External Factors Information Systems Notes

Information Systems Design & Development:Security Risks, Security Precautions, Legal Implications, Environmental Impact & Social and Economic Impact

ContentsSecurity Risks & Precautions

Questions

Environmental Impact Questions

Legal Implications Questions

Social & Economic Impact Questions

Security RisksA Security Risk to an information system is a potential threat to the security, privacy and integrity of the data stored in the information system.

Laws like the Data Protection Act regulate the responsibilities of the operators of an information system. The operators have to be very aware of security risks as they could result in them being held liable for breaches in their data security.

There are a number of different security risks which can be categorised in terms of the nature of the threat. Not every threat attacks weaknesses in the computer systems used by the information system itself!

Malware security risks and exploits are threats posed directly by and to computers.

Social engineering security risks are threats that take advantage tricking people into doing something. Very often, a social engineering method is used to trick users into installing malware.

Spyware:Spyware is software that monitors the users actions and reports them to someone else

Spyware can monitor a variety of activities, from web browsing habits to program use. It runs unobtrusively and can be hard to notice without actively checking the tasks being run by the computer. Malicious spyware collects information either without your consent, or having tricked you into giving your consent without realising it

Spyware isn’t always malicious, and a positive use of a spyware type program is for monitoring and reporting on crashes that happen when using or testing other programs.

Keyloggers are a specific form of spyware that record the keystrokes on a keyboard. They can be used to record user names and passwords, allowing hackers to access your accounts

The development of smartphones opens the potential for new forms of spyware. Smartphones come with cameras and microphones, two devices that could be use to covertly monitor user activity in new ways.

Phishing:Phishing is a form of social engineering whereby information system users are tricked into giving up their personal details, or usernames and passwords.

There are a variety of ways to phish for personal data. Phishers will take advantage of individuals who do not understand how aspects of computers and communications technology works to gain their data.

Identity Theft is a consequence of phishing. With enough of someone’s personal information, criminals can access all of their online accounts – and even make new ones

A 419 Scam email

Collectively, various methods of using the Internet to trick people out of their money and belongings are known as online fraud.

Denial of Service AttacksA denial of service attack floods an online server with a flood of requests and messages. As the attacked computer is unable to keep up with the messages it crashes. Most denial of service attacks are distributed – the flood comes from many computers

Symptoms of a denial of service attack include: Slow network performance Unavailability of a website Disconnection from the Internet

Although some denial of service attacks are carried out purely for the effect of taking down the server, other have criminal profit in mind – Sometimes it is possible to access otherwise restricted files as the result of a denial of service attack. By gaining access to such files, further online fraud can be carried out.

Most distributed denial of service attacks are launched from botnets. Botnets are made up of malware infected computers. The malware can be activated remotely, causing the computers to flood the targeted server

Security PrecautionsSecurity precautions are the steps taken by the operators of a computer system to prevent or mitigate the damage caused by security risks.

When using security precautions it is important to bear in mind that many people don’t understand the security risks posed by computers.

For example, even the most secure web server is still at risk from denial of service attacks, as the problem originates from people who haven’t properly secured their computer and allowed it to become infected with botnet malware

Many security precautions happen without most users realising they are in place.

Encryption:Encryption works by encoding information in a way that it cannot be read without first decrypting it.

It is important to encrypt sensitive data that is transferred over the Internet. The data will be transferred through a number of different location on the way to its destination and could in theory be read at any of them. Encryption stops this from happening.

Information is encrypted using keys. A public key is freely available to anyone and can be used to encrypt data.

The information can only be decrypted with the private key, which is only known to its owner.

When you encrypt data with a public key, you are guaranteed that the only person that can read it is the person who holds the corresponding private key.A03[]]agv2Hi! Hi!

Digital Certification:Although public and private keys guarantee that a message cannot be intercepted, they do nothing to prove who the owner of the public key is.

A digital certificate is an electronic document that verifies that a public key – and therefore the browsed website – is owned by who it claims to be owned by

A digital certificate contains: The public key of the certificate owner The name of the owner The expiry date of the certificate The issuer of the certificate

Digital certificates are issued by trusted third parties called Certificate Authorities. The digital signature of the CA will be appended to a digital certificate to prove is authenticity

You can click on the padlock to view a digital certificate

Biometrics:Biometrics refer to measuring the physical characteristics of a person. In computing security, an individuals unique biometrics can be used as an alternative to a password

Biometrics include: Fingerprint recognition Iris & Retina recognition Voice recognition Facial recognition

Biometrics increase security because they are unique, complex and cannot easily be taken from a person

A passport with facial recognition biometrics

Questions – SecurityAnswer questions in full sentences!1. Describe how security risks can be split into different

categories2. Describe what spyware is.3. Explain how keyloggers are a form of spyware4. What is a denial of service attack5. Explain how a denial of service attack is carried out6. Explain how public key encryption works, and how it

prevents messages being intercepted7. Why does public key encryption need to be

supplemented by digital certification8. What is a digital certificate?9. What is a certificate authority?10. Why do certificate authorities need to include their

digital signature on digital certificates?

Environmental ImpactThe environmental impact of computers is a measure of the effect computer systems have on the environment.

Some effects of using computers are bad for the environment – the generation of electricity to use computers and the materials used to make computers can have a negative impact

Computers are also responsible for changes in habits and working practices that can have a positive impact on the environment

Lifetime Carbon FootprintThe carbon footprint of something is a measure of how much carbon dioxide it causes

Most things cause carbon dioxide emissions indirectly – they don’t emit the carbon dioxide themselves, but something else such as a power station or vehicle will be emitting the carbon dioxide for them

Carbon footprints are measured over the lifetime of an object or person. For computers, the lifetime of the object can be broken into three areas: Manufacture, Usage & Disposal

Manufacture:Significant amounts of electricity will be used to run the machinery that makes computers. If this electricity is generated at a fossil fuelled power station it will contribute to the carbon footprint

Transporting finished computers from factories to shops and purchasers will also contribute to the carbon footprint as fuel will be used by trucks and vans

Usage:Electricity is required to run a computer, which will contribute to its carbon footprint.

The amount of electricity used depends on the energy consumption of the computer and how much it is used. Laptops have a lower energy consumption than desktops.

Disposal:Because of the materials used to make computers, they have to collected and recycled at specialised designated collection facilities.

This affects the carbon footprint of computers as electricity will be used to break up and recycle the computers, and fuel will be used to transport them there.

Calculating Carbon Footprints:To calculate a lifetime carbon footprint, work out the carbon dioxide release by each individual element of the computers lifetime and add them all together

Environmental BenefitsComputer technology can also have environmental benefits as it changes the way we work and live.

Connectivity & Communications:The growth of the Internet and the increase in connection speeds has made telecommuting and videoconferencing viable. People can collaborate and work with each other remotely

This reduces the need for transportation, as less people need to move about for their work. Fuel use, and carbon dioxide generation is less as a result.

Paperless Workplaces:Increasing storage capacities mean that more information can be stored electronically. Communications technologies mean that messages can be sent electronically, with feeds like Twitter and RSS able to keep people up to date.

This means that less paper is needed to store information and communicate. Although it might not be possible to eliminate paper entirely from a workplace, its usage can be drastically reduced. This saves resources in terms of the paper itself, its production, transportation and recycling.

Questions – The EnvironmentAnswer questions in full sentences!1. Explain what is meant by a carbon footprint2. Explain what elements need to be considered when

calculating the carbon footprint of a computer3. Do software applications have a carbon footprint?

Explain your answer4. Explain how the growth of network & communication

technologies is of benefit to the environment5. Describe how computers can result in less paper being

used. 6. Do you think it is possible for workplaces to become

100% paperless using current technologies? Explain your answer

7. Find out about another way computers can be used to benefit the environment online. Describe it in detail in your jotter.

Legal ImplicationsA number of laws need to be considered when using computer systems:

Data Protection Act Copyright Designs & Patents Act Communication Acts Regulation of Investigatory Powers Act

Additionally, you will still need to know about the laws covered at National 5 level:

Computer Misuse Act Health & Safety Regulations

Data Protection ActThe Data Protection Act governs the keeping of data about people – how it is to be used, updates, passed on and deleted.

The Data Protection Act does not apply to: Data kept for national security purposes Data kept for crime prevention purposes Data kept for taxation purposes Data kept domestically – i.e. your personal address book

The act identifies three groups of people with differing rights and responsibilities

The data controller is the person in an organisation tasked with ensuring that the organisation complies with the act. They are the ones held liable for breaches of the act.

Data users are the people in the organisation that will make use of the data The data subjects are people about whom information is stored. They are entitled

to compensation if their rights are breached

The Information Commissioner regulates the application of the act and complaints about data controllers can be made through his office

The data controller must ensure that: Only data described in the organisation’s entry in the Registrar

of Data Controllers is collected, and it is used for the registered purpose.

The data is accurate and up to date The data is protected from accidental damage and unauthorised

access Data is kept no longer than necessary Data is not transferred to other countries without similar laws in

place

The data subject has the following rights: a right of access to a copy of the information comprised in their

personal data a right to object to processing that is likely to cause or is causing

damage or distress a right to prevent processing for direct marketing a right to object to decisions being taken by automated means a right to have inaccurate personal data corrected a right to claim compensation for damages caused by a breach of

the act

Copyright Designs & Patents ActThe Copyright, Designs & Patents Act makes it illegal to copy or redistribute intellectual property without license

Works covered by copyright include: Literary, dramatic and musical works Artistic works including photographs Sound recordings and films Television broadcasts Software

There are some limited exemptions to copyright: Fair dealings, such as for reviewing copyrighted pieces Education Libraries & Archives

Copying another persons work and attempting to pass it off as your own is called plagiarism. As well as being a breach of copyright, plagiarism is a serious matter in schools and universities. Material created by other people should be acknowledged as such if you include it in your work

Communications ActThe Communications Act covers a wide range of regulations in media and communications, some of which are applicable to the field of computing

The Communications Act makes it an offence to access a wireless network connection when you have no intention of paying for it. This makes the practice of piggybacking – using someone else’s WiFi network – illegal

The Act also makes it an offence to send malicious messages via social media. Following an individual being prosecuted for jokingly threatening to blow up an airport, guidance has been issued that the Act should only be applied where there are credible threats of violence

The appeal of the Twitter Joke Trial,

as mentioned above

The Regulation of Investigatory Powers ActThe Regulation of Investigatory Powers Act regulates public bodies abilities to carry out surveillance and investigation, specifically referring to computer communications technology.

Areas covered by this act include: Intercepting communications for the purpose of national security and tax

collection The monitoring of email, web and communications usage for a wider range of

purposes including public health and safety, national security and crime prevention, collecting of taxes, duties and levies and preventing death and injury in cases of emergencies

Internet Service Providers and organisations must implement systems that allow this information to be produced on demand. This must be done at the ISPs expense.

There are a number of difficulties in enforcing RIPA, primarily revolving around the use of encryption and the fact that many ISPs and data stores reside outside of the United Kingdom’s jurisdiction.

Questions – Legal IssuesAnswer questions in full sentences!1. Describe the three roles listed in the Data Protection Act2. List the rights of a data subject3. Which law makes it illegal to download music without paying for

it4. Describe the exemptions to Copyright law5. Find out how long musical arrangements are under copyright for6. Which law makes using someone else’s WiFi without their

permission illegal7. Explain the financial implications for ISPs of the Regulation of

Investigatory Powers Act8. Explain why RIPA can be hard to enforce9. Investigate the Twitter Joke Trial more fully. State whether or not

you think this was a valid use of the Communications Act. Explain your decision

10. Investigate some of the controversial applications of RIPA. Write a short paragraph describing them.

Economic Impact of Computer SystemsThe economic impact of the continuing growth and adoption of computer systems on the world has been huge.

Computer systems have allowed organisations to increase their productivity. Collections of information can reach a scale so large that they would have been impossible without computers. From factory robots to the ease with which databases can be searched, more work can be done in the same time.

This grants a huge competitive advantage to organisations that have adopted computers – they can reduce costs in a number of areas such as labour.

The more advanced an organisation’s computerisation is, the more of an advantage it has.

The growth of network and communications technology has drastically changed the way business has been done. It is easy to communicate and collaborate with other organisations across the world.

This ease of communication has connected together and opened new marketplaces. Businesses must compete in a global marketplace where the number of potential customers is much larger, but so is the number of competitors

The continuing development of new technologies brings new costs. Computer systems must be maintained, and a whole new class of jobs based around the creation and maintenance of computer systems has grown up over the last few decades

Social Impact of Computer SystemsThe social impact of computer systems are slowly being more understood. As more and more computer systems are used in more and more areas of our life, the way we live changes.

Most people view freedom of speech as an inalienable right. The internet has made it easier than ever before to have your say. With social media and discussion board sites able to operate in different countries, even oppressive regimes have difficulty in controlling what their citizens are able to say.

At the same time, abuses of freedom of speech are common too. Internet trolling and other cyber bullying methods are common

Widespread use of computers has affected privacy drastically. Once information is released online, it is all but impossible to make private again.

Embarrassing pictures can spread far beyond their initial posting. An individual’s personal history can remain easily found on the internet for years. This can affect people’s lives, including their employability. Do people have a right to be forgotten?

Or is privacy a license for censorship? Are people abusing the idea of privacy to rewrite their personal history and conceal important information from their associates?

Communities, increasingly, are online. Groups and organisations are bypassing traditional media such as newspapers and television and reaching their audience via the internet and social media.

Online communities can reach people who have otherwise been disengaged with politics and society. Social media has a far greater reach than television and newspapers.

With the Internet having global coverage, people can become involved in issues around the world, effectively becoming global citizens.

Social media played a huge part in the 2014 Scottish Independence

Referendum

Questions – Economic & Social ImpactAnswer questions in full sentences!1. Explain why computer systems increase the

scale at which business can be done2. Explain how computer systems can

increase the productivity of business3. Give one advantage and one disadvantage

of operating in a global marketplace4. Pick one of the social issues mentioned

above. Investigate the issue using the internet. Write a short, one page long, report on the issue on your computer.