Describe the major ethical issues related to information technology and identify situations in which they occur. Utilitarian approach. This action provides most goods benefit or least harm.
This action usually happens in corporate action. The affected parties for example customers, employees, share holder and the community. CEO choose to promote ‘go green campaign’ so that this campaign will create an awareness through the staff about the importance of environment. Rights approach. This action that is the one that best protects and respects the moral rights of the affected parties.
Moral rights mean the right to make one’s own choices about what kind of life to lead. Most people acknowledge that every people deserved some moral rights. Every employee has their rights to voice out all the things that they are not satisfy with the management accordingly. Fairness approach. Ethical actions that treat all human being equally or fairly based on some defensible standard.
People believed that their salary should be paid to what type of work that they already done. For example, a clerk should be paid based on clerk’s salary and not with the manager’s salary.Common good approach. Common good approach is interlocking relationship that underlie all societies. It emphasize the common condition that are important to the welfare of everyone.
For example, system of law, health care and public educational system. Describe any four (4) threats to information security and explain any two (2) methods of defense mechanism used to protect information systems. Espionage or trespass. This thing occurs when unauthorized person attempt to gain illegal access to organizational information.
It is important to distinguish between competitive intelligence and industrial espionage. Information extortion. This this occurs when an attacker seal the information from a company.
The perpetrator demands payment for not stealing the information, for returning stolen information or agree to not to disclose the information to the threat. Sabotage or vandalism. Sabotage and vandalism involves defacing an organization website, possibly damaging the organization image and causing their customer to lose faith. For example, hackers.Civil law can prevent this thing happen. Threats of equipment or information.
Nowadays, computing device are becoming smaller and make it easier to steal and easier for attackers to steal information. Usually, people always makes human mistakes which is careless. Dumpster diving also dangerous because they will practice rummaging through commercial or residential thrash to find information that has been throw or destroyed. They are two types of defense mechanism to protects information systems, physical controls and access controls.Physical controls can be used to prevent unauthorized individual from gaining access to a company’s facility. For example, walls, doors, fencing, pressure sensors and alarm system. This thing can be inconvenient to employee. Besides that, employers can limit the usage of computer to the staff.
For example, set the computer automatically lock the user off after a certain period. Access controls restrict unauthorized individuals from using information resources. They are 2 main thing which is authentication and authorization.Authentication is to confirms identity of the person who is requiring access. Authorization is an actions, rights or privileges the person has on her verified identity. Distinguish between authentication and authorization. Authentication is permitting authorized personnel or an organization can use one or more following methods: * Something the user is ( biometrics can examines a person’s innate physical characteristic for example fingerprints, palm scans and retina scans ) * Something the user has ( authentication echanism that includes regular id card and smart card.
* Something user does ( authentication includes voice and signature recognition) * Something the user knows ( password is present huge information security in all organization. Employee should use strong password which is should be difficult to guess, long rather than short and should not be a recognize words. Passphrase is series of character longer than password but still easy for a person to memorize. It can help employee o create a strong password.Authorization is something that a users have been properly authenticated, the rights and privileges they have on the organization system are established.
Privilege is a collection of related computers system operation that user is authorized to perform. Explain the purpose of a disaster recovery plan and describe its categories. Disaster recovery plan is the chain of events linking planning to protection and recovery. The purpose of the disaster recovery planning is to provide guidance to people who keep the business operating after a disaster occur.
Employee use this plan to prepare for, to react and recover from events that affect the security of information assets. The objective is to restore the business to normal operations as quickly as possible following attack. A hot site is a fully configured computer facility with all services, communication links and physical plan operations. A hot site computing duplicates computing resources, peripherals, telephone systems, application and workstation. Hot site reduce risk to the greatest extent but they are most expensive option.A warm site provides many of the same services and options as the hot site. However, it does not include the actual application the companies needs.
A warm site include computing equipment such as servers, but it doesn’t not include user workstation. A cold site provides only rudimentary services and facilities such as building or a room with heating, air conditioning and humidity control. This type of site provides no computer hardware or user workstation.
The point of a cold site is that it takes care of long lead-time issues. Building or even renting , space takes a long time.Installing high speed communication lines, often from two or more carriers, takes a long time.
Installing high capacity power lines takes a long time. Cold site reduce risk the least but they are the least expensive option. Describe the relationship between IT and privacy. Privacy means right to be left alone and to be free of unreasonable personal intrusions.
