Advances in technology are making it easier for people to copy almost anything.
Intellectual property: This refers to the collection of rights that protect creative and intellectual effort. It can be an invention, trade mark, original design or the practical application of a good idea. In business terms, this means your proprietary knowledge.
Copyright: This exclusive right to do, or omit to do, certain acts with intangible property such as song, video game and some types of proprietary documents. E.g. "Man Fined $1.5M for Leaked Mario Game Upload." Retrieved from: http://www.tomsguide.com/us/nintendo-mario-game,news-5779.html
Fair use doctrine: In certain situations, it is legal to use copyright material. E.g. you can photocopy up to 20% in some books for study or teaching purposes.
Pirated software: The unauthorised use, duplication, distribution, or sale of copyrighted software. Copyright infringement of this kind is extremely common. Most countries have copyright laws which apply to software, but the degree of enforcement varies.
Counterfeit software: Software that is manufactured to look like the real thing and sold as if it were. This area is of major concern as the rate in which this occurs has doubled in the last two years.
2. Describe the relationship between an ‘email privacy policy’ and an ‘Internet use policy’.
Organisations can take better control of inappropriate/harmful email sending through implementing and adhering to an email privacy policy.
Email privacy policy: Details the extent to which email messages may be read by others. Under the Privacy Act 1988, organisations must collect, use and store information obtained by tracking an employee's emails in a certain way.
This coincides with the Internet use policy as this policy contains general principles to guide the proper use of the Internet (just like conditions with using email) within an organisation. The policy must:
* Describe available Internet services.
* Define the purpose and restriction of Internet access.
* Complement the ethical computer use policy.
* Describe the user responsibilities.
* State the ramification for violations.
3. Summarise the five steps to creating an information security plan
1) Develop the information security policies: Identify who (preferably the CSO) is responsible for creating and implementing all aspects of the security policy. Include things like never exchanging passwords, logging on and off when taking breaks etc.
2) Communicate the information security policies: Train all employees and use checklists to ensure they understand all aspects of the information that has been given to them. Outline the clear expectations e.g. signing off when not at computer.
3) Identify critical information assets and risks: Require use of IDs, passwords, and anti-virus software on all systems. If any systems have links to external networks ensure that necessary protection is in place e.g. firewalls or intrusion detection software.
4) Test and re-evaluate risks: Regularly perform security reviews, audits, background checks and security assessments.
5) Obtain stakeholder support: Gain approval and support on the information in the policy from the board and the stakeholders.
4. What do the terms; authentication and authorisation mean, how do they differ, provide some examples of each term.
Authentication is a method for confirming users’ identities. Once the person has been identified, it can then determine the access privileges for that user.
The most secure type of authentication involves a combination of all three things listed below:
Something the user knows e.g. a password that should be changed regularly.
Something the user has ie a swipe identification card (smart card).
Something that is part of the user e.g. fingerprint scan or voice recognition.
(Retreived from: http://resources0.news.com.au/images/2009/11/24/1225803/131412-fingerprint-scan-brett-faulkner.jpg)
Authorisation is the process of giving someone permission to do or have something e.g. file access. The means by which you are allowed (have authorisation) into a system. For e.g. once a person has logged on to a computer the system can detect what authorisation levels they have and what areas they can access. For example a student cannot access the same areas that a teacher can. In addition only the Human Resource Manager can access certain aspects of information about an employee's details as this policy is usually formalised into a private system.
The terms differ as authentication refers specifically to who has the privilege to access certain areas, where as authorisation gives someone permission to do or have something.
5. What are the Five main types of Security Risks, suggest one method to prevent the severity of risk?
Human Error- Conduct extensive training and update it regularly. Ask the employees questions about what they have learnt to enforce understanding. Convey that malicious acts will not be tolerated and that any employees that engage in such behaviour will be terminated immediately.
Technical Failure- Ensure that your organisation has robust systems in place and that it keeps its information up-to-date and backed up.
Natural Disaster- Have disaster recovery in place. E.g. communication plans, alternative sites to move to, business continuity, and location of back-up data.
Deliberate Acts- Purchase a corporate security package that has Firewall:
* Anti-Virus (keep it up-to-date)
* Anti Spam
* Anti Spyware
* Phishing Filter
* Remote Management
Management Failure- Ensure sufficient training is provided, systems are updated and looked after and have a back-up system for files.
No comments:
Post a Comment