(a) Certain employees will always be placed in positions of trust, for example senior systems analysts, database administrators and information systems security managers. Such employees can therefore, compromise the security of information systems if they so wish.
(i) Explain three control measures that an organization should institute over these
employees and guarantee the security of the information systems. (ii) Every individual in an organization has some opportunity to commit computer fraud.
The potential for which they can do so depends on a number of factors. Examine three of these factors.
(b) Ethical principals can help in evaluating the potential harms or risks in the use of information communication technology.
Explain ant two principles of technology ethics.
(c) Explain the advantages to an organization in having users involved in developing an information systems application.
(i) These employees perform the following jobs.
Senior systems Analysts – he is the head of system analysts. These employees analyze the existing system with a view to their computerization. They design systems and oversee their implementation and review. They are actively involved in the upgrading of the system.
Database administrators – they ensure that the data in the database meets the information needs of the organization involved in retrieving data and structuring reports, which are appropriate to the organization.
Systems security managers – they are involved in ensuring the security of the system is not compromised. They ensure that no outsiders or unauthorized persons access the information..
From the above information, it can be seen that these employees access valuable information and if they are compromised then the firm can suffer. The following measures are put in place to curb this.
1. Administrative controls – they include.
(a) Policies – policies outlining and requiring each employee to do certain things and not others. Things not authorized to be done are threats to security.
(b) Administrative procedures – put an organization to ensure that users only do what they are authorized to.
(c) Legal provision – this serve as security controls laying down legal penalties which may be suffered in case of breaches in security.
(d) Ethics – a strict code of conduct the organization to be followed the employees can boost security.
2. Logical security controls – these are measures incorporated within the system to provide for security against the employee. This include the need of passwords to access any information.
3. Physical controls – this include lockups. The offices should be locked at the end of the day and no employee should access the others office. It also encompasses employing security guards to prevent unauthorized access.
4. Rotation and Compulsory Leave – an employee should not be allowed to stay in one place for long but should be rotated. Due to this threats of fraud are discovered in advance. Compulsory leave should be given and work reviewed in case of any perceived threat on security.
5. Good Remuneration – the employees should be paid well to guard against compromising.
(ii) Every individual in an organization can commit fraud. The potential of an employee committing fraud depends on the following: –
1. Security – inadequate security and loopholes in the security system can be a potential motivator to an individual to commit fraud. An employee who knows that he can commit fraud without being found out would be greatly motivated.
2. Remuneration – individuals who are poorly paid are highly susceptible to committing fraud to make their ends meet.
3. Company policies – if employees are aware that the organization policies are not stringent then they are likely to be involved in fraud. Absence of policies like rotation of employees or compulsory leave will be a driving factors as chances of being caught are low.
4. Ethics – the code of conduct of a company also play a major role. In organizations where there is laxity then the chances are high that employees will engage in fraud.
5. Legal provision – where no legal sanctions are imposed, on the employees if found guilty of fraud, they could engage in fraudulent activities.
B) Principles of technological ethics include: –
(a) Honesty and trustworthy – a honest computing professional should not make deliberate or deceptive claims about a system or systems design, but should instead provide full disclosure of all pertinent system limitations and problems.
(b) Privacy – it is the responsibility of professionals to maintain the privacy and integrity of data describing individuals. Data should be protected from unauthorized access.
(c) Integrity – the information users and professionals should maintain integrity in use of the information. This ensure the accuracy and reliability of the information stored on computers.
(d) Confidentiality – this involves respecting of data which touches on individuals. This is to respect all obligations of confidentiality to employers, clients and users unless disclosure is required law.
C) Advantages of users being involved in developing an information system application:
(i) Users know the internal quirks of the system in order to get required information.
(ii) Improves relationship between users, management and developers
(iii) Improves system literacy of users and subject understanding of developers.
(iv) Conflict resolution become responsibility of both users and developers. This eases conflict resolution.
(v) Improves system analysts time focusing on work relations and gathering project resources simultaneously.
(vi) Lowers cost of system development defining requirements completely and correctly in a short time period.
(vii) Increases team satisfaction confidence and support
(viii) Reduces maintenance time due to earlier application completeness and correctness of satisfaction.