Your Name:
Student Number:
Deakin Email:
Assignment – Part A
Question 1: Provide a brief explanation of each of the following security terms and provide an example of each. (~250 Words)
Something the user is, an authentication method also known as biometrics that examines a person’s innate physical characteristics such as a person’s fingerprints, irises, palm, retina or facial scans. Gray & Issa(2015 pg.227) The most common biometric applications include fingerprint scans, palm scans retina scans etc.
Something the user has, a token or smart cards are physical devices that formatted of that to identify users for increased security. A token is similar to an identification card that represents the card holder/user. Kenneth & Jane(2007 pg.337) A smart card allows the permission of users to access private and confidential data.
Something the user knows, the authentication mechanism of passwords/passphrases is specifically designed for data assigned to authorized users. Gray & Issa(2015 pg.228) Despite the level of security passwords provide, companies who use them often contains significant usage flaws eg. The need for a complex change of passwords regularly of which many might opt to select more efficient and simpler passwords which compromises data security. In the modern era, passwords are a necessary form of security to the access of data, it can be easily found in social media sites, schools, work places etc.
Something the user does, the physical need for a person to interact with the authentication mechanism to access data which includes voice recognition/signature recognition. Gray & Issa(2015 pg.228)This form of authentication mechanism provides an increase in security as the authentication mechanism is usually specific to the particulars habit or aura. Signature recognition for example is a behavioural pattern that can’t be replicated simply by viewing it, whereas the changes in timing, pressure and speed of the hand action required to sign the signature is inherent to the person’s process of signing. Ravi(2007 pg.13)
Question 2: Briefly discuss the following, is it ethical for an employer to monitor their staff’s usage of the Internet at work? List three (3) acceptable and three (3) unacceptable activities you would include in an ‘acceptable internet usage’ policy? (~250 Words)
Yes, I think it is ethical for an employer to moniter the internet usage of their staff at work and this is to prevent employees from giving away company secrets to rival companies and wasting time by being on the internet for leisure. Corporations faced a huge problem of their employees surfing the internet and wasting time not accomplishing anything during work hours before corporations were allowed to monitor their employees. Gorman(1998 pg.22) Most companies nowadays will have an internet usage policy and most of them usually have the same rules and guidelines. The job of an acceptable use policy is to explain what the organization considers acceptable Internet and computer use and to protect both employees and the organization from the ramifications of Illegal actions. Gaskin & James(1998 pg.20). Acceptable activities that would be included in an internet usage policy are 1) Using the Internet responsibly and productively as an employee. 2) Using the internet for an educational purpose to improve and complete your given task as an employee. 3) Blocking websites that may harm or affect the company. Unacceptable activities that would be included in an internet usage policy are 1) Viewing pornographic and inappropriate and obscene materials during work hours in the company building. 2) Downloading or copying malicious software onto the company computer. 3) Hacking or accessing into an unauthorized computer database.
Question 3: List and describe the three fundamental tenets of Ethics in a business environment. Explain why ‘unethical is not necessarily illegal’ and give an example that shows this? (~250 Words)
The three fundamental tenets of Ethics in a business environment are Responsibility, you accept the consequences of your actions and decisions, Accountability, determining who is responsible for the actions taken, and Liability, the damage done to them by other individuals, organisations or systems can be recovered as the right of the individuals through a legal concept. Gray & Issa(2015 pg.15) Ethics is the principle of right or wrong based on the individuals perception of things used to make decisions. So a person perception of something being unethical could be legal though it feels illegal to that person based on their views. For example, the incident in Indonesia where two Australian men, Andrew Chan and Myuran Sukumaran, were convicted for drug trafficking in Indonesia in 2005 and are still on delay for the death penalty. (Toppa 2015) Many people would say that the death penalty is unethical because killing humans is against their religion or their views on life but in Indonesia, the death penalty is perfectly legal and has existed as a punishment since the inception of the republic of Indonesia.
Question 4: Informed consent is an important consideration for an organisation’s customers and their Privacy Policy. Identify and describe the two models of informed consent typically used in eCommerce and Social Networking sites privacy policies. Which is the preferred option? Justify your answer. (~250 Words)
The Opt-in model and the Opt-out model are the two models of informed consent typically used in e-commerce and social networking sites privacy policies. The opt-in model is a model of informed consent that prohibits an entity from collecting any personal information unless the individual specifically authorises it. The opt-out model is a model of informed consents that permits an entity to collect personal information unless the individual specifically requests that the data not be collected. Gray & Issa (2015 pg. 192) The opt-in model is the preferred option of the two and this is because by using the opt-in model your personal information is not available to anyone unless you authorise someone to be able to access your private information.
