Information systems security issues and decisions for small businesses: An empirical examination by Atul Gupta & Rex Hammond

Creative Commons licensed content

Hello readers, today’s discussion will be based on this theoretical paper I just came across this morning called Information systems security issues and decisions for small businesses: An empirical examination by Atul Gupta & Rex Hammond. I will tell you what the paper say and I as usual my critique follows. So grab your cup of tea, take a sip and take a read. 🙂

ORIGINAL THEORETICAL PAPER for further references.

About the Theoretical Paper

The authors of this theoretical paper believe that the global proliferation of the internet, falling computer prices and a growing menu of applications are compelling businesses of every size to rely on computers to store, manage and transmit vital information.

As a result, the value of business information as attracted lots of malicious activities on the internet.

However the purpose of this paper is to gather information about IT related security issues in small-medium enterprises (SMEs)

 Methodology

The authors of this paper stressed the gap between academic researches and the issue of information security surrounding small businesses is almost negligible.

However to make adjustment to this, a survey was carried out on the issue of information security faced by SMEs. 1000 questionnaires were mailed to small business owners in Lynchburg, Virginia, United State of America. And 138 valid responses were received.

Findings

Findings in this paper indicates that:

• 56 of surveyed SMEs had Information security policy
• 59 of surveyed SMEs had Computer use and misuse policy
• 36 of surveyed SMEs had Proprietary data use and misuse policy
• 35 of surveyed SMEs had Communication use and misuse policy
• 33 of surveyed SMEs had Business continuity plan
• 45 of surveyed SMEs had Information security procedures
• 29 of surveyed SMEs had Data destruction procedures
• 13 of surveyed SMEs had Media destruction procedures
• 35 of surveyed SMEs had Information sensitivity levels or coding
• 26 of surveyed SMEs had Computer emergency response plan
• 19 of surveyed SMEs had Computer emergency response team
• 65 of surveyed SMEs had Data recovery procedures
• 78 of surveyed SMEs had Anti-virus software
• 33 of surveyed SMEs had Data segregation
• 59 of surveyed SMEs had Firewall(s)
• 35 of surveyed SMEs had Intrusion detection system(s)
• 26 of surveyed SMEs had Encryption
• 80 of surveyed SMEs had System access control
• 24 of surveyed SMEs had Facility access control
• 12 of surveyed SMEs had Dial-back modem
• 48 of surveyed SMEs had Redundant systems
• 29 of surveyed SMEs had System activity monitor
• 1 of surveyed SMEs had Media degaussers
• 110 of surveyed SMEs had Power surge protectors
• 12 of surveyed SMEs had Security evaluation systems(s)
• 67 of surveyed SMEs had Shredders
• 90 of surveyed SMEs had Data backup systems(s)

Conclusively, this finding indicates that some 40.5 percent of SMEs are taking some security measures by having information security policy in place; 42.7 percent of SMEs operates with computer use and misuse policy and 47.1 percent have data recovery procedure in place.

These authors believe that SMEs are slow in updating their written security policy because most SMEs barely experience security breaches according to the survey. Also majority (56.5 %) of SMEs uses antivirus to protect their business according to this survey. 42.7%  uses firewall as a form of protection, 57.9 % systems access control, 79.7% power surge protector and 65.2% uses data backup systems. Although most SMEs have not had viruses damage their systems but the survey indicates that out of all the surveyed information security problems facing SMEs such as:

• Insider access abuse
• Viruses
• Power failure
• Software problems
• Data integrity
• Transaction integrity
• Outsider access abuse
• Data secrecy
• Data availability
• Data theft
• Data storage
• User errors
• Natural disasters
• Internet fraud

Viruses seemed to be SMEs main concerns as it is the main source of security breach in their businesses followed by power failure, software problems, data integrity, and transaction integrity and data secrecy respectively.

