YOM Institute of Economic Development

Master of Business Administration

Extension Program
Section 1
Course: Management Information System (MIS)

Assignment Part 2: CASE STUDY QUESTIONS

Preared By:- Desalegn Mekonnen Asnake

ID .No GSE-028-12

Submitted to: Zerihun . (PhD)

May, 2020
BahirDar, Ethiopia
 Part –II CASE STUDY QUESTIONS
1. Your Internet Job Rights
Three Ethical Scenarios
Whether you’re an employer or an employee, you should know what your rights are when it
comes to Internet use in the workplace. Mark Grossman, a Florida attorney who specializes
in computer and Internet law, gives answers to some basic questions.
 Scenario 1: Nobody told you that your Internet use in the office was being
monitored. Now you’ve been warned you’ll be fired if you use the Internet for recreational
surfing again. What are your rights?
o Bottom line: When you’re using your office computer, you essentially have no rights.
You’d have a tough time convincing a court that the boss invaded your privacy by monitoring
your use of the company PC on company time. You should probably be grateful you got a
warning.
 Scenario 2: Your employees are abusing their Internet privileges, but you don’t
have an Internet usage policy. What do you do?
o Bottom line: Although the law isn’t fully developed in this area, courts are taking a
straightforward approach: If it’s a company computer, the company can control the way it’s
used. You don’t need an Internet usage policy to prevent inappropriate use of your company
computers. To protect yourself in the future, distribute an Internet policy to your employees
as soon as possible.
 Scenario 3: Employee John Doe downloads adult material to his PC at work, and
employee Jane Smith sees it. Smith then proceeds to sue the company for sexual harassment.
As the employer, are you liable?
o Bottom line: Whether it comes from the Internet or from a magazine, adult material
has no place in the office. So Smith could certainly sue the company for allowing a sexually
hostile environment. The best defense is for the company to have an Internet usage policy
that prohibits visits to adult sites. Of course, you have to follow through. If someone is
looking at adult material in the office, you must at least send the offending employee a written
reprimand. If the company lacks a strict Internet policy, though, Smith could prevail in court.

Questions to be answered based on the case provided above

 a. Do you agree with the advice of attorney Mark Grossman in each of the scenarios?
Why or why not?
b. What would your advice be? Explain your positions.
c. Identify any ethical principles you may be using to explain your position in each of
the scenarios.
2. Problems with Passwords
Authentication
Network and application managers need to know who is accessing their systems to determine
appropriate access levels. Typically, they require that users create secret passwords. A secret
password, known only to the user, allows an administrator to feel confident that a user is who
the user says he or she is. Systems administrators even have the authority to determine the
characteristics of passwords. For example, they may set a minimum length and require that a
password include numbers, symbols, or mixed letter case. They may also require that a user
change his or her password every few weeks or months. These approaches have numerous
problems:
 Users often forget complicated or frequently changing passwords, resulting in frequent calls
to a help desk. The help-desk employee then faces the burden of identifying the employee by
some other means and resetting the password. This process takes time and is subject to social
engineering.
 Users may write down their passwords. However, this leaves passwords subject to discovery
and theft.
 Users often pick the same password for many different accounts, which means that someone
who discovers one of these passwords then has the “keys” to all the accounts.
 Users may pick an easy-to-remember password, which is easy to anticipate and therefore easy
to guess. Password-cracking programs cycle through entire dictionaries of English language
words and common word/number combinations such as “smart1” or “2smart4U.”
 Users may give away their passwords over the phone (social engineering) or via e-mail
(phishing, a type of social engineering) to individuals representing themselves as a system
administrator. Perhaps you have already received e-mails purportedly from a financial
institution claiming identity or account difficulties and asking you to “reconfirm” your
account information on their authentic-looking Web site.

As you can see, using passwords to identify a person is fraught with problems. Here are some
alternatives to explore. Look up each authentication approach listed below on the Internet,
 describe the method in your own words (be sure to cite your sources), and briefly list the
advantages and disadvantages.
A. Biometrics (biological measuring)
B. Smart cards
C. Biochips
 Answers:

Problems with passwords: Authentication

a. Biometrics (biological measuring)

Biometrics involves measuring an immutable and unique physical trait and using these
measures to identify an individual. This process requires system. The following
attributes have been used for biometric identification with varying degrees of success:
facial recognition, voice recognition, retinal scanning, iris scanning, and finger or palm
prints. DNA testing can be used to identify an individual, but the process presently
requires too much time and expense for access control.

