Chapter Four - Ethics and Security

1. Explain the ethical issues surrounding information technology.

Ethics is a system of moral principle that considers our actions from right and wrong. Ethical issues surrounding informational technology are:
  • Privacy: The right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent.
  • Confidentiality: The assurance that messages and information are available only to those who are authorised to view them.
    2. Describe a situation involving technology that is ethical but illegal.

    Acting ethically and legally are not always the same for instance, a situation where a person purchases software and makes a copy of it, to keep as a back-up.

    3. Describe and explain one of the computer use policies that a company might employee.

    Email Privacy Policy provides guidelines to employees about how they use their emails and what activities are permitted. It also details about who and what is monitored from emails. The policy should:
    1. Be complementary to the ethical computer use policy.
    2. Define who legitimate email users are.
    3. Contain a backup procedure.
    4. Inform that the organisation has no control of emails once outside organisation.
    5. Inform employees to be careful about what is shared, especially organisational documents.

     4. What are the 5 main technology security risks?
    1. Human Error: Not malicious, caused by employees having inadequate training.
    2. Natural Disasters: Caused by earthquakes, floods, Terrorist attacks etc.
    3. Technical Failures: Software bugs, Hardware crashes.
    4. Deliberate Acts: Sabotage, white collar crime and hacking.
    5. Management Failure: Lack of procedure, lack of documentation, lack of training.
    5.  Outline one way to reduce each risk.
    1. Human Error - Training employees properly would decrease the amount of human errors.
    2. Natural Disasters - Ensuring hot and cold sites are available, offsite backups and disaster recovery.
    3. Technical Failures - Ensuring there are backups, robust systems, updating and protecting systems continually.
    4. Deliberate Acts - Setting up anti-hacker, anti-virus software systems.
    5. Management Failure - Organisations should ensure employees have adequate training of technology as technology is continually changing and improving. Continuing training and education will also improve employee's knowledge and experience.

    6. What is a disaster recovery plan, what strategies might a firm employee?

    Disaster Recovery is a process of regaining access to computer systems and data after a disaster has taken place. All firms should have a comprehensive disaster recovery plan that outlines exactly what happens in a disaster. The plan should list things like:
    • Communications plan: regular recovery test and well documented procedures.
    • Alternatives sites: off site data kept in date order (hot and cold sites)
    • Location of backup data: off site kept in order
    • Business connection
    Posted by

    No comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)