Login Signup
Verified Document

Information System On Ethical And Research Paper

Related Topics:
Ip Address Cyber Crime Incident Command System Information Security
Open Document Cite Document

First, they have an obligation to make certain that they can participate in the global economy to give their citizens the same chances for advancement as other nations. Secondly, they have a moral obligation to do everything possible to keep their citizens safe. When one discusses the topic of security in Information and Communication Technology (ICT), much of the discussion focuses on the technology itself. Currently, the South African banking industry is attempting to establish standards that represent best practices in information security (Tshinu, Botha, and Herselman, 2008). These measures currently focus on the technological aspects of information security. However, the development of industry-wide best practices must take all sources of vulnerability into consideration, including the moral and ethical responsibility to keep information safe.

Therefore, the development of best practices cannot ignore the human factor in security and the division of responsibility between the banking institutions and the banking customers. This research will help it professionals in the banking industry to focus on all of the factors that affect information security, including human factor. The human factor cannot be ignored in the development of standards that pose a solution to the problems regarding information security in the South African banking system. One of the key issues is the shifting of responsibility in crime preventions. The citizens want to feel safe and as if they do not have to worry about their personal information. However, banks cannot do it without them. The citizens must take on a greater responsibility and help banks to fulfill their moral responsibility to keep their information safe. This research will argue that crime prevention is everyone's moral and ethical responsibility.

The scope of the problem is huge and affects all players in the banking industry. The size of the thefts that have occurred are overwhelming. In July of 2009, an SMS scandal involving Vodacom customers amounted in a multimillion-rand SMS authentication scam (the Star, 2009). This scam was one of the largest of its kind and demonstrates that even advanced SMS authentication processes are still vulnerable. They are a step above the username and password systems, but this crime demonstrates that even these systems are still vulnerable.

This scam was carried out using email and phishing to get the customer to divulge their username and password. The scammers masqueraded as a trustworthy source that fooled many customers. In this case, the customer was the one who took actions that caused the crime. If the banks are doing everything possible to prevent phishing sites, the question could be raised as to if they responsible when a customer voluntarily provides the phisher with information that leads to theft. The incidents of cyber crime that are occurring in South Africa are massive, both in the number of them that are occurring and in the amount of rands that are being compromised. This would be similar to a question of whether someone else is responsible if a person breaks into a house using a door that was left unlocked intentionally by the occupant. In these circumstances should the insurance pay. In many cases, they do not. So why should someone else pay for damage caused by information provided to a phisher? These are the moral and ethical questions that must be asked in order for South Africa to be ready for the leap into the global market. The scope of the problem makes it an important topic for study. The scope of the problem and the need to bring South Africa up to global standards is a key reason for the conduct of this study.

3. THEORETICAL FRAMEWORK

The theoretical framework is a group of unifying ideas that will govern the research process. The key guiding principle of the study will focus on the need to enhance the human factor in online banking security. It will focus on the need to balance the technological aspects of IS with the human factors. It will provide guidelines for the development of best practices that can be used by the South African banking industry to improve information security across the entire sector. It will address the questions of moral and ethical responsibility as outlined in the previous sections. The theoretical framework of the study is based on the guiding principle that increasing awareness regarding personal information, combined with the necessary technological advances will provide the best solution to improving information security in South Africa.

4. RESEARCH METHODOLOGY

Research into the field of information security...

Parts of this document are hidden

View Full Document
svg-one

It will focus on who should be responsible for cybercrime prevention and the moral and ethical issues of responsibility in cybercrime. IS security can be a difficult topic from a research perspective. One of the key reasons is that we only know about cyber crime when someone gets caught. It is difficult to determine if new policies, educational programs, or technology are actually having an effect on a reduction in cyber crime, or if criminals are simply getting better at avoiding detection. From a research perspective, this aspect of the phenomenon makes it a difficult topic to study.
In addition to this difficulty, it is difficult to attach causality to new programs, as there are many factors that could affect rises or falls in cyber crime that are not related to the element bring researched. The purpose of this research study is to explore the moral and ethical issues of information security in South Africa.

