ICT in the Workplace Unit 10

Questions
109 Describe two different roles that an ICT professional might take on and identify the particular skill set required for each role.

Computer programmer Computer programmers write the code that tells the computer how and when to perform the functions specified in the system design They need an understanding of general programming structures and principles (e.g. iteration, conditional clauses) and a specialist knowledge of programming languages e.g. C+ +, Visual Basic. Their work involves: Coding: writing step by step instructions in the appropriate language. Compiling: putting the whole program together and converting it into binary code. Debugging: testing the program, finding errors and correcting them. Maintenance: amending the original code if errors occur after implementation. Network administrator Network administrators take responsibility for the security and administration of networks. Their work may involve: overseeing the installation of new hardware and ensuring its network compatibility, maintaining network hardware and ensuring that problems are fixed, setting up user accounts and passwords, ensuring that the network is secure and that users are' using it legitimately, ensuring that there is an effective back-up system. Key skills Strong technical knowledge Practical problem-solving skills Understanding of the overall technology needs of the organisation Good interpersonal skills

110 Apart from their computer skills, what personal qualities is it advantageous professional to possess? For each quality you describe, explain why it is useful?

for an ICT

In addition to the specific technical skills required by ICT professionals, there are personal qualities that it will be advantegoues for them to possess. These qualities, which are described in more detail below, relate to the type of work ICT professionals are called upon to do. Problem-solving skills: ICT work often involves devising solutions to problems. A logical approach to problem-solving will therefore be a great asset Effective problem-solving involves identifying the nature of the problem, designing and evaluating a range of possible solutions, and testing a chosen solution. Organisational skills ICT work: Involves planning, scheduling and resourcing projects. If an ICT project is to be successful, it has to be well-organised so that the resources required are available, the work is completed on time and everybody working on the project knows what they have to do, This skill is particularly important for those involved in project & management. Others: Initiative, design skills, methodical approach, learning skills, interpersonal skills, etc.

111What is the function of an employee code of conduct? An employee code of conduct is an undertaking that an employee makes to abide by certain rules and work within specified guidelines. The code of conduct will explicitly set out what is expected of an employee, what while constitute an infringement of the policy and what the consequences of such an infringement while be. In relation to ICT, the code of conduct will focus on the manner in which the employee uses the organisation's information system resources, Depending on the nature of the organisation, the employee may be required formally to sign the code of conduct and accept it as part of their contractual obligation.

112Not all types of employment are suitable for teleworking. Describe some of the conditions that are necessary for this method of working to take place. Conditions required for telecommuting to take place The organisation needs to be engaged in the kind of work that can be done at home. There are many examples of this, the most common being: data entry, secretarial work (e.g. copy-typing), design work, etc.' The organisation needs to be able to trust the employee to work from effectively, or have a means of monitoring them. There needs to be appropriate hardware software provision. In addition to a computer, this usually involves an e-mail/internet connection. Or a link to a company wide intranet. An appropriate home-working environment needs to be available, Le. A space where the employee can work without interruption. 113Identify one advantage and one disadvantage of teleworking for (a) the organisation and (b) the individual worker. Advantage:

Working in a known environment some people may prefer to work in a quiet, home environment rather than in a busy office. Disadvantage: Some work requires interpersonal contact Personal conversations form a vital part of the work process in any organisation. Direct, face-to-face interaction is sometimes the only way that information can be fully communicated.

114 Explain what is involved in videoconferencing and what resources an organisation needs to ICT facilitate it. Several factors involving the operation of the videoconferencing for business and personal use is: Videoconferencing room: The room will be set up like a standard meeting room, organised so that people can talk to each other and give presentations. Additionally there will be some specific pieces of technology that will permit videoconferencing to take place. Signal Conversion: People speak and interact as they would do at a normal meeting. The camera(s)/microphone(s) pick up the signals in analogue form these analogue signals will need to be converted to binary code before they can be transmitted. This is achieved through the use of a device - called a 'code' - which can convert analogue digital signals and vice versa. Compression: Transmission will be more effective if the data can be compressed, Le. Made smaller without any significant loss of quality. Transmission: Data is usually transmitted using an ISDN (integrated service digital network) line. ISDN Transmits data in a digital rather than analogue form and supports simultaneous Transmission of audio, video and computer data. This ensures that the video and audio data 'arrive' together. Destination: At the reception end the process is reversed. The data is decompressed where necessary, reconverted to an analogue signal and transmitted on the screen. The whole process is two-way so the capture conversion transmission procedure is repeated al the second location. In this way a live, two-way transmission environment is created, 115 Identify one advantage and one disadvantage of using videoconferencing as a way of security facilitating meetings between members of an organisation. Advantages: Many organisations have employees based in several countries. Bringing these people together for meetings on a 'regular basis is almost impossible. When meetings. Have to take place, it may involve expensive international travel with all the difficulties and costs that this involves. Videoconferencing allows for regular meetings between differently located individuals. Disadvantages: The main disincentive lo the use of videoconferencing is cost. It is expensive lo set up, maintain and run. In order to. Justify this cost it must be cost-effective for an organisation. This is most likely to be the case when an organisation has key people in remote locations who need to speak to each other on a regular basis. 116 Describe three health hazards that employees working with computers need to be aware of. Stress: There is increasing evidence that working' extensively a computer-based environment can be stressful. While it was originally thought that computers would lighten people's workload, in any

