Exam Prep Case Study 2: Education and Training

Article URL

Criterion A

Describe one social/ethical concern related to the IT system.

The social and ethical concern is that the security of the school website is very low. This led to unauthorized access to classified material, which caused a lot of harm to several users.

Describe the relationship of one primary stakeholder to the IT system.
The main stakeholder in this case is the students who go to this school. By signing up for the schools, they are legally bound to allow the school to save all of their records. So their school reports, personal details such as name, email, Passport photocopy, achievements, etc. will all be saved on the school database.

Describe, step by step, how the IT system works. 
Essentially, the school's website is connected to a back end database. Therefore, whenever a school administrator enters the student's data on the database, it is saved. The administrator might be asked to verify the information entered to ensure its reliability (perhaps a double step verification). When the data entered is verified, it is sent over a network to the school's website. When the user logs in, they are given the ability to access the website. They can request information depending on what their login access allows. When the request is made, data is sent over to the database, and a query is made depending on the user's request, then it is sent back to the website and displayed on the screen. 

Explain the relationship between the IT system and the social/ethical concern described in Criterion A. 

The IT system is designed in such a way that it allows security to be breached. This is because of the lack of security procedures in place. The first problem is that the network that is used may not be secure, therefore it may be possible to intercept information and access the website that way. However, aside from that, since the website has a login page, it is possible to redirect the user to a bogus site and then steal login details like that (pharming). Alternatively, phishing could be used. Since as mentioned in the article, the same password was used to access both the school database and the school emails, it suggests that there are no strict requirements on the passwords to make sure that they are different than the ones on the database, therefore, it reduces the security of the system.

Criterion C

Evaluate the impact of the social/ethical issues on the relevant stakeholders. 

This system poses several concerns for the students. The main one is that their private data can be breached and released online. Other than that, the hackers who get unauthorized access to that information can sell it to third party organizations. which is another privacy breach. Another disadvantage is that with such a system, it may not be so reliable due to data redundancy issues in the database (especially if its a large school). This means that the student's data can be incorrect and can thus impact them in the future, especially when they apply to university, or to other schools. 

However there are several advantages for the student as well. The main one is that the website database system essentially allows them to access their details at any time from anywhere provided they have access to the internet. In addition to that, since all the data is saved on the database, it is easy for school administrators to finish up their records easily, so they can have all records in the same place. With a well designed database, if the student goes to university or transfers schools, it is very easy to move the documents.

Concerns for the school are many as well. The main one is the reliability of the website, if its unreliable and causes problems to the users then they can get used and their reputation will decrease a lot. In addition, it is very expensive to set up such a database and invest in security measures to be taken to ensure database security, website security. In addition to that, the school may have to invest in IT staff to design such a difficult system. Otherwise, the school would have to buy commercial software, which may not tend to all their needs. Another disadvantage to the school is that the school will have to rely on such a system, and if the system requires maintenance then it doesn't work. In addition, the website and database must be backed up in case some reliability issue occurs. Also, data must be encrypted.

Advantages for the school are that it is very easy to control the records, and it makes the job of the school administrators much easier. In addition to that, it can be backed up which means that it cannot be lost, unlike using a paper based database. Another advantage is that with the website database system, the school can employ online applications for new students and allow their students and parents to manage their accounts which makes them more trustworthy. And with the website, the school can advertise itself.

Overall, due to its convenience, the database system is required and hence must be used, even though it poses issues. Therefore, the issues must be reduced before a system is created. 

Criterion D

Evaluate one solution that addresses at least one problem identi ed in Criterion C. 

A problem identified in C was the fact that the system lacks security and hence could lead to data loss. There is one solution which could work for this.

Encrypting all the data sent to and fro from the database, AND encrypting all the database's content in case someone hacks it. This has several advantages and disadvantages.

The advantage of this solution is that if one manages to intercept information, or hack into the database, then the data is encrypted, therefore there is no security breach.

Disadvantages are that this may be expensive, and it still does not solve the problem if the hacker has access to a repeated password. And, with this encryption, only the student will be able to see their records, therefore when an administrator wants to create reports etc, they will have to go through the students count which is difficult and time consuming.

