Overview of Ethics: Key Concepts

Questions and Answers

Which of the following best describes the role of a Corporate Ethics Officer?

• Overseeing the supply chain sustainability efforts for cost reduction.
• Managing the financial audits of a corporation.
• Enforcing legal compliance within a corporation.
• Providing a company with vision and leadership in business conduct. (correct)

The Sarbanes-Oxley Act of 2002 was enacted primarily in response to concerns over data privacy violations in the healthcare industry.

False (B)

What is the term for the effort by an employee to draw attention to a negligent, illegal, unethical, or abusive act by a company that threatens the public interest?

Whistle blowing

A(n) __________ occurs when one party fails to meet the terms of a contract.

breach of contract

Match the following ethical issues with their descriptions:

Conflict of Interest = When an IT worker's self-interest conflicts with the interests of their client. Fraud = Obtaining goods, services, or property through deception or trickery. Misrepresentation = Misstatement or incomplete statement of a material fact. Bribery = Providing money, property, or favors to someone in business or government for an advantage.

Which of the following provides a definition of Ethics?

Set of beliefs about right and wrong behavior within a society. (C)

Integrity refers to acting in accordance with rules enforced by local institutions.

False (B)

What is the name of the syndrome where moral corruption of those in power is facilitated when people choose to ignore their leaders inappropriate behavior?

Bathsheba Syndrome

The __________ is a trade group that represents the world's largest software and hardware manufacturers.

Business Software Alliance

What does 'resume inflation' refer to in the context of professional ethics?

Exaggerating one’s qualifications. (A)

A 'body of knowledge' refers to a collection of confidential company documents that licensed professionals are obligated to protect.

False (B)

What term describes the system of rules enforced by institutions that dictate permissible and impermissible actions?

Law

The __________ makes it a crime to bribe a foreign official, a foreign political party official, or a candidate for foreign political office.

Foreign Corrupt Practices Act

Which scenario most accurately describes a 'material breach of contract'?

A party fails to perform obligations, thereby destroying the essence of the contract. (A)

The CAN-SPAM Act legalizes all forms of spam, regardless of content, as long as the sender does not disguise their identity.

False (B)

What term is used to describe individuals who hack to achieve a political or social goal.

Hacktivists

A __________ is a group of computers controlled from a remote location by hackers without the owners' knowledge.

botnet

According to the provided content, which option exemplifies industrial espionage?

Using illegal means to obtain information not available to the public. (A)

The Fourth Amendment protects companies from unreasonable searches of their digital data, regardless of whether a warrant has been issued.

False (B)

What is the purpose of the Gramm-Leach-Bliley Act (GLBA) concerning financial data?

Bank deregulation

Flashcards

Ethics

Beliefs about right and wrong behavior in society

Moral Code

Statements about how people should behave in a society.

Morality

Shared social conventions of right and wrong forming an established consensus.

Virtue

Habit of acceptable behavior.

Vice

Habit of unacceptable behavior.

Integrity

Acting in accordance with a personal code of principles.

Ethics

Standards of behavior expected by a group.

Law

A system of enforced rules defining what is permissible.

What is the BSA?

The Business Software Alliance; they represent the world's largest software and hardware manufacturers.

Whistle Blowing

Attracting attention to unethical, illegal, or abusive acts by a company.

Breach of Contract

Occurs when a party fails to meet the terms of a contract.

Bribery

Providing money, property, or favors for business advantage.

FCPA

Crime to bribe a foreign official or political party.

Résumé Inflation

Exaggerating one's qualifications.

Certification

Indicates skills, knowledge, or abilities.

Government License

Authorized engagement in an activity.

Body of Knowledge

Outlines agreed-upon skills for licensed professionals.

Negligence

Not doing what a reasonable person would do, or vice versa.

Duty of Care

Obligation to protect people against unreasonable harm.

Reasonable Professional Standard

Evaluates actions of those with particular knowledge.

Study Notes

Overview of Ethics - Lesson 1

• Ethics are beliefs about what constitutes right and wrong behaviors within a society.
• Moral codes are societal guidelines for appropriate behavior.
• Morality involves shared social conventions defining right and wrong, forming the basis for general agreement.
• Virtue is a habit of doing what is acceptable, while vice is a habit of unacceptable behavior.
• Integrity is behaving according to personal principles.