Advantages

Biometrics eliminates the problems associated their biometrics or to remember to bring

their biometrics with them.

Speedy identification and authentication

One of the major shortcomings associated with traditional identification is that the
process of identification or identity verification can be painfully slow. The time is long
gone were showing a government issued IDs was enough proof of identity, now amid
the rising numbers of identity fraud and counterfeited IDs, they are no more reliable.
Biometric identification fixes the problem by hitting the core of it. It completely
eliminates the need of carrying an external artifact to prove your identity. It leverages
unique cha characteristics are pretty visible or observable, like face, gait, etc. while
others can be so tiny of hidden that differences cannot be figured out with mere
observation. In both the cases however, special setup is required to establish or verify
the identity of a subject.
Identification on the go

Post 2007, the world has seen rapid growth in mobile biometrics applications and
hardware. Each year, manufacturers launch new and innovative ways for identity
authentication on mobile devices and service providers come up with services
integrated with mobile biometrics hardware. It has presented an opportunity to address
the challenges faced during identify verification on the go.

In many field applications like law enforcement, officers face a practical problem of
identity verification of subjects as they do not have access to the office resources.
Biometric identification for mobile devices has made it possible to capture biometric
identifiers like face, fingerprints, iris scan on-the-go, cutting down the identity
verification time dramatically and patching the loopholes of traditional IDs.

Convenience

Convenience is another advantage with biometric identification. We have discussed

above that identification with IDs or passwords can be a nerve-wrecking experience.
Digging the government database or awaiting response of a government agency for
identity verification can be painfully slow process. That is not all; user identification
with passwords and PINs is no less than a memory challenge these days. All those out-
of-dictionary phrases with numbers and special characters are set to escape your mind
if you do not cram them like a multiplication table. Biometric identification eliminates
all hassles associated with IDs, passwords and other possession or knowledge based
identification methods, making identification a truly convenient experience.

Accountability

Accessing a biometrically secured logical or physical facility requires the presence of

an authorized individual following a biometric scan. This generates reliable and
auditable logs of accessing the facility. Users cannot deny these logs as they are a
proof of willful access. It improves the user accountability.
Security

IDs and other printed identity documents can be counterfeited; passwords or PINs can
be guessed, stolen or hacked, but biometric identifiers can neither be counterfeited nor
be stolen. Some security researchers have shown that fingerprints or facial recognition
systems can be hacked with spoofs, however, newer systems are equipped with more
advanced spoofing-proof technology that does not accept anything less than a live
biometric identifier, making biometrics securer than other identification methods.

Disadvantages

Biometric systems possess varying degrees of accuracy. Given a large enough sample
group, two individuals may have attributes that are too similar for present technology
to differentiate. Privacy groups have expressed concerns over what will become of
recorded biometric data. Is a corporate finger print identification database subject to
government subpoena? Lastly, though some biometric systems have been in use for
about them tends to come from popular media.
Hollywood movies frequently and incorrectly depict villains defeating biometric
systems by using a latex finger print, displaying a photographic reproduction, or
by dismembering their victims. These fears are largely unfounded as many biometric
systems reject an access attempt if the measured body part fails to exhibit a pulse.
Even so, administrators will need to address public mistrust and privacy concerns.
Recently, many security firms believe that fingerprints are too easy to fake, and have
moved to either retinal or iris scans.

Biometric characteristics are permanent and this fact is one of the founding stones of
biometric identification. Ironically, it also becomes the most dreadful disadvantage if
biometric identifiers are stolen. Unlike PINs or passwords, that can be changed if
compromised, biometric identifiers of a person cannot be changed if stolen.
Unfortunately biometric identifiers like face, gait, heat map, etc. are already exposed
and can be stop identification, prevention is the cure. Improving the technology to the
point where stolen
Biometric deniers will be of no use, can be the remedy of this disadvantage.

