The good you find in others, is within you as well. The faults you find in others, are your faults as well. After all, to recognize something on your outer world you must have a reference point on your inner world. The world around you is a reflection, a mirror showing you the person you are. To change your world, simply change yourself. See the best in others, and you will be at your best. Give to others, and you give to yourself. Love others, and you will be loved. Seek to understand, and you will be understood. Listen, and your voice will be heard. Teach, and you will learn.

Zig Ziglar

Tuesday, September 9, 2008

Chapter 3: Ethics, Privacy and Information Security

1. Provide an IT example that relates to the ethical issues for the ideas of privacy, accuracy, property, and accessibility.
An issue that deals with all of the above mentioned areas is the copying of software. With the capabilities of the internet it allows many people to download free programs that have been copied by sources. Replication of software without paying the owner is a violation of many copyright laws. This has severe ramification for software vendors as it can lead to losses in profitability and competitiveness.

2. What are the 5 general types of IT threats? Provide an example for each one
The 5 general types if IT threats include:
*Unintentional acts (such as human error) are those act that have no intent to change the data but lead to the most invalidity of security.
*Natural disasters (such as floods, earthquakes, hurricanes etc) that cause major destruction to data and information systems of the organisations.
*technical failure (such as problems with hard ware or soft ware) that can disrupt the organisation as the Information System can be disrupted for periods which means that the organisation is unproductive until the computers are restored.
*management failures (such as funding or lack of leadership) affect the security of the information.
*deliberate acts (such as theft of information) are deliberate acts that consist of stealing property, extortion, stealing of clientele or a employers identity.

3. Describe/discuss three types of software attack and a problem that may result from them
Three types of software attacks and the problems resulting from them:
1. Spyware: collects personal information from its users without their consent or them even knowing about the theft of identity. This can result in many of the users setting being changed so they can’t access it, the loss of personal and company information that can be used for fraudulent means.
2. Virus: is a program that affects the computers operating capacity by infecting it with programs that destroy information and other information technology assets, belonging to the business. This leads to the destruction of computer files, information, data and other assets that have the potential to spread to other computers by emails or by other communicative means.
3. Phishing: is the fraudulent means of obtaining personal details and other sensitive materials which are collected by false emails sent to the user. The user then in turn sends them back the information that they requested. They masquerade as a legitimate company for example a bank, acquiring the user’s details and accessing there financial details, identity and so forth. The issues that this has for businesses are the fact that personal and confidential business information can be stolen.

4. Describe the four major types of security controls in relation to protecting information systems.
The four major types of security controls include:
1. Physical controls: prevent unauthorized individuals from getting access to a company’s facilities. They are the physical objects in place that prevent break in’s and theft. Some examples of these modes of controls include fences, surveillance cameras, alarm systems etc.
2. Access controls: restrict unauthorised individuals from using information resources through two forms: authentication and authorisation. These enable a code or some other form of technical recognition of the persons details that correspond with a particular biometric characteristic. Some examples of this form include, voice recognition, retina scans etc.
3. Communications controls: controls secure the movement of data across networks that protect the movement of confidential information through the mediums of firewalls, vulnerability management and encryptions.
4. Application controls: are security countermeasures that protect specific applications protecting the three mains areas of input, processing and output controls.

5. What is information system auditing?
Information auditing is the process of analysing and ensuring that the current methods implemented which aims to protect the business from intrusion and security are effective. It gives methods for improvements and contingency plans that can be used if something does penetrate the security of the organisationAuditing is executed through:
Auditing through the computer
Auditing around the computer
Auditing with the computer

6. What is the difference between authentication and authorization and why are they important to e-Commerce/give an example of their relevance to e-Commerce
Authentication and authorisation is an access control that restricts certain people from accessing information resources. Authentication involves a process that determines the identity of the person requiring access. Authorisation involves a process that determines which actions, rights, or privileges the person has, based on verified identity. The difference between the two is that one identifies and the other verifies the information given by a user/person of the organisation.
Authentication and authorisation is important to ecommerce as technology is an integral part of business. As the technology has developed so too does the protection mechanisms to ensure that the information and other assets of the business are protected. They restrict information to only the people that were intended to actually gain access to it. An example of this is passwords for people who are members of the organisation and they can therefore access amounts of information that they are allowed.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)