Recent orders
ELECTRONIC SMOKING CONCEPTS, RISKS, BENEFITS & LEGAL IMPLICATIONS
ELECTRONIC SMOKING: CONCEPTS, RISKS, BENEFITS & LEGAL IMPLICATIONS
Name:
Institution:
Date:
Introduction
This interim report is a review of the progress in the project that critically analyses the electronic cigarette. It includes a critical and well researched and analyzed literature survey on the subject of electronic cigarette.
The Theory Used
This being a social issue, the project makes use of a general social theory. This is because of the socio-cultural context of the issue. Smoking is a social concern and may also be viewed in the cultural context. The theory examines the electronic cigarette from a wide perspective right from its onset to the components, benefits, health risks and legal aspects. Thereafter a conclusion is drawn.
Resources used
For the successful completion of this project, resources such as documentary sources, internet, and journals have been effectively utilized.
Literature Survey
This literature survey examines the issues of electronic cigarette. It begins with a definition of electronic cigarette. The similarity between this type of cigarette and the conventional one is also critically examined and reviewed here and the difference brought out clearly. The benefits, if any and the health risks of this cigarette are also looked at in this survey. Furthermore, a brief history, components and legal aspects of this type of cigarette are well examined.
Electronic cigarette, also known as a vapor cigarette can be defined as an electrical inhaler which is normally known to vaporize a polyethylene glycol or HYPERLINK “http://en.wikipedia.org/wiki/Glycerin” o “Glycerin”glycerin, a liquid solution, into a mist known as aerosol. This combination is familiar with the stimulation of tobacco smoking. Electronic cigarette has a similarity with the conventional cigarette in its physical form. The design is actually similar to that of the conventional cigarette (Gilbert Ross, 2012, p.98). Besides, the amount of nicotine that is released is also almost equal to that which is released by the conventional cigarette. The only difference comes in the type of inhalation. While in e-cigarette, the inhalation is electrified, the conventional cigarette is manually inhaled.
Brief History of E-Cigarette
The origin of e-cigarette can be traced back to 1963 when one Herbart Gilbert patented an idea which resulted to a device that was referred to as a smokeless non tobacco cigarette. This effectively eliminated and replaced the burning of tobacco and paper with heated, flavored and moist air. This device was capable of heating the solution of nicotine and as a result produced steam. This individual was approached by several companies. Unfortunately his device was never commercialized and so by 1967, the idea was thrown into the dustbin of history.
In 2000, Hon Lik, a Chines pharmacist, invented the idea of utilizing HYPERLINK “http://en.wikipedia.org/wiki/Piezoelectric” o “Piezoelectric”piezoelectric HYPERLINK “http://en.wikipedia.org/wiki/Ultrasound” o “Ultrasound”ultrasound to aid in vaporization of a pressurized liquid jet containing nicotine which is diluted in a solution of propylene glycol. Hon Lik is credited with the invention of the modern day e-cigarette. His design produces a vapor that looks like smoke which can be inhaled. The device was released for the first time in the Chinese market in 2004. This was with a view to cease and replace smoking. He worked for a company called Golden Dragon Holding. This company started exporting the products in 2005. The first international patent for the product was issued to the company in 2007 (Tierney, 2011, p.44-8).
The Physical Components of E-Cigarette
The electronic cigarette is composed of a cartridge, an atomizer, magnet adaptor, battery and liquid. The cartridge allows for the passage of the liquid in to the atomizer and vapor from the atomizer to the mouth of the person using it. It is designed in such a way that it does not allow the liquid to leak into the user’s mouth. Most cartridge models make use of a plastic sponge which aims at holding the liquid firmly in place. However, refillable tanks can also be used to perform a similar purpose (FDA, 2009, p.69).
The atomizer has a small coil which heats and vaporizes the liquid. It is generally composed of a simple filament and a metal mesh whose purpose is to draw the liquid inside it. The atomizer’s efficiency fades with time and requires constant replacement. The magnetic adaptors are generally made of a stainless steel. The adapter is used to combine the electronic cigarette battery with the atomizer. It converts the battery for use.
The battery, usually portable power units, makes up the largest component of the device. Sometimes, the battery contains the electronic air flow sensor which is activated by simply drawing breath into the device. The liquid that produces the vapor is famously known as the electronic juice.
