INFORMATION ETHICS AND SECURITY1管理信息系统十一单元Organizational Fundamentals Info Ethics and SecurityInfo ethics and security are two fundamental building blocks that organizations must base their businesses on to be successful In recent years, such events as the Enron ($62.8 billion) and WorldCom ($1038 billion, second largest long-distance carrier), along with 9/11 have shed new light on the meaning of info ethics and securitySarbanes-Oxley Act: No less than five years2管理信息系统十一单元OverviewINFO ETHICSInformation EthicsDeveloping Information Management PoliciesInfo Ethics in the WorkplaceINFO SECURITYThe First Line of Defense - PeopleThe Second Line of Defense - Technology3管理信息系统十一单元INFO ETHICSSECTION 4.14管理信息系统十一单元INFO ETHICSIT poses new challenges for our ethics.Consider the following examples:Pirated softwareIs this ethical?“人肉搜索” Is this ethical? 5管理信息系统十一单元INFO ETHICSIntellectual property/copyrightFor: respect and value knowledge so more knowledge can be created. Against: knowledge sharing has positive benefits, providing access to broader audience and creating new knowledgeWhat do you think?6管理信息系统十一单元INFO ETHICSPrivacy is a major ethical issueWhat is privacy?Do you worry your privacy? Why?7管理信息系统十一单元INFO ETHICSPrivacy the right to be left alone when you want to be, to have control over your own personal possessions (including information), and not to be observed without your consentConfidentiality the assurance that messages and information are available only to those who are authorized to view them8管理信息系统十一单元INFO ETHICSOne of the main ingredients in trust is privacy9管理信息系统十一单元INFO ETHICS虽然我国法律没有对隐私权做出明确直接的保护性规定，但却间接地从其他方面对公民的隐私权不容侵犯给予了确认（宪法、刑法、民法和程序法）。 10管理信息系统十一单元INFO ETHICS根据我国法律规定，下列行为属于侵犯隐私权： 1.未经公民许可，公开其姓名、肖像、住址和电话号码。 2.非法侵入、搜查他人住宅，或以其他方式破坏他人居住安宁。3.非法跟踪他人，监视他人住所，安装窃听设备，私拍他人私生活镜头，窥探他人室内情况。4.非法刺探他人财产状况或未经本人允许公布其财产状况。5.私拆他人信件，偷看他人日记，刺探他人私人文件内容，以及将他们公开。 6.调查、刺探他人社会关系并非法公诸于众。 7.干扰他人夫妻性生活或对其进行调查、公布。 8.将他人婚外性生活向社会公布。 9.泄露公民的个人材料或公诸于众或扩大公开范围。 10.收集公民不愿向社会公开的纯属个人的情况。 资料来源：百度知道社会民生法律11管理信息系统十一单元案例2010年8月5日，上海浦东法院对一起特大非法获取公民个人信息罪案作出一审判决。10名被告中，非法获取公民个人信息最多的达3000余万条。本案中，余某、陈某两人利用在招聘公司、人才公司工作的机会，私自复制公司内部的客户资料。余某还在免费的招聘网站上，发布虚假招聘广告，吸引求职者主动“上钩”，骗取求职者个人简历，之后每条简历以1角钱至5角钱的价格出售。经过审理，法庭作出一审判决，10名被告人均犯非法获取公民个人信息罪，周某、李某等9人被分别判处有期徒刑两年至拘役6个月缓刑6个月不等，罚金4万元至1万元不等，另有余某一人被免予刑事处罚。 12管理信息系统十一单元如何保护个人信息？如何保护个人信息？ 首先要意识到个人信息被泄露或非法利用的可能后果，在日常生活中不能轻易向他人提供个人信息。在被要求提供个人信息时，要仔细判断是否必需，对身份证号码、手机号码、银行账户等重要个人信息更需格外慎重。当发现个人信息被泄露，要争取查明泄露个人信息的主体，注意保留证据。如果因此受到人身或者财产损害，可向有关部门投诉，或通过民事诉讼途径获得赔偿，情节严重的可向公安机关报案。 13管理信息系统十一单元INFO ETHICSEthical dilemmas usually arise not in simple, clear-cut situations but out of clash between competing goals, responsibilities, and loyalties. Inevitably, the decision process has more than one socially acceptable “correct” decisions.14管理信息系统十一单元Information Has No EthicsInformation does not care how it is usedInformation will not stop itself from sending spam, viruses, or highly-sensitive informationInformation cannot delete or preserve itself15管理信息系统十一单元INFORMATION ETHICSIndividuals form the only ethical component of ITIndividuals copy, use , and distribute softwareSearch organizational databases for sensitive and personal informationIndividuals create and spread virusesIndividuals hack into computer systems to steal informationEmployees destroy and steal information16管理信息系统十一单元DEVELOPING INFORMATION MANAGEMENT POLICIESOrganizations should develop written policies establishing employee