I have learned many concepts and information from this chapter. I summarized them as follow:
· Ethical Issues:
Ethics. A branch of philosophy that deals with what is considered to be right and wrong.
A Code of Ethics is a collection of principles that are intended to guide decision making by members of an organization.
· Fundamental Tenets of Ethics:
o Responsibility means that you accept the consequences of your decisions and actions.
o Accountability means a determination of who is responsible for actions that were taken.
o Liability is a legal concept meaning that individuals have the right to recover the damages done to them by other individuals, organizations, or systems.
· The Four Categories of Ethical Issues:
o Privacy Issues involve collecting, storing and disseminating information about individuals.
o Accuracy Issues involve the authenticity, fidelity and accuracy of information that is collected and processed.
o Property Issues involve the ownership and value of information.
o Accessibility Issues revolve around who should have access to information and whether they should have to pay for this access.
· Privacy
Privacy is the right to be left alone and to be free of unreasonable personal intrusions.
· Threats to Privacy:
o Data aggregators, digital dossiers, and profiling
o Electronic Surveillance
o Personal Information in Databases
o Information on Internet Bulletin Boards, Newsgroups, and Social Networking Sites
· Protecting Privacy:
o Opt-out model of informed consent permits the company to collect personal information until the customer specifically requests that the data not be collected.
o Opt-in model of informed consent means that organizations are prohibited from collecting any personal information unless the customer specifically authorizes it.
· Threats to Information Security:
Key Information Security Terms:
o A threat to an information resource is any danger to which a system may be exposed.
o The exposure of an information resources is the harm, loss or damage that can result if a threat compromises that resource.
o A system’s vulnerability is the possibility that the system will suffer harm by a threat.
o Risk is the likelihood that a threat will occur.
o Information system controls are the procedures, devices, or software aimed at preventing a compromise to the system.
o Categories of Threats to Information Systems:
1. Unintentional acts
2. Natural disasters
3. Technical failures
4. Management failures
5. Deliberate acts
· Protecting Information Resources:
o Risk Management:
1. Risk: The probability that a threat will impact an information resource.
2. Risk management: To identify, control and minimize the impact of threats.
3. Risk analysis: To assess the value of each asset being protected, estimate the probability it might be compromised, and compare the probable costs of it being compromised with the cost of protecting it.
o Risk mitigation is when the organization takes concrete actions against risk. It has two functions:
1. Implement controls to prevent identified threats from occurring.
2. Developing a means of recovery should the threat become a reality.
· Information Systems Auditing:
o Types of Auditors and Audits:
1. Internal. Performed by corporate internal auditors.
2. External. Reviews internal audit as well as the inputs, processing and outputs of information systems.
o IS Auditing Procedure:
1. Auditing around the computer means verifying processing by checking for known outputs or specific inputs.
2. Auditing through the computer means inputs, outputs and processing are checked.
3. Auditing with the computer means using a combination of client data, auditor software, and client and auditor hardware.
ليست هناك تعليقات:
إرسال تعليق