Ralph M. Stair | George W.

Reynolds

Chapter 3

Securing Information
Systems

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
Why Learn About the Personal and Social
Impact of the Internet?

• Both opportunities and threats surround a

wide range of nontechnical issues
associated with the use of information
systems and the Internet
• Learning about potential threats can help
you to avoid becoming a victim of crime,
fraud, privacy invasion, and other potential
problems

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Computer Waste and Mistakes

• Computer waste 计算机浪费

– Organizations operating unintegrated
information systems 运营未集成信息系统的组织
– Acquiring redundant systems 获取冗余系统
– Wasting information system resources 浪费信息系
统资源
. Computer-related mistakes
– Errors, failures, and other computer problems
resulting in bad system output
– Mostly caused by human error
© 2016 Cengage Learning®. All Rights Reserved. May not be
scanned, copied
 Computer Waste

• Unitegrated information systems make it

difficult to collaborate and share
information
– Leads to missed opportunities, increased
costs, and lost sales
• Systems acquired in different
organizational units that perform the same
functions 在不同组织单位中获取的执行相同功能的系统

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Computer Waste (cont’d.)

• Improper use of information systems and

resources by employees
– Playing computer games, sending personal
email, surfing the Web, buying items online,
checking their status on LinkedIn, etc.

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Computer-Related Mistakes

• Common causes
– Unclear expectations
– Inadequate training and feedback
– Program development that contains errors
– Incorrect input by a data-entry clerk
– 期望不明确
– 培训和反馈不足
– 程序开发包含错误
– 数据录入员输入错误
© 2016 Cengage Learning®. All Rights Reserved. May not be
scanned, copied
Preventing Computer-Related Waste and
Mistakes

• Involves:
– Establishing policies and procedures
– Implementing policies and procedures
– Monitoring policies and procedures
– Reviewing policies and procedures

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Establishing Policies and Procedures

• Types of computer-related mistakes

– Data-entry or data-capture errors
– Errors in computer programs
– Errors in handling files
– Mishandling of computer output
– Inadequate planning for and control of
equipment malfunctions 设备故障规划和控制不足
– Inadequate planning for and control of
environmental difficulties 对环境问题的规划和控制不足
© 2016 Cengage Learning®. All Rights Reserved. May not be
scanned, copied
 Establishing Policies and Procedures
(cont’d.)

• Types of computer-related mistakes

(cont’d.)
– Installing computing capacity
inadequate for the level of activity
– Failure to provide access to the most
current information
– 安装的计算能力不足以满足活动水平
– 无法提供对最新信息的访问

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
Implementing Policies and Procedures

• Policies to minimize waste and mistakes

– Changes to critical tables, HTML, and URLs
should be tightly controlled
– A user manual should be available covering
operating procedures
– Each system report should indicate its general
content in its title and indicate relevant
time period
– 应严格控制对关键表格、 HTML 和 URL 的更改
– 应提供涵盖操作程序的用户手册
– 每份系统报告都应在标题中注明其一般内容，并注明相关时间段
© 2016 Cengage Learning®. All Rights Reserved. May not be
scanned, copied
Policies to Minimize Waste and Mistakes
(cont’d.)

• The system should have controls to

prevent invalid and unreasonable data
entry
– Ensures that data input, HTML, and URLs are
valid, applicable, and posted in the right time
frame
• Users should implement proper
procedures to ensure correct input data

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Monitoring Policies and Procedures

• Monitor routine practices and take

corrective action if necessary
• Implement internal audits to measure
actual results against established goals 实
施内部审计，根据既定目标衡量实际结果

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Reviewing Policies and Procedures

• Questions to be answered
– Do current policies cover existing practices
adequately?
– Does the organization plan any new activities
in the future? Who will handle them and what
must be done?
– Are contingencies and disasters covered?