instances they have added to it. Computers have raised expectations about what 15 possible in the workplace and thus increased the demand placed on employees. In some workplaces, e.g. call centres, these expectations are made explicit, i.e, through continuous monitoring and logging of user interactions. Computers, however, ramain fallible, breaking down at inopportune moments, 'losing' important documents, refusing to respond as expected. Repetitive Strain Injury: Repetitive Strain Injury (RSI) refers to a range of conditions affecting the neck, shoulders, arms and hands, RSls result from forcing particular muscle groups to perform the same actions over and over again, e.g. working at a keyboard all day long.

Eyestrain

Staring continuously at a brightly-lit screen all day can lead to eyestrain, the symptoms of which include headaches, blurred vision, dry and irritated eyes, etc. The effects of this are temporary and there is no evidence that computer use causes irreparable damage. None the less, eye strain can cause discomfort and make employees less efficient.
Dependency

The increasing sophistication of communications technology (remote access, the Internet, Wireless transmission) has meant that people working with computers can do so from any location and at any time. The consequence of this, combined with the 'addictive' nature of some computer-based work, means that some people find it difficult to 'switch off', continuing their work while they commute and when they are at home. This inability to 'switch off' can lead to stress-related iIInesses and other conditions associated with a lack of rest and relaxation.
117 Describe four steps that an organisation can take to ensure that it complies with Health and Safety legislation. General environmental factors There are various environmental factors which, if left unchecked, can lead to problems. Air quality should be monitored and adequate ventilation provided. The temperature should be comfortable to work in: the recommended temperature is 20-23.5 C in the winter and 23-26 C in the summer. Noise levels should be monitored: an excess of loud, distracting noise can lead to stress. Monitors VDUs Should be positioned at a suitable height (eyesight naturally falls 20% below the horizon). They should be adjusted so that the user's neck is straight when they look at the screen. The monitor settings (e.g. brightness) should be at a level that is comfortable for the eyes. Anti-glare screen filters may be necessary. Keyboard and mouse The keyboard and mouse should ideally be slightlybelow elbow level and close to the body. The keyboard should be angled so that the users wrists remain naturally straight. There are some ergonomically designed keyboards and mouse devices that have been designed to avoid problems associated with RSI. When the mouse is used for any length of time, the Lower arms should be supported.

Light Poor-quality lighting in an office environment can lead to eyestrain. Ideally there should be a good balance of natural and artificial Light, The light should be strong enough for people to add documents but not too strong for working with a computer screen. There should not be direct sunlight on the screen. 118Describe two moral/ethical problems that an ICT professional might face. PROPERTY RIGHTS The capabilities of 1eT, and of the Internet in particular, have led to a number of problems associated with what is generally referred to as 'intellectual property', the Internet was, in part, developed to facilitate the free exchange of ideas and research. Problems emerged, however, when the free access principles of the World Wide Web were applied to such things as published text, music, video, software, etc. PRIVACY ICT systems have enabled a wide range of private and public organisations to hold electronic data on vast numbers of individuals. Data subjects are not always aware of their rights under data protection legislation and not all organisations act ethically in regard to their use of data. Information that individuals may wish to keep private is not always securely held and can therefore be accessed by organisations and individuals who should not have access to lt. Electronic, monitoring systems, such as those that track e-mails, can be used - sometimes legitimately, sometimes not - to view individuals personal messages. 119Faced with an ethical problem, what approach might an ICT Professional take to deal with it. An approach to ethical decision-making Identify the facts An ethical dilemma is initiated when an individual is required to act in response to an event or an instruction. There is a dilemma because the individual feels uncomfortable with the required action as it conflicts with their principles of right and wrong. Define the ethical conflict Typically, an ethical conflict involves a choice between mutually exc1usive courses of action, each of which is informed by a different set of values. Defining the ethical conflict requires the individual to identify the moral values that are in conflict. In the example given, the employees' right to privacy is in conflict with the organisation's right to protect itself from the damage caused by the circulation of false rumours.

