The Real World Case about Napster is one with which I am sure all of you are familiar. This case illustrates the possibilities of IS/IT and the ethical dilemmas that can arise from its application. The important point here is that your company must have a policy in place to address the security and ethical issues. Users must not be able to apply their own ethical standards, particularly if the standards can lead to legal problems. Policies, in place and clearly stated, have been shown to be a very effective method of dealing with these types of issues.
The author begins an excellent review of computer crime on page 450 with a definition of computer crime. The figures and vignettes in this section should be carefully read and understood.
The section on "Computer Crime in E-Busines" that begins on page 450 provides a good overvew of some of the problems that can occur. You need to be aware of them so you can be both proactive and reactive with regard to manageing and eliminating them. The section on Computer Viruses beginning on page 456 is particularly important.
An issue that concerns many people today is the "Privacy Issue" that begins on page 457. This is an evolving issue that will be greatly influenced by current and future laws regarding the rights of users and responsibilities of companies regarding the collection, storage, use, and dissemination of personal data.
Section II, which begins on page 468, introduces an extremely important topic that warrants your attention. While you will probably not be directly involved in network security, you need to be aware of the managerial issues related to the topic. The "Internetworked E-Business Defenses" section introduces several of the most popular security measures available today. You need to understand the five topics introduced in this section, what they are, how they work, and what security they provide so you can be an informed, contributing member of your company's committee on security. Pay particular attention to virus defenses. The "Other Security Measures" section provides further information regarding other important issues about security.
Of particular interest is the section on BACKUPS. This is an extremely important issue. It is the responsibility of the information services staff to backup the company's "mainframe" computer system. It is YOUR responsibility to backup your computer. You literally live and die by the backups. When, not if, your computer dies, you must have backups of your programs, documents, spreadsheets, data, and any other data critical to the performance of your job. A daily backup is recommended. A weekly backup is the minimum backup schedule that you should use. Daily backups mean that you have to construct no more than one day of work, while weekly backups mean that no more than a week's worth of work need be reconstructed. You should also perform "off-site" backups at least once each month.
The "E-Business System Controls and Audits" section introduces a very important aspect of system security and control: audit trails. As we discussed in chapter 9, it is YOUR responsibility to design your applications systems. An important element of your system design should include audit trails. Data files that record everything that happens as users work with the system. The folks in accounting have this concept right - you need audit trails to assist when trying to track down errors and security breaches.