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
The Computer as a Tool to Commit Crime

• To commit a computer crime, a criminal

needs to know how to:
– Gain access to the computer system
– Manipulate the system to get the desired
result
• Social engineering: using social skills to
get computer users to provide information
to access an information system 社会工程学：
利用社交技巧让计算机用户提供信息以访问信息系统
© 2016 Cengage Learning®. All Rights Reserved. May not be
scanned, copied
Tips to Avoid Becoming a Victim of Social
Engineering

• Never provide information such as your

user name, logon ID, password, Social
Security number, account numbers, etc.
• Be highly suspicious 可疑的 of anyone who
proactively contacts you about a problem
with your computer or computer services
• Ask for proof of identity if someone calls
and asks for sensitive information

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
The Computer as a Tool to Commit Crime
(cont’d.)

• Dumpster diving: going through the

trash of an organization to find secret or
confidential information, e.g., information
needed to access an information system
or its data
• 翻找垃圾：翻找组织的垃圾来寻找秘密或机密信息，例如访问信息系统
或其数据所需的信息

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Cyberterrorism 网络恐怖主义

• The intimidation 恐吓 of government or

civilian population by using information
technology to disable critical
national infrastructures to
achieve political, religious, or
ideological goals 利用信息技术破坏关键的国家基
础设施，以达到政治、宗教或意识形态目的，对政府或平民进行恐吓

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Cyberterrorism (cont’d.)

• Homeland Security Department’s

Information Analysis and Infrastructure
Protection Directorate
– A focal point for threat assessment, warning,
investigation, and response for threats or
attacks against the country’s critical
infrastructure 负责对国家关键基础设施的威胁或攻击进行威胁评估、
警告、调查和响应的协调中心

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Identity Theft

• An imposter obtains personal identification

information in order to impersonate
someone else: 冒名顶替者获取个人身份信息以冒充他人：
– To obtain credit, merchandise, and services in
the name of the victim
– To have false credentials 虚假凭证
• Preparation of false federal tax returns and
child identity theft are rapidly growing
areas of identity theft
© 2016 Cengage Learning®. All Rights Reserved. May not be
scanned, copied
 Computer Theft

• ATM-skimming
– Ploutus (also called “Plotos”) is malware
designed to steal money directly from ATM
machines
• A “brick attack” involves attackers infecting
the servers that store customer data and
rendering them completely useless,
unable to be turned on “ 砖头攻击”是指攻击者感染存
储客户数据的服务器，使其完全失效，无法启动
© 2016 Cengage Learning®. All Rights Reserved. May not be
scanned, copied
The Computer as a Tool to Fight Crime

• Ways computers are used to fight crimes

– Helping recover stolen property
– Monitoring sex offenders
– Helping to better understand and diminish
crime risks
– 帮助追回被盗财产
– 监控性犯罪者
– 帮助更好地了解和降低犯罪风险

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Recovery of Stolen Property

• LeadsOnline Web-based service

system
– Used by law enforcement to recover stolen property
– Contains hundreds of millions of database records
– Allows law enforcement officers to search the
database by item serial number or by individual
– 执法部门用它来追回被盗财产
– 包含数亿条数据库记录
– 允许执法人员按物品序列号或个人搜索数据库

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Monitoring Criminals

• JusticeXchange
– A Web-based data sharing system
– Provides information about offenders held in
participating jails across the United States

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Monitoring Criminals (cont’d.)

• Offender Watch
– Web-based system used to track registered
sex offenders
– Stores the registered offender’s address,
physical description, and vehicle information
– The public can access the database at
www.communitynotification.com

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 The Computer as the Object of Crime

