Ethics for IT Professionals and IT Users PDF

Social and Professional Issues Module 1 Ethics for IT Professionals and IT Users Subtopic 1 IT Worker Relationships That Must Be Managed Intended Learning Outcomes –Distinguish a professional from other kinds of workers, and is an IT worker considered a professional; –Discuss why communication is important in the workplace; and –Explain codes of ethics, professional organizations, certification, and licensing affect the ethical behavior of IT professionals. IT Professionals Profession is a calling that requires: - Specialized knowledge - Long and intensive academic preparation IT Worker Professionals Mobile application developers Programmers Systems analysts Software engineers Database administrators Network administrators Are IT Workers Professionals? On a Legal perspective IT workers are not recognized as professionals because they are not licensed by the state or federal government. IT workers are not liable for malpractice because they do not meet the legal definition of a professional. Professional Relationships That Must Be Managed - IT professionals have many different relationships with: Credit: Course Technology/Cengage Learning. Relationships Between IT Professionals and Employers -An IT worker and an employer typically agree on fundamental aspects of this relationship before the worker accepts an employment offer. - IT workers must set an example and enforce policies regarding the ethical use of IT. - Software piracy is an area in which IT workers may be tempted to violate laws and policies. - The Business Software Alliance (BSA) is a trade group that represents the world’s largest software and hardware manufacturers. -> Its mission is to stop the unauthorized copying of software produced by its members. Relationships Between IT Professionals and Employers Trade secret - Information used in business - Generally unknown to the public - Company has taken strong measures to keep confidential Whistle-blowing - Attracts attention to a negligent, illegal, unethical, abusive, or dangerous act that threatens the public interest. Relationships Between IT Professionals and Clients - In relationships between IT workers and clients, each party agrees to provide something of value to the other. - This relationship is usually documented in contractual terms. - The client makes decisions about a project on the basis of information, alternatives, and recommendations provided by the IT worker. - Problems can also arise during a project if IT workers find themselves unable to provide full and accurate reporting of the project’s status. - Such a situation has the potential to undermine the objectivity of an IT worker due to a conflict of interest—a conflict between the IT worker’s (or the IT firm’s) self- interest and the client’s interests. Relationships Between IT Professionals and Clients Fraud -Crime of obtaining goods, services, or property through deception or trickery. Misrepresentation -is the misstatement or incomplete statement of a material fact. -the other party to enter into a contract, that party may have the legal right to cancel the contract or seek reimbursement for damages. Breach of contract -one party fails to meet the terms of a contract. Relationships Between IT Professionals and Suppliers Develop good relationships with suppliers - Deal fairly with them - Do not make unreasonable demands Bribery - Providing money, property, or favors to someone in business or government to obtain a business advantage. Relationships Between IT Professionals and Suppliers Distinguishing the Difference Between Bribes and Gifts Source Line: Course Technology/Cengage Learning. Relationships Between IT Professionals and Other Professionals Professionals owe each other adherence to profession’s code of conduct. Ethical problems between members of the IT profession: - résumé inflation - Inappropriate sharing of corporate information Relationships Between IT Professionals and IT Users -IT user refers to a person who uses a hardware or software product; the IT workers who develop, install, service, and support the product. IT professionals’ duty - Understand users’ needs and capabilities - Deliver products and services that best meet those needs - Establish an environment that supports ethical behavior by users Relationships Between IT Professionals and Society -Society expects members of a profession to provide significant benefits and to not cause harm through their actions. -The actions of an IT worker can affect society. Effective Professional Communication - Communication is one of the major concerns in the workplace. - According to the statistics,57 % of employees report not being given clear directions and 69% of managers are not comfortable communicating with the employees in general. - From the statistics, it is clear that there is a need to improve communication in the workplace. - Communication in the workplace is one of the signs of a high-performance culture. - Exchanging information and ideas within an organization is called workplace communication. - However, effective communication occurs when a message is sent and received accurately. Effective Professional Communication Why is communication important in the workplace? - It avoids confusion - It provides purpose - It builds a positive company culture - It creates accountability Effective Professional Communication Here are the skills that employers mostly seek in new hires, ranked in terms of priority. 