Security, Privacy and Ethical Issues in Information Systems - Essay Example

1. Security, Privacy and Ethical Issues in Information Systems 1 Introduction In this age of information systems, presence of internet and distributed applications provide a wealth of information and knowledge to users; but at the same time, they contribute towards development of new and innovative forms of data and personal privacy, ethical and security threats. This has caused a sharp decline in consumers' trust over technology and usage of web based applications. This paper focuses on the issues of security and privacy in e-commerce applications; tries to strike an ethical balance between security, privacy and freedom of information in cyberspace world; and presents results of research findings about the degree of comfort and level of trust in e-commerce applications in consumers. 1.2 Internet - A Gateway to Information or Risks Whenever a user travels the cyber space, (s)he leaves his/her identity at almost every step of the way (Privacy Rights Clearing House, 2006). Whether one is signing up for internet service with Internet Service Provider (ISP), sending emails, browsing internet sites, or using a search engine to locate required information, the identity of the machine is being shared, and it can be misused by someone masquerading as someone else (Webliminal.com, 2007). There is a growing concern about the security of personal and private information over internet and web based applications; spy-ware, viruses, worms, trojans and information leakage through social engineering are all evils generated one way or the other by internet. In addition, many businesses gather and store personal information of the potential new and existing customers in their systems which give rise to privacy and information security issues. When anyone attempts to make a payment online using credit cards and other instruments, the security and confidentiality of the transaction is perhaps, the biggest concern. As a result, the consumers' trust on the web based applications has declined. People seem uncomfortable making transactions online, sharing their personal information over a website and sending emails to untrustworthy parties; thus, reducing the productivity by limiting themselves from reaping the high value benefits that the technology provides. 1.3 Remedies Several techniques have been developed to ensure security of private information over the internet and to mitigate the risk of personal information misuse. A formal security policy governs the management's ideology, direction and operating procedures towards ensuring security and privacy of information. Many organisations now employ encryption mechanism like Secure Socket Layer (SSL) for transmission security and Digital Certificates to ensure non-repudiation and third party assurance in the form of digital certificate (Newmann, 2003). Several privacy laws and regulations have been developed to regain customers' trust over e-commerce systems and online information sharing. The most accepted standard for ensuring information security and privacy is the British Standard Institute (BSI) guidelines called ISO27001 Information Security Management Systems. This standard deals with the applying adequate controls to ensure confidentiality, availability and integrity of information; and protection of legal, privacy and security rights of the customers. Other regulations include copyright infringement laws and related policies that address the issues of information theft. 1.4 Computer Ethics In addition to security and privacy laws and regulations, companies also adopt information ethical standards to strengthen their systems of internal controls. An ethical problem can be defined as the argument with regard to one's values, in selecting one of the two paths based on the pressure and demands of a situation (Charlesworth Sewry, 2002, p.163). Some examples of ethical issues might include disclosing customers' information in return of a favor for the company, compromising on system's quality and security due to budget constraints etc. In 1992, the Tem Commandments for computer ethics were developed by Computer Ethics Institute (CEI) (White, 1994). These commandments are reproduced below: 1. 'Thou shalt not use a computer to harm other people. 2. Thou shalt not interfere with other people's computer work. 3. Thou shalt not snoop around in other people's computer files. 4. Thou shalt not use a computer to steal. 5. Thou shalt not use a computer to bear false witness. 6. Thou shalt not copy or use proprietary software for which you have not paid. 7. Thou shalt not use other people's computer resources without authorization or proper compensation. 8. Thou shalt not appropriate other people's intellectual output. 9. Thou shalt think about the social consequences of the program you are writing or the system you are designing. 10. Thou shalt always use a computer in ways that insure consideration and respect for your fellow humans.' These commandments are applied in all aspects of applications development and operations in order to provide an assurance to the customers regarding security of their personal information with the company. This is one way of regaining the trust of customers over ecommerce and cyberspace applications. 2. Components, Their Technologies and Marketplaces Commercial Off The Shelf (COTS) systems include both hardware and software that can be sold or licensed to general public (Wikipedia, 2007). Since COTS provide ready made alternatives to developing new programs, and are economical as compared to the cost of development for new systems from scratch; these are adopted by various organisations to limit expenses and to relieve themselves from reinventing the wheel. However, the cost of integration with existing systems and components may be increased with a simultaneous increase in dependency on external vendors for the components. 2.1 COTS Products 2.1.1 Microsoft Office Functionality: Popular Microsoft Office package is a COTS software product classified as 'Executable Components' by Jaccheri (n.d.) in the paper 'Classifying COTS Products'. Microsoft Office package provides tools for office automation like word processor, spreadsheet, database and other tools that do not require customisation and can be used directly. Vendor: The vendor for Office suite of products is the industry giant - Microsoft. Marketing: Microsoft employs a range of marketing techniques to promote its products. It has a website www.microsoft.com that holds complete information about all the products and their features. Price: The latest version of Microsoft Office is version 2007, whose standard version is priced at US$399 by Microsoft (Microsoft Corp, 2007). 