Ethics in Information Technology Chapter 1

Questions and Answers

Which of the following statements is true about laws?

Laws are subjective.

Laws tell us what we can and cannot do. (correct)

Laws are personal principles.

Laws are enforced by ethical standards.

Just because an activity is legal, it is always ethical.

False

Corporate social responsibility is the concept that an organization should act ethically by taking responsibility for the impact of its actions on its ____________.

shareholders, consumers, employees, community, environment, and suppliers

Match the following computer exploits with their definitions:

Ransomware = Malicious software that encrypts data and demands payment for decryption Phishing = Deceptive attempts to obtain sensitive information by masquerading as a trustworthy entity Rootkits = Stealthy malicious software that allows unauthorized access DDoS attacks = Flooding a network or server with excessive traffic to disrupt normal functioning

What is the term used to refer to the partnership between DHS and the public and private sectors aimed at protecting the nation's Internet infrastructure against cyberattacks?

US-CERT

What are the three key elements referred to as the CIA security triad?

Confidentiality, Integrity, Availability

The concept of reasonable assurance in IT security states that the cost of control should always exceed the system's benefits.

False

What is the term that refers to a company that monitors, manages, and maintains computer and network security for other organizations?

MSSP

Match the following laws with their respective descriptions:

GLBA = Regulates collection and disclosure of personal financial information by financial institutions HIPAA = Defines standards for health insurance coverage and reduces fraud in healthcare FERPA = Provides rights regarding release of student records

What is a data breach?

Unauthorized access of sensitive data

What do the initials GDPR stand for and when does it take effect?

General Data Protection Regulation, May 2018

The First Amendment protects obscenity under freedom of expression in the United States.

False

What is e-discovery?

E-discovery is the collection, preparation, review, and production of electronically stored information for use in criminal and civil actions and proceedings.

The First Amendment protects Americans' rights to freedom of ___

speech

Match the federal law with its impact on online freedom of expression:

Communications Decency Act (CDA) = Protecting children from online pornography Child Online Protection Act (COPA) = Prohibiting harmful material to minors via the Internet Digital Millennium Copyright Act (DMCA) = Limiting ISP liability for copyright infringement

What does CMMI stand for in software development?

Capability Maturity Model Integration

A safety-critical system failure may cause human injury or death.

True

The annual loss expectancy (ALE) is calculated using the equation ARO × SLE = _____.

ALE

What is the goal of the WTO?

To help producers, exporters, and importers conduct business

What is Risk Management?

Risk management is the process of identifying, monitoring, and limiting risks to a level that an organization is willing to accept.

The DMCA restricts the circumvention of technical protection measures.

True

Match the following abbreviations with their full forms:

EMR = Electronic Medical Record EHR = Electronic Health Record CPOE = Computerized Provider Order Entry HIE = Health Information Exchange

What is a patent?

A grant of property right issued to an inventor that permits its owner to exclude the public from making, using, or selling a protected invention.

For an invention to be eligible for a patent, it must fall into one of three statutory classes: it must be useful, it must be novel, and it must not be obvious to a person having ordinary skill in the same field. These three classes are known as ________________.

statutory classes

Match the following IP protection concepts with their definitions:

Trade secret = Information must have economic value and owner must take steps to maintain its secrecy Patent = Grant of property right to exclude public from making, using, or selling an invention Trademark = Logo, package design, phrase, or word that differentiates products

What are some of the key ethical issues associated with the use of social networks and other social media?

All of the above

What is cyberabuse?

Cyberabuse is any form of mistreatment or lack of care, both physical and mental, based on the use of an electronic communications device that causes harm and distress to others.

Whistle-blower protection laws protect all whistle-blowers from retaliatory acts.

False

____ computing is concerned with the efficient and environmentally responsible design, manufacture, operation, and disposal of IT-related products.

