Legal and ethical implications of information security

Security It

Security, Privacy and Ethics in it

The field of Information Technology is unique among professional disciplines due to its high-paced atmosphere. The quick change of technology, particularly within the context of systems design and electronic information data-basing means that management in this field must be prepared to acclimate to security demands, practice obstacles and ethical requirements which relate to the handling of consumer privacy and the personal information of users.

Technological advance is creating a highly integrated standard for organizational culture which demands a balance between full-fledged investment in such evolving markers of effectiveness and the continuation of human intuition as a major contributor to decision-making. With risk-management, this is especially true, given both that this is a function which has increasingly fallen under the purview of Information Technology progress and that such a function requires a careful and deliberate comprehension of qualitative rather than strictly quantitative realities of risk-oriented decisions.

Indeed, even given the proper software tools, "identifying risk for an it system requires a keen understanding of the system's processing environment." (Stoneburner et al., 10) This means that the availability of diagnostic it tools for measurement of risks does not alone stand to provide a meaningful outlook for an organization's risk index. Proper interpretation and action upon information yielded by risk-management tools will be heavily dependent upon an organization's adherence to its specific industry, mission and goals. This means that the human elements of risk-management efficiency must be in place to effectively integrate into a strategy of it-based risk measurement.

This is something which is important to bear in mind today as so many identifiable risks are themselves based in the growing use of open-source technology. Thus, many risk management software packages are intended as "diagnostic and decision-making tool that enable the identification, analysis, tracking, mitigation, and communication of risks in software-intensive programs." (CMU, 1) the intertwining of risk-management tools with business-operation software may seem to imply an exclusion of the human element for measuring vulnerabilities and long-term concerns, but in fact, this relationship fails to achieve any actionable meaning without human mediation.

The open-source realities of the Internet mean that though there is a concerted intent to use public forum as a means to refining the effectiveness of various systems, there is also a wide accessibility to software applications for those with only a modest understanding of security debugging. There is, thus, a pervasive vulnerability to both client and server that online hackers will exploit holes in the security apparatus of the server in order to hijack the interaction with the user. Enabled by a communicational interception called cross-site scripting, this is perhaps the most common security threat on the internet today, making private biographical and account oriented information accessible to potentially malicious users.

Another repercussion of the open-source nature of the Internet is one that may directly impact merchant or retail capabilities. A threat to effective e-commerce operations, the 'denial-of-service' attack is a security breach in which the legitimate user's access to resources such as information, purchase items or pay-services may be obstructed by a malicious 'flooding' of the server network with irrelevant transactions or by the direct disruption of connectivity between a server and client. This type of security breach can be costly to online business enterprising.

Beyond that are the ethical concerns related to it security shortcomings and individual privacy. From the user's perspective, open source networking is creating an enormous opportunity for individual privacy invasion. Web browsers can be identified by IP addresses and by the content of transmitted data, much of which is widely available to Internet merchants, emails hosts and search engine desktop systems such as the ever-more operationally integrated Google package. This makes connecting an individual to a virtual identity increasingly easy for those with aspirations of credit card fraud and identity theft. The growing presence of unsecured wireless hotspots means that there is ever more free-floating private information on public channels.

In addition, the permeation of practical uses for internet access have increasingly placed individuals in a position of disclosure with respect to sensitive personal, private or commercial information. For instance, online retailing and banking have increasingly become a standard practice. To the latter, for instance, online banking is a service now offered by all major banks. This allows bank customers to view account balances, make fund transfers, approve payments and conduct myriad business engagements from the home, office or mobile communication device. However, this still relatively young application of internet technology does come with a wide array of security concerns that highlight the ethical and legal responsibilities facing these handlers of sensitive information.

With identify theft and hacking of open source network activities real threats in the internet age, it is increasingly important for online shoppers bankers to be aware of the risks and for online financial institutions to be armed to protect against them.

For the banking industry, which has gone to considerable lengths to continually upgrade security measures, this presents a demand which is simultaneously economic and ethical. Indeed, the transition of users from traditional to online banking methods will be a shift "resulting in considerable savings in operating costs for banks." (Sathye, 325) This highlights the nature of it risks for all companies, which must balance security concerns with the financial optimization often associated with such change.

Online banking, bill paying and shopping are all services which have gained considerable momentum within the last five years, as technological security measures have increasingly improved the ability of users to protect themselves against unwanted hacker intrusion. The speed and efficiency of online money exchange makes it advancements desirable in both business and personal application, the rise of which to total mainstream penetration is generally inexorable as this represents an evolution in convenience and ease-of-use.

Still, it remains the case today that even though use increases exponentially on an annual basis, "security concerns and lack of awareness about Internet banking and its benefits stand out as being the obstacles to the adoption of Internet banking" (Sathye, 324) There remain many who believe that online financial transaction is simply to great a risk of sensitive and personal information.

Research tends to suggest that this is largely a misconception though, and that the risks of traditional credit-based shopping or banking in terms of vulnerability to fraud and identity theft are simply higher due to the greater frequency of such crimes comparative to hacking. Moreover, as the internet has evolved to become a more integral and credible avenue through which to conduct meaningful and valuable professional and financial transactions, efforts to protect its users have become more commonplace in institutional contexts such as with the government. Standards passed by the Federal Financial Institutions Examination Council in 2001, and revised in 2005, required that all institutions availing online monetary services achieve by 2006 a user authentication process designed to afford greater protection against security breach risks. (CoC, 1) in the original 2001 Guidance, regulatory requirements "focused on risk management controls necessary to authenticate the identity of retail and commercial customers accessing Internet-based financial services." (CoC, 3) for users familiar with online financial transaction to this juncture, the changes may be evident, particularly in the common risk management instrument through which the online banking portal will confirm the identify of the device through which the transaction is being made. This provides an additional level of security against unwanted third party defrauding and access.