IS 577: Case Studies in IT Security Mgmt. and Ethics
Introduction
With the various customization of web applications, security is gradually improving, many project managers, implementation partners, and IT developers are still unaware of vulnerabilities that can expose sensitive and institutional data, data loss, or poor data quality. Combining security with the Software Development Life Cycle sometimes requires additional practical training, an overview of existing practices, and might require a transformational change. An organization-wide focus, where every employee/contractor participating in a software development needs to put in a collective effort and moral responsibility to deploy the code and securing web …show more content…
The moral code of ethics and conduct defines the performance indicators, compliance training, accounts-auditing, and business reporting guidelines across five areas of responsibility.
Four main Ethical Concerns in IT Security
Security: With the rise of internet, intruders have found it easy to hack into any system as long as it is connected via internet/network. They can easily use the address to access a system and steal data for various reasons.
Privacy Issues: As IT enabled us to share and search relevant information over the internet had exploited the freedom of privacy in various ways such as by the use of streaming webcams and use of social networks.
Copyright Infringement: IT has made it easy for users to access any information at any point of time. With the rise and development of content sharing networks and photo sharing sites, many original owners of these works are completely losing the trustworthy of their works, because users of IT can easily gain access and share that data with friends which is good news for the downloaders because it is free, but the effort of original creators of these works are compromised. Recently, the federal government has closed few websites like file-sharing (mega upload, file sonic, …show more content…
• Describe the standards, best practices and terms for development and support of systems. This document should outline the roles and responsibilities, approach for planning and management across the SDLC, and include templates for analysis of data privacy and retention.
2: Effective Training to the employee
• Any system would fail, if the project managers, developers, and business users aren’t educated on security concerns, and laws pertaining to it.
3: Scope the Security requirements at initial stage
• How personal/confidential data should be protected?
• Any Compliance requirements - HITECH, HIPAA, etc.?
• How to store and secure log files?
• What is the data retention period?
• IT security assessment in case of breach.
4: Have a IT Security officer
5: Frequent security checkup and mock drills
• Use code reviews including security and