s12_mis454-ISAES

=MIS454: AUDIT, ETHICS & IS ISSUES =

Semester:
Spring 2012 (Feb 1st, 2012 - Jun 7th, 2012)

Instructor:
Ali Hashmi

Contact info:
ahashmi55@yahoo.com ahashmi@iba.edu.pk mobile: 0334-3192577

Program:
BBA (MIS) Course Outline Spring 2012 MIS454 AUDIT, ETHICS & IS ISSUES

**Credit Hours:**
3 credit hours

Course Description:
This course analyzes the impact of modern information society and the influences of technological advances on society and culture. The emphasis will be on Information Systems related ethical issues, security challenges and audit planning.

Books:
A Gift of Fire: Social, Legal, and Ethical Issues for Computing and the Internet, Third Edition

Introduction to Computer Security, First Edition by Michael T. Goodrich; Roberto Tamassia

=Group Presentations= Group presentations will be held on Wed 23/5 and Sat 26/5

Lecture Notes:
=Topics for The Final Exam=





=Midterm 2=

Assignments

 * Assignment #4 (Due: May 9th Wed)**

Study the following case and answer the questions below:

1. Does Griffith University needs a security plan? Why or Why not? (2 points)

2. Study and critique the plan. How would you improve on it? (5 points)

3. Say that University has an e-mail server that processes sensitive emails from important people. What kind of things should be put into the security policy for the email server? (3 points)

Find out if IBA has an information security policy. If so, study it and report your findings with possible recommendations. Are proper security measures taken to protect critical systems and applications.
 * Assignment #5 (Due: May 16th Wed) Bonus assignment**

If the policy doesn't exist then propose one based on your understanding of Information security and ethics. Identify the business critical systems and how they should be protected from external and/or internal attacks.

Short Write up and presentation:
 * Assignment #1 (Due: Feb 15th Wed)**

1. Write a short essay about some topic related to computing technology or the Internet that interests you and has social or ethical implications. Describe the background; then identify the issues, problems, or questions that you think are important.

2. Some University ban use of cell phones during classes. Some require that students turn in their phones at the beginning of class and retrieve them afterwards. What are some reasons for these policies? Do you think they are good policies? Explain.

3. Think up some computerized device, software, or online service that does not yet exist, but that you would be very proud to help develop. Describe it.

1. Prepaid cell phone service can protect privacy. One can buy a phone for cash and pay cash in advance for service. There are no billing records, and records of calls made on the phone are not linked to the owner. Cell phone carriers and governments in a few countries considered ending prepaid phone service because criminals use it; law enforcement agencies could not trace them. Should the decision about whether to provide prepaid cell phone service be left to the service providers or should governments ban it? If left to the companies, what policy do you think they should adopt? Give your reasons**.**
 * Assignment #2 (Due: Feb 29th Wed)**

2. Describe some uses of satellite surveillance that you think are acceptable extensions of traditional law enforcement activities and capabilities. Describe some uses where the technology makes a fundamental change that is not acceptable. Explain your reasoning.

3. Is Privacy a fundamental right in Pakistan as per constitution? What are the Privacy Issues in Pakistan from legal, social and cultural perspective**?**

The HF Corporation has a new refrigerator, the Monitator, which has a camera that takes a picture of the contents of the refrigerator and uploads it to the HF Corporation’s web site. The Monitator’s owner can then access this web site to see what is inside their refrigerator without opening the door. For security reasons, the HF Corporation encrypts this picture using a proprietary algorithm and gives the 4-digit PIN to decrypt this picture to the Monitator’s owner, so he or she can get access to the pictures of their Monitator’s interior. What are the security concerns and principles that this solution does and doesn’t support?
 * Assignment #3 (Due: April 7th,Sat)**
 * Question #1.**

As soon as Barack took office, he decided to embrace modern technology by communicating with cabinet members over the Internet using a device that supports cryptographic protocols. In a first attempt, Barack exchanges with Tim brief text messages, encrypted with public-key cryptography, to decide the exact amounts of bailout money to give to the largest 10 banks in the country. Let p B and p T be the public keys of Barack and Tim, respectively. A message m sent by Barack to Tim is transmitted as E p T ( m ) and the reply r from Tim to Barack is transmitted as E p B ( r ). The attacker can eavesdrop the communication and knows the following information: - Public keys p B and p T and the encryption algorithm, such that there is exactly one ciphertext for each plaintext. - The total amount of bailout money authorized by congress is $900B - The names of the largest 10 banks - The amount each bank will get is a multiple of $1B - Messages and replies are terse exchanges of the following form: Barack: How much to Citibank? Tim: $144B.
 * Question #2**

Barack: How much to Bank of America? Tim: $201B.

a) Describe how the attacker can learn the bailout amount for each bank even if he cannot derive the private keys. b) As a result of the above attack, Barack decides to modify the protocol for exchanging messages. Describe two simple modifications of the protocol that are not subject to the above attack. The first one should use random numbers and the second one should use symmetric encryption. c) Barack often sends funny jokes to Hillary. He does not care about confidentiality of these messages but wants to get credit for the jokes and prevent Bill from claiming authorship of or modifying them. How can this be achieved using public-key cryptography?

Links
[|Google Privacy Policy] http://www.cbsnews.com/stories/2011/02/06/sunday/main7323148.shtml   Is Privacy a fundamental right in Pakistan as per constitution?  What are the Privacy Issues in Pakistan from legal, social and cultural perspective?