CX555001 Business Computing: Information Security Threats & Ethics

Verified

Added on 2023/03/31

AI Summary

This report provides a comprehensive overview of ethics in information security, focusing on the various threats to information systems, including human error, malicious human activity, and natural disasters. It discusses effective strategies for organizations to respond to security incidents, such as disaster recovery backup sites and incident response plans. The report also delves into the major ethical issues faced by IT security professionals, presenting a real-world case study of Equifax's data breach to illustrate the challenges and necessary actions. The report emphasizes the importance of maintaining data privacy, addressing security liabilities, and upholding neutrality in access costs, ultimately highlighting the crucial role of IT professionals in safeguarding sensitive information and ensuring ethical practices within organizations.

Running head: ETHICS IN INFORMATION SECURITY
Security and Ethics in Information Security
Name of the student:
Name of the university:
Author note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1ETHICS IN INFORMATION SECURITY
Table of Contents
Introduction:....................................................................................................................................3
Discussion:.......................................................................................................................................3
1. What are the threats to information security?..........................................................................3
Human error and mistakes.......................................................................................................3
Malicious Human activity........................................................................................................4
Natural events and disaster......................................................................................................5
2. How should organizations respond to security incidents?...........................................................5
Disaster recovery backup sites.................................................................................................5
Incident response plans............................................................................................................6
3. What are the major ethical issues can an IT security professional face? Share a real-world
case of ethical dilemma and what you have (would have) done with it......................................6
Conclusion:......................................................................................................................................7
References:......................................................................................................................................9

2ETHICS IN INFORMATION SECURITY
Introduction:
A complete set of process that defines the clear strategies for managing processes,
policies and necessary tools in order to prevent the documents from counter threats to digital as
well as non-digital information is defined as information security. Securing information of an
individual or of a business includes establishing a usual business rubrics and processes that will
service in protecting the important assets during the transit when it is being processed. Threats to
information security can be of many types like software attacks, intellectual property theft,
sabotage and many more (Noe et al., 2017). This part of the report deals with details threats to
information threat based on which different methods to respond to security incidents are
described.
Discussion:
1. What are the threats to information security?
Threats to information retreat are defined as the possible danger that will tend to exploit
the vulnerability leading to security breach and hence causing harm to the intellectual property of
individuals.
Human error and faults
Human Error and gaffes plays an unique role for the leading evidence threats (Dekker,
2017).
3 samples of human error and blunders are as follows:

3ETHICS IN INFORMATION SECURITY
1. Weak Keyword Security: Assuring a password is one of the basic step to ensure security of
information and thus needs to be handled efficiently. Some of the mistakes that are done by
human while creating passwords include- using simple passwords, sharing passwords among
employees giving access to malicious insider to access their data.
2. Careless handling of Data: Handling large amount of data within organization is a part of
employee’s daily routine and thus there also exists a risk that some of these information may get
leaked out due to carelessness (Safa et al., 2015). Some of the common types of mistakes carried
out by employees include sending data via email or accidentally deleting files without realizing
there importance.
3. Inadequate Software Security: Often employees become careless while performing their daily
task and thus forgets to daily update the software leaving them vulnerable to an attack. Use of
legacy software with the pre known vulnerabilities is one of the widespread issue in this case.
Malicious Human activity
Any type of malicious human activity that tends to attack computer systems is termed as
malicious human activity and plays an important role in information security threats (Evans, M.,
Maglaras, He & Janicke, 2016). The different types of malicious human activity include the
following:
1. Malware spreading: Spreading Malware or malicious software is one type of malicious human
activity that can lead to the compromise of the functionality of the computers while stealing data
and bypassing the access controls.
2. Hacking: Hacking is a type of malicious activity that leads to the compromise of the digital
devices while disrupting the entire network.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4ETHICS IN INFORMATION SECURITY
3. DoSS/DDoS attack: DoS activity is a type of attack that can lead to the denial of the legitimate
users to access their resources or making the access very slow.
Natural events and disaster
Natural proceedings and calamities are produced by the process of how the Earth is
formed. Although humans can sometimes influence the natural disasters by directly generating
oils, toxic material etc. The different types of natural events and disasters leading to information
threat are as follows:
1. Earthquakes: Occurrence of earthquake can lead to displacement in the ground causing
disruption of network systems and loss of data.
2. Landslides: Landslides is another type of natural disaster which may cause loss to information
threat while messing up the entire infrastructure of information assets.
3. Floods: Natural disasters like floods may also lead to losing down of power lines resulting in
network outages and leading to information threat.
2. How should organizations respond to security incidents?
Responding to safety incidents is one of an organized approach in order to address the
aftermath of an information security threat (Mamonov & Benbunan-Fich, 2018). The major ways
by which organization can reply to security events are as follows:
Disaster recovery backup sites
In order to prepare for disaster recovery backup sites, three major preparedness tasks
include the following:

