Learning Outcomes Assessed
Personal privacy refers to the seclusion of an individual or information about an individual from the public (Zhang, Sun, Zhu, & Fang, 2010).
Privacy focuses on giving individuals more control of their personal information.
The level at which personal information is considered private depends upon the individual person, laws, and policies, and culture and morality.
Security refers to the protection of personal data from unauthorized access.
Security of personal data focuses more on ensuring the confidentiality, availability, and integrity of personal data.
Surveillance which infringes on personal private environment especially in the workplace.
Unauthorized dissemination of personal information to either the public or to parties who are not authorized to get the information (Baek, Kim, & Bae, 2014).
Use of online cookies which store browsing data in a website and user’s passwords.
Replication of personal data/ Information without the owner’s consent.
Masquerading which is where a person takes the identity of another person.
Participation in online surveys which have no reliable means of ensuring privacy and security of personal data (Medaglia & Serbanati, 2010).
Government agencies which tap communication lines and collect personal data without informing the parties involved.
Social media platforms which use personal data for purposes other than the one in the privacy terms and conditions.
At individual level a person can avoid posting sensitive personal information in social media.
Use of strong passwords which have a combination of alphabets, numerals, and symbols for online personal accounts (Sicari, Rizzardi, Grieco, & Coen-Porisini, 2015).
Adopting ethical monitoring policies in the workplace in order to avoid infringing on personal privacy.
Notifying web users about the presence of cookies and displaying the cookies policy so that they can opt to accept or reject to have the cookies record their browsing history
Government legislations and policies that protect privacy of personal information by restricting unauthorized exposure of personal data without the owner’s consent.
Use of copyrights and patents to protect individual intellectual property from unauthorized duplication, this will ensure that no one will use any intellectual property for commercial gains unless approve by the owner (McDermid, 2015).
Use artificial intelligence authentication techniques to prevent masquerading.
Organization privacy refers to the reservation of organizational affairs within the organization.
Organizational security refers to the protection of organization information from cyber attack.
Information is considered to be a strategic resource to many organizations thus there is a need to guarantee its privacy and security (Wall, Lowry, & Barlow, 2015).
How personal privacy and security is breached
An organization handles very sensitive data, therefore, its privacy and security also affect the privacy and security of its stakeholders such as customers and suppliers.
Eavesdropping- refers to the leakage of data to unauthorized entities during transmission (Machanavajjhala & Reiter, 2012).
Insider attack- refers to when individuals who are authorized to access organizational system, use the information for purposes other than the ones they are authorized to.
Identity theft- refers to where an individual assumes the identity of another individual and uses it cause harm to organization’s security and privacy (Xu, jiang, Wang, Yuan, & Ren, 2014).
Obstruction- refers to where an organizational system is interrupted in its delivery of services, thus creating data vulnerability.
Incapacitation- This is where an organization’s system is dissembled from operating efficiently and effectively thus resulting to non-availability of data which is a major security issue (Smith, Dinev, & Xu, 2011).
Phishing- refers to taping organizational data while in the transmission channel. The attackers mainly focus on getting authentication details such as passwords or commercial details such credit cards details.
Hacking- refers to intrusion into an organization’s information system by a party who is not authorized to access the system. It is one of the major threats to the security and privacy of organizations (Xu, jiang, Wang, Yuan, & Ren, 2014).
Virus attack- malicious codes that corrupts data and files. Mainly done by attackers who want to destroy sensitive information.
Denial of service attack (DOS)- This refers to creation of unnecessary traffic in the system by an attacker in order to prevent some parts of the system from working. It gives attackers a chance to penetrate the system and leave without being noticed (Smith, Dinev, & Xu, 2011).
Effects of organizational privacy and security breach
Distortion of information- refers to the corruption of information integrity thus leading to unreliable information (Martin, Borah, & Palmatier, 2017).
