H External Factors Notes
advertisement
External Factors Information Systems Notes Information Systems Design & Development: Security Risks, Security Precautions, Legal Implications, Environmental Impact & Social and Economic Impact Contents Security Risks & Precautions Questions Environmental Impact Questions Legal Implications Questions Social & Economic Impact Questions Security Risks A Security Risk to an information system is a potential threat to the security, privacy and integrity of the data stored in the information system. Laws like the Data Protection Act regulate the responsibilities of the operators of an information system. The operators have to be very aware of security risks as they could result in them being held liable for breaches in their data security. There are a number of different security risks which can be categorised in terms of the nature of the threat. Not every threat attacks weaknesses in the computer systems used by the information system itself! Malware security risks and exploits are threats posed directly by and to computers. Social engineering security risks are threats that take advantage tricking people into doing something. Very often, a social engineering method is used to trick users into installing malware. Spyware: Spyware is software that monitors the users actions and reports them to someone else Spyware can monitor a variety of activities, from web browsing habits to program use. It runs unobtrusively and can be hard to notice without actively checking the tasks being run by the computer. Malicious spyware collects information either without your consent, or having tricked you into giving your consent without realising it Spyware isn’t always malicious, and a positive use of a spyware type program is for monitoring and reporting on crashes that happen when using or testing other programs. Keyloggers are a specific form of spyware that record the keystrokes on a keyboard. They can be used to record user names and passwords, allowing hackers to access your accounts The development of smartphones opens the potential for new forms of spyware. Smartphones come with cameras and microphones, two devices that could be use to covertly monitor user activity in new ways. Phishing: Phishing is a form of social engineering whereby information system users are tricked into giving up their personal details, or usernames and passwords. There are a variety of ways to phish for personal data. Phishers will take advantage of individuals who do not understand how aspects of computers and communications technology works to gain their data. Identity Theft is a consequence of phishing. With enough of someone’s personal information, criminals can access all of their online accounts – and even make new ones Collectively, various methods of using the Internet to trick people out of their money and belongings are known as online fraud. A 419 Scam email Denial of Service Attacks A denial of service attack floods an online server with a flood of requests and messages. As the attacked computer is unable to keep up with the messages it crashes. Most denial of service attacks are distributed – the flood comes from many computers Symptoms of a denial of service attack include: Slow network performance Unavailability of a website Disconnection from the Internet Although some denial of service attacks are carried out purely for the effect of taking down the server, other have criminal profit in mind – Sometimes it is possible to access otherwise restricted files as the result of a denial of service attack. By gaining access to such files, further online fraud can be carried out. Most distributed denial of service attacks are launched from botnets. Botnets are made up of malware infected computers. The malware can be activated remotely, causing the computers to flood the targeted server Security Precautions Security precautions are the steps taken by the operators of a computer system to prevent or mitigate the damage caused by security risks. When using security precautions it is important to bear in mind that many people don’t understand the security risks posed by computers. For example, even the most secure web server is still at risk from denial of service attacks, as the problem originates from people who haven’t properly secured their computer and allowed it to become infected with botnet malware Many security precautions happen without most users realising they are in place. Encryption: Encryption works by encoding information in a way that it cannot be read without first decrypting it. It is important to encrypt sensitive data that is transferred over the Internet. The data will be transferred through a number of different location on the way to its destination and could in theory be read at any of them. Encryption stops this from happening. Information is encrypted using keys. A public key is freely available to anyone and can be used to encrypt data. The information can only be decrypted with the private key, which is only known to its owner. When you encrypt data with a public key, you are guaranteed that the only person that can read it is the person who holds the corresponding private key. Hi! A03[]]agv2 Hi! Digital Certification: Although public and private keys guarantee that a message cannot be intercepted, they do nothing to prove who the owner of the public key is. A digital certificate is an electronic document that verifies that a public key – and therefore the browsed website – is owned by who it claims to be owned by A digital certificate contains: The public key of the certificate owner The name of the owner The expiry date of the certificate The issuer of the certificate Digital certificates are issued by trusted third parties called Certificate Authorities. The digital signature of the CA will be appended to a digital certificate to prove is authenticity You can click on the padlock to view a digital certificate Biometrics: Biometrics refer to measuring the physical characteristics of a person. In computing security, an individuals unique biometrics can be used as an alternative to a password Biometrics include: Fingerprint recognition Iris & Retina recognition Voice recognition Facial recognition Biometrics increase security because they are unique, complex and cannot easily be taken from a person A passport with facial recognition biometrics Questions – Security Answer questions in full sentences! 