Exam Prep Case Study 1: Business and Employment

Article URL

Criterion A

Describe one social/ethical concern related to the IT system.

The privacy of the user's personal details is at stake. If ATM systems are misused using this 'skimming' technology, then the privacy of user credit card numbers and pins can be acquired, which can cause severe financial problems to the stakeholders: the hospital patients.

Describe the relationship of one primary stakeholder to the IT system.
The main stakeholder, the patients, are related closely to this IT system. Many decide to pay for their medical bills using cash, because many health organizations take some extra charge if a card is used. Therefore, since many patients do not carry enough cash with them, they may use the ATM machines at the hospitals. If they use an ATM machine which is 'skimmed' then they will lose their credit card information which is highly dangerous.


Criterion B

Describe, step by step, how the IT system works. 
An ATM machine works in a simple way. It is connected via a network to the bank's database computer. When the user enters their card, a card reader captures account information stored on the magnetic strip on the card. The processor then sends this information over the WAN network to the bank's database. The processor at the bank then matches the user's data to the database. If a match is found, then data is sent back over the WAN network, enabling the user to proceed. Using the keypad, the user is able to input what type of transaction they want to perform. Based on the input, the processor will send data to the bank, the processor there then calculates the transaction and makes the necessary changes. When that is done, data is sent back to the ATM machine. Then the processor sends instructions to the output devices (the printer and the cash dispenser) to print money/receipt. 

A skimmer essentially has a device which reads the magnetic information from the back of the card and creates a digital copy of that. It then stores it within a memory slot. It does not change the functionality of the ATM machine, it simply copies card information, so data is still send to the bank and so on. The other part of a skimming machine is the use of a camera, hidden such that it can capture the user entering their pin number. The camera is constantly on, and so it captures everything the user does, storing the captured footage on a memory card. This way, the scammers are able to create a bogus card using the data captured from the skimmer in order to steal money.

Explain the relationship between the IT system and the social/ethical concern described in Criterion A. 

The system is essentially a breach of credit card information which may lead to a loss of money. The manner in which ATM machines allow such a bogus skimming device to be installed allows for this breach of privacy. The ATM machine must be constructed in a way which prevents scammers from installing skimming devices. The problem with ATM machines is that they require the card to be inserted into the machine so that they can withdraw informations (not all ATM machines). This can then lead to skimming.

Criterion C

Evaluate the impact of the social/ethical issues on the relevant stakeholders. 

ATM machines of course have clear advantages, especially for a hospital or a business. The main one being that they attract more customers. Many customers nowadays do not carry cash with them, but instead only their credit cards. So by having an ATM machine installed in the building, customers are more inclined to go there. In addition to that, many outside customers may enter the shop or business just to use the ATM machine. But, that in itself can attract customers as they will be subjected to advertisements. Plus, for businesses which only deal with cash, if the customer has no cash with them, and is forced to go outside to an external ATM machine, they might be inclined to change their mind about buying the product, which may stray customers.Another advantage is that ATMs have a transaction fee. Therefore if a business installs an ATM, it may make money from people's transactions using it.

However, installing an ATM machine has several disadvantages for the business as well. The main one is the chance of Skimming which may occur. It is easy for users to dress up as 'technicians' and tamper with the ATM machines. Therefore, if customers are skimmed, it will ruin the image of the business which implemented the ATM machine. In addition to that, the addition of ATM machines may add unnecessary costs for the business, which may impact it negatively (especially if its a very small business). The cost of installation is added, plus the business must invest in security to ensure that the ATM machines are not tampered (cameras), as well as, routine checks on the ATM machines. It must also invest in educating its employees on how to check for skimming devices. Although rare, another problem is that the ATM machine might swallow the customer's cards, this means that the business must also hire technicians.

Criterion D

Evaluate one solution that addresses at least one problem identi ed in Criterion C. 

The best solution for the problems caused by the ATM machine is to set up a camera system and hire a security guard to watch over the ATM machine through the camera. This addresses the problem of skimming in the first place, preventing skimming devices to be installed. This solution has both advantages and disadvantages.

The advantages are that through this, the business can minimize the risks of skimming occurring in the first place, which solve all the social and ethical issues involved. It also sets a standard for the store, attracting even more customers.