Benefits of E-Cigarette
The proponents of e-cigarette argue that this cigarette deliver a very wonderful smoking experience as compared to the conventional one. This minimizes the smell that is associated with the tobacco cigarettes. The proponents therefore recommend it as an effective replacement of the conventional cigarette.
The base liquids such as the vegetable glycerin, propylene glycol, and polyethylene glycol have been largely used as food additives. They have been utilized as base solutions for personal care such as tooth paste and also devices used in the medical field including the asthma inhalers. The proponents of the device argue that since these additives do not pose any serious health risk and instead have a lot of benefits, it follows then that electronic cigarette have a lot of health benefits (Dawkins & Turner, 2009, p.87).
However, the health effects of inhaling the vapor into the lungs have been uncertain. They have always been subject to wide debates making it almost impossible to comprehensively deduce that they are of serious health benefits. The effects of the exhaled nicotine and the other substances contained in the vapors for the second or third hand smoke are also subjects to serious uncertainty.
This type of cigarette is also known to reduce the cases of addiction that is a harmful feature of tobacco smoking. It also eliminates the withdrawal syndromes that are also seen as side effects of tobacco smoking. As a result they curb these side effects.
E-cigarettes can be as effective as a public health tool since they resemble to the real thing. While e-cigarettes provide nicotine addicts with almost the same amount of nicotine of a conventional cigarette, they don’t produce the equal amount of toxic smoke which can bring about lung diseases and cancer related illnesses when inhaled for a long time. There are evidently no products of combustion for inhalation, so no tobacco toxins are inhaled into the lungs.
Many schools of thoughts and other health departments including American Association of Public Health Physicians, Boston University School of Public Health, and Health Canada have all agreed that electronic cigarette is much safer than the conventional one. It is therefore encouraged to be used instead of the real tobacco smoking which poses very significant health risks such as cancer. This is a serious health benefit that should not be underestimated if what these individuals pose is something to go by.
Health risks
The electronic cigarette seems to pose certain serious health risks. This explains why the public health officials have initiated a ban to the habit of smoking it. The argument is that since it resembles the actual cigarette, it may as well be as harmful and a health risk as the actual cigarette.
The World Health Organization argues that no rigorous studies which are necessarily peer-reviewed have been conducted to show that electronic cigarette is safe and good enough for the health of the smokers. That this cigarette can be used as an aid or cessation to tobacco smoking is well acknowledged and appreciated by W.H.O, however, the reasoning is that this cigarette lacks effective clinical backing. As a result the possibility that it could also pose serious health risks cannot be entirely ruled out (Siegel, 2010, p.56).
The Food and Drug Administration seems to disagree with the proponents of e-cigarette. It states that a poisonous and hygroscopic liquid was detected in one of the cartridges. Cancer causing agents were detected in all the cartridges. This allays fears that this type of cigarette may not be a public good as earlier thought by its supporters.
Legal aspects
Following the novelty of technology and relationship to cigarette legislations and the medical drug regulations, electronic cigarette regulations and public health accords are currently ongoing in a number of countries. Because of the ban on flavored tobacco cigarette products (except menthol), and increased consumption tax on roll-your-own products, electronic cigarette is increasingly becoming the viable alternative to these products in the United States and other countries. The 2001/95/CE (6) EU directive on product safety provides for preventive and restrictive measures on products established to be health and safety hazardous to consumers. However, the legal implication of using electronic cigarette depends on its positioning within the legal framework of the EU. Whether its consumption falls under 93/42/EEC Directive of the EU on medical and health policies depends on the intended purpose and the whether the intended claim is cited in the directive. “It is for each national authority to decide, account being taken of all the characteristics of the product, whether it falls within the definition of a medicinal product by its function or presentation” (Dawkins & Turner, 2009, p.89). Because of this divergent position of the EU, every country advanced internal legal amendments to protect their citizens and have a legal statute regulating the use of e-cigarette. For instance, in the U.S. different states have varied legal treatment for electronic cigarette. In 2009, FDA acting on the authorization of HYPERLINK “http://en.wikipedia.org/wiki/Family_Smoking_Prevention_and_Tobacco_Control_Act” o “Family Smoking Prevention and Tobacco Control Act”Family Smoking Prevention and Tobacco Control Act, banned flavored tobacco as it was very appealing to children. Wagner further warned that using flavoring drinks such as chocolate has the potential of encouraging childhood use, and hence serving as an opportunity to cigarette smoking among children (FDA, 2009, p.67).
According to Food & Drugs Administration, e-cigarette is a drug delivery device which is subjected to regulation and control under the FDCA chapters before importation or sales in the U.S. However, this classification was challenged by HYPERLINK “http://en.wikipedia.org/wiki/Richard_J._Leon” o “Richard J. Leon”Richard J. Leon, a Federal District Court Judge. In his ruling, he cited that “the devices should be regulated as tobacco products rather than drug or medical products” (Duff, 2010, p.23-4). The court directed the FDA to eliminate the barriers to importation and sales of e-cigarette. He further clarified that the FDCA only applies to tobacco products but not drugs or medical device such as electronic cigarette. Tobacco legislation “expressly excludes from the definition of ‘tobacco product’ any article that is a drug, device or combination product under the FDCA, and provides that such articles shall be subject to regulation under the pre-existing FDCA provisions” (Duff, 2010, p.23-4).
Conclusion
Even with the global rise in the consumption of E-cigarette, the world health organization has raised public safety concerns. WHO and other drugs regulatory bodies such as FDCA advocates for regulation and strong legislations limiting the use of e-cigarette in conjunction with other flavored tobacco substance. However, the actions adjourned by the legal institutions have strongly barred the implementation of such regulatory acts on electronic cigarette. Besides, formers smokers argue that e-cigarette is very healthful and has great capacity of reducing mortality and morbidity associated with smoking. These sentiments of former smokers are asserted by scientists and research experts drawn from California University.
Bibliography
Dawkins L., Kent, T. & Turner, J. 2010. Journal of Psychopharmacology, 24 (suppl.3), A32. HYPERLINK “http://www.bap.org.uk/pdfs/Abstract_Book_2010.pdf” “The Electronic Cigarette, p.86-9
FDA .2009. HYPERLINK “http://www.fda.gov/NewsEvents/Newsroom/PressAnnouncements/ucm173222.htm” “FDA and Public Health Experts Warn About Electronic Cigarettes”. Food and Drug Administration (US). Retrieved 22 July 2012.
Wilson, Duff, 2010. HYPERLINK “http://www.nytimes.com/2010/01/15/business/15smoke.html” “Judge Orders F.D.A. to Stop Blocking Imports of E-Cigarettes From U.S.”.The New York Times, p.23-4.
Siegel, Michael, 2010. HYPERLINK “http://www.palgrave-journals.com/jphp/journal/vaop/ncurrent/abs/jphp201041a.html” “E-cigarettes as a harm reduction strategy for tobacco control: A step forward or a repeat of past mistakes?”. Journal of Public Health Policy, p.56
John Tierney, 2011. HYPERLINK “http://www.nytimes.com/2011/11/08/science/e-cigarettes-help-smokers-quit-but-they-have-some-unlikely-critics.html” “A Tool to Quit Smoking Has Some Unlikely Critics”. HYPERLINK “http://en.wikipedia.org/wiki/New_York_Times” o “New York Times” New York Times.
Gilbert Ross, M.D. 2012. HYPERLINK “http://www.american.com/archive/2012/november/the-deadly-crusade-against-e-cigarettes” “The Deadly Crusade Against E-cigarettes”. New York: HYPERLINK “http://en.wikipedia.org/wiki/American_Enterprise_Institute” o “American Enterprise Institute” American Enterprise Institute, p.98.
Electronic Security Risk Analysis
Electronic Privacy
[Student’s Name]
[Institution Affiliation]
Introduction
There are a lot of issues that can be depicted from this description. There is minimal if not none of electronic privacy policies that have been implemented in various companies. There are a lot of loopholes that intruders can use to get into the electronic systems. With the popularity of the Internet which has become one of the popular medium of communication. There two categories of precautions and steps that need to be implemented in an organization in order to curb electronic privacy issues at stake. These two are the technical issues that need to be taken into consideration and the people issues. The technical issues can further be subdivided into two which will comprise of the physical issues and the logical issues in an organization. The physical issues include the physical precautions that should be done or bought like buying intelligent routers and building a protection in the organization’s premises. The protection will eradicate the outside world from getting into the premises of the organization. The logical issues include things like installing and implementing firewall in the network.
Electronic Security Risk analysis
One of the risks that an organization stands falling in is that the intruders can get into the electronic system without much struggle. This is because there is no firewall which has been installed in place. The firewall is a logical setup where the network will filter connections that are being made to the network. Only authenticated connections are allowed to the network (Charles, & Shari, 2001). This is a very important precaution which should be implemented soon. The firewall will also help an organization to monitor their employees; there are some sites like Facebook which rob an organization of work time because many of the employees using an organization time. The use of the firewall helps in regulating the use of such sites. Another risk is that of losing the integrity of data. This is because the professionals, that organizations deals with, like the lawyers and the medics have no data privacy. Each Dick, Tom and Mary can access the information and thus the data they deal with loses their integrity.
Another risk is that the data is not properly guarded and monitored in the electronic networks of organizations. If there is a problem that will arise in the network, it will be difficult to diagnose the problem. This is because there is the use of one switch which does the connection to all the nodes in the network. If there is an infection in one of the computers, it will be easy to transmit the viruses to the rest of the network. Company information which is confidential is not guaranteed of their safety. There is some information which should remain with the management alone. With the use of one switch, gaining access to this information will not cost any much effort even for the most amateurish computer user (Charles, & Shari, 2001). Hacking into networks is a reality now than ever before. Having a company with this setup is a ticket for inviting trouble to an organization sooner than expected.
There are no clear policies which have been set in place for the usurers to follow. These rules should be imparted to all the employees and will involve the implementation of passwords that should conform to the national or even international standards. The passwords should not be shared with anyone. All employees to an organization should be educated to get the importance of authentication in the network. The presence of instances where the employees do not log out of their machines is not good because someone can use somebody else accounted to cause malice and harm to the network. All users should have a profile in the electronic system of an organization so that they can be tracked in the electronic system to look for those engaging in suspicious activities on the network.
Electronic Privacy and Security Enhancement Act
The major sections what were amended include sections 101A which mandated the body in charge to submit a report to the national congress on any undertaking and proposed punishment. The other second was sections 102 and 103 which demanded that any entity that belongs to the government should be made open via service providers who provide electronic communication and any disclosure made should not be with an ill intention.
It also demanded that in section 104 of national data center where there will be maximum electronic data security infrastructure and sophisticated tools for threat detection, fraud investigation and appropriate measures to protect sensitive information such as those for hospitals and the government. There was also a ban in the spread of material that can corrupt individuals mind such as pornography via the internet and any communication media in section 105 (Choi 86)
In section 106, the punishment that individual that uses a computer to physically hurt another person or tries to commit a felony with an aid of a computer was made severe. There was also a provision of extensive security to media group that gave hand to the police while carrying out the investigation while the vulnerable attacks that were frequent were blacklisted so that more security concern were availed in those areas. These two amendments are in section 107 and 108 respectively.
Lastly more vigilance was given to bridging of one’s privacy via the mobile phones unauthorized interception of conversation and in addition, the severity of the punishment was increased. Furthermore, the requirement of presence of a police officer before a warrant of arrest is issued was ruled out in order to raise vigilance (Lingihn 56)
I feel that the enforcement of electronic Privacy act of 2002 has helped the citizens of the federal republic to regain the glory of data and information privacy. The fear of one’s information getting into the hands of unauthorized individual has been drastically reduced due to enforcement of severe penalties to any person found breaching this right. In addition, it has enabled more secure computerized financial transaction which had become a nightmare. With the enforcement of this law, the use of information technology has become better (Theohary 126).
Steps/ procedures of ensuring Electronic Privacy
The security of information electronic systems is crucial to the performance of each and every company or organization. It is therefore the responsibility of each and every employee to ensure that the laid down procedures for protection and safety of the electronic systems is adhered to with utmost care. Information electronic systems security measures are implemented to ensure that both the integrity, confidentiality, authenticity and availability of the data stored in the electronic system is not compromised. A balanced approach is used to ensure that administrative, operational as well as personnel controls are implemented equally. The nature of the information secured determines the level of security imposed (Salomon, 2007). Human safeguards for employees are meant to control their behavior in relation to access and use of information in an electronic system. Through identification and authentication management, employees would be restricted to the modalities of accessing and using the electronic system.
Each employee should be assigned a unique password used to enter into the electronic system. The identity should not be used by multiple employees since audit measures are put in place and every employee is accountable to their individual actions. Identities require authenticators such as passwords, biometrics and smart cards at login or accessing the electronic system. However the level of “threats” might determine the usage of these authenticators. High-risk workstations or LANs might require an employee to have additional access rights and/or clearance in order to access. Employees with lower clearance might require personnel escort within such areas (Salomon, 2007).
Password protection safeguards against unauthorized access. No employee passwords should be written down on notebooks. Default passwords should be changed immediately upon the creation of accounts. Passwords should also be created using alpha-numeric digits more than eight in number with different case styles. Employee passwords should be regularly changed and where passwords are being echoed such as in half-duplex connections, overprint masks are used before the passwords are entered to conceal it. Safeguards are establish to detect and safeguard the unauthorized access or use of media to alter or introduce changes to the information electronic systems.
In summary human information security measures are meant to control the access privileges of humans while accessing the electronic system. Electronic storage devices should be monitored by the chief security officer to ensure that unauthorized information is not passed to unauthorized persons. Likewise, human readable output classified as high-security information should be reviewed before release. Electronic files released out of the security boundary should be cleared. Generally the manner in which humans utilize the information electronic system is a matter of concern and sufficient controls should be established (Salomon, 2007).
Electronic information security policies
There is also a need to have information security policies which will be used to govern the use of the information resources in a secure manner. This will ensure that the resources that are used are secured. From the assessment, there is lack of policies that would govern the use of resources on the network. It is important to understand how this is possible with the creation of policies that will be followed in an organization. This will address the aspect where nurses share passwords, personnel leaving passwords on top of their desks; this will also solve the aspect of having users not changing their passwords for a long time. This should be solved so that there is effective use of information resource in a manner that it will ensure that the flaws that have been identified will be the responsibility of all the users within the organization. The use of information resources by all the users in the organization will be governed by the following policies:
Password use policy
The password policy will be developed to cover the aspects of password use within any organization. All users will be provided with username and passwords. The password will be changed automatically after seven days. The first password in the organization will be automatically generated. The users will be required to change the passwords that have been provided within the first seven days that they have the passwords. There will be a reminder that will be set in order to remind the users to change the passwords after a period of seven days. This will ensure that the users are able to protect the compromise to the passwords that they have.
Users will be required to be responsible for the security credentials that they have. It is important to understand this principle and ensure that the users will be able to protect the passwords and the issues that will come under the security policy that will be set.
Account management policy
Users will be required to protect their accounts so that they will be only ones who will be using these accounts. This will be achieved by ensuring that the users will be responsible for all that happens while their accounts are active. They will be held responsible for any illegal or malicious procedures that will be done under their accounts. This will ensure that the users will be able to have the security of the accounts under control. With this policy, it will be an offense to share password information with other people. The users will be required to have one password and will be able to have the security of the account under control.
Policy enforcement
The users who will be found to have contravened the set security policies while they are using their accounts will lose their accounts for a period of one month. This will be considered a security offense and the users might get other disciplinary actions from the senior management. This will ensure that users are responsible for their actions.
Recommendations for a Better Electronic Privacy
Things to do immediately
There should be a firewall in the network that will be used to filter the connection and for administrative configuration purposes. The use of the firewall will make it easy to keep suspicious programs at bay (Charles, & Shari, 2001). An organization should also invest in utility programs like the anti-virus software. They help to detect and heal computer viruses which could have spread in the network.
There should be the buying of many switches so that the network can be segmented. Segmentation of the network has many advantages because there will be autonomy in the network. The section which has administrative purposes can be giving a different subnet from the rest of the network. There should be the use of routers also so that the flow of traffic is intelligent. Traffic should be monitored and should not be allowed to flow anyhow.
Another issue which is equally important is the setting up of security policy within the organization where the users are supposed to be having their own passwords that will be used to authenticate their identity. These employees should log out from the electronic system after they are through with what they were doing. This should be made a rule in the electronic system.
Long term improvements
There should be a remote data center that will be used to store the data in an organization. This will help safeguard the information from the professionals. Remote data backup is becoming the best way of cushioning oneself from unforeseen disasters which can wreak havoc to an organization and bring a lot of legal complications.
There should be the use of bidet in the authentication process of an organization. This is the use of biological data in the logging into the e electronic system (Charles, & Shari, 2001). If the current popularity of the Internet is anything to go by, then an organization has to invest in the use bio-data to get the authentication process work for most of the people.
An organization should also develop a private tunnel where an organization network is on its own and is separated from the public domain. This will help eradicate mixture of the public traffic and the private data.
