The Charity Scenario in Assignment 4

Ethics dictates the basic principles of human behaviour. Nevertheless, it cannot assure that a person will act right or good. An ethical action can be referred to as anything that is performed with the criteria or domain of what is considered as good. Ethics helps us to behave fairly and attain those basic good characteristics that makes us a completely responsible human being. Thus, it can be said that a person can be called right or good if that person applies ethics to his behaviour (Hashizume et al., 2013).

Privacy can be defined as a condition of the life of an individual that is excluded from the public.

Though technology has a major effect in the collection and storage as well as in the retrieval and distribution of information, still there is ethical impact related to the manipulation and accessibility or inaccessibility of the information. Through implication many people can easily access the private information or data of an individual. Technologically a person can be excluded from accessing a private and necessary information and data through various security measures such as passwords. Technological way of accessing or manipulating information involves integration and possible changing of information. Technological way of accessing information cannot always be considered as ethically neutral (Cheng et al., 2013).

The information professional needs to confront with the following ethical issues for processing and handling of different kinds of personal and private information.

• The information professional needs to decide on what type of information he/she in entitled to gather.
• He/she also needs to consider about the confidential treatment of information individual as well as the accuracy of the information.
• He/she needs to decide about the objective for which different types of information may be used. It is also considerable here that whether person will be notified about the reason and way of using the personal information (Pardo & Siemens, 2014).
• A person’s rights regarding the dissemination and use of one’s private and personal information.

The following norms could be distinguished (Dove et al., 2015).

1) Truth: Firstly, this norm directs the information professional regarding the accuracy and the appropriate handling of private information. Secondly, the norm expresses ethical virtues such as honesty, trustworthiness and openness.

2) Freedom: As per this norm, a person has the discretion of selecting freedom intrusion and freedom from privacy. However, freedom of others may not be restricted by the selection of privacy from intrusion.

3) Human rights: In terms of privacy this norm implies protection and juridical acknowledgement of a person’s right to privacy and it protects individual from society’s illicit interference.

• As per the norm of freedom, the information professional must acknowledge the client’s right to control any private and personal information.
• As per norms of human rights and freedom, the client must have regular access to every personal and private information that is used by information professional in order to examine accuracy of the information.
• As per norms of freedom, truth and human rights, the client must be informed about the merging of private and personal information as well as given right to access information on central database, including provision to modify the incorrect information on the database.
• As per norm of human rights and freedom, the information professional (companies) that have gathered information about a person must purposefully intimate the person about the different uses of information. In addition, the client is given the opportunity to grant or withdraw their consent regarding these uses. Now, the client’s concern is to respond and absence of response is treated as consent. However, client must be provided opportunity of withdrawing consent (Cheminod, Durante & Valenzano, 2013).
• As per norm of freedom, unnecessary private information and data must not be collected.
• As per norm of human rights and freedom, private and personal information that are no longer required must be destroyed.
• As per norms of human rights and truth, the reasons for the denial of rendering a product or service to a person on the basis of personal information must be updated to the person.
• As per norm of the human rights, truth and freedom, a person’s information and data must be handled confidentially.
• As per norms of human rights, truth and freedom, there must be a privacy policy comprising the elements such as type of information, confidentiality level (for example, who has access and use to which information), proper explanation for purpose of using the information and procedural description for ensuring accuracy of information (Fernandes et al., 2014).

Internet and cloud computing play a major role in recent days and people capitalise a large number of benefits from using them. Internet and cloud computing information privacy is the right of controlling and managing the way of stored personal and private data and information. However, information privacy is related to confidentiality. Confidentiality also deals with individuals’ data and information and it allows a person or individual to refrain others from revealing his/her personal data or information to unauthorized or unofficial people or parties (Hossain, Fotouhi & Hasan, 2015). Thus, the information professional needs to consider both privacy and confidentiality issues during collection, storing and sharing of personal data and information.

