1. Explain the ethical issues surrounding information technology.
The ethical issues surrounding copyright infringement and intellectual property rights are consuming the e-business world. Advances in technology make it easier for people to copy everything from music to pictures to videos. Ethical issues surrounding information technology are:
- Intellectual property – the skills and knowledge that an organisation or an individual forms. These individuals have a right to this product and can apply patent, copyright, trademark to protect their property. If an employee within a firm develops a unique product, the firm owns the product.
- Copyright – the exclusive right to do, or omit to do, certain acts with intangible property such as song, video game and some types of proprietary documents.
- Fair use doctrine – In certain situations, it is legal to use copyrighted material only if you have the rights.
- Pirated software – the unauthorised use, duplication, distribution, or sale of copyrighted software. Limewire is an application where you can download music/videos for free. www.limewire.com.
http://farm3.static.flickr.com/2728/4110685412_be0c46047d_o.jpg
- Counterfeit software – Software that is manufactured to look like the real thing and sold as such.
http://www.nevblog.com/images/conterfeit-software-big.jpg
2. Describe the relationship between an ‘email privacy policy’ and an ‘Internet use policy’.
Companies can mitigate many of the risks of using electronic messaging systems by implementing and adhering to an email privacy policy. An email privacy policy details which email messages may be read and how an employee email should be used and protected. A problem is the user of an email in an organisation has confused perceptions on how privacy of email. Organizations must create an email privacy policy that sets out clear rules on how employees can use the email to ensure employees know how the email system is going to be used and what kind of privacy you have to emails.
An Internet use policy contains general principles to guide the proper use of the Internet. An Internet use policy lists how an employee should use and manage the Internet, and the rules surrounding the usage of the Internet. This covers rules such as not looking at unauthorized sites, and not to use non-related websites when at work.
3. Summarise the five steps to creating an information security plan
i. Developing the information security policies – the Chief Security officer designs and implements security policies for the organization. These include policies notifying employees to not share passwords, log on and off after usage of computer, etc.
ii. Communicate the information security policies with employees– train and notify all employees about the policies and when they apply.
iii. Identify critical information assets and risks – ensuring any systems that contain links to external networks are safe, and anti virus software is implemented on all systems within the organization including IDs and passwords.
iv. Test and re-evaluate risks – ensuring the continuation of security reviews such as audits and background checks.
v. Obtain stakeholder support – gain the approval and support of the information security policies from the board of directors and all stakeholders. If you don’t have the support of management you cannot do anything.
4. What do the terms; authentication and authorization mean, how do they differ, provide some examples of each term.
Authentication is a method for confirming users’ identities. Once a system identifies the user it can identify the access privileges. Example if a CEO of an organization logs into a system, the system might give extensive information about the organization whereas if an ordinary employee logs into the system it might give access to limited information. Password and user ID, smart card, token cards and Fingerprints may be used to access information.
http://www.sis.com.mt/sis/images/smart-card_chip.jpg
Authorization is the process of giving someone permission to do or have something. For example the chief security officer might have access to all passwords and IDs of the employees in an organization, whereas an ordinary employee will have access to his/her password only.
5. What the Five main types of Security Risks, suggest one method to prevent the severity of risk?
Technical failure – Method: Ensuring there are backups, robust systems, updating and protecting systems continually.
Natural disaster – Method: Ensuring hot and cold sites are available, offsite backups, and disaster recovery.
http://www.phantomdatasystems.com/disasterrecoveryschema.gif
Deliberate acts – such as virus, spam, hackers, sabotage, bribes from other organizations given to employees to provide specific information, hoaxes, spoofing, spyware, sniffer. To prevent some of these deliberate acts, organizations should install anti virus softwares.
http://www.buybusinesssoftware.com/images/Product_images/Norton%20AntiVirus%202010%201pg
Management failure – To ensure management failure does not occur, organizations should ensure employees have adequate training, and extensive training of technology as technology is continually changing and improving. Continuing training and education will also improve employees knowledge and experience.
No comments:
Post a Comment