Legal Misuse Act 1990 (CMA) The Computer Misuse

Legal IssuesInformation, data and computers need laws around them toprotect them from being misused and having a negative impact on something orsomeone. These laws affect the overall use of information. Acts effect the useof information. The three main Acts are; the Data Protection Act 1998, the Freedomof Information Act 2000 and the Computer Misuse Act 1990.

Data Protection Act 1998 (DPA)The Data Protection Act 1998 was written so that all privateinformation is managed with due care. The Act requires that anyone’s personalinformation is available to them i.e. what information and where it’s held beit on computers or paper. It is also required that the information is includedin the DPA registrar. The information included should comply with the DPA’sprinciples of information management which are as follows:·        Fairly and lawfully processed·        Processed for limited purposes·        Adequate, relevant and not excessive·        Accurate and up to date·        Not kept for longer than is necessary·        Processed in line with your rights·        Secure and not transferred to other countrieswithout adequate protection.

(Data protection principles, 2018)Freedom of Information Act 2000 (FIA)The Freedom of Information Act 2000 allows individuals andorganisations rights to request information from public authority’s e.g. centralgovernment, local government, educational facilities and law enforcement. Oncea request has been made the authorities must respond within 20 days either withthe information or with an exemption to the FIA such as if the informationcould affect the security of a nation or region or if it could affectcommercial interests.Computer Misuse Act 1990 (CMA)The Computer Misuse Act 1990 was passed by parliament to protectcomputers from attacks and the stealing of information. There are threeoffences explained in the act:·        Unauthorised access to any computer program ordata – the most common form of this is using someone else’s user ID andpassword but can include hacking.·        Unauthorised access with intent to commit aserious crime, this can include spreading a virus.·        Unauthorised modification of computer contents.

This means impairing the operation of a computer, a program or the reliabilityof data. It also includes preventing access to any program or data. An example ismodifying or destroying another user’s files or changing financial oradministrative data.Ethical IssuesCodes of Practice (COD)A code of practice is normally set up within an organisationto make clear the acceptable use of their computer facilities such as tosupport the organisations purpose and the degree to which private use of acomputer is allowed.

Best services for writing your paper according to Trustpilot

Premium Partner
From $18.00 per page
4,8 / 5
4,80
Writers Experience
4,80
Delivery
4,90
Support
4,70
Price
Recommended Service
From $13.90 per page
4,6 / 5
4,70
Writers Experience
4,70
Delivery
4,60
Support
4,60
Price
From $20.00 per page
4,5 / 5
4,80
Writers Experience
4,50
Delivery
4,40
Support
4,10
Price
* All Partners were chosen among 50+ writing services by our Customer Satisfaction Team

Points and fields normally covered in a COD are:·        Use of Email: Spam, abuse, harassment, threats orlots of unsolicited emails are normally always banned. The usual allowed useand purpose of email is for users to use it for private purposes.·        Use of Internet: Any websites such aspornography and gambling that would be considered unsavoury would normally befiltered by a filtering software but for those websites that aren’t filteredthey are normally banned. Personal limited use of the internet is normallyallowed. However if an organisation has a web server, there are normally tightrules on there as to what can be posted on it. ·        Whistle Blowing: The code protects users thatwant to confess other users misuse of systems, this apply especially for ITadministrators. Organisational PoliciesPolicies an organisation has will affect the use and conductof information. Policies will be different within different types oforganisation and therefore information will be managed differently withindifferent organisations.

In a large organisation with a tall hierarchalstructure (many staff levels) information will be more restricted andneed-to-know based. For example there information may be held in a secure datacentre where staff there can restrict who can see and change certaininformation. In a small decentralised organisation information will berestricted less and for more practical reasons and instead of data centres theyare more likely to have limited or no direct connectivity between theirdifferent computers.

This drawback of this is that staff at one location mightnot be able to access information help at another.Information OwnershipDepartment’s own the information they output within anorganisation and are responsible for all of it; making sure the information isentered into the computer system on time, correctly and consistently. Althoughinformation is owned by different departments as they supply, process andproduce information it is guarded by the IT department as they make sure it issecure (the IT department don’t own the information). There are exceptions todepartmental ownership such as internal IT information i.e.

computer networkperformance. OperationalIssuesSecurity of InformationThe proper security of information means that it is safefrom unauthorised access that may lead to negative alteration or destruction ofthe information. The IT department of a business is always responsible for thearrangement and advisement of the security, rules and authorisation of thebusinesses information.

To secure information the IT department need to knowfrom management who is authorised to see, update, edit or delete differentinformation. In the example of a small business it may be the case thateveryone can see information but only certain people can change it. Largerbusinesses will have more complex rules and authorisation.

In return, managementrequire a log of who has viewed or updated the information from the ITdepartment.BackupsBackups are duplicates of information that are kept in thecase of information being lost, corrupted or in any way depreciated from theoriginal information which is saved in the backup. The more frequently backupsare made the more safe the information is. A backup can be full i.e. allinformation or partial i.e. the changes made since the last full backup.

The ITdepartment of a business should also every now and then be restoringinformation from a full backup and then apply partial backups.Health and SafetyInformation systems themselves are low risk, however thereare some issues to do with health and safety such as the improper positioningand use of monitors. Additionally issues lie around the use of keyboards, mice,seating and furniture being properly positioned. Users should also have accessto eye tests and breaks from sitting at a computer.Organisational PoliciesOrganisations will have their own unique policies that staffare made to follow which covers everything from using information systems tomaintaining the security of information to changing information that seemswrong.Business Continuance Plans(BCP)A business continuance plan (BCP) is an organisations planto ensure continued operations. IT if an important and integral part of anybusiness and therefore it should reflect in the BCP what should be done if anIT system fails.

If an IT system fails a measure that an IT department may haveput in place to ensure the continued running of a service is to have a dualnetwork so that if one fails there is another to provide the service howeverlimited it may be compared to the first.A business will need to make decisions about their BCP and whetherthey want to include certain precautionary measures in it or not such as havingmore tills than necessary at a shop in case one fails. Bear in mind that not everypossible failure that might occur will be included in a BCP, but a businesswill try their best to think and cover as many as possible.

CostsNo matter what type of business you are you will have ITprojects with costs that need to be managed. The total payback of an IT projectshould be much larger than its costs. In a business case for an IT project thereare two areas of cost to consider:·        AdditionalResources Required: ·        The introduction of anew system often entails the one-off costs of new equipment purchase andinstallation, and user testing and training. In the IT department there areoften more resources needed and so there will be ongoing costs to run a newsystem.·        Cost of Development:·        This is usually a largepart of the budget for a new computer system. There will also be ongoing costsonce the system is running for minor changes to keep the system in line with theorganisation’s needs.Impact of IncreasingSophistication of SystemsEarly information systems often justautomated existing manual processes.

This meant that little user training wasneeded and the software was relatively simple. Today’s computing power meansthat systems are now becoming increasingly sophisticated. They need thefollowing.·        More Trained Personnel:Users often need training in how to use the equipment, the basic computing features,and the processes brought in with a new computer system and the transactions,queries and reports that form the new system.·        More Complex Software:Modern development software hides a lot of complexity from the applicationbuilder. This means they can focus on the business problems that the new systemwill solve, and create overall better and more complex systems.

However, whenthere are problems, it may need both a development software expert and abusiness software expert to work together to fix them.

x

Hi!
I'm Dora!

Would you like to get a custom essay? How about receiving a customized one?

Click here