Scribd
Upload
16 views42 pages

AY25 ITAPP Unit-6

The document discusses IT governance, ethical, and security issues in information technology, highlighting the importance of governance frameworks like COBIT and ITIL. It outlines various security threats to IT systems, including malware, identity theft, and data breaches, along with solutions to mitigate these risks. Additionally, it addresses common issues in IT such as privacy, hacking, and data access rights.

Uploaded by

johnrouge.molina0
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
16 views42 pages

AY25 ITAPP Unit-6

The document discusses IT governance, ethical, and security issues in information technology, highlighting the importance of governance frameworks like COBIT and ITIL. It outlines various security threats to IT systems, including malware, identity theft, and data breaches, along with solutions to mitigate these risks. Additionally, it addresses common issues in IT such as privacy, hacking, and data access rights.

Uploaded by

johnrouge.molina0
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 42

IT GOVERNANCE, ETHICAL,

AND SECURITY ISSUES IN


INFORMATION TECHNOLOGY
IT Application Tools in Business

© Stephen Sonn Centeno, 2024


KEY TOPICS

6.1 Information Technology Governance: The Management and Control of


Information Technology
6.2 Security Threats to Information Technology and Information System
6.3 Security Threats to Internet Services
6.4 Ethical Issues in Information Technology

2
© Stephen Sonn Centeno, 2024
© Stephen Sonn Centeno, 2024

INFORMATION TECHNOLOGY
GOVERNANCE
WHAT IS GOVERNANCE?
▪ Refers to the act or process of
governing or overseeing the control
and direction of something (such as
a country or an organization).
(Reference: Merriam-Webster)

▪ Encompasses the system by which


an organization is controlled and
operates, and the mechanisms by
which it, and its people, are held to
account.
(Reference: Governance Institute of Australia)

4
© Stephen Sonn Centeno, 2024
DIFFERENT TYPES OF GOVERNANCE
CORPORATE GOVERNANCE
Refers to the combination of
rules, processes and laws by
which businesses are operated,
CORPORATE regulated and controlled.
GOVERNANCE

5
© Stephen Sonn Centeno, 2024
DIFFERENT TYPES OF GOVERNANCE
DATA GOVERNANCE
DATA Refers to the process of
GOVERNANCE
managing the availability,
usability, integrity and security of
CORPORATE the data in enterprise systems,
GOVERNANCE based on internal data standards
and policies that also control
data usage.

6
© Stephen Sonn Centeno, 2024
WHY DATA GOVERNANCE MATTERS?

Source: https://www.techtarget.com/searchdatamanagement/definition/data-governance

7
© Stephen Sonn Centeno, 2024
KEY PARTICIPANTS IN DATA GOVERNANCE

Source: https://www.techtarget.com/searchdatamanagement/definition/data-governance 8
© Stephen Sonn Centeno, 2024
DATA GOVERNANCE FRAMEWORK &
IMPLEMENTATION
PEOPLE PROCESS
Before implementing a data
Once the structure is in place, data
governance framework, owners or
governance policies, data standards,
custodians of different data
rules, controls and audit procedures
assets, or designated surrogates,
must be developed and documented
involved in the governance
to establish clarity on how governance
program should be identified.
is to be carried out.

TECHNOLOGY
Data governance software can be used to automate aspects of managing a governance program.
While data governance tools aren't a mandatory framework component, they support program and
workflow management, collaboration, development of governance policies, process
documentation, and other functions. 9
© Stephen Sonn Centeno, 2024
DIFFERENT TYPES OF GOVERNANCE
IT GOVERNANCE
DATA ▪ Defined as the processes that
GOVERNANCE
ensure the effective and
efficient use of IT in enabling
CORPORATE an organization to achieve its
GOVERNANCE goals.
▪ Provides a structure for
IT aligning IT strategy with
GOVERNANCE
business strategy.

10
© Stephen Sonn Centeno, 2024
WHAT IS AN IT GOVERNANCE FRAMEWORK?

▪ Refers to a type of framework that defines the ways and methods through
which an organization can implement, manage and monitor IT governance
within an organization.
▪ An ITG framework typically provides reference models
for:
✓ IT processes;
✓ process inputs and outputs;
✓ key process objectives; and,
✓ performance measurement techniques.
11
© Stephen Sonn Centeno, 2024
COMMONLY USED IT GOVERNANCE FRAMEWORKS

Australian Standard (AS)


ISO/IEC 38500:2015 COBIT
8015:2005

IGPMM CMM ITIL

12
© Stephen Sonn Centeno, 2024
WHAT IS COBIT?

Published by ISACA, Control Objectives for


Information and Related Technologies (COBIT) is a
comprehensive framework of “globally accepted
practices, analytical tools and models” designed for
governance and management of enterprise IT.

