Describe the major ethical issues related to information technology and identify situations in which they occur.
Utilitarian approach. This action provides most goods benefit or least harm. This action usually happens in corporate action. The affected parties for example customers, employees, share holder and the community. CEO choose to promote ‘go green campaign’ so that this campaign will create an awareness through the staff about the importance of environment.
Rights approach. This action that is the one that best protects and respects the moral rights of the affected parties. Moral rights mean the right to make one’s own choices about what kind of life to lead. Most people acknowledge that every people deserved some moral rights. Every employee has their rights to voice out all the things that they are not satisfy with the management accordingly.
Fairness approach. Ethical actions that treat all human being equally or fairly based on some defensible standard. People believed that their salary should be paid to what type of work that they already done. For example, a clerk should be paid based on clerk’s salary and not with the manager’s salary.
Common good approach. Common good approach is interlocking relationship that underlie all societies. It emphasize the common condition that are important to the welfare of everyone. For example, system of law, health care and public educational system.
Describe any four (4) threats to information security and explain any two (2) methods of defense mechanism used to protect information systems.
Espionage or trespass. This thing occurs when unauthorized person attempt to gain illegal access to organizational information. It is important to distinguish between competitive intelligence and industrial espionage.
Information extortion. This this occurs when an attacker seal the information from a company. The perpetrator demands payment for not stealing the information, for returning stolen information or agree to not to disclose the information to the threat.
Sabotage or vandalism. Sabotage and vandalism involves defacing an organization website, possibly damaging the organization image and causing their customer to lose faith. For example, hackers. Civil law can prevent this thing happen.
Threats of equipment or information. Nowadays, computing device are becoming smaller and make it easier to steal and easier for attackers to steal information. Usually, people always makes human mistakes which is careless. Dumpster diving also dangerous because they will practice rummaging through commercial or residential thrash to find information that has been throw or destroyed.
They are two types of defense mechanism to protects information systems, physical controls and access controls. Physical controls can be used to prevent unauthorized individual from gaining access to a company’s facility. For example, walls, doors, fencing, pressure sensors and alarm system. This thing can be inconvenient to employee. Besides that, employers can limit the usage of computer to the staff. For example, set the computer automatically lock the user off after a certain period. Access controls restrict unauthorized individuals from using information resources. They are 2 main thing which is authentication and authorization. Authentication is to confirms identity of the person who is requiring access. Authorization is an actions, rights or privileges the person has on her verified identity. Distinguish between authentication and authorization.
Authentication is permitting authorized personnel or an organization can use one or more following methods: * Something the user is ( biometrics can examines a person’s innate physical characteristic for example fingerprints, palm scans and retina scans ) * Something the user has ( authentication mechanism that includes regular id card and smart card. * Something user does ( authentication includes...