• Crimes fall into several categories

– Illegal access and use
– Data alteration and destruction
– Information and equipment theft
–Software and Internet piracy 盗版
– Computer-related scams
– International computer crime
– 非法访问和使用
– 数据篡改和破坏
– 信息和设备盗窃
– 软件和互联网盗版
– 计算机相关诈骗
– 国际计算机犯罪
© 2016 Cengage Learning®. All Rights Reserved. May not be
scanned, copied
 Table 1 Common Methods Used to
Commit Computer Crimes
Methods
Add, delete, or change inputs to the
computer system.
Modify or develop computer programs
that commit the crime.
Alter or modify the data files used by the
computer system.
Operate the computer system in such a
way as to commit computer crime.
Divert or misuse valid output from the
computer system.
Steal computer resources, including
hardware, software, and time on
computer equipment.
Offer worthless products for sale over
the Internet.
Blackmail executives to prevent
release of harmful information.
Blackmail company ©to2016
prevent loss
Cengage of . All Plant
Learning ®
scanned, copied
computer-based information.
Examples
Delete records of absences from class in
a student’s school records.
Change a bank’s program for
calculating interest so it deposits
rounded amounts in the criminal’s
account.
Change a student’s grade from C to A.
Access a restricted government computer
system.
Steal discarded printouts of customer
records from a company trash bin.
Make illegal copies of a software
program without paying for its use.
Send emails requesting money for
worthless hair growth product.
Eavesdrop on organization’s wireless
network to capture competitive data or
scandalous information.
a logic May
Rights Reserved. bomb
not and
be send a letter
threatening to set it off unless paid a
 Illegal Access and Use

• Hacker: person who enjoys computer

technology and spends time learning and
using computer systems
• Criminal hacker (cracker): a computer-
savvy person who attempts to gain
unauthorized use or illegal access to
computer systems 试图未经授权使用或非法访问计算机系
统的计算机专家

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Illegal Access and Use (cont’d.)

• Script bunny: a derogatory term for

inexperienced hackers who download
programs called “scripts” that
automate the job of breaking into
computers 一个贬义词，指的是那些下载被称为“脚本”的程序来
自动入侵计算机的缺乏经验的黑客
• Insider: an employee, disgruntled or
otherwise, working solo or in concert with
outsiders to compromise corporate systems 内
部人员：无论是否心怀不满，单独或与外部人员合谋破坏公司系统的员工
© 2016 Cengage Learning®. All Rights Reserved. May not be
scanned, copied
 Illegal Access and Use: Malware

• Malware: software programs that when

loaded into a computer system will
destroy, interrupt, or cause errors in
processing

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Table 2 Common Types of Computer
Malware
Type of Malware Description
Logic Bomb A type of Trojan horse that executes when specific conditions
occur. Triggers for logic bombs can include a change in a file by
a particular series of keystrokes or at a specific time or date.
Rootkit A set of programs that enables its user to gain administrator level
access to a computer or net- work. Once installed, the attacker
can gain full control of the system and even obscure the presence
of the rootkit from legitimate system administrators.
Trojan Horse A malicious program that disguises itself as a useful application
or game and purposefully does something the user does not
expect.
Variant A modified version of a virus that is produced by the virus’s author
or another person by amending the original virus code.
Virus A malicious program that copies itself and infects a computer,
spreading from one file to another, and then from one computer to
another when the files are copied or shared. Most viruses attach
themselves to executable files, but some can target a master boot
record, autorun scripts, or Microsoft Office macros.
Worm A malicious program that spreads from computer to computer,
but unlike a virus, it can spread without any human action. For
example, a worm
© 2016 Cengage can®.send
Learning a copy
All Rights of itself
Reserved. May notto
be everyone listed in
your email addressscanned,
book. copied
 Spyware

• Software installed on a personal computer to

intercept or take partial control of
the user’s interaction with the
computer without the knowledge or
permission of the user 安装在个人计算机上的软件，用于在
用户不知情或未经用户许可的情况下拦截或部分控制用户与计算机的交互
• Similar to a Trojan horse
– Users unknowingly install it when they download
freeware or shareware from the Internet

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Information and Equipment Theft

• Password sniffer 密码嗅探器 : a small program

hidden in a network that records
identification numbers and passwords
• All types of computer systems and
equipment have been stolen from homes,
offices, schools, and vehicles
– Data and information stored in these systems
are more valuable than the equipment

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Patent and Copyright Violations

• Software piracy 软件盗版

– The act of unauthorized copying or
distribution of copyrighted software
– Penalties can be severe
• Digital rights management
– The use of any of several technologies to
enforce policies for controlling access to
digital media (e.g., movies, music, and
software)
© 2016 Cengage Learning®. All Rights Reserved. May not be
scanned, copied
Patent and Copyright Violations (cont’d.)

