Your Name:
Student Number:
Deakin Email:
Assignment – Part A
Question 1: Provide a brief explanation of each of the following security terms and provide an example of each. (~250 Words)
Something the user is, an authentication method also known as biometrics that examines a person’s innate physical characteristics such as a person’s fingerprints, irises, palm, retina or facial scans. Gray & Issa(2015 pg.227) The most common biometric applications include fingerprint scans, palm scans retina scans etc.
Something the user has, a token or smart cards are physical devices that formatted of that to identify users for increased security. A token is similar to an identification card that represents the card holder/user. Kenneth & Jane(2007 pg.337) A smart card allows the permission of users to access private and confidential data.
Something the user knows, the authentication mechanism of passwords/passphrases is specifically designed for data assigned to authorized users. Gray & Issa(2015 pg.228) Despite the level of security passwords provide, companies who use them often contains significant usage flaws eg. The need for a complex change of passwords regularly of which many might opt to select more efficient and simpler passwords which compromises data security. In the modern era, passwords are a necessary form of security to the access of data, it can be easily found in social media sites, schools, work places etc.
Something the user does, the physical need for a person to interact with the authentication mechanism to access data which includes voice recognition/signature recognition. Gray & Issa(2015 pg.228)This form of authentication mechanism provides an increase in security as the authentication mechanism is usually specific to the particulars habit or aura. Signature recognition for example is a behavioural pattern that can’t be replicated simply by viewing it, whereas the changes in timing, pressure and speed of the hand action required to sign the signature is inherent to the person’s process of signing. Ravi(2007 pg.13)
Question 2: Briefly discuss the following, is it ethical for an employer to monitor their staff’s usage of the Internet at work? List three (3) acceptable and three (3) unacceptable activities you would include in an ‘acceptable internet usage’ policy? (~250 Words)
Yes, I think it is ethical for an employer to moniter the internet usage of their staff at work and this is to prevent employees from giving away company secrets to rival companies and wasting time by being on the internet for leisure. Corporations faced a huge problem of their employees surfing the internet and wasting time not accomplishing anything during work hours before corporations were allowed to monitor their employees. Gorman(1998 pg.22) Most companies nowadays will have an internet usage policy and most of them usually have the same rules and guidelines. The job of an acceptable use policy is to explain what the organization considers acceptable Internet and computer use and to protect both employees and the organization from the ramifications of Illegal actions. Gaskin & James(1998 pg.20). Acceptable activities that would be included in an internet usage policy are 1) Using the Internet responsibly and productively as an employee. 2) Using the internet for an educational purpose to improve and complete your given task as an employee. 3) Blocking websites that may harm or affect the company. Unacceptable activities that would be included in an internet usage policy are 1) Viewing pornographic and inappropriate and obscene materials during work hours in the company building. 2) Downloading or copying malicious software onto the company computer. 3) Hacking or accessing into an unauthorized computer database.
Question 3: List and describe the three fundamental tenets of Ethics in a business environment. Explain why ‘unethical is not necessarily illegal’ and give an example that shows this? (~250 Words)
The three fundamental tenets of Ethics in a business environment are Responsibility, you accept the consequences of your actions and decisions, Accountability, determining who is responsible for the actions taken, and Liability, the damage done to them by other individuals, organisations or systems can be recovered as the right of the individuals through a legal concept. Gray & Issa(2015 pg.15) Ethics is the principle of right or wrong based on the individuals perception of things used to make decisions. So a person perception of something being unethical could be legal though it feels illegal to that person based on their views. For example, the incident in Indonesia where two Australian men, Andrew Chan and Myuran Sukumaran, were convicted for drug trafficking in Indonesia in 2005 and are still on delay for the death penalty. (Toppa 2015) Many people would say that the death penalty is unethical because killing humans is against their religion or their views on life but in Indonesia, the death penalty is perfectly legal and has existed as a punishment since the inception of the republic of Indonesia.
Question 4: Informed consent is an important consideration for an organisation’s customers and their Privacy Policy. Identify and describe the two models of informed consent typically used in eCommerce and Social Networking sites privacy policies. Which is the preferred option? Justify your answer. (~250 Words)
The Opt-in model and the Opt-out model are the two models of informed consent typically used in e-commerce and social networking sites privacy policies. The opt-in model is a model of informed consent that prohibits an entity from collecting any personal information unless the individual specifically authorises it. The opt-out model is a model of informed consents that permits an entity to collect personal information unless the individual specifically requests that the data not be collected. Gray & Issa (2015 pg. 192) The opt-in model is the preferred option of the two and this is because by using the opt-in model your personal information is not available to anyone unless you authorise someone to be able to access your private information.
Assignment – Part B
A case study analysis using Toulmin’s Model of Argument (~600 WORDS)
Use the Toulmin Table provided for your answers.
