Name: MATHEW KIPNGETICH

REG NO. BUS-242-045/2021

UNIT: PROFFESIONAL ISSUES IN IT

COURSE : BBIT

1) (i) What are some examples of security threats that IT professionals commonly
encounter in today's landscape? (6)
Phishing attacks: Attempts to trick individuals into divulging sensitive information
or downloading malicious software through deceptive emails or messages.
Malware infections: Software designed to disrupt, damage, or gain unauthorized
access to computer systems, often spread through malicious links, downloads, or
infected files.
DDoS (Distributed Denial of Service) attacks: Overwhelming a target server or
network with a flood of traffic from multiple sources, rendering it inaccessible to
legitimate users.
Ransomware incidents: Malicious software that encrypts files or locks users out of
their systems, demanding payment (usually in cryptocurrency) for decryption or
restoration.
Insider threats: Risks posed by individuals within an organization who misuse their
access privileges, intentionally or unintentionally, to compromise data or systems.
Data breaches: Unauthorized access to sensitive or confidential information, often
resulting in the exposure or theft of personal or corporate data.
ii) Outline possible repercussions for organizations if they fail to sufficiently mitigate
security threats (6)
Financial Losses: Organizations may incur significant financial losses due to costs
associated with incident response, system repairs, legal fees, regulatory fines, and
compensation for affected parties.
Reputational Damage: Security breaches can tarnish an organization's reputation,
leading to loss of trust among customers, partners, and stakeholders. This can result in
decreased sales, loss of business opportunities, and difficulty in attracting top talent.
Legal Consequences: Failure to adequately protect sensitive data may lead to legal
liabilities, lawsuits, and regulatory penalties for non-compliance with data protection
laws such as GDPR, HIPAA, or CCPA.
Operational Disruption: Security incidents can disrupt normal business operations,
causing downtime, loss of productivity, and delays in delivering products or services
to customers.
Intellectual Property Theft: Unauthorized access to intellectual property or trade
secrets can result in competitive disadvantage, loss of market share, and erosion of
innovation.
 Long-term Business Impact: Persistent security issues may lead to erosion of market
position, diminished investor confidence, and even potential business failure if not
effectively addressed, impacting the organization's long-term viability and
sustainability.
2) Explain the key professional issues faced by the IT industry in Kenya and the
world at large (10) .

Skills Gap: There's a shortage of skilled IT professionals, both in technical and soft
skills, hindering the industry's growth and innovation.

Cybersecurity Concerns: Rising cyber threats and attacks pose significant

challenges in safeguarding sensitive data and critical infrastructure, requiring
continuous vigilance and investment in security measures.

Digital Divide: Disparities in access to technology and digital literacy persist,

limiting opportunities for equitable participation in the digital economy, particularly
in rural and underserved areas.

Regulatory Compliance: Compliance with evolving data protection and privacy

regulations, such as GDPR and local data protection laws, presents compliance
challenges and requires ongoing adaptation to stay abreast of changing requirements.

Infrastructure Development: Inadequate IT infrastructure, including limited internet

connectivity and outdated systems, impedes technological advancements and digital
transformation efforts, particularly in emerging markets like Kenya.

Talent Retention: High demand for IT talent leads to increased competition among
employers, making talent retention a challenge, particularly in the face of attractive
opportunities abroad.

Ethical Considerations: Ethical dilemmas surrounding emerging technologies, such

as AI and biotechnology, raise concerns about data privacy, algorithmic bias, and the
societal impact of technological innovations.

Digitalization of Education: The need to modernize education systems to align with

technological advancements, including integrating IT skills into curricula and
promoting lifelong learning to keep pace with evolving technologies.

Interdisciplinary Collaboration: Encouraging collaboration between IT

professionals and experts from other fields to address complex societal challenges,
such as healthcare, agriculture, and climate change, through technology-driven
solutions.

Environmental Sustainability: Addressing the environmental impact of IT

operations, including energy consumption, e-waste management, and carbon
emissions, to promote sustainable development and minimize ecological footprints.
 3). Privacy and freedom of information are two fundamental rights that are
crucial in society. However, they often intersect and conflict with each other,
particularly in the context of data-driven environments and digital technologies.
In 6 points, explain how privacy and freedom of information can intersect and
conflict. (6).

Data Collection and Transparency: Balancing the need for transparency and access
to information with individuals' right to control their personal data, especially in cases
where sensitive information is collected and shared without consent.

Surveillance and Privacy: Striking a balance between government surveillance

efforts for national security and individuals' rights to privacy, where extensive
monitoring can infringe on personal freedoms and civil liberties.

Data Retention and Access: Resolving tensions between retaining data for legitimate
purposes such as law enforcement or research, while ensuring individuals' rights to
have their data deleted or anonymized to protect their privacy.

Public Interest vs. Personal Privacy: Weighing the public interest in accessing
certain information, such as government records or corporate data, against individuals'
rights to privacy and protection from unwarranted intrusion.

Algorithmic Decision-Making: Addressing concerns about algorithmic bias and

discrimination, where the use of data-driven technologies for decision-making may
compromise individuals' privacy rights and reinforce inequalities.

Cross-Border Data Flows: Managing conflicts between different jurisdictions' data

protection laws and privacy regulations, particularly in the context of international
data transfers, which may involve conflicting requirements for privacy and freedom of
information.

4) How do the ethical principles outlined in the ACM Code of Ethics and
Professional Conduct shape behavior and professional responsibilities within
the field of computing? (5)

Providing Guidelines: Offering clear guidelines for ethical behavior and decision-
making, guiding professionals in navigating complex ethical dilemmas.

Promoting Integrity: Encouraging honesty, integrity, and accountability in all

professional activities, fostering trust among stakeholders.

Prioritizing Privacy and Security: Emphasizing the importance of protecting

privacy, security, and confidentiality of data, ensuring responsible use of technology.
 Ensuring Equity and Inclusion: Advocating for fairness, inclusivity, and respect for
diversity, promoting equal access to computing resources and opportunities.

Upholding Social Responsibility: Highlighting the broader societal impact of

computing technologies and the professional responsibility to use technology for the
greater good, considering ethical implications in decision-making processes.

5). Describe the laws or principles governing the protection of Information (5)
General Data Protection Regulation (GDPR): A comprehensive European Union
regulation that governs the collection, processing, and storage of personal data of
individuals within the EU, emphasizing principles such as consent, transparency, and
data minimization.
Health Insurance Portability and Accountability Act (HIPAA): U.S. legislation
that sets standards for the protection of sensitive patient health information (PHI) and
establishes guidelines for healthcare providers, insurers, and business associates to
safeguard PHI.
California Consumer Privacy Act (CCPA): California state law that grants
consumers greater control over their personal information held by businesses,
requiring transparency about data practices, opt-out options, and safeguards against
unauthorized access or disclosure.
Principle of Confidentiality: A fundamental ethical principle that requires
professionals to maintain the confidentiality of sensitive information entrusted to
them, prohibiting unauthorized access, use, or disclosure.
ISO/IEC 27001: An international standard specifying requirements for establishing,
implementing, maintaining, and continually improving an information security
management system (ISMS), providing a framework for organizations to manage
information security risks effectively.
6). Give four general rules that must be observed to keep within the Law when working
with Data and information ( 4marks)
Obtain Consent: Ensure that individuals have given clear and explicit consent for the
collection, processing, and sharing of their personal data, adhering to relevant data
protection regulations such as GDPR or CCPA.
Limit Data Collection: Collect only the data that is necessary for the intended
purpose and refrain from collecting excessive or irrelevant information to minimize
privacy risks and legal liabilities.
Protect Data Security: Implement appropriate security measures to safeguard data
against unauthorized access, disclosure, alteration, or destruction, maintaining
compliance with industry standards and regulations such as ISO/IEC 27001.
Respect Data Retention Limits: Adhere to legal requirements and best practices
regarding the retention and disposal of data, ensuring that data is retained only for as
long as necessary and securely disposed of when no longer needed.
7). What role do IT professionals play in identifying and responding to potential
cybersecurity breaches, as exemplified by the situation faced by XYZ Corporation's IT
security team during the routine security audit? (5)
Conducting Regular Audits: Performing routine security audits to identify
vulnerabilities and assess the effectiveness of existing security measures,
Monitoring Systems: Continuously monitoring network traffic, system logs, and
security alerts for any suspicious activities or anomalies that may indicate a
cybersecurity breach.
Implementing Security Measures: Deploying and maintaining robust cybersecurity
measures, such as firewalls, intrusion detection systems, and encryption protocols, to
prevent and detect potential breaches.
Incident Response: Developing and implementing incident response plans to swiftly
respond to cybersecurity incidents, including containment, investigation, and
mitigation of the breach to minimize damage and restore normal operations.
Collaboration and Communication: Collaborating with internal teams, external
stakeholders, and law enforcement agencies to coordinate response efforts and share
information about emerging threats and best practices for cybersecurity defense.
8). List prominent professional bodies and organizations in Kenya related to the field of
computing and information technology (3marks).
Computer Society of Kenya (CSK): A professional association dedicated to
advancing the practice of computing and promoting excellence in the field of
information and communication technology (ICT) in Kenya.
Information Communication Technology Association of Kenya (ICTAK): An
organization that represents the interests of ICT professionals and practitioners in
Kenya, advocating for the development and adoption of ICT solutions for
socioeconomic development.
Kenya ICT Action Network (KICTANet): A multi-stakeholder platform that
facilitates dialogue, collaboration, and policy advocacy on ICT-related issues in
Kenya, promoting an inclusive and sustainable ICT ecosystem.