Ethical Approaches

In online environments such as internet and cloud computing technology system, confidentiality is about implementation of security arrangements for protection of personal information and safety assurance of computer equipment and systems (Ozair et al., 2015). In addition, information privacy is also related to the information security as security gaps may result in information privacy violation. Regarding information security of an individual or person, the information security professional must consider two factors – protection of critical data or information and knowing the source of the critical data (Inukollu, Arsi & Ravuri, 2014).

Ethics in internet and cloud computing seek to safeguard and protect individuals and society through responsible way of using information systems. Regarding information security the code of ethics are as follows (Singhal et al., 2013).

1) Protection of confidential client information: The best possible way of protecting client information is refraining it from taking possession. The obligation of information security professional for maintaining the security and confidentiality of client information is not limited to his/her period of employment. He/she must protect the information even after finishing the tenure of his/her employment with the service provider authority or organization (Khari & Bajaj, 2014).

2) Personal data of individual: The information security professional must not reveal any information or data about the former and/or existing employee or member of the organization or service provider authority without prior consent of the employee or member.

 A security threat is referred to as any malicious event or action that aims to interrupt the integrity of personal or organization computer systems. The basic intention of this is compromising data for exploitation purpose. The targeted data can be sensitive type such as passwords, list of contacts, credit card information and so on. The following security threats are normally encountered in online environments such as internet and cloud computing (Komninos, Philippou & Pitsillides, 2014).

1) Privilege escalation: Here bugs in the software programs are exploited to gain access control to certain higher privileged resources that can detour security controls.

2) Virus: It is referred to as a software program that is capable of replicating itself and infecting other computer systems. Normally, transmission of virus occurs over networks as well as by means of universal serial bus (USB) drives and other movable media (Smith & Wong, 2016).

3) Worm: It is particular virus type which unlike a virus does not modify system files, instead it consumes large memory or disk space by replicating itself innumerable times. Worms slow down and crashes the system.

Privacy and Ethical Impact of Technology

4) Trojan or trojan horses: These are programs that disguise themselves as normal and safe applications with the purpose of allowing hacker to remotely access a system. The infected computer system in turn may be used as section of denial of service (DOS) attack which may result in data theft. For instance, keystroke logger trojan can capture sensitive information such as passwords, credit card numbers (White, Fisch & Pooch, 2017).

5) Spyware and adware: It access computer through software downloads. Though often used as advertising tools, yet similar to trojan, spyware can also steal sensitive data or information. The intention here is collection of user’s information through monitoring the internet activities and disseminating that to the attacker. Like spyware, adware also monitors browsing activities on internet (Kshetri, 2013).

6) Spam: It is basically an uninvited junk mail that comes in form of advertisement and contains filthy information and it consumes valued bandwidth of the network.

7) Rootkits: They are difficult to detect as they get activated during system start-up and before starting of the antivirus software program. Rootkits intercept sensitive data or information through installation of accounts and files (Mason, 2017).

8) Botnets: They are created with a trojan and launch DOS attacks.

9) Logic Bomb: They are bits of code that sets off a particular software function by adding themselves to the software.

On mobile devices, the cyber attacks are increasing regularly and cybercriminals effectively deploy all possible types of strategies. Privacy has been a major issue in context of mobile applications that collect and storing large volumes of data on the cloud. The primary reasons for data loss on devices are loss of the physical devise and misuse of applications (Stojmenovic & Wen, 2014). Finance professionals use mobile device in exchanging sensitive information. In that scenario, cybercriminals attacks those devices and infect more systems and can earn huge money by selling user details in black market and by exploiting individuals. The different types of cyber attackers are hacker, cracker, web defacer, hactivist, lamers, phreakers, pirates (Modi et al., 2013).