• Patent infringement 专利侵权

– Occurs when someone makes unauthorized
use of another’s patent
– A penalty up to three times the damages
claimed by the patent holder can be assessed

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Computer-Related Scams

• Phishing
– The perpetrator sends an email that looks as
if it came from a legitimate institution 犯罪
者发送了一封看起来像是来自合法机构的电子邮件
– The recipient is asked to provide personal
identification information, e.g., a pin number and
password
• Financial services firms and retail/service
firms are common targets of phishing
attacks
© 2016 Cengage Learning®. All Rights Reserved. May not be
scanned, copied
 Computer-Related Scams (cont’d.)

• Vishing: a scam that attempts to steal an

individual’s private information by having
them call a phone number and enter
personal data
• Smishing: a scam that attempts to steal an
individual’s private information by having
them respond to a text message

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 International Computer Crime

• Computer crime becomes more complex

when it crosses borders
• Money laundering is the practice of
disguising illegally gained funds so that
they seem legal

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Preventing Computer-Related Crime

• Greater emphasis is being placed on

prevention and detection of computer
crime by:
– Private users
– Companies
– Employees
– Public officials

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Crime Prevention by Organizations

• Public and private organizations are taking computer

crime seriously
– Encryption is used to encode data
– Role-based system access lists are used to control system
access
– Separation of duties is implemented to prevent
collusion
– Fingerprint authentication devices prevent
unauthorized access to computer systems
– 加密用于对数据进行编码
– 基于角色的系统访问列表用于控制系统访问
– 实行职责分离，防止串通
– 指纹验证设备可防止未经授权访问计算机系统
© 2016 Cengage Learning®. All Rights Reserved. May not be
scanned, copied
 Guidelines to Protect Corporate
Computers
• Install strong user authentication and
encryption capabilities on your firewall
• Install the latest security patches
• Disable guest accounts and null user accounts
• Do not provide overfriendly sign-in procedures for remote
users
• Restrict physical access to the server
• 在防火墙上安装强大的用户身份验证和加密功能
• 安装最新的安全补丁
• 禁用访客帐户和空用户帐户
• 不要为远程用户提供过于友好的登录程序
• 限制对服务器的物理访问
© 2016 Cengage Learning®. All Rights Reserved. May not be
scanned, copied
 Guidelines to Protect Corporate
Computers (cont’d.)
• Configure the server in case of break-ins
• Dedicate one server to each application
• Turn audit trails on
• Install a corporate firewall between your corporate network
and the Internet
• Conduct regular IS security audits
• Verify and exercise frequent data backups for critical
data

• 配置服务器以防入侵
• 每个应用程序专用一台服务器
• 打开审计跟踪
• 在公司网络和 Internet 之间安装公司防火墙
• 定期进行 IS 安全审计
© 2016 Cengage Learning . All Rights Reserved. May not be
®

• 验证并执行关键数据的频繁数据备份 scanned, copied

 Using Intrusion Detection Software

• An intrusion 入侵 detection system (IDS)

– Monitors system and network resources
– Notifies network security personnel when it
senses a possible intrusion 当感知到可能的入侵时通知网
络安全人员
– Can provide false alarms

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Security Dashboard

• Software that provides a comprehensive display on a

single computer screen of all the vital data related to
an organization’s security defenses, including:
– Threats
– Exposures
– Policy compliance
– Incident alerts
– 该软件可在单个计算机屏幕上全面显示与组织安全防御相关的所有重要数据，包括：
– 威胁
– 曝光
– 政策合规性
– 事件警报
© 2016 Cengage Learning®. All Rights Reserved. May not be
scanned, copied
Computer Network Defence Internet
Operational Picture

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Using Managed Security Service
Providers (MSSPs)

• Organizations that monitor, manage, and

maintain network security for both
hardware and software for other
organizations
• Examples
– AT&T, Computer Sciences Corporation (CSC),
Dell SecureWorks, IBM, Symantec, and
Verizon

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
Guarding Against Theft of Equipment and
Data

• Set guidelines on what kind of data (and

how much of it) can be stored on laptops
• Require data on laptops to be encrypted
• Require all laptops be secured using a
lock and chain device
• Provide training on safe handling of
laptops and their data
• Install tracking software on laptops
© 2016 Cengage Learning®. All Rights Reserved. May not be
scanned, copied
 Crime Prevention for Individuals and
Employees

• Identity theft
– Consumers should regularly check credit
reports with major credit bureaus
• Malware attacks
– Antivirus programs should be run to protect
your computer and to prevent spreading
malware to your friends and coworkers

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Crime Prevention for Individuals and
Employees (cont’d.)