Critique

However my critique according to these findings is that information security management is very important in business activities. Data gathering without appropriate data safeguard is unethical and this could lead to lots of social issues, legal issues just as in the case of Doubleclick, an online advertising company that has been charged so many times for unethically gathering people’s data .

“On May 10, 2000, eleven federal class action lawsuits brought against DoubleClick, Inc…” (Elisa, privacy law in q1 2002, 2008) and even professional issues could trigger if care is not taking.

Hence it’s a good result from this survey that most SMEs are implementing some sort of security measures. However it is recommendable that security should be addressed as a continuous process. Also it is recommendable that SMEs need to re-evaluate their security policies as they become effective in dealing with security threats.

According to another vital finding in this paper, most SMEs continue to choose security technologies that are not very effective for their business.

However according to some of the theoretical papers have studied e.g. “Factors influencing information security management in small- and medium-sized enterprises: A case study from Turkey” by Yeniman et al, I will conclude that this could be as a result of tight budget among SMEs that as made their security choices limited.

Also I understandable that SMEs owners are mostly occupied with the burden of operational and strategic management in their businesses and as a result not having the time to fully formulate a security strategy to protect their valuable information or worse still, the cost of formulating or affording an appropriate security technology could be seen or perceived as prohibitive due to the size of their company or earnings. In this light I will suggest that maximum security measure is a cost of doing business and organisations that brace themselves well against possible threats will benefit the most in the long term.

 

 

 

Thank you for reading! It’s an open discussion so tell me what your opinion is in the comment box below  😉

Cloud Computing from SMEs Perspective: A Survey Based Investigation by Reza Sahandi, Adel Alkhalil and Justice Opara-Martins

Creative Commons-licensed content

 

Today’s discussion is based on a theoretical paper I came across. It is called “Cloud Computing from SMEs Perspective: A Survey Based Investigation” authored by Reza Sahandi, Adel Alkhalil and Justice Opara-Martins. The link to this paper is dropped below

ORIGINAL THEORETICAL PAPER

The purpose of this discussion is to see the possibilities of earning competitive advantage in the strategic environment through the adoption of cloud computing mainly for SMEs

Please note that this discussion is based on the findings in this theoretical paper.

This theoretical paper is a journal of information technology and it’s a publication of the Association of Management.

 

 

However, with enough intros, I guess it’s time we proceed into the main discussion.

The authors of this paper reckons that cloud computing has the capabilities of making strategic contribution into the growth of Small and Medium enterprises (SMEs) and by adopting cloud computing, SMEs will be able to secure the latest technology without the need for upfront cost.

They (authors) see SMEs as less-privileged in the strategic environment and this has mitigated their (SMEs) maximum utilization of technology. Hence it was suggested that in order to keep pace with the pace of the market, SMEs needs to deploy a new business strategy for sustainability in the strategic environment.  Also it was suggested by the authors of this paper that a developed IT infrastructure can help to encourage SMEs’ sustainability in the strategic environment.

However, this paper recognised the potentials of cloud computing turning things around for the benefit of SMEs.

My critique for the information I gathered from this paper will be a commendation on the recommendation of cloud computing to be a potential strategy to make SMEs better compete against large enterprise in the strategic environment.

Although I understand that they are ongoing information security issues associated with the adoption of cloud computing and this paper recognises this and the issue of privacy too.

 

Findings

Nevertheless, the methodology used by Opara-Martins et al to explore SMEs’ requirements and their concerns in respect of cloud computing services was based on a quantitative survey that was conducted via internet and participants were from both large and small enterprises across the United Kingdom. Over 300 SMEs received an invite but only 169 responses were received, thus giving a satisfactory response rate of 56%.

Research depicts that most SMEs showed high interest in the reduction of fixed in-house IT infrastructure cost as it makes business management expensive also it does not allow for new business innovation. Thus outsourcing or having a strategy like cloud computing will cut management cost and improve productivity.  Security and privacy issues such as data protection and vendor lock-in are the main concern that repels SMEs from embracing cloud computing as a strategy according to 56% of SMEs.