Unavailability- inability of the authorized parties in an organization to retrieve desired data whenever needed (Zissis & Lekkas, 2012).
Exposure- this is where organization’s data is accessed by unauthorized entities.
Deception- this refers to the presentation of false information to decision makers in an organization.
Injection of viruses into the organization’s system by malicious people who gain access into the system. Such viruses may not be detected instantly , therefore, they will become a long-term menace to the organization.
Loss of competitive advantage as a result of malfunction of the organization’s information systems.
Possible solutions
Loss of customers’ trust especially to organization such as banks, insurance companies, telecommunication service providers which handle a lot of information about their customers.
Use of cryptographic encryption techniques such as private and public keys to secure organizational data which is in channel/ on transit (Kahate, 2013). The sender encodes the data using the private key and the recipient decodes the data using a public key.
Use of internet protocol version 6 (IPV6) to secure organizational virtue local area networks. They restrict access by any device which is not within the VLAN
Use of firewalls to secure organization’s intranet from unauthorized penetration from the world-wide web or the extranet .
Use of biometric enhanced security measures to secure databases to guarantee authorized access only. They can include finger print detectors, facial recognition, and retinal eye pattern detectors (Medaglia & Serbanati, 2010).
Adopting cloud computing to back-up organizational data.
Use of biometric enhanced security measures to secure databases to guarantee authorized access only.
Adopting cloud computing to back-up organizational data, so that it can be retrieved when the main server fails.
Act in the interest of the security of society and their clients.
Execute their duties in accordance with the law.
Conduct themselves with high levels of integrity.
Protect confidential information gained while executing their duties and not to disclose it to third parties or use it for unauthorized purposes (McDermid, 2015).
Should not maliciously destroy the professional reputation of their colleagues
IT security professionals should not use their position to blackmail the organizations they work for or their clients.
The professionals should ensure that they adhere to ICT security standards when addressing ICT security issues. This will prevent future reoccurrence of the security threat (McDermid, 2015).
The professionals should not conspire to conducting of internal attack to the organization’s system. They should, therefore, report any suspicious security issue to the relevant parties.
References
Baek, Y. M., Kim, E. M., & Bae, Y. (2014). My privacy is okay, but theirs is endangered: Why comparative optimism matters in online privacy concerns. Computers in Human Behavior, 31, 48-56.
Kahate, A. (2013). Cryptography and network security. Tata McGraw- Hill Education.
Machanavajjhala, A., & Reiter, J. P. (2012). Big privacy: protecting confidentiality in big data. XRDS: Crossroads, The ACM Magazine for Students, 19(1), 20-23.
Martin, K. D., Borah, A., & Palmatier, R. W. (2017). Data privacy: Effects on customer and firm performance. Journal of Marketing, 81(1), 36-58.
McDermid, D. (2015). Ethics in ICT: an Australian perspective. Pearson Higher Education AU.
Medaglia, C. M., & Serbanati, A. (2010). An overview of privacy and security issues in the internet of things. In The Internet of Things (pp. 389-395). Springer, New York, NY.
Sicari, S., Rizzardi, A., Grieco, L. A., & Coen-Porisini, A. (2015). Security, privacy and trust in Internet of Things: The road ahead. Computer networks, 76, 146-164.
Smith, H. J., Dinev, T., & Xu, H. (2011). Information privacy research: an interdisciplinary review. MIS quarterly, 35(4), 989-1016.
Wall, J., Lowry, P. B., & Barlow, J. B. (2015). Organizational violations of externally governed privacy and security rules: Explaining and predicting selective violations under conditions of strain and excess.
Xu, L., Jiang, C., Wang, J., Yuan, J., & Ren, Y. (2014). Information security in big data: privacy and data mining. IEEE Access, 2, 1149-1176.
Zhang, C., Sun, J., Zhu, X., & Fang, Y. (2010). Privacy and security for online social networks: challenges and opportunities. IEEE network, 24(4).
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
