1. Explain the ethical issues surrounding information technology.
Ethics are the principles and standards that guide our behaviour towards other people. The ethical issues surround technology include:
> Intellectual property - the collection of rights that protect creative and intellectual effort.
> Copyright - the exclusive right to do, or omit to do, certain acts with intangible property such as a song, video game and some types of proprietary documents.
> Fair use doctrine - in certain situations, it is legal to use copyrighted material.
> Pirated software - the unauthorised use, duplication, distribution, or sale of copyrighted software.
> Counterfeit software - software that is manufactured to look like the real thing and sold as such.
> Privacy - the right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent.
2. Describe the relationship between an 'email privacy policy' and an 'Internet use policy'.
An email privacy policy details the extent to which email messages may be read by others. Organisations can mitigate the risks of email and instant messaging communication tools by implementing and adhering to an email privacy policy. Organisations should have a policy that clearly sets out how employees may use email and the Internet for private and non-employment purposes. Email privacy policy stipulations include; describes the legitimate grounds for reading someone's email and the process required before such action can be taken, explains the backup procedure so users will know that at some point, even if a message is deleted from their computer, it will still be on the backup media, and it defines who legitimate email users are.
An Internet use policy contains general principles to guide the proper use of the Internet within an organisation. The policy describes available Internet services, defines the purpose and restriction of Internet access, complements the ethical computer use policy, describes users responsibilities and states the ramification for violations.
3. Summarise the five steps to creating an information security plan.
Step 1: Develop the information security policies - identify who is responsible and accountable for designing and implementing the organisation's information security policies. E.g policies requiring users to log off their systems before leaving the office.
Step 2: Communicate the information security policies - train all employees on the policies and establish clear expectations for following policies. E.g. Let employees know that they will receive a formal reprimand for leaving a computer unsecured.
Step 3: Identify critical information assets and risks - require the use of user IDs, password and antivirus software on all systems. Ensure any systems that contain links to external networks have the appropriate technical protections such as firewalls or intrusion detection software.
Step 4: Test and re-evaluate risks - continually perform security reviews, audits, background checks and security assessments.
Step 5: Obtain stakeholder support - gain the approval and support of the information security polices from the board of directors and all stakeholders.
4. What do the terms; authentication and authorization mean, how do they differ, provide some examples of each term.
Authentication is a method for confirming users' identities. Once a system determines the authentication of a user, it can then determine the access privileges (or authorisation) for that user. The most secure type of authentication involves: something the user knows, something the user has and something that is part of the user.
Authorisation is the process of giving someone permission to do or have something. In multiple-user computer systems, user access or authorisation determines such things as file access, hours of access and amount of allocated storage space.
5. What are the five main types of security risks, suggest one method to prevent the severity of risks?
The five main types of security risks are:
Human error - not malicious and done by humans. Acts include tailgating, carelessness with laptops and portable computing devices, poor password selection and opening questionable e-mails.
Natural disasters - such as floods, earthquakes and terrorist attacks.
Technical failures - software bugs and hardware crashes
Deliberate acts - sabotage and white collar crimes
Management failure - lack of procedure, documentation and training.
Monday, March 22, 2010
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment