Chapter 3 - Ethics, Privacy & Information Systems
Q.1 An IT example that relates to the ethical issues for the ideas of privacy, accuracy, property, and accessibility.
4 areas of IT ethics relate to information issues/use of information; Privacy, accuracy, property and accessibility. An important example is into Internet security which relates to the 4 areas of IT ethics. Internet ethics relates that individuals and organisations acting in the a honest and integrally way. Information must be kept secure and not privacy must be held very high. These ethics relates heavy to firms that operate in an industries where Internet privacy is critical e.g. banks and Internet banking.
What are the 4 general types of IT threats? Provide an example for each one
4 IT threats may be external and internal, following are:
- Unintentional acts – not malicious, caused by humans, service providers or the direct environment
- Natural disasters – floods, earthquakes, etc
- Management failure/technical failures – problems with hardware & software
- Deliberate acts – sabotage and white collar crime
Describe/discuss three types of software attack and a problem that may result from them
Software attacks cause threats that can lead to severe loss in data and personal information.Three types of attacks that can occur are; SPAM, Malware, Phishing. SPAM are unwanted emails and can be costly with fake ad's. Malware are virus, trojans, worms and spyware - all lead to system failure in some degree. Phishing social engineering procedure to gain personal information like credit card details e.g. fake banks emails asking for your details - steal money and identity.
Link Below show's security risks particularly in Phishing
Describe the four major types of security controls in relation to protecting information systems.
The four major types of security that exist are authentication, authorisation, physical controls and administration procedures.
Authentication - is the process of understanding what individual you are. Examples include passwords for portals/networks (identification).
Authorisation - is the process of an individual obtaining permission to access or enter a network. The information entered determines what the individual can access and what information is able to be attained based on the authorisation.
Physical Controls - are the restrictions and barriers that an individual is placed upon in regards to what he/she can do in an operating system/networks. Examples include swipe cards and finger print analysis.
Administration Procedures - is the establishment of policies and procedures that require transactions to be recorded and sent to separate system for management override. Examples include upper management authorisation.
Name one recent software threat and briefly discuss it's effects and resolutions?
Email Virus are an increasing concerns in modern day society. Email virus are virus sent via email, commonly disguised as offers or bank security messages. The message is commonly hidden in visual basic script and run malicious code. The common resolution include running anti-virus software and continuous updates.
What is the difference between authentication and authorization and why are they important to E-Commerce/give an example of their relevance to e-Commerce
Authentication is the process of granting access to individuals to data based upon there hierarchy in the organisation. Authorisation is simply in determining you are what you say they are. These elements are critical in e-commerce in ensuring customers are who they really say they are. In today's society many products and services are purchased via the Internet and it is critical customers are correctly authenticated and properly authorised based on there identification results to the company's products. This in turn ensures fraud does not occur in electronic transaction.
No comments:
Post a Comment