We discussed that information security is a combination of technology and education. The human factor and the need to keep personal information private were found to be a key factors in the prevention of information theft. Therefore, this study will use a survey methodology to explore the knowledge level and daily practices regarding information security in the South African people. It will also explore their use of and knowledge of available technology to help prevent cyber crime from occurring. It will address their feelings about their part in the moral and ethical responsibility to do their part to prevent cybercrime. It will address how they feel their banks are fulfilling their moral and ethical obligations to do as much as they can to prevent cybercrime. It will also explore cultural aspects of South African that could affect the feeling of who is responsible for the prevention of cybercrime. One example of these cultural dimension is the feeling of individuality vs. As communal perspective on crime prevention.

The purpose of the research is not only to gain insight into the current state of the situation, but also to offer suggestions for improvement in the future. Therefore, the survey will explore the potential effectiveness of programs that may help to improve password security in the future. The research takes into account the multiple factors that were found to be a factor in curbing cyber crime in the banking industry in South Africa, particularly regarding online banking and the moral and ethical obligation to prevent cybercrime.

The study will address the moral issues involved in information security from the user end of security. The sharing of passwords and usernames, or at least the failure to take proper precautions to protect them is believed to be a key component in the ability to protect online bank accounts. The ease with which phishers can obtain usernames and passwords through spoof sites, or through offering some small token in exchange for usernames and passwords is disturbing (Cawley, 2010). The end user was found to be responsible for security breeches more than technology. Therefore, this research methodology will focus on improving information security from the perspective of the end user. It will focus on the need to instill a sense of responsibility for their own cyber safety from the perspective of the end user.

The development of policies and better technology to curb cyber crime is an important element in improving online security in the South African banking industry. However, they can only go so far when the end users are willingly sharing passwords and refusing to take on their moral share of the responsibility. The end user has little, if any, control over the types of security measures that are being used by banks to protect their accounts. That does not mean that end users do not need to have a basic knowledge of these systems. End users have a moral responsibility to have a basic knowledge of the technological measures and policies that will help to protect their account. This will allow them to choose their online banking institutions wisely. The survey methodology to be used in this research study will allow the researcher to explore end user knowledge regarding protecting their online accounts from a technological and personal level. It will also review the current legislative and policies of 20 major banking institutions in South Africa in regards to how they are addressing the moral and ethical issues surrounding information security. Therefore, it will directly address…

Continue Reading...
Sources used in this document:
REFERENCES

Anderson, R. & Moore, T. 2006. "The Economics of Information Security." Science [Online] 314 (5799), pp.610-613, October 27, 2006. Available at:

http://www.cl.cam.ac.uk/~rja14/Papers/toulouse-summary.pdf (Accessed June 20, 2010).

Anderson, R. & Moore, T. 2007. "The Economics of Information Security: A Survey and Open Questions." Fourth Bi-annual Conference on the Economics of the Software and Internet Industries. January 19-20, 2007: Toulouse, France. [Online] Available at:

