Chapter Three Questions and Answers

Chapter 3

1. Provide an IT example that relates to the ethical issues for the ideas of privacy, accuracy, property, and accessibility.
Ethical issues concerning the IT world are placed into the four following categories.
1. Privacy – involves collecting, storing, and disseminating information about individuals.
2. Accuracy – involves the authenticity, fidelity and accuracy of information that is collected and processed.
3. Property – involves the ownership and value of information
4. Accessibility – revolves around who should have access to information and whether they should have to pay for this access.

2. What are the 5 general types of IT threats? Provide an example for each one.
1. Unintentional acts – e.g. lack of information security responsiveness
2. Natural disasters – e.g. earthquakes, hurricanes – must connect in accurate preparation for backup and retrieval of information systems and software.
3. Technical failures – e.g. hardware and software. The most common hardware problem is the crash of a hard disc drive. The most common software problem is errors or bugs in computer programs.
4. Management failures – include a lack of financial support for security efforts – lack of leadership will cause the information secure of the organisation to suffer
5. Deliberate acts – e.g. information extortion and identity theft.

3. Describe/discuss three types of software attack and a problem that may result from them.
Software attacks have advanced from the outbreak era where malicious software tried to affect as many computers as possible.For example:
1. Trojan horse: software programs that hide in other computer programs and reveal their designed behaviour only when they are activated.
2. Viruses: segment of computer code that performs malicious actions by attaching to another computer program.
3. Worm: segment for computer code that performs malicious actions and will replicate or spread, by itself (without requiring another computer program).

4. Describe the four major types of security controls in relation to protecting information systems.
Physical controls – prevent unauthorised individuals from gaining access to a company’s facilities. Common physical controls include walls, doors etc.
Access Control – restrict unauthorised individuals from using information resources. These controls involve two major functions: authentications and authorisation.
Communication controls – secure the movement of data across networks. Communications controls consist of firewalls, anti-malware systems, and intrusion detection systems.
Application controls – are security counter measures that protect specific applications. The three major categories of these controls are input, processing and output controls.

5. What is information system auditing?
Information system auditing (ISA) guarantees that information systems work correctly. ISA involves installation of controls in the innovative system and information system auditing – this examines the inputs, outputs and processing. These functions can be achieved both internally and externally.

6. What is the difference between authentication and authorization and why are they important to e-Commerce/give an example of their relevance to e-Commerce.
Authentication clarifies the identity of the person requesting access whilst authorisation establishes which actions, rights or privileges the person has, based on verified identity. Both authentication and authorisation are vital to e-commerce as it aids those in knowing who the user is and what the user has done and knows.