1. Explain the ethical issues surrounding information technology.
There are many ethical issues surrounding IT today. Ethics is about the principles and standards that guide our behaviour toward other people. Information ethics looks at the ethical issues arising from the development of IT. Through the advances of IT many ethical issues have developed with things such as copyright, privacy and confidentiality, pirated software and counterfeit software.
Copyright and counterfeit is a major ethical issue surrounding IT. More than ever, music, movies and software is being copied and illegally distributed. Technology has allowed the sharing of files easily over networks and illegal download of products. So many people also have access to information through means such as the internet and the ethical issue of plagiarism is becoming more evident in society today 
too.
A persons Security has also been threatened through the development of IT. The internet has allowed for users to bank over the internet and shop online. However, it has also allowed hackers easier access to get into various networks and websites.
Though advances in technology have developed our world and enabled things to move faster and for people to gain more information, it has also at the same time opened up the issue of privacy. How much information is one required to give over the internet? How much information can a company give out? Are just some questions that IT has caused. Browsers can now record a person’s activity on sites, companies can search through emails and employers can easily access information on employees through sites such as Facebook.
The below link will prodvide further information on the topic:
http://www.misq.org/archivist/vol/no10/issue1/vol10no1mason.html
2.Describe the relationship between an ‘email privacy policy’ and an ‘Internet use policy’.
‘Email privacy policy’ is the extent to which emails can be read by other people. In order to reduce the risk of using electronic messaging systems at work, a company can introduce an email privacy policy that must be adhered to by employees. The policy should state the following:
- States how employees can use email and the internet for private and non- employment purposes.
- States what activities are allowed and which are not.
- Outlines the type of information that will be recorded and the members of the organization that will have access to it .
- It shows the monitoring and auditing process that will consider the information.
Similar to the email privacy policy the internet use policy outlines the way the internet is allowed to be used within an organization. It contains general principles of its use and rules that should be followed when using the internet in an organization. This policy should state:
- Describe the available internet service- what services they are allowed to access on certain sites.
- It should describe the organizations position on the purpose of the internet within the organization and any restrictions that may be in place.
- It should work hand in hand with the computer use policy.
- Describe user responsibilities when citing sources and ensuring the company’s name remains intact.
- It should state the consequences if the policy is not followed.
3. Summarise the five steps to creating an information security plan
1) Develop the information security policies: This is where you nominate someone who will be responsible and held accountable for developing the information security policies. Some of these policies may include; logging off after the day or at lunch, not sharing logins and changing passwords regularly. This person is typically the CSO (chief security officer)
2) Communicate the information security policies: Effectively communicate policies to employees ensuring they understand them and know how to abide by them. E.g. there will be consequences if the policies are not followed.
3) Identify critical information assets and risks: The use of logon IDs, passwords and antivirus software. Ensuring the right protection is used when using outside sources and other external networks.
4) Test and re-evaluate risks: Performing regular security reviews and assessments, audits and background checks.
5) Obtain stakeholder support: Getting the support of security policies from managers, the board and other important stakeholders.
2. What do the terms; authentication and authorization mean, how do they differ, provide some examples of each term.
Authentication means to confirm users identify on the network or system. Authentication can come through the use of IDs or passwords for users. This can prevent a lot of security threats and allow monitoring of users in the organisation. Once this is done then the authorization of that person can be confirmed. Authorization is the process of giving someone permission to do certain things; on a network this can include access to certain internet sites, storage space or certain documents.
3. What the Five main types of Security Risks, suggest one method to prevent the severity of risk?
The five main security threats are:
1) Human error e.g. Leaving a computer when it is logged in
2)Natural disasters e.g. floods or earthquakes
3) Technical failures e.g. viruses or hardware crashes
4) Deliberate acts e.g. white collar crimes
5) Management failure e.g. lack of procedures or documentation
A great way for protection is through the use of firewalls. This is a hardware or software that guards the private network. This is done through analyzing what information is entering and leaving the network; it the message does not have the correct markings the firewall will prevent it from entering the network. (below video explains what a fire wall is)
No comments:
Post a Comment