 

Getting on board

I am glad that even SMEs will agree with me that maintenance of IT infrastructure (hardware and software) can drain organisation’s finances. Hence, as concluded in this theoretical paper that cloud computing is the way forward, I concur.

Although cloud computing might seem alien to many SMEs as surveyed by the author of this paper, but in reality some of us are already ripping the benefit of cloud computing one way or the other maybe through Dropbox or 4shared Music.

As the strategic environment is getting fiercer every day, both small and large scale organisations are looking for a way to reduce management cost and boost profitability at the same time.

A recent report by The Guardian claim that many SMEs are migrating to the cloud and studies shows that technology will grow 30% annually for the foreseeable future. Thus the economic benefit of cloud computing is the key reason why these companies are migrating because as cloud computing can accommodates data and application remotely, the on-going cost and burden of software and hardware acquisition and maintenance will no longer be in the budget.

Also for SMEs, scalability really matters in order to act and adapt fast in the industry. For example if there is a need to scale up purchase to meet a certain demand, the pay-by-use model of cloud computing really gives room for that -scalability. Apparently, as internet availability is almost everywhere cloud services are easily accessible because most of them run on the internet.

Pitfalls

Although this theoretical paper has discovered that the issue of security and privacy such as data security and vendor lock-in are the main concerns of SMEs that repels them from embracing the shift in paradigm , cloud computing.

The reality is nothing is really safe but it does not sound safe to carry that perception as these issues associated with cloud computing  can make SMEs go out of business if they don’t take it into full consideration.

“The privacy challenge for cloud-based software architects,

demands the design of a service in a way that security risks is reduced” Opara-Martins et al

 

Vendor lock-in as identified by the authors of this theoretical paper is a business challenge that could make it almost impossible for SMEs to leave their cloud infrastructure provider for a better one. This is because of the challenge of moving huge data from one provider to another and the absence of cloud computing standardisation.

However, at this point, I will suggest that to minimize the risk of vendor lock-in, focus should be put on contract terms. Data confidentiality, security, location and ownership should be thoroughly dealt with.

To enhance privacy, the use of Privacy Impact Assessment (PIA) as endorsed by Pearson in his publication  “Taking Account of Privacy when Designing Cloud Computing Services” is well recommended. PIA is to be introduced in various early stages of cloud computing design processes. This will allow for change in option in the change of design settings if privacy risk is unacceptable. This way the whole system can mitigate risks. Also Privacy Enhancing Technology (PET) as endorsed by Pearson is to be adopted as well. PET will assess, protect and enhance people’s privacy stating the necessity of people’s accessibility to their rights under the Data Protection Act1998.

To enhance security, security authorization and authentication protocols such as Key Management Interoperability Protocol (KMIP), XML Encryption Syntax and Processing should be adapted into the cloud system if it is not present yet. This recommendation is endorsed by the National Institute of Standards and Technology (NIST).

 

However, as the conclusion to the theoretical paper tries to convince SMEs to adopt cloud computing, I will give a closing remark to this discussion on that same note.

According to my personal research I consolidated recently as a consultant for an SMEs company called Blah-Blah Telecoms, I have learnt that cloud computing is a winsome strategy for SMEs and challenges posed by cloud computing can be well mitigated. Thus it should not repel SMEs from ripping its benefits.

SMEs that are not yet taking good strategic steps to take the bull by the horn and start ripping the benefit of cloud computing are on their own (OYO). Eventually they will be prone to competitive disadvantages in coming years as many SMEs are ripping its benefits already.

 

 

 

 

 

Thank you for reading! It’s an open discussion you can drop your comment below 😉

Factors Influencing Information Security Management in Small- andMedium-Sized Enterprises: A Case Study From Turkey Ebru Yeniman Yildirima, Gizem Akalpa, Serpil Aytacb, Nuran Bayram

Creative Commons-licensed content

Hello dear readers, another discussion is here again.

Well this discussion is based on the findings from this paper and so my critiques too. Thus, let’s proceed 🙂

Hey wait ! below is a link to the paper for further references 😀

ORIGINAL THEORETICAL PAPER

This paper examines information security management in SMEs (small and medium-sized enterprises) in Bursa, Turkey for comparison against other countries. This was a survey based research that included 97 SMEs in Bursa, Turkey.

Authors of this paper reckon that the tremendous increase in the growth of communication media increases the rate of data transmission and as a result the necessity for information security has risen on both personal and institutional level.

Authors stated that the increase in electronic business applications, day-to-day activities, and sharing of information on the internet and the accessibility of network from any point has led to the increase in data theft and other malicious activities associated with the internet.

And on other hand, information security in enterprises entails complicated processes influenced by many factors such as education, technology and human factor which are obligatory to be managed under the same framework. However, the authors of this book stressed that for enterprises to better determine appropriate management actions for implementing appropriate strategy to manage information security, it is vital they define their security requirements.

Findings

Unfortunately many SMEs in Bursa are not capable of hiring IT professionals; hence they lack the ability to deal with today’s information security issues.

Although according to findings, 85% of participants admit that the role of information security management have been identified in their organisation. Hence this means that there is a form of awareness among SMEs about the importance of information security in Turkey. 77% of the companies have filed information security policy and 70% of their employees are aware of this. In different research carried out in Turkey, IT investments were 19 billion dollars in 2005, security investments were 30 billion dollars and then moved up to 23 billion and 40 billion dollars, respectively, in 2006.

However, currently SMEs in turkey just like their counterpart, South Africa are not addressing the issue of information security appropriately. Although SMEs leadership in Turkey reckon the importance of information security management but this paper suggest that it is superficial because SMEs are yet to formalize their information security policy by adopting a standard. Although there are various international information security standard such as BS 7799 or ISO/IEC 17799 which happens to be the most widely adopted of these standards but they are generally classed as “too large” “too complex”.

Meanwhile on the other hand, over 50% of all UK SMEs would appreciate more industry initiatives to curb information security risks. Demand for these initiatives was concrete across all sectors, and particularly strong among utilities, energy and financial services companies. Also the proportion of IT budget suggests that UK companies’ expenses on information security management have risen significantly.

Discussion

SMEs in turkey are not addressing information security concerns adequately like their counterparts in the UK. Five percent of heavily dependent SMEs in Turkey do not see security as a priority according to the authors of this paper. Hence it’s clear that Turkish SMEs do not attach as much importance to IT security as their counterpart in the UK.

Also in turkey, SMEs apply information security policy with no reference to agreed standard and their limited “understanding” about information security management seem to be sufficient by most SMEs. To me this perception is not recommendable. Inadequate understanding of information security management should be appropriately dealt with, and Information Security Management Systems (ISMS) should be established, adapted and articulated.

In fact mere managing information security does not necessarily mean that information security is granted appropriately. One way to be critical about information security is to test the security of the information entities e.g. software, hardware, etc., determined in the context of Information Security Management Systems (ISMS) through penetration tests.  Also it is necessary to adapt Information Security Management Systems (ISMS) standards to SMEs with quality orientation about the necessity of employing a security specialist in the body of SMEs.

However, based on these findings I gathered from this paper, one can conclude that when there is an improvement in operational management, finances, psychology (perception about the importance of information security management) and security policy in the SMEs in Bursa, Turkey, other security parameters will improve too.

 

Thank you for reading! It’s an open discussion you can drop your comment below 😉

Managing Information Security in Small and Medium Sized Enterprises: A Holistic Approach Anas Tawileh, Jeremy Hilton, Stephen McIntosh

Creative Commons-licensed content

 

Abbreviations

1. SMEs: small and medium-sized enterprises

 

I will shall be reflecting upon this theoretical paper and its findings. Find the link below for further references

ORIGINAL THEORETICAL PAPER

 

The authors of this paper reckon that information security management is mainly for large enterprises due to its distinct features and it can’t be feasibly applied in the small and medium-sized enterprises’ (SMEs) context.