Morals vs Ethics vs Law

• Morals are personal beliefs regarding right and wrong, guiding an individual's actions.
• Ethics are standards or codes of behavior expected by a group.
• Law is a system of enforced rules dictating permissible and prohibited actions.
• Legal acts align with the law.

Other Terms

• The Bathsheba Syndrome occurs when people in power experience moral corruption when their inappropriate behavior is ignored by others.
• Supply chain sustainability involves maintaining a supply chain that meets present needs without compromising future generations.
• Corporate ethics officers offer direction and leadership in business conduct.
• The Business Software Alliance (BSA) is a trade group representing major software and hardware companies.
• Whistle blowing involves an employee's effort to expose a company's harmful actions that threaten the public interest.

Sarbanes Oxley Act of 2002

• Sarbanes-Oxley Act of 2002 was enacted due to public outrage over major accounting scandals.
• Section 404 requires CEOs and CFOs to sign annual reports, confirming the accuracy of SEC filings.
• Section 406 mandates public companies disclose their code of ethics and any waivers for certain management members.

Ethics for IT Workers and IT Users - Lesson 2

• A conflict of interest arises when an IT worker's personal interests clash with the client's interests.
• Material breach of contract occurs when a party's failure to fulfill obligations compromises the contract's core.
• Bribery involves offering money, property, or favors to gain a business advantage.
• The Foreign Corrupt Practices Act (FCPA) criminalizes bribing foreign officials or political figures.
• Resume inflation is exaggerating one's qualifications.
• An IT User is anyone who uses hardware or software.

Professional Organizations

• The Institute of Electrical and Electronics Engineers (IEEE) covers electrical, electronic, and IT fields.
• The Association for Computing Machinery (ACM) is another professional organization.
• Certification demonstrates that a professional has specific job skills and knowledge.
• A government license grants permission to operate a business.
• The body of knowledge outlines necessary skills for licensed professionals.

IT Professional Malpractice

• Negligence includes not doing something a reasonable person would do or doing something a reasonable person would not do.
• Duty of care is the obligation to protect individuals from harm.
• The reasonable person standard evaluates actions based on how a careful person would act in similar circumstances.
• The reasonable professional standard evaluates those with particular expertise.
• IT professional malpractice holds professionals liable for breaching their duty of care.

Ethical Issues for IT Users

• Software piracy is copying software from work computers for home use.
• Other issues: Inappropriate use of resources, inappropriate sharing of information.
• Compliance means adhering to established policies.
• An audit committee assists the board of directors.

Computer and Internet Crime - Lesson 3

• Cloud computing delivers software and data storage via the Internet.
• Virtualization software allows multiple virtual machines on a single computer.
• Bring Your Own Device (BYOD) policy allows the use of personal devices to access company resources.
• An exploit is an attack that takes advantage of a system vulnerability.
• A zero-day attack happens before a vulnerability is known or patched.

Types of Exploits

• A virus disguises itself and causes unexpected computer behavior.
• A worm replicates itself in a computer's active memory.
• A Trojan horse hides malicious code inside harmless programs.
• A logic bomb executes when triggered by a specific event.
• The CAN-SPAM Act allows spam as long as senders do not disguise their identity.
• A botnet is a cluster of computers controlled remotely by hackers.
• Zombies are computers taken over by hackers.

Types of Phishing

• Spear-phishing targets specific organizations with fraudulent emails.
• Smishing uses text messages to trick people into calling a number or visiting a website.
• Vishing uses voicemails to trick victims into calling a number or accessing a website.
• Hackers test system limitations out of curiosity.
• Lamers are technically inept hackers.

Insiders

• Malicious insiders include employees, consultants, or contractors who have some form of collusion.
• Collusion involves cooperation between an employee and an outsider.
• Negligent insiders cause damage accidentally due to poor training.

Types of Spies

• Industrial spies gather data.
• Competitive intelligence is legal data gathered using public sources.
• Industrial espionage uses illegal methods to get non-public data.
• Cybercriminals hack to steal data and commit fraud.
• A data breach is unauthorized access to sensitive data.
• Hacktivists hack to achieve a goal.
• Cyberterrorists use computer attacks to coerce an organization for political objectives.
• Smart cards have memory chips updated with encrypted data.
• Risk assessment identifies internal and external security threats.
• A security policy defines security requirements, controls, and sanctions.
• A virtual private network (VPN) uses the Internet for secure communication.
• An intrusion detection system (IDS) monitors system and network activity.
• Virus signature indicates the presence of a specific virus.
• The Department of Homeland Security (DHS) aims to secure critical infrastructure.
• A security audit checks that an organization's security policy is being followed.
• The US-CERT protects the nation's internet.

