Legal also required that the information is
Legal IssuesInformation, data and computers need laws around them toprotect them from being misused and having a negative impact on something orsomeone. These laws affect the overall use of information. Acts effect the useof information. The three main Acts are; the Data Protection Act 1998, the Freedomof Information Act 2000 and the Computer Misuse Act 1990.Data Protection Act 1998 (DPA)The Data Protection Act 1998 was written so that all privateinformation is managed with due care.
The Act requires that anyone’s personalinformation is available to them i.e. what information and where it’s held beit on computers or paper.
We Will Write a Custom Essay Specifically
For You For Only $13.90/page!
It is also required that the information is includedin the DPA registrar. The information included should comply with the DPA’sprinciples of information management which are as follows:· Fairly and lawfully processed· Processed for limited purposes· Adequate, relevant and not excessive· Accurate and up to date· Not kept for longer than is necessary· Processed in line with your rights· Secure and not transferred to other countrieswithout adequate protection.(Data protection principles, 2018)Freedom of Information Act 2000 (FIA)The Freedom of Information Act 2000 allows individuals andorganisations rights to request information from public authority’s e.g. centralgovernment, local government, educational facilities and law enforcement.
Oncea request has been made the authorities must respond within 20 days either withthe information or with an exemption to the FIA such as if the informationcould affect the security of a nation or region or if it could affectcommercial interests.Computer Misuse Act 1990 (CMA)The Computer Misuse Act 1990 was passed by parliament to protectcomputers from attacks and the stealing of information. There are threeoffences explained in the act:· Unauthorised access to any computer program ordata – the most common form of this is using someone else’s user ID andpassword but can include hacking.· Unauthorised access with intent to commit aserious crime, this can include spreading a virus.· Unauthorised modification of computer contents.This means impairing the operation of a computer, a program or the reliabilityof data.
It also includes preventing access to any program or data. An example ismodifying or destroying another user’s files or changing financial oradministrative data.Ethical IssuesCodes of Practice (COD)A code of practice is normally set up within an organisationto make clear the acceptable use of their computer facilities such as tosupport the organisations purpose and the degree to which private use of acomputer is allowed. Points and fields normally covered in a COD are:· Use of Email: Spam, abuse, harassment, threats orlots of unsolicited emails are normally always banned. The usual allowed useand purpose of email is for users to use it for private purposes.· Use of Internet: Any websites such aspornography and gambling that would be considered unsavoury would normally befiltered by a filtering software but for those websites that aren’t filteredthey are normally banned. Personal limited use of the internet is normallyallowed.
However if an organisation has a web server, there are normally tightrules on there as to what can be posted on it. · Whistle Blowing: The code protects users thatwant to confess other users misuse of systems, this apply especially for ITadministrators. Organisational PoliciesPolicies an organisation has will affect the use and conductof information. Policies will be different within different types oforganisation and therefore information will be managed differently withindifferent organisations. In a large organisation with a tall hierarchalstructure (many staff levels) information will be more restricted andneed-to-know based. For example there information may be held in a secure datacentre where staff there can restrict who can see and change certaininformation.
In a small decentralised organisation information will berestricted less and for more practical reasons and instead of data centres theyare more likely to have limited or no direct connectivity between theirdifferent computers. This drawback of this is that staff at one location mightnot be able to access information help at another.Information OwnershipDepartment’s own the information they output within anorganisation and are responsible for all of it; making sure the information isentered into the computer system on time, correctly and consistently. Althoughinformation is owned by different departments as they supply, process andproduce information it is guarded by the IT department as they make sure it issecure (the IT department don’t own the information). There are exceptions todepartmental ownership such as internal IT information i.e. computer networkperformance.
OperationalIssuesSecurity of InformationThe proper security of information means that it is safefrom unauthorised access that may lead to negative alteration or destruction ofthe information. The IT department of a business is always responsible for thearrangement and advisement of the security, rules and authorisation of thebusinesses information. To secure information the IT department need to knowfrom management who is authorised to see, update, edit or delete differentinformation.
In the example of a small business it may be the case thateveryone can see information but only certain people can change it. Largerbusinesses will have more complex rules and authorisation. In return, managementrequire a log of who has viewed or updated the information from the ITdepartment.BackupsBackups are duplicates of information that are kept in thecase of information being lost, corrupted or in any way depreciated from theoriginal information which is saved in the backup. The more frequently backupsare made the more safe the information is. A backup can be full i.e. allinformation or partial i.
e. the changes made since the last full backup. The ITdepartment of a business should also every now and then be restoringinformation from a full backup and then apply partial backups.
Health and SafetyInformation systems themselves are low risk, however thereare some issues to do with health and safety such as the improper positioningand use of monitors. Additionally issues lie around the use of keyboards, mice,seating and furniture being properly positioned. Users should also have accessto eye tests and breaks from sitting at a computer.Organisational PoliciesOrganisations will have their own unique policies that staffare made to follow which covers everything from using information systems tomaintaining the security of information to changing information that seemswrong.Business Continuance Plans(BCP)A business continuance plan (BCP) is an organisations planto ensure continued operations. IT if an important and integral part of anybusiness and therefore it should reflect in the BCP what should be done if anIT system fails. If an IT system fails a measure that an IT department may haveput in place to ensure the continued running of a service is to have a dualnetwork so that if one fails there is another to provide the service howeverlimited it may be compared to the first.
A business will need to make decisions about their BCP andwhether they want to include certain precautionary measures in it or not suchas having more tills than necessary at a shop in case one fails. Bear in mindthat not every possible failure that might occur will be included in a BCP, buta business will try their best to think and cover as many as possible.CostsNo matter what type of business you are you will have ITprojects with costs that need to be managed. The total payback of an IT projectshould be much larger than its costs. In a business case for an IT projectthere are two areas of cost to consider:· AdditionalResources Required: In an IT department there will be the ongoing costsi.e. resources of running a system.
A new system means large one-off costsincluding new equipment, installation, testing and training.· Cost ofDevelopment: A big amount of a budget is normally spent on a new computersystem. With a new system there will also be its continued costs of running suchas small changes and such to suit the organisation’s needs.Impact of Increasing Sophisticationof SystemsDue to the increased rate and level of technological advancetoday we have much more powerful computers.
Thanks to this it now means thatnew systems are a lot more sophisticated, for example, automation systems thatneed less user training. However they do need:· MoreTrained Personnel: The more sophisticated a system is the larger the amountand variety of different equipment, basic computing features, processes,transactions, queries and reports there are and so the more training is needed.· MoreComplex Software: Development software’s these days hide their complicitieswhich allows them to concentration on the business problems the new system willsolve, creating an overall more sophisticated and complex systems. However,problems that do occur might have to be solved by a development softwareprofessional and a business software specialist together.