Authentication and access control of Electronic Data and Information
Authentication management
From the assessment, it is clear that there are no controls that have been set in the electronic system. This is because there are no plans for the information electronic systems personnel. One of the issues that should be enacted with immediate effect is the access control to the database. This is an area that is the heart of an organization. This should be secured for better security of the database. There is a need to ensure that the database is secured and accessed by few individuals. The database should be accessed by the people who are authorized to access and manage. The first step that should be done is to have different and strong security credentials for the database. The database administrator will secure the database with the credentials that is known to the administrator alone. This will mean that if someone will want to access the database, they will have to go through the database administrator so that they get the authorization and the vetting. This will mean that the database administrator will evaluate all the requests to access the database. This will help in the process of getting the required security of the database. The access to the database should lie with the database administrator (Peltier 281).
Access control
One way in which the access to the database will be managed is to have access controls. Controlling the access to the database is an important step that should be undertaken so ha the security of the database will be managed. Only the users who are authorized to access the database should be allowed to access the database. There will also be the need by the database administrator to have users access the database on request and on the levels that suit their needs.
Conclusion
From the assessment of the electronic privacy security, it is important to take action to safeguard the organization from future attacks and privacy breaches. The steps that have been undertaken to correct the mistake that has been shown will ensure that the users will be responsible for all the issues that pertain the use of the resources of the organization. It is important to understand that most of the security issues and challenges that organizations face are because of negligence and reluctance of the users to observe the set security standards and policies. With the stipulated steps, it will enable the users to be aware of the security issues that they face when they do not observe the security issues of the organization.
References
Charles, P. & Shari, L. P. (2001). Security in computing. Prentice Hall
Electronic Privacy
Electronic Privacy
[Student’s Name]
[Institution Affiliation]
Introduction
There are a lot of issues that can be depicted from this description. There is minimal if not none of electronic privacy policies that have been implemented in various companies. There are a lot of loopholes that intruders can use to get into the electronic systems. With the popularity of the Internet which has become one of the popular medium of communication. There two categories of precautions and steps that need to be implemented in an organization in order to curb electronic privacy issues at stake. These two are the technical issues that need to be taken into consideration and the people issues. The technical issues can further be subdivided into two which will comprise of the physical issues and the logical issues in an organization. The physical issues include the physical precautions that should be done or bought like buying intelligent routers and building a protection in the organization’s premises. The protection will eradicate the outside world from getting into the premises of the organization. The logical issues include things like installing and implementing firewall in the network.
Electronic Security Risk analysis
One of the risks that an organization stands falling in is that the intruders can get into the electronic system without much struggle. This is because there is no firewall which has been installed in place. The firewall is a logical setup where the network will filter connections that are being made to the network. Only authenticated connections are allowed to the network (Charles, & Shari, 2001). This is a very important precaution which should be implemented soon. The firewall will also help an organization to monitor their employees; there are some sites like Facebook which rob an organization of work time because many of the employees using an organization time. The use of the firewall helps in regulating the use of such sites. Another risk is that of losing the integrity of data. This is because the professionals, that organizations deals with, like the lawyers and the medics have no data privacy. Each Dick, Tom and Mary can access the information and thus the data they deal with loses their integrity.
Another risk is that the data is not properly guarded and monitored in the electronic networks of organizations. If there is a problem that will arise in the network, it will be difficult to diagnose the problem. This is because there is the use of one switch which does the connection to all the nodes in the network. If there is an infection in one of the computers, it will be easy to transmit the viruses to the rest of the network. Company information which is confidential is not guaranteed of their safety. There is some information which should remain with the management alone. With the use of one switch, gaining access to this information will not cost any much effort even for the most amateurish computer user (Charles, & Shari, 2001). Hacking into networks is a reality now than ever before. Having a company with this setup is a ticket for inviting trouble to an organization sooner than expected.
There are no clear policies which have been set in place for the usurers to follow. These rules should be imparted to all the employees and will involve the implementation of passwords that should conform to the national or even international standards. The passwords should not be shared with anyone. All employees to an organization should be educated to get the importance of authentication in the network. The presence of instances where the employees do not log out of their machines is not good because someone can use somebody else accounted to cause malice and harm to the network. All users should have a profile in the electronic system of an organization so that they can be tracked in the electronic system to look for those engaging in suspicious activities on the network.
Electronic Privacy and Security Enhancement Act
The major sections what were amended include sections 101A which mandated the body in charge to submit a report to the national congress on any undertaking and proposed punishment. The other second was sections 102 and 103 which demanded that any entity that belongs to the government should be made open via service providers who provide electronic communication and any disclosure made should not be with an ill intention.
It also demanded that in section 104 of national data center where there will be maximum electronic data security infrastructure and sophisticated tools for threat detection, fraud investigation and appropriate measures to protect sensitive information such as those for hospitals and the government. There was also a ban in the spread of material that can corrupt individuals mind such as pornography via the internet and any communication media in section 105 (Choi 86)
In section 106, the punishment that individual that uses a computer to physically hurt another person or tries to commit a felony with an aid of a computer was made severe. There was also a provision of extensive security to media group that gave hand to the police while carrying out the investigation while the vulnerable attacks that were frequent were blacklisted so that more security concern were availed in those areas. These two amendments are in section 107 and 108 respectively.
Lastly more vigilance was given to bridging of one’s privacy via the mobile phones unauthorized interception of conversation and in addition, the severity of the punishment was increased. Furthermore, the requirement of presence of a police officer before a warrant of arrest is issued was ruled out in order to raise vigilance (Lingihn 56)
I feel that the enforcement of electronic Privacy act of 2002 has helped the citizens of the federal republic to regain the glory of data and information privacy. The fear of one’s information getting into the hands of unauthorized individual has been drastically reduced due to enforcement of severe penalties to any person found breaching this right. In addition, it has enabled more secure computerized financial transaction which had become a nightmare. With the enforcement of this law, the use of information technology has become better (Theohary 126).
Steps/ procedures of ensuring Electronic Privacy
The security of information electronic systems is crucial to the performance of each and every company or organization. It is therefore the responsibility of each and every employee to ensure that the laid down procedures for protection and safety of the electronic systems is adhered to with utmost care. Information electronic systems security measures are implemented to ensure that both the integrity, confidentiality, authenticity and availability of the data stored in the electronic system is not compromised. A balanced approach is used to ensure that administrative, operational as well as personnel controls are implemented equally. The nature of the information secured determines the level of security imposed (Salomon, 2007). Human safeguards for employees are meant to control their behavior in relation to access and use of information in an electronic system. Through identification and authentication management, employees would be restricted to the modalities of accessing and using the electronic system.
Each employee should be assigned a unique password used to enter into the electronic system. The identity should not be used by multiple employees since audit measures are put in place and every employee is accountable to their individual actions. Identities require authenticators such as passwords, biometrics and smart cards at login or accessing the electronic system. However the level of “threats” might determine the usage of these authenticators. High-risk workstations or LANs might require an employee to have additional access rights and/or clearance in order to access. Employees with lower clearance might require personnel escort within such areas (Salomon, 2007).
Password protection safeguards against unauthorized access. No employee passwords should be written down on notebooks. Default passwords should be changed immediately upon the creation of accounts. Passwords should also be created using alpha-numeric digits more than eight in number with different case styles. Employee passwords should be regularly changed and where passwords are being echoed such as in half-duplex connections, overprint masks are used before the passwords are entered to conceal it. Safeguards are establish to detect and safeguard the unauthorized access or use of media to alter or introduce changes to the information electronic systems.
In summary human information security measures are meant to control the access privileges of humans while accessing the electronic system. Electronic storage devices should be monitored by the chief security officer to ensure that unauthorized information is not passed to unauthorized persons. Likewise, human readable output classified as high-security information should be reviewed before release. Electronic files released out of the security boundary should be cleared. Generally the manner in which humans utilize the information electronic system is a matter of concern and sufficient controls should be established (Salomon, 2007).
Electronic information security policies
There is also a need to have information security policies which will be used to govern the use of the information resources in a secure manner. This will ensure that the resources that are used are secured. From the assessment, there is lack of policies that would govern the use of resources on the network. It is important to understand how this is possible with the creation of policies that will be followed in an organization. This will address the aspect where nurses share passwords, personnel leaving passwords on top of their desks; this will also solve the aspect of having users not changing their passwords for a long time. This should be solved so that there is effective use of information resource in a manner that it will ensure that the flaws that have been identified will be the responsibility of all the users within the organization. The use of information resources by all the users in the organization will be governed by the following policies:
Password use policy
The password policy will be developed to cover the aspects of password use within any organization. All users will be provided with username and passwords. The password will be changed automatically after seven days. The first password in the organization will be automatically generated. The users will be required to change the passwords that have been provided within the first seven days that they have the passwords. There will be a reminder that will be set in order to remind the users to change the passwords after a period of seven days. This will ensure that the users are able to protect the compromise to the passwords that they have.
