Speaking Notes

PADM 5500

November 11, 2009

Dr. Neubauer

WHERE WE ARE

·        We have "In the News" reports schedule this evening by Zakia Garnett and Tamara Gordon.

·        COURSE TERM PAPERS are due Nov. 18.

·        The early FINAL for any prospective graduates is December 2.

·        The FINAL is scheduled for December 9.

Stair and Reynolds, Chapter 9 – Security, Privacy and Ethical Issues

 

AS MANAGERS WHAT SHOULD BE YOUR CONCERNS REGARDING COMPUTER INFORMATION SYTEMS?

 

Protection of data

 

• Physical protection of equipment and data is still important.
• Don't miss the obvious risks -- zip drives and laptops.
• Today, it is possible to steal information without physically taking it.
• Today, it is possible to corrupt information and it may be difficult to know what has been changed.
• Encryption is not worth much is the information is being captured during input.
• Wireless devices (such as wireless keyboards) can be an important security risk.
• Drive-by hacking
• http://www.cioupdate.com/trends/article.php/3489126/Many-WiFi-Networks-Still-Security-Risk.htm
• Government systems are major targets of worms, viruses and "Trojans horses" created by foreign governments and other hackers.
• Disgruntled employees can be a major risk -- especially ones with advance IT skills.
• Many programmers include "back doors" in the systems they are building which are useful to them during the development process.  They often forget to remove these back doors and they are not often documented.  Hackers are skilled at finding these ways in.
• Some programmers specialize in testing and in security testing in particular.  A reference is sometimes made to "white hat" hackers.  They have the kinds of skills that hackers use and need to think like a hacker to help assure that systems are relatively secure.
• KEYNOTE SPEAKER AT THE RECENT CONFERENCE IN AUGUSTA -- his theme was that CS teachers should teach their students to write secure code.
• QUESTION -- What should an instructor do if he or she suspects that a student will use "the knowledge" in unintended ways?
• QUESTION -- Should CS students be required to undergo a criminal background check first?

 

The ability to continue to operate in case of system failure

 

• periodic backups of data
• backups of applications
• offsite location to move to in an emergency

 

Health of employees

 

• ergonomic considerations
• repetitive stress injuries (carpal tunnel syndrome)
• eye strain
• need for some socialization and exercise

 

Disposal of old equipment

 

• CRT monitors contain lead shielding.
• Old hard drives may contain information and just "deleting" files may not be adequate to protect that information.

 

Licensure of software

 

• It is illegal to use commercial software that has not been purchased and is therefore not licensed from the maker.
• "Black market" copies of software may include spy ware or other unwanted content.

 

Maintenance updates by Microsoft and others

 

• If you are running customized software applications, is there a chance that an automatic security update will cause problems?  (yes)
• Do you have the local resources to actively manage security updates? (probably not)

 

Policies regarding "Screen savers" and grid computing

 

• Is it "cool" to donate your spare CPU cycles to things like the search for extraterrestrial life or perhaps cancer research?
• Is it okay for employees to allow their computers to become part of computer grids to facilitate delivery of video and other large files?

 

Obsolete physical storage and obsolete file formats

 

• Does the organization have important information stored in ways that make it difficult or impossible to retrieve?  For example, where could you find a 8-track player today? 
• You need to periodically migrate your data/information onto current physical media and into current file formats.

 

THE ORGANIZATION NEEDS POLICIES AND NEEDS TO MAINTAIN THOSE POLICIES.

 

• The organization's computers should be used for employment-related purposes.
• Be reasonable. 
• AVOID THE "SENT TO EVERYONE" OPTION -- viral videos hog needed bandwidth.
• Teach employees to avoid "social engineering" attacks. 
• How often to change passwords and how difficult to make passwords???
• Consider blocking some web sites that are not related to work activities.
• "Green computing" is good, but it is probably better not to turn off computers overnight. 
• Most organizations do monitor how employees use computers and employees should know how they are being monitored.

 

Barrett and Greene Chapter 11: Is it worth it?

 

Can and should cost-benefit and ROI analyses be applied to investments in new IT systems?

 

ONE APPROACH -- you just must do it!

 

ANOTHER APPROACH -- you must demonstrate the benefits and savings first.  In an era of tight budgets, this is more likely the reality.

 

	low cost	high cost
low risk	Extensive justification may be unnecessary.	Will it create value? Will it save money?
high risk		DANGER -- proceed carefully!

 

BASIC PROBLEM -- benefits are often subjective and difficult to quantify in dollars.

 

If the argument is in terms of cost savings, the usual explanation is that personnel costs can be reduced.  Computer systems CANNOT COMPLETELY SUBSTITUTE FOR THE EMPLOYEES THEY DISPLACE.  This may be the explanation for the IT PARADOX.

 

• Some major IT initiatives don't work out and a lot of money is lost.
• The IT PARADOX is that large amounts of money are spent and often it is not evident that it was worth it.
• It can be difficult to perform cost/benefit studies because often the benefits are subjective.
• Sometimes it is as if there is no choice but to go ahead with IT projects because the public expects and "demands" it.  A state university, for example, without modern technology would soon be judged to be "behind the times."
• If an organization is DECENTRALIZED there needs to be some CENTALIZED SCREENING of proposed IT projects to prevent a proliferation of STOVEPIPE APPLICATIONS and unnecessary redundant efforts.