The introduction of technology, the internet, and the World Wide Web (WWW) into all aspects of society has

The introduction of technology, the internet, and the World Wide Web (WWW) into all aspects of society has
transformed how we conduct business on a global basis. Many of these technologies have resulted in greater
access to customers and suppliers, making companies more efficient and profitable. Advantages provided by
these technological innovations can also have a downside. This unit will explore the ethical and information
security issues associated with protecting organizational data, business operations, and our employees’ and
customers’ personal and private information. Unit IV focuses on two distinct but equally important concepts all
business leaders must understand, ethics and information security.
For this course, the basic concept of ethics in information technology (IT) focuses on the operational use of IT
and the relationship of technology to human values, well-being, laws, and regulations. The primary method of
ensuring the ethical use of technology is developing and disseminating organizational management policies.
The concept of information security addresses the primary actions required to protecting the intellectual
assets of the organization. Information security relies on the three basic concepts of confidentiality, integrity,
and availability. Intellectual assets consist of organizational data, the physical components necessary to store,
process, and communicate that data, and the people involved with business operations.
The protection of the privacy and confidentiality of customer, supplier, and employee information is one of the
largest and murkiest ethical dilemmas organizations are faced with in conducting modern eBusiness (Baltzan,
2021).
• Privacy is the ability to control who has access to your personal information and possessions.
• Confidentiality represents the protection of the release of data maintained by an organization to only
those who have the authority to access and use that information for official business operations.
UNIT IV STUDY GUIDE
Ethics and Information Security Concerns
ITC 4311, Information Technology Cost Analysis 2
UNIT x STUDY GUIDE
Title
Information has no ethics, but the people who access and use the information have the ultimate responsibility
in ensuring the information is used in an ethical manner. Defining ethical and legal use of information is the
obligation of each organization to develop and enforce ethical guidelines (Figure 4.1).
Figure 4.1: Areas of Consideration for Ethic Guidelines
(Baltzan, 2021)
Communicating the ethical concerns and requirements for handling corporate information is necessary to
establish a corporate culture that employees can easily understand, implement, and adhere to. To accomplish
this goal, guidance documents called epolicies provide the written policies and standard practices necessary
for a variety of situations. These should cover the ethical use of corporate data, information, and computer
assets to prevent misuse.
• Ethical computer use policy defines the general principles on what and how company computers can
and should be used.
• Information privacy policy sets the rules for what data is maintained by the organization and
addresses the issues of privacy.
• Acceptable use policy sets the rules all users of company computing assets must agree to before
being allowed access.
• Email privacy policy defines who can access and read email communications generated on company
computers and email accounts.
• Social media policy includes company policies restricting or allowing employees the authority to post
information about the company on social media sites.
• Workplace MIS monitoring policy defines how the company will monitor all activities conducted on
corporate computing assets.
Corporate cultures based on employee trust have been found to be more successful than those not. Epolicies
must keep that concept in mind and establish policies that inform and educate the workforce rather than
coerce.
Company assets are critical to successful day-to-day and long-term operations and must be protected
accordingly. These assets include both tangible and intangible items like physical properties such as
buildings, vehicles, manufacturing equipment, and computer systems. Employees, customers, and vendors
are also considered assets that make a company successful. Intangible assets are not so visible but play a
big part in a company’s success. These types of assets include trust, reputation, reliability, and honesty.
Intellectual assets are a type of intangible asset directly related to the type of business being conducted, how
business is conducted and can differentiate the company from the competition, so protecting these intellectual
assets is of particular importance. Protecting the data and information stored in our IT and MIS systems is a
key element that must be understood and managed properly.
Companies are routinely exposed to internal and external threats which can corrupt IT equipment and
compromise critical data. Your organization’s private data or your intellectual property can be the target of
cyberattacks from various sources allowing your information to be used in unethical or illegal activities.
Cyberattacks can lead to the loss of money, theft of personal information, damage to the company’s
reputation, and possibly the safety of your employees (Baltzan, 2021). There are several common threats that
all business managers need to be aware of, including hackers and malware (i.e., viruses, worms, trojans, and
ITC 4311, Information Technology Cost Analysis 3
UNIT x STUDY GUIDE
Title
spyware). Ransomware is a current worldwide threat affecting commercial and government computer
operations and costs society billions of dollars annually. (Figure 4.2)
Figure 4.2: Threats to Data Security
(Baltzan, 2021)
People are the biggest threat and the biggest asset when it comes to data security. Insiders, employees, are
often authorized to access various forms of data within a company; therefore, it is possible for them to misuse
their access, causing some business-affecting incident purposefully or accidentally (Baltzan, 2021). People
are the first line of defense in providing security to a company’s information assets. Communicating company
security policies, training employees, and monitoring for misuse are good ways of reducing the insider threat.
Once the people issue is addressed, the second line of defense can be addressed, developing technology
approaches to reduce or eliminate risks. There are three primary approaches to implementing an effective
technical solution for a more robust information security profile (Figure 4.3).
Figure 4.3: Areas of Technical Information Security
(Baltzan, 2021)
ITC 4311, Information Technology Cost Analysis 4
UNIT x STUDY GUIDE
Title
Authentication and authorization define the technical approach used to accurately confirm a user’s identity
and then determining what the user is authorized to do with data they can access.
Prevention and resistance is a security approach using techniques like firewalls, encryption, and content
filtering to stop unauthorized uses from accessing or altering data.
Detection and response use tools like intrusion detection software to monitor all computer activity for
suspicious activities and alert responsible parties or take automated actions to protect sensitive company
assets.
It is important to elevate the issues of the ethical use and information security within business operations to
the same level as other routine concerns of running an eBusiness. The overall success of a company,
particularly one that relies heavily on IT, is dependent on many features. Understanding the threats and risks
associated with protecting sensitive and critical business data is one that is not only an ethical responsibility of
management, but also often a legal responsibility of the company.
Reference
Baltzan, P. (2021). Business driven information systems (7th ed.). McGraw-Hill Education.
https://online.vitalsource.com/#/books/9781260736670
Suggested Unit Resources
In order to access the following resources, click the links below.
The links below will direct you to both a PowerPoint and PDF version of the Chapter 4 presentation. This will
summarize and reinforce the information from this chapter in your textbook.
Chapter 4 PowerPoint presentation
Chapter 4 PDF version of the presentation
Technological development has brought about unprecedented means of gathering and disseminating
information; however, have these advancements made the protection of personal and organizational privacy
virtually impossible? In the following video, Damien Smith, lawyer and governance expert, illustrates why
privacy systems fail, and he offers strategies for mitigating the risks posed by the privacy invasion.
ClickView Pty Limited (Producer). (2012). Privacy issues [Video]. Films on Demand.
https://libraryresources.columbiasouthern.edu/login?auth=CAS&url=https://fod.infobase.com/PortalPl
aylists.aspx?wID=273866&xtid=49865
The transcript for this video can be found by clicking on “Transcript” in the gray bar to the right of the video in
the Films on Demand database.
Learning Activities (Nongraded)
Nongraded Learning Activities are provided to aid students in their course of study. You do not have to submit
them. If you have questions, contact your instructor for further guidance and information.
The Unit IV Flash Card Activity will assist in reviewing the terminology used in this unit. The PDF version of
the Unit IV Flash Card Activity is also available