1. Explain the ethical issues surrounding information technology.
Ethics are the principles and standards that guide our behaviour toward other people.
| Ethical Issues Surrounding Information Technology | |
| Intellectual Property | The collection of rights that protect creative and intellectual effort |
| Copyright | The exclusive right to do, or omit to do, certain acts with intangible property such as a song, video game and some types of proprietary documents |
| Fair Use Doctrine | In certain situations, it is legal to use copyrighted material |
| Pirated Software | The unauthorised use, duplication, distribution, or sale of copyrighted software |
| Counterfeit Software | Software that is manufactured to look like the real thing and sold as such |
| Examples of Questionable Information Technology Use |
| Individuals copy, use and distribute software |
| Employees search organisational databases for sensitive corporate and personal information |
| Organisations collect, buy and use information without checking the validity or accuracy of the information |
| Individuals create and spread viruses that cause trouble for those using and maintaining IT systems |
| Individuals hack into computer systems to steal proprietary information |
| Employees destroy or steal proprietary organisation information such as schematics, sketches, customer lists and reports |
2. Describe a situation involving technology that is ethical but illegal.
3. Describe and explain one of the computer use policies that a company might employ?
If an organisation’s employees use computers, e-Policies should be implemented. E-Policies are policies and procedures that address the ethical use of computers and Internet usage in the business environment. These policies typically embody the following:
- Ethical computer use policy: contains general principles to guide computer use behaviour
- Information privacy policy: contains general principles regarding information privacy
- Acceptable use policy: a policy that a user must agree to follow in order to be provided access to a network or to the internet
- Email privacy policy: companies can mitigate many of the risks of using electronic messaging systems by implementing and adhering to an EPP
- Internet use policy: contains general principles to guide the proper use of the Internet
- Anti-spam policy: simply states that email users will not send unsolicited emails (or spam).
4. What are the 5 main technology security risks?
- Human Error:
o Employees that are not proficient in their duties, for instance an employee who deletes important customer records
o Lack of adequate training on procedures
o Leaving a public computer logged on
o Poorly written applications
- Natural Disasters:
o Events that lead to destruction of data systems, eg, fire, flood, earthquakes and Tsunami’s.
o Blackouts, brownouts and system failures
o Terrorism is a major threat, think about the tragic events of 9/11. Entire companies, both personal and computer systems were destroyed.
- Technical Failures:
- Deliberate Acts:
- Management Failure:
5. Outline one way to reduce each risk.
- Human Error:
o Strong Password – letters and numbers
o Password Policy – change passwords regularly
§ Minimum password length
§ Secure password resets
o System Audits to track down malicious activity
o Strong Penalties for misuse of data
o Firewalls to prevent unauthorised external access
- Natural Disasters:
o The process of regaining access to computer systems and data after a disaster has taken place
o All firms should have a comprehensive disaster recovery plan in plan
o This plan lists things like –
§ Communications plan
§ Alternative Sites – hot or warm site
§ Business Continuity
§ Location of Backup data
o All Firms must have business continuity plans that outline exactly what happens in a disaster.
o Off Site Data kept in date order
o Hot or Warm sites
o Well Documented Procedures
o Regular Recovery Testing
- Technical Failures:
- Deliberate Acts:
- Management Failure:
6. What is a disaster recovery plan, what strategies might a firm employee?
All firms must have business continuity plans that outline exactly what happens in a disaster.
No comments:
Post a Comment