Ethics & Security

ETHICS AND SECURITY

Weekly Questions – Week Five

Explain the ethical issues surrounding information technology.

The ethical issues surrounding information technology include privacy, copyright, and property issues.

Privacy is one of the largest ethical issues facing organisations. It is the interest of a person protecting their life from unwanted intrusion and public scrutiny, as people have the right to be left alone when they want, to have control over their personal possessions, and not to be observed without their consent. This is further related to the issue o confidentiality, which is the assurance that messages and information are available to only those who are authorised to view them.

Property issues are also a majorly ethical issue regarding information technology, as the ownership of information such as company emails, pictures on network, business plans, within organisations is becoming highly debated seeing that a growing number of employees are being fired due to misuse of email. This ownership of information also relates to copyright infringement, as advances in technology make it easier for people to copy everything from music to pictures without consent from the owner.

Describe a situation involving technology that is ethical but illegal.

Acting ethically is not always legal.

Information ethics concern the ethical and moral issues arising from the development and use of information technologies, as well as the creation, collection, duplication, distribution, and processing of information itself.

Describe and explain one of the computer use policies that a company might employ.

The use of email within organisations counts for up to 80% of communication within the organisation, therefore emphasising the importance of employing the email privacy policy. This policy details the extent to which email messages can be read by others and how employees may use email and the Internet within the organisation, stating what activities are permitted and not permitted. It also details the type of information that will be recorded and the members of the organisation that will have access to that information. Organisations can mitigate the risks of email and instant messaging communication tools by implementing and adhering to an email privacy policy.

What are the 5 main technology security risks?

Human Error: Sensitive data can be lost due to a number of simple human errors including lack of inadequate training on procedures, leaving a public computer logged on which allows anyone access to any data available on that computer. Tailgating, shoulder surfing, opening questionable emails, and poor password selection are also major human errors that pose as security risks to the security of an organisation, opening them up for attempted social engineering and identity theft. Another example of human error within technology is if employees are not proficient in their duties, for instance and employee who deletes important customer records, they have evidently lost the data and are a risk to the organisation.

Natural Disasters: Events that lead to destruction of data systems, which include fire, floods, earthquakes and tsunami’s as well as blackouts, brownouts and system failures. Terrorism is also a major threat to entire companies as both person and computer systems are destroyed, for example, the tragic events of 9/11.

Technical Failures: these include software bugs and hardware crashes.

Deliberate Acts: These include sabotage, and white-collar crimes.

Management Failure: These include lack of procedure and document training. 

Outline one way to reduce each risk.

Human Error: Employ automatic sign-out systems on company computers if unattended for a specific amount of time, as well as stronger password implementation and password expiry.

Technical Failures: Organisations should provide back-up servers and software security systems including firewalls.

Deliberate Acts: the use of authentication and authorisation such as fingerprint scan or voice signature to prevent hackers.

Management Failures: Implementing a security plan.

We, as people, are the first line of defence.

Organisations must enable employees, customers, and partners to access information electronically.

the biggest issue surrounding information security is not a technical issue, but a people issue.

33% of security incidents originate within the organisation.

INSIDERS ARE LEGITIMATE USERS WHO PURPOSELY OR ACCIDENTLY MISUSE THEIR ACCESS TO THE ENVIRONMENT AND CAUSE SOME KIND OF BUSINESS-AFFECTING ACCIDENT. 

What is a disaster recovery plan? What strategies might a firm employ?

A disaster recovery plan is a process of regaining access to computer systems and data after a disaster has taken place. The plan consists of a communication plan, alternative sites, business continuity, and the location of backup data. The business continuity plan outlines exactly what happens in a business/organisation once the disaster has occurred, containing well documented procedures, off-site data, and regular recovery testing so that the business is able to proceed as usual.