1- An information security manager routinely monitored Web Surfing among her company\'s
employees. She discovered that many employees were visiting the \"sinful six\" web sites (Note:
The \"sinful six\" are web sites with material related to pornography, gambling, hate, illegal
activities, tastelessness and violence.) She then prepared a list of the employees and their surfing
histories and gave the list to management. Some managers punished their employees. Some
employees, in turn, objected to the monitoring claiming that they should have a right to
privacy.With this in mind, please answer the following two questions:
a- Is monitoring of web surfing by managers ethical, (it is legal to do this)? -- Support your
answer.
b- Is employee web surfing on the \"sinful six\" ethical? Support your answers.
2-Discuss the idea that an information system by itself can rarely provide a sustainable
competitive advantage. Justify your position.
3- Discuss why the Sarbanes-Oxley Act is having an impact on information security. Support
your answer.
4- How are the network applications of communication and collaboration related? Do
communication tools also support collaboration? Give Examples. (NOTE: there are two
questions that need to be answered in your response. I will be looking to see if both questions are
answered accordingly)
5- Explain why master data management is so important in companies that have multiple data
sources.
Solution
Ans 1.
a)
Yes, monitoring of web surfing is ethical and an important duty of both network administrator
and Information Security managers too. Any unethical use of the system can be detected only by
scrutinizing the system. Though in the given scenario, some employees think it to be intrusion of
their privacy but using organizational resources for their own private uses, and that too surfing
pornographic sites, in office hours is completely unethical both professionally and morally. As
the company must have female employees too and surfing pornography in front of them has high
probability of causing embarrassment to them. Company has provided the computer and internet
connection for official works only but using them for own personal use is at all not acceptable.
Hence it is the employees’ duty to use office provided computer and internet connection for
office works only and not to stray into one of the “sinful six” websites.
b)
No, it is not ethical on part of the employee to surf sites like “sinful six”. Firstly, the organization
must definitely have female employees and surfing pornographic sites will definitely cause
embarrassment to them. Secondly, the computer and internet resources provided by the company
are for official purpose only. Wasting company resources and time on visiting sites related to
pornography, gambling is not ethical for employees. Thirdly, several companies have clearly
stated policies on refraining use of official IT resources on visiting sites especially related to
pornography or gambling. Hence .
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
1- An information security manager routinely monitored Web Surfing a.pdf
1. 1- An information security manager routinely monitored Web Surfing among her company's
employees. She discovered that many employees were visiting the "sinful six" web sites (Note:
The "sinful six" are web sites with material related to pornography, gambling, hate, illegal
activities, tastelessness and violence.) She then prepared a list of the employees and their surfing
histories and gave the list to management. Some managers punished their employees. Some
employees, in turn, objected to the monitoring claiming that they should have a right to
privacy.With this in mind, please answer the following two questions:
a- Is monitoring of web surfing by managers ethical, (it is legal to do this)? -- Support your
answer.
b- Is employee web surfing on the "sinful six" ethical? Support your answers.
2-Discuss the idea that an information system by itself can rarely provide a sustainable
competitive advantage. Justify your position.
3- Discuss why the Sarbanes-Oxley Act is having an impact on information security. Support
your answer.
4- How are the network applications of communication and collaboration related? Do
communication tools also support collaboration? Give Examples. (NOTE: there are two
questions that need to be answered in your response. I will be looking to see if both questions are
answered accordingly)
5- Explain why master data management is so important in companies that have multiple data
sources.
Solution
Ans 1.
a)
Yes, monitoring of web surfing is ethical and an important duty of both network administrator
and Information Security managers too. Any unethical use of the system can be detected only by
scrutinizing the system. Though in the given scenario, some employees think it to be intrusion of
their privacy but using organizational resources for their own private uses, and that too surfing
pornographic sites, in office hours is completely unethical both professionally and morally. As
the company must have female employees too and surfing pornography in front of them has high
probability of causing embarrassment to them. Company has provided the computer and internet
connection for official works only but using them for own personal use is at all not acceptable.
Hence it is the employees’ duty to use office provided computer and internet connection for
office works only and not to stray into one of the “sinful six” websites.
2. b)
No, it is not ethical on part of the employee to surf sites like “sinful six”. Firstly, the organization
must definitely have female employees and surfing pornographic sites will definitely cause
embarrassment to them. Secondly, the computer and internet resources provided by the company
are for official purpose only. Wasting company resources and time on visiting sites related to
pornography, gambling is not ethical for employees. Thirdly, several companies have clearly
stated policies on refraining use of official IT resources on visiting sites especially related to
pornography or gambling. Hence visiting “sinful six” site is also breaching the company policy.
Fourthly, most of the pornographic or gambling sites contain viruses, and visiting those sites may
in all probability resulted into company IT resources being infected. Fifthly, hackers to steal
information from other computer resources mostly use the pornographic or gambling sites. So
visiting such sites also make your organization resources highly prone to hacking attacks and
may result into stealing of confidential information.
Ans.2
The importance of information systems (IS) as a strategic resource capable of gaining sustainable
competitive advantage is gradually weakening. In actuality, organizations are using IS as more of
a technological tool for faster processing rather than using it for strategical purposes. A company
can gain competitive advantage only if it does the things that its competitors can't do or have. In
fact, scarcity of a resource makes it as a source of sustainable competitive advantage and not its
easy availability. And now a days IS is so commonplace that each and every organization (both a
organization and its competitors) is using it for more and more technological purposes that its
potential as a source of sustainable competitive advantage has lessened.
Ans. 3
Sarbanes-Oxley Act (SOX) is an important legislation created by the U.S. Congress at the time
when the industry was witnessing high profile accounting scandals at firms such as Enron and
WorldCom. When drafted the core objective of the SOX is not on Information Security but to
restore investor confidence and to improve corporate governance and, most importantly, to
establish financial transparency. However, with due passage of time and with compliance efforts
have been introduced, organizations started realizing that without a certain level of assurance
regarding IT security controls, compliance is not possible.
Each organization that is affected by SOX has a certain level of dependence on IT to process and
store the data that is the basis of financial reports. The Act requires these organizations to
implement the IT security controls to maintain the confidentiality, integrity, and accuracy of the
data. Specific attention should be given to secure the corporate network, prevent unauthorized
access to systems and data, and ensure data integrity and availability in the event of a disaster or
other failures. In addition, any application that deals with critical financial reporting data should
3. have validation controls such as edit and limit checks built-in to minimize the chances of data
inaccuracy. A properly designed IT security control structure that is operating effectively is
important to SOX compliance.