1. Oral communication 2. Listening 3. Written communication 4. Public speaking 5. Adaptability Effective Professional Communication How do you improve communication? Start using the right tools for your business Encourage two-way communication Tell people what they are doing right Specific and descriptive feedback Schedule a compulsory check-in Effective Professional Communication Communication can be formal, informal, internal or external. And within an organization, it is important to develop a healthy and beneficial communication process. Effective Communication is the key to achieving long-term success, so make sureyou follow the above outline strategies. Effective Professional Communication How to develop your Professional Communication skills? Ask for feedback : If you carry out a presentation, ask yourself how you think you could improve next time. Learn from others : If you look up to someone who has good communication skills, watch what they do and learn from them. Try active listening : A good communicator listens. Enroll in a course : To really become a better communicator, you should consider enrolling in a course that can refresh your skills and develop new ones. Encouraging the Professionalism of IT Workers IT workers of all types can improve their profession’s reputation for professionalism by: - Subscribing to a professional code of ethics - Joining and participating in professional organizations - Obtaining appropriate certifications - Supporting government licensing where available Professional Code of Ethics -A professional code of ethics states the principles and core values that are essential to the work of a particular occupational group. -Codes of ethics created by professional organizations have two main parts: The first outlines what the organization aspires to become. lists rules and principles by which members of the organization are expected to abide. Professional Code of Ethics Benefits for individual, profession, and society – Improves ethical decision making – Promotes high standards of practice and ethical Behavior – Enhances trust and respect from the general public – Provides an evaluation benchmark Professional Organizations - No universal code of ethics for IT professionals. - No single, formal organization of IT professionals has emerged as preeminent. Source Line: Course Technology/Cengage Learning. Certification -Indicates a professional possesses a particular set of skills, knowledge, or abilities in the opinion of a certifying organization. -Can also apply to products. -On the other hand, because certification is no substitute for experience and doesn’t guarantee that a person will perform well on the job. -IT employees are motivated to learn new skills, and certification provides a structured way of doing so. Certification -Vendor Certifications Some certifications substantially improve IT workers’ salaries and career prospects. Require passing a written exam Workers are commonly recertified as newer technologies become available. Certification -Industry Association Certifications Require a certain level of experience and a broader perspective than vendor certifications. Certifications in high demand Source Line: Course Technology/Cengage Learning. Certification Common IT industry certifications Source Line: Course Technology/Cengage Learning. Government Licensing -In the United States, a government license is government-issued permission to engage in an activity or to operate a business. Case for licensing IT professionals Encourage IT professionals to follow the highest standards of the profession Practice a code of ethics Violators would be punished Government Licensing -Meanwhile, in the Philippines, IT professionals do not need such government license. Instead, they need to pursue certifications like those from Microsoft, Cisco, or CompTIA to validate their expertise. Case for licensing IT professionals Certifications Memberships in Professional Organizaztions Subtopic 2 IT Professional Malpractice Intended Learning Outcomes –Explain the common ethical issues of the IT users; and –Understand the ethical practices of the users. IT Professional Malpractice For most IT workers, becoming licensed as a software engineer is optional because they practice under the “industrial exemption” clause of their state’s licensing laws that permits them to work internally for an organization without licensure so long as they are not making final decisions to release product to the public or offering engineering services directly to the public (for example, software engineering consultant). In the Philippines, IT professionals obtaining formal certification or licensure as a software engineer is generally optional. Instead, they often focus on gaining experience, acquiring relevant skills, and obtaining certifications from recognized institutions or global certifying bodies to enhance credibility and career prospects. IT Professional Malpractice Negligence - has been defined as not doing something that a reasonable man would do, or doing something that a reasonable man would not do. Duty of care - refers to the obligation to protect people against any unreasonable