Performance and population coverage

There are many factors that can affect performance of a biometric system, e.g.
environmental factors, user behavior, badly maintained system, etc. The technology
used may also have some limitations. Performance metrics of biometric system are
taken into account before releasing biometric identification products. However, they
may still offer less than expected performance due to several other factors depending
on user behavior, environment, etc.

Population coverage is another challenge in front of biometric identification. Biometric

recognition technology is yet to reach the point where it can be called a universal
method of identification. When you deploy a biometric solution (e.g. fingerprint
recognition), there is no guarantee that all subject in target population will have
minimum quantity and quality of biometric identifiers. Physical labor, diseases,
accidents may cause biometric identifiers to deteriorate, which can cause a biometric
system to fail to enroll or identify a subject.

Cost
Despite being cheaper than ever, biometric systems can still be expensive to implement
for the specific use cases or smaller outfits. Owing to this fact, biometric system may
not best the best idea for applications where number of people to identify is very less
and can be managed with manual methods. Regular maintenance of biometric systems
is also important to ensure optimum performance, however, it also incur additional
cost.
Technical complexity

While most part of deployment and implementation of a biometric system is taken care
by its vendor, biometric systems may require the administrator to have a certain level
of tech-friendliness to use, maintain and perform day-to-day back-end operations.
Some organizations may not be comfortable with that part and may find biometric
systems too complex for them.

b. Smart cards
A smart card involves the possession of an object such as a card or computer chip as
well as a password for authentication. ATM cards operate on this principle.

Advantages

This solves the problems associated with theft or social engineering. A user might
unwittingly give out his or her password over the way phone,. Some of the advantages
Include:
 Larger memory.
 High levels of security
 Reduced fraud
 Organized information
 Reliability
 Upper management information
 Information Security
 Ease of use without need for connections online or via telephone
 User comfort
 Represent liquidity
 Through the Internet, smart card users can buy and pay for computer network
 Ensuring economic operations, 100% effective theft-proof.
 Falling costs for operators and users.
 Multiservice smart cards.
 Privacy.
 Administration and control over cash payments.
Disadvantages
Administrators must still manage password accounts and forgotten passwords. They
must also issue and replace the smart cards, too. Even with the added security
precautions, users have been known to write their passwords on their smart cards,
thereby defeating any additional security benefits such a card provides. Lastly, hackers
may exploit the systems managing the card/password authentication process and
obtain duplicate cards and their associated passwords. Among others the following are
some of the dis advantages of Smart Cards:
A more powerful virus.
Discomfort to retrieve information from a stolen card.
For its size can be easily misled.
The card must be recharged.
Increased cost of production.
Dependence of electrical energy for use.
Vulnerable to fluids.
Bank fees associated with credit card.
We need a smart card reader.

b. Biochips
These are essentially RFID tags implanted under the skin. Numerous municipalities
have been using bio-chips instead of tags for dog and cat registration. Bio chip
authentication systems send out radio waves, and the chips reflect back these waves in
a uniquely coded pattern. The authentication system then looks up this unique pattern
in its database to identify the chip and all the data associated with it. To do this, the
database contains records with names and their associated chip patterns.

Advantages
This solves all the problems associated with passwords. Users have nothing to
remember. It also solves the accuracy problems associated with biometrics.

Disadvantages
Criminals can forcibly remove and reuse a chip. People might resist having such a chip
implanted for that reason. More sophisticated criminals may be able to secretly copy
an individual’s reflected key and reproduce a copy of the original chip.
 References:
 BAI Authenticator Smart Card (2007): http://biometricassociates.com
 Biometric statistic in focus (2006): http://www.sciencedirect.com
 Biometric Technical Assessment (2001): http://biometric-consulting.com
 IEEE: Biometrics (2007): http://www.ieee.org/portal/site/emergingtech/inde
x.jsp?techId=623
 Jutant, A. (2007): The Magic Touch, http://stevenspublishing.com
 Hi-Tech Security Solutions: The Industry Journal for Security & Business
Professionals (2007): http://www.securitysa.com
 https://www.chegg.com/homework.../internet-job-rightsthree-ethical-scenarios
9