Details How An Organization Will Implement Information Security Policies

Information ethics govern the ethical and moral issues arising from the development and use of information technologies, as well as the creation, collection, duplication, distribution, and processing of information itself (with or without the aid of computer technologies). Ethical dilemmas in this area usually arise not as simple, clear-cut situations but as clashes between competing goals, responsibilities, and loyalties. Inevitably, there will be more than one socially acceptable or "correct" decision. For this reason, acting ethically and legally are not always the same.

• An ethical computer use policy contains general principles to guide computer user behavior. For example, it might explicitly state that users should refrain from playing computer games during working hours. • An information privacy policy contains general principles regarding information privacy. • An acceptable use policy (AUP) is a policy that a user must agree to follow in order to be provided access to corporate email, information systems, and to the Internet. • An email privacy policy details the extent to which email messages may be read by others. • A social media policy outlines the corporate guidelines or principles governing employee online communications. • An employee monitoring policy states explicitly how, when, and where the company monitors its employees

Hackers are experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge. A virus is software written with malicious intent to cause annoyance or damage. Some hackers create and leave viruses causing massive computer damage.

Information security policies identify the rules required to maintain information security, such as requiring users to log off before leaving for lunch or meetings, never sharing passwords with anyone, and changing passwords every 30 days. An information security plan details how an organization will implement the information security policies. The best way a company can safeguard itself from people is by implementing and communicating its information security plan.

• Authentication and authorization: Authentication is a method for confirming users' identities. Once a system determines the authentication of a user, it can then determine the access privileges (or authorization) for that user. Authorization is the process of providing a user with permission including access levels and abilities such as file access, hours of access, and amount of allocated storage space. • Prevention and resistance: Content filtering occurs when organizations use software that filters content, such as emails, to prevent the accidental or malicious transmission of unauthorized information. Encryption scrambles information into an alternative form that requires a key or password to decrypt. In a security breach, a thief is unable to read encrypted information. A firewall is hardware and/or software that guard a private network by analyzing incoming and outgoing information for the correct markings. • Detection and response: Intrusion detection software (IDS) features full-time monitoring tools that search for patterns in network traffic to identify intruders.

As it becomes easier for people to copy everything from words and data to music and video, the ethical issues surrounding copyright infringement and the violation of intellectual property rights are consuming the ebusiness world. Technology poses new challenges for our ethics — t he principles and standards that guide our behavior toward other people.

Information management examines the organizational resource of information and regulates its definitions, uses, value, and distribution ensuring it has the types of data/information required to function and grow effectively. Information governance is a method or system of government for information management or control. Information compliance is the act of conforming, acquiescing, or yielding information. All are required to ensure a corporation treats information correctly.

Organizations should develop written policies establishing employee guidelines, employee procedures, and organizational rules for information. These policies set employee expectations about the organization's practices and standards and protect the organization from misuse of computer systems and IT resources. If an organization's employees use computers at work, the organization should, at a minimum, implement epolicies. Epolicies are policies and procedures that address information management along with the ethical use of computers and the Internet in the business environment.

Privacy is the right to be left alone when you want to be, to have control over your personal possessions, and not to be observed without your consent. Privacy is related to confidentiality, which is the assurance that messages and information remain available only to those authorized to view them. Each time employees make a decision about a privacy issue, the outcome could sink the company.

Information security takes people and technology. Informing the people about security policies and security issues will help to ensure the information is safe. The company must also implement all of the security technologies from authentication to authorization and prevention and resistance

Authentication and authorization technologies such as biometcis and passwords can protect access. Prevention and resistance technologies such as antivirus software and encryption can protect data in transit. Detection and response technologies such as intrusion detection software can handle an attack if the infiltrator breeches the first two lines of defense.

FALSE

C

• World's population will double in the next 40 years • People in developed countries are living longer • Growth in information industries is creating a knowledge-dependent global society • The global economy is becoming more integrated • The economy and society are dominated by technology • Pace of technological innovation is increasing • Time is becoming one of the most precious commodities

• Digital ink • Digital paper • Teleliving • Alternative energy sources • Autonomic computing

Obtaining a broad view of emerging trends and new technologies as they relate to business can help an organization anticipate and prepare for the future. Organizations that can most effectively grasp the deep currents of technological evolution can use their knowledge to protect themselves against sudden and fatal technological obsolescence.