Adequate Notice

I believe that web operators still should give users adequate notice of changes in their terms of use if their dealings with users are primarily on the internet. This would mean all social networking sites and E-shops like Ebay or Amazon. The reason for this is that all Browse-Wrap contracts are legally enforceable contracts due to the Verio case and as such, need to be treated as legally enforceable contracts.

The notice can be feasibly given because to sign up to these sites a valid e-mail address must be given. Hence a month before that changes come into effect an E-mail can be sent to all the accounts alerting them of the changes. This E-mail can also be repeated each week leading up to the changes being effective. A message can also be located on the home page stating that E-mails have been sent regarding the changes; and a link can be proved that would lead them to more information. To date however I have not seen a site do such a thing.

But by following the above remedy relevant notice of changes to terms of service can be provided. Since this is a legal contract these users still have rights and web operators should strive to facilitate those rights as best they can.

Online Jurisdiction

The main issue that is brought up in the MegaUpload case is whether or not America's jurisdiction spreads over the internet. The people arrested in relation to MegaUpload had no domicile in America as they were citizens of various countries living in New Zealand. Moreover, the company was not founded in America, the only point that links them to America are the servers located in Virginia.

The main implication of this case is that any breach of law from any country that occurs online can put the offender in that countries jurisdiction; as long as they have servers in that country. If the accused get extradited on these grounds it shall be a precedent that can be used everywhere.

Personally I do not think the accused should be put to trail in America since there link to the accused is very weak. The fact that there domicile is not in America and there company was not founded there either. If this was a crime that did not occur online, America would not be after them. Instead they should be put to trial either where the company was founded or in there country of domicile.

IT Governance and Fraud

Firstly I disagree with the owners view that IT governance controls are too costly. Whilst they have a cost element to them they will save the business more money than they cost in the long run. For instance the chances are that the business would have prevented the fraud from occurring if control measures were in place. 

However I would not recommend a small business to implement COBIT 4.1 due to size issues discussed in week one. Although I would recommend elements that would be practical to a small business setting. The most the two most crucial of these elements would be evaluating IT risk and setting controls on those risks. If risk is not evaluated and controls set in place in the planning stage of implementing IT to a business it is destined to fall into a trap such as fraud.

This scenario has also proven the fraud triangle to be true. The employee had been given opportunity to commit fraud with the passwords required; and due to her age of 18 she could’ve been under financial pressure. Hence this built pressure and stress with opportunity gives rise for fraud to occur.

Therefore I recommend that small businesses evaluate potential IR risk and put controls in place. This will prevent an opportunity arising for desperate employees to pounce on.

COBITs Benefits

The traditional brick and mortar firms have become extinct due to Economic Darwinism. If firms want to succeed they need to go online and embrace IT. Hence companies need to have an ITG plan to ensure the implementation, support and monitoring is done in an effective manner.

Whilst it is true that it can create a lot of work for an organisation to create an ITG plan, I believe there would be countless benefits attached to it.

All businesses need to:

• Align there IT and business goals
• Manage the risks of IT failure in there firm
• Know to have a hot or cold site as the back up system
• Monitor divergence between IT and Business goals ect

In essence it is clear to me without an ITG plan a business would be going blind into a maze of risks that they wouldn’t be able to recognise before damage occurs. Such a case is the QLD health fraud and payroll debacle. My dad was not paid for a week, due to the poor governance practises by the QLD government. It has also influenced my perceptions on how well the current government can preside over other such issues in the future.

Therefore ITG strategies are a lot of work for an organisation but is 100% necessary for success.

SMEs and COBIT

Today I will be discussing whether or not IT governance and the COBIT framework are more concerned with large businesses rather than small to medium sized enterprises (SME). I personally disagree that IT governance should only be for larger businesses; however I agree that COBIT is not suited for SMEs.

Firstly whilst larger businesses have more IT to govern over does not mean that they should be the only ones practising it. The consequences are just as detrimental if poor practises are in place no matter the size. Even for an individual like myself; I lost a USB which contained a terms worth of school work. I placed a lot of stress on myself due to that poor governance choice. 

Secondly I believe COBIT is more suited to larger businesses due to the broadness of it. A SME do not have very many staff and usually does not have a dedicated IT department meaning implementing COBIT would be much harder. Getting external help is not necessarily a good idea either as it is expensive. In addition Devos (2012) found that implementing COBIT in SME’s yielded disappointing results due to size issues.

Therefore I recommend that IT governance be practiced by all sizes of business however SMEs should seek out a better framework than COBIT that fits there business size more.

References

Devos, J. (2012). Rethinking IT governance for SMEs. Industrial management + data systems, 112 (2), p. 206.