harm or risk. - Courts consistently reject attempts to sue individual parties for computer-related malpractice. - The courts decide whether parties owe a duty of care by applying a reasonable person standard to evaluate how an objective, careful, and conscientious person would have acted in the same circumstances. IT Professional Malpractice A breach of the duty of care is the failure to act as a reasonable person would act. Professionals who breach the duty of care are liable for injuries that their negligence causes. This liability is commonly referred to as professional malpractice. For example, a CPA who fails to use reasonable care, knowledge, skill, and judgment when auditing a client’s books is liable for accounting malpractice Common Ethical Issues for IT Users Software piracy Sometimes IT users are the ones who commit software piracy. A common violation occurs when employees copy software from their work computers for use at home. The increasing popularity of the Android smartphone operating system has created a serious software piracy problem. Some IT end users have figured out how to download. Applications from the Google Play store without paying for them, and then use the software or sell it to others. Common Ethical Issues for IT Users Software piracy Software piracy can have a negative impact on future software development if professional developers become discouraged watching revenue from legitimate sales sink while the sales of pirated software and games skyrocket The software piracy rate for that same game from Apple’s App store is closer to 60 percent. Common Ethical Issues for IT Users Inappropriate Use of Computing Resources Some employees use their computers to surf popular websites that have nothing to do with their jobs, participate in chat rooms, view pornographic sites, and play computer games. These activities eat away at a worker’s productivity and waste time. A survey by the Fawcett Society found that one in five men admit to viewing porn at work, while a separate study found that 30 percent of mobile workers are viewing porn on their web-enabled phones. Organizations typically fire frequent pornography offenders and take disciplinary action against less egregious offenders. Common Ethical Issues for IT Users Inappropriate Sharing of Information Every organization stores vast amounts of information that can be classified as either private or confidential. Private data describe individual employees—for example, their salary information, attendance data, health records, and performance ratings. An IT user who shares this information with an unauthorized party, even inadvertently, has violated someone’s privacy or created the potential that company information could fall into the hands of competitors. Ethical Practices of IT Users The growing use of IT has increased the potential for new ethical issues and problems; thus, many organizations have recognized the need to develop policies that protect against abuses. Adherence to a policy can improve services to users, increase productivity, and reduce costs. Ethical Practices of IT Users Establishing Guidelines for Use of Company Software Defining an Acceptable Use Policy Structuring Information Systems to Protect Data and Information Installing and Maintaining a Corporate Firewall Ethical Practices of IT Users Establishing Guidelines for Use of Company Hardware and Software Company IT managers must provide clear rules that govern the use of home computers and associated software. Some companies negotiate contracts with software manufacturers and provide PCs and software so that IT users can work at home. The goal should be to ensure that employees have legal copies of all the software they need to be effective, regardless of whether they work in an office, on the road, or at home. Ethical Practices of IT Users Defining an Acceptable Use Policy An Acceptable Use Policy (AUP) is a document that stipulates restrictions and practices that a user must agree to in order to use organizational computing and network resources. It is an essential information security policy—so important that most organizations require that employees sign an acceptable use policy before being granted a user or network ID. Ethical Practices of IT Users An effective acceptable use policy is clear and concise and contains the following five key elements: 1. Purpose of the AUP — Why is the policy needed and what are its goals? 2. Scope — Who and what is covered under the AUP? 3. Policy — How are both acceptable use and unacceptable use defined; what are some examples of each? 4. Compliance — Who is responsible for monitoring compliance and how will compliance will be measured? 