http://www.cl.cam.ac.uk/~rja14/Papers/toulouse-summary.pdf (Accessed June 20, 2010).
Barrett, M. 2008. A Practical Approach to Managing Phishing. April 10, 2008. [Online] ThePaypalBlog. Available at: https://www.thepaypalblog.com/2008/04/a-practical-app / (Accessed June 20, 2010).
Bignews Staff. 2010. Standard Bank provides free phishing software. Big News. [Online] May 21, 2010. Available at: http://www.bignews.co.za/bignews/content/en/full-article?oid=1934&sn=Detail&pid=1&Standard-Bank-provides-free-phishing-software (Accessed June 20, 2010).
Cawley, C. 2010. South Africa's Online Banking Security Challenge. June 13. 2010. [Online] Brighthub.com. Available at: http://www.brighthub.com/internet/security-privacy/articles/73991.aspx (Accessed June 20, 2010).
Chen, Y., Chou, JS., & Huang, Chapter 2010. Comments on Five Smart Card-Based Password Authentication Protocols. International Journal of Computer Science and Information Security. [Online] 8 (2): 129-132. Available at: http://www.docstoc.com/docs/42932751/Comments-on-five-smart-card-based-password-authentication-protocols (Accessed June 20, 2010).
Chou, JS., Huang, CH, & Chen, Y. 2010. Cryptoanalysis on Two Multi-Server Password Based Authentication Protocols. International Journal of Computer Science and Information Security. [Online] 8 (2): 16-20. Available at: http://www.docstoc.com/docs/42922884/Cryptanalysis-on-two-multi-server-password-based-authentication-protocols (Accessed June 20, 2010).
Christensen, B. 2010. South African Revenue Service Tax Refund Phishing Scam. Hoax-Slayer. [Online] Available at: http://www.hoax-slayer.com/south-african-tax-refund-scam.shtml (Accessed June 20, 2010).
Wong, E. 2010. Why it Is Easy to Fall into Online Phishing Scams. Discover. [Online] Available at: http://www.alantanblog.com/scam/why-it-easy-to-fall-into-online-phishing-scams.html (Accessed June 20, 2010).
Elamb security. 2010. Facebook Imposter Scam. January 17, 2010. Revolution Magazine. [Online] Available at: http://elamb.org/category/phishing / (Accessed June 20, 2010).
Frauenstein, E. And von Solms, R. 2009. Phishing: How an Organization Can Protect Itself. Information Security for South Africa. Proceedings of the ISSA 2009 conference. [Online] Available at: http://icsa.cs.up.ac.za/issa/2009/Proceedings/ISSA2009Proceedings.pdf (Accessed June 20, 2010).
Goldstick, a., & Dagada, R. 2009. Help U.S.! We Want to be 'E-Secured': Digital Banking Customers' Security Needs in South Africa. Information Security for South Africa. Proceedings of the ISSA 2009 conference. [Online] Available at: http://icsa.cs.up.ac.za/issa/2009/Proceedings/ISSA2009Proceedings.pdf (Accessed June 20, 2010).
Haley, K. 2010. Password Survey Results. Symantec. March 26, 2010. [Online] Available at: http://www.symantec.com/connect/blogs/password-survey-results (Accessed June 20, 2010).
ISO/IEC 27002:2005. 2010. ISO/IEC 27002:2005 Information technology -- Security techniques -- Code of Practice for Information Security Management. IsecT Ltd. [Online] Available at: http://www.iso27001security.com/html/27002.html (Accessed June 20, 2010).
Knowler, W. 2010. Phishing Scams are Proliferating. South Africa. [Online] Available at: http://www.iol.co.za/index.php?art_id=vn20100602122803265C559150&page_number=2 (Accessed June 20, 2010).
http://www.cl.cam.ac.uk/~rja14/Papers/toulouse-summary.pdf (Accessed June 20, 2010).
http://people.seas.harvard.edu/~tmoore/enisa-security-econ.pdf (Accessed June 20, 2010).
Moore, T. And Clayton, R. 2007. "An Empirical Analysis of the Current State of Phishing Attack and Defence." Sixth Workshop on the Economics of Information Security. June 7-8, 2007: Pittsburgh, PA, USA. Pp. 1-20. [Online] Available at: http://people.seas.harvard.edu/~tmoore/weis07-phishing.pdf (Accessed June 20, 2010).
Moore, T. And Clayton, R. 2008. "The Impact of Incentives on Notice and Take-down." Seventh Workshop on the Economics of Information Security. June 26-28, 2008: Hanover, NH, USA. Pp. 1-24. [Online] Available at: http://weis2008.econinfosec.org/papers/MooreImpact.pdf (Accessed June 20, 2010).
Stander, a., Dunnet, a., & Rizzo, J. 2009. A Survey of Computer Crime and Security in South Africa. Information Security for South Africa. Proceedings of the ISSA 2009 conference. [Online] Available at: http://icsa.cs.up.ac.za/issa/2009/Proceedings/ISSA2009Proceedings.pdf (Accessed June 20, 2010).
Steyn, T., Kruger, H., and Drevin, L., 2007, New Approaches for Security, Privacy and Trust in Complex Environments, eds. Venter, H., Eloff, M. Labuschagne, L., Eloff, j., von Sohns, R., in IFIP International Federation for Information Processing, [Online] 232, (Boston: Springer), pp. 193 -- 203. Available at: http://docs.google.com/viewer?a=v&q=cache:CkaQEJ1ekaIJ:citeseerx.ist.psu.edu/viewdoc/download%3Fdoi%3D10.1.1.102.3462%26rep%3Drep1%26type%3Dpdf+New+Approaches+for+Security,+Privacy+and+Trust+in+Complex+Environments&hl=en&gl=us&pid=bl&srcid=ADGEESi9NbJ6wllXrkB98CZKtC1SZD3Rp0gdFoMHRnxNfnJ_1q18QcddjsJQNE-tGdSIOz_np5ZQ6OMFFfr3kwl85AbLoHeiG1nAIzNFR7e43NDOce7dJQ7o05gJNgczIMu0i58petvC&sig=AHIEtbSNq3c0VoS2cG5eXmpgW9Nc72baIg (Accessed June 20, 2010).
Tshinu, S., Botha, G. And Herselman, M. 2008. An Integrated ICT Management Framework for commercial Banking Organisations in South Africa. Interdisciplinary Journal of Information, Knowledge and Management. [Online] 3, pp. 39-53. Available at: http://ijikm.org/Volume3/IJIKMv3p039-053Tshinu364.pdf (Accessed June 20, 2010).
The Star. 2009. Millions Stolen in SMS banking scam. July 17, 2009. [Online] Available at: http://www.iol.co.za/index.php?click_id=13&set_id=1&art_id=vn20090717110409574C426108 (Accessed June 20, 2010).
US Department of State. 2010. South Africa Country Specific Information. Travel.State.Gov. [Online] Available at: http://travel.state.gov/travel/cis_pa_tw/cis/cis_1008.html (Accessed June 20, 2010).
Proceedings of the 4th international symposium on Information and communication technologies. Cape Town, South Africa. SESSION: Invited workshop on information technology and its applications: software development, disaster engineering, and security. Available at: http://en-us.www.mozilla.com/en-U.S./firefox/central / (Accessed June 20, 2010).
Cite this Document:
Copy Bibliography Citation