The main COBIT framework has been created to link business goals with IT
operations. It is done by providing certain information metrics as well as
maturity models that help integrate the responsibilities of the IT and business
aspects in an organization and check the progress.
13
© Stephen Sonn Centeno, 2024
MAIN COMPONENTS OF COBIT

14
© Stephen Sonn Centeno, 2024
COBIT

15
© Stephen Sonn Centeno, 2024
WHAT IS ITIL?

The Information Technology Infrastructure Library


(ITIL) is a set of practices for IT service management
(ITSM) that focuses on aligning IT services with the
needs of business.

The goal of ITIL is for organizations to create predictable IT environments


and to deliver the best customer service possible to customers and clients by
streamlining processes and identifying opportunities to improve efficiency.

16
© Stephen Sonn Centeno, 2024
4 DIMENSIONS OF SERVICE MANAGEMENT PER ITIL

17
© Stephen Sonn Centeno, 2024
DIFFERENT TYPES OF GOVERNANCE
INFORMATION GOVERNANCE
DATA ▪ Information governance is a
GOVERNANCE
comprehensive strategy and
strategic framework that
CORPORATE organizations use to manage
GOVERNANCE information.
▪ This not only includes digital
INFORMATION IT information but also physical
GOVERNANCE GOVERNANCE
assets such as servers and
computers.
18
© Stephen Sonn Centeno, 2024
© Stephen Sonn Centeno, 2024

SECURITY THREATS TO
INFORMATION TECHNOLOGY
AND INFORMATION SYSTEM
UNDERSTANDING VULNERABILITIES & THREATS
VULNERABILITY

Refers to a weakness of an asset or


control that can be exploited by one or
more threats.

THREAT

Refers to a potential cause of an


unwanted incident which may result in
harm to a system or an organization.
20
© Stephen Sonn Centeno, 2024
RELATIONSHIP OF VULNERABILITIES & THREATS

VULNERABILITY

Unguarded warehouse without any


forms of surveillance

THREAT

Theft

21
© Stephen Sonn Centeno, 2024
RELATIONSHIP OF VULNERABILITIES & THREATS

VULNERABILITY

Use of unauthorized or pirated


software

THREAT

Lawsuit, virus/malware

22
© Stephen Sonn Centeno, 2024
KNOWLEDGE CHECK

VULNERABILITY VULNERABILITY

Complicated user interface Absence of backup procedures

VULNERABILITY THREAT

Default passwords not changed Clerical error during data input

THREAT THREAT

Failure of communication links Flooding

23
© Stephen Sonn Centeno, 2024
UNDERSTANDING RISKS

RISK

Refers to the potential that a given threat will exploit vulnerabilities of an asset or
group of assets and thereby cause harm to the organization.

Likelihood Consequence
Risk
(Occurrence) (Impact)

24
© Stephen Sonn Centeno, 2024
COMMON EXAMPLES OF THREATS TO IT & IS
SOFTWARE ATTACKS

Malware, short for “malicious software,”


refers to any intrusive software
developed by cybercriminals (often
called “hackers”) to steal data and
damage or destroy computers and
computer systems.

25
© Stephen Sonn Centeno, 2024
COMMON EXAMPLES OF THREATS TO IT & IS

▪ Refer to malwares attached to a document or ▪ Refer to malwares that rapidly replicates and
file that supports macros to execute its code spreads to any device within the network.
and spread from host to host.
▪ Unlike viruses, worms do not need host
▪ Once downloaded, the virus will lay dormant programs to disseminate.
until the file is opened and in use.
▪ A worm infects a device via a downloaded file
▪ Viruses are designed to disrupt a system’s or a network connection before it multiplies
ability to operate. As a result, viruses can and disperses at an exponential rate.
cause significant operational issues and data
▪ Like viruses, worms can severely disrupt the
loss.
operations of a device and cause data loss.
26
© Stephen Sonn Centeno, 2024
COMMON EXAMPLES OF THREATS TO IT & IS

▪ Refers to a harmful piece of software that ▪ A bot is a malicious software application


looks legitimate. Users are typically tricked designed to hijack and spread to various
into loading and executing it on their systems. computer devices and create a network of
After it is activated, it can achieve any number bots (also called a botnet) that performs
of attacks on the host, automated tasks on command without end-
▪ Unlike viruses and worms, Trojans do not user interaction.
reproduce by infecting other files nor do they ▪ This type of self-propagating malware can also
self-replicate. Trojans must spread through connect back to central servers created by the
user interaction such as opening an e-mail malware bot instigators.
attachment or downloading and running a file
27
from the Internet. © Stephen Sonn Centeno, 2024
COMMON EXAMPLES OF THREATS TO IT & IS

▪ Refers to a malicious software used to collect ▪ Refers to a malware that runs secretly on a
data on your computer usage and provide computer and reports back to a remote user.
appropriate advertisements to you. Rather than simply disrupting a device’s
▪ Adware can redirect your browser to unsafe operations, spyware targets sensitive
sites, and it can even contain Trojan horses information and can grant remote access to
and spyware. predators.