Element
Sentence/s
Claim
Australian business is an ‘easy target’ for cyber attacks
Evidence
According to ASIO chief, David Irvine, foreign spies are using government networks to penetrate the digital defences of allies such as the US and cyber espionage is used against Australia on a “massive scale”.
Governments and business are scrambling to deal with many security concerns after the growth of cyber threat has risen in parallel with internet usage which has grown to more than 2 billion people.
Warrant
‘Australia was as much as five years behind the latest cyber security and it was due to the fast pace of online development which gives the advantage to those who seek to intrude rather than protect online systems’ said Graham Ingram, general manager of AusCERT
Backing
The Parliament house’s email system was hacked and thousands of messages were stolen from at least ten government ministers which includes the prime minister and the minister for foreign affairs and defence.
Rebuttal
A plan to greatly strengthen the cyber defence capabilities of Australia’s government agencies and the government is confident in Australia’s resilience in the event of a cyber-attack by working closely with corporations with business.
Qualifier
Governments and business are scrambling to deal with many security concerns after the growth of cyber threat has risen in parallel with internet usage which has grown to more than 2 billion people.
Your Opinion
Personal opinions are biased towards the positive side to the claim with the backing of the evidence provided and how foreign spies are able to intrude and break the privacies of Australian businesses and retrieve data all illegally without leaving traces for them to be caught by officials. The single flaw that doesn’t support the claim fully is that the Prime Minister is working towards achieving as stronger cyber defence system for the businesses of Australia in order to prevent an increase in cyber-attacks in the future. Despite todays technology with prevention, thieves/hackers are learning to keep up with the defence mechanisms applied and find new ways to steal, it doesn’t help when Australias defence in cyber strength is lacking by 5 years. Therefore, an increase in support for Australias cyber defence mechanism is necessary from the government be it an increasing in financing activities or investing more time into the issues to find any possible solutions.
Reference List:
Gaskin, JE 1998, 'Internet acceptable usage policies', Information Systems Management, 15, 2, p. 20, Health Business Elite, EBSCOhost
Gray, H, Issa, T, Pye, G, Troshani, I, Rainer, RK, Prince, B, & Watson, HJ 2015, Management information systems, Milton, Qld. John Wiley and Sons Australia, Ltd, 2015.
Gorman, J 1998, 'Monitoring Employee Internet Usage', Business Ethics: A European Review, 7, 1, pp. 21-24, Business Source Complete, EBSCOhost, viewed 18 April 2015.
Laudon, K, & Laudon, J 2007, Management Information Systems : Managing The Digital Firm, n.p.: Upper Saddle River, New Jersey : Pearson/Prentice Hall, 2007.
Ravi, R 2007, Siganture Recognition, Keesing Journal of Documents & Identity, no.24, pg.13-14
Siau, K, Nah, F, & Teng, L 2002, 'ACCEPTABLE INTERNET USE POLICY', Communications Of The ACM, 45, 1, pp. 75-79, Business Source Complete, EBSCOhost, viewed 15 April 2015.
Toppa, S 2015, 'Indonesian Judge Postpones the Final Appeal of Australian Drug Smugglers on Death Row', Time.Com, p. N.PAG, Health Business Elite, EBSCOhost, viewed 20 April 2015.
'opt-in' 2007, Bloomsbury Business Library - Business & Management Dictionary, p. 5342, Business Source Complete, EBSCOhost, viewed 23 April 2015.
'Opt Out' 2007, Network Dictionary, p. 356, Applied Science & Technology Source, EBSCOhost, viewed 23 April 2015.
Bellman, S, Johnson, E, & Lohse, G 2001, 'To Opt-In or Opt-Out? It Depends on the Question', Communications Of The ACM, 44, 2, pp. 25-27, Business Source Complete, EBSCOhost, viewed 25 April 2015.