1. Describe how security risks can be split into different categories 2. Describe what spyware is. 3. Explain how keyloggers are a form of spyware 4. What is a denial of service attack 5. Explain how a denial of service attack is carried out 6. Explain how public key encryption works, and how it prevents messages being intercepted 7. Why does public key encryption need to be supplemented by digital certification 8. What is a digital certificate? 9. What is a certificate authority? 10. Why do certificate authorities need to include their digital signature on digital certificates? Environmental Impact The environmental impact of computers is a measure of the effect computer systems have on the environment. Some effects of using computers are bad for the environment – the generation of electricity to use computers and the materials used to make computers can have a negative impact Computers are also responsible for changes in habits and working practices that can have a positive impact on the environment Lifetime Carbon Footprint The carbon footprint of something is a measure of how much carbon dioxide it causes Most things cause carbon dioxide emissions indirectly – they don’t emit the carbon dioxide themselves, but something else such as a power station or vehicle will be emitting the carbon dioxide for them Carbon footprints are measured over the lifetime of an object or person. For computers, the lifetime of the object can be broken into three areas: Manufacture, Usage & Disposal Manufacture: Significant amounts of electricity will be used to run the machinery that makes computers. If this electricity is generated at a fossil fuelled power station it will contribute to the carbon footprint Transporting finished computers from factories to shops and purchasers will also contribute to the carbon footprint as fuel will be used by trucks and vans Usage: Electricity is required to run a computer, which will contribute to its carbon footprint. The amount of electricity used depends on the energy consumption of the computer and how much it is used. Laptops have a lower energy consumption than desktops. Disposal: Because of the materials used to make computers, they have to collected and recycled at specialised designated collection facilities. This affects the carbon footprint of computers as electricity will be used to break up and recycle the computers, and fuel will be used to transport them there. Calculating Carbon Footprints: To calculate a lifetime carbon footprint, work out the carbon dioxide release by each individual element of the computers lifetime and add them all together Environmental Benefits Computer technology can also have environmental benefits as it changes the way we work and live. Connectivity & Communications: The growth of the Internet and the increase in connection speeds has made telecommuting and videoconferencing viable. People can collaborate and work with each other remotely This reduces the need for transportation, as less people need to move about for their work. Fuel use, and carbon dioxide generation is less as a result. Paperless Workplaces: Increasing storage capacities mean that more information can be stored electronically. Communications technologies mean that messages can be sent electronically, with feeds like Twitter and RSS able to keep people up to date. This means that less paper is needed to store information and communicate. Although it might not be possible to eliminate paper entirely from a workplace, its usage can be drastically reduced. This saves resources in terms of the paper itself, its production, transportation and recycling. Questions – The Environment Answer questions in full sentences! 1. Explain what is meant by a carbon footprint 2. Explain what elements need to be considered when calculating the carbon footprint of a computer 3. Do software applications have a carbon footprint? Explain your answer 4. Explain how the growth of network & communication technologies is of benefit to the environment 5. Describe how computers can result in less paper being used. 6. Do you think it is possible for workplaces to become 100% paperless using current technologies? Explain your answer 7. Find out about another way computers can be used to benefit the environment online. Describe it in detail in your jotter. Legal Implications A number of laws need to be considered when using computer systems: Data Protection Act Copyright Designs & Patents Act Communication Acts Regulation of Investigatory Powers Act Additionally, you will still need to know about the laws covered at National 5 level: Computer Misuse Act Health & Safety Regulations Data Protection Act The Data Protection Act governs the keeping of data about people – how it is to be used, updates, passed on and deleted. The Data Protection Act does not apply to: Data kept for national security purposes Data kept for crime prevention purposes Data kept for taxation purposes Data kept domestically – i.e. your personal address book The act identifies three groups of people with differing rights and responsibilities The data controller is the person in an organisation tasked with ensuring that the organisation complies with the act. They are the ones held liable for breaches of the act. Data users are the people in the organisation that will make use of the data The data subjects are people about whom information is stored. They are entitled to compensation if their rights are breached The Information Commissioner regulates the application of the act and complaints about data controllers can be made through his office The data controller must ensure that: Only data described in the organisation’s entry in the Registrar of Data Controllers is collected, and it is used for the registered purpose. The data is accurate and up to date The data is protected from accidental damage and unauthorised access Data is kept no longer than necessary Data is not transferred to other countries without similar laws in place The data subject has the following rights: a right of access to a copy of the information comprised in their personal data a right to object to processing that is likely to cause or is causing damage or distress a right to prevent processing for direct marketing a right to object to decisions being taken by automated means a right to have inaccurate personal data corrected a right to claim compensation for damages caused by a breach of the act Copyright Designs & Patents Act The Copyright, Designs & Patents Act makes it illegal to copy or redistribute intellectual property without license Works covered by copyright include: Literary, dramatic and musical