Ethics and Information Security
1. Explain the ethical issues surrounding information technology.
• There are five main issues surrounding the use of information technology:
Intellectual Property-rights which attempt to protect any form of creative or intellectual effort.
Fair use doctrine-certain situations in which it is legal to use copyright material.
Pirated Software-using, distributing and duplicating of copyright software without given permission.
Counterfeit Software- creating software to pose as or represent other software and sold under false terms to be the software.
2. Describe the relationship between an ‘email privacy policy’ and an ‘Internet use policy’.
• Both the internet and the email privacy policy set out adequate guidelines to how both of these applications should be used. The ‘email privacy policy’ is a guideline to how employees are required to use their given email and the appropriate use for the internet in both work and private, non employment related activities. It will address the activities which can be viewed and the type information stored and viewed by the employers. The ‘internet use policy is a guide for the approporate use of the internet which will address the available sites and the attitude taken by the organization towards the purpose of internet. The ‘email privacy policy’ can be covered in the ‘internet use policy’ as one area of internet use.
3. Summarize the five steps to creating an information security plan.
• The five steps involved with creation an Information Security Plan are:
1. Develop Information Security Policies-an organization must nominate or hire someone who is responsible for writing a security plan to suit the organization and bringing this into force. These policies may include simple enforceable tasks such as passwords for employees to log into their work space and regularly updating passwords to ensure they remain unknown.
2. Communicate the information policies-ensure that all employees understand the guidelines and enforce strict adherence to the policy to ensure that it is followed through.
3. Identify critical information assets and risks-eliminate possible risks by safeguarding any information which can be sourced by outside networks, and incorporate the use of passwords and IDs and anti-virus software.
4. Test and re-evaluate risks-to ensure that the policy is performing to a high standard continually assess the use of security, run background checks and perform audits.
5. Obtain stakeholder support-to ensure the policies are enforced gain the support of the origination executives.
4. What do the terms; authentication and authorization mean, how do they differ, provide some examples of each term.
• Authentication-involves confirming a person’s identity and following this authorisation involves determining which areas of information they have access to. In terms of authorisation organisations can employ methods such as passwords or ID, smartcards or tokens and fingerprints and voice signature. The authorisation may restrict the time limit or the area in which an employee has access.
5. What are the five main types of Security Risks, suggest one method to prevent the severity of risk?
1. Human Error-this can be overcome through policies to ensure that employees are aware of what is acceptable and enforced with consequences. These policies such as an Information Security Plan, Information, Privacy Policy, Internet Use policy or Email privacy policy which also ensures that employees are educated and understand possible security risks.
2. Technical Failure-if an organization is prepared in the event of technical failure this will reduce the extent of the security risk. Such methods as obtaining a backup of information and introducing fault tolerance ensures that the recovery of the technical failure is quick and ensures as little as possible damage to the organization.
3. Natural Disaster-if a natural disaster occurs an organization can reduce the severity through a hot or cold site in which employees are able to continue work and restore data assuming that the initial site is damaged. A hot site is a separate facility equipped so that the business can resume almost instanteously whereas a cold site does not contain the computer equipment but will provide a site to work.
Data Security: From Paranoia to Necessity
Data Security: From Paranoia to Necessity
4. Deliberate Acts-an organization should incorporate appropriate anti-virus programs, anti-spam software, anti-spyware and phishing filters which detect and respond deliberate acts which will pose a security risk.
A deliberate attack on Computers
A deliberate attack on Computers
5. Management Failure-ensure that management is trained in understanding the security risks and methods to prevent these, an organization must have high standards in protecting their information which must include the management. If employees to understand security risk management they must also be instructed by management who follow the correct procedures. The Chief Security Officer should ensure that management have an understanding and keep in constant contact to update any potential security risks.
Image 1:http://www.seoco.co.uk/blog/wp-content/uploads/2008/03/copyright.jpg
Image 1:http://www.seoco.co.uk/blog/wp-content/uploads/2008/03/copyright.jpg
No comments:
Post a Comment