guidelines on how to use IT and information.These policies set employee expectations on information ethics.These policies should be understandable and implementable.17管理信息系统十一单元DEVELOPING INFORMATION MANAGEMENT POLICIESTypically include:Ethical computer use policyInformation privacy policyEmail privacy policyAnti-spam policy18管理信息系统十一单元Ethical Computer Use PolicyEthical computer use policy contains general principles to guide computer user behaviorWhat uses are not permitted?If violated, what consequences?The ethical computer user policy ensures all users are informed of the rules and, by agreeing to use the system on that basis, consent to abide by the rules19管理信息系统十一单元Information Privacy PolicyThe purpose: protecting personal information privacy at the same time considering organizational needs.The unethical use of information typically occurs “unintentionally” when it is used for new purposes20管理信息系统十一单元Information Privacy PolicyInformation privacy policy guidelines1.Notice and disclosureWhat info is gathered?How will be it used?2.Choice and consent3.Information security4.Information quality21管理信息系统十一单元Email Privacy PolicyProfessional workers identified email as their preferred means of corporate communications.Trends also show a dramatic increase in the adoption rate of instant message (IM) in the workplace.One of the major problems with email is that the users false assumption that email privacy protection exists somehow analogous to that of traditional post mails.NOT TRUE! 22管理信息系统十一单元Email Privacy Policy23管理信息系统十一单元Email Privacy PolicyThe organization that owns the email system can operate the system as openly or as privately as it wishes.If the organization wants to read everyones email, it can do so.However, the organization must inform the user about how much email it is going to read.Email privacy policy details the extent to which email messages may be read by others24管理信息系统十一单元Email Privacy Policy1.Should compliment ethical computer use policy2.Defines who are legitimate email users3.Identifies backup procedures (if deleted, still on the backup tapes)4.Explains legitimate grounds for reading user email and organizational procedures to do so25管理信息系统十一单元Email Privacy Policy5.Informs email control (no control outside the organization)6.Explains ramifications of leaving 7.Asks employees to be careful when posting organizational information.26管理信息系统十一单元Anti-Spam PolicyThe time is worth $350 to $600 per an hour300 to 500 spam messagesCTO, Matt Kesner engineered a spam blocking, 5,000 to 7,000 spam messages trapped per day27管理信息系统十一单元Anti-Spam PolicySpam unsolicited emailSpam accounts for 40% to 60% of most organizations email and cost U.S. businesses over $14 billion in 2005Waste timeClog the networkAnti-spam policy simply states that email users will not send unsolicited emails (or spam)Be caution about the filter28管理信息系统十一单元ETHICS IN THE WORKPLACEMany employees use their companys high-speed Internet access to shop, browse, and surf the web.Fifty-nine percent of all 2004 web purchases in US were made from the workplace.For these reasons, many organizations have begun to monitor their employees Internet usage and other activities at workplace.29管理信息系统十一单元ETHICS IN THE WORKPLACEWhat do you think about monitoring employees at workplace? If you were the manager, what would you do? Why?Lower satisfactionTrusting issuePsychological reactanceQuantity vs. quantity30管理信息系统十一单元