Computer Science And Ethics: Forensics Ethics Week 1 Questions. Essays Examples
Type of paper: Essay
Topic: Information, Security, Criminal Justice, Workplace, Organization, Evidence, Employee, Employment
Pages: 2
Words: 550
Published: 2020/12/24
Question 1: Digital forensics investigators are required to be familiar with and adopt digital forensics best practices and criminal justice standards adhering to evidence admissibility standards in a court of law, proper inspection of evidence and analysis of documentation, and professional representation in court to ensure that legal proceedings are successful. Without these best practices and procedures, the validity of digital evidence is most likely to be questioned in court. Issues that in digital forensics that may raise questions include search and seizure, case jurisdiction, evidence spoliation, evidence preservation, issues of “good faith”, and investigation and analysis (Ami-Narh & Williams, 2008).
In regard to evidence analysis and the admissibility of findings in a court of law, the rules of evidence require that the level of accuracy of evidence collection methods is known and that evidence is not tampered with during analysis. Digital forensics best practices require that an autopsy of forensic evidence is taken using special techniques and software to analyze the exact actions that took place on the computer and the data stored in it. Improper evidence analysis could render it inadmissible in court. In such a case, the forensics experts should be able to defend forensic finds. A case example is one that involved Galaxy Computer Services., Inc. vs. Baker where the digital forensics expert’s experience was questioned. According to the defendant, the plaintiff’s forensic expert had used incorrect procedures and lacked experience thus his testimony should have been excluded. However, the court rejected the defendant’s motion on the basis that the forensic expert did have a good educational background, relevant skills and experience in his work (Ami-Narh & Williams, 2008).
In the case of Peach vs. Bird, the defendant was acquitted of child pornography possession charges since analysis of evidence from the defendant’s computer could not link him to accessing child pornography sites. However, the plaintiff appealed this decision, and on the basis of Encase evidence analysis and the testimony of a digital forensics expert, the court overturned the acquittal and ordered a retrial (Ami-Narh & Williams, 2008).
These two examples demonstrate the importance of combining digital forensics best practices with criminal justice procedures to ensure digital evidence is admissible in court.
Question 2: Information Security (IS) refers to methodologies and procedures that are designed and implemented with the aim of protecting electronic, print, or other forms of private, confidential and sensitive data and information from unauthorized access, modification, use, misuse, disruption, disclosure, or destruction (Sans.org, 2015).
Information Security (IS) usually describes the tasks of protecting information stored in digital formats. The main objective of Information Security is to ensure the CIA of information also known as the CIA Triad. CIA stands for confidentiality, integrity and availability of information. Confidentiality ascertains that only authorized entities have access to and can view the information. Integrity ensures information correctness and non-authorized persons or software cannot alter, modify, or delete the data. Availability deals with ensuring that data is always accessible to authorized entities i.e. systems and users.
In organizations, companies, and Federal agencies, the goals of Information Security include prevention of data theft such as customer information, credit card details, company files and other confidential data. Identity theft prevention as a goal of IS in organizations involves protecting data from malicious people who use other people’s personal information such as Social Security numbers to establish bank accounts which are then left in debt, or to impersonate someone and gain access to places only the original person would be allowed to access e.g. Impersonating a system administrator using their username and password to access the company’s mainframe. IS also helps organizations avoid the legal implications of poor data security since the organization is deemed responsible for protecting the customer data it holds. If any of this information is leaked or stolen due to company negligence, then the company faces stiff penalties from regulators and can even be sued by its customers. IS helps organizations maintain productivity since successful cyber-attacks would divert time, money and other resources such as labor towards recovery efforts in the attack aftermath. Finally, IS helps prevent cyber terrorism since cyber-attacks targeted towards electronic, commercial and communication infrastructure could paralyze core services such as transport networks, communication lines and core business transactions such as stock exchange markets leading to significant losses. Countering cyber-terrorism using IS usually involves the efforts of Federal security agencies (Ciampa, 2010).