Green

Study Notes

Overview of Ethics

• Ethics is a code of behavior defined by a group, while morals are personal principles guiding decisions about right and wrong.
• Integrity involves acting according to a personal code of principles.
• Law is a system of rules enforced by institutions, and being legal does not necessarily mean being ethical.
• Trends increasing the likelihood of unethical behavior include:
  • Globalization creating complex work environments
  • Economic pressures leading to unethical behavior
  • Powerful individuals believing they have the right to manipulate outcomes

Corporate Social Responsibility (CSR)

• CSR is the concept of an organization acting ethically, taking responsibility for its impact on stakeholders, including:
  • Shareholders
  • Consumers
  • Employees
  • Community
  • Environment
  • Suppliers
• Supply chain sustainability is a key component of CSR, focusing on meeting present needs without compromising future generations.
• Organizations have five reasons to pursue CSR goals:
  • Gain goodwill from the community
  • Operate consistently
  • Foster good business practices
  • Protect from legal action
  • Avoid unfavorable publicity

Improving Business Ethics

• Organizations can improve business ethics by:
  • Appointing a corporate ethics officer
  • Setting high ethical standards for the board of directors
  • Establishing a corporate code of ethics
  • Conducting social audits
  • Requiring ethics training for employees
  • Incorporating ethical criteria into employee appraisals
  • Creating an ethical work environment
• Decision-making can be improved by:
  • Identifying and involving stakeholders
  • Weighing laws, guidelines, and principles
  • Considering the impact of decisions on stakeholders and the environment

Ethics for IT Workers and IT Users

• IT workers must manage relationships with:
  • Employers
  • Clients
  • Suppliers
  • Other professionals
  • IT users
  • Society
• Key ethical issues in each relationship include:
  • Setting and enforcing policies
  • Defining and sharing responsibilities
  • Remaining objective and avoiding conflicts of interest
  • Developing good working relationships
  • Practicing professionalism
• A professional code of ethics states the principles and core values essential to a particular occupation.
• Adherence to a code of ethics can produce many benefits, including:
  • Ethical decision-making
  • High standards of practice and behavior
  • Trust and respect from the public
  • Access to an evaluation benchmark

Cyberattacks and Cybersecurity

• Computer incidents are prevalent due to:
  • Increasing computing complexity
  • Expanding and changing systems
  • BYOD policies
  • Software vulnerabilities
  • Sophistication of attackers
• Types of people who launch computer attacks include:
  • Black hat hackers
  • Crackers
  • Malicious insiders
  • Industrial spies
  • Cybercriminals
  • Hacktivists
  • Cyberterrorists
• Common computer exploits include:
  • Ransomware
  • Viruses
  • Worms
  • Trojan horses
  • Logic bombs
  • Blended threats
  • Spam
  • DDoS attacks
  • Rootkits
  • Advanced persistent threats
  • Phishing
  • Spear phishing
  • Smishing
  • Vishing
  • Cyberespionage
  • Cyberterrorism
• The US-CERT is a partnership between DHS and the public and private sectors that serves as a clearinghouse for information on new viruses, worms, and other computer security topics.

Implementing a Strong Security Program

• A security program should focus on:
  • Confidentiality
  • Integrity
  • Availability
• Key elements of a security strategy include:
  • Risk assessment
  • Disaster recovery plan
  • Security policies
  • Periodic security audits
  • Compliance standards
  • Use of a security dashboard
• Network security layer elements include:
  • Authentication methods
  • Firewalls
  • Routers
  • Encryption
  • Proxy servers
  • VPN
  • IDS
• Application security layer elements include:
  • Authentication methods
  • User roles and accounts
  • Data encryption
• End-user security layer elements include:
  • Security education
  • Authentication methods
  • Antivirus software
  • Data encryption