5. Sanctions — What actions will be taken against an individual who violates the policy? Ethical Practices of IT Users Members of the legal, human resources, and information security groups are involved in creating the AUP. It is the organization’s information security group that is responsible for monitoring compliance to the AUP. Information security (infosec) group’s responsibilities include managing the processes, tools, and policies necessary to prevent, detect, document, and counter threats to digital and nondigital information, whether it is in transit, being processed, or at rest in storage. Ethical Practices of IT Users Structuring Information Systems to Protect Data and Information Organizations must implement systems and procedures that limit data access to just those employees who need it. For example, sales managers may have total access to sales and promotion databases through a company network, but their access should be limited to products for which they are responsible. Ethical Practices of IT Users Installing and Maintaining a Corporate Firewall A firewall is hardware or software (or a combination of both) that serves as the first line of defense between an organization’s network and the Internet; a firewall also limits access to the company’s network based on the organization’s Internet- usage policy. A firewall can be configured to serve as an effective deterrent to unauthorized web surfing by blocking access to specific objectionable websites. Ethical Practices of IT Users Compliance Compliance means to be in accordance with established policies, guidelines, specifications, or legislation. Records management software, may be developed in compliance with local standards and regulations, such as those set by the National Archives of the Philippines (NAP). The NAP provides guidelines and criteria for electronic records management systems (ERMS) that define mandatory functional requirements for managing government records. These standards ensure that records management software used within government agencies complies with Philippine laws on records retention, archiving, and data security. Commercial software used within an organization should be distributed in compliance with the vendor’s licensing agreement. References Blundell, B. (2020). Ethics in Computing, Science, and Engineering: A Student’s Guide to Doing Things Right 1st ed. 2020 Edition: Springer. Hauptman, R. (2019). The Scope of Information Ethics: Challenges in Education,Technology, Communications, Medicine and Other Domains: McFarland. Kizza, J.M. (2019). Ethical and Secure Computing: A Concise Module (Undergraduate Topics in Computer Science) 2nd ed.:Springer. Reynolds, G. (2018). Ethics in Information Technology: Cengage Learning. Kizza, J.M (2017).Ethical and Social Issues in the Information Age 6th ed: Springer. References Whitmant, M. Mattord, H. (2017). Principles of Information Security 6th Edition: Cengage Learning. Social impact.(2020) Retrieved from https://www.encyclopedia.com/computing/news-wires-white-papers-and- books/social-impact Effective Communication.(2020) Retrieved from https://www.hrtechnologist.com/articles/employee- engagement/effective-communication-in-the-workplace-how-and-why/ Why is professional communication important in the workplace?.(2020).(2020) Retrieved from https://www.hrtechnologist.com/articles/employee-engagement/effective-communication-in-the- workplace-how-and-why/ Laviña, C. (2023). Social, Ethical, Legal and Professional Issues in Computing: with complete explanation of the PHILIPPINE CYBERCRIME LAWS Social and Professional Issues Module 2 Freedom of Expression Module 2 Freedom of Expression Intended Learning Outcomes - Know the legal basis for the protection of freedom of speech; - Discuss some key federal laws that affect online freedom of expression, and how do they impact organizations; - Know how the Internet present new challenges in the area of freedom of expression; and - Understand the issues related to the use of information technology. First Amendments Rights - The Internet enables a worldwide exchange of news, ideas, opinions, rumors, and information. - Its broad accessibility, open discussions, and anonymity make the Internet a remarkable communications medium. - People must often make ethical decisions about how to use such remarkable freedom and power. - The right to freedom of expression is one of the most important rights for free people everywhere. - In other words, the First Amendment protects Americans’ rights to freedom of religion, freedom of expression, and freedom to assemble peaceably. First Amendments Rights - The Supreme Court has held that the following types of speech are not protected by the First Amendment and may be forbidden by the government. Obscene Speech - An obscenity is any statement or act which strongly offends the prevalent morality of the time, is a profanity, or is otherwise taboo, indecent, abhorrent, or disgusting, or is especially inauspicious. First Amendments Rights Defamation - also called calumny, vilification, traducement, slander (for transitory statements), and libel (for written, broadcast, or otherwise published words). - The two different types of defamation are: Slander and Libel. - Although people have the right to express opinions, they must exercise care in their Internet communications to avoid possible charges of defamation. Freedom of Expression: Key Issues - Information technology has provided amazing new ways to communicate with people around the world. - Some of the key issues are: controlling access to information on the Internet, Internet censorship, strategic lawsuits against public participation, anonymity in the internet, john doe lawsuits, hate speech, pornography and fake news. Controlling Access to Information on the Internet -One of the main reasons to support control of access to information in the internet is the children’s capability of accessing the Internet. The