• Tips to avoid becoming a victim of

computer scams
– Don’t agree to anything in a high-pressure
meeting or seminar
– Don’t judge a company based on
appearances
– Avoid any plan that pays commissions simply
for recruiting additional distributors 避免任何仅仅为
了招募额外经销商而支付佣金的计划

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Tips to Avoid Becoming a Victim of
Computer Scams (cont’d.)

• Beware of shills—people paid by a

company to lie about how much they’ve
earned and how easy the plan was to
operate
• Beware of a company’s claim that it can
set you up in a profitable home-based
business
• Do your homework

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Privacy Issues

• Issue of privacy deals with the right to be

left alone or to be withdrawn from public
view
• Data is constantly being collected and
stored on each of us
– The data is often distributed over easily
accessed networks without our knowledge or
consent
– Who owns this information and knowledge?
© 2016 Cengage Learning®. All Rights Reserved. May not be
scanned, copied
 Privacy at Work

• Employers use technology and corporate

policies to manage worker productivity and
protect the use of IS resources
– Concerned about inappropriate Web surfing
• Over half of employers monitoring employees’ Web
activity
• Organizations monitor employees’ email
– More than half retain and review messages

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Privacy at Work (cont’d.)

• Most employers have a policy that

explicitly eliminates any expectation of
privacy when an employee uses any
company-owned computer, server, or e-
mail system 大多数雇主都有一项政策，明确消除员工使用公
司拥有的任何计算机、服务器或电子邮件系统时的任何隐私期望
• The courts have ruled that, without a
reasonable expectation of privacy, there is
no Fourth Amendment protection for the
employee
© 2016 Cengage Learning®. All Rights Reserved. May not be
scanned, copied
 Privacy and Email

• Federal law permits employers to monitor

email sent and received by employees
• Email messages that have been erased
from hard disks can be retrieved and used
in lawsuits
• Email use among public officials might
violate “open meeting” laws

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Privacy and Instant Messaging

• To protect your privacy and your

employer’s property:
– Do not send personal or private IMs at work
– Choose a nonrevealing, nongender-specific,
unprovocative IM screen name
– Do not send embarrassing messages
– Do not open files or click links in messages
from people you do not know
– Never send sensitive personal data via IM
© 2016 Cengage Learning®. All Rights Reserved. May not be
scanned, copied
Privacy and Personal Sensing Devices

• RFID tags
– Microchips with antenna
– Embedded in many of the products we buy,
e.g., medicine containers, clothing, computer
printers, car keys, library books, tires
– Generate radio transmissions that, if
appropriate measures are not taken, can lead
to potential privacy concerns

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Privacy and the Internet (cont’d.)

• Social network services

– Examples: Facebook, Twitter, LinkedIn,
Pinterest, Google Plus, Tumblr, and Instagram
– Parents should discuss potential dangers,
check their children’s profiles, and monitor
children’s activities

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Privacy and Internet Libel Concerns

• Libel: publishing an intentionally false

written statement that is damaging to a
person’s or organization’s reputation
• 诽谤：发布故意虚假的书面声明，损害个人或组织的声誉
• Individuals:
– Can post information to the Internet using
anonymous e-mail accounts or screen names
– Must be careful what they post on the Internet
to avoid libel charges
© 2016 Cengage Learning®. All Rights Reserved. May not be
scanned, copied
Privacy and Fairness in Information Use

• Selling information to other companies can

very lucrative; many companies store and
sell the data they collect on customers,
employees, and others
– When is this information storage and use fair
and reasonable to the people whose data is
stored and sold?
– Do people have a right to know about and to
decide what data is stored and used?

