Legal from attacks and the stealing of

Legal Issues

Information, data and computers need laws around them to
protect them from being misused and having a negative impact on something or
someone. These laws affect the overall use of information. Acts effect the use
of information. The three main Acts are; the Data Protection Act 1998, the Freedom
of Information Act 2000 and the Computer Misuse Act 1990.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

Data Protection Act 1998 (DPA)

The Data Protection Act 1998 was written so that all private
information is managed with due care. The Act requires that anyone’s personal
information is available to them i.e. what information and where it’s held be
it on computers or paper. It is also required that the information is included
in the DPA registrar. The information included should comply with the DPA’s
principles of information management which are as follows:

·        
Fairly and lawfully processed

·        
Processed for limited purposes

·        
Adequate, relevant and not excessive

·        
Accurate and up to date

·        
Not kept for longer than is necessary

·        
Processed in line with your rights

·        
Secure and not transferred to other countries
without adequate protection.

(Data protection principles, 2018)

Freedom of Information Act 2000 (FIA)

The Freedom of Information Act 2000 allows individuals and
organisations rights to request information from public authority’s e.g. central
government, local government, educational facilities and law enforcement. Once
a request has been made the authorities must respond within 20 days either with
the information or with an exemption to the FIA such as if the information
could affect the security of a nation or region or if it could affect
commercial interests.

Computer Misuse Act 1990 (CMA)

The Computer Misuse Act 1990 was passed by parliament to protect
computers from attacks and the stealing of information. There are three
offences explained in the act:

·        
Unauthorised access to any computer program or
data – the most common form of this is using someone else’s user ID and
password but can include hacking.

·        
Unauthorised access with intent to commit a
serious crime, this can include spreading a virus.

·        
Unauthorised modification of computer contents.
This means impairing the operation of a computer, a program or the reliability
of data. It also includes preventing access to any program or data. An example is
modifying or destroying another user’s files or changing financial or
administrative data.

Ethical Issues

Codes of Practice (COD)

A code of practice is normally set up within an organisation
to make clear the acceptable use of their computer facilities such as to
support the organisations purpose and the degree to which private use of a
computer is allowed.

Points and fields normally covered in a COD are:

·        
Use of Email: Spam, abuse, harassment, threats or
lots of unsolicited emails are normally always banned. The usual allowed use
and purpose of email is for users to use it for private purposes.

·        
Use of Internet: Any websites such as
pornography and gambling that would be considered unsavoury would normally be
filtered by a filtering software but for those websites that aren’t filtered
they are normally banned. Personal limited use of the internet is normally
allowed. However if an organisation has a web server, there are normally tight
rules on there as to what can be posted on it.

·        
Whistle Blowing: The code protects users that
want to confess other users misuse of systems, this apply especially for IT
administrators.

Organisational Policies

Policies an organisation has will affect the use and conduct
of information. Policies will be different within different types of
organisation and therefore information will be managed differently within
different organisations. In a large organisation with a tall hierarchal
structure (many staff levels) information will be more restricted and
need-to-know based. For example there information may be held in a secure data
centre where staff there can restrict who can see and change certain
information. In a small decentralised organisation information will be
restricted less and for more practical reasons and instead of data centres they
are more likely to have limited or no direct connectivity between their
different computers. This drawback of this is that staff at one location might
not be able to access information help at another.

Information Ownership

Department’s own the information they output within an
organisation and are responsible for all of it; making sure the information is
entered into the computer system on time, correctly and consistently. Although
information is owned by different departments as they supply, process and
produce information it is guarded by the IT department as they make sure it is
secure (the IT department don’t own the information). There are exceptions to
departmental ownership such as internal IT information i.e. computer network
performance.

Operational
Issues

Security of Information

The proper security of information means that it is safe
from unauthorised access that may lead to negative alteration or destruction of
the information. The IT department of a business is always responsible for the
arrangement and advisement of the security, rules and authorisation of the
businesses information. To secure information the IT department need to know
from management who is authorised to see, update, edit or delete different
information. In the example of a small business it may be the case that
everyone can see information but only certain people can change it. Larger
businesses will have more complex rules and authorisation. In return, management
require a log of who has viewed or updated the information from the IT
department.

Backups

Backups are duplicates of information that are kept in the
case of information being lost, corrupted or in any way depreciated from the
original information which is saved in the backup. The more frequently backups
are made the more safe the information is. A backup can be full i.e. all
information or partial i.e. the changes made since the last full backup. The IT
department of a business should also every now and then be restoring
information from a full backup and then apply partial backups.

Health and Safety

Information systems themselves are low risk, however there
are some issues to do with health and safety such as the improper positioning
and use of monitors. Additionally issues lie around the use of keyboards, mice,
seating and furniture being properly positioned. Users should also have access
to eye tests and breaks from sitting at a computer.

Organisational Policies

Organisations will have their own unique policies that staff
are made to follow which covers everything from using information systems to
maintaining the security of information to changing information that seems
wrong.

Business Continuance Plans
(BCP)

A business continuance plan (BCP) is an organisations plan
to ensure continued operations. IT if an important and integral part of any
business and therefore it should reflect in the BCP what should be done if an
IT system fails. If an IT system fails a measure that an IT department may have
put in place to ensure the continued running of a service is to have a dual
network so that if one fails there is another to provide the service however
limited it may be compared to the first.

A business will need to make decisions about their BCP and whether
they want to include certain precautionary measures in it or not such as having
more tills than necessary at a shop in case one fails. Bear in mind that not every
possible failure that might occur will be included in a BCP, but a business
will try their best to think and cover as many as possible.

Costs

No matter what type of business you are you will have IT
projects with costs that need to be managed. The total payback of an IT project
should be much larger than its costs. In a business case for an IT project there
are two areas of cost to consider:

·        
Additional
Resources Required:

·        
The introduction of a
new system often entails the one-off costs of new equipment purchase and
installation, and user testing and training. In the IT department there are
often more resources needed and so there will be ongoing costs to run a new
system.

·        
Cost of Development:

·        
This is usually a large
part of the budget for a new computer system. There will also be ongoing costs
once the system is running for minor changes to keep the system in line with the
organisation’s needs.

Impact of Increasing
Sophistication of Systems

Early information systems often just
automated existing manual processes. This meant that little user training was
needed and the software was relatively simple. Today’s computing power means
that systems are now becoming increasingly sophisticated. They need the
following.

·        
More Trained Personnel:
Users often need training in how to use the equipment, the basic computing features,
and the processes brought in with a new computer system and the transactions,
queries and reports that form the new system.

·        
More Complex Software:
Modern development software hides a lot of complexity from the application
builder. This means they can focus on the business problems that the new system
will solve, and create overall better and more complex systems. However, when
there are problems, it may need both a development software expert and a
business software expert to work together to fix them.