ICT L.O.5 Flashcards
What are all the different Ethical issues?
1) Whistleblowing–> When a member of staff reveals that the organisation they work for is engaging in unlawful practices, such as breaking privacy laws, threatening staff, or causing environmental damage.
2) Discrimination–> When an employee is treated unfairly because of a personal or physical characteristic over which they have no control over
–> The Equality Act (2010) ensures equal treatment for all people irrespective of:
-Race
-Sexuality
-Gender
-Disability
-Marital Status (and many more).
3) Use of Information–> Laws such as GDPR (General Data Protection Regulation) and specifically the Data Protection Act (2018) ensure that organisations must responsibly process personal data.
4) Online Safety–> Training employees on the organisation’s code of practice for using the internet whilst at work.
5) Bias–> Technically correct, but slanted information that presents a one-sided view. (employers try avoid bias by screening applicants blind).
What are some issues that affect management at companies? (Operational issues)
1) Security of Information–> Organisations have a responsibility to secure personal data stored about employees and users.
–>Data lost in cyber attacks could lead to:
-Government fines
-Lawsuits
-Reputational Loss.
2) Disaster Planning and Recovery–> Thinking about what to do ahead of time if a disaster such as a fire/flood/cyberattack happens.
Plans include:
–>Having a backup data centre on standby to switch to
–>Recovery (thinking about how to get systems back online):
-Steps involving to check it is safe before data recovery begins.
-What data needs to be prioritised.
3) Organisational Policies–> Setting out expectations for employees. (employees must sign to agree).
–>If the employees do not adhere to the policy, there can be disciplinary action.
E.G. Acceptable Use Policies:
-Set rules for how an organisation’s computer systems should be used.
-Can be used to ensure understanding oh how to stay safe online.
4) Change Management–> Businesses formally considering adaptations.
–>Senior managers will meet to discuss and may conduct market research.
–>Drivers of change include:
-New Legislation (laws)
-New competitors
-Changing Customer Attitudes
-Improvement in technology (e.g. remote access allowing employees to work from home.)
5) Health and Safety–> Employers are responsible for the safety of their employees according to the Health and Safety at Work Act (1974)
-Examples include:
-Allowing enough rest breaks
-Ensuring screens and chairs are suitable for long, continued use
-Electrical equipment should also be frequently tested.
What are some examples of Cyber Threats?
1) Social Engineering–> The act of manipulating humans so that they give up private information or their money.
–>e.g. Pressuring an employee to give up private information because ‘You’re boss needs this ASAP’
–>e.g. Following authorised employees through secure door
2) Phishing–>Trying to obtain private information by faking an email or messages from a trusted source.
3) Malware–> (malicious software),
examples:
-A Virus inserts itself into the computer programs, when that program is run, the virus replicates.
-A Trojan pretends to do one legitimate task but secretly acts maliciously in the background.
-Spyware collects information about you without you’re knowledge. e.g. A keylogger (records everything you type)
4) Hacking–> Gaining unauthorised access to a computer.
-can require both technical and psychological skills.
(not all cyberattacks involve hacking
–>hacking is done for data theft (When data is extracted and stolen)
5) Interception–> Data stolen when moving through networks.
What are some ‘Physical Security Methods’ which can be used in order to deal with Cyberthreats?
1) Locks–> used to prevent access to server rooms or sensitive data stores (only authorised personnel with the right key will have access)
2) Biometrics–> Require input of a human characteristic e.g. fingerprint, iris, or voice scan.–> biometric data is checked against previously inputted data in a database.
3) Privacy screens–> plastic screens placed over monitor to obscure the screen to anyone except the person sitting directly in front of them.
4) Shredding–> The cutting up of documents into small pieces so that they cannot be reassembled.
5) RFID and tokens–> Radio Frequency Identification uses electromagnetic fields to attach tags to physical objects.
-They can embed within ‘dumb’ objects such as clothing, packages and even animals.
–> They can track equipment and manage access.
What are some ‘Digital Security Methods’ which can be used in order to deal with Cyberthreats?
1) Username & Passwords–> Usernames must be matched with a secure password to minimise the chances of unauthorised users accessing a system.
–> Passwords should contain a mix of uppercase and lowercase letters, punctuation and numbers. Passwords should be of substantial length (at least 8 characters) and should be regularly changed.
2) Firewall–> Prevent unauthorised access to or from a network, they filter packets and block anything that is identified as harmful to the computer system or network. (they can be used to block access to specific websites and programs).
3) Encryption–> The conversion of data (plaintext) into an unreadable format (ciphertext) so it cannot be understood if intercepted.
–>Encrypted data can only be understood by an authorised system with a decryption key)
4) Permissions–> The creation of different levels of file access so that only authorised people can access and change certain files.
–>There are different levels of file access:
-No access
-Read-only
-Read/write
5) Anti-Malware:
–>Anti-virus- scans and removes viruses
–>Anti-Spyware- removes spyware on an infected system so hackers cannot view personal data or monitor users.
(Organisations should install and regularly update anti-virus and anti-spyware programs)
What is the legislation around Safe disposal of data?
-The Data Protection Act (2018) states that data should only be kept when needed.
-For disposal of devices, legislation like WEEE guides responsible disposal.
How can data and devices be ‘Safely Disposed’?
1) Physical Destruction (simplest method)
e.g. shredding, (however, physical destruction will render the storage media unusable again for other purposes.)
2) Electromagnetic wiping–> resets the magnetism in hard disks (by using a powerful device called a degausser)
–>Device can be used afterwards as it has not been physically destroyed
3) Overwriting–> writing fresh data over the data that is to be deleted, this will remove any remnants of the original data.
–>The hard drive can also be used again.
What are some features of an IDE (Integrated Design Environment) ?
-Source code editor
-Debugger
-Compiler
-Interpreter
-Translator
