What does 'misuse of information technology' look like in a suitability context?

Misuse of information technology in a suitability context means actions that violate security rules, breach access controls, or put sensitive information at risk. The clearest example is when someone actually accesses systems or data they aren’t authorized to see, discloses restricted information, or ignores established security procedures. Those behaviors directly undermine confidentiality and the trust placed in someone handling information. Why the other options aren’t as emblematic: using a home computer for personal surfing can be a policy concern or a distraction, but it isn’t by itself an active breach of security rules. Attending a cybersecurity seminar shows positive security engagement and is not misuse. owning a personal device with a non-secure password signals weak security hygiene and creates vulnerability, but it’s about a risk factor rather than an explicit act of misusing IT or breaking procedures.