Communications Decency Act (CDA): -This act aimed at protecting children from online pornography. The CDA imposed $250,000 fines and prison terms of up to two years for the transmission of “indecent” material over the Internet. -An Internet filter is software that can be used to block access to certain websites that contain material deemed inappropriate or offensive. Internet Censorship - Is the control or suppression of the publishing or accessing of information on the Internet. - Government entities may pressure ―upstream‖ Internet service providers Limit access to certain websites Allow access to only some content or modified content at certain websites Reject the use of certain keywords in search engines Track and monitor the Internet activities of individuals Strategic Lawsuit Against Public Participation - A strategic lawsuit against public participation (SLAPP) is employed by corporations, government officials, and others against citizens and community groups who oppose them on matters of public interest. Anonymity on the Internet - Anonymous expression is the expression of opinions by people who do not reveal their identity. - Anonymity is even more important in countries that don’t allow free speech. - Doxing involves doing research on the Internet to obtain someone’s private personal. John Doe Lawsuits -Businesses must monitor and respond to both the public expression of opinions that might hurt their reputations and the public sharing of confidential company information. -When anonymous employees reveal harmful information online, the potential for broad dissemination is enormous. -An aggrieved party can file a John Doe lawsuit against a defendant whose identity is temporarily unknown because he or she is communicating anonymously or using a pseudonym. Hate Speech - Persistent or malicious harassment aimed at a specific person is hate speech, which can be prosecuted under the law. A threatening private message sent over the Internet to a person A public message displayed on a website describing intent to commit acts of hate-motivated violence against specific individuals Libel directed at a particular person are all actions that can be prosecuted Pornography on the Internet - Many people, including some free-speech advocates, believe that there is nothing illegal or wrong about purchasing adult pornographic material made by and for consenting adults. - On the other hand, most parents, educators, and other child advocates are concerned that children might be exposed to online pornography. Sexting — sending sexual messages, nude or seminude photos, or sexually explicit videos over a cell phone—is a fast-growing trend among teens and young adults. Fake News - Blogs - Fake news sites - Social media sites References Blundell, B. (2020). Ethics in Computing, Science, and Engineering: A Student’s Guide to Doing Things Right 1st ed. 2020 Edition: Springer. Hauptman, R. (2019). The Scope of Information Ethics: Challenges in Education, Technology, Communications, Medicine and Other Domains: McFarland. Kizza, J.M. (2019). Ethical and Secure Computing: A Concise Module (Undergraduate Topics in Computer Science) 2nd ed.:Springer. Reynolds, G. (2018). Ethics in Information Technology: Cengage Learning. Kizza, J.M (2017).Ethical and Social Issues in the Information Age 6th ed: Springer. Whitmant, M. Mattord, H. (2017). Principles of Information Security 6th Edition: Cengage Learning. Laviña, C. (2023). Social, Ethical, Legal and Professional Issues in Computing: with complete explanation of the PHILIPPINE CYBERCRIME LAWS Social and Professional Issues Module 3 Intellectual Property Subtopic 1 Intellectual Property Intended Learning Outcomes -Understand how to protect Intellectual Property; -Explain the factors that can be used in deciding whether a use of copyrighted material is fair; and -Understand the strength and limitations of using copyright, patent, trade secret laws to protect intellectual property. Intellectual Property -Intellectual property is a term used to describe works of the mind—such as art, books, films, formulas, inventions, music, and processes—that are distinct and owned or created by a single person or group. - Copyright law protects authored works, such as art, books, film, and music; patent law protects inventions; and trade secret law helps safeguard information that is critical to an organization’s success. Copyrights - A copyright is the exclusive right to distribute, display, perform, or reproduce an original work in copies or to prepare derivative works based on the work. - Protection is granted to the creators of original works of authorship in any tangible medium of expression. - Copyright infringement is a violation of the rights secured by the owner of a copyright. - Infringement occurs when someone copies a substantial and material part of another’s copyrighted work without permission. Copyrights Copyright Term - Copyright law guarantees developers the rights to their works for a certain amount of time. Since 1960, the term of copyright has been extended 11 times from its original limit of 28 years. Eligible Works - The types of work that can be copyrighted include architecture, art, audiovisual works, choreography, drama, graphics, literature, motion pictures, music, pantomimes, pictures, of copyright, fair contracts, and