This paper gave reasons for this by recognising and explaining some of the challenges that restricts the implementation of information security management in the context of SMEs.

The authors of the paper proposed a holistic approach based on soft system methodology to facilitate the adaptation of information security systems in the context of SMEs.

The paper recognises the significant pace at which the internet as grown and both large and small enterprises have invested substantially to keep up with this pace. Subsequently, more information have been created and converted into digital format in all kinds of storage device and transmitted over interconnected networks in their multitudes.

While the internet has led to this, the paper recognises that internet has changed most traditions including in the business sector. As a result crime and security threat such as phishing have advanced undermining human privacy over the internet. Authors went further by stating the implications of these threats e.g. loss of business.

These information security problems factors complexity and interdependence because it contains a significant number of interrelated factors and elements and human factors complicates it further. Hence most stakeholders stress the need of security in most businesses involving the internet.

 

Paper Background

 Authors stated that the seriousness of information security problems can’t just be solved by raising awareness. Even with appropriate awareness and complete understanding of the security issues, SMEs do not possess the required resources (human, monetary or technical) that should be invested to solve the problem. They went further down by recognising the difficulties faced by SMEs such as tight budget and how it discourages SMEs to put information security problem as part of their business priority.

Furthermore, inadequate number of technology expertise and professionals as made information security generally perceived as high cost that should be extremely justified enough to be addressed.

To understand the scope of information security problem and how it can implicate the whole economy, this paper compared the volume of business within SMEs against the whole economy of Europe and USA. The Department of Trade and Industry (DTI) in the UK reported a total number of business enterprises of 4.3 million at the start of 2005. Small enterprises (defined as having 0–49 employees) constitute 99.3 % of this figure, while medium businesses (50–249 employees) represent 0.1 %. Only 0.1 % of all businesses in the UK fall into the large enterprises category (more than 250 employees). Europe has, according to the Observatory of European SMEs, more than 19 million small or medium sized enterprises (using the same classification scheme mentioned above), comprising 99.8 % of all business enterprises in the continent. On the other hand, only 6,000 enter-prises in Europe are large businesses. In the United States, small and medium sized enterprises (those with fewer than 500 employees), constitute 99.7 % of all businesses.

The Holistic Approach

This is the part where the authors of this paper proposed a holistic approach in mitigating information security within SMEs facilitated by a soft system based methodology. The evaluation of this approach was based on a case study.

Discussion

My appraisal to the information I gathered from this theoretical paper is a commendation on how the authors of this paper have identified how information security problems can affect information assurance of the whole economy. SMEs as depicted by this paper are normally restrained by tight budget to prioritise the issue of security. Aside from that, the feasibility of information security management is normally difficult in the context of SMEs because of other challenges such as the dynamism of the industry and low human and material resources such as IT professionals.

The proposed holistic approach through my evaluation is “potentially” capable of addressing these challenges because only one SME was involved. The case study which was facilitated by the proposed holistic information security management approach was implemented in Germany on a small consultancy firm. The end product of the case study when the holistic information security management approach was adapted to it showed the usefulness of the design model of the holistic approach which was structured in 4 stages. This model was able to define the security goals of the consultancy firm by identifying actions, implementing actions, monitoring and reviewing their security implications. Thus the holistic premises proved to be viable for that SME in Germany.

However security management should always be perceived as a continuous process. Thus this should be the starting point for the holistic approach as it has only been tested on one SME in Germany. Other test on more SMEs, possibly foreign SMEs is recommendable.

 

 

Thank you for reading! It’s an open discussion you can drop your comment below 😉

Social-technical Issues Facing the Human-centric RFID Implantee Subculture Through the Eyes of Amal Graafstra Theoretical Research Paper by M G. Michael, Katina Michael and Amal Graafstra .

