Ethics in Information Systems - Term Paper Example

? Full Paper Ethics in Information Systems The current trends in a computing networked environment, organizations must enforce measures to protect customer data. However, data privacy and data security is not enough. A mechanism is required to examine possibilities of security breaches in a network. Likewise, if any potential threat is exposed before exploiting, sensitive information including customer and mission critical data can be defended. The result of exposing customer data privacy may severely affect the reputation of an organization. Moreover, the outcomes will illustrate negative effects on potential and valued customers, financial community and prospects (Secure customer information - cisco systems, n.d ). However, in order to prevent customer data, a number of strategies can be defined are demonstrated below: Persistently maintaining data protection controls and procedures aiding in optimum data integrity An incident response plan that can be triggered, whenever a security breach is found within the network or servers maintaining customer data. An intelligent spyware, ad-ware and antivirus installation on workstations, in order to protect threats emerging from a workstation within the network. Moreover, information technology facilitates CRM to maintain data in databases including customer names, contact details, buying history and usability of services. Likewise, the information retrieved from databases connected to CRM provides personalized processes for an organization to target customers. Likewise, the personalized processes provide value for the customers along with increment in customer loyalty for the organization (Payne & Frow, 2006). For instance, notifications of new services and products are transmitted via emails; short message services (SMS), phone calls, or WAP services. Consequently, customers are updated related to new services and products (Buttle, Ang, & Iriana, 2006). Not all the customers specify the same value, as they are evaluated by CRM due to its focuses on strategically significant markets. Likewise, relationships with customers illustrate the value for services and facilitate organizations to decide the worth of each customer. Conversely, constructing relationships with in appropriate customers with less value will result in loss of time for the staff and financial resources. In order to evaluate the value for customers, they need to demonstrate at least one of the three factors listed below (Buttle, Ang, & Iriana, 2006): Customers demonstrating significant life time value Customers demonstrating targeting other customers Customers encouraging modification of suppliers In order to disseminate customer information, cookies can be used, as they are isolated with textual information that is redirected from the web server to a web browser. Likewise, the cookies that are transmitted via hypertext transfer protocol (HTTP) are responsible for authenticating, tracking, and managing precise information related to the user. For instance, they can manage precise information related to site preferences and data associated with shopping carts (Cookie.2007, n.d). 2 Legislation and Other Policy 2.1 Associated and Applicable Legislation To sidestep for any legal issues or security breaches, organization needs to define, document and demonstrate compliance with all applicable statutory, regulatory and contractual requirements for each information system. Owners of the systems must take advice from the information security officers for all issues related to Legal and security information. Local regulations must be addressed that are applicable where data is handled, stored or protected. Likewise, legal officer of the organization will examine applicable laws and regulations of policies at different regions. The legal officer will consult chief information security officer for establishing required exceptions to policies and specific policies to different regions. 2.2 Intellectual Property Rights All employees at the organization will conform to the legal requirements of intellectual property protection along with license agreements related to copyright software. The objectives of this policy is to make employees of the organization aware and to make them comply with copyrights, trademarks etc. Employees of an organization are accountable if they not use organization intellectual property with guidelines and standard procedures. In case of non-compliance, employee will face a disciplinary action, termination of employment and criminal or civil charges. 2.3 Intellectual Property Standards and Training The Chief information security officer or any role acting in this category along with system owners will develop educational and training session. 2.4 Using Software from Outside Sources Employees of the organization must not install or download pirated or non-licensed software on the organization systems. Employees of the organization will not download and install any software from the Internet without approval. If approval is granted, it be justified and must contribute to business objectives. 2.5 Enforcement If any violation of this policy is found, the matter maybe subjected to disciplinary action including termination of employment and students of the campus maybe expelled. 