LO5 UNDERSTAND ETHICAL, OPERATIONAL ISSUES AND THREATS TO A COMPUTER SYSTEM

?
  • Created by: oilbhea
  • Created on: 19-04-18 11:35

LO5

1 of 15

LO5 5.1 ETHICAL ISSUES

Ethical Issues - A problem or situation that requires a person or organization to choose between alternatives that must be evaluated as right (ethical) or wrong (unethical).

  • Whistling Blowing-

 This is when an employee discloses that some form of serious unlawful practise is taking place within their workplace. The activity could include miscarriages of justice, illegal activity, threats to an individual or damage to the environment.

  • disability/Gender/Sexuality discrimination- 

Behaving ethically can be underwritten by law; FOR EXAMPLE; the Equality Act ensures equality of treatment for all people, irrespective of colour, race, disability or gender.

2 of 15

5.1

  • Use of Information-

The Data Protection Act ensures that personal data is used responsibly. When designing, developing and using information systems, ethical considerations should be made with respect to how the information is collected, processed, stored, used and distributed.

  • Codes of practice-

There are many codes of practice within the workplace to provide ethical guidance. An organisation may have a code of practice for confidentiality in relation to its clients. There are codes of practice for how you behave, how the organisation ensures that quality is maintained with respect to the products, equality and being fair and objective with advice and actions provided to employees and clients.

3 of 15

5.1

  • Staying safe online-

There are guides on staying safe online to aviod problems with individuals who do not behave ethically ot perhaps have a different ethical code from those of society as a whole.

4 of 15

5.2

5.2 Operational Issues

  • Security of information-

Failure to protect information from loss, corruption, illegal duplication, or being stolen or hacked can provoke poor publicity, which can result in loss of business or even fines. Loss of production information and sales data can leave a business unable to meet its requirements.

  • Health and safety 

Failure to protect employees and clients or visitors can reflect badly on the organisation if reported in the press. There is an ethical and moral issue, as risking the lives and health of employees through a careless attitude to their safety is not acceptable behaviour.

5 of 15

5.2

  • Disaster and recovery plan -

Organisations take note of all the issues that could risk their assets, employees and existence. They will produce a plan to either reduce the risk to the lowest possible level or provide alternative facilities or locations.

  • Organisational policies -

Organisations have policies to establish the rules for acceptable behaviour and guidelines for best practice in certain work-related situations. Schools and college usually require their learners to sign an acceptable use policy before they will issue them with a network ID. A code of conduct policy sets out the standards of behaviour expected from employees while working on the premises or the premises of their clients.

6 of 15

5.2

  • Change drivers-

These are things which must change, such as new legislations, new entrants into the market, an increase in the number of platforms that can share, distribute, license or sell music or new business practices.

  • Scale of change-

This reflects the needs of the businees, such replacing a slow network with a faster optical fibre system, introducing an extranet or allowing customers to log into some systems externally. It also provides remote access for employees so that they can access work from home.

7 of 15

5.3

5.3 THREATS TO COMPUTER SYSTEMS

  • THREATS-

Phishing; misleading individuala or organisations into parting with their confidential and personal data to commit fraud.

Hacking; not all hacking is external, as employees also hack their own company systems. This includes looking at files or locatons to which they do not have the right of access; creating, modifying or deleting files without permission.

Trojan (horse); introducing a piece of code which, when certain conditions are met, will carry out an action which will be detrimental to the system EG wiping data.

interception; when the data packets on the internet are intercepted by a third party and copied, edited or transferred to a new location

8 of 15

5.3

Esvesdropping; can refer to interception, but is particularly listening to communication traffic not intended for the reader or listener such as email, instant messaging, faxing or video conferencing.

Data Theft; illegally removing copies of personal or company data from information systems.

Social engineering; the manipulation of individuals to trick them into giving sensitive information, FOR EXAMPLE, claiming to be from the IT department and asking for a password and username to check whether the PC has a virus.

To protect against these and other attacks a range of security measures is available. Normally, these are broken down into physical security and digital security.

9 of 15

5.4

5.4 PHYSICAL SECURITY

  • Locks- Locks and keypads for preventing access to computer rooms or storage facilities or to prevent access to hard drives.
  • Biometric- biometric readers are electronic devices to determine a persons identity. They can do this by detecting fingerprints or eyes and matching them to records in a database.
  • RFID- radio frequency identification uses radio waves or electromagnetic waves to identify and track individuals, animals and items of importance.
  • Tokens- small hardware devices, such as a keyfob or a smart card, which allows a person access to a network.
  • Private screens- private screens are there to prevent the content being seen or read by anyone not sitting in front of the screen.
  • Shredding- shredding or cutting up documents and optical discs into small pieces that is impossible to reconstruct them. This is one of the most effective methods of protecting physical data no longer required from falling into the wrong hands.
10 of 15

5.5

5.5 DIGITAL SECURITY

  • Anti-virus + Anti-spyware- are both programs that protect the computer system from other programs whcih are maliciously downloaded. Anti-virus means that the software identifies and destroys computer virus. Anti-spyware carries out a similar role with spyware.
  • Usernames + Passwords- these provide protection at 2 levels. The username is linked to a group or groups. These groups allow access or give permisson for the user to access particular software such as financial systems or HR. The password can allow the user access to the information system and software software such as iernet access, word processor, spreadsheet and email.
  • Firewalls- Firewalls are used to prevent unauthorised access to or from a network. They can be implemented via hardware, software or both. Firewalls filter the traffic that flows into a PC or network through an internet connection and block anything that deems harmful to the computer system or network.
11 of 15

5.5

  • Inspection- The firewall marks key features of any outgoing requests for information and checks for the same key features of the data coming into the computer system or network, deciding whether it is relevant.
  • Permissions- Rules that determine who can access an object and what they can do with it.
  • Encryption- this is when data is encoded ( converted into a coded format), so that it cannot be understood by people who are not authorised to see it. The only way that someone can read encrypted data is with a secret code or key.
12 of 15

5.6

5.6 SAFE DISPOSAL OF DATA AND COMPUTER EQUIPMENT

  • Legislation- A range of legislations covers the disposal of data and computer equipment. These include the Waste Electronic and Electrical Equipment (WEEE) directive, which makes clear that the computer equipment needs specialist knowledge and tools to ensure safe dismantling.
  • The UKS Waste Acceptance Criteria (WAC) deals with the disposals of monitors, for examples.
  • The Hazardous Waste Regulation 2005 also applies as mercury, hexavalent chromium and other toxic chemicals found in a computer system.
  • The Freedom of Information Act (2000) and the Data Protection Act (1998) contain clear legal requirements for the safe destruction of data.
13 of 15

5.6

Overwriting Data

  • This is a way of removing data from hard discs.
  • Overwriting is when data is sent to the disc and this overwrites the '1's and '0's already on the disc.
  • Once is normally insufficient to remove all evidence of existence of the data.
  • The process must be repeated several times and even then very sophiscated forensic techniques can often retrieve some of the data.

Electromagnetic Wipe

  • This involves the use of a degausser which has a very strong permanent magnetic or an electromagnetic coil
  • This method can also destroy the disc itself if great care is not taken, it does remove the data also.
14 of 15

5.6

Physical destruction-

  • This physically destroying hardware containing data by shredding can be effective.
  • Some business provide secure bins for confidental information, the contents of which are destroyed.
15 of 15

Comments

No comments have yet been made

Similar ICT resources:

See all ICT resources »See all Communication resources »