works Artistic works including photographs Sound recordings and films Television broadcasts Software There are some limited exemptions to copyright: Fair dealings, such as for reviewing copyrighted pieces Education Libraries & Archives Copying another persons work and attempting to pass it off as your own is called plagiarism. As well as being a breach of copyright, plagiarism is a serious matter in schools and universities. Material created by other people should be acknowledged as such if you include it in your work Communications Act The Communications Act covers a wide range of regulations in media and communications, some of which are applicable to the field of computing The Communications Act makes it an offence to access a wireless network connection when you have no intention of paying for it. This makes the practice of piggybacking – using someone else’s WiFi network – illegal The Act also makes it an offence to send malicious messages via social media. Following an individual being prosecuted for jokingly threatening to blow up an airport, guidance has been issued that the Act should only be applied where there are credible threats of violence The appeal of the Twitter Joke Trial, as mentioned above The Regulation of Investigatory Powers Act The Regulation of Investigatory Powers Act regulates public bodies abilities to carry out surveillance and investigation, specifically referring to computer communications technology. Areas covered by this act include: Intercepting communications for the purpose of national security and tax collection The monitoring of email, web and communications usage for a wider range of purposes including public health and safety, national security and crime prevention, collecting of taxes, duties and levies and preventing death and injury in cases of emergencies Internet Service Providers and organisations must implement systems that allow this information to be produced on demand. This must be done at the ISPs expense. There are a number of difficulties in enforcing RIPA, primarily revolving around the use of encryption and the fact that many ISPs and data stores reside outside of the United Kingdom’s jurisdiction. Questions – Legal Issues Answer questions in full sentences! 1. Describe the three roles listed in the Data Protection Act 2. List the rights of a data subject 3. Which law makes it illegal to download music without paying for it 4. Describe the exemptions to Copyright law 5. Find out how long musical arrangements are under copyright for 6. Which law makes using someone else’s WiFi without their permission illegal 7. Explain the financial implications for ISPs of the Regulation of Investigatory Powers Act 8. Explain why RIPA can be hard to enforce 9. Investigate the Twitter Joke Trial more fully. State whether or not you think this was a valid use of the Communications Act. Explain your decision 10. Investigate some of the controversial applications of RIPA. Write a short paragraph describing them. Economic Impact of Computer Systems The economic impact of the continuing growth and adoption of computer systems on the world has been huge. Computer systems have allowed organisations to increase their productivity. Collections of information can reach a scale so large that they would have been impossible without computers. From factory robots to the ease with which databases can be searched, more work can be done in the same time. This grants a huge competitive advantage to organisations that have adopted computers – they can reduce costs in a number of areas such as labour. The more advanced an organisation’s computerisation is, the more of an advantage it has. The growth of network and communications technology has drastically changed the way business has been done. It is easy to communicate and collaborate with other organisations across the world. This ease of communication has connected together and opened new marketplaces. Businesses must compete in a global marketplace where the number of potential customers is much larger, but so is the number of competitors The continuing development of new technologies brings new costs. Computer systems must be maintained, and a whole new class of jobs based around the creation and maintenance of computer systems has grown up over the last few decades Social Impact of Computer Systems The social impact of computer systems are slowly being more understood. As more and more computer systems are used in more and more areas of our life, the way we live changes. Most people view freedom of speech as an inalienable right. The internet has made it easier than ever before to have your say. With social media and discussion board sites able to operate in different countries, even oppressive regimes have difficulty in controlling what their citizens are able to say. At the same time, abuses of freedom of speech are common too. Internet trolling and other cyber bullying methods are common Widespread use of computers has affected privacy drastically. Once information is released online, it is all but impossible to make private again. Embarrassing pictures can spread far beyond their initial posting. An individual’s personal history can remain easily found on the internet for years. This can affect people’s lives, including their employability. Do people have a right to be forgotten? Or is privacy a license for censorship? Are people abusing the idea of privacy to rewrite their personal history and conceal important information from their associates? Communities, increasingly, are online. Groups and organisations are bypassing traditional media such as newspapers and television and reaching their audience via the internet and social media. Online communities can reach people who have otherwise been disengaged with politics and society. Social media has a far greater reach than television and newspapers. With the Internet having global coverage, people can become involved in issues around the world, effectively becoming global citizens. Social media played a huge part in the 2014 Scottish Independence Referendum Questions – Economic & Social Impact Answer questions in full sentences! 1. Explain why computer systems increase the scale at which business can be done 2. Explain how computer systems can increase the productivity of business 3. Give one advantage and one disadvantage of operating in a global marketplace 4. Pick one of the social issues mentioned above. Investigate the issue using the internet. Write a short, one page long, report on the issue on your computer.
