHICS AND SECURITY,2,Organizational Fundamentals Info Ethics and Security,Info ethics and security are two fundamental building blocks that organizations must base their businesses on to be successful In recent years, such events as the Enron ($62.8 billion) and WorldCom ($1038 billio
2、n, second largest long-distance carrier), along with 9/11 have shed new light on the meaning of info ethics and security Sarbanes-Oxley Act: No less than five years,3,Overview,INFO ETHICS Information Ethics Developing Information Management Policies Info Ethics in the Workplace INFO SECURITY The Fir
3、st Line of Defense - People The Second Line of Defense - Technology,4,INFO ETHICS,SECTION 4.1,5,INFO ETHICS,IT poses new challenges for our ethics. Consider the following examples: Pirated software Is this ethical? “人肉搜索” Is this ethical?,6,INFO ETHICS,Intellectual property/copyright For: respect an
4、d value knowledge so more knowledge can be created. Against: knowledge sharing has positive benefits, providing access to broader audience and creating new knowledge What do you think?,7,INFO ETHICS,Privacy is a major ethical issue What is privacy? Do you worry your privacy? Why?,8,INFO ETHICS,Priva
5、cy the right to be left alone when you want to be, to have control over your own personal possessions (including information), and not to be observed without your consent Confidentiality the assurance that messages and information are available only to those who are authorized to view them,9,INFO ET
6、HICS,One of the main ingredients in trust is privacy,10,INFO ETHICS,虽然我国法律没有对隐私权做出明确直接的保护性规定,但却间接地从其他方面对公民的隐私权不容侵犯给予了确认(宪法、刑法、民法和程序法)。,11,INFO ETHICS,根据我国法律规定,下列行为属于侵犯隐私权: 未经公民许可,公开其姓名、肖像、住址和电话号码。 非法侵入、搜查他人住宅,或以其他方式破坏他人居住安宁。 非法跟踪他人,监视他人住所,安装窃听设备,私拍他人私生活镜头,窥探他人室内情况。 非法刺探他人财产状况或未经本人允许公布其财产状况。 私拆他人信件,偷
7、看他人日记,刺探他人私人文件内容,以及将他们公开。 调查、刺探他人社会关系并非法公诸于众。 干扰他人夫妻性生活或对其进行调查、公布。 将他人婚外性生活向社会公布。 泄露公民的个人材料或公诸于众或扩大公开范围。 收集公民不愿向社会公开的纯属个人的情况。,资料来源:百度知道社会民生法律,12,案例,2010年8月5日,上海浦东法院对一起特大非法获取公民个人信息罪案作出一审判决。10名被告中,非法获取公民个人信息最多的达3000余万条。 本案中,余某、陈某两人利用在招聘公司、人才公司工作的机会,私自复制公司内部的客户资料。余某还在免费的招聘网站上,发布虚假招聘广告,吸引求职者主动“上钩”,骗取求职者
8、个人简历,之后每条简历以1角钱至5角钱的价格出售。 经过审理,法庭作出一审判决,10名被告人均犯非法获取公民个人信息罪,周某、李某等9人被分别判处有期徒刑两年至拘役6个月缓刑6个月不等,罚金4万元至1万元不等,另有余某一人被免予刑事处罚。,13,如何保护个人信息?,首先要意识到个人信息被泄露或非法利用的可能后果,在日常生活中不能轻易向他人提供个人信息。在被要求提供个人信息时,要仔细判断是否必需,对身份证号码、手机号码、银行账户等重要个人信息更需格外慎重。 当发现个人信息被泄露,要争取查明泄露个人信息的主体,注意保留证据。如果因此受到人身或者财产损害,可向有关部门投诉,或通过民事诉讼途径获得赔偿
9、,情节严重的可向公安机关报案。,14,INFO ETHICS,Ethical dilemmas usually arise not in simple, clear-cut situations but out of clash between competing goals, responsibilities, and loyalties. Inevitably, the decision process has more than one socially acceptable “correct” decisions.,15,Information Has No Ethics,Inform
10、ation does not care how it is used Information will not stop itself from sending spam, viruses, or highly-sensitive information Information cannot delete or preserve itself,16,INFORMATION ETHICS,Individuals form the only ethical component of IT Individuals copy, use , and distribute software Search
11、organizational databases for sensitive and personal information Individuals create and spread viruses Individuals hack into computer systems to steal information Employees destroy and steal information,17,DEVELOPING INFORMATION MANAGEMENT POLICIES,Organizations should develop written policies establ
12、ishing employee guidelines on how to use IT and information. These policies set employee expectations on information ethics. These policies should be understandable and implementable.,18,DEVELOPING INFORMATION MANAGEMENT POLICIES,Typically include: Ethical computer use policy Information privacy pol
13、icy Email privacy policy Anti-spam policy,19,Ethical Computer Use Policy,Ethical computer use policy contains general principles to guide computer user behavior What uses are not permitted? If violated, what consequences? The ethical computer user policy ensures all users are informed of the rules a
14、nd, by agreeing to use the system on that basis, consent to abide by the rules,20,Information Privacy Policy,The purpose: protecting personal information privacy at the same time considering organizational needs. The unethical use of information typically occurs “unintentionally” when it is used for
15、 new purposes,21,Information Privacy Policy,Information privacy policy guidelines Notice and disclosure What info is gathered? How will be it used? Choice and consent Information security Information quality,22,Email Privacy Policy,Professional workers identified email as their preferred means of co
16、rporate communications. Trends also show a dramatic increase in the adoption rate of instant message (IM) in the workplace. One of the major problems with email is that the users false assumption that email privacy protection exists somehow analogous to that of traditional post mails. NOT TRUE!,23,Email Privacy Policy,24,Email Privacy Policy,The organization that owns the email system can operate the system as openly or as privately as it wishes. If the organization wants to read ev
