1.9 Policies


Definition:


Policies are enforceable measures intended to promote appropriate and discourage inappropriate use
relating to information technologies. Policies consist of rules governing access to, or use of, information, hardware, software and networks.
Policies also affect the exchange of information, for example, by making it subject to copyright laws and
raising people’s awareness of plagiarism. In general, policies can promote or restrict access, guide behaviour, require the fulfillment of certain conditions prior to or during use, or need to be developed to address unforeseen issues such as cyber-bullying.

The Computer Misuse Act (1990)


The Computer Misuse Act of 1990 is a law in the UK that makes illegal certain activities, such as hacking into other people’s systems, misusing software, or helping a person to gain access to protected files of someone else's computer.
The Computer Misuse Act is split into three sections and makes the following acts illegal:

Unauthorised access to computer material (that is, a program or data).
Unauthorised access to a computer system with intent to commit another offense
Unauthorised modification of computer material.

The first section in the Computer Misuse Act forbids a person to use someone else’s identification to access a computer, run a program or obtain any data, even if no personal gain is involved in such access.
You also cannot change, copy, delete or move a program or attempt to obtain someone else's password.
The second provision in the Computer Misuse Act is gaining access to a computer system in order to commit or facilitate a crime.
You can’t use someone else’s system to send material that might be offensive or to start worms or viruses. You also can’t give someone your identification so they can use your system for this purpose.
Unauthorized Modification in the Computer Misuse Act means you can’t delete, change or corrupt data.
Again, if you put a virus into someone else’s system you would be violating the act.
Source: wisegeek.com a

Types of computer misuse


Hacking


Hacking is where an unauthorised person uses a network, Internet or modem connection to gain access past security passwords to see data stored on another computer.

Data misuse and unauthorised transfer or copying

Copying and illegal transfer of data is very quick and easy using online computers and large storage devices such as hard disks, memory sticks and DVDs. Personal data, company research and intellectual property, cannot be copied without the copyright holder's permission.

Copying and distributing copyrighted software, music and film

This includes copying music and movies with computer equipment and distributing it on the Internet without the copyright holder's permission.

Email and chat room abuses

Internet services such as chat rooms and email have been the subject of impersonation. Chat rooms have been used to spread rumours about well known personalities. A growing area of abuse of the Internet is email spam, where millions of emails are sent to advertise both legal and illegal products and services.

Pornography

Pornography is available through the Internet and can be stored in electronic form. There have been several cases of material, which is classified as illegal, being found stored on computers followed by prosecutions for possession of the material.

Identity and financial abuses

This topic includes misuse of stolen or fictional credit card numbers, and use of computers in financial frauds. These can range from complex well thought out deceptions to simple uses such as printing counterfeit money with printers

Viruses

Viruses are relatively simple programs written by people and designed to cause nuisance or damage to computers or their files.

Source: bbc.co.uk


data_protection-280x300.jpg



The Data Protection Act (1998)


For a simple overview, see:

http://itgs.wikispaces.com/dataprotectionact1998

The Data Protection Act 1998 is a United Kingdom Act of Parliament which defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs theprotection of personal data in the UK. Although the Act itself does not mention privacy, it was enacted to bring UK law into line with the European Directive of 1995 which required Member States to protect people's fundamental rights and freedoms and in particular their right to privacy with respect to the processing of personal data. In practice it provides a way for individuals to control information about themselves. Most of the Act does not apply to domestic use,[1] for example keeping a personal address book. Anyone holding personal data for other purposes is legally obliged to comply with this Act, subject to some exemptions. The Act defines eight data protection principles:

  • Data may only be used for the specific purposes for which it was collected.
  • Data must not be disclosed to other parties without the consent of the individual whom it is about, unless there is legislation or other overriding legitimate reason to share the information (for example, the prevention or detection of crime). It is an offence for Other Parties to obtain this personal data without authorisation.
  • Individuals have a right of access to the information held about them, subject to certain exceptions (for example, information held for the prevention or detection of crime).
  • Personal information may be kept for no longer than is necessary and must be kept up to date.
  • Personal information may not be sent outside the European Economic Area unless the individual whom it is about has consented or adequate protection is in place, for example by the use of a prescribed form of contract to govern the transmission of the data.
  • Subject to some exceptions for organisations that only do very simple processing, and for domestic use, all entities that process personal information must register with the Information Commissioner's Office.
  • Entities holding personal information are required to have adequate security measures in place. Those include technical measures (such as firewalls) and organisational measures (such as staff training).
  • Subjects have the right to have factually incorrect information corrected (note: this does not extend to matters of opinion)

Power point on Policies