Writing - Security #1

Research the laws that apply to the use and misuse of IT in your country. Describe the crimes they cover and the punishments. Explain one problem that might arise from having disparate global laws relating to computer security. [8 marks]

http://www.worldlii.org/int/other/PrivLRes/2005/2.html

Act on Promotion of Information and Communication Network Utilization and information Protection, etc.

Misuse:

distribution/abuse/faking of personal information without consent

Use of uncensored material

Trade of illegal information

Distribution of advertising material

→ fees and detention

The Act on Promotion of Information and Communication Network Utilization and information Protection helps to protect the citizens’ personal information from cyber criminals and attackers. It states that, if one distributes, abuses, or fakes one’s personal information without consent, post or download uncensored material or pornography, if one trades illegal information such as others’ addresses, ID numbers, or other private information, or illegally distributes advertising material such as popups that are not legally accepted, there will be negative consequences such as fees or detention. Also, South Korean citizens must not access North Korean media of any sort, and should not harass or insult anyone on the internet as punishment(mostly fees) is possible.

The government blocks porn from the internet, and does not allow the ‘map data’ of Korea to be exported outside of the country, which creates hardship for such companies as Google to provide mapping data as their servers are located overseas.

Teenagers under the age of 16 cannot play games after 10PM. They are automatically locked out of the game due to their ID verification. Adults must provide their ID number if they want to continue playing games after 10PM.

Twitter user Park Jung-geun retweeted posts from a North Korean account as a joke, then spent a month in detention and two years in court before his conviction and suspended jail term for promoting anti-state activity was overturned on appeal in August 2013.

Other courts sentenced at least three people for defaming the president on the internet in the past year, including one to eighteen months in prison in November 2013.

Problems that might arise:

One server that is posting illegal content on a specific country A could be geographically located at B so that the server could not be punished according to country A’s laws.

For example, a cloud server containing child pornography which user in country A saved could be located in country B. Even if it is illegal to save or share such material in country A, the country cannot restrict that user because the server is located in country B thus follows country B’s laws which could be less strict on those types of media, thus making it impossible to punish the user.

Writing - Security #2

Article - read this article and respond to the following:

a) Explain how the IT system works and what the social/ethical implications might be (4 marks)

IT SYSTEM: Face-recognition; authentication server that collects users’ facial data

The personal device(phones or laptops) scans the users’ face, and then sends it to Google’s authentication server in order to check if the face is identical to the face that is stored on Google’s authentication server so that they can compare the two photos. In Google’s case, some pictures that user A has taken was uploaded automatically to Google Photos in order to create an unique template to identify another user, B, who was unintently in the pictures.

Social/Ethical implications:

Privacy/Anonymity

b) Describe what the risks might be if this system were applied by a law enforcement agency and then returned false negatives or false positive (4 marks)

If that system was applied by a law enforcement agency and then returned false negatives or false negatives, the risks are that since the authentication method would return false positives or negatives, it is highly possible that strangers could authenticate to someone else’s devices, account, or pictures, or maybe situations in which the actual owner cannot access their own files and pictures.

c) Discuss the benefits and drawbacks of using such a system (8 marks)

The benefits of using such a system gives many benefits; first of all, it allows people to not waste their time categorizing their pictures and allow fast access to the pictures wherever with any device with internet, via Google Photos. Also, it saves time because it will automatically sort out the faces of others and automatically categorize them that way so that others can find their pictures without the owner actually tagging them one by one.

However, as this is an automated system, it can be a critical concern for those worrying about their privacy and their identity online. People in pictures that were unintendedly in the picture could be tagged and identified, and because the system does not ask for the person’s consent, it could lead to consent issues and also cause concerns with biometric data, as the server will automatically save facial features for future use.

Writing #3

Discuss appropriate security measures a small business should employ to safeguard themselves

Investigation

1. Identify the area of impact the scenario relates to

2. Identify all ITGS terminology and phrases (IT and social/ethical)

Strand 1: Reliability, Security, Surveillance, Authenticity

Strand 2: Data logging, Law and order → small business

Strand 3: Hardware, Software, Networks

Stakeholders: Employees, Company, CEO, Managing staff, Those trying to access the company server

→ antivirus or firewall could be also used to ensure security inside the company

3. Describe one ITGS social/ethical concern in the article.

Reliability: Authentication servers of the company must not have any means of errors, malfunction, or any server downtime and must be reliable enough so that there are no vulnerabilities that might open a door for access for outsiders and also so that workers of the company itself would not have any problems or inconvenience trying to use the authentication server.

4. Describe the relationship of the main stakeholders to the IT system.

The employees of the company will have to keep their authentication methods secret; they will also have to be sure and trust the authentication server and follow all directions at all times so that the server can stay secure and the company secure as well.

The managing staff has to make sure that the systems are all in place and make sure that the systems they choose are robust and trustworthy. It is also their responsibility to allocate staff so that the authentication server is maintained thoroughly.

The hackers or those trying to access the company server, however, will have to find new methods to crack the system and also to find new ways that they could hack without leaving a trace and getting arrested.

5. Explain the relationship between the IT system and the social/ethical issue identified in question 3.

First of all, the authentication server has to be reliable so that all people can access it at all times, because it will cause a great difficulty if the authentication server goes down thus employees cannot log in or authenticate into the system. Then, the security of the system is also important as it needs to be trustworthy and sure that there are no vulnerabilities that hackers might be able to take advantage of. A steady surveillance is needed; server managers must monitor and survey the logs of access & files of the authentication server so that they can make sure no absurd activity is seen in the server. Last of all, employees must authenticate the ‘original’ way and must take no means to authenticate a different way as it can cause confusion in the authentication server and might create false alarms.

6. Discuss at least one problem that relates to the impacts of the social/ethical issue.

First of all, the first problem could be that the server cannot be reliable thus people might not be able to access the authentication server making it impossible to authenticate properly and causing difficulties in authentication. The other one is that if the methods of authentication are too strict or difficult, employees might forget or find it time consuming and irritating to authenticate securely every time, or recovering their methods of validation.

7. Evaluate one solution that addresses the problem identified

One solution is managing the server and maintaining it consistently so that there would be a lower chance of the server breaking down, and also always running a backup server in case the main one shuts down. The solution for the other problem is that making the authentication method simple but secure such as using OTPs or one-time passwords for authentication that the employees could easily access with their email when requested.

#SecurityUnit