Related Documents

Essay
Information Systems Have Changed the Way We
Words: 2950 Length: 7 Document Type: Essay

Information Systems Have Changed the Way We Collaborate and Work in Significant Ways Introduction to Information System within an organization Computers are continuously being used in organizations since the appearance of first ever application of this technological equipment that could be helpful in supporting organizational work. It is unavoidable in modern and up-to-date organizations where there is diversity in the organizational work and all related activities. In the early years, Information System

Read More
Essay
Information Systems for Healthcare Management of the
Words: 1512 Length: 5 Document Type: Essay

Information Systems for Healthcare Management Of the many enterprises that rely on information systems to attain their objectives, healthcare management is the most challenging and costly. The combination of highly complex application, systems and platform trade-offs, along with the need for continual government compliance makes information systems in healthcare one of the most difficult areas to attain best practices in of any IT area (Le Rouge, De Leo, 2010). The intent

Read More
Essay
Information Systems Outsourcing Advantage and Risks There
Words: 2721 Length: 10 Document Type: Research Paper

Information Systems Outsourcing Advantage and Risks There appears to be some confusion and trepidation about the use of outsourcing for Information Systems in today's organizations. While some advocate for the use of IS outsourcing still others state claims that it is not an effective or efficient organizational practice. The objective of the research contained in this study is to determine the effectiveness and efficiency of information systems outsourcing practices. The significance of the

Read More
Essay
Information Systems Define an Information System and
Words: 954 Length: 3 Document Type: Essay

Information Systems Define an Information System and Types of Information Systems An information system comprises the hardware and software components necessary to create, store, manage, share, and maintain data. The type of information system selected depends on the specific needs of the user or the organization. There are three basic types of information systems: transaction information systems, management information systems, and decision support systems ("Types of Information Systems," n.d.). Decision support systems are

Read More
Essay
Information System Briefing the Process of Selecting
Words: 948 Length: 3 Document Type: Essay

Information System Briefing the Process of selecting & acquiring an Information System (IS) for Healthcare: Any medical organization planning to go for an IS must choose an efficient Electronic Patient Record -- EPR which is the starting point of any computerized system. Effectiveness of the following points must drive the process of selection and acquisition of an IS. These are (i) Patient care which is the documented record of every patient undergoing

Read More
Essay
Information Systems and Strategy Finding
Words: 1243 Length: 4 Document Type: Research Paper

The use of it systems and technologies is then secondary to the supporting of key business processes that unify an organization. A solid organizational framework can save a company literally millions of dollars in bad it and technical systems by making sure every information asset and initiatives aligns to strategic plans and initiatives. Big Data, Cloud Computing and Social Networks -- the Data Explosion The last five years have seen the

Read More

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now