Homework
1. Reply to Discussion ( Minimum 200 Words)
1. What types of ethical issues and information security issues are common in organizations?
Ethical issues that companies are faced with is ensuring the proper use of the employee, user, and technological data that the company has in their possession. Some organizations have been known in the past to sell the data that the users provide them. This could be an ethical issue by selling the data that is trusted to the organization this falls under the ethical issue of confidentiality. Privacy is the issue of ensuring that the data is secured against attacks and hacker trying to obtain the data. Security issues include the organization developing policies and procedures that ensure the proper use and protection of the data the company has. To develop the policies and procedures a company can have their team look at the OWASP top ten on the OWASP website. (OWASP, 2017) This shows the top rated security issues that the company can employ to ensure the security of their data.
2. How can a company participating in e-business keep its information secure?
A company can ensure that they are ad-hearing the OWASP TOP ten along with making sure that the work stations and servers are up to date with all current patches and anti-virus software. 3. In regards to the organization or company you have chosen to analyze this semester, what types of ethics and information security concerns are there in your organization? What recommendations would you make to the company to better secure their information?
When it comes to recruiting service the data that we need to protect is extremely important we take care of a significant portion of the PII data. Ethical issues that come to though are how the government uses the data which could be used for personal gain or malicious purposes when it comes to the applicant. I think that giving the applicant the power to put their own information into a secure web site and then be allowed to transmit their own information for security clearance would allow the applicant and the air force to take the human element middle man out of the equation and can help mitigate the ethical issues that the organization is faced with. 1. What types of ethical issues and information security issues are common in organizations?
Ethical issues that companies are faced with is ensuring the proper use of the employee, user, and technological data that the company has in their possession. Some organizations have been known in the past to sell the data that the users provide them. This could be an ethical issue by selling the data that is trusted to the organization this falls under the ethical issue of confidentiality. Privacy is the issue of ensuring that the data is secured against attacks and hacker trying to obtain the data. Security issues include the organization developing policies and procedures that ensure the proper use and protection of the data the company has. To develop the policies and procedures a company can have their team look at the OWASP top ten on the OWASP website. (OWASP, 2017) This shows the top rated security issues that the company can employ to ensure the security of their data.
2. How can a company participating in e-business keep its information secure?
A company can ensure that they are ad-hearing the OWASP TOP ten along with making sure that the work stations and servers are up to date with all current patches and anti-virus software. Ensuring that the proper protocols and procedures are in place when it come to the security of the information that the organization is entrusted with is secure should be at the forefront of all priorities of every company. 3. In regards to the organization or company you have chosen to analyze this semester, what types of ethics and information security concerns are there in your organization? What recommendations would you make to the company to better secure their information?
When it comes to recruiting service the data that we need to protect is extremely important we take care of a significant portion of the PII data. Ethical issues that come to though are how the government uses the data which could be used for personal gain or malicious purposes when it comes to the applicant. I think that giving the applicant the power to put their own information into a secure web site and then be allowed to transmit their own information for security clearance would allow the applicant and the air force to take the human element middle man out of the equation and can help mitigate the ethical issues that the organization is faced with.
Source
OWASP 17 October 2018) OWASP top 10, Retrieved from; https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
2. Reply to Discussion ( Minimum 200 Words)
Part 1: Types of ethical and information security issues present in e-business.
Well, ethics to mean means integrity, and integrity means doing the right things even when nobody is looking. Ethics is about know not only what to do, but what not to do. If I was an e-business who had collected a massive customer database I should keep that information trusted and secure. I shouldn't go selling it to whomever might offer the highest price for it, as tempting as it may be. Ethics also means not purposely doing harm. This is where ensuring that information given to you, perhaps transaction and banking information, should be locked away in a secure database. It does not mean leave this data exposed so that any hacker can easily gain access and wreak havoc on our customers. We should also trust that our employees act in an ethical manner. They should only access that which they have been granted access to, and should not share their credentials with others. Sharing log-in credentials in the workplace violates trust, which is unethical, and it also exposes information by opening it up to those who have no right seeing it.
Part 2: how can we keep information secure.
We must use a multi-faceted approach. First, internally, we must only provide access to those who need it. This is done via identification, authentication, and then authorization. Identify the user through a user name, or keycard. Authenticate them with either passwords, biometrics, or a keycard. Then, when we know who is at the computer, allow them to access the data that they need. Second, we must secure the perimeter. Through the use of firewalls, virus, and malware detection we can hopefully keep intruders at bay. Finally, we must be ever vigilant and make sure our software is kept up to date and that our protective measures and policies are enforced.
Part 3: The company
It makes most sense to me to study the company I work for. It allows me to not only learn about what issues we have, but I can also point out things they may not yet have discovered. Thankfully, and happily, I can say that the owners of the company are all about doing things the right way the first time. They do realize that they have humans that work for them and that mistakes will be made. In regards to customer related issues, they then make sure to work quickly to correct any errors that may have occurred. As for information security, most of the information we keep in house is paper and ink. I have moved them more towards the digital age, archiving documents digitally to make access to those items easier. We do have a Sophos firewall, and utilize an outside IT company to maintain our borders and our system. It was recently discovered that in installing our new firewall, a key step was missed. The step was prescanning everyone's computers for viruses and malware before putting it in place. The best built fence will keep out the unwanted, but if there is someone on the inside to open the gate the fence isn't work anything. They will now be coming in to scan and perhaps reimage everyone's computer to remove trojans from the horse before they can do further damage.
·