Business Information Systems - Assignment Example

DO NOT CREATE A COVER SHEET FOR THIS ASSIGNMENT MIS101 – Assignment Template – Trimester 1, 2015 Your Name: Insert your name here Student Number: Insert your MIBT student ID number here (We will not mark this if the Deakin id is used-Deakin I.D. begins with the number 2) MIBT Email: Insert you MIBT email address here Assignment – Part A DO NOT FORGET TO USE INTEXT CITATIONS IN EVERY QUESTION (do not remove this instruction) Question 1: Provide a brief explanation of each of the following security terms and provide an example of each. Something the user is… This is also known as biometrics. This type of authentication is used to examine the user innate personal characteristics (Matyáš & Říha, 2002). This may include personal aspects such as fingerprint scans, palm scan, iris recognition and facial recognition. The most effective are finger prints, iris recognition and retina scans. They are the most preferred due to their ability to offer high security (Wu, 1998). Something the user has … This involves use of identification mechanisms such as identification cards and tokens. Regular ID cards have the user picture as well as their signature. In case the user has a smart card, it has embedded chip which is recognised by the system. Token has a display which gives a number. With each login, the token number changes (Wu, 1998). Something the user knows … This refers to a reusable password, identification number or any other fact that only the user knows. Passwords are a major security problem in organisations. This makes it prudent for users to have strong passwords (Brainard et al., 2006). Something the user does … This includes identification mechanism such as signature and voice recognition. The user voice is recorded under monitored conditions and stored in the system. The match between two voice signals leads to identification. Signature recognition involves user signing their name which is compared to previously signature. The signature recognition system also considers the speed and pressure on the signature (Wu, 1998). Question 2: Briefly discuss the following; is it ethical for an employer to monitor their staff’s usage of the Internet at work? List three (3) acceptable and three (3) unacceptable activities you would include in an ‘acceptable internet usage’ policy? Employers are legally allowed to monitor employees’ internet usage to enhance productivity. The fact that something is legal does not imply that it’s ethical. Based on ethics, there are acceptable and unacceptable activities (Nord, 2006). An acceptable internet usage policy should be based on following. Acceptable 1. Internet can be used at the workplace for private purposes provided that it does not affect productivity or lead to organisation incurring unnecessary costs. Employees can surf inoffensive websites during lunch and coffee breaks. Employees can send short emails based on clear guidelines (Miller, 2000). 2. Monitoring must be done at the minimum level possible and with a legitimate reason. This will ensure that employees’ right to privacy is not infringed. Monitoring must be announced in advance (Persson, 2003). 3. Monitoring is acceptable if it is done on event basis. This is during instances when something that is inappropriate happens in the organisation. This leads to monitoring of the internet with an aim of dealing with a specific issue. For example, increase in organisation data usage or reduction of office productivity (Persson, 2003). Unacceptable 1. Surfing of pornographic and extreme political websites must be restricted. Employees are not allowed to join chat rooms or make downloads using the company internet. The restriction is supposed to be explained to the employees in a clear manner (Miller, 2000). 2. Personal employee data should not be kept longer than necessary. Once the data have been checked, it should be deleted to ensure that employees’ privacy is upheld. This should be made clear in the guidelines on how long the data is stored (Persson, 2003). 