Ch 4 Ethics and Security

1. Explain the ethical issues surrounding information technology.

Advances in technology are making it easier for people to copy almost anything.

Intellectual property: This refers to the collection of rights that protect creative and intellectual effort. It can be an invention, trade mark, original design or the practical application of a good idea. In business terms, this means your proprietary knowledge.

Copyright: This exclusive right to do, or omit to do, certain acts with intangible property such as song, video game and some types of proprietary documents. E.g. "Man Fined $1.5M for Leaked Mario Game Upload." Retrieved from: http://www.tomsguide.com/us/nintendo-mario-game,news-5779.html

Fair use doctrine: In certain situations, it is legal to use copyright material. E.g. you can photocopy up to 20% in some books for study or teaching purposes.

Pirated software: The unauthorised use, duplication, distribution, or sale of copyrighted software. Copyright infringement of this kind is extremely common. Most countries have copyright laws which apply to software, but the degree of enforcement varies.

Counterfeit software: Software that is manufactured to look like the real thing and sold as if it were. This area is of major concern as the rate in which this occurs has doubled in the last two years.

2. Describe the relationship between an ‘email privacy policy’ and an ‘Internet use policy’.

Organisations can take better control of inappropriate/harmful email sending through implementing and adhering to an email privacy policy.

Email privacy policy: Details the extent to which email messages may be read by others. Under the Privacy Act 1988, organisations must collect, use and store information obtained by tracking an employee's emails in a certain way.

This coincides with the Internet use policy as this policy contains general principles to guide the proper use of the Internet (just like conditions with using email) within an organisation. The policy must:

* Describe available Internet services.
* Define the purpose and restriction of Internet access.
* Complement the ethical computer use policy.
* Describe the user responsibilities.
* State the ramification for violations.

3. Summarise the five steps to creating an information security plan

1) Develop the information security policies: Identify who (preferably the CSO) is responsible for creating and implementing all aspects of the security policy. Include things like never exchanging passwords, logging on and off when taking breaks etc.

2) Communicate the information security policies: Train all employees and use checklists to ensure they understand all aspects of the information that has been given to them. Outline the clear expectations e.g. signing off when not at computer.

3) Identify critical information assets and risks: Require use of IDs, passwords, and anti-virus software on all systems. If any systems have links to external networks ensure that necessary protection is in place e.g. firewalls or intrusion detection software.

4) Test and re-evaluate risks: Regularly perform security reviews, audits, background checks and security assessments.

5) Obtain stakeholder support: Gain approval and support on the information in the policy from the board and the stakeholders.

4. What do the terms; authentication and authorisation mean, how do they differ, provide some examples of each term.

Authentication is a method for confirming users’ identities. Once the person has been identified, it can then determine the access privileges for that user.

The most secure type of authentication involves a combination of all three things listed below:


Something the user knows e.g. a password that should be changed regularly.
Something the user has ie a swipe identification card (smart card).
Something that is part of the user e.g. fingerprint scan or voice recognition.










(Retreived from: http://resources0.news.com.au/images/2009/11/24/1225803/131412-fingerprint-scan-brett-faulkner.jpg)

Authorisation is the process of giving someone permission to do or have something e.g. file access. The means by which you are allowed (have authorisation) into a system. For e.g. once a person has logged on to a computer the system can detect what authorisation levels they have and what areas they can access. For example a student cannot access the same areas that a teacher can. In addition only the Human Resource Manager can access certain aspects of information about an employee's details as this policy is usually formalised into a private system.

The terms differ as authentication refers specifically to who has the privilege to access certain areas, where as authorisation gives someone permission to do or have something.

5. What are the Five main types of Security Risks, suggest one method to prevent the severity of risk?

Human Error- Conduct extensive training and update it regularly. Ask the employees questions about what they have learnt to enforce understanding. Convey that malicious acts will not be tolerated and that any employees that engage in such behaviour will be terminated immediately.

Technical Failure- Ensure that your organisation has robust systems in place and that it keeps its information up-to-date and backed up.

Natural Disaster- Have disaster recovery in place. E.g. communication plans, alternative sites to move to, business continuity, and location of back-up data.

Deliberate Acts- Purchase a corporate security package that has Firewall:
* Anti-Virus (keep it up-to-date)
* Anti Spam
* Anti Spyware
* Phishing Filter
* Remote Management



















Management Failure- Ensure sufficient training is provided, systems are updated and looked after and have a back-up system for files.

