StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Study of Web Use and E-Mail Based on Ethics, Policy and Law in Information Security - Report Example

Cite this document
Summary
This report "Study of Web Use and E-Mail Based on Ethics, Policy and Law in Information Security" presents the rising issue of malicious digital risks basing on a legal and ethical perspective. We shall explore how the risks relate to the central values and ethical conduct of the IS…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER95.3% of users find it useful

Extract of sample "Study of Web Use and E-Mail Based on Ethics, Policy and Law in Information Security"

Student Name: Topic: Monitoring of employees’ Web use and e-mail based on ethics, policy and law in information security Course: Computers Tutor: Department and the Institution: Date Due: Abstract In this era, the most common issues of privacy are; digital security, identity theft, spyware, phishing, Internet pornography and spam are very common. These issues are expensive in terms of time and money which has drawn our concerns. Having an intention of protecting citizens from harm and organizations from economic loss and civil or criminal lawsuits, State and federal privacy and security legislation is evolving. Organizations, dealing with information systems professionals in organizations, are required to deal with the issues and control the institute so as to minimize the risk. This paper will look at the rising issue of malicious digital risks basing on a legal and ethical perspective. We shall explore how the risks relate to the central values and ethical conduct of the information systems professionals in our organizations. A cost-benefit approach will be used to confer the effect of legislation on organizations and society at large. Finally, ways of addressing the issues will be suggested Introduction The aspect of information ethics in an organization and information is management depends on the ethics possessed by the people in the organization. Information use depends on personal ethics and beliefs of members of the organization, especially the organization’s leadership. Information is an important resource in an organizational that must be safeguarded and managed effectively just as other organizational resources. People have become more technologically savvy; due to the significantly increased range of information available through the Internet, easy accessibility to information, and an increase in computer literacy; information security and individual’s privacy have become areas of significant concern. Security, privacy and ethical dilemmas dominate our daily lives. Personal concerns and fears, due to the rapid increase in theft of personal information, has resulted in to organizations developing / or revising codes of ethical conduct. Our government agencies have simultaneously enacted laws and legislation that are specifically related to provision of privacy and security of information and individuals. Objectives To address information security component in terms of policies, Ethics or Laws To come up with technologies or research solutions. Ethics Individual’s ethical values toward each other are an indicator of our civilization which is determined by information use. A wide spectrum is covered by ethical issues, thus most organizations have developed a broad framework that managers can immediately apply to issues as they occur. One such general framework is derived from articles. Four areas of critical concern for managers have been identified. The issues are; privacy, accuracy, property, and accessibility (PAPA). A code of ethical conduct is a framework that has emerged as a standard in many organizations. Codes of ethical conduct are published by professional organizations whereby most organizations have published organizational codes of conduct. The most popular professional code of conduct for information systems professionals is the one published by the Association for Computing Machinery (ACM). The possible types of ethical issues that are common to information system organizations covered by policies in organizations are policies on ethical computer use, privacy of information, acceptable use, email, Internet, and an anti-spam policy. Involvement of managers in monitoring outward activities of the business is important because customers’ privacy is affected when there are outward breaches. Internal issues like internal surveillance and monitoring activities are equally important because they affect employees in an organization. Internet, instant messaging and email are so prevalent in current organizations, thus, a number of software scrutiny products have been developed and are being implemented. Increase in the need for privacy protection, security insurance and control, the privacy of information monitoring and surveillance have increased. However, using the products and practices has often created ethical dilemmas, thus proper communication must be made to employees for proper implementation (Harold and Micki, 2007: 67). Organizational Issues The accounting scandals noted by ENRON, TYCO, and WorldCom rocked the monetary world and corporate community. The Scandals emphasized on the absence of individual’s ethical conduct and the amount of financial ruin that could result. However, the field of technology has been overtaken by other types of behavior that can affect any technology user. The intention of Computer virus and hacker attacks is to destroy data and software so as to interrupt computer services. More than 7,000 computer viruses were reported in 2002. Phishing attacks target specific groups of people with an intention to secure personal information in relation to finance, from innocent and unsuspecting responders. Criminals are always interested in acquiring social personal identity numbers, bank account information, credit card numbers and other monetary data to help them in stealing identities or money from unsuspecting