AIS 1 Chapter 7
IT Governance, Ethical, and Security Issues in Information
Technology
1 INFORMATION TECHNOLOGY GOVERNANCE - THE
MANAGEMENT AND CONTROL OF INFORMATION
TECHNOLOGY
Data Governance (DG)
● basic level that implements IG
● refers to the involvement of various processes and
controls in order to ensure that data and information
gathered are unique, true, and accurate and can meet the
prescribed standards and business rules in a system
● data cleansing or data scrubbing - strips out
inaccurate, corrupted, and duplicated data in order to
eliminate the amount of redundancy
Elements of DG
★ People
★ Process
★ Technology
Information Technology Governance (ITG)
● assures stakeholders that a business investments in IT
create high business value and contribute toward
meeting laudable business objectives
● chief information officer
Control Objectives for Information and Related Technology
(CobIT)
● It is developed under the Information Systems Audit
and Control Association (ISACA)
● CobiT deals with many issues and concerns related to
technical issues, compliance, control requirements, and
risks in business
Control
● Reducing IT risks and gaining more business value
from IT
● Assisting in the completion of regulatory compliance
requirements
● Employing a structured approach to improve the
reporting and decision-making of the management of an
organization
● Presenting a valuable solution to control assessment
and project implementation in order to enhance IT asset
control
Three Basic Organizational Levels of CobiT
● Top management - involves decision-makers, including
the board of directors and executive management
● IT management and business management
● Security level of governance, control, and workers
PCMR (plan, create, run, and monitor)
★ Plan and categorize
★ Acquire and apply
★ Deliver and support
★ Monitor and evaluate
Information Technology Infrastructure Library (ITIL)
● to regulate the delivery of its IT services management
● widely acceptable for both public and private sectors
● Compared with other ITG frameworks, ITIL offers
fundamental guidance to business organizations on the
use of IT tools that facilitate change and transform
business
Information Governance (IG)
● The IG approach focuses on how an organization
controls its information generated by IT and other
office-related systems
● To control information assets, reduce risks, ensure the
compliance with rules and regulations, implement
information security, and improve information quality
and accessibility
Electronic Mail (E-mail)
● E-mail is considered as the number one communication
channel in small, medium and large enterprises
● Email archiving is a method of e-mail management and
information governance practice
2 SECURITY THREATS TO INFORMATION TECHNOLOGY
AND INFORMATION SYSTEM
Malware/ Malicious Software
● is a program or code that is designed to infiltrate a
system and execute malicious operations and controls
Infection Methods
Virus
● has the ability to clone itself multiple times and attach
itself to a program of a computer through files
● The first virus detected by ARPANET was the Creeper
Virus
Worms
● it infects computers that are within a network
● A worm does not cause harm unlike a virus, but it can
consume space in a computer hard disk, thereby
affecting speed
Trojan
● from the Trojan Horse of Greek mythology
● hides itself inconspicuously inside a seemingly
legitimate software
● Examples are proxy Trojans, remote access Trojans,
and FTP Trojans
● steal information
Bots
● Bots are advanced versions of worms that do not
require human interaction to work
● Botnet is a network of infected systems formed by the
connection of different systems affected by a malicious
bot
Malware Actions
Adware
● Not malicious but breaches privacy
● It is normally associated with free software
Spyware
● a spy by monitoring computer activities and gathering
information
● A common spyware is the keylogger - records
timestamped keystrokes of a user and takes important
personal information
Ransomware
● has the ability to encrypt files and lock a computer,
rendering them inaccessible for extorting money
Rootkits
● devised to give a hacker administrative control in the
system
Scareware
● disguises itself as a tool that will help fix a computer
system
Zombies
● it stays put until commanded by the hacker
Theft of Intellectual Property
● violation against intellectual property rights
Identity Theft
● action of impersonating someone in order to acquire
his/her information
Information Extortion
● stealing of business information for a certain amount of
money
Theft of Equipment and Information
● steal information and gadgets
Sabotage
● destroying website leading to customer dissatisfaction
3 SECURITY THREATS TO INTERNET SERVICES
Types of Computer Security Threats and Common Internet Threats
● Computer virus - sending spam messages, deactivating
security settings, stealing data, deleting files and
applications
● Rogue security software - used to deceive users that the
system is infected with a virus
● Trojan horse
● Adware - Pop-ups can affect Internet and computer
processor speeds
● Spyware
● Computer worm - contact lists
● DoS and DDoS attacks
★ denial-of-service (DoS) - caused by a
computer system connected to the Internet
★ distributed denial-of-service (DDoS) -
launched from several computers, and the
number of computers involved can range
from just a couple of them to thousands or
even more
● Phishing - involves collecting sensitive user
information, usually passwords and credit card numbers
● Rootkit
● SQL injection attack - harmful issues against data
confidentiality
● Man-in-the-middle attack - to tap and listen to
conversations between two people
● Spam - Junk Mail/Spam folder
● Keyloggers
● Pharming - a more complicated version of phishing
misuses the domain name system (DNS), fake login
page
Solutions to Overcome Security Threats
● Install an antivirus software
● Ensure that the anti-virus software is up-to-date
● Employ a firewall to protect networks - A firewall
enables a user to communicate outward while blocking
unauthorized entry or access of external systems
● Filter all email traffic
● Back-up critical data regularly
● Educate users about suspicious emails
● Scan downloads from the Internet
● Implement an information security policy
● Implement and monitor user and systems logs
● Create and report an incident response plan
● Restrict end-user access to systems

4 ETHICAL ISSUES IN INFORMATION TECHNOLOGY

● Privacy - right to determine what information they like
others to know
Internet privacy - refers to the privacy and security of
personal data published online
● Hacking - A hacker is a person who breaks
programming codes and passwords
● Virus - malicious software that damages a computer
system upon its installation
● Data access rights - is the permission granting the
location and reading of digital information to a user or
computer program
● Plagiarism - taking or copying the work of others found
online
Plagiarism in IT is the act of mimicking
● Ergonomy refers to the improvement of IT tools to
make them more efficient for users

technology innovation regarding health care in relation to IT

● Health informatics
● Mobile health and BYOD
● Wireless networking
● Telemedicine
● Patient engagement
● Clinical data analysis
● Storage infrastructure
● cloud-based electronic health record system