Ethical, Legal, and Professional Issues in Computing - Essay Example

Insert the assignment need to be submitted Ways computer crimes including hacking can harm organization’scritical assets and how it can prevented Safeguarding critical information in an organization, involves securing it and keeping it in right hands with the aid of Information technology tools and by following important data protection protocols or policies. Rapid changes in electronic and computerized systems enables organizations as well as individuals to store, process and analyze the data. On other hand, changes in communication and storing information also raised numbers of issues regarding security and protection of organizational information assets. Achieving a secure platform to storing the information (with security and privacy) has become more difficult due to various tools used and actions carried out by the miscreants including hacking. In an organizational setup, the miscreants could be mainly the employees, and that makes the process of protecting critical data a more complex and detailed one. Thus, the focus will be on how organization’s critical data could be tampered and stolen by the employees and how it can be protected, as well as how those miscreant employees can be punished through laws. Organizations operating in different industrial sectors would gather a lot of vital information in their daily transactions which is mostly collected, processed and stored into various information systems. These data/information collected could encompass different types of critical assents including personal and private information about the employees, customers, and also researched and analyzed information about the organization’s products and services, and importantly details about the organization’s financial status as well as that of customers’ private financial details. When employees with dubious motivations and also disgruntled employees find about the importance of these information, they could found ways to access and also tamper it. “An employee obtains confidential information from the employers computer system while employed, and then uses the information to the employers detriment.” (Eichten 231). Hacking as a process involves hackers or computer users using various types of information technology tools and also other computer programming knowledge to make an unauthorized access to the computers and information systems of individuals as well as organizations. This perspective of hacking was defined by Duquenoy, Jones and Blundell (18) who stated “hacking as a process carried out by hackers or individuals who seek to gain unauthorized access to computer systems, and obtains illegal access to them.” In that direction, hackers could first target the critical assets, which are not kept under safe environment inside the organizations. That is, if the dubious and disgruntled employees are given authorization and access to their Information System’s infrastructure by the organization and its management, without understanding the employees’ dubious motivations, then they could misuse it. That is, as they have the authorization and even the knowledge about those infrastructures, they could easily infiltrate it and take away the data. Also, if those locations are protected by weaker physical structures and weaker encryption and decryption processes and passwords, then the employees can hack and thereby decipher those passwords, to steal those data. Employees could also hack the data when those data are transferred from one infrastructure or location to another through data transfer mechanisms like internet, intranet, etc., and also by using data storage devices. Thus, when the security of these key critical assets is breached by the employee themselves, they would sell those confidential data for financial gains to the organization’s competitors. Also, they could give it to Third-Party malicious individuals or entities, who might negatively use it to the detriment of the organization. All these acts of accessing computers without authorization or in excess of authorization, and the subsequent use of such access to obtain information can cause loss or damage or defrauds another or the government. (Eichten 231). Therefore information system protection is organization’s paramount necessity To prevent the employees from hacking, organizations need to come up with a range of steps to actualize a strong Information security apparatus. As von Solms and von Solms (2) stated information security is a complex issues, in which there is no single “off the shelf” solution for these issues, and so they have to look at range of options, with the top management in association with the IT department playing the major role. The basic crux of that information security plan is to help and make the user or employee understand in a better manner, what are the acceptable and responsible behaviors while accessing the information assets. This way, the organization can ensure that the employees are imbibed with the safe and secure processing of information in their daily routine (Hone and Eloff 23). In that direction, firstly organization can optimize the security and thereby integrity of its critical data. This can be done by storing those critical data in structurally safe physical structures and then strengthen access to those structures through both physical security and encryption security. As far as physical security is concerned, it has to be multi-layered. The building that holds that infrastructure has to have concrete bollards, metal barriers as well as strong and safe mechanical gates, locks, etc. Then when it comes to the electronic access control that facilitates entry into those systems, it is of key importance to incorporate failsafe feature. That is, multi-level password features has to be included, so only the authorized employee who fully knows the protocol can access it. When others do it, it will fail and shut down. In addition, constant monitoring has to be done through CCTV fixed at vantage points in those structures. Apart from these physical protections, the data importantly has to be protected digitally as well. For that purpose, the stored data and even the transferred data has to be encrypted in a strong manner using various tools. “Secure data storage is defined as the protection of data content and changes in data state from its original storage on electronic media by using encryption processes.” (“Information Technology Security Standards”). When this is done, any employee may not be able to “see” the data, even if they have access to it. That is, with strong encryption, they will have difficulty in decrypting it and also accessing it fully. As only the intended person may know how to decrypt it and access it, other dubious and disgruntled employees will have no chance at it. Apart from these protections, steps have to be taken at the human resources level as well. That is, even before the employees particularly IT related employees are recruited, all the applying and prospective employees’ background have to be checked by the organization through their in-house team or with the aid of external agencies. Then, when apt employees, who have passed the background checks, are recruited there has to be more monitoring, to find whether they are involving themselves in any negative activities. In that direction, cameras could monitor their movement, and can show if there are any suspicious movements. Also, if the organization and management has any doubts about its employees, it can track the employees digitally by checking their phone calls, emails, and even their online bank transactions. Although, this step could give rise to privacy concerns, the option to check them has to be incorporated into the worker’s employee agreement. Despite all these safeguards, employees could indulge in hacking and other computer crimes, thus necessitating strong legal actions against them. In that direction, organizations can use number of acts that can make the hacking by the employees an illegal process and punish them. One of the key acts is the Computer Fraud and Abuse Act (CFAA) through which the affected employer can initiate legal proceedings against the employee, “alleging that the employee intentionally accessed a computer without authorization or in excess of authorized access and obtained and used information accessed from the computer” in a detrimental way to the organization. (Eichten 231). Thus, when the above discussed safeguards are strongly implemented inside the organization, and also the laws are strongly followed, then the behavior of the employees can be on the positive side, and they will avoid indulging in any form of computer crime including hacking. Works Cited Duquenoy, Penny., Simon Jones and Barry G. Blundell. Ethical, Legal and Professional Issues in Computing. Cengage Learning EMEA, 2008 Eichten, Molly. “The Computer Fraud and Abuse Act - a Survey of Recent Cases.” “ Business Lawyer, 66. 1 (Nov 2010): p. 231. Hone, Karin and Jane H Eloff. “What makes an Effective Information Security Policy.” Network Security, 6, (2002): 14-16 “Information Technology Security.” Washington State Department of Information Services, n. d. Web. 12 Dec 2012. von Solms, Basie and Rossouw von Solms. “The 10 deadly Sins of Information Security Management.” Computers & Security, 23 (2004): 371-376 Read More