However, it has two clear disadvantages as well; one, it is only as good as the security guard hired. If he takes a break or a rest, skimming may still occur. Another problem is that it is highly difficult to see accurately what exactly is happening through a camera. Plus, if the store is crowded and there are lots of customers around the ATM machine, it will be impossible to discern the skimmer. Finally, it adds lots of costs for the business.

GITEX Case Study

In GITEX, I saw a book scanner, which can basically scan a 500 page book in less than an hour.

At first this technology seemed like a great innovation, however, after some thought. it seems that it may have many social and ethical issues. 

Stakeholders: users of the scanning software, the company who made that software.

Strand 1:

This type of technology has several social and ethical issues. The main one is the reliability of the actual scanner. The scanner may not accurately scan all the pages, which can then lead to falsely documented books. This can cause problems in the future, if documents or manifesto's are falsely scanned and recorded. This is especially the case if a library wants to scan a very old rare book (like a history book). The book may have creased pages or worn out pages, which means that the scanner may not be able to actually accurately read the content, thus leading to incorrectly documented information. Another social and ethical concern is that these scanners can be purchased by anyone. The reason this is a social and ethical concern is because the person may purchase a book, scan it, and illegally distribute it. This is then a breach of copyright laws, since the intellectual property of an author distributed freely. Aside from free distribution, the person may simply sell electronic versions of the book to other people, for a cheaper price, which means that he makes profit (illegally) off of someone else's work. In addition to that, this scanner converts the book to PDF format too, which means that it has character recognition software which allows it to read text, copy and paste them into a PDF. This is another place where the reliability of the scanner is at stake, because depending on the quality of the scan, the quality of the book, and the font of the words, the reliability of the OCR software is altered.

Strand 2:

This type of technology can be implemented in several places. The first one that comes in mind is 'education and training'. If the company or school buys a book for training/teaching purposes, it can pay more to request a license from the book publishers. A license which allows the scanning of the book as long as it is only used in by the employees of that company. This makes it much cheaper overall for the company, than actually buying a separate book for each employee. Of course, this has a counter argument as well: there must be policies in place which ensure that the employees who have access to the scanned books don't distribute them. In addition, it links to 'environment' as well, since such a technology decreases the wastage of paper.

It can also link to 'government and politics', because the government may use this scanner to achieve files on specific people or events (like 9/11 files or CIA reports, etc.). However again, this has other implications, which are the security of the actual computers this data will be stored on, etc...

Strand 3:

Essentially, the IT system uses simple scanning to scan the pages. The first step is flattening the page being scanned on glass. This ensures that the surface is uniform, which means that the quality of the scanned work will be better. It uses a light source to illuminate the whole image, then a series of capacitors move across the glass, and capture all the detail. The reason such an IT system may be unreliable is because: if a book is really old and work out, then the first step (which is flattening the page) becomes really difficult. So when light shines upon the page, it may not fully illuminate the page, which leads to some of the page parts being 'shadowed'. Therefore, when the capacitors move across the page, they cannot detract all the writing and convert it. Aside from the printer perspective, there is also the OCR. Essentially, the way these work in such technology is like this: a page is scanned and turned into a picture file format, then the character recognition software scans the image, looking for text and characters. It compares the scanned text and characters to those in its database. If there is a match, then it pastes those characters in another document, creating an 'ebook' type file. If there is no match, then it moves on to the other characters. This is where mistakes in the scanning of the book can occur. The fonts are limited to those found in the OCR database. In addition to that, it becomes really hard to preserve books of other languages.

ZURICH INSURANCE LOSES DATA!

Stakeholders: customers, Zurich Insurance

Strand 1:

This article discusses how Zurich Insurance has lost the data of 46000 of its customers. This has several social and ethical concerns. The main one is that the customer's data was not secure. Which ultimately led to the loss of their data. This data that went missing could have been intercepted illegally by hackers. In addition to the lack of security, Zurich insurance had no plan to stop the missing data from being misused, if it went missing. Further, this lack of security, ultimately led to the privacy of the users being breached. The stolen information could be sold to third party organizations, used for fraud, or even identity theft. Furthermore, another lack of security was due to the fact that there was no system in place, in order to check if the data in the database was missing or not, which is why Zurich only found out about the missing data a year later. The system used by Zurich to transfer data to a data storage area was unreliable.