customers. External hackers have been reported as the major risk to companies, but the origin of a lot of harm and threats to cyber security are insiders, especially disgruntled insiders. The most serious computer security threats come from persons thought to be trusted members of the organization particularly the discontented and terminated employees. Although resignation or termination notice given in two weeks remains fashionable, terminating all network access after termination of employment notice is the most effective method. Programs commonly referred to as “spyware” or “adware” have become very widespread. These programs are able to monitor users’ online behavior that threatens compliance efforts and intellectual property, trouble shoot for computer users and IT administrators. A clean-up of spyware or adware has been reported as an expensive challenge. Some of the troubles that prevail due to spyware are slow computer processing speeds and pop-ups taking over. Research has shown adware and spyware bundling agreements are lucrative, even for companies not in favor of inclusion. Spyware can be avoided by installation of anti-spyware software and switching from a more susceptible Microsoft programs. Personality theft is the stealing of someone else’s identity to commit fraud or theft. The possibilities of prevention of identity theft in the future involves biometric technology like fingerprints or voice scans used to confirm the identity of credit applicants. This is generally looked at as being an expensive cure that is more than the problem that is to be solved. However, the penalties of identity theft are considerable, where the financial impacts exceed billions of dollars each year. The casualty is subject to loss of money or other property, a stained credit history, a probable criminal record, complexity in securing employment, and an incapability to obtain goods and services. Identity theft is a crisis affecting both individuals and organizations, thus precautions must be taken. After Y2K it is apparent that security and privacy issues require attention. There is Prevalence of viruses, leading to an increase in application vulnerabilities in operating system and an alarming increase in computer security breaches. The organization’s first line of defense was the installation of firewall because it could be easily be installed and maintained and it didn’t disrupt regular business applications. However, there was no security given by early firewalls. There was a staggering cost of repairing damage from Internet attacks. Information security was perceived as an expense to an organization. It remains imperative that firewalls, while being effective, must also be easy to manage. Basing on the scenarios above, it is understandable that organizations were forced to drastically vary their processes with regard to privacy and security. In addition to the organizational measures to safeguard privacy and security, there has been an introduction of new laws and legislation to assist in reducing the magnitude of privacy and security breaches (Haag, Paige and Amy, 2006: 89). Legislation and Compliance Requirements Internally, organizations have not been meeting expectations and privacy concerns in the late 1990’s and early 2000’s. Government agencies have realized that they are facing a new and monumental problem. This has brought about new legislation and laws to protect personal privacy and information security. A summary of some enacted legislation is shown below. Established information Related Laws Privacy Act – 1974: Restricts information that can be collected by the government where permission is required to disclose the information linked to the name which facilitates accessibility/correction of information. Cable Communications Act – 1984: Requires permission of the viewer for cable providers to release their viewing preferences Electronic Communications Privacy Act – 1986: which denies employees to have privacy rights on firm computers Computer Scam and Abuse Act -1986: Requires formal access to computers used in financial institutions, US government, or international trade The Bork Bill (Video Privacy Protection Act - 1988): A consumer's video leasing information can only be used for marketing directly towards him/her Communications support for Law Enforcement Act – 1994: government agents are required to intercept all forms of communication, and caller-ID information Freedom to Information Act - 1967,1975, 1994, & 1998: anyone is allowed to examine government records unless it's an invasion of privacy Identity Theft and Assumption Deterrence Act – 1998: ID Theft was made to be a federal crime and a central federal service for victims was established Homeland Security Act – 2002: Limits Freedom of Information Act; where government agencies are allowed to mine data on one's emails and web site visits Sarbanes-Oxley Act 2002: Provides investors with accurate and reliable corporate disclosures Fair and Accurate Credit Transactions Act – 2003: Consumers ' right to a free credit report; full credit card number cannot be on a receipt; requires credit agencies to take proactive measures CAN-Spam Act 2003: Penalizes businesses for sending unsolicited e-mails to consumers Financial Modernization Act of 1999 (Gramm-Leach-Bliley Act): Protect consumers’ individual financial information held by financial institutions In 2005, June 1, a new Federal Trade Commission rule went into effect as part of a congressional crackdown on identity theft. Basically the law requires that any personal information that businesses obtain from credit bureaus and other agencies be destroyed so it cannot be stolen or misused. On December 4, 2003 the Fair Accurate Credit Transactions Act (FACTA) became a law whose intention was to thwart the growth of consumer fraud and identity theft. For example, the FACTA disposal rule requires all employers to dispose off any electronic or paper documents or face federal fines of $2,500 per