Security, privacy and the law Unit 11 Questions

120.Computers have provided criminals with new tools to commit old crimes. Describe two forms ofComputer crime that support this statement.

Fraud Computer: Fraud is the use of information technology to commit fraud. In the

United States, computer fraud is specifically proscribed by the Computer Fraud and Abuse Act, which provides for jail time and fines.

Computer Sabotage: Computer sabotage is any kind of action that might destroy a

computer or data stored on a medium connected to it. With computers being a physically defenceless machine, the more common type of sabotage is the destruction of data.
121.Describe two ways in which law enforcement agencies have used ICT to combat various forms of criminal activity. The use of central databases to store details of crimes a criminals. These database can then be queried to add investigations into ongoing cases. Use of specific computer-based technologies, surveillance cameras, speed cameras, alarm system to help prevent crime and catch those who break the law.

122.Explain how the following can be used to improve the security of ICT Systems: Encryption

Encryption can be used to make store data more secure.Encryption involves taking a piece of data and translating it into code version of itself (ciphertext).In order to decrypt the chiphertext the user has to user an encryption key.
Firewall

A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets.
Virus Checker Although you are carefully person and its important to install an antivirus and check the system for viruses to detect and delete any threat (this is recommendable because even if most antiviruses have real time protection that is not enough).

Staff Training

The most effective way of preventing employees unintentionally compromising the security of systems and data is to ensure they are well-trained. All whose work involves access to ICT systems should be aware of security issues. They should know the importance of being security conscious and know how to avoid the types of error that leads to problems. System Access Restrictions The ICT systems manage information and areas that are confidential and not accessible for every one and if a third party person access to them could use to damage the system or injure the organisation. 123.Describe two different types of viruses and for each outline the measures that might

be taken to prevent them from infecting a system.

File viruses A file Virus attaches itself to an executable file (files with .exe, .com, and .msi or .bat extension). When the file is run the virus replicate itself and spread to others files. The virus can then begin its destructive work. Prevention -File viruses-: Always install an antivirus on your computer. Check the file extension before open any file ,use an antivirus and scan the file for viruses ,be careful with folders(Actually Folders are not executable, but some viruses create .exe file that has icon that looks like one and that makes you think that its folder) Macros Viruses A macro is a simple program, which a user can write, to perform a specified set of actions. The macro might be programmed to wipe the contents of some or all the users file Prevention -Macro viruses-: These type of virus is commonly found in the Microsoft Office Applications(this doesnt mean that Macros are exclusive of Microsoft Office, so it is important always have an antivirus) ,new version of Microsoft Office prevent you from macros execution, so dont use an outdate version of MS Office.

124. From an organisational point-of-view identify some of the negative consequences of breaches in security.

Damage to the reputation of the organization Loss or compromise of data Interruption of business processes Damage to customer confidence Damage to investor confidence

 Legal Consequences -- In many states/countries, legal consequences are associated with the failure to secure the system.
125.Describe one threat to the security of ICT systems that might come from within an organisation and one that might from outside it.

Inside
The employees who decides to defraud the organisation for financial gain,e.g. by creating non-existent orders and channelling the payments to themselves.

Outside Natural disasters (floods, conditions,earthquakes,volcanoes,etc.) extreme weather

126. Describe four different aspects of security you would expect to find in a corporate information security policy. Data protection Encryption Access restriction Privacy

127.Identify three measures an organisation can employ to ensure that its staff remain aware of
security issues that might affect them.