Strand 2:

This affects many scenarios. The most of important one is business and employment. If such a scandal happens, the company loses a lot of reputation, which may lead it to becoming bankrupt. This causes all its employees to leave, and since they come from a company of bad reputation, it may be difficult for them to get jobs at any insurance firm. However, such scandals may benefit the world as a whole, because it would force other companies to strengthen their security to ensure user privacy; hence making it much harder for data to get lost and/or misused.



Strand 3:

There are several IT systems at play here. The first one is the database itself. The database is essentially run by several servers, and it is transferred to data storage servers (such as the one in South Africa) through network connections. To ensure that data doesn't get lost, the connection must be very stable, so that any small interference would not hinder the transfer of data. Furthermore, the network must also be secure and encrypted, in order to prevent any illegal access of the data. In addition to that, there should have been a backup database somewhere in order to make up for such loses of data. There should also be software which prevents the download of data being transferred onto devices with small storage systems. In addition to that, to initiate the data transfer itself, there must be several authentication procedures to ensure that not anyone can initiate data transfer. Furthermore, another solution could be creating one database which contains all credit card numbers, and another which contains credit card security codes (this is basically relational database but on a much larger scale), this way if any data is stolen, the hacker cannot effectively use the credit card information.


http://www.bbc.com/news/business-11070217

Free VPN: a blessing or a curse?

Article

Stakeholders:
Opera, Opera employees, the User

Strand 1:

The article discusses how the operating system Opera now allows all its users to have a free VPN which requires no subscription. This has many social and ethical implications. The main one is that, with this pre-installed VPN, users can surf the web anonymously, which is a good measure to fend of hackers, however it may have disadvantages too. The main one is that it may lead to anonymity. Which is the ability for a user to surf the web, do whatever they desire and get away with it. This way, some users may be able to cyber-mob other users, which is highly unethical. In addition to that, anonymity allows them to access illegal websites, which also has negative implications. Furthermore, since Opera is an open source software. As this VPN software releases, users may be able to enhance it further, thus giving it more powerful capabilities, similar to that of TOR Browser, which can lead users into accessing the Dark Web. On the other hand, this software may also have other social and ethical implications, such as: reliability. The reliability of the VPN connection is not guaranteed, which means that some of those 'secure connections' may not be too secure, which can lead to innocents being exposed. 

Strand 2:

This can have many different scenarios. The main one is home and entertainment, whilst work and employment is also viable (if an employee wants to access Facebook during their break at a company that bans it), it is also viable in education. An example is DIS, when students try to access Facebook in break or lunch. The reliability implication is highly important when it comes to a business. Some businesses may use this virtual private Opera network to connect their employee's to their main server (located in another country). If this connection is not reliable, information can be intercepted which may lead to fraud or the loss of important business information. 

Strand 3:

The way a VPN system works is that it creates a private network over a public network (such as the Internet), and thats why its called a 'virtual' private network. Basically when a VPN makes a connection, it uses 'tunnels' which encrypt the user's data. This way it is deemed secure. Usually you need another VPN software to allow this to happen, however Opera is now integrating this software in the browser itself. It can allow users to access blocked websites because it connects to another client in another country, therefore the user's browser is essentially running on that countries server, so it can access the websites that are not blocked in that country. Websites such as WikiLeaks that are blocked universally cannot be accessed.

Another one

ITGS Blog Post

Article URL: http://www.technewsworld.com/story/83732.html

Article analysis:

ITGS article analysis in a different way...

After several occasions of analysing articles, I decided to change my approach to them.  I decided to analyse articles using the questions in a typical paper 2 exam, in order to practice for my test next year!

Article

1a) Describe one social/ethical concern related to the IT system described in the article.

The social and ethical concern in the article is that the privacy of the stakeholders is at stake. Google's your timeline collects data about the locations you've been to to personalise your software. Negative impacts of this include the selling of your data to 3rd party organisations.

1b) Describe the relationship of one primary stakeholder to the IT system in the article.