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Corporate Privacy Policies

• Most organizations realize that invasions

of privacy can:
– Hurt their business
– Turn away customers
– Dramatically reduce revenues and profits
• Most organizations maintain privacy
policies

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Individual Efforts to Protect Privacy

• To protect personal privacy:

– Find out what is stored about you in existing
databases
– Be careful when you share information about
yourself
– Be proactive to protect your privacy
– Take extra care when purchasing anything
from a Web site

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Work Environment

• Use of computer-based information

systems has changed the workforce
– Jobs that require IS literacy have increased
– Less-skilled positions have decreased
• While information systems increase
productivity and efficiency, there are
inherent concerns with their use

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Health Concerns

• Occupational stress
• Seated immobility thromboembolism (SIT)
• Repetitive strain injury (RSI)
– Carpal tunnel syndrome (CTS)

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Avoiding Health and Environment
Problems
• Work stressors are hazardous activities
associated with unfavorable conditions of a
poorly designed work environment
• Ergonomics is the science of designing
machines, products, and systems to maximize
safety, comfort, and efficiency of people who
use them
• 工作压力源是与设计不良的工作环境的不利条件相关的危险活动
• 人体工程学是设计机器、产品和系统以最大限度地提高使用者的安全性、舒适
度和效率的科学
© 2016 Cengage Learning®. All Rights Reserved. May not be
scanned, copied
 Table 3 Avoiding Common Discomforts
Associated with Heavy Use of Computers
Common Discomforts
Associated with Heavy
Use of Computers Preventative Action
Red, dry, itchy eyes Change your focus away from the screen every 20 or 30
minutes by looking into the distance and focusing on an
object for 20 to 30 seconds.
Make a conscious effort to blink
more often. Consider the use of
artificial tears.
Use an LCD screen that provides a much better viewing
experience for your eyes by virtually eliminating flicker
while still being bright without harsh incandescence.
Neck and shoulder Use proper posture when working at the computer.
pain Stand up, stretch, and walk around for a few
minutes every hour.
Shrug and rotate your shoulders occasionally.

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Table 3 Avoiding Common Discomforts
(cont’d.)
Common Discomforts
Associated with Heavy
Use of Computers Preventative Action
Pain, numbness, Use proper posture when working at
or tingling the computer Do not rest your elbows
sensation in on hard surfaces
hands Place a wrist rest between your computer keyboard and the
edge of your desk.
Take an occasional break and spread fingers apart while
keeping your wrists straight
Taken an occasional break with your arms resting at
your sides and gently shake your hands

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Summary – Principle 1

• Computer waste is the inappropriate use

of computer technology and resources in
both the public and private sectors
• Preventing waste and mistakes involves
establishing, implementing, monitoring,
and reviewing effective policies and
procedures

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Summary – Principle 2

• Some crimes use computers as tools

• A cyberterrorist intimidates or coerces a
government or organization to advance his
or her political or social objectives by
launching computer-based attacks
• Identity theft is a crime in which an
imposter obtains key pieces of personal
identification information to impersonate
someone else
© 2016 Cengage Learning®. All Rights Reserved. May not be
scanned, copied
 Summary – Principle 2 (cont’d.)

• The computer is also used as a tool to

fight crime
• Computer crimes target computer systems
• Computer crime is an international issue
• Security measures, e.g., using passwords,
identification numbers, and data
encryption, help to guard against illegal
computer access

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied
 Summary – Principle 3

• Balancing the right to privacy versus the

need for additional monitoring to protect
against terrorism and cyberattacks is an
especially challenging problem
• Employers use technology and corporate
policies to manage worker productivity and
protect the use of IS resources
• A business should develop a clear and
thorough privacy policy
© 2016 Cengage Learning®. All Rights Reserved. May not be
scanned, copied
 Summary – Principle 4

• Jobs that involve heavy use of computers

contribute to a sedentary lifestyle, which
increases the risk of health problems
• Ergonomic design principles help to
reduce harmful effects and increase the
efficiency of an information system

© 2016 Cengage Learning®. All Rights Reserved. May not be

scanned, copied