Sunday, March 27, 2011

Week 5- Ethics and Security

1. Explain the ethical issues surrounding information technology.

Intellectual property- Intellectual property represents the property of your mind or intellect. It can be an invention, trademark, original design or the practical application of a good idea. In business terms, this means your proprietary knowledge – a key component of success in business today. It is often the edge that sets successful companies apart and as world markets become increasingly competitive, protecting your intellectual property becomes essential.
Copyright- The right to copy or duplicate materials can be granted only by the owners of the information. Many documents on the Internet contain a statement that asserts the document is copyrighted and gives permission for distributing the document in an electronic form, provided it isn't sold or made part of some commercial venture.

Fair use doctrine- The copyright principle of fair use allows the public to copy works without having to ask permission or pay licensing fees to copyright holders.
Pirated software- An illegal copy of a software package. Many companies use this as it is easy to get a hold of and they usually get the best software available for which stands as a disadvantage to other companies. 
2. Describe a situation involving technology that is ethical but illegal.
A credit card company sells its customers’ mailing address to other competitors. This situation is illegal as this is confidential information but it may be ethical in different people's eyes as there was an intention of making money.
3. Describe and explain one of the computer use policies that a company might employ
Ethical computer use policy- contains general principles to guide computer user behaviour.
A company will use this policy to guide them in the right direction and to make sure thst they are doing the right thing.
4. What are the 5 main technology security risks?
Human Error-

This can malicious by the human or not by the human.
Natural Disasters-

Floods, earthquakes, terrorist attacks.
Technical Failures- 

Software bugs, hardware crashes.
Deliberate Acts- 

Sabotage, white collar crime.
Management Failure- 

Lack of procedure, documentation, training.
5. Outline one way to reduce each risk.
Human Error- make sure your passwords are unique and can be remembered by you only, change passwords regularly.
Natural Disasters- all firms should have a comprehensive disaster recovery plan which includes such things as
  • Communication plan
  • Alternative sites - hot or warm sites
  • Business continuity
  • Location of backup data
Technical Failures- have a backup stored on a USB or any other storage device
Deliberate Acts- encrypt all data to make it secure, prevent peer to peer sharing
Management Failure- make sure efficient training is provided, document and save all important information and records.
6. What is a disaster recovery plan, what strategies might a firm employ?
A disaster recovery plan is designed to ensure the continuation of vital business processes in the event that a disaster occurs. 
The term “disaster” is relative because disasters can occur in varying degrees. So, this Plan has considered this issue and incorporates management procedures as well as technical procedures to insure provable recovery capability.
A firm needs to employ strategies as they have to be prepared for anything to happen. The following strategies are key to implementing a comprehensive Disaster Recovery Program:
- Critical Application 
- Assessment 
- Back-Up Procedures 
- Recovery Procedures 
- Implementation Procedures 
- Test Procedures
- Plan Maintenance
The most successful Disaster Recovery Strategy is one that will never be implemented; therefore, risk avoidance is a critical element in the disaster recovery process.
Another important strategy a firm may implement is to relocate critical Information Systems processing to an alternate computer-processing centre. This will restore and continue business process thus assisting the firm to move on with its operations. 

No comments:

Post a Comment