Privacy

• The right of privacy is the right to be left alone, and it includes:
  • Communications privacy
  • Data privacy
• The Fourth Amendment protects individuals from unreasonable searches and seizures, but the courts have ruled that without a reasonable expectation of privacy, there is no privacy right to protect.
• Laws providing privacy protection include:
  • Fair Credit Reporting Act
  • Right to Financial Privacy Act
  • GLBA
  • Fair and Accurate Credit Transaction Act
  • HIPAA
  • American Recovery and Reinvestment Act
  • FERPA
  • COPPA
  • Title III of the Omnibus Crime Control and Safe Streets Act
  • FISA
  • Executive Order 12333### Privacy and Surveillance
• The ECPA deals with the protection of communications while in transit, electronic storage, and prohibition of devices recording dialing information without a search warrant.
• The CALEA requires the telecommunications industry to build tools for federal investigators to eavesdrop on conversations and intercept electronic communications.
• The USA PATRIOT Act modified 15 existing statutes, giving sweeping powers to law enforcement and intelligence agencies, including eavesdropping on telephone communications and intercepting email messages.
• The Foreign Intelligence Surveillance Act Amendments Act of 2004 authorized intelligence gathering on individuals not affiliated with any known terrorist organization.
• The Foreign Intelligence Surveillance Act of 1978 Amendments Act of 2008 granted the NSA expanded authority to collect international communications without court-approved warrants.

Data Protection

• The OECD created a set of fair information practices for the ethical treatment of consumer data.
• The European Union Data Protection Directive requires member countries to ensure data transferred to non-EU countries is protected.
• The European–United States Privacy Shield Data Transfer Program Guidelines allows businesses to transfer personal data about European citizens to the United States.
• The GDPR (General Data Protection Regulation) takes effect in May 2018, enabling citizens to see and correct their personal data, standardizing data privacy regulations, and establishing penalties for violations.

Consumer Profiling and Data Breaches

• Companies use various methods to collect personal data, including depositing cookies on visitors' hard drives.
• Consumer data privacy is a major marketing issue, with companies losing business and facing lawsuits for privacy violations.
• Data breaches are the unintended release of sensitive data or access by unauthorized individuals, with many states passing data breach notification laws.

E-Discovery

• E-discovery is the collection, preparation, review, and production of electronically stored information for use in criminal and civil actions.
• Predictive coding is a process that couples human intelligence with computer-driven concept searching to recognize relevant documents.

Workplace Monitoring

• Many organizations have developed IT usage policies to protect against employee abuses.
• About 80% of U.S. firms record and review employee communications and activities, including phone calls, email, web surfing, and computer files.

Advanced Surveillance Technologies

• Surveillance cameras are used to deter crime and terrorist activities, but critics argue that they violate civil liberties.
• EDRs (event data recorders) record vehicle and occupant data for a few seconds before, during, and after a vehicle crash.

Freedom of Expression

• The First Amendment protects Americans' rights to freedom of religion, expression, and assembly.
• The Supreme Court has ruled that the First Amendment also protects the right to speak anonymously.
• Obscene speech, defamation, incitement of panic, and sedition are not protected by the First Amendment.

Internet Censorship and Freedom of Expression

• Internet censorship is the control or suppression of publishing or accessing information on the Internet.
• Many countries practice some form of Internet censorship.
• SLAPPs (strategic lawsuits against public participation) are lawsuits filed by corporations, government officials, and others against citizens and community groups.
• Anti-SLAPP laws are designed to reduce frivolous SLAPPs.

Intellectual Property

• Intellectual property is a term used to describe works of the mind, such as art, books, films, formulas, inventions, music, and processes.
• Copyrights, patents, trademarks, and trade secrets form a complex body of law relating to the ownership of intellectual property.
• The Prioritizing Resources and Organization for Intellectual Property (PRO-IP) Act of 2008 increased trademark and copyright enforcement.
• The Digital Millennium Copyright Act (DMCA) implements two WIPO treaties in the United States and limits the liability of Internet service providers for copyright infringement.
• Patents are grants of property rights issued by the U.S. Patent and Trademark Office (USPTO) to an inventor.
• Trade secrets are protected by the Uniform Trade Secrets Act, the Economic Espionage Act, and the Defend Trade Secrets Act.### Protecting Intellectual Property
• Noncompete agreements can be used to protect intellectual property from being used by competitors when key employees leave.
• Plagiarism is the act of stealing someone's ideas or words and passing them off as one's own.
• Plagiarism detection systems enable people to check the originality of documents and manuscripts.
• Reverse engineering is the process of breaking something down to understand, build a copy, or improve it.
• Reverse engineering may be considered unethical if it accesses copyrighted or trade secret information.

