Information Ethics Chapter 2: Ethics and Laws of Cyber Security

Questions and Answers

PDF Questions PDF Answers

What was the estimated worth of businesses affected by spam emails in 2005?

Over $18 billion

Over $10 billion

Over $20 billion

Over $14 billion (correct)

Why is employee monitoring a concern for organizations?

Because it is against the law

Because it is unethical

Because it can leave the organization financially responsible (correct)

Because it can make employees uncomfortable

What is the purpose of an anti-spam policy?

To monitor employee activity

To prevent workplace harassment

To prevent employees from sending unsolicited emails (correct)

To track employee productivity

What is a key logger or key trapper software used for?

To track people's activities

What is the importance of obtaining a written signature from employees in an employee monitoring policy?

To ensure employees are aware of the policy

What is the purpose of an employee monitoring policy?

To monitor employee activity explicitly

What is the importance of specifying the scope and manner of monitoring in an employee monitoring policy?

To ensure employees know what to expect from the monitoring

What should an employee monitoring policy communicate to employees?

The rights of the company to monitor all employees

What is the importance of having a clear employee monitoring policy?

To protect the organization from being held financially responsible

Why should an employee monitoring policy describe the types of information collected?

To ensure transparency in the monitoring process

Study Notes

Information Ethics

• Information ethics is a field of applied ethics that addresses the uses and abuses of information, information technology, and information systems for personal, professional, and public decision making.
• Examples of ethical dilemmas include downloading someone else's intellectual property, removing controversial books from libraries, and posting sensitive information on the internet.

Information Has No Ethics

• Information does not care how it is used, and it will not stop itself from being misused, such as sending spam or viruses.
• Information cannot delete or preserve itself.

Why Information Ethics?

• Information ethics provides a framework for critical reflection on the creation, control, and use of information.
• It explores and evaluates the development of moral values, power structures, information myths, and ethical conflicts in the information society.

Individuals and Ethics

• Individuals form the ethical component of IT, as they are responsible for copying, using, and distributing software, and creating and spreading viruses.
• Individuals are also responsible for hacking into computer systems and stealing information.

Ethical Information Use Policy

• An ethical information use policy contains general principles to guide behavior when using information.
• The policy ensures all users are informed of the rules and consent to abide by them.

Responsible for Using Ethical Information

• The Chief Information Officer (CIO) is responsible for information access, preventing information destruction, and managing information practices and policies.
• The CIO must execute the information management policies.

Record Retention Policies

• Record retention policies include change management procedures, source code/document version control, software development life cycle standards, incident management policies, and technical support policies.

Developing Ethics Information Policies

• Ethic-policies typically include information privacy policy, acceptable use policy, email privacy policy, internet use policy, and anti-spam policy.

Information Privacy Policy

• The policy contains general principles regarding information privacy, including guidelines for adoption and implementation, notice and disclosure, choice and consent, information security, and information quality and access.

Acceptable Use Policy

• An acceptable use policy is a policy that a user must agree to follow to access a network or the internet.
• It usually contains a nonrepudiation clause, and prohibits actions such as violating laws, breaking security, posting commercial messages, and sending spam.

Email Privacy Policy

• The policy details the extent to which email messages may be read by others, and includes guidelines for legitimate email users, backup procedures, and ramifications for violations.

Internet Use Policy

• The policy contains general principles to guide the proper use of the internet, including descriptions of available services, purpose and restriction of access, and user responsibilities.

Anti-Spam Policy

• The policy states that email users will not send unsolicited emails (spam), which can cost businesses significant amounts of money.

Ethics in the Workplace

• Workplace monitoring is a concern for many employees, as organizations can be held financially responsible for their employees' actions.
• The dilemma surrounding employee monitoring is that an organization is placing itself at risk if it fails to monitor its employees, but some people feel that monitoring employees is unethical.

Monitoring Technologies

• Common monitoring technologies include key logger or key trapper software, hardware key logger, cookie, adware/spyware, and web log.

Employee Monitoring Policies

• Policies should explicitly state how, when, and where the company monitors its employees, and include guidelines for specificity, enforcement, communication, and consequences for violations.

Description

Test your understanding of information ethics, a field of applied ethics that deals with the uses and abuses of information, technology, and systems. Explore topics such as intellectual property, controversial content, and user monitoring.