IT GOVERNANCE, ETHICAL, AND SECURITY ISSUES

Data Governance (DG)

basic level that implements IG. It refers to the involvement of various processes and controls in order to ensure that data and information gathered are unique, true, and accurate and can meet the prescribed standards and business rules in a system.

Data Governance (DG)

ensures that formal management controls (systems, processes, and accountable people) are implemented to improve the quality of data and to avoid the critical effects of poor data.

Data Governance (DG)

It enables a business organization to have control over the management of its data assets and ensures that the data collected and processed fit the organization's intended purpose.

Elements of Data Governance

• People

• Process

• Technology

People

The core of data governance (DG) is the team responsible for a business's data assets. They must ensure that DG initiatives align with business needs and data requirements.

Process

In data governance, it is very important that data processes are clearly developed.

Technology

Business organizations should understand that data governance cannot be successful with the use of technology alone.

Information Technology Governance Framework

• Control Objectives for Information and Related Technology (CobiT)

• Information Technology Infrastructure Library (ITIL).

Control Objectives for Information and Related Technology (CobiT)

widely adopted ITG framework that has a more process–based approach. It is developed by the IT Governance Institute under the Information Systems Audit and Control Association (ISACA).

Information Technology Infrastructure Library (ITIL)

refers to a set of an organization's best process oriented practices that is identified in order to regulate the delivery of its IT services management. This approach is widely acceptable for both public and private sectors that focus on IT service management.

Information Governance (IG)

In any business organization, corporate governance is considered as the highest level of governance. The key characteristic of this type of governance is IG

Functions of Information Governance and Information Technology

• An IT department is essential for managing networks, data, servers, and applications.

• Business users are responsible for governing reports and databases.

• Information must comply with legal, regulatory, and industry standards.

• Implementing information governance (IG) for email communications is essential.

Electronic mail (e–mail)

is one of the major areas that information governance should focus on. Commonly used as a communication tool by most business organizations.

Software Attacks

Malware (or malicious software) is a program or code that is designed to infiltrate a system and execute malicious operations and controls.

Categories of Malware

• Infection methods

• Malware actions

Infection Methods

• Virus

• Worms

• Trojan

Virus

has the ability to clone itself multiple times and attach itself to a program of a computer through files such as videos, songs, and so on. It is capable of traveling through a system and/or the Internet.

Virus

it inserts itself into a fie or executable program

Virus

it deletes or modifies files, sometimes it can also change the location of files

Worms

Similar to a virus, worms are able to replicate themselves. Instead of attaching itself to a program, it infects computers that are within a network.

Worms

It can spread through computers only if they are connected by a network.

Worms

it exploits a weakness in an application or operating system by replicating itself

Worms

it usually only monopolize the CPU and memory

Trojan

Trojan attacks originate from the Greek myth of the Trojan Horse, where the Greeks hid inside a wooden horse to attack Troy. Similarly, Trojans disguise themselves in legitimate software, executing malicious actions when opened.

Malware Actions

• Adware

• Spyware

• Ransomware

• Rootkits

• Scareware

• Zombies

• Theft of intellectual property

• Identity theft

• Information extortion

• Theft of equipment and information

• Sabotage

Adware

is not malicious, however, it breaches users' privacy. It usually displays ads on anyone's computer desktop or in any individual program. It is normally associated with free software.

Spyware

True to its name, it works just like a spy by monitoring a user's computer activities and gathering information that might be of interest to a third party.

Keylogger

a common spyware that records timestamped keystrokes of a user and takes important personal information such as usernames, pins and passwords, credit card information, and so on.

Ransomware

has the ability to encrypt files and lock a computer, rendering them inaccessible. Information on the screen is then shown to make the user aware of the cost it would take to unlock the computer.

Rootkits

it is devised to give a hacker administrative control in a computer's system. This gives him/her the power to perform whatever task on the system.

Scareware

disguises itself as a tool that will help fix a computer system, that if activated, infects and completely damages a system.

Zombies

works just like a spyware; however, it does not necessarily spy on the user's activity. Instead, it stays put until commanded by the hacker.

Theft of Intellectual Property

This is considered as a violation against intellectual property rights, which involves copyright and patents, among others.

Identity Theft

This is the action of impersonating someone in order to acquire his/her information.

Information Extortion

This refers to the stealing of a business organization's information for a certain amount of money.

Theft of Equipment and Information

Because of modern technology, particularly mobile devices, it has become easier for hackers and thieves to steal information and gadgets.

Sabotage

Sabotaging a company with the use of technology could be through destroying their website which would lead to customer dissatisfaction.

Types of Computer Security Threats and Internet Threats

• Computer virus

• Rogue security software

• Trojan horse

• Adware and spyware

• Computer worm

• DoS and DDoS attacks

• Phishing

• Rootkit

• SQL injection attack

• Man–in–the–middle attack

• Spam

• Keyloggers

• Pharming

Computer virus

among the most common threats against cybersecurity. A computer virus can spread easily due to its various manifestations such as downloaded files or e–mail attachments.

Rogue security software

used to deceive users that their systems are infected with a virus or that they have outdated security measures.

Trojan horse

malicious software or code that disguises itself as a genuine program, fooling users to install it.