Competitive Intelligence

• Competitive intelligence is legally obtained information gathered to help a company gain an advantage over its rivals.
• It is not the same as industrial espionage, which is the use of illegal means to obtain business information.
• Industrial espionage is a serious crime in the United States, carrying heavy penalties.
• Competitive intelligence analysts must avoid unethical or illegal behavior, including lying, misrepresentation, theft, bribery, or eavesdropping.

Trademarks

• A trademark is a logo, package design, phrase, sound, or word that enables a consumer to differentiate one company's products from another's.
• Website owners must ensure they are not sued for trademark infringement.
• Cybersquatters register domain names for famous trademarks or company names to sell them to the trademark owner at a high price.
• To prevent cybersquatting, organizations can protect their trademarks by registering numerous domain names and variations.

Software Quality

• High-quality software systems are easy to learn and use, perform quickly and efficiently, operate safely and reliably, and have a high degree of availability.
• Software quality is critical in fields such as air traffic control, nuclear power, automobile safety, healthcare, military, and defense.
• End users cannot afford system crashes, lost work, or lower productivity.
• A software defect is any error that could cause a software system to fail to meet its users' needs.
• Software quality management focuses on defining, measuring, and refining the quality of the development process and products.

Software Development Methodologies

• A software development methodology is a standard, proven work process that enables controlled and orderly progress in developing high-quality software.
• The waterfall system development model is a sequential, multistage process.
• Agile development methodology involves developing a system in iterations, accepting that system requirements are evolving and cannot be fully understood or defined at the start of the project.
• Effective development methodologies can help protect software manufacturers from legal liability for defective software.

Quality Assurance

• Quality assurance (QA) refers to methods within the development process that guarantee reliable operation of a product.
• QA methods are applied at each stage of the development cycle.
• Capability Maturity Model Integration (CMMI) models are collections of best practices that help organizations improve their processes.
• CMMI-Development (CMMI-DEV) is frequently used to assess and improve software development practices.

Risk Management

• Risk management is the process of identifying, monitoring, and limiting risks to a level that an organization is willing to accept.
• Risk can be quantified by three elements: risk event, probability of the event, and impact on the business outcome.
• Annualized loss expectancy (ALE) is the estimated loss from a risk over the course of a year.

The Impact of Information Technology on Society

• The relationship between IT investment and productivity growth in the United States is complex.
• Labor productivity is a measure of the economic performance that compares the amount of goods and services produced with the number of labor hours used.
• Innovation is a key factor in productivity improvement, and IT has played an important role in enabling innovation.

Artificial Intelligence, Machine Learning, and Robotics

• Advances in artificial intelligence, machine learning, robotics, and natural language processing are fundamentally changing the way work gets done.
• Almost every job has partial automation potential, and research suggests that 45% of human work activities could be automated using existing technology.

Healthcare

• Healthcare costs in the United States are expected to increase 5.6% per year from 2016 to 2025.
• Electronic medical records (EMRs), electronic health records (EHRs), and health information exchange (HIE) are important technologies in healthcare.
• Clinical decision support (CDS) systems and computerized provider order entry (CPOE) systems can improve healthcare delivery and reduce costs.

Telehealth

• Telehealth employs modern telecommunications and information technologies to provide medical care to people who live or work far away from healthcare providers.
• Telemedicine is the component of telehealth that provides medical care to people at a location different from the healthcare provider.
• Store-and-forward telemedicine involves acquiring data and then transmitting it to a medical specialist for later evaluation.

Social Media

• Social media are web-based communication channels and tools that enable people to interact with each other by creating online communities.
• A social networking platform creates an online community of Internet users that enables members to interact with others online.
• Social media marketing involves the use of social networks to communicate and promote the benefits of products and services.
• Organic media marketing employs tools provided by or tailored for a particular social media platform to build a social community.
• Paid media marketing involves paying a third party to broadcast an organization's display ads or sponsored messages to social network users.
• Earned media refers to media exposure an organization gets through press and social media mentions, positive online ratings and reviews, tweets and retweets, reposts, and recommendations.

Description

Summary of Chapter 1 of Ethics in Information Technology, covering the basics of ethics, morals, and law in the context of IT.