▪ Additionally, significant levels of adware can ▪ Often used to steal financial or personal
slow down your system noticeably. information. A specific type of spyware is a
keylogger, which records your keystrokes to
reveal passwords and personal information.
28
© Stephen Sonn Centeno, 2024
COMMON EXAMPLES OF THREATS TO IT & IS

▪ Refers to a malware that gains access to ▪ Refers to a type of clandestine software that
sensitive information within a system, enables hackers to remotely access and
encrypts that information so that the user possibly control a computer undetected.
cannot access it, and then demands a financial
▪ Rootkits can also conceal other malware, like
payout for the data to be released.
keyloggers or spyware. This type of malware
can affect a computer’s performance and steal
personal or commercial data.
▪ Rootkits can be spread through phishing
emails, malicious attachments, or
compromised shared drives. 29
© Stephen Sonn Centeno, 2024
COMMON EXAMPLES OF THREATS TO IT & IS
THEFT OF INTELLECTUAL PROPERTY

Refers to the unauthorized use of


intellectual property that is considered
as a violation against intellectual
property rights, which involves
copyright and patents, among others.

30
© Stephen Sonn Centeno, 2024
COMMON EXAMPLES OF THREATS TO IT & IS
IDENTITY THEFT

Refers to the action of impersonating


someone in order to acquire his/her
information. This issue is popular across
social media where a hacker can act like
someone else and access the latter’s
account with the use of log-in
credentials.

31
© Stephen Sonn Centeno, 2024
COMMON EXAMPLES OF THREATS TO IT & IS
INFORMATION EXTORTION

Refers to the stealing of a business


organization’s information for a certain
amount of money. An example of
information extortion is through the use
of ransomware where a hacker could
lock information and demand money for
its unlocking.

32
© Stephen Sonn Centeno, 2024
COMMON EXAMPLES OF THREATS TO IT & IS
THEFT OF EQUIPMENT &INFORMATION

Refers to the stealing of information and


physical assets within an organization.

33
© Stephen Sonn Centeno, 2024
COMMON EXAMPLES OF THREATS TO IT & IS
SABOTAGE

Sabotaging a company with the use of


technology could be through destroying
their website which would lead to
customer dissatisfaction.

34
© Stephen Sonn Centeno, 2024
© Stephen Sonn Centeno, 2024

SECURITY THREATS TO
INTERNET SERVICES
MOST COMMON INTERNET THREATS

MAN-IN-THE-MIDDLE
COMPUTER VIRUS COMPUTER WORM
ATTACK

ROGUE SECURITY
DOS & DDOS ATTACKS SPAM
SOFTWARE

TROJAN HORSE PHISHING KEYLOGGERS

ADWARE & SPYWARE ROOTKIT PHARMING

SQL INJECTION
ATTACK
36
© Stephen Sonn Centeno, 2024
SOLUTIONS TO OVERCOME SECURITY THREATS

Install an anti-virus software.

Ensure that the anti-virus software is up-to-date.

Employ a firewall to protect networks.

Filter all e-mail traffic.

Back-up critical data regularly.

Educate users about suspicious e-mails.

37
© Stephen Sonn Centeno, 2024
SOLUTIONS TO OVERCOME SECURITY THREATS

Scan downloads from the Internet.

Implement an information security policy.

Implement and monitor user and systems logs.

Create and report an incident response plan.

Restrict end-user access to systems.

38
© Stephen Sonn Centeno, 2024
© Stephen Sonn Centeno, 2024

COMMON ISSUES IN
INFORMATION TECHNOLOGY
COMMON ISSUES IN INFORMATION TECHNOLOGY

PRIVACY

HACKING

VIRUS

DATA ACCESS RIGHTS

PLAGIARISM

ERGONOMY

HEALTH ISSUES

40
© Stephen Sonn Centeno, 2024
Thanks!
Any questions?

41
© Stephen Sonn Centeno, 2024
Reference:
IT Application Tools in Business
2021 Edition
Rolou Lyn Rodriguez Maata and Ronina Caoili-Tayuan
ISBN: 978-971-98-1580-8, © 2021 C&E Publishing, Inc.

© Stephen Sonn Centeno, 2024

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy