Cambridge Technicals: IT Unit 1: fundamentals of it LO5 – Understand ethical and operational issues and threats to computer systems

Assessment Outcomes You will need to understand: 5.1 Ethical issues 5.2 Operational issues 5.3 Threats 5.4 Physical security 5.5 Digital security 5.6 Safe disposal of data and computer equipment You will need to understand: Communication skills used in the IT environment Use of different communication technologies Personal attributes and being ready for work Job roles in IT and the skills required Professional bodies and Industry certification In the exam you will be given precise questions requiring precise answers based on a scenario to answers questions from, and adapt your knowledge and use the key terms and named components to give a judgemental answer

Ethical issues – whistle blowing Whistle blowing is when an employee discloses that some form of serious unlawful practice is taking place within their place of work. The unlawful activity could include miscarriages of justice, illegal activity, threats to individuals and damage to the environment. Whistle blowers are protected by UK law against any form of ‘punishment’ by their organisation, e.g. Unfair dismissal, not being promoted Edward Snowden Leaked information about NSA Surveillance, one of the most significant leaks in US political history Julian Assange Founder of Wikileaks, publishes secret information from anonymous sources, notably the CIA

Ethical issues – discrimination Behaving ethically can be underwritten by law. The Equality Act (2010) ensures equality of treatment for all people, irrespective of colour, race, disability or gender. Examples of discrimination include people not receiving equal pay for the doing the same job because of gender, disability and sexuality. Male and female warehouse employees found to be paid differently in 2003 Female workers at Ford’s Dagenham plant fought for equal pay in the 1960s BBC Presenters found to have wildly differing levels of pay, leading to some male broadcasters volunteering pay-cuts

Ethical issues – use of information The Data Protection Act (1998) ensures that personal data is used responsibly. When designing or developing or using information systems, ethical considerations should be made with respect to how the information is collected, processed, stored, used and distributed.

Ethical issues – codes of practice Most workplaces will have use a Code of Practice to provide ethical guidance, such as confidentiality with clients. There are Codes of Practice to cover how you behave, quality assurance of products and services, equality and discrimination.

Ethical issues – staying safe online There are guides on staying safe online to avoid problems with individuals who do not behave ethically or have a different ethical code from those of society as a whole

Operational issues 5.2 Operational issues Security of Information Failure to protect information from loss, corruption, illegal duplication, or being stolen, manipulated or hacked can provoke poor publicity. This can result in loss of business, bankruptcy or even fines and court cases. Loss of production information and sales data can leave a business unable to meet its requirements. In 2014, Yahoo were a victim of a data breach of that compromised personal information of 500 million users – knocking an estimated $350M off its sale price to Verizon

Operational issues 5.2 Operational issues Health & Safety Failure to protect employees and clients or visitors can reflect badly on the organisation if reported in the press. It can also result in large compensation claims, court cases, fines or even imprisonment in the most serious cases, such as loss of life. There is also an ethical or moral issue, as risking the lives and health of employees through a careless attitude to their safety is not acceptable behaviour.

Operational issues 5.2 Operational issues Disaster and Recovery planning Organisations take note of all the issues that could risk their assets, employees and existence. They will produce a plan to either reduce risk to the lowest possible level or provide alternative facilities or locations. Backing up data as often as necessary will ensure that minimal data is lost if there is a computer failure. Placing copies of the backup data in different physical locations in case of fire, flood or earthquake is also a possible disaster plan.

Operational issues 5.2 Operational issues Organisational policies Organisations have policies to establish the rules for acceptable behaviour and guidelines for best practice in certain work-related situations. An acceptable use policy stipulates what a person can and cannot do when using the network and the internet while at work. The majority of educational establishments will require their learners to sign an acceptable use policy before they will issue them with a network ID. A code of conduct policy sets out the standards of behaviour expected from employees while working the premises or the premises of their clients.

Operational issues 5.2 Operational issues Change drivers These are things which must change, such as new legislation, new entrants into the market, an increase in the number of platforms that can share, distribute, license or sell music, or new business practices. Scale of Change This reflects the changing needs of the business, by upgrading systems and policies to best suit what is required as a business grows or evolves. This could include replacing a slow network with a faster optical fibre system, introducing an extranet, allowing customers to log into some systems externally, providing remote access for employees to access work from home.

Pass grade questions 5.2 Operational issues Define the following terms: Whistle blower Code of practice Discrimination Code of conduct policy Acceptable use policy Disaster recovery plan With the introduction of a new computer network, the IT consultant has suggested that a network manager should be appointed. As an IT technician, you feel that this is an opportunity for you to obtain a promotion. Explain the personal attributes that are required for both roles and what evidence you could provide of current attributes. [3] Outline the additional personal attributes required by the new network manager. [3] Explain why Grab and Go should undertake a disaster planning and recovery event to protect its data. [4]

Exam questions 5.2 Operational issues Grab and Go is a fast food outlet with six branches across the Northwest of England. This growth has taken place over the past three years and each branch has its own computer network which links via email to the others. All sales and financial records are sent weekly via email to the head office, which is the site of the original outlet. The owner has decided that the organisation needs a network that will link the shops electronically and enable all data relating to the business to be stored centrally on a server at head office. You have been asked to work with a local IT consultant to design the new system. With the introduction of a new computer network, the IT consultant has suggested that a network manager should be appointed. As an IT technician, you feel that this is an opportunity for you to obtain a promotion. Explain the personal attributes that are required for both roles and what evidence you could provide of current attributes. [3] Outline the additional personal attributes required by the new network manager. [3] Explain why Grab and Go should undertake a disaster planning and recovery event to protect its data. [4]

threats 5.3 Threats Phishing Misleading individuals or organisations into parting with their confidential and personal data to commit fraud. Hacking Not all hacking is external, as employees also hack their own company systems. This includes looking at files or locations to which they do not have right of access; creating, modifying or deleting files without permission; or defacing web pages. Trojan (horse) Introducing a piece of code which, when certain conditions are met, will carry out an action which will be detrimental to the system (like wiping data, or damaging files) Interception When the data packets on the internet are intercepted by a third party and copied, edited or transferred to a new location. Eavesdropping Listening to communication traffic not intended for the reader or listener such as email, instant messaging, faxing or video-conferencing.