1. Explain the ethical issues surrounding information technology?
• Intellectual property- The collection of rights that protect creative an intellectual effort.
• Copyright- The executive right to do so, or omit to do so, certain acts with intangible property such as a song, video game and some types of proprietary documents.
• Fair use doctrine- In certain situations, it is legal to use copyrighted material.
• Pirated software- The unauthorized use, duplication, distribution, or sale of copyrighted software.
• Counterfeit software- Software that is manufactured to look like the real thing and solid as such.
2. Describe the relationship between an ‘email- privacy policy’ and an ‘Internet use policy’?
Organisations can mitigate the risks of email and instant messaging communication tools by implementing and adhering to an email privacy policy. Email privacy policy details the extent to which email messages may be read by others. On the other hand, internet use policy contains general principles to guide the proper use of the internet within an organization. The policy
• Describes the available Internet services
• Defines the purpose and restriction of Internet access
• Complements the ethical computer use policy
• Describes user responsibilities
• States the ramification for violations
3. Summarize the five steps to creating an information security plan?
a) Develop the information security policies- Identify who is responsible and accountable for designing and implementing the organization’s information security policies.
b) Communicate the information security policies- Train all employees on the policies and establish clear expectations for following the policies.
c) Identify critical information assets and risks- Require the use of user ID’s, passwords and antivirus software on all systems.
d) Test and re-evaluate risks- Continually perform security review, audits, background checks and security assessments.
e) Obtain stakeholder support- Gain the approval and support of the information security policies from the board of directors and all stakeholders.
4. What do the terms authentication and authorization mean, how do they differ, provide some examples of each term?
Authentication is a method for confirming users’ identities. Once a system determines the authentication of a user, it can then determine the access privileges (or authorization) for that user. Example includes password based authentication and device based authentication whereas, authorisation is the process of giving someone permission to do or have something. Examples include using group permissions or the difference between a normal user and the superuser on a unix system. In a multiple user computer systems, user access or authorization determines such things as file access, hours of access and amount of allocated storage space. Authentication and authorization techniques are broken down into three categories, and the most secure type involves a combination of all three:
• Something the user knows, such as a user ID and password.
• Something the user has, such as a smart card or token.
• Something that is part of the user, such as a fingerprint or voice signature.
For further reference http://www.acm.uiuc.edu/workshops/security/auth.html
5. What are the five main types of Security risks, suggest one method to prevent the severity of risk?
a) Human Error- Not malicious, by humans.
b) Natural Disasters- Floods, earthquakes and terrorist attack.
c) Technical Failures- Software Bugs and hardware crashes.
d) Deliberate Acts- Sabotage and white collar crime.
e) Management Failure- Lack of procedure, documentation and training.
Prevention:
• Strong Password- letters and numbers
• Password Policy- change passwords regularly
FOR ALL REFERENCES TO IMAGES
http://www.westga.edu/assetsDept/policy/securecomp.JPG
http://images.google.com.au/imgres?imgurl=http://download.oracle.com/docs/cd/B10468_13/tour/b10374/img/mgt1_09.gif&imgrefurl=http://download.oracle.com/docs/cd/B10468_13/tour/b10374/security006.htm&usg=__s67PokUpdXeHPp9reqSkdqINFho=&h=375&w=498&sz=33&hl=en&start=2&itbs=1&tbnid=FhU_PkoAYcoD4M:&tbnh=98&tbnw=130&prev=/images%3Fq%3DAUTHENTICATION%2BAND%2BAUTHORIZATION%26hl%3Den%26sa%3DG%26gbv%3D2%26tbs%3Disch:1
http://images.google.com.au/imgres?imgurl=http://www.filetransit.com/images/screen/70d4d972aa696706dd66a099cd4f0b68_Network_Security_Map_Poster.gif&imgrefurl=http://www.filetransit.com/screenshot.php%3Fid%3D26800&usg=__sKbLkK6NvkWQiiwxJspGGt1aDU4=&h=499&w=700&sz=72&hl=en&start=13&itbs=1&tbnid=uzS0dMdhpYRspM:&tbnh=100&tbnw=140&prev=/images%3Fq%3DSECURITY%2BRISKS%26hl%3Den%26gbv%3D2%26tbs%3Disch:1
http://blog.wordtothewise.com/wp-content/uploads/2009/11/PrivacyPolicy_car1.jpg
http://thejournal.com/images/news/20080814-chart3.jpg
No comments:
Post a Comment