violation and state fines up to $1,000 per violation. Credit bureaus are obliged to block the reporting of any information based on the transaction of an identity thief once the consumer provides specific information. FACTA also addresses numerous specific aspects of identity theft including compulsory credit card number truncation on receipts, mandates to credit issuers to investigate address changes and new card requests, fraud alert requirements for credit reporting agencies, compulsory blocking of identity theft connected information about credit reports and free annual credit reports (Simmers and Murugan, 2002: 78). Another act that is intended to reduce the amount of unwanted spam is the Federal Trade Commission’s controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM). Although CAN-SPAM has not yet had a significant impact on email problems, a recent report indicated that spam accounted for 67% of email messages during the first eight months of 2005, and this figure represented a 9% decrease in the same period in 2004. The Act has also helped reduce the amount of world spam created in the US from 46% of world spam in 2004 to 26% in 2005. At the same time, however, world spam is up, with China and South Korea leading the way. Federal legislation like the Sarbanes-Oxley Act and Gramm-Leach-Bliley Act emphasize the importance of identity management. Managers must be aware of how information is being used, maintained, and provided and also how it can be effectively protected and updated to meet business needs while, at the same time, complying with audit and privacy regulations. The piece of legislation that warrants special consideration for IT professionals is the Sarbanes- Oxley Act of 2002 (SOX). This legislation has a far-reaching impact on publicly traded companies. Financial health and regulatory visibility and accountability of public companies were its original aim, but the act has also significantly impacted IT departments. Particularly Section 404 of the act requires that auditors certify the underlying controls and processes used to compile financial results. Officers are held personally responsible for financial information reported, and penalties range from fines to a five to 30 year jail term. SOX Section 404 public companies are required to demonstrate the effectiveness of internal annual controls. SOX stresses that upper management has ultimate responsibility to ensure that sufficient controls are in place throughout the organization. Although SOX was originally targeted at accounting, IT is critical in ensuring the accuracy of accounting data. Therefore, it is essential for IT professionals to become “well-versed in internal control theory and performance to meet the act requirements (Brennan and Victoria 2004: 200). Although the focus of SOX is on financial controls, many auditors required IT managers to extend their attention to organizational controls and risks in business processes. Some companies have created new IT positions to deal with compliance challenges. Conclusions and Recommendations It can be concluded that the inter-related issues of personal and organizational ethics, privacy, information security, and protective legislation have formed a rather complex web that must be understood by technology managers. Spyware, adware, and phishing attempts have grown in sophistication and prominence. Identity theft is a threat that must seriously be taken by all members of our society. Organizations have taken preventative actions through enactment of ethics and conduct codes. Government agencies have responded with legislation to protect data integrity and individuals privacy. Educators are aware of the growing complexity of information security and the ethical issues that revolve around the multitude of possible breaches. Some may contend that it is difficult to teach ethics and values, but, educators, have a responsibility of developing a sense of awareness of the issues. In that connection, colleges and universities are offering ethics courses. The problems facing information security may be solved by: • Organizations offering courses in information ethics that examine the types of ethical dilemmas likely to be encountered by their employees. • Enlightening employees on professional codes of conduct for example, the Association for Computing Machinery Code of Ethical Conduct. • Detailed information on the range of issues related to identity theft. • Emphasis on system security controls. • Comprehensive coverage of laws and legislation to develop of a sense of awareness of compliance requirements that affect information security. • Specific discussion and familiarization with Section 404 of the Sarbanes-Oxley Act. Cited Works Brennan, L.L and E.J Victoria. Social, ethical and policy implications of information technology. London: Information Science publishing, 2004. Haag, S., B. Paige and P. Amy. Business Driven Technology. New York: McGraw-Hill, 2006. Harold, F.T and K Micki. Information Security Management Handbook, Sixth Edition. Boca Raton: Auerbach Publications, 2007. Simmers, C.A and A Murugan. Managing Web Usage in the Workplace: A Social, Ethical and Legal Perspective. London: IRM Press, 2002. Read More
Tags
Cite this document
  • APA
  • MLA
  • CHICAGO
(Study of Web Use and E-Mail Based on Ethics, Policy and Law in Informa Report, n.d.)
Study of Web Use and E-Mail Based on Ethics, Policy and Law in Informa Report. https://studentshare.org/information-technology/2046947-monitoring-of-employees-web-use-and-e-mail
(Study of Web Use and E-Mail Based on Ethics, Policy and Law in Informa Report)
Study of Web Use and E-Mail Based on Ethics, Policy and Law in Informa Report. https://studentshare.org/information-technology/2046947-monitoring-of-employees-web-use-and-e-mail.
“Study of Web Use and E-Mail Based on Ethics, Policy and Law in Informa Report”. https://studentshare.org/information-technology/2046947-monitoring-of-employees-web-use-and-e-mail.
  • Cited: 0 times

