Q1. Explain the ethical issues surrounding information technology.
a. Privacy & Confidentiality- Privacy is the interest of a person in protecting their life from unwanted intrusion and public scrutiny. Confidentiality is the principle that certain information will remain outside public domain.There is a lot of legislation covering this topic such as the Privacy Act. Some things to think about include:
a. The ethical/ legal duty to keep customers information private.
b. How much information should a company keep? They should only keep the information that is vital to their business purposes.
b. How much information should a company keep? They should only keep the information that is vital to their business purposes.
c. How much surveillance is required?
d. How secure is the database? Are there good passwords and systems using authentication & authorisation?
e. What penalties should be in place for breach privacy issues?
b. Data accuracy- companies have an ethical duty to keep information correct and up to date.
a. Are there enough checks must be in place to ensure no malicious activity is happening?
b. Is your organisation verifying data before being entered and are they limiting access to such data entry?
c. Companies need to limit information sharing to people that have authorization
d. Companies need to delete information when it is no longer needed.
c. Property Issues- There are questions of who owns the information/ data on emails, business plan, etc. IE. Does a company own its employers email and could they go and look at it? Or Who can see the data? Are they using intellectual property in an ethical and legal manner?
e.
Q2.Describe a situation involving technology that is ethical but illegal.
Reinberg received an offer for a mobile phone service from AT&T Wireless. The offer revealed that AT&T Wireless had used Equifax, a credit reporting agency, to identify Reinberg as a potential customer. But since Fair Credit Reporting Act in the US forbids repurposing credit information except when the information is used for a firm offer of credit or insurance. Therefore it was ethical but illegal because it was breaching Privacy Laws.
Another example is that you make two copies of a software package you purchased (illegal) and keep one for back up (ethical).
Q3.Describe and explain one of the computer use policies that a company might employ.
Email Privacy policy- organizations should have a policy that sets out how employees may use email and the internet for private and non employment purposes. It states what activities are and aren’t permitted. It can detail the type of information that will be recorded and the member of the organization that will have access to that information and provides for the monitoring and auditing process that will consider the information.
Here is a link to an example of a real time email privacy policy:
http://www.cecnsw.catholic.edu.au/dbpage.php?pg=emailprivacypolicy
Here is a link to an example of a real time email privacy policy:
http://www.cecnsw.catholic.edu.au/dbpage.php?pg=emailprivacypolicy
Q4/5 What are the 5 main technology security risks? And give a way to reduce each risk.
a. Human Error can cause major security risks.Sensitive Company Data can be lost by: Employees that are not exact in their duties, employees that lack of adequate training on procedures, employees that leave a public computer logged on or poorly written applications. A way to prevent this is to have adequate training for employees.
a. Human Error can cause major security risks.Sensitive Company Data can be lost by: Employees that are not exact in their duties, employees that lack of adequate training on procedures, employees that leave a public computer logged on or poorly written applications. A way to prevent this is to have adequate training for employees.
. b. Natural Disasters- Events that lead to destruction of data systems, eg, fire, flood, earthquakes and Tsunami’s. Ways to prevent this include: Backing up information/ data, having a Disaster recovery plan in case this happens; including communications plans, alternative sites and location of back up data.
c. Technical Failures-- Blackouts, brownouts and system failures. To prevent this have internet content filtering, firewall packages, alternative websites.
d. d. Deliberate Acts- Risks from malicious activity where employees destroy or corrupt data, hackers that log onto the system and change or destroy data. This includes: Cyber criminals, terrorism, or random attacks. This can also include social engineering, where a person tricks another person into providing sensitive or restricted information. A way to prevent this is to have strong passwords (letters and numbers), strong penalties for misuse of data, firewalls, and system audits to track down malicious codes. Use of authentication (method for confirming users' identity) and authorisation (the process of giving someone permission to do or have something) is also useful.
e. e. Management Failure- managers not having the correct security systems in place. Managers need to develop a security plan, use anti virus and security software, and keep protection up to date.
Q6. What is a disaster recovery plan. What strategies might a firm employ?
A disaster recovery plan is a detailed process for recovering information or an IT system in the event of a catastrophic disaster such as fire or flood. A firm may have a back up of IT system, information in an off site location, or a separate fully equipped facility where the company can move in the event that the actual workplace is destroyed.
Here is an example of one:
Disaster Recovery Plans ensure that an organisation’s critical business functions can continue to be executed in the event of a major disruption or disaster(Montrose Redbridge 1999). This allows the business to be more resilient, survive the event and able to minimize the impacts of the failure on its business operations(Montrose Redbridge 1999).. If the plan is inadequate, it can lead to in the non-availability of critical resources which can result in major impacts being felt by the organisation(Montrose Redbridge 1999).Examples include: financial losses, loss of control of core business processes, an inability to carry on operations, legal and regulatory consequences, and damage to reputation and credibility(Montrose Redbridge 1999).
Here is an example of one:
Disaster Recovery Plans ensure that an organisation’s critical business functions can continue to be executed in the event of a major disruption or disaster(Montrose Redbridge 1999). This allows the business to be more resilient, survive the event and able to minimize the impacts of the failure on its business operations(Montrose Redbridge 1999).. If the plan is inadequate, it can lead to in the non-availability of critical resources which can result in major impacts being felt by the organisation(Montrose Redbridge 1999).Examples include: financial losses, loss of control of core business processes, an inability to carry on operations, legal and regulatory consequences, and damage to reputation and credibility(Montrose Redbridge 1999).
Reference: Montrose Redbridge, Business Continuity Plans/ Disaster Recovery Plans, Available: http://www.mrose.com.au/ Viewed 10 September 2010.
add in pictures/ videos/ charts
ReplyDelete