2.1.2 Acrobat 8 Professional Functionality: The tool allows individuals to easily convert their documents and files into a PDF format file that allows greater control over securing and sharing files. It provides ease of navigability and allows users to develop advanced forms (Adobe, 2007). The acrobat reader and writer can be purchased off-the-shelf and can be used without the need for customisation. Vendor: The product is developed by Adobe. Marketing: On internet, the product is marketed at the company's website www.adobe.com where complete information in available about the product along with its user manuals, system requirements, white papers, product information and ordering information. Price: The product is priced at US$159. 2.2 Open Source Software (OSS) An OSS is mostly free with open license to use and reuse it. A few examples of OSS are provided below: 2.2.1 Linux Kernel Functionality: Linux is an OSS which is developed under GNU General Public License, meaning that the source code of the software is open to all (Linux Online Inc., 2006). It is an operating system which allows a mix of features of MS Windows and Unix. It provides security and robustness to its users and at the same time, provides a graphical user interface for easy navigation. Vendor: There is no single vendor for Linux. Many companies have developed their own versions since the source code of the software is publicly available. The original Linux was developed by a student named Linus Torvalds in 1994. Marketing: Linux has been revolutionary software over the years. It has been acquired, modified, developed and implemented at various organisations around the globe. Since the software is not owned by anyone as such, hence no single company markets Linux. It has been marketed by hobbyists, developers and Linux task forces with an aim to develop and evolve the product. 2.2.2 Open Office Functionality: Open Office is an office suite just like Microsoft's Office suite but with a difference that it is an open source project. It provides multiplatform and multilingual support for developing text documents, spreadsheets etc. (OpenOffice.org, n.d.). Vendor: As with Linux and all other open source software, there is no single vendor for Open Office suite. It is developed by a combined effort of many different individuals having diverse background and needs. The software, however, is available to be downloaded at www.openoffice.org. Marketing: The main marketing theme for the software is the challenge to developers around the world; to enhance the code, enrich the functions and ultimately make it a superior product than all other like products in the market. In addition, for the end-users, the software provides platform independence and user friendly interface, so it can be used with any operating system. 2.3 Web Developer Server Suite The Web Developer Server Suite is a WAMP based (Windows, Apache, MySQL, PHP) web server that is distributed under GNU general public license (Wikipedia, 2007). All the components of the web server suite are either COTS or OSS. The main focus of the project is to ensure security and reliability. The key components supported by the server suite include Apache web server, MySQL database server, and Tomcat java server. In addition, PHP, Perl and ASP.Net are used as scripting languages. The graphical user interface is developed through pnpMyAdmin. The server suite allows for creating, testing and publishing the whole websites in0house. The software is available at www.devside.net for free download. References Adobe Systems Inc. (2007). Adobe Acrobat 8 Professional. Retrieved February 17, 2007 from the World Wide Web: https://store1.adobe.com/cfusion/store/index.cfmstore=OLS-EDU&view=ols_cat&catType=PRODUCTS&nr=0#loc=en_us&rangeUpper=6%2C0%2C65%2C0&HTMLVerRedirect=true&returnURL=%2Fcfusion%2Fstore%2Fhtml%2Findex%2Ecfm%3Fstore%3DOLS%2DEDU%26event%3DdisplayCatalog%26catalogOID%3D27800&view=ols_prod&store=OLS-EDU&categoryOID=1579580&distributionOID=103&catType=PRODUCTS&nr=0&viewName=Adobe%20Store%20%2D%20North%20America&pageNotFound=0 British Standards Institute. (2007). Information Security Management. Retrieved February 16, 2007 from the World Wide Web: http://www.bsi-global.com/en/Assessment-and-certification-services/management-systems/Business-areas/Information-Security-Management/ Jaccheri, L. and Torchiano, M. (n.d.). Classifying COTS Products. Department of Computer and Information Science, Norwegian University of Science and Technology. Retrieved February 17, 2007 from the World Wide Web: http://softeng.polito.it/torchiano/papers/ECSQ2002.pdf Linux Online, Inc. (2006). Linux Home Page. Retrieved February 17, 2007 from the World Wide Web: http://www.linux.org/ Microsoft Corporation. (2007). 2007 Microsoft Office System Pricing. Retrieved February 17, 2007 from the World Wide Web: http://office.microsoft.com/en-us/products/FX101754511033.aspx Neumann, G. P. (2003). Risks in Trusting Untrustworthiness. Communications of the ACM. Vol 46 No. 9. Open Office.org. (n.d.). Open Office.org Home: Free Office Suite. Retrieved February 17, 2007 from the World Wide Web: http://www.openoffice.org/ Privacy Rights Clearing House. (2006). Privacy and the Internet: Traveling in Cyberspace Safely. Retrieved February 17, 2007 from the World Wide Web: http://www.privacyrights.org/fs/fs18-cyb.htm Webliminal.com. (2007). Legal Issues, Ethical Issues, Privacy, and Security. Retrieved February 16, 2007 from the World Wide Web: http://www.webliminal.com/Lrn-web09.html White, A. V. (1994). Ethical Implications of Privacy in Electronic Mail. Proceedings on Technical Conference on Telecommunications R&D in Masachusetts. University of Masachusetts Lowell. Retrieved February 17, 2007 from the World Wide Web: http://www.eclectechs.com/priv.html Wikipedia. (2007). Commercial Off The Shelf [Internet]. Retrieved February 15, 2007 from the World Wide Web: http://en.wikipedia.org/wiki/Commercial_off-the-shelf Wikipedia. (2007). Web Developer Server Suite. Retrieved February 17, 2007 from the World Wide Web: http://en.wikipedia.org/wiki/Web-Developer_Server_Suite Read More