Privacy - Lesson 4

• The Bill of Rights protects individual privacy.
• The Fourth Amendment protects against unreasonable searches and seizures, requiring a warrant.
• The right to privacy is the right to be left alone.
• Information privacy is the privacy of communications and data.
• Communications privacy is the ability to communicate without monitoring.
• Data privacy limits access to personal data to control data use.

Financial Data Privacy

• The Fair Credit Reporting Act governs credit reporting.
• The Right to Financial Privacy Act protects financial records from federal scrutiny.
• The Gramm-Leach-Bliley Act (GLBA) is a bank deregulation law which affects what financial institutions do with your information
• The financial privacy rule includes:
  • OPT OUT: Refusal to give the institution the right to share personal data with third parties.
  • OPT IN: Give financial institutions the right to share their personal data to other financial institutions.
• The Safeguards Rule requires financial institutions to document data security.
• The Pretexting Rule addresses attempts to access personal data.
• The Fair and Accurate Credit Transactions Act allows free annual credit reports.

Other Privacy Laws by Category

• Health Information: The Health Insurance Portability and Accountability Act (HIPAA) improves health coverage. The American Recovery and Reinvestment Act contains provisions for electronic health records.
• Children's Personal Data: The Family Educational Rights and Privacy Act (FERPA) assigns rights to parents regarding their children’s educational records. The Children’s Online Privacy Protection Act (COPPA) aims to give parents control over their children's data online.
• Electronic Surveillance: The Communications Act established the Federal Communications Commission.

Surveillance and Fair Information Practices

• The Foreign Intelligence Surveillance Act (FISA) details electronic surveillance procedures.
• Title III of the Omnibus Crime Control and Safe Streets Act regulates wire and oral communications interception.
• The Electronic Communications Privacy Act (ECPA) protects communications during transfer and in storage, while the National Security Letter (NSL) compels record holders to share records with the government.

More on Surveillance

• Pen registers record outgoing dialed numbers.
• Trap and trace records the originating number of incoming calls.
• The Communications Assistance for Law Enforcement Act (CALEA) required telecom companies to permit wiretapping.
• The USA PATRIOT Act increased law enforcement's ability to search records.
• The Fair Information Practices are guidelines about the collection and use of personal data.
• The Transborder Data Flow involves data flow across national boundaries.
• The Organisation for Economic Co-operation and Development (OECD) develops multilateral policies and agreements.
• The European Union Data Protection Directive protects data transferred to non-EU countries.
• The European Data Protection Regulation enforces a single set of data protection rules across the EU.

Access to Government

• The Freedom of Information Act (FOIA) grants citizens access to government information.
• The Privacy Act sets rules for personal data systems managed by federal agencies.

Consequences of Data Breaches

• Data breaches can be caused by hackers or failure to follow security procedures.
• Electronic discovery (e-discovery) involves collection, preparation, review, and production of electronically stored information (ESI) for use in criminal and civil actions and proceedings.
• Electronically stored information (ESI) is any form of digital data on any electronic storage device.
• A vehicle event data recorder (EDR) captures vehicle and occupant data during a severe crash.

Freedom of Expression - Lesson 5

• Defamation is a false statement that harms another person; slander is oral, and libel is written.
• The Telecommunications Act aimed to increase competition among phone, cable, and TV companies.
• The Communications Decency Act (CDA) aimed to protect children from pornography.
• Section 230 of the CDA provides immunity to ISPs that publish user-generated content.
• The Child Online Protection Act (COPA) imposes penalties for exposing minors to harmful web material.
• Internet filters block access to questionable websites.
• The Children's Internet Protection Act (CIPA) requires blocking access to harmful content in federally funded schools and libraries.
• Internet censorship involves controlling online publishing or access to information.
• A strategic lawsuit against public participation (SLAPP) is used against those who oppose corporations or public officials.
• Anonymous expression is opinion that is expressed on the internet without revealing one's identity.
• Doxing examines Internet records to discover the identity of an anonymous poster
• Anonymous remailer services strip identifying information from emails.
• Hate speech is persistent harassment aimed at a specific person.
• Sexting is sending sexual messages or nude photos over cell phones.