Saturday, September 10, 2011

Week 5 - Ethics and Security

1.      Explain the ethical issues surrounding information technology.
Ethics is defined by dictionary.com as ‘a system of moral principles.’ (c2011). The ethical issues that surround the information technology sector are concerned with copyright issues and pirated software. It is unethical to copy software and re-sell it as the copyright laws do not allow for this to happen and it is a breach of these laws.
2.    Describe a situation involving technology that is ethical but illegal.
A situation where it may be ethical to use technology in an illegal manner is when there is a provision of confidential data that can be used to save someone’s life, such as the use of confidential medical data on a database to ensure that the person is not given the wrong medication. Another situation where it may be ethical to use information technology illegally, is when someone makes a back-up copy of a program such as Microsoft, to ensure that if anything happens to their original copy they have another copy to use. This can be seen as ethical as they are backing up their data but it is illegal to do so in this manner.
3.    Describe and explain one of the computer use policies that a company might employ
Information privacy is one of the computer use policies that a company may employ. Information privacy is a policy that has general principles in regards to the privacy of information within a workplace. The unintentional use of information can be unethical when used for new purposes. Examples of this are the collection of information relating only to the specified primary purpose and to ensure that a person who is supplying the information to another source knows why the information has been collected and how it will be used in the future



4.    What are the 5 main technology security risks?

(the five security risks as seen on lecture slides)
The five main technology security risks are human error, natural disasters, technical failures, deliberate acts and management failure.
5.    Outline one way to reduce each risk.
Human Error: to reduce the risk of human error, the company must ensure that it has correctly trained and informed its employees to use the technology correctly whilst also making it easily accessible for partners and customers to access electronically.
Natural Disasters: A fire, flood, tsunami or terrorist attack can lead to the loss of data within a business. To reduce this risk, disaster recovery can be used for businesses. Disaster recovery is ‘the process of regaining access to computer systems and data after a disaster has taken place.’ (Baltzan, Phillips, Lynch, Blakey, 2010). To ensure that a natural disaster does not destroy the companies files, a comprehensive disaster recovery plan should be implemented through the use of alternative sites, communications plans and business continuity.
Technical Failures: To ensure that technical failures do not impact upon the business greatly, the company must ensure that they have backed-up their data and have offsite data holders that can be accessed when there is a technical failure.
Deliberate Acts: Deliberate acts can be hard to prevent. Deliberate acts can, however, be prevented through the use of strong security systems. To secure the data from deliberate acts, there must be strong security passwords in place and adequate training provided to staff to ensure less deliberate acts.
Management failures: To reduce the risk of management failures, management can provide training to staff, ensure that all documentation is backed up and checked by others apart from themselves and ensure that a strict procedure is in place when using and recording data.
6.    What is a disaster recovery plan, what strategies might a firm employ?
A disaster recovery plan is ‘the process of regaining access to computer systems and data after a disaster has taken place.’ (Baltzan et al 2010). It is essentially a plan that says what a company will do in a catastrophic event. It involves communication, where information is held (office backup), business continuity and moving files to a ‘cloud’.
A firm might employ a strategy where the move there information off sight and access this data from a different data centre. This is evident with IBM and the movement of their data files to a secure location in West Pennant Hills.
Data recovery template. Source: http://www.intrapower.com.au/Disaster-Recovery.html

No comments:

Post a Comment