Adware and spyware

Software that tracks browsing behavior to suggest pop–up ads can slow down internet and processor speeds. Spyware, however, is secretly installed without consent and can steal personal data like emails and passwords, leading to identity theft.

Computer worm

form of malware that replicates itself quickly through contact lists of infected computers.

DoS and DDoS attacks

A denial–of–service (DoS) is caused by a computer system connected to the Internet. A DoS attack can be a flooded website, preventing users from accessing the website's contents.

Phishing

involves collecting sensitive user information, which are usually passwords and credit card numbers Phishing is usually done through e–mails or messages that are disguised as genuine.

Rootkit

allows a hacker to obtain administrative access on a user's computer and/or network. A rootkit enters a computer by appearing as a legitimate program or software that is installed and allowed to make changes on the system.

SQL injection attack

compromise data confidentiality by exploiting security flaws in data–driven applications to collect, alter, or delete sensitive data and disrupt website transactions. Man–in–the–middle attack

Man in the middle attack

This type of attack allows a hacker to tap and listen to conversations between two people. The hacker can interrupt a conversation between two entities by appearing as one of them while obtaining their private keys

Spam

may not be a direct threat; however, these e–mails may contain malware.

Keyloggers

It is similar to a spyware through which it records a user's keyboard actions. Like a sniffing attack, most keyloggers are simply looking for discernable keyboard entries, such as bank card details, passwords, and personal information.

Pharming

more complicated version of phishing which misuses the domain name system (DNS) Pharmers regularly create web pages that copy that of a reliable business, such as an online banking log–in page.

Solutions to Overcome Security Threats

• Install an anti–virus software

• Ensure that the anti–virus software is up–to–date

• Employ a firewall to protect networks

• Filter all e–mail traffic

• Back–up critical data regularly

• Educate users about suspicious e–mails

• Scan downloads from the internet

• Implement an information security policy

• Implement and monitor user and system logs

• Create and report an incident response plan

• Restrict end–user access to systems

Install an Anti–virus software

Making sure that a licensed anti–virus software is installed on all computers such as laptops, personal computers, and servers is important to prevent computer security threats.

Ensure that the anti–virus software is up–to–date

Almost every day, new versions of computer viruses are being released, and it is critical that businesses are shielded from these viruses by keeping their anti–virus up–to–date.

Employ a firewall to protect networks

As virus can spread not only by e–mail, it is essential to employ a firewall to block traffic from entering a network.

Filter all e–mail traffic

All sent and received e–mails should be scanned for viruses because they could sneak their way into attachments such as EXE, COM, and SCR files.

Back–up critical data regularly

Regularly backing up important files on internal or external devices ensures a trusted data source if the network is infected with a virus.

Educate users about suspicious e–mails

Users should exercise caution when opening email attachments or clicking links from unknown senders.

Scan downloads from the Internet

Downloaded files from the Internet should be scanned before using and opening to ensure that no viruses could enter the computer's system.

Implement an information security policy

An information security policy must be created to make sure that it receives its required profile to secure an organization's systems and data.

Implement and monitor user and systems logs

Monitoring user and systems logs can help detect and track suspicious activities.

Create and report an incident response plan

It is necessary to have an incident response plan during and after a computer security threat or attack.

Restrict end–user access to systems

Local users must not be given administrative privileges on their assigned workstations.

Ethical Issues in Information Technology

• Privacy

• Hacking

• Virus

• Data access rights

• Plagiarism

• Ergonomy

• Health issues

Privacy

individual’s right to control what information others can know about you, who can access it, and when. Internet privacy refers to the protection of personal data shared online.

Hacking

generally refers to the unauthorized entry into a computer network. A person facilitating hacking activities is known as a hacker.

Hacker

a person who breaks programming codes and passwords to benefit from the unauthorized entry or access to computer systems.

Virus

is a malicious software that could damage a computer system upon its installation. It can replicate themselves and enter and infect files.

Data access rights

the permission granting the location and reading of digital information to a user or computer program. It is important for information security and compliance.

Plagiarism

is known as the practice of taking someone else's work or ideas and passing them off as one's own It is commonly being experienced at schools, offices, and organizations.

Ergonomy

refers to the improvement of IT tools to make them more efficient for users.

Health issues

play a significant part in the provision of quality care, controlled costs, and efficiency boosts.

Technology Innovation Regarding Health Care

• Health informatics

• Mobile health and BYOD

• Wireless networking T

• elemedicine

• Patient engagement

• Clinical data analysis

• Storage infrastructure

• Cloud–based electronic health record system

Health informatics

There are health policies being refined and created that will require all health organizers and providers to demonstrate the meaningful use of all medical benefits and support.

Mobile health and BYOD

demand of using mobile technologies nowadays has reached healthcare industry.

Wireless networking

Healthcare providers increasingly rely on wireless network access in medical facilities, requiring numerous access points and wireless WANs to function effectively.

Telemedicine

Constant change in the policies that dictate how telemedicine is used and reimbursed interferes with its proper implementation.

Patient engagement

Putting a significant amount of healthcare responsibility on a patient can be challenged.

Clinical data analysis

Data analytics can provide assistance in the treatment and prevention of illnesses.

Storage infrastructure

Data retention laws are created to limit the number & length of time data can be stored.

Cloud–based electronic health record system

The cloud is an online storage infrastructure that raises concerns about data encryption, ownership, WHO compliance, and security