3. Monitoring should not encroach on messages which are sensitive or very personal. For example, conversation between couples should not be monitored by the organisation. Monitoring must respect employee privacy. Personal emails can only be checked if its necessary based on security (Miller, 2000). Question 3: List and describe the three fundamental tenets of Ethics in a business environment. Explain why ‘unethical is not necessarily illegal’ and give an example that shows this? The tenets of ethics in a business environment are; responsibility, accountability and liability (Rossouw & Van Vuuren, 2003). Responsibility refers to being in a position to accept the consequences of their decisions and actions. Business leaders as well as employees must be responsible in their actions (Rossouw & Van Vuuren, 2003). Accountability refers to being able to determine who is responsible for actions or decisions made (Rossouw & Van Vuuren, 2003). Liability refers to the legal ability of individuals to have the capability of recovering the damages inflicted on them by other members, systems or an organisation. When an organisation invades employees’ privacy, it’s supposed to be held accountable for its action (Rossouw & Van Vuuren, 2003). Not everything unethical is illegal. When something is declared illegal, it implies that one can be held accountable by the court of law. An illegal act can lead to imprisonment or fine by the court. Stealing is unethical and illegal while grapevine is unethical but not illegal. With widespread use of technology in workplace, employee monitoring have been a major issue of contention. There have been cases of employers monitoring employees without their knowledge. While the law may support employers in monitoring employees, the act of reading employees emails is unethical (Crane, 2005). This is a case where there is no clear distinction of what is right or wrong. The practice though unethical is supported by law. Question 4: Informed consent is an important consideration for an organisation’s customers and their Privacy Policy. Identify and describe the two models of informed consent typically used in ecommerce and Social Networking sites privacy policies. Which is the preferred option? Justify your answer. Two models of informed consent used in social media are; opt in and opt out models. An opt-out model of informed consent allows collection of personal data until the consumer makes a request that the date should not be collected. This model allows the business to collect data by default unless notified otherwise (Friedman, Felten, & Millett, 2000). An opt-in model of informed consent is based on where there is prohibition of business collecting any personal information until the time a consumer gives approval for collection and use. In opt-in model, the consumers have high control of their data since no action can be taken on it without their approval (Reinartz & Kumar, 2000). Informed consent is very vital in protection of privacy among other human values including trust and autonomy. I would prefer opt-in model of informed consent. This is due to fact that one has more control on their data using opt in model (Hoffman, Novak, & Peralta, 1999). Opt-out models allow the business to have more intrusive abilities to ones data. The consumer may also not be unaware the type of information being collected and the purpose for collection. This is seen especially in cookies where private groups may take advantage of opt-out model to collect confidential information (Crane, 2005). The user is not notified when cookies are entered in their systems unlike opt-in model of informed consent. Social sites such as Facebook pose major security concerns for consumers when using opt-out model of consent since they can be tracked without their knowledge. Reference List :( DO NOT MOVE THIS LIST TO THE END OF THE ASSIGNMENT) Brainard, J., Juels, A., Rivest, R. L., Szydlo, M., & Yung, M. 2006, Fourth-factor authentication: somebody you know. In Proceedings of the 13th ACM conference on Computer and communications security (pp. 168-178). ACM. Crane, A. 2005, “In the company of spies: When competitive intelligence gathering becomes industrial espionage,” Business Horizons, Vol.48, no.3, p.233-240. Friedman, B., Felten, E., & Millett, L. I. 2000, Informed consent online: A conceptual model and design principles. CSE Technical Report. Hoffman, D. L., Novak, T. P., & Peralta, M. 1999, “Building consumer trust online,” Communications of the ACM, Vol.42, no.4, p. 80-85. Matyáš, V., & Říha, Z. 2002, Biometric authentication-security and usability Advanced Communications and Multimedia Security, Springer US. pp. 227-239. Miller, S.2000, “Privacy, the Workplace and the Internet ,” Journal of Business Ethics , vol. 28, no.1, p. 255-265. Nord, G. 2006, “E Monitoring in the Workplace: Privacy, Legislation, and Surveillance Software,” Communications of the ACM , vol. 49, no. 8. Persson, A. 2003, “Privacy at Work Ethical Criteria,” Journal of Business Ethics, vol. 42,no.3, pp. 59-70. Reinartz, W. J., & Kumar, V. 2000, On the profitability of long-life customers in a noncontractual setting: An empirical investigation and implications for marketing. Journal of marketing, Vol.64, no.4, p.17-35. Rossouw, G., & Van Vuuren, L. 2003, “Modes of Managing Ethics,” Journal of Business Ethics, Vol.4, no.46, p.389-402. Wu, T. D. 1998, “The Secure Remote Password Protocol,” NDSS, Vol. 98, no.1, pp. 97-111. Read More