《管理信息系统十一单元课件》由会员分享,可在线阅读,更多相关《管理信息系统十一单元课件(30页珍藏版)》请在金锄头文库上搜索。
1、INFORMATION ETHICS AND SECURITY1Organizational Fundamentals Info Ethics and SecurityInfo ethics and security are two fundamental building blocks that organizations must base their businesses on to be successful In recent years, such events as the Enron ($62.8 billion) and WorldCom ($1038 billion, se
2、cond largest long-distance carrier), along with 9/11 have shed new light on the meaning of info ethics and securitySarbanes-Oxley Act: No less than five years2OverviewINFO ETHICSInformation EthicsDeveloping Information Management PoliciesInfo Ethics in the WorkplaceINFO SECURITYThe First Line of Def
3、ense - PeopleThe Second Line of Defense - Technology3INFO ETHICSSECTION 4.14INFO ETHICSIT poses new challenges for our ethics.Consider the following examples:Pirated softwareIs this ethical?“人肉搜索” Is this ethical? 5INFO ETHICSIntellectual property/copyrightFor: respect and value knowledge so more kn
4、owledge can be created. Against: knowledge sharing has positive benefits, providing access to broader audience and creating new knowledgeWhat do you think?6INFO ETHICSPrivacy is a major ethical issueWhat is privacy?Do you worry your privacy? Why?7INFO ETHICSPrivacy the right to be left alone when yo
5、u want to be, to have control over your own personal possessions (including information), and not to be observed without your consentConfidentiality the assurance that messages and information are available only to those who are authorized to view them8INFO ETHICSOne of the main ingredients in trust
6、 is privacy9INFO ETHICS虽然我国法律没有对隐私权做出明确直接的保护性规定,但却间接地从其他方面对公民的隐私权不容侵犯给予了确认(宪法、刑法、民法和程序法)。 10INFO ETHICS根据我国法律规定,下列行为属于侵犯隐私权: 1.未经公民许可,公开其姓名、肖像、住址和电话号码。 2.非法侵入、搜查他人住宅,或以其他方式破坏他人居住安宁。3.非法跟踪他人,监视他人住所,安装窃听设备,私拍他人私生活镜头,窥探他人室内情况。4.非法刺探他人财产状况或未经本人允许公布其财产状况。5.私拆他人信件,偷看他人日记,刺探他人私人文件内容,以及将他们公开。 6.调查、刺探他人社会关系并
7、非法公诸于众。 7.干扰他人夫妻性生活或对其进行调查、公布。 8.将他人婚外性生活向社会公布。 9.泄露公民的个人材料或公诸于众或扩大公开范围。 10.收集公民不愿向社会公开的纯属个人的情况。 资料来源:百度知道社会民生法律11案例2010年8月5日,上海浦东法院对一起特大非法获取公民个人信息罪案作出一审判决。10名被告中,非法获取公民个人信息最多的达3000余万条。本案中,余某、陈某两人利用在招聘公司、人才公司工作的机会,私自复制公司内部的客户资料。余某还在免费的招聘网站上,发布虚假招聘广告,吸引求职者主动“上钩”,骗取求职者个人简历,之后每条简历以1角钱至5角钱的价格出售。经过审理,法庭作
8、出一审判决,10名被告人均犯非法获取公民个人信息罪,周某、李某等9人被分别判处有期徒刑两年至拘役6个月缓刑6个月不等,罚金4万元至1万元不等,另有余某一人被免予刑事处罚。 12如何保护个人信息?如何保护个人信息? 首先要意识到个人信息被泄露或非法利用的可能后果,在日常生活中不能轻易向他人提供个人信息。在被要求提供个人信息时,要仔细判断是否必需,对身份证号码、手机号码、银行账户等重要个人信息更需格外慎重。当发现个人信息被泄露,要争取查明泄露个人信息的主体,注意保留证据。如果因此受到人身或者财产损害,可向有关部门投诉,或通过民事诉讼途径获得赔偿,情节严重的可向公安机关报案。 13INFO ETHI
9、CSEthical dilemmas usually arise not in simple, clear-cut situations but out of clash between competing goals, responsibilities, and loyalties. Inevitably, the decision process has more than one socially acceptable “correct” decisions.14Information Has No EthicsInformation does not care how it is us
10、edInformation will not stop itself from sending spam, viruses, or highly-sensitive informationInformation cannot delete or preserve itself15INFORMATION ETHICSIndividuals form the only ethical component of ITIndividuals copy, use , and distribute softwareSearch organizational databases for sensitive
11、and personal informationIndividuals create and spread virusesIndividuals hack into computer systems to steal informationEmployees destroy and steal information16DEVELOPING INFORMATION MANAGEMENT POLICIESOrganizations should develop written policies establishing employee guidelines on how to use IT a
12、nd information.These policies set employee expectations on information ethics.These policies should be understandable and implementable.17DEVELOPING INFORMATION MANAGEMENT POLICIESTypically include:Ethical computer use policyInformation privacy policyEmail privacy policyAnti-spam policy18Ethical Com
13、puter Use PolicyEthical computer use policy contains general principles to guide computer user behaviorWhat uses are not permitted?If violated, what consequences?The ethical computer user policy ensures all users are informed of the rules and, by agreeing to use the system on that basis, consent to
14、abide by the rules19Information Privacy PolicyThe purpose: protecting personal information privacy at the same time considering organizational needs.The unethical use of information typically occurs “unintentionally” when it is used for new purposes20Information Privacy PolicyInformation privacy pol
15、icy guidelines1.Notice and disclosureWhat info is gathered?How will be it used?2.Choice and consent3.Information security4.Information quality21Email Privacy PolicyProfessional workers identified email as their preferred means of corporate communications.Trends also show a dramatic increase in the a
16、doption rate of instant message (IM) in the workplace.One of the major problems with email is that the users false assumption that email privacy protection exists somehow analogous to that of traditional post mails.NOT TRUE! 22Email Privacy Policy23Email Privacy PolicyThe organization that owns the
17、email system can operate the system as openly or as privately as it wishes.If the organization wants to read everyones email, it can do so.However, the organization must inform the user about how much email it is going to read.Email privacy policy details the extent to which email messages may be re
18、ad by others24Email Privacy Policy1.Should compliment ethical computer use policy2.Defines who are legitimate email users3.Identifies backup procedures (if deleted, still on the backup tapes)4.Explains legitimate grounds for reading user email and organizational procedures to do so25Email Privacy Po
19、licy5.Informs email control (no control outside the organization)6.Explains ramifications of leaving 7.Asks employees to be careful when posting organizational information.26Anti-Spam PolicyThe time is worth $350 to $600 per an hour300 to 500 spam messagesCTO, Matt Kesner engineered a spam blocking,
20、 5,000 to 7,000 spam messages trapped per day27Anti-Spam PolicySpam unsolicited emailSpam accounts for 40% to 60% of most organizations email and cost U.S. businesses over $14 billion in 2005Waste timeClog the networkAnti-spam policy simply states that email users will not send unsolicited emails (o
21、r spam)Be caution about the filter28ETHICS IN THE WORKPLACEMany employees use their companys high-speed Internet access to shop, browse, and surf the web.Fifty-nine percent of all 2004 web purchases in US were made from the workplace.For these reasons, many organizations have begun to monitor their employees Internet usage and other activities at workplace.29ETHICS IN THE WORKPLACEWhat do you think about monitoring employees at workplace? If you were the manager, what would you do? Why?Lower satisfactionTrusting issuePsychological reactanceQuantity vs. quantity30