Creative Commons licensed free image

This discussion will be based on “Social-technical issues facing the human-centric RFID implantee subculture through the eyes of Amal Graafstra” this is a theoretical research paper consolidated by M G. Michael, Katina Michael and Amal Graafstra himself.

This paper intends to understand the view of RFID implantees and why they are technically hobbyist citizens and are intrigued by novel convenience-oriented solutions. The paper discussed and explored socio-technical issues and questions that DIY implantees are faced with.  Privacy, social and security issues were also areas of concentration in this paper.

Apparently, authors explained that while some cultures appreciates tattooing and piercing and all sorts of body modifications that there are now subcultures that are techno-hobbyist which are embracing change in their lifestyle through functional high tech devices such as RFID.

In this paper, Amal Graafstra was placed as the case study as he has been placed by other implantees as a pioneer in the field that does things first and also better than other implantees meddling in the high-tech art.

However, in this paper, socio-technical issues facing the RFID implantee sub-culture such as privacy, security, regulation, and societal perceptions were explained. For further references a link to journal is dropped below.

ORIGINAL THEORETICAL PAPER

This journal recognise the debate on the use of RFID for humans by Department of Homeland and it explains that during the debate, a group recognised that the use of RFID by humans should be done with care while another group thinks the use of  RFID by humans is inappropriate .

However the final recommendation from the debates appears to be specific to narrowly defined situations such as the identification of miners or fire fighters in emergencies.

The security concerns of RFID in this paper concluded that nothing is really secure, that in reality a security policy is a collection of systems, methods, and procedures that protect an asset by removing enough value and/or applying enough deterrence that a potential attacker will not even bother or quit trying.

Furthermore, it explains the misconceptions of privacy issues associated with RFID technology. It is said that RFID prompt unfounded fear among many people as they see RFID as a surveillance tool that tracks implants.

But it is stated that this kind of RFID is not available now not because RFID is not technically feasible to do so but it has only proved abortive entering into large-scale agreements with the society.

Authors explained that privacy issue becomes a problem when people sign up for commercial providers of RFID because this will mean that they have to surrender their personal information which is tied to their tag ID. I reckon this is done to make up a digital ID for each user. However, authors gave an instance to buttress their point authors stated that assuming that this users information were shared with a third party company then it is a severe problem or if users information are sold to a third-party company then it becomes worse.

The discussion on legal issues in this paper confirms that till date no employer as made it mandatory for its employee or potential employees to implant RFID to remain employed. They explained that at some point critics were misled by inaccurate media broadcast that citywatcher.com had mandated their employees to get implanted in order to access sensitive data-centers but citywatcher.com only suggested it to employees. Hence, it was optional and some employee willing turned up for implant in which was funded by citywatcher.com themselves.

A social issue that was identified by this paper was the religious concerns by us Christians that RFID is the “Mark of the beast” as interpreted in the book of revelation and this has caused backlash on Amal Graafstra and other implantees by some of the members of the believing community.

Also the future of RFID as led to socio-political fear that a totalitarian government may require the whole populace to be implanted at a point in time.

However, the information I gathered from the case study of this paper, Amal Graafstra, seem to be techno-centric in his own perspective of RFID. For example Graafstra in this paper explained that it is the people who use and implements a technology that determines its effect on the society. Hence he perceives technology as neutral.

Graafstra should have perceived the necessity of socio-technical premises to RFID as the technology as failed to enter a large-scale agreement with the society. The reality is, if technology is directed by people it may go wrong, but if people are directed by technology it will go wrong and to balance this, the need for socio-technical approach to how people perceive RFID is important.

To clear further criticism on my own perspective to the whole matter, I will admit that with a considerable level of knowledge about RFID’s limitation and capability, I concur to all the explanations articulated in this paper.

Nevertheless, the authors made some intelligent suggestions to conclude the paper.