Induction programmes: When staff first join an organisation they are informed and specific about all the security procedures that exist and what their own responsibilities will be. Security bulletins: Employees are kept informed about changes to policy and specific security threats (e.g. a new virus) through printed and/or electronic bulletins. Training programmes: Employees with specific areas of responsibility, e.g. department heads, may be sent on training courses to improve their awareness of security issues within their own area.
128. Describe two issues relating to the privacy of the individual user that have arisen as result of developments in ICT. An inevitable consequence of the trend for commercial companies and public institutions to store personal records electronically is that ones personal details are likely to be held on a number of databases. The level of security applied to these database varies widely, leaving

open the possibility that such personal details may be accessed by individual who should have no authority to do so The internet is by no means a secure medium of communication, and yet individuals choose to divulge personal files details on it, including financial information such as credit card numbers. There are many ways in which motivated individuals can gain access to insecureinternet transactions. At the criminal end of the spectrum, this includes individuals and (criminal) commercial companies who wish to steal credit card details and, in some cases, people identifies.

129. Identify three measures that an individual can take to ensure the privacy of their communications. Firewalls.

Its a generic name of software/hardware that its design to protect systems from intrusion. Firewalls control the incoming and outgoing network traffic by analysing the data packets and
determining whether they should be allowed through or not, based on a rule set. Antivirus Software. Viruses are also used to invade privacy and captures Dara. Its recommendable that you use a good antivirus and always keep it updated. Encryption. These programs convert ones text into indecipherable code.to decrypt the file the user would need encryption key. There is a wide variety of encryption programs available.

130. Describe the step-by-step process involved in public key encryption. Step 1: Give your public to sender Step 2: Sender uses your public key to encrypt the plaintext. Step 3: Sender gives the ciphertext to you Step 4: Use your private key (and the. passphrase) to decrypt the ciphertext.

131. Describe in detail four steps that should be taken into account when an organization is developing a back-up policy. Medium: A decision must be made about which storage medium will be used. The most commonly used options are: A DAT, ZIP, and CD ROM. Which medium is used will depend on factors such as cost, capacity required, speed of recovery, how long the data need to be kept, etc. Schedule: The back-up procedure will need to be completed at regular intervals and according to a fixed schedule. This schedule may be different for a different parts of the system. The schedule will need to take these factors into account and establish set times for the backing-up of each part of the system.

Location: The policy will need to specify where the data should be kept. Those responsible for backup procedures should always consider the worst case scenario. E.g. the main site, together with all hardware, software and data, being destroyed. Even small to medium- sized organisations should consider provision of a secure, fireproof safe in a secondary location for storing backed-up data. Recovery: The effectiveness of the back-up system should be regularly tested by undertaking recovery of backed-up data. In its simplest form this might mean accessing specified pieces of data at set intervals. Some large organisations may choose to undertake full-scale rehearsals of disaster recovery scenarios, i.e. where there has been a disastrous loss of data which needs to be recovered.

132. What are the particular issues associated with backing up program files? Where a program will need to be configured in a particular way before it can be installed on a system. If it is critical to restore such a program quickly, it will not be sufficient to rely on an original copy of the (unconfigured) version. Also, programs have changes made to them, e.g. an anti-virus security patch might be added on to the original version. For these reasons, it might be necessary to maintain an up-to-date copy of all program files so that they can quickly be restored. 133. Describe an appropriate back-up strategy for a medium-sized business that processes a large number of online transactions every day. RAID System RAID stand fords redundant array of independent disks

RAID storage uses multiple disks in order to provide fault tolerance, to improve overall performance, and to increase storage capacity in a system. With RAID technology, data can be mirrored on one or more other disks in the same array, so that if one disk fails, the data is preserved.
134. What processes are involved when an organisation undertakes "risk analysis" in relation to its ICT systems? The aim of risk analysis is to identify the following: What are the potential risks to the organisation's information systems? What is the statistical probability of each threat becoming real? What would be the short- and long-term consequences for the organisation of the threat becoming real? How well equipped is the organisation to deal with the threat? Following this analysis, the organisation is in a position to judge how much to spend on developing controls to minimise the risk and establishing contingency plans for recovery from unavoidable disasters.

135. Describe four elements you would expect to find in a large organisations disaster recovery plan. Data

Recovery of data that have been lost or damaged is a critical aspect of disaster recovery. Critical data should be backed-up and stored of site on a regular basis. If this has been manage successfully, restoration of should be a straightforward matter. Consider Human Capital Although you may have a perfect disaster recovery plan when it comes to technology and data, that doesn't mean things will go smoothly on the human side. If only one person in your company knows how to restore from the backup, or even worse, there's only one person with the password to access the data. You need to train multiple people in disaster recovery and make sure they all have the pertinent information to get the job done.