In computer systems and mobile devices, the most normal form authentication methods are verification of passwords and user IDs or user names. On the internet, different types of applications are available for password guessing activities. The attacker or the intruder is required to point a particular application of password guesser at a website or computer. After that the application start the process of password guessing in the target device or system and it keeps trying generally used user IDs or user names and huge numbers of passwords until the attacker or intruder’s system gain access to the target device or system. This type of attacking method is referred to as brute force hacking. The following methods are applied to encounter this type of attack (Kim, 2014).

• Account lockouts: This feature disable and locks the account after the user exceeds maximum number of valid login attempts.
• Account renaming: Any account that are built into operating systems (OS), applications or devices such as administrator must be renamed or changed from their default values.
• Password policy: This feature allows to establish policy that requires passwords to satisfy complexity needs and ensures that they are changed periodically. In addition, this policy can be imposed within the application or OS.

Ethical Issues in Processing and Handling Personal Information

1) Using passcode: During passcode setting, the user must use the exact security measures as he/she would have done it or do it on any other device. The user strictly must not share his/her passcode in any case. The user must not reuse passwords from other devices or websites. It is preferable that user must use pin as passcode instead of swipe patterns as possibility of guessing a pattern is much higher than guessing a pin.

2) Selective use of applications: The user must go through trusted application store to verify reviews and feedback about any new application. The user must be specifically cautious with the financial application.

3) Avoid accessing suspicious links: The use must perform proper research work before accessing any link.

4) Enable remote wiping: This feature allows a user to erase the data of his/her device in case the device got stolen or lost.

5) Maintain software update: Software updates can patch privacy and security loopholes that are found by the users. Hence, the user must regularly update software on his/her device.

6) Using security applications: Though installing and using security software user can protect his/her privacy against any unknown threats or annoys.

7) Staying off the open Wi-Fi networks: The user must strictly stay off his/her Wi-Fi networks on device as there are chances of transmission of user passwords and credit card information by the malicious hotspots without his/her knowledge.

8) Recording the International Mobile Equipment Identity (IMEI): IMEI of a mobile device is a fifteen digit serial number that can help in speeding up the device back to user.

9) Taking regular backup of the device: The user must regularly backup his/her data as the operating system (OS) update on device can result in data loss.

10) Protecting subscribers identity module (SIM) card data: Before handover the device to anybody for selling or repairing purpose the user must remove both the SIM card and memory card.

Recommendation for security protection in mobile devices (Yang et al., 2013):

• The user must lock his/her device with a fingerprint detection or password. In addition, the user must also set the time of the password lock as minimum as possible.
• The user must consider encrypting of his/her data on the device as this protect sensitive data such as banking and investing applications or business mails.
• The user must set up the remote wipe. Remote wipe enables user to track and find his/her device location as well as wiping or erasing data in case the device is stolen or lost.
• The user must backup all his/her device data.
• The user must avoid usage of any third-party applications.
• The user must avoid rooting or jailbreaking of his/her device while configuring the device.
• The user must be very careful about scam of social engineering.
• The user must be very careful in using public Wi-Fi networks. It is advisable that the user must avoid using such public networks.
• The user must protect his/her online account that deals or handles sensitive data through strong mechanism of authentication.
• The user must not open or access any untrusted, misleading or suspicious uniform resource locator (URL).
• The user must not download as well as deny any programs and content from untrusted or unknown sources.
• Before performing data synchronization to cloud services user must evaluate security risks  and adopt sufficient security measures such as avoidance of automatic backup.
• The user must ensure that the backup copies of the data must be encrypted.
• The user must always be vigilant and alert about security exposure on devices and apply updated fixes and patches as per availability.
• The user must not download and install any unauthorised or illegal software on the device.
• The user must avoid any sort of wireless connections from untrusted, suspicious or unknown sources on the device.

It is notable that the security threats in the online environments are regularly increasing. Hence, to combat the problems that are posed by the different security threats, the information security professional must design and develop a defence strategy that consists of anti-virus software and system patching as well as periodical updates of the software.