Information privacy is the right to determine when and to what extent information to be gathered to others. Rapid advance in IT have made it much easier to collect, store and integrate data on individuals.Data on individuals can be used in more controversial manners. These data can be integrated to produce a digital dossier which is electronic profile of our self and our habit. The transfer data into and out of a nation without the knowledge of either the authorities involved raises a number of privacy issue.
Draft out four (4) examples of policy guidelines on data confidentiality * A computer security procedures should be implemented to ensure against unauthorized disclose of data. These procedures should include physical, technical and administrative security measures. Third parties should not be given access to data without the individual knowledge or permission, accept required by law. * Disclosures of data, other than the most routine, should not be noted and maintained for, as long as he data are maintained * Data should not be disclosed for reason incompatible with the business objective for which they are collected Explain three (3) defense mechanisms used to protect information systems.
Physical controls can prevent unauthorized individuals from gaining access o a company’s facilities. Common physical controls include walls, doors, fencing, gates and alarm system.More sophisticated physical controls include pressure sensors, temperature sensors and motion detectors. Access controls restrict unauthorized individuals from using information resources. These controls involve two major function, authentication and authorization. Authentication confirms the identity of the person requiring access.
An example is biometric. After the person is identified, the next step is authorization. Authorization determines which actions, right or the privileges the person has, based on his or her verified identity.Communication network secure the movement of data across network. Communication controls consist of firewall, anti-malware system, whitelisting and blacklisting, encryption, virtual private networking (VPN), secure socket layer (SSL) and vulnerable management system. Information security is vital to counter threats to information resources. Discuss two (2)general categories of threats to information security.
Software attacks. Software attacks have evolved from the early years of the computer era when attackers used malicious software to infect as many computer worldwide as possible.Modern cybercriminls use sophisticated, blended malware attacks, typically via the web to make money. Software attacks can be divided into 3 which is, remote attacks requiring user action ( worm, phishing attack, spear phishing attack), remote attacks needing no user action ( denial of service attack, distributed denial of service attack), and attacks by programmer developing a system ( Trojan horse, back door, logic bomb). Identity theft. Identity theft is the deliberate assumption of another person’s identity usually to gain access to his or her financial information or to frame that person to crime.There are a few techniques that can be used for example stealing mail or dumpster diving, stealing personal information in computer database, infiltrating organization that store large amount of personal information and impersonating a trusted organization in an electronic communication.
Normally, recovering from identity theft is costly, takes time and difficult. Describe the three (3) classifications of information system auditing procedure. Auditing around the computer * Verifying processing by checking for known output using specific inputs. * Best used in system with limited input Auditing through computer Inputs, outputs and processing are checked * Auditors review program logic and test data. Auditing with the computer * Using a combination client data, auditor software and client and auditor hardware * Enables auditor to perform task such as simulating payroll programme logic using data Explain with examples four (4) general categories of threats to information security. Espionage or trespass occurs when an unauthorized individuals attempt to gain illegal access o organizational information. It is important to distinguish between competitive intelligence and industrial espionage.
Competitive intelligence consists of legal information gathering techniques such as studying company’s website and press releases, attending trade shows and so on. In contrast, industrial espionage crosses the legal boundary. Sabotage and vandalism are deliberate acts that involve defacing an organization’s website, possibly damaging the organization’s image and causing is customer to lose faith. One form of online vandalism is a hacktivist or cyberactivist operation.
These are cases of high tech civil disobedience to protest the operations, protest the operations, policies or actions of an organization or government agency.Software attacks. Software attacks have evolved from the early years of the computer era when attackers used malicious software to infect as many computers worldwide as possible, to the profit-driven, web based attacks of today. Modern criminals use sophisticated, blended malware attacks, typically via the web to make money. Compromise to intellectual property.
Protecting intelctual property os a vital issue for people who make their livelihood in knowledge fields. Intellectual property is the property created by individuals or corporations that is protected under trade secret, patent and copyright laws.A trade secret is an intellectual works such as business plan that is a company secret and is not based on public information. A patent is an official document that grant the holder exclusive rights on n invention or a process for a specific period of time. Copyright is a statutory grant that provide the creators or owners of intellectual property with ownership of the property, also for a designated period. Human errors represent by far the most serious threats to information security.
Explain five (5) human mistakes that pose as threats to information systems. Carelessness with laptops Losing or misplacing laptops, leaving them in taxi or so on Carelessness with computing devices * Losing or misplacing these devices or using them carelessly so that malware is introduced into an organization network Carelessness internet surfing * Accessing questionable websites can result in malware and/ or alien software being introduced into the organization’s network. Carelessness with one’s office * Unlocked desks and filing cabinets when employees go home at night, not logging off the company network when gone from the office or any extended period of time