Introduction
Information technology encompasses the development of a business’s information and data protection policies, a network of communication, construction and database administration, and staff assistance with computer and mobile device concerns. However, organizations face a wide range of ethical issues today, including copyright infringement and intellectual property rights, because technology makes it easier for people to copy other people’s content, from music to pictures. Other ethical issues include misusing of personal information, which is gathered when customers purchase commodities online or browse the internet. Inaccurate information, as nowadays opinions are disseminated on social media without going through the validation process and deemed to be accurate; thus, it misleads as well as leading to the invasion of one’s privacy. Additional ethical issues include inadequate oversight and a willingness to take responsibility, moral application of data and resources, and counterfeit software.
Organizations should implement certain e-policies to protect themselves as good management treats sensitive company data as a valuable resource. Ensuring that staff comprehend and apply ethical concepts is responsible management. If workers utilize computers at work, the company should have e-policies. E-policies rules and procedures that handle computer and Internet use in the workplace. Firstly, an acceptable use policy is a strategy a user must accept to utilize company email, systems, and the Internet. Secondly, they should implement computer etiquette policy, which contains general computer user principles. Third, a morally acceptable computer use policy makes sure that all users know the rules and agree to follow them. The information privacy policy is made up of general privacy rules. In addition, Email confidentiality policy specifies who can see emails. Social media policy entails the company’s internet communication policies (Baltzan et al., 2008). Finally, the Anti-spam policy which requires employees not to send unsolicited emails.
Intellectual capital is organizational information. The intellectual capital of a company comprises everything from its patents to its transactional and analytical capabilities. information. With security breaches on the increase and computer hackers everywhere, a company must implement measures to protect itself. To survive, strict security measures must be implemented. Information security policies and information security plans are similar in that they are both used to keep information secure. Information security policies include setting rules that ensure data protection, for Instance, necessitating users to log out before leaving for other activities and changing PINs every thirty days. In comparison, information security strategies define the steps involved in putting such guidelines into practice.
Organizations must pay attention to three main aspects of information security. Authentication and authorization (people). It checks users’ identities. After determining their authentication, a system may identify a user’s access rights or authorization. The procedure of providing permission, such as access to files, hours, and storage space, is known as authorization. Consequently, content filtering software is used by organizations to prevent the inadvertent or malicious transmission of unlawful data as a prevention and resistance method. Encryption scrambles data and necessitates using a key or password to decrypt it .A burglar cannot access encrypted data during a breach. The protection and retaliation of software or hardware that monitors incoming and outgoing data to secure a private network is a firewall. Finally, firms may invest in detection and response systems(Baltzan et al., 2008). To limit the effects of a security breach, a business might deploy detection and response technology. Antivirus software is the most popular sort of detection and response technology. Intrusion detection systems (IDS) monitor network traffic in real-time to detect intruders.
Information ethics and Security
Information ethics is concerned with the ethical, legal, and societal implications of employing information and communication technology, while Information security protects sensitive data from unwanted access, such as inspection, modification, recording, interruption, or destruction. In order to ensure that its operations are carried out acceptably, each organization must be governed by a set of ethics(Baltzan et al., 2008). As a result, organizations for instance Abu Dhabi National Oil Company(ADNOC) should incorporate ethics and information security into their operations in order to address issues such as moral agency and privacy of information (e.g., whether artificial entities are capable of moral behavior), new environmental issues, and problems arising from the information age. This will ensure that employees act in accordance with the ethical code of conduct for instance working hours should be adhered to and restriction of use of cellphones as such areas are dangerous to the extent of being morally upright by not siphoning oil for personal use.
Information ethics also addresses the issues of information ownership, intellectual property access, and the freedom to read and explore the Internet. Thus, this ethics set the culture for employees as they get to work and not use the internet for recreational activities during work and as they access wide range of personal information, they should be professional and keep such crucial information about the company activities private and deter from such malicious activities of disseminating information to hackers which will in turn become a threat to the company.
Information security as it prevents unauthorized access. As a result, organization such as ADNOC can function appropriately without interferences. This means businesses must also believe that they can stop cyber-attacks, get into the wrong people’s computers or get their data stolen. If a company does not put enough safeguards to protect customer data and hackers find ways to get their hands on it, it could lose money and hurt its reputation. Security measures protect essential data from unauthorized access, service interruption from cyber-attacks like denial-of-service (DoS) attacks, and much more, as well as a lot more. It is also essential for businesses to have faith in their data security and keep cyberattacks and unauthorized people from getting into their data safe(Baltzan et al., 2008). Thus, information security ensures the secure operation of applications running on the organization’s information technology platforms. It safeguards the information that which the organization obtains and uses. It ensures the security of the technology that the organization employs.
Information security is essential for businesses, so this needs to be done. ADNOC an oil company, has to upgrade its security systems as these investments will ensure that there are no breaches and will ensure continuous business growth as these systems will shun off hackers. Furthermore, these systems will make it easy to control the production and will enhance the efficiency of oil and gas production as its operations will be automated. All businesses need to spend money on cyber security. A data breach can be costly and time-consuming. Strong infosec reduces the risk of attacks on IT systems from both inside and outside. They also protect sensitive data, protect systems from cyber-attacks, keep businesses running, and give everyone a sense of security.
Relevance of Policies in Protecting Organization’s Data
Abu Dhabi National Oil Company (ADNOC) an oil company in United Arab Emirates employ an Information privacy policy that ensures that their customer’s private information is kept safe and prevents employees from disclosing information to other people who might use such kind of information to breach access and steal information from the target party. Secondly, an organization must develop and implement effective monitoring procedures. Employee monitoring rules specify how, when, and where workers are monitored. Employees who are actively educated about inappropriate conduct will not only swiftly adapt to a policy, but also decrease the Civil Society Organizations (CSOs) load by regulating themselves. implementing a workplace monitoring policy enables the organization to keep track of their employees and deter them from engaging in malicious activities; thus, hackers cannot access the information they are not supposed to access. This monitoring technologies include spyware, adware, cookie, hardware logger, Key logger, click stream and weblog.
Data backups and security checks are critical for data security—backup data in case of an unexpected attack or data breach. Regularly perform automatic or manual data backups (Baltzan et al., 2008). Thus, based on the structuration theory, it enables organizations to execute their activities in a monitored way to ensure accountability as well the awareness of the importance of handling people’s personal information is a crucial element as it ensures customers trust the organization; thus, one has to develop social cognitive states to understand the importance of information.
Information security in any organization has three areas that focus on authentication and authorization. For Instance, an example of authentication is when one check in to a website, one typically inputs a username and password. On the other hand, authorization is the process of granting a user permission. Owning a home is one example. The owner has complete access to the property but can grant others access. Authentication also involves the use of biometrics to identify a person using fingerprints, iris or face and use of smartcards Prevention and resistance examples include firewalls, digital certificates, encryption. Detection and response the first line of defense is to protect intellectual capital by developing an information security strategy that lays out all of the principles. Investing in technology to assist safeguard information via authentication and authorization, as well as prevention, is the second line of defense.
References
Baltzan, P., Phillips, A. L., Lynch, K., & Blakey, P. (2008). Business driven information systems. New York: McGraw-Hill/Irwin.