The stakeholder is any user with a device that can connect to Google's "location services" (typically  smartphone). The user can activate location services on their device to take advantage of points of interest close to them. Wherever they go with their mobile phone, Google is constantly mapping their journey. 

2a) Describe how the IT system works step-by-step

First the user is prompted to activate location services. When they input their consent by activating it, the mobile device sends signals to at least 3 satellites. The satellites then use re-send signals to the mobile device, giving information about time and the distance between the device and the satellite. When 3 different distances are acquired from 3 different satellites, through the process of triangulation, the GPS software on the mobile phone is able to pinpoint the location of the user. This information is then synced with Google's cloud software and saved, then it is presented in "your timeline" on the Goolge Maps application.

2b) Explain the relationship between the IT system and the social/ethical concern described in Criterion A.

When the location services are turned on, the mobile device is constantly syncing information to Google's cloud. This means that a hacker could acquire this information as it is live and constantly being transferred and because the information being transferred is not encrypted, which is highly dangerous and could threaten the user's privacy. Furthermore, all of the user's information is saved on Google's cloud. This cloud may be accessed by Google which means that the user's information at stake, since there is no measure to prevent corruption. This information can also be sold to 3rd party organisations.

3) Evaluate the impact of the social and ethical concerns on the stakeholder.

This IT system has many positive and negative impacts on the stakeholders.

The main stakeholder is the owner of the mobile device. The advantages of this service is that the user can enjoy all of the benefits of Google maps and your timeline. They can find points of interest on their map whenever they require. Or perhaps they want to revisit a store which they visited before, yet have forgotten its exact location. Your timeline allows them to revisit that place with ease. Furthermore, this software can be beneficial to someone who wants to track all their journey's, or the kilometres they have walked, etc. It can also be a digital photo album, since it syncs with Google Photos. 

However there are several disadvantages as well. The main one is that the privacy of the user is at stake. Since the information is not encrypted, it would be possible for a hacker to illegally acquire this information, which could be used for malicious purposes. Furthermore, this information could be sold by Google to 3rd party organisations, which would ultimately have control over  the user as they could monitor their movements. This information could be used for data mining/data matching purpose to create a fact file about a specific person. Although this is beneficial to the Police Department or the government (as it eases catching criminals), it is a breach of the user's privacy. Furthermore, other social and ethical concerns include reliability and security. If Google's "your timeline" has no security measure, any person could illegally access the user's information and use it for malicious purposes (blackmailing, etc.). In addition to that, this system uses location services and the GPS, which are not necessarily the most reliable system as they do not work inside buildings. Therefore Google's system could be incorrectly logging the information of the user, which may bring great problems to the user in the future. What if the GPS software incorrectly logged the user's information and thought that he was in a gun shop instead of a restaurant? That would raise suspicion in the police department if a murder occurs, which may have serious implications.

Another main stakeholder is Google. The advantage of Your timeline to Google is that, through this software, they can make revenue by advertising other companies such as restaurants and businesses. They can also make money by selling information related to some businesses, like "how many people visited the restaurant, at which time of the day" which would be beneficial for the businesses as they can predict when most customers will come.

The disadvantage to Google however is that this system may increase the chance of corruption, which could tarnish the companies reputation if it is found that information is sold to 3rd parties. Furthermore, if Google's security is not of a high standard and a hacking organisation manages to steal this vital information, Google will lose its customer's trust and may lose lots of money.

Overall, I believe that this IT system has a negative impact on the mobile device user, as it endangers the user's privacy, and does not provide a reliable system. The disadvantages outweigh the advantages.

4) Identify a solution for the problem.

There is one solution to this problem that could potentially fix this device's privacy issues. If Google improved the security of their cloud system, and encrypted the data that the cloud acquires from the mobile device, then the problem of hacking would be completely eradicated. It would make sure that the user's data is safe from anyone who does not work in Google. This is why it is a good solution. However the disadvantage to this solution is that it does not decrease the possibility of corruption within Google and the fact that the user's data can be illegally accessed from within Google. This could be reduced by implementing policies to prevent that. In addition to that, the disadvantage of using encryption is that it would take a lot of time to sync and would require a strong internet connection and would drain battery life.