CHECK THESE SAMPLES OF Study of Web Use and E-Mail Based on Ethics, Policy and Law in Information Security

The Risks And Ramifications Of An Information Security

The writer of a paper "The Risks And Ramifications Of An information security" informs that the organization deals with processing numerous credit card information.... With such critical information as financial records and details entrusted to the organization, high-level information security is therefore imperative and mandatory.... Penetration test ensures that the new applications, security system, and network infrastructure are not vulnerable to security breaches that could enable unauthorized access to an organization's valuable assets and resources....
5 Pages (1250 words) Case Study

The Rookie Chief Information Security Officer

The study "The Rookie Chief information security Officer" provides a quality assurance received by the vendor - ISO certified, employee protection for employee areas, three information security policies that could be developed and practiced within the organization for data security assurance.... The main objective of this paper is to provide a well-designed IT security plan with modern security measures that would help in maintaining a proper database system in the organization (Stoyles, Pentland & Demant, 2003)....
10 Pages (2500 words) Case Study

Ethics in Information Technology

Now the question is are employers justified in monitoring their employees' posts in the social networking sites and make decisions about hiring, disciplining and discharging based on these posts The stakeholders in this case are current employers, current employees, potential employees and potential employers.... On the part of potential employers, this will give the much needed information more than what interviews and resumes can provide.... As to option #3, potential employees will greatly be benefitted as they will have the right not to disclose information about themselves to their employers....
5 Pages (1250 words) Case Study

The Use of Web Bugs at Home Connection

Case Studies in information Technology Ethics.... The aim of the paper “The Use of web Bugs at Home Connection” is to analyze the use of HomeConnection's web bug violated the privacy of those who agreed to display the ads on their personal computers because there were many complaints from many irate customers.... Case Study-Privacy Pressures: The Use of web Bugs at Home Connection The use of HomeConnection's web bug violated theprivacy of those who agreed to display the ads on their personal computers because there were many complaints from many irate customers (Spinello, 2002)....
2 Pages (500 words) Case Study

Ethics Project

Another thing that underpins my recommendation Ethics in information Technology Part A My recommendation to the company CEO of the Computer Network Security Company regarding the client who intends to buy partial services is that she should decline the client's request.... based on the utilitarian principle, it would be better for the company to lose this potential client and safeguard the trust of its many clients (George 45).... Another specific action for Snapchat would have been to initiate containment measures based on the extent of the vulnerability or the accrued damages in order to attend to its corporate duty of taking care of its clients....
2 Pages (500 words) Case Study

Web-Based Systems - NoSQL and MongoDB

hellip; HTML5 web storage is different from other forms of data storage in that it is simple to use and makes it possible to store arbitrary values easily in the browser.... The security control, as well authorization can be easily implemented by moving certain attributes in a table into a different relationship that has its own authorization controls among others.... However, relational databases make it very easy to find information and sort it according to the field and produce reports that have only the required fields....
7 Pages (1750 words) Case Study

Information Security Audit and Assurance

This paper, information security Audit and Assurance, outlines that in the ever-changing society, the need for comprehensive security measures cannot be overstated.... nbsp;… As the paper highlights, information security has grown to become one of the world's greatest assets since it might make the difference between failure and success.... 4 laboratory by both students and staff shall be based on the university office operations policy....
7 Pages (1750 words) Case Study

The Security Issues that are Faced by a Particular Organization

The paper 'The security Issues that are Faced by a Particular Organization' presents networking which is an important aspect for any organization.... The company has no security policy in regards to their network.... It is most likely that the company has experienced hacking because proper security measures have not been put in place.... They know that their personal information can be easily be accessed by malicious people for their own benefit (Oppliger, 2000, 19)....
8 Pages (2000 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us