Sunday, April 3, 2011

Ethics and Information Security

Chapter 4

1. Explain the ethical issues surrounding information technology.
Ethics is defined as 'the principles and standards that guide our behavior to other people'. Due to the fast growing technology in society many issues have arisen surrounding copyright infringements and issues of intellectual property rights, things such as image, music and movie copying and downloading is a major area which has increasing become an issue with the rising and advancing or technology. These actions which are illegal are also now seen as unethical due to the fact that these actions are classified as stealing from a party whom has not consented to the use of there products in this way.


      Figure 5: Cartoon comic of unethical decisions in a work place.  

2. Describe a situation involving technology that is ethical but illegal.
An example where technology is used in a way that is said to be illegal but is actually ethical would be when purchasing a computer program and creating a copy to back up in case of loss of the original copy. Though it says that copies of the program should not be made and that it is an offense to do so, the backing up of a program for your own use is not undercutting the producers of customers. This situation may be easily altered by changing one or more of the factors. For example if the copy is being made multiple times to sell over the internet or at a market then the issue becomes both unethical an illegal.

3. Describe and explain one of the computer use policies that a company might employ.
Many companies employ a blocking of particular sites on there work network. Programs like Facebook are often seen as both distracting and also lead to risk 
of cyber-bullying and inappropriate relations between colleagues. Blocking these programs allows for the company to remove issues that may risk how the company runs and cause a lack of ethical treatment to employees. Another way that a company may minimize the risk of such issues from appearing within there staff is to employee monitoring processes on there screens and email programs. For example many companies will not allow for particular emails to pass through to the recipient as they are not seen fit for within the workplace.

4. What are the 5 main technology security risks?
-Human error
-Natural disaster (Floods, earthquakes)
-Technical failures (software bugs)
-Deliberate acts (sabotage, white collar crime)
-Management failure

5. Outline one way to reduce each risk.
Human error: often this can be due to untrained employees who have not been properly informed on the programs that are being used. One way of reducing the risk of information that is being imputed by employees is to train them within there job and also with how the programs work. If this is done correctly the risk of pivotal information being unsaved or disclosed to the wrong people will be greatly reduced.


Natural Disaster: These can cause great effect on the security and information which is held within a business. To remove the risk of loosing all data and information in the event of a natural disaster businesses generally have an off-site data holding facilities which have all data and information backed up!
Technical failure: the most important thing with technology is to create backed up data in many different external areas other that within the company network. This is so that if a program is effected by a bug of some sort the safety of the data is not lost.
Deliberate acts: This refers to things such as password hacking and even risk of online back-robbery. The main deterrent of these things is to create passwords which are going to be uncommon or difficult to guess. It is often suggested to have capital letters in the middle of the password and numbers also. The other way these risks can be reduced it through a continual change of passwords and making sure that things such as online banking and emails are logged off when the computer is not being watched.

Figure 6: Statistics of online crime from 2007-2008

Management failure: this again needs to be backed up with programs which could be of vital importance and are at risk of being lost and also has too do with whether the management staff are properly trained to keep company files safely stored and covered.

6. What is a disaster recovery plan, what strategies might a firm employee?
The main things that companies should have planned in case of a disaster such as bomb threats, chemical spills, fire, flood, network failure or terrorism (just some examples) is to have somewhere away from the main company base which holds all date systems and files that the company has. The company should also have ways to communicate to these plants and be able to quickly move the people needed to the places to that there is minimal "downtime" where the company is at risk of loosing millions of dollars in income. This also means that key people must know where and how to find the backed up date and obtain it to remove as much cost to the business as possible.

No comments:

Post a Comment