Users will be required to be responsible for the security credentials that they have. It is important to understand this principle and ensure that the users will be able to protect the passwords and the issues that will come under the security policy that will be set.
Account management policy
Users will be required to protect their accounts so that they will be only ones who will be using these accounts. This will be achieved by ensuring that the users will be responsible for all that happens while their accounts are active. They will be held responsible for any illegal or malicious procedures that will be done under their accounts. This will ensure that the users will be able to have the security of the accounts under control. With this policy, it will be an offense to share password information with other people. The users will be required to have one password and will be able to have the security of the account under control.
Policy enforcement
The users who will be found to have contravened the set security policies while they are using their accounts will lose their accounts for a period of one month. This will be considered a security offense and the users might get other disciplinary actions from the senior management. This will ensure that users are responsible for their actions.
Recommendations for a Better Electronic Privacy
Things to do immediately
There should be a firewall in the network that will be used to filter the connection and for administrative configuration purposes. The use of the firewall will make it easy to keep suspicious programs at bay (Charles, & Shari, 2001). An organization should also invest in utility programs like the anti-virus software. They help to detect and heal computer viruses which could have spread in the network.
There should be the buying of many switches so that the network can be segmented. Segmentation of the network has many advantages because there will be autonomy in the network. The section which has administrative purposes can be giving a different subnet from the rest of the network. There should be the use of routers also so that the flow of traffic is intelligent. Traffic should be monitored and should not be allowed to flow anyhow.
Another issue which is equally important is the setting up of security policy within the organization where the users are supposed to be having their own passwords that will be used to authenticate their identity. These employees should log out from the electronic system after they are through with what they were doing. This should be made a rule in the electronic system.
Long term improvements
There should be a remote data center that will be used to store the data in an organization. This will help safeguard the information from the professionals. Remote data backup is becoming the best way of cushioning oneself from unforeseen disasters which can wreak havoc to an organization and bring a lot of legal complications.
There should be the use of bidet in the authentication process of an organization. This is the use of biological data in the logging into the e electronic system (Charles, & Shari, 2001). If the current popularity of the Internet is anything to go by, then an organization has to invest in the use bio-data to get the authentication process work for most of the people.
An organization should also develop a private tunnel where an organization network is on its own and is separated from the public domain. This will help eradicate mixture of the public traffic and the private data.
Authentication and access control of Electronic Data and Information
Authentication management
From the assessment, it is clear that there are no controls that have been set in the electronic system. This is because there are no plans for the information electronic systems personnel. One of the issues that should be enacted with immediate effect is the access control to the database. This is an area that is the heart of an organization. This should be secured for better security of the database. There is a need to ensure that the database is secured and accessed by few individuals. The database should be accessed by the people who are authorized to access and manage. The first step that should be done is to have different and strong security credentials for the database. The database administrator will secure the database with the credentials that is known to the administrator alone. This will mean that if someone will want to access the database, they will have to go through the database administrator so that they get the authorization and the vetting. This will mean that the database administrator will evaluate all the requests to access the database. This will help in the process of getting the required security of the database. The access to the database should lie with the database administrator (Peltier 281).
Access control
One way in which the access to the database will be managed is to have access controls. Controlling the access to the database is an important step that should be undertaken so ha the security of the database will be managed. Only the users who are authorized to access the database should be allowed to access the database. There will also be the need by the database administrator to have users access the database on request and on the levels that suit their needs.
Conclusion
From the assessment of the electronic privacy security, it is important to take action to safeguard the organization from future attacks and privacy breaches. The steps that have been undertaken to correct the mistake that has been shown will ensure that the users will be responsible for all the issues that pertain the use of the resources of the organization. It is important to understand that most of the security issues and challenges that organizations face are because of negligence and reluctance of the users to observe the set security standards and policies. With the stipulated steps, it will enable the users to be aware of the security issues that they face when they do not observe the security issues of the organization.
References
Charles, P. & Shari, L. P. (2001). Security in computing. Prentice Hall