Explain the ethical issues surrounding information technology.
Ethical issues in this area include the use of technologies such as creation, collection, duplication distribution and processing of information. the ethical issues come in when people determine how to use this information and how information affects others. This occurs when there is a clash between competing goals, responsibilities and loyalties.
Describe the relationship between an ‘email privacy policy’ and an ‘Internet use policy’.
An email privacy policy is implemented when companies attempt to mitigate many of the risks of using electronic messaging systems such as e-mails. The risks involved include the privacy of one's email. Similar to email, the internet needs to have a policy that restricts certain things from occurring.
An internet use policy contains general principles to guide the proper use of the internet.
Summarise the five steps to creating an information security plan.
1. Develop the information security policy by indentifying who is responsible for organising and designing the plans.
2. Communicate the information security policies by training the employees on the policies and establish clear expectations for following the policies.
3. Identify critical information assets and risk which requires the use of user ID's, passwords and antivirus software on all systems.
4. Test and re-evaluate risks by continually performing security reviews, audits, background checks and security assessments.
5. Obtain stakeholder support by gaining the approval and support of the information security policy plan from the board of directors and all stakeholders.
What do the terms; authentication and authorization mean, how do they differ, provide some examples of each term.
Authentication: a method for confirming users' identities. Example is someone logging onto a computer using a username and password authenticates their identity
Authorisation: the process of giving someone permission to do or have something. Being allowed to access a certain file on a computer means that person is authorised to do so.
Authentication: is the proof of someone's identity while authorisation is to be allowed to do or access something.
What are the five main types of Security Risks, suggest one method to prevent the severity of risk?
Malicious codes: a variety of threats such as viruses, worms and trojan horses.
Hoaxes: these attack computer systems by transmitting a virus hoax, with a real virus attached which is masked.
Spoof: the forging of the return address on an email so that the message appears to come from someone other than the actual sender. this is not a virus but a way by the virus authors to conceal their identities as they send out viruses.
Sniffer: a program that can monitor data travelling over a network. they show all data being transmitted over a network included passwords and confidential information.
Elevation of privilege: a process by which a user misleads a system into granting unauthorised rights, usually for the purpose of compromising or destroying the system.
It is recommended that an anti-virus system is implemented to prevent these from occurring.
skip to main |
skip to sidebar
Pages
- Home
- Week 2 - Information Systems in Business
- Week 3 – Strategic Decision Making
- Week 4 – e-Business
- Week 5 – Ethics and Information Security
- Week 6 – Enterprise Architectures
- Week 7 – Databases and Data Warehouses
- Week 8 – Networks, Telecommunications and Mobile T...
- Week 9 – Operations Management and Supply Chain Ma...
- Week 10 – Customer Relationship Management and Bus...
- Week 12 – Systems Development and Project Manageme...