100%(1)1 out of 1 people found this document helpful
This preview shows page 1 - 3 out of 6 pages.
The preview shows page 1 - 3 out of 6 pages.
Security EvaluationJedediah TerryStudent ID: 265096Program: MBA IT ManagementMentor: Paul MohammedMMT2- IT Strategic Solutions
Security EvaluationAEnergyCompany security policies in regards to ethical issuesThis report will analyze the effectiveness of the security policies in place at AEnergyCompany in regards toethical issues and security threats and will make recommended changes to mitigate and issues orthreats the company could face.Any security policy needs to be transparent and available to any user itaffects.Any system that collects data on the user needs to notify and gain acceptance as a condition ofthe use of the system by the user.This notification needs to be easily understood and completelyoutline what data will be collected and how that data will be used.Unethical uses by internal usersThere are two major potential unethical uses of company technology, accessing the location of devicesusing location tracking software and accessing private data.While the tracking of the physical locationof the company issued devices can help in the recovery of lost or stolen hardware, it also opens the doorfor anyone with access to the tracking system to essentially stalk an employee carrying the device.Anythird party that is actively tracking the location of another party is violating that party's privacy.While itmay be acceptable to track the device when it is being used during business hours, unless there is a wayto turn off the tracking outside of business hours, there is no guarantee of privacy.Tracking employeesoutside of business hours needs to needs to have a legitimate reason to do so (Carpenter, 2019).The second unethical potential use of company technology is to access private data.There are multipleavenues by which AEnergyCompany collects data, from information entered into its website by visitors toemployees' user ID, IP address, and location.Simply having this data does not pose an ethical issue, butunauthorized access to the data creates a significant legal and ethical issue.Data mining is a verylucrative business, which is how many search engines are able to operate for free to the end user.Thisshows that there is a large market for user data, so unauthorized access to the information couldpotentially release this information to third parties, breaching the reasonable expectation of privacythat all employees and users should have.Furthermore, a data breach of this nature could create a lotof negative PR, hurting the company financially from the potential loss of clients.