free speech. Software Copyright Protection - The use of copyrights to protect computer software raises many complicated issues of interpretation. Registering a copyright for a software program is a simple process. The Prioritizing Resources and Organization for Intellectual Property Act of 2008 - The Prioritizing Resources and Organization for Intellectual Property (PRO-IP) Act of 2008 (Public Law 110-403) created the position of Intellectual Property Enforcement Coordinator within the Executive Office of the President. - One of its programs, called Computer Hacking and Intellectual Property (CHIP), is a network of over 150 experienced and specially trained federal prosecutors who focus on computer and intellectual property crimes. Intellectual Property Code of the Philippines (Republic Act No. 8293) - The Prioritizing Resources and Organization for Intellectual Property (PRO-IP) Act of 2008 (Public Law 110-403) does not directly apply to the Philippines. The Philippines has it’s own similar law which is called Intellectual Property Code of the Philippines (Republic Act No. 8293). This law outlines the protection of IP rights in the country, including patents, trademarks, copyrights, and trade secrets. It also establishes the Intellectual Property Office of the Philippines (IPOPHL) as the primary agency responsible for the administration and enforcement of IP laws. Intellectual Property Code of the Philippines (Republic Act No. 8293) - The Prioritizing Resources and Organization for Intellectual Property (PRO-IP) Act of 2008 (Public Law 110-403) does not directly apply to the Philippines. The Philippines has it’s own similar law which is called Intellectual Property Code of the Philippines (Republic Act No. 8293). This law outlines the protection of IP rights in the country, including patents, trademarks, copyrights, and trade secrets. It also establishes the Intellectual Property Office of the Philippines (IPOPHL) as the primary agency responsible for the administration and enforcement of IP laws. General Agreement on Tariffs and Trade -The General Agreement on Tariffs and Trade (GATT) was a multilateral agreement governing international trade. - GATT however, copyright protection varies greatly from country to country, and an expert should be consulted when considering international usage of any intellectual property. General Agreement on Tariffs and Trade - The Philippines became a member of GATT on December 27, 1979. GATT was a multilateral agreement regulating international trade, aiming to reduce tariffs and other trade barriers. - In 1995, GATT was replaced by the World Trade Organization (WTO), and the Philippines became a founding member of the WTO. The WTO now oversees the implementation of the agreements originally covered under GATT, along with other trade-related agreements. So, while GATT itself is no longer active, its principles continue to apply through the WTO agreements, which the Philippines is a party to. The WTO and the WTO TRIPS Agreement (1994) - The WTO is a global organization that deals with the rules of international trade based on WTO agreements that are negotiated and signed by representatives of the world’s trading nations. - The goal of the WTO is to help producers of goods and services, exporters, and importers conduct their business globally. The World Intellectual Property Organization Copyright Treaty (1996) - The World Intellectual Property Organization (WIPO), headquartered in Geneva, Switzerland, is an agency of the United Nations established in 1967. - WIPO is dedicated to “the use of intellectual property as a means to stimulate innovation and creativity. - WIPO has strongly advocated for the interests of intellectual property owners. Its goal is to ensure that intellectual property laws are uniformly administered. The Digital Millennium Copyright Act (1998) -The DMCA (Public Law 105-304) was signed into law in 1998 and implements two 1996 WIPO treaties: the WIPO Copyright Treaty and the WIPO Performances and Phonograms Treaty. - The act is divided into the following five sections: 1. Title I (WIPO Copyright and Performances and Phonograms Treaties Implementation Act of 1998) - This section implements the WIPO treaties by making certain technical amendments to the U.S. law in order to provide appropriate references and links to the treaties. The Digital Millennium Copyright Act (1998) 2. Title II (Online Copyright Infringement Liability Limitation Act) - This section enables website operators that allow users to post content on their website (e.g., music, video, and pictures) to avoid copyright infringement liability if certain “safe harbor” provisions are followed. 3. Title III (Computer Maintenance Competition Assurance Act) - This section permits the owner or lessee of a computer to make or authorize the making of a copy of a computer program in the course of maintaining or repairing that computer. The Digital Millennium Copyright Act (1998) 4. Title IV (Miscellaneous provisions) -This section adds language to the Copyright Act confirming the Copyright Office’s authority to continue to perform the policy and international functions that it has carried out for decades under its existing general authority. 