1- An information security manager routinely monitored Web Surfing a.pdf
- 1. 1- An information security manager routinely monitored Web Surfing among her company's employees. She discovered that many employees were visiting the "sinful six" web sites (Note: The "sinful six" are web sites with material related to pornography, gambling, hate, illegal activities, tastelessness and violence.) She then prepared a list of the employees and their surfing histories and gave the list to management. Some managers punished their employees. Some employees, in turn, objected to the monitoring claiming that they should have a right to privacy.With this in mind, please answer the following two questions: a- Is monitoring of web surfing by managers ethical, (it is legal to do this)? -- Support your answer. b- Is employee web surfing on the "sinful six" ethical? Support your answers. 2-Discuss the idea that an information system by itself can rarely provide a sustainable competitive advantage. Justify your position. 3- Discuss why the Sarbanes-Oxley Act is having an impact on information security. Support your answer. 4- How are the network applications of communication and collaboration related? Do communication tools also support collaboration? Give Examples. (NOTE: there are two questions that need to be answered in your response. I will be looking to see if both questions are answered accordingly) 5- Explain why master data management is so important in companies that have multiple data sources. Solution Ans 1. a) Yes, monitoring of web surfing is ethical and an important duty of both network administrator and Information Security managers too. Any unethical use of the system can be detected only by scrutinizing the system. Though in the given scenario, some employees think it to be intrusion of their privacy but using organizational resources for their own private uses, and that too surfing pornographic sites, in office hours is completely unethical both professionally and morally. As the company must have female employees too and surfing pornography in front of them has high probability of causing embarrassment to them. Company has provided the computer and internet connection for official works only but using them for own personal use is at all not acceptable. Hence it is the employees’ duty to use office provided computer and internet connection for office works only and not to stray into one of the “sinful six” websites.
- 2. b) No, it is not ethical on part of the employee to surf sites like “sinful six”. Firstly, the organization must definitely have female employees and surfing pornographic sites will definitely cause embarrassment to them. Secondly, the computer and internet resources provided by the company are for official purpose only. Wasting company resources and time on visiting sites related to pornography, gambling is not ethical for employees. Thirdly, several companies have clearly stated policies on refraining use of official IT resources on visiting sites especially related to pornography or gambling. Hence visiting “sinful six” site is also breaching the company policy. Fourthly, most of the pornographic or gambling sites contain viruses, and visiting those sites may in all probability resulted into company IT resources being infected. Fifthly, hackers to steal information from other computer resources mostly use the pornographic or gambling sites. So visiting such sites also make your organization resources highly prone to hacking attacks and may result into stealing of confidential information. Ans.2 The importance of information systems (IS) as a strategic resource capable of gaining sustainable competitive advantage is gradually weakening. In actuality, organizations are using IS as more of a technological tool for faster processing rather than using it for strategical purposes. A company can gain competitive advantage only if it does the things that its competitors can't do or have. In fact, scarcity of a resource makes it as a source of sustainable competitive advantage and not its easy availability. And now a days IS is so commonplace that each and every organization (both a organization and its competitors) is using it for more and more technological purposes that its potential as a source of sustainable competitive advantage has lessened. Ans. 3 Sarbanes-Oxley Act (SOX) is an important legislation created by the U.S. Congress at the time when the industry was witnessing high profile accounting scandals at firms such as Enron and WorldCom. When drafted the core objective of the SOX is not on Information Security but to restore investor confidence and to improve corporate governance and, most importantly, to establish financial transparency. However, with due passage of time and with compliance efforts have been introduced, organizations started realizing that without a certain level of assurance regarding IT security controls, compliance is not possible. Each organization that is affected by SOX has a certain level of dependence on IT to process and store the data that is the basis of financial reports. The Act requires these organizations to implement the IT security controls to maintain the confidentiality, integrity, and accuracy of the data. Specific attention should be given to secure the corporate network, prevent unauthorized access to systems and data, and ensure data integrity and availability in the event of a disaster or other failures. In addition, any application that deals with critical financial reporting data should
- 3. have validation controls such as edit and limit checks built-in to minimize the chances of data inaccuracy. A properly designed IT security control structure that is operating effectively is important to SOX compliance.