Ch 3 Week Four Questions - eBusiness

1. What is an IP Address? What is it’s main function?

I.P. stands for Internet Protocol. Each computer on the internet has an I.P. address. This can either be private or public, however every address must be unique.

It’s main function is to lay out a set of guidelines and implementations of specific networking protocols to enable computers to communicate over a network. It provides end-to-end connectivity specifying how data should be formatted, addressed, transmitted, routed and received at the destination. (Retrieved from: http://en.wikipedia.org/wiki/TCP/IP_model).

2. What is Web 2.0, how does it differ from 1.0?

Web 2.0 is a set of economic, social and technology trends that collectively form the basis for the next generation of the internet. A more mature, distinctive medium characterised by user participation, openness and network effects. It is referred to as the Live Web. Users have the opportunity to collaborate and build their own content using this service.

It refers to changes in the ways software developers and end-users use the web as a platform. It’s a new way of doing business- online.

Web 1.0 was about reading, Web 2.0 is about writing
Web 1.0 was about companies, Web 2.0 is about communities
Web 1.0 was about client-server, Web 2.0 is about peer to peer
Web 1.0 was about HTML, Web 2.0 is about XML
Web 1.0 was about home pages, Web 2.0 is about blogs

Many things have changed since the web culture has revolutionised. Webmaster and user interaction no longer depends on direct means of communication rather a whole new system of social interaction has evolved that includes really simple syndication and also the use of social networking sites.

























Retreived from: http://www.sizlopedia.com/wp-content/uploads/web1_0-vs-web2_0.png.

3. What is 3.0?

Web 3.o uses the concept of tagging to build information about you. Your devices talk to each other and build intelligence about you.

Web 3.0 is expected to turn the web into a database, evolution towards a 3D form, grow towards artificial intelligence through using different medias and transform towards a semantic web.

Calcanis defines Web 3.0 as the creation of high-quality content and services produced by gifted individuals using Web 2.0 technology as an enabling platform.

(http://calacanis.com/2007/10/03/web-3-0-the-official-definition/)

4. Describe the different methods an organisation can use to access information.

Intranet- A private computer network that uses internet portal technologies to securely share any part of an organisation's information or operational systems within that organisation. It allows an organisation to provide access to information and application software to only its employees. It can host multiple private websites and constitute an important component and focal point of internal communication and collaboration e.g. benefits, entitlements. It is very beneficial for providing organisational information to employees.

Extranet- An internet that is available to strategic allies (customers, suppliers, partners). This is beneficial for businesses as individuals outside the company can access intranet based information and application software such as order processing. It offers a competitive advantage as customers, partners and vendors can all access the same area. Refer to the following link for more information: (http://en.wikipedia.org/wiki/Extranet).

Portal- A technology that provides access to information. A website that offers a broad range of resources and services e.g. email, online discussion groups, search engines, online shopping (eBay). General portals (yahoo, google) and niche portals (fool.com) exist to meet a range of needs.

Kiosk- A publicly accessible computer system that allows interactive information browsing. The computer's operating system is not shown in view and the program runs in a full screen mode, providing details of navigation for users.

5. What is eBusiness, how does it differ from eCommerce?

ebusiness is the conducting of business on the internet, including buying and selling, serving customers and collaborating with business partners. eCommerce is the buying and selling of goods and services over the internet. Therefore, the major difference is that eBusiness also conducts online exchanges of information ie a bank allowing you to check your statements online.

6. List and describe the various eBusiness models?

Business-to-Business (B2B): Businesses who buy from and sell to each other over the internet. E.g. electronic marketplaces- where multiple buyers and sellers take part in eBusiness activities.






















Retrieved from: (http://ausweb.scu.edu.au/aw03/papers/stein_______/procfigure1.gif)

Business-to-Consumer(B2C): Applies to businesses that sell their products and services to consumers over the internet. Corporate Express is an example of a business who provides this service selling office supplies, furniture, print etc.





















Retrieved from : (http://thierrygagnon.com/IMG/jpg/Corporate_Express-2.jpg)

Consumer-to-Business(C2B): Applies to any consumer that sells a product or service to a business over the internet. E.g. a web master offering advertising services on Amazon.com.

Consumer-to-Consumer (C2C): Applies to sites primarily offering goods and services to assist consumers interacting with each other over the internet. E.g. eBay ties people together who have similiar tastes in items and like-minded budget frames. C2C online communities interact via email groups, web-based discussion forums or chat rooms. This model is consumer-driven and opportunities are available to satisfy most consumer needs.

7. List 3 metrics you would use if you were hired to assess the effectiveness and the efficiency of an eBusiness website?