5. Title V (Vessel Hull Design Protection Act) - This section creates a new form of protection for the original design of vessel hulls. Patents - A patent permits its owner to exclude the public from making, using, or selling a protected invention, and it allows for legal action against violators. - A utility patent is “issued for the invention of a new and useful process, machine, manufacturer, or composition of matter, or a new and useful improvement. - It generally permits its owner to exclude others from making, using, or selling the invention for a period of up to twenty years from the date of patent application filing, subject to the payment of maintenance fees.” Patents - A design patent, which is “issued for a new, original, and ornamental design embodied in or applied to an article of manufacture,” permits its owner to exclude others from making, using, or selling the design in question. - Patent infringement, or the violation of the rights secured by the owner of a patent, occurs when someone makes unauthorized use of another’s patent Patents Trade secret - Business Information - Has required effort or cost to develop, - Has some degree of uniqueness or novelty, is generally unknown to the public, and is kept confidential. Trade Secret Laws - Protection laws vary greatly from country to country. Uniform Trade Secrets Act - Was drafted in the 1970s to bring uniformity to all the United States in the area of trade secret law. Subtopic 2 Current Intellectual Property Issues Intended Learning Outcomes - Understand some of the current issues associated with the protection of intellectual property. Current Intellectual Property Issues - Plagiarism is the act of stealing someone’s ideas or words and passing them off as one’s own. - The explosion of electronic content and the growth of the web have made it easy to cut and paste paragraphs into term papers and other documents without proper citation or quotation marks. Partial list of plagiarism detection services and software Current Intellectual Property Issues - The following list shows some of the actions that schools can take to combat student plagiarism: Help students understand what constitutes plagiarism and why they need to cite sources properly. Show students how to document web pages and materials from online databases. Schedule major writing assignments so that portions are due over the course of the term, thus reducing the likelihood that students will get into a time crunch and be tempted to plagiarize to meet the deadline. Current Intellectual Property Issues Make clear to students that instructors are aware of Internet paper mills. Ensure that instructors both educate students about plagiarism detection services and make them aware that they know how to use these services. Incorporate detection software and services into a comprehensive antiplagiarism program. Current Intellectual Property Issues Reverse Engineering - The process of taking something apart in order to understand it, build a copy of it, or improve it. - It was originally applied to computer hardware but is now commonly applied to software as well. - One frequent use of reverse engineering for software is to modify an application that ran on one vendor’s database so that it can run on another’s (e.g., from Access to Oracle). Database management systems use their own programming language for application development. - As a result, organizations that want to change database vendors are faced with rewriting existing applications using the new vendor’s database programming language. Current Intellectual Property Issues - Using reverse engineering, a developer can use the code of the current database programming language to recover the design of the information system application. - Next, code-generation tools can be used to take the design and produce code (forward engineer) in the new database programming language. This reverse-engineering and code generating process greatly reduces the time and cost needed to migrate the organization’s applications to the new database management system. Current Intellectual Property Issues Open Source Code - Program whose source code is made available for use or modification, as users or other developers see fit. - A considerable amount of open source code is available, and an increasing number of organizations use open source code. - For example, much of the Internet runs on open source code; when you access a web page, send a text, or post a status update, you are likely using an open source program such as Linux, Apache HTTP, PHP, Perl, Python, or Ruby. Current Intellectual Property Issues - A common use of open source software is to move data from one application to another and to extract, transform, and load business data into large databases. - Two frequently cited reasons for using open source software are that it provides a better solution to a specific business problem and that it costs less. - Open source software is used in applications developed for Apple’s iPhone, Android smartphones, and other mobile devices. Commonly used open source software Current Intellectual Property Issues - Reasons that firms or individual developers create open source code, even though they do not receive money for it, include the following: Some people share code to earn respect for solving a common problem in an elegant way. Some people have used open source code that was developed by others