Security Authentication - Assignment Example

MIS101 – Assignment Template – Trimester 1, 2015 Your Name: Insert your name here Student Number: Insert you student ID number here Deakin Email: Insert you Deakin email address here Assignment – Part A Question 1: Provide a brief explanation of each of the following security terms and provide an example of each.(~250 Words) a.) Something the user is... This type of security authentication requires a user to make use of a body part or something else about his body to gain access to a secured information system. Behavioural and physiological characteristics of an individual are the most common features of an individual that have been exploited for this purpose. Some common examples of this form of authentication include fingerprints on fingerprints readers and retinal scans that scan a user’s retina. All these are specific to one individual. b.) Something the user has... This refers to a system of authentication that is based on something that is in possession of the user. It may be a gadget or simply a card that can be carried around from one place to another. Some common forms of this type of security system include; access cards, cards with magnetic strips as well as cryptographic calculators also known as smart cards. c.) Something the user knows... This refers to authentication based on knowledge of something that only the user of a system knows. It is based on secrets commonly referred to as a password. The passwords are based on a set of numbers or letters or a combination of both usually set and only known to the user. d.) Something the user does... This is another form of security authentication that is based on actions of a user. They include typing a password, voice recognition as well as answering security questions and voice recognition systems. Question 2: Briefly discuss the following; is it ethical for an employer to monitor their staff’s usage of the Internet at work? List three (3) acceptable and three (3) unacceptable activities you would include in an ‘acceptable internet usage’ policy? (~250 Words) Although monitoring internet usage may seem as invading the privacy of employees, it is critical to ensure that the sanctity and ethics of the workplace are maintained at all costs. Employers are well justified to monitor the activity of their employees especially during official working hours to ensure that they do misuse or embezzle a companies’ resources. Setting up internet for use in conducting daily business involves a lot of capital investment which should be used solely for conducting the business an organisation is set out to accomplish and not any other personal agendas employees may have. Further, it is important to monitor internet usage so as to ensure that employees devote their efforts and time to driving the goals and objectives of the company. If left unsupervised, employees may spend too much of the official working hours browsing site that are not only unbeneficial to the employer but distract them from work. An employer may also be exposed to legal suits by allowing employees to browse whichever sites they desire. If an employee accesses illegal sites from an employer’s internet, it makes an organisation liable to huge losses. Some of the acceptable activities that would be included in a company’s internet usage policy include; conducting research on university and college online libraries; communicating with peers and experts as well as exploring career advancement opportunities. Some examples of unacceptable internet uses in a work place include; sending and receiving offensive or abusive materials or language; using the internet for cyber bullying; accessing pornographic materials and sites. Question 3: List and describe the three fundamental tenets of Ethics in a business environment. Explain why ‘unethical is not necessarily illegal’ and give an example that shows this?(~250 Words) The ICAEW lists five principles of business ethics described in subsequent paragraphs; Integrity is the main ethical trait that is generally acceptable by business regardless of the industry they operate. It refers to honesty in business dealings and relationships. The ICAEW sites objectivity as the second core principle of ethical business conduct. This principle requires that in order for an individual or business should not exhibit bias in making decisions and should further not allow the decisions they make to be controlled by third parties or arm twisted by other parties in any manner. Due care and professional competence are also very important fundamental tenets of business ethics. A business or professional should demonstrate due care in executing what is expected of them by customers and clients. Confidentiality is also a very critical aspect of business ethics. In business and profession, individuals may be privy to information about others or about the business they conduct. The fifth principle is abiding to set rules and regulations. A business should always ensure it adheres to set rules, regulations, laws, industry standards and compliance standards set by any institution of authority. Often in business, unethical is not necessarily illegal. An act that may be considered un ethical in business may not necessarily qualify as illegal or may not even warrant any legal redress or attract legal repercussions. A perfect example is where a business maintains integrity by answering correctly all questions asked by a regulatory official but intentionally withholds to mention any fact that the official fails to ask. Question 4: Informed consent is an important consideration for an organisation’s customers and their Privacy Policy. Identify and describe the two models of informed consent typically used in ecommerce and Social Networking sites privacy policies. Which is the preferred option? Justify your answer.