You May Also Find These Documents Helpful
-
Part of managing a Windows Server 2003 network environment requires an administrator to be familiar with both of the different security models that can be implemented along with the roles that a server can hold. The two different security models used in Windows network environments are the workgroup model and the domain model. Please discuss in 500-600 words both options and explain why you would choose one over the other for your implementation.…
- 825 Words
- 4 Pages
Good Essays -
The process of confirming a user's identity, usually by requiring the user to supply some sort of token, such as a password or a certificate, is called authentication : Authentication…
- 1432 Words
- 7 Pages
Powerful Essays -
b) Authorization is what takes place after a person has been both identified and authenticated; it’s the step that determines what a person can then do on the system.…
- 1152 Words
- 4 Pages
Satisfactory Essays -
Three complete security policies. Use the Week 5 writing assignment as your starter policy for this section.…
- 678 Words
- 3 Pages
Satisfactory Essays -
Is a process of identifying a user and about verifying whether someone is who they claim to be. Typically, authentication is achieved by the user sharing credentials that somehow verify the user's identity. It usually involves a…
- 711 Words
- 3 Pages
Good Essays -
Olzak, T. & Bunter, B. (2010, May 07). Security basics - components of security policies. Bright…
- 2472 Words
- 10 Pages
Powerful Essays -
3) Authentication: Verifying the identity of the person or device attempting to access the system.…
- 2832 Words
- 12 Pages
Powerful Essays -
3) In order to enhance the strength of user passwords, what are some of the best practices to implement for user password definitions in order to maximize confidentiality?…
- 518 Words
- 2 Pages
Good Essays -
It is a two different type of identification process. Like an ID card and a pin code.…
- 368 Words
- 2 Pages
Good Essays -
1. When data are read from a text file, you can use the BufferedReader to read one line at a time. After a line of data is read, there is no way of going back to read it again. To overcome this you can first read all the data into a structured object to store them, and then process the data later. Please use the DNA class (we have developed in the past a few weeks, which has properties of ID and seq, and the set/get methods) to develop a Java program to read in a FASTA format DNA sequence file, and parse out each sequence record into the part of ID and sequence. The ID is identified between the ">" and the "|" in the header line, and the sequence is the concatenation of all lines of the sequence part into a single string. Each DNA sequence record can then be stored into an array element of the DNA class. Use a loop in your program to prompt the user to enter a sequence ID, and if the ID exists print out the sequence. If the ID does not exist, print out a warning message. Exit the loop if the user enters “quit”. Please use the sequence file (seq.fasta) as the input file. Below is a sample output of the program: (2 points)…
- 519 Words
- 3 Pages
Good Essays -
Electronic data interchange (EDI) is the structured transmission of data between organizations such as documents or business data from one computer system to another computer system electronically. The transmission is done from one business organization to another similar organization without human intervention. EDI can be used to describe the technology by which business documents (such as orders, invoices, shipping contracts, etc) are transmitted electronically. Under this concept, a file is copied to a diskette and loaded into another computer or transmitted over Internet or Intranet. A more precise definition implies direct computer-to-computer communication of business transactions in a standard format where each computer understands the meaning of each field without human assistance. EDI began in the early 1970s when the transportation industry (i.e. ocean, trucking and rail) formed the Transportation Data Coordinating Committee (TDCC). The TDCC is a non-profit organization in Washington DC and organizes data standards, formats codes, and protocols for the transportation of business documents. The first TDCC standard, composed of 45 transaction sets, was published in 1975. ASC X12 was introduced in 1979 and had the standards on those developed by the TDCC. Computer technology was not very developed that time and the majority of computers were mainframe computers running proprietary operating systems. There were numerous modem standards and most protocols for transmitting files were supplier specific. Even sending tapes was not easily accomplished because some used the 8 bit character encoding (EBCDIC system) to store alphanumeric data and some used ASCII. The basic reasons for the introduction of EDI include low cost, reduction in paper dependency, improved customer service, reduction in mistakes and improved competitiveness. Since the emergence of the Internet, EDI has received a great deal of research attention,…
- 2453 Words
- 10 Pages
Powerful Essays -
However these methods are not based on any essential attributes of a singular to make a individual identification thus having number of disadvantages like indications may be lost, whipped, forgotten, or inappropriate PIN may be forgotten or guessed by impersonators. Security can be easily broken in these systems when a password is revealed to an illegal user or a card is stolen by an impostor.…
- 65 Words
- 1 Page
Satisfactory Essays -
A computerized identification system is used to verify the identity of a person. The data is stored in a database of a server. An identification card is a card giving identifying data about a person, as full name, address, age, and color of hair and eyes, and often containing a photograph: for use as identification at a place of employment, school, club, etc.…
- 4634 Words
- 19 Pages
Best Essays -
a distributed system, various resources are distributed in the form of network services provided and managed by servers. Remote authentication is the most commonly used method to determine the identity of a remote client. In general, there are three authentication factors: Something the client knows: password. Something the client has: smart card. Something the client is: biometric characteristics (e.g., fingerprint, voiceprint, and iris scan). Most early authentication mechanisms are solely based on password. While such protocols are relatively easy to implement, passwords (and human generated passwords in particular) have many vulnerabilities. As an example, human generated and memorable passwords are usually short strings of characters and…
- 6790 Words
- 28 Pages
Good Essays -
Network security starts with authenticating, commonly with a username and a password. Since this requires just one detail authenticating the user name —i.e. the password— this is sometimes termed one-factor authentication. With two-factor authentication, something the user 'has' is also used (e.g. a security token or 'dongle', an ATM card, or a mobile phone); and with three-factor authentication, something the user 'is' is also used (e.g. a fingerprint or retinal scan).…
- 642 Words
- 3 Pages
Good Essays