Saturday, March 27, 2010

Week 5: Ethics and Information Security

1. Explain the ethical issues surrounding information technology.

The ethical issues surrounding information technology include:
  • Intellectual property: the collection of rights that protect creative and intellectual effort. An organisation must protect the knowledge it forms and maintain trade secrets.
  • Copyright: the exclusive right to do do certain acts with intangible property, e.g. the use of unlicensed software.
  • Fair use doctrine: the circumstances in which a business is able to use copyrighted material.
  • Pirated software: the unauthorised use of software.
  • Counterfeit software: software that is manufactured to look like the real thing and is sold as such.
2. Describe the relationship between an 'email privacy policy' and an 'internet use policy'.

An email privacy policy guides the use if a business's email system by employees and establishes the privacy they have over their emails.

An internet use policy is a more general document which outlines the acceptable use of the internet by employees (e.g. banned sites).

These policies govern the way in which an employee uses a business's IT systems.

3. Summarise the five steps to creating an information security plan.

The five steps to creating an information security plan are:
  1. Develop IT security policies.
  2. Communicate policies with staff.
  3. Identify crucial assets at risk., e
  4. Test and re-evaluate risks.
  5. Obtain stakeholder support.
4. What do the terms; authentication and authorisation mean, how do they differ, provide some examples of each term.

Authentication refers to the means by which an employee is given access t0 a system; it may be something the user is (e.g. a fingerprint or retina scan, face recognition), something the user has (e.g. a smart card, token) and something the user knows (e.g. password).

Authorisation refers to the information an employee is permitted to access once they have gained authentication to use a system.

5. What are the five main types of security risks? Suggest one method to prevent the severity of risk.

  1. Human error: such as severity can be minimised by proper training of employees.
  2. Technical failure: severity can be minimised by having backup infrastructure ready to go.
  3. Natural disaster: severity can be minimised by a disaster recovery plan, e.g. a hot site.
  4. Deliberate acts (e.g. virus, spam, malware): severity can be minimised by virus protection software.
  5. Management failure: severity can be minimised by having high procedural standards and an effective backup policy.