2.6 Revision History Version 1.0 2.7 Definition of Terms used in this policy Local regulations: applicable laws of the region where the company is located. Encryption: raw data is converted in to a coded form. VPN connections: a secure dedicated tunnel for transmitting data in encrypted form. Physical security controls: Physical controls are incorporated for adding security for human factors Registered / Unregistered ports: Also called as sockets, used for registering them for specific applications running on the network. Firewall: A security appliance used for adding baseline security for the network that allows and deny packets on the defined criteria. Federal legislation: applicable laws and regulations of the current region. Packet sniffers: Used for tracing data packets traveling through the network. Password cracking software: Used for exposing or gaining access to a password protected application. CISO: Chief Information Security Officer implements and enforce information security policies and procedures within the organization. Intranet: Application that is accessed and travels within the local network Extranet: Application that is accessed and travels within the local as well as wide area network. 3 Personal Data and Privacy Acts In order to address data privacy concerns, European Union constructed a framework to protect personal information and privacy, as “Directive 95/46/EC is the reference text, at European level, on the protection of personal data. It sets up a regulatory framework which seeks to strike a balance between a high level of protection for the privacy of individuals and the free movement of personal data within the European Union (EU). To do so, the Directive sets strict limits on the collection and use of personal data and demands that each Member State set up an independent national body responsible for the protection of these data” (Protection of personal data ). The directive 95/46/EC is applicable on automated and computerized data. For example, client information databases and data, which include involvement of non-automated filing system. Moreover, the main purpose of this directive is to protect personal data privacy by associating certain guidelines that defines the credibility of process in the context of law (Protection of personal data). Moreover, the European Union also addressed the data privacy in the context of e-commerce by further balancing it with Directives 2002/58/EC on Privacy and Electronic and Communication (DPEC), in the context of computing personal data in the domain of electronic communications sector 9 wrapping computer personal data by communication mediums and services that is publicly available (Wong, 2011). However, ‘Art. 29’ suggested an expression on ‘comprehensive and consistent data protection framework’ in order to eliminate all the remaining concerns and to dominate European Union competence (Wong, 2011). 4 Measures to Preserve Privacy The seals provide assurance for data privacy for the end users dealing with the exchange of information on the web. Likewise, these seals deploy specific regulations, policies and procedures, as they are operational on the web. In this way, assurance is provided to the end users in terms of privacy of personal data that minimizes the risks of identity theft and credit card numbers. Conclusion Data privacy must be prevented as no one has right to obtain and use anyone’s personal information in terms of any business or fraudulent activity. Survey demonstrated that online users sometimes tend to be careless while providing personal information on the Internet. Hackers steal this information to obtain funds and other advantages. Moreover, websites that are not credible sell customer information, in terms of cash. Furthermore, social networking sites must be regulated in terms of data privacy and security as they are favorite for hackers and cyber criminals to track and gain knowledge to victimize anyone. However, European Union has constructed counter measures in terms of Privacy and Electronic and Communication (DPEC) and Directive 95/46/EC. Moreover, privacy seals demonstrated credibility of online businesses that are relatively secure for providing personal information. Certain improvements are required in terms of legal issues and creating awareness of data privacy on the Internet. References Cookie. (2007). Network Dictionary, , 123-123. Ethics & Information Technology, 13(3), 199-226. doi: 10.1007/s10676-010-9242-6 Secure customer information - cisco systems Retrieved 7/27/2011, 2011, from http://www.cisco.com/en/US/netsol/ns885/index.html Buttle, F., Ang, L., & Iriana, R. (2006). Sales force automation: Review, critique, research agenda International Journal of Management Reviews, 8(4), 213 231. doi:10.1111/j.1468-2370.2006.00128.x Payne, A., & Frow, P. (2006). Customer relationship management: From strategy to implementation. Journal of Marketing Management, 22(1), 135-168. Protection of personal data Retrieved 5/6/2011, 2011, from http://europa.eu/legislation_summaries/information_society/l14012_en.htm Wong, R. (2011). Data protection: The future of privacy. Computer Law & Security Review, 27(1), 53-57. doi:10.1016/j.clsr.2010.11.004 Wright, D. (2011). A framework for the ethical impact assessment of information technology. Read More