Assignment – Part B
A case study analysis using Toulmin’s Model of Argument (~600 WORDS)
Use the Toulmin Table provided for your answers.
Element
Sentence/s
Claim
Australian business is an ‘easy target’ for cyber attacks
Evidence
According to ASIO chief, David Irvine, foreign spies are using government networks to penetrate the digital defences of allies such as the US and cyber espionage is used against Australia on a “massive scale”.
Governments and business are scrambling to deal with many security concerns after the growth of cyber threat has risen in parallel with internet usage which has grown to more than 2 billion people.
Warrant
‘Australia was as much as five years behind the latest cyber security and it was due to the fast pace of online development which gives the advantage to those who seek to intrude rather than protect online systems’ said Graham Ingram, general manager of AusCERT
Backing
The Parliament house’s email system was hacked and thousands of messages were stolen from at least ten government ministers which includes the prime minister and the minister for foreign affairs and defence.
Rebuttal
A plan to greatly strengthen the cyber defence capabilities of Australia’s government agencies and the government is confident in Australia’s resilience in the event of a cyber-attack by working closely with corporations with business.
Qualifier
Governments and business are scrambling to deal with many security concerns after the growth of cyber threat has risen in parallel with internet usage which has grown to more than 2 billion people.
Your Opinion
Personal opinions are biased towards the positive side to the claim with the backing of the evidence provided and how foreign spies are able to intrude and break the privacies of Australian businesses and retrieve data all illegally without leaving traces for them to be caught by officials. The single flaw that doesn’t support the claim fully is that the Prime Minister is working towards achieving as stronger cyber defence system for the businesses of Australia in order to prevent an increase in cyber-attacks in the future. Despite todays technology with prevention, thieves/hackers are learning to keep up with the defence mechanisms applied and find new ways to steal, it doesn’t help when Australias defence in cyber strength is lacking by 5 years. Therefore, an increase in support for Australias cyber defence mechanism is necessary from the government be it an increasing in financing activities or investing more time into the issues to find any possible solutions.
Reference List:
Gaskin, JE 1998, 'Internet acceptable usage policies', Information Systems Management, 15, 2, p. 20, Health Business Elite, EBSCOhost
Gray, H, Issa, T, Pye, G, Troshani, I, Rainer, RK, Prince, B, & Watson, HJ 2015, Management information systems, Milton, Qld. John Wiley and Sons Australia, Ltd, 2015.
Gorman, J 1998, 'Monitoring Employee Internet Usage', Business Ethics: A European Review, 7, 1, pp. 21-24, Business Source Complete, EBSCOhost, viewed 18 April 2015.
Laudon, K, & Laudon, J 2007, Management Information Systems : Managing The Digital Firm, n.p.: Upper Saddle River, New Jersey : Pearson/Prentice Hall, 2007.
Ravi, R 2007, Siganture Recognition, Keesing Journal of Documents & Identity, no.24, pg.13-14
Siau, K, Nah, F, & Teng, L 2002, 'ACCEPTABLE INTERNET USE POLICY', Communications Of The ACM, 45, 1, pp. 75-79, Business Source Complete, EBSCOhost, viewed 15 April 2015.
Toppa, S 2015, 'Indonesian Judge Postpones the Final Appeal of Australian Drug Smugglers on Death Row', Time.Com, p. N.PAG, Health Business Elite, EBSCOhost, viewed 20 April 2015.
'opt-in' 2007, Bloomsbury Business Library - Business & Management Dictionary, p. 5342, Business Source Complete, EBSCOhost, viewed 23 April 2015.
'Opt Out' 2007, Network Dictionary, p. 356, Applied Science & Technology Source, EBSCOhost, viewed 23 April 2015.
Bellman, S, Johnson, E, & Lohse, G 2001, 'To Opt-In or Opt-Out? It Depends on the Question', Communications Of The ACM, 44, 2, pp. 25-27, Business Source Complete, EBSCOhost, viewed 25 April 2015.