(~250 Words) The two models of informed consent commonly used in ecommerce and social media circles include; signed informed consent and waiver of documentation of informed consent. They are used depending on the information policy of the site; the sensitivity of the nature of information to be provided in the site and most importantly where there is a risk of legal suits arising due to breach of the privacy policy. The signed informed consent entails the instance where users of ecommerce sites and social media are required to sign that they have read the information policy of a particular site and that they agree with the policy as is. Often, there is usually a small box provided for an individual to tick or mark that they have indeed read the information policy. The sign off is important as it may serve as record that a particular user actually read the policy. Waiver of documentation of informed consent is where the privacy policy is made available to the user of a particular site but the user is not required to actually sign or tick that they have indeed read the privacy policy. The consent in this particular scenario is more or less implied. The signed information consent is the preferred option in most instances. This type of informed consent provides record of agreement to the stipulations of the privacy policy and thus forms a better defence or basis of a suit in the case of breach of contract. Assignment – Part B A case study analysis using Toulmin’s Model of Argument (~600 WORDS) Use the Toulmin Table provided for your answers. Element Sentence/s Claim Australian business is an ‘easy target’ for cyber attacks Evidence According to David Irvine, the ASIO chief, Cyber espionage is used against Australia on a massive scale and foreign spies are using government networks to penetrate digital defences of allied nations such as US and UK.(Sentence) Australia is at threat of cyber espionage from foreign spies that are bound to attack it on a bid to penetrate the digital defences of other allied countries.(Explanation) Hacking of Parliament House’s email system and stealing of thousands of emails and messages belonging to top government officials including ministers and the prime minister(Sentence) This proves that the cyber security of Australian government and businesses are vulnerable and thus making the country an easy target for cyber attacks.(Explanation) The introduction of Stuxnet the piece of malicious code developed by Israel and the US to enable them take control of Irans Natanz nuclear reactor. The code which according to Roberta Stempfley, the head of US department of Homeland security’s cyber security office, has been exposed to the public and may lead to its reengineering for malicious purposes.(sentence) The code being in the public domain means that virtually the defences of all countries including Australia are at risk of being attacked using the re-engineered stuxnet.(Explanation) Warrant Australia is an access point as it has intelligence holdings of allied nations including the US and Britain.(Sentence) Australia close ties with the US and Britain makes it vulnerable to cyber attacks as the two nations are often high targets of foreign spies.(Explanation) Backing Fast pace of online developments that often overtake security measures and developments thus giving an upper hand to antagonists.(Sentence) The dynamic nature of online developments leaves cyber security agencies playing catch up in terms of trying to anticipate attacks and threats that change over time with new developments.(Explanation) Increased internet connectivity and improved speeds.(Sentence) The increased connectivity and speeds of the internet gives antagonists the resources they need to plan and execute attacks on Australian businesses and government agencies.(Explanation) According to Professor Mathew Warren of Deakin University, some foreign intelligence organisations have already acquired the capacity to disrupt elements of information infrastructure.(Sentence) This is enough backing of the increasing threat to Australias cyber security.(Explanation) Rebuttal Australian Prime Minister Tony Abbott stated that the government already has a plan to greatly strengthen the cyber defence capabilities of Australia’s government agencies.(Sentence) This proves that the Australian government has already taken considerable steps to avert any threat in cyber security thus negating the assertion that Australia is a soft target to cyber crimes.(Explanation) Qualifier According to Graham Ingram, the General Manager of Australian Independent Cyber Emergency Unit, Australia is as much as five years behind the latest cyber security. The fact that Australia is behind in terms of current cyber security opens a Pandora’s box and leaves it vulnerable to cyber attacks.(Explanation) Your Opinion Indeed the Australian government and businesses are at risk of cyber crimes due to the nature of the information and access they may have to allies’ secrets which exposes them as a soft target to foreign spies. Further, the fast paced technology developments make it difficult for Australian cyber security to keep up with the changes thus weakening the security trends and in turn exposing them to cyber threats. As it was put by a professional in the sector, Australian cyber security systems are playing catch with global best practise and have a time lag of approximately five years. The hacking of parliaments email system only indicates how vulnerable government agencies are susceptible to cyber threats. Table Completion Instructions: Assess each sentence individually, not all sentences are a Toulmin Model element. Sentences must be copied into the appropriate element section of the Toulmin table. Only use sentences considered to represent a specific Toulmin’s Model element. Sentences can only be used in one element section of the Toulmin table. Reference List: Read More