5ETHICS IN INFORMATION SECURITY
1. Identifying the most serious threats within the IT infrastructure based on which the disaster
recovery plan will be developed.
2. Scanning and making electronic copies of documents while storing them in the cloud storage.
3. Updating and amending the disaster recovery plan according to need.
Incident response plans
In order to proceed with the disaster recovery tasks, some major factors needed to be
followed which are as follows:
1. Acknowledging the unavoidable: It is crucial for business to recognize the proper incident
response plan while determining the root cause and the required remedy to ensure security to
condition (Angelini, Prigen & Santucci, 2015).
2. Building the right team: While developing a security incident reaction plan. It is important to
include the C-suite, IT, communications, legal and other teams within the response plan so as to
keep the response plan up-to-date (Bhuyan, Bhattacharyya & Kalita, 2015).
3. What are the major ethical issues can an IT security professional face? Share a
real-world case of ethical dilemma and what you have (would have) done with it.
Some of the major moral issues that an IT professional can face are as follows:
Major ethical issues
1. Privacy: Most of the personal data are stored and transferred through the digital world. IT
security professionals often face issues while maintaining the privacy of data of individuals.

6ETHICS IN INFORMATION SECURITY
2. Security Liability: Resolving security issues is one of the major moral issues that is faced by
IT specialists in order to protect the vital information from malicious attack.
3. Access costs: Maintaining the neutrality is one of the issues that is faced by IT professionals in
terms of maintaining the security threats to information security.
Real world case and action
One of the existent examples of ethical quandary is of the Equifax’s Data breaches.
Equifax was known to make maximum of its profit by vending the individual and subtle
information of individuals to monetary institution and lenders (Gressin, 2017). This type of
unethical practice led to the compromise of data of about 145 million people. The flaw with the
system was recognized by the hackers and they took advantage of it while disrupting the entire
system
Sharing personal information with other institution is one of the facts that IT professional
should keep in mind while securing the information of individuals.
As a part to mitigate the issue, the company created an incident response plan while
maintaining transparency. The use of Social Security numbers as personal identifiers was also
reduced in order to manage the situation in future.
Conclusion:
Thus it can be concluded that maintaining information is of the important asset for
companies and thus it is the utmost responsibility of IT professionals to maintain their
confidentiality and to respond to the security incidents in case when needed.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7ETHICS IN INFORMATION SECURITY
References:
Angelini, M., Prigent, N., & Santucci, G. (2015, October). Percival: proactive and reactive attack
and response assessment for cyber incidents using visual analytics. In 2015 IEEE
Symposium on Visualization for Cyber Security (VizSec)(pp. 1-8). IEEE.
Bhuyan, M. H., Bhattacharyya, D. K., & Kalita, J. K. (2015). An empirical evaluation of
information metrics for low-rate and high-rate DDoS attack detection. Pattern
Recognition Letters, 51, 1-7.
Dekker, S. (2017). The field guide to understanding'human error'. CRC press.
Evans, M., Maglaras, L. A., He, Y., & Janicke, H. (2016). Human behaviour as an aspect of
cybersecurity assurance. Security and Communication Networks, 9(17), 4667-4679
Gressin, S. (2017). The equifax data breach: What to do. US Federal Trade Commission, as
viewed Oct, 1.
Mamonov, S., & Benbunan-Fich, R. (2018). The impact of information security threat awareness
on privacy-protective behaviors. Computers in Human Behavior, 83, 32-44.
Noe, R. A., Hollenbeck, J. R., Gerhart, B., & Wright, P. M. (2017). Human resource
management: Gaining a competitive advantage. New York, NY: McGraw-Hill
Education.
Safa, N. S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N. A., & Herawan, T. (2015).
Information security conscious care behaviour formation in organizations. Computers &
Security, 53, 65-78.