It was concluded that going into intelligent dialogue is the solution to religious criticism against implantees.

Also law bodies should be open to discussion that would result to intelligent regulatory of misconducts in the use of RFID.

Privacy Negotiation in Socio-Technical Systems. Authors: Murthy Rallapalli and Dinesh Verma

Hello people, sorry I have not been blogging since after the time I made this blog.

Today I will be reflecting upon the work of Murthy Rallapalli and Dinesh Verma, “Privacy Negotiation in Socio-Technical Systems”.  

This theoretical journal is organized into 6 sections:

Section 1 is the introduction,

Section 2 is a discussion on web users & privacy,

Section 3 discusses the concept of privacy negotiation,

Section 4 describes a model for privacy constraints negotiation and

Section 5 includes conclusions and future work.

Before we proceed, for the purpose of further reference, the link to this journal is dropped below.

ORIGINAL THEORETICAL PAPER

*Basically, in this journal was the explanation of some classes of socio-technical systems represented by web services

Also the attempt to seeing the possibilities of empowering web users in the development of privacy agreements is explored by the authors.

The journal explains the increase in web users concerns of privacy on the internet and corresponding increases in regulatory and legal requirements for personal privacy. Authors suggest that while some have tried to logically manipulate web services, a cohesive approach to tackle data privacy has not kept pace with its usage.

Also they explained that users information on the internet is becoming an increasingly area of concern as web services are prevalent on many applications. They said web users are now able to negotiate the issue of privacy by entering into agreement with the service provider but these service providers of trust are vulnerable people too.

They added that upon completion of negation between web users and service providers, that third party agency will then be currently in charge of user’s information.

However, they concluded that each web site’s information security system should enforce stated privacy policy. Organizations should explore embedding privacy enhancing technologies such as privacy frame- works in their data privacy mechanisms to assure certified privacy practices in the form of digital credentials.

However,  I will take it from their view on “trust”. For example cookies are an example of internet data gathering tool that has broken the “trust” between web users and web providers so many times e.g. is the case of Doubleclick, an online advertising company that has been charged so many times for invading users’ privacy on the internet with the use of cookies regardless their privacy agreements.

Also Avenue A, Inc, a marketing agency have been accused several times for using cookies to track users’ web surfing habit. Apparently as cookies have raised legal issues, so as it raised some social issues. In 2011 alone, CIFAS identified and protected over 96,000 victims of identity theft.

So far the use of cookies especially by third-parties for targeted ads has been troubling and controversial in the society.

Please note that “targeted ads” can be done when a web provider as gathered some of it users’ data about their internet surfing habit.

Also authors attempts to understand the possibility of empowering web users and consumers to have a say in the development of privacy agreements, is a great way to introduce the premises of socio-technical systems in this context.

Although it could be argued that since privacy agreements contain legal qualities which are based on the ethics of the society, then it’s fine. I will suggest that since any cohesive approach to tackle issues associated with data privacy has struggled to keep pace with the usage of the internet, more social requirements should be gathered; taking technical requirements into consideration to make up an effective solution just like it’s suggested in the paper that misconduct should be properly regulated.

The final conclusion made by the authors is regarded in my reflection of their work as they stressed the importance of negotiating privacy policy between a web user and web provider . The enforcement of privacy policy is necessary because not all web administrators that administer websites have stated privacy policy which is very unethical because at the end of day permission might not be taken from users before using cookies to gather their information.

In order to avoid professional issues, web administrators especially those that administer sites for public authorities should ethically gather and manage users’ data, this data should be safely stored for future accountability and avoid hacking by using genuine software for security purpose in order to avoid further legal issues because users have the right to demand for information anyone has on them anytime.

“(1) any person making a request for information to a public authority is entitled—” Freedom of Information Act (2000), article 1.

Now that we have come to the end of this discussion I hope you enjoyed it. More discussions are still coming up in the next posts today so we have not really come to an end it has only just begun haha!!