Cookie: As it contains information about customers and their web activities. (It records their comings and goings).

Click-through: As it guarantees exposure to target ads.

Banner Ad: As tracking the number of banner ad clicks provides a way to understand the effectiveness of the ad on its target audience.

8. Outline 2 opportunities and 2 challenges faced by companies doing business online?

Opportunities:

A rise (increase) in customer loyalty as there are more communication streams open with the chance for more queries/questions and, therefore, faster assistance, response and answers.

A decrease in cost as communication over the internet saves time and is much faster than face-to-face meetings and telephone calls.

Challenges:

Consumers must be protected online at all times. It can be hard to manage as it's not face-to-face and misunderstanding can occur. They must be protected against unsolicited goods and communication, illegal or harmful goods (weapons). Insufficient information can sometimes be given about goods or their suppliers and the invasion of privacy and cyberfraud can occur.

Providing security can be a challenge as accidental and malicious misuse can occur as well as information being leaked out internally or externally.

Weekly Questions - Strategic Decsion Making: Chapter Two Questions

1. Define TPS & DSS, and explain how an organisation can use these systems to make decisions and gain competitive advantages.

Common types of decision-making information systems used in organisations today include: TPS (Transaction Processing Systems) and DSS (Decision Support Systems). TPS systems are generally used by analysts while DSS systems are commonly used by managers.

TPS: Is the basic business system that serves the operational level (analysts) in an organisation. The most common example of this system is an operating accounting system such as a payroll system.

DSS: Models information to support managers and business professionals during the decision-making process. (Below is an example of a DSS for flood analysis and flood plain management). Attained from: proceedings.esri.com.












Organisations can use these systems to make decisions and gain competitive advantages as the TPS can provide transactional based data to a DSS. The DSS will then summarise the given information, asssisting managers in decision making. This eases the process as it is faster and omits a higher risk of error in figures. People and organisations can now rely on these systems to keep them up to date with information, assist in making business forecasts, help with problem solving and opportunity capturing.

Refer to the following link for a further analysis of the characteristics of TPS and DSS.
http://www.angelfire.com/rebellion2/jsmith/case_2.html

2. Describe the three quantitative models typically used by decision support systems.

a) Sensitivity analysis: the study of the impact that changes in one (or more) parts of the model that impacts other parts of the model. Users change the value of one variable repeatedly and observe the resulting changes in other variables.

b) What-if analysis: checks the impact of a change in an assumption of the proposed solution. Users repeat this analysis until they understand all effects of various situations.

c) Goal seeking analysis: Finds the inputs necessary to achieve a goal such as a desired level of output. Instead of observing how changes in a variable affect other variables e.g. what-if analysis and goal seeking analysis. They set a target value (goal) for a variable then repeatedly change other variables until the target value is achieved.

3. Describe a business processes and their importance to an organisation.

Business processes refer to the manner in which work is organised, coordinated and focussed to produce a valuable product or service. E.g. processing a lay-by.

HR Business Processes are crucial to an organisation as data about employees ie their skills, experience can be identified through the organisation’s online human resource information system. It makes the business run more efficiently and effectively as all the information can be located from the same area in an easy manner. This system will also contain information on such things as terminations, workplace health and safety guidelines, hiring policies, counseling, health care benefits etc.

4. Compare business process improvement and business process re-engineering.

Business process improvement: focuses on understanding and measuring the current process and making performance improvements accordingly. Below is an example of a process improvement model used by an organisation.















Attained from: http://www.all-freeware.com/images/full/59784-business_process_improvement_software_business_other.gif

This differs to business process re-engineering (BPR) which is the analysis and redesign of workflow within and between enterprises. BPR assumes that the current process is ineffective or broken and, therefore, must start again from scratch.

5. Describe the importance of business process modeling (or mapping) and business process models.

After redesigning the business process, the organisation must determine the most efficient way to begin improving the process. Business mapping is important as it allow business’ to create flowcharts of work processes showing its inputs, tasks, and activities in a structured sequence. This enables organisations to run efficiently, cutting costs externally e.g. financial experts and time.

Business process models are important as they show and describe the plans graphically so that employees can visually determine what is expected of them e.g. timeframes in which to achieve activities. A set of one or more process models details the many functions of a system or subject area with graphics and text.

The model can:

* expose process detail gradually and in a controlled manner;
* encourage conciseness and accuracy in describing the process model;
* focus attention on the process model interfaces;
* provide a powerful process analysis and consistent design vocabulary.