Technology-based processing of information raises questions regarding a person’s right to privacy which is directly related to the right to freedom and role of information security professional in designing, handling and maintaining the data or information a s well as the information system which is directly related to the right to truth.

Information Privacy and Confidentiality in Internet and Cloud Computing

References:

Cheminod, M., Durante, L., & Valenzano, A. (2013). Review of security issues in industrial networks. IEEE Transactions on Industrial Informatics, 9(1), 277-293.

Cheng, L., Li, Y., Li, W., Holm, E., & Zhai, Q. (2013). Understanding the violation of IS security policy in organizations: An integrated model based on social control and deterrence theory. Computers & Security, 39, 447-459.

Dove, E. S., Joly, Y., Tassé, A. M., in Genomics, P. P. P., Committee, S. P. I. S., Burton, P., … & Hveem, K. (2015). Genomic cloud computing: legal and ethical points to consider. European Journal of Human Genetics, 23(10), 1271.

Fernandes, D. A., Soares, L. F., Gomes, J. V., Freire, M. M., & Inácio, P. R. (2014). Security issues in cloud environments: a survey. International Journal of Information Security, 13(2), 113-170.

Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of security issues for cloud computing. Journal of internet services and applications, 4(1), 5.

Hossain, M. M., Fotouhi, M., & Hasan, R. (2015, June). Towards an analysis of security issues, challenges, and open problems in the internet of things. In Services (SERVICES), 2015 IEEE World Congress on (pp. 21-28). IEEE.

Inukollu, V. N., Arsi, S., & Ravuri, S. R. (2014). Security issues associated with big data in cloud computing. International Journal of Network Security & Its Applications, 6(3), 45.

Khari, M., & Bajaj, C. (2014). Detecting computer viruses. IJARCET, 3(7), 2357-64.

Kim, P. (2014). The hacker playbook 2: practical guide to penetration testing. Secure Planet LLC.

Komninos, N., Philippou, E., & Pitsillides, A. (2014). Survey in smart grid and smart home security: Issues, challenges and countermeasures. IEEE Communications Surveys & Tutorials, 16(4), 1933-1954.

Kshetri, N. (2013). Privacy and security issues in cloud computing: The role of institutions and institutional evolution. Telecommunications Policy, 37(4-5), 372-386.

Mason, R. O. (2017). Four ethical issues of the information age. In Computer Ethics (pp. 41-48). Routledge.

Modi, C., Patel, D., Borisaniya, B., Patel, A., & Rajarajan, M. (2013). A survey on security issues and solutions at different layers of Cloud computing. The journal of supercomputing, 63(2), 561-592.

Ozair, F. F., Jamshed, N., Sharma, A., & Aggarwal, P. (2015). Ethical issues in electronic health records: a general overview. Perspectives in clinical research, 6(2), 73.

Pardo, A., & Siemens, G. (2014). Ethical and privacy principles for learning analytics. British Journal of Educational Technology, 45(3), 438-450.

Singhal, M., Chandrasekhar, S., Ge, T., Sandhu, R., Krishnan, R., Ahn, G. J., & Bertino, E. (2013). Collaboration in multicloud computing environments: Framework and security issues. Computer, 46(2), 76-84.

Smith, L. C., & Wong, M. A. (Eds.). (2016). Reference and Information Services: An Introduction: An Introduction. ABC-CLIO.

Stojmenovic, I., & Wen, S. (2014, September). The fog computing paradigm: Scenarios and security issues. In Computer Science and Information Systems (FedCSIS), 2014 Federated Conference on (pp. 1-8). IEEE.

White, G. B., Fisch, E. A., & Pooch, U. W. (2017). Computer system and network security. CRC press.

Yang, L. X., Yang, X., Zhu, Q., & Wen, L. (2013). A computer virus model with graded cure rates. Nonlinear Analysis: Real World Applications, 14(1), 414-422.