Information Technology Reference
In-Depth Information
Preventing Crime on the Internet
As mentioned in Chapter 7, Internet security can include firewalls and many methods to
secure financial transactions. A firewall can include both hardware and software that act as a
barrier between an organization's information system and the outside world. Some systems
have been developed to safeguard financial transactions on the Internet.
To help prevent crime on the Internet, the following steps can be taken:
1. Develop effective Internet usage and security policies for all employees.
2. Use a stand-alone firewall (hardware and software) with network monitoring capabilities.
3. Deploy intrusion detection systems, monitor them, and follow up on their alarms.
4. Monitor managers and employees to make sure that they are using the Internet for busi-
ness purposes.
5. Use Internet security specialists to perform audits of all Internet and network activities.
Even with these precautions, computers and networks can never be completely protected
against crime. One of the biggest threats is from employees. Although firewalls provide good
perimeter control to prevent crime from the outside, procedures and protection measures are
needed to protect against computer crime by employees. Passwords, identification numbers,
and tighter control of employees and managers also help prevent Internet-related crime.
Another important social issue in information systems involves privacy. In 1890, U.S.
Supreme Court Justice Louis Brandeis stated that the “right to be left alone” is one of the
most “comprehensive of rights and the most valued by civilized man.” Basically, the issue of
privacy deals with this right to be left alone or to be withdrawn from public view. With
information systems, privacy deals with the collection and use or misuse of data. Data is
constantly being collected and stored on each of us. This data is often distributed over easily
accessed networks and without our knowledge or consent. Concerns of privacy regarding
this data must be addressed. For example, the U.S. Department of Health and Human Ser-
vices has received over 26,000 complaints of medical privacy breaches since new privacy rules
went into effect in 2003.
65
With today's computers, the right to privacy is an especially challenging problem. More
data and information are produced and used today than ever before. When someone is born,
takes certain high school exams, starts a job, enrolls in a college course, applies for a driver's
license, purchases a car, serves in the military, gets married, buys insurance, gets a library
card, applies for a charge card or loan, buys a house, or merely purchases certain products,
data is collected and stored somewhere in computer databases. A difficult question to answer
is, “Who owns this information and knowledge?” If a public or private organization spends
time and resources to obtain data on you, does the organization own the data, and can it use
the data in any way it desires? Government legislation answers these questions to some extent
for federal agencies, but the questions remain unanswered for private organizations.
Privacy and the Federal Government
The federal government is the largest collector of data in the United States. Over 4 billion
records exist on citizens, collected by about 100 federal agencies, ranging from the Bureau
of Alcohol, Tobacco, and Firearms to the Veterans Administration. Other data collectors
include state and local governments and commercial and nonprofit organizations of all types
and sizes. The government must be on guard at all times to safeguard this data. For example,
two workers were fired at the State Department when electronic monitoring detected
unauthorized accessing of the personal passport information of three 2008 presidential
candidates.
66
The European Union has a data-protection directive that requires firms transporting data
across national boundaries to have certain privacy procedures in place. This directive affects