Question 3: An Information Security Program (ISP) brings structural organization and governance to the Information Security function in an organization company or Federal agency. This allows the IS function in an organization to operate as a key element of the enterprise and support business objectives (Pironti, 2005).
Every organization needs a good ISP that helps paint the big picture on how to secure company data. An ISP should take a holistic approach to describing how each part of the organization is involved. The key components of a good ISP include a designated security officer with a clearly defined role to coordinate and execute the ISP. Another aspect is proper risk assessment to identify and assess risks to be managed by the ISP. An ISP should also have clearly set policies and procedures on what the program should cover, and also comply with regulatory standards such as the Privacy Act and HIPAA among others. Finally, an audit compliance plan in the ISP helps determine the frequency of Information Security audits and assess the compliance of these audits to the ISP (Applied Trust, 2008).
Overall, an ISP helps and organization to focus on its Information Security goals and stay within the confines of regulatory and compliance policies that affect how an organization handles its data. It also helps and organization meet the contractual and legal obligations to consumers and other stakeholders. Finally, the use of an ISP ensures that the organization continuously adapts to the dynamic IT environment and stay ahead of the pack in terms of securing information assets (Applied Trust, 2008).
Question 4: Employee monitoring involves the use of workplace surveillance techniques to gather information about the location and activities done by members of staff. Employee monitoring is often unregulated, unless specified by company policy (which is still not reassuring) thus meaning the employer can listen in, watch and read virtually all workplace communications as they so desire (Privacyrights.org, 2014).
Employee privacy has become a controversial issue especially now that employers have access to advanced technological tools that can monitor computer terminals, telephones, and even key strokes. The increased use of electronic monitoring systems which work in the background without the employee’s knowledge that they are being monitored has further raised ethical concerns regarding employee privacy. Electronic monitoring is the use of computers to collect, store, analyze, and report information on employee productivity (Mishra & Crampton, 1998).
References:
Ami-Narh, J., & Williams, P. (2008). Digital forensics and the legal system: A dilemma of our times. In Proceedings of the 6th Australian Digital Forensics Conference (pp. 1, 5). Perth: Edith Cowan University. Retrieved from http://ro.ecu.edu.au/adf/41/
Applied Trust. (2008). Every company needs to have a security program. Appliedtrust.com. Retrieved 18 March 2015, from https://www.appliedtrust.com/resources/security/every-company-needs-to-have-a-security-program
Ciampa, M. (2010). Security Awareness: Applying Practical Security in Your World (3rd ed., pp. 8-16). Boston, MA: Course Technology/Cengage Learning.
Mishra, J., & Crampton, S. (1998). Employee monitoring: Privacy in the workplace? S.A.M. Advanced Management Journal, 63(3), 4. Retrieved from http://faculty.bus.olemiss.edu/breithel/final%20backup%20of%20bus620%20summer%202000%20from%20mba%20server/frankie_gulledge/employee_workplace_monitoring/employee_monitoring_privacy_in_the_workplace.htm
Mujtaba, B. (2003). Ethical Implications of Employee Monitoring: What Leaders Should Consider. Journal of Applied Management and Entrepreneurship. Retrieved from http://www.huizenga.nova.edu/Jame/articles/employee-monitoring.cfm
Pironti, J. (2005). Key Elements of an Information Security Program. Information Systems Audit and Control Association (ISACA) Journal, 1(1). Retrieved from http://www.isaca.org/JOURNAL/ARCHIVES/2005/VOLUME-1/Pages/Key-Elements-of-an-Information-Security-Program1.aspx
Privacyrights.org, (2014). Workplace Privacy and Employee Monitoring | Privacy Rights Clearinghouse. Privacyrights.org. Retrieved 18 March 2015, from https://www.privacyrights.org/workplace-privacy-and-employee-monitoring
Sans.org, (2015). SANS Institute: Information Security Resources. Sans.org. Retrieved 18 March 2015, from http://www.sans.org/information-security/
- APA
- MLA
- Harvard
- Vancouver
- Chicago
- ASA
- IEEE
- AMA