There are various ethical issues surrounding the use of information technology that businesses and users must be wary of. Such ethical concerns include the use and distribution of intellectual property. Intellectual property refers to the rights regarding an intellectual product for example an author’s writings or a firm’s patent. Copyright refers to an exclusive right to have access or to perform certain actions for example, downloading a song or accessing a copyrighted document. The topic of copyrights is another ethical issue surrounding information technology. The fair use doctrine is also an ethical issue surrounding the use of information technology. The fair use doctrine states that in certain cases, it is authorised or legal to use copyrighted material. For example, most textbooks state that only 10% of the book can be photocopied and released. Pirated software is another ethical issue surrounding the use of information technology. Pirated software refers to original programs that have been duplicated and distributed for an illegitimate profit. Counterfeit software is an additional ethical issue surrounding the use of information technology. This refers to programs and softwares that have been replicated by fraudulent companies to appear to be the same as another firms good or service, for example, the fake iPhone. Firms must ensure that they are aware of all these ethical issues and implement the necessary procedures to prevent such issues from having a damaging effect on their business.
Describe the relationship between an ‘email privacy policy’ and an ‘Internet use policy’.
There is an obvious relationship between email privacy policies and internet use policies implemented by businesses. An email privacy policy is a written statement illustrating the extent to which emails can be read by others and how the email server is to be used by employees e.g. not using ones email to distribute spam such as chain letters. Email privacy policies usually consist of a definition of whom the legitimate email users of a firm are, explanation of backup procedures, legitimate grounds for reading other’s emails and requests users to be mindful when attaching files to emails and opening attached files. As emails are accessed online, to ethically use email systems, a firm must ensure that its users adhere to its internet use policy. This policy includes general principles to be followed to ensure the proper use of the internet within a firm. Such policy describes the services available on the internet, the purpose of internet access, user responsibilities and the sanctions for violations. Therefore, it is evident that, for a user such as an employee to effectively and ethically use the firms emailing system, the user must have a thorough understanding of the expectations set by the firm in relation to the overall internet use.
Summarise the five steps to creating an information security plan
There are five general steps that may be followed by firms when creating an information security plan. Such steps are displayed below in the chart.
Authentication refers to a method implemented by the informational technology department of a firm to confirm the identities of the users accessing the network. Authentication refers to what the user is, has or knows and employs the use of biometrics such as face recognition, whereas, authorization refers to the process of giving a user permission to perform a particular action, for example, accessing certain files. There are various types of authentication procedures implemented by businesses. Such procedures can include the use of user ID’s and passwords, smart cards or tokens or fingerprint recognition. These various examples have different degrees of effectiveness for maintaining the security of a firm’s information. For example, a user token (a tool that sends a user a different password to type into a system each time the system is accessed) proves to be more effective than a traditional password system, which is easily hacked through the answering of secret questions etc. Authorization may allow an internet user such as an employee to gain access to a certain database, or to enable a user to access a specific website.
What the Five main types of Security Risks, suggest one method to prevent the severity of risk?
The five main security risks faced by businesses include human errors, natural diasters, technical failures, deliberate acts and management failure. Human error is inevitable in a business and is not considered to be malicious or intentional. An example of a human error may be mistyping data into a computer system such as MYOB which would result in the wrong amount of pay being sent to an employee. A natural disaster is another example which may impose a security risk for a business. Examples of natural disasters may be floods, earthquakes or terrorist attacks. A disaster such as a major earthquake may physically affect a business or may just have a minor effect such as limiting internet access for a certain period. Firms must also be aware of the growing security risk of terrorism. Most large businesses have incorporated strategies and procedures for if such event did occur within the firm. Technical failures are another example of an inevitable security risk which businesses must be aware of. Technical failures may include software bugs such as viruses which are commonly transmitted through emails and other internet systems. Technical failures may also consist of hardware crashes. To prevent such risks from having a negative effect on the operations of a firm, the information security officer should implement routine checks on the databases and conduct physical checks on employee’s hard drives to ensure such security risk does not occur. Deliberate acts are also considered a key security risk facing firms. Deliberate acts may include sabotage or white collar crime. Sabotage refers to the intentional vandalism or misuse of information by employees for revenge or for ones own benefit. For example, an employee may be annoyed by the management system at their workplace, so in an act of revenge emails all of the firm’s important data to the firm’s competitors. White collar crime is normally considered to be a financial crime in which the employees of a firm may use their inside knowledge of the firm to inform people outside the organisation of important information. For example, an employee of a public business on the Australian Stock Exchange may inform their friends to swiftly sell their shares due to the financial state of the business. Lastly, management failure is also considered to be a main security risk faced by businesses. Management failure may be considered intentional or accidental and usually consists of a lack of procedure, lack of documentation and a lack of training. To ensure the management team of a business is correctly moving their business in the right direction, the managers must have consistent and adequate training to ensure they are aware of the goals of the firm and are aware of certain facets of the business, for example, the necessity to secure all of the firm’s information. To prevent the severity of a risk, such as human error, a business should employ ‘checks’ to ensure employees are correctly handling and distributing the businesses data. To prevent issues such as sabotage, a business could employ monitoring software that could oversee what emails are being sent to external and internal addresses. Such software is quite controversial but could be used to adequately oversee the processing of information and the movements of the employees within a firm.
No comments:
Post a Comment