Have a Theft Plan Many employees these days work on laptops or mobile phones. This means that sensitive information is floating around. Although you hopefully have complex security systems in place for accessing information through mobile devices, you should also have a plan for how to avoid data compromises if devices are stolen. Make Regular Backups of Multiple Types Businesses have two major types of backups that are critical to a disaster recovery plan. First, you need off-site backups that are safe and wont be destroyed in a disaster that compromises your building itself. However, you probably won't maintain these backups on a daily basis and it takes time to restore data from them, so they shouldn't be your only solution. You should also create regular, ideally daily, backups that you store onsite and can easily access.

136. What steps should an organisation undertake to ensure that its employees comply whit Copyright Designs and Patents Act (1988), especially in regard to "software piracy"?

All employees are aware of the terms of the Act and the consequences of being in breach of it. Licensing agreements are fully adhered to- i.e., if the company has a software license for 100 users thats how many there should be.

Application files are kept secure and employees are not allowed to access to them for personal use. The organisation audits software that it owns and monitors who has access to that software.

137. The Computer Misuse Act identifies different categories of "Computer Crime". What difficulties have been encountered in enforcing the terms of this Act? Organisations are often unwilling to acknowledge publicly that they have a problem with their security. The consequence of this is that organizations sometimes choose to manage security problem internally,and without reference to law enforcement agencies The global nature of ICT communication mean that offences on the ICT systems of one country are often committed by a citizen of another country. This particularly the case where viruses are concern. The complex nature of ICT systems can mean than it is difficult to prove intent. A defendant could argue the unauthorised access was gained accidentally and that there was no intent to cause damage or commit an offence

138. Give an example of each of the three offences defined by the Computer Misuse Act.

3. Intentional unauthorised modification Copy and Paste information with Copyright, modify it and distribute it without authorization, its an offence in this case. 1. Gaining unauthorised access to data or programs on computer. An example its when hacker attack the ICT system to access to database and stole pe rsonal and confidential information of an organisation or individual. 2. Gaining unauthorised access with intent to commit a further serious offence. Hacker s can attack your computer and control it to perform a crime, for example steal information of a banker account controlling remotely in order to not be detected ,because that could make think the authorities that you did it.

139. In relation to the Data Protection Act (1998), identify: * Four responsibilities of a data user. 1. Dont process personal information without registration
2. Dont use Unlawful personal data to obtain unauthorised access to the personal data. 3. If user has access to personal, it has to be manage with discretion. 4. Respect the privacy of others.

* Two exemptions from the Act

1. Crime and taxation. Data processed for the prevention or detection of crime, the apprehension or prosecution of offenders, or the assessment or collection of taxes are exempt from the first data protection principle. 2. Domestic purposes. Processing by an individual only for the purposes of that individual's personal, family or household affairs is exempt from all the data protection principles, as well as Part II (subject access rights) and Part III (notification).

* Two functions of the Data Protection Act

1. Protect the rights and privacy of individuals

2. Ensure that data about them are not processedwithout their knowledge and are processed with their consent wherever possible. * Two rights of a data subject: 1. View the data an organization holds on them. A 'subject access request' can be obtained for a nominal fee
2. Require that data is not used in any way that may potentially cause damage or distress.

140. What general procedures should an organisation put in place to ensure that its employees comply with all legislations relevant to the use of ICT systems? Staying informed: There are various law-making bodies that can pass legislation that will impact on an organisation. They include: local authorities, national government, and transnational bodies. Developing policy: Policies are documented guidelines that outline how things should be done in an organisation. When a piece of legislation is enacted, an individual or group will have to be responsible for interpreting the law as it relates to the organisation. A policy can then be developed that puts into everyday language the rules and procedures that will have to be followed in order to comply with the legislation. This policy is the first line of defence against the organisation being in breach of the law and suffering negative consequences. Disseminating information: In order to be effective, the policy must become embedded in the everyday practice of the organisation. The first step in this process is to ensure that all employees are aware of the policy. Monitoring: An individual or a team must take responsibility for ensuring that the legislation is being complied with on a day-to-day basis. It is rarely possible to do this constantly and so periodic checkups need to be undertaken. For example, in order to comply with Health and Safety legislation, a Health and Safety Officer may be appointed who would then undertake regular checks of the working environment, examining whether or not all the requirements of the legislation are being met. Enforcing: In order for a policy to have any influence, there must be negative consequences for those employees who contravene it. Disciplinary actions can range from verbal and written warnings to dismissal. In some instances it would even be necessary to involve the police. These disciplinary measures must be seen to be a fair and consistent.