and feel the need to pay back by helping other developers. A firm may be required to develop software as part of an agreement to address a client’s problem. Current Intellectual Property Issues If the firm is paid for the employees’ time spent to develop the software rather than for the software itself. A firm may develop open source code in the hope of earning software maintenance fees if the end user’s needs change in the future. A firm may develop useful code but may be reluctant to license and market it, and so might donate the code to the general public. Current Intellectual Property Issues Competitive Intelligence - Legally obtained information that is gathered to help a company gain an advantage over its rivals. - Competitive intelligence is not the same as industrial espionage, which is the use of illegal means to obtain business information not available to the general public. Current Intellectual Property Issues A wide array of software applications, databases, and social media tools are available for companies—and individuals—looking for competitive intelligence data, including the following: Rapportive is software that can be added to your email application or web browser to provide you with rich contact profiles that show you what people look like, where they are based, and what they do. Crunchbase is a free database of technology of over 110,000 companies, people, and investors. Current Intellectual Property Issues CORI (http://cori.missouri.edu/pages/ksearch.htm) is an online database of more than 690,000 contract documents. ThomasNet.com is an excellent source for identifying suppliers and sources for products. WhoGotFunded.com is a comprehensive website of data about what organizations have received funding and for what purposes. Current Intellectual Property Issues Trademark Infringement - A logo, package design, phrase, sound, or word that enables a consumer to differentiate one company’s products from another’s. Cybersquatting - Registered domain names for famous trademarks or company names to which they had no connection, with the hope that the trademark’s owner would eventually buy the domain name for a large sum of money. References Blundell, B. (2020). Ethics in Computing, Science, and Engineering: A Student’s Guide to Doing Things Right 1st ed. 2020 Edition: Springer. Hauptman, R. (2019). The Scope of Information Ethics: Challenges in Education, Technology, Communications, Medicine and Other Domains: McFarland. Kizza, J.M. (2019). Ethical and Secure Computing: A Concise Module (Undergraduate Topics in Computer Science) 2nd ed.:Springer. Reynolds, G. (2018). Ethics in Information Technology: Cengage Learning. Kizza, J.M (2017).Ethical and Social Issues in the Information Age 6th ed: Springer. Whitmant, M. Mattord, H. (2017). Principles of Information Security 6th Edition: Cengage Learning. Laviña, C. (2023). Social, Ethical, Legal and Professional Issues in Computing: with complete explanation of the PHILIPPINE CYBERCRIME LAWS Social and Professional Issues Module 4 Privacy Subtopic 1 Privacy Protection and the Law Intended Learning Outcomes - Understand the right of privacy, and basis for protecting personal privacy under the law; - Discuss some of the laws that provide protection for the privacy of personal data; and - Understand how employers are increasingly using workplace monitoring. What is Privacy - Privacy is sometimes related to anonymity, the wish to remain unnoticed or unidentified in the public - The ability of an individual or group to secluded themselves or information about themselves and thereby reveal it selectively. - A personal, subjective condition. One person cannot decide for another what his or her sense of privacy should be. Example of Privacy Violation of Privacy Computer Monitoring Computer Matching Unauthorized Personal Files How our Personal Information Gets Revealed Ways to Protect Privacy Technology - Spam filter Law - The CAN-SPAM Act - Illegal to send commercial email with false header - You can unsubscribe from the sender Markets - You choose an email provider that does a good job of reducing spam Your choices - As an individual you decide not to open email with the unpleasant header. Types of Privacy Harm Privacy Protection and the Law - The use of information technology in both government and business requires balancing the needs of those who use the information that is collected against the rights and desires of the people whose information is being used. Organizations gather a variety of data about people in order to make better decisions Privacy Protection and the Law The Fourth Amendment reads as follows: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. Privacy Protection and the Law - Systems that gather data about individuals Privacy Protection and the Law - Systems that gather data about individuals Privacy Protection and the Law - Information Privacy A broad definition of the right of privacy is “the right to be left alone—the most comprehensive of rights, and the right most valued by a free people.” - Is the combination of communications privacy and data privacy. Privacy Protection and the Law (US) Privacy Laws, Applications, and Court Rulings in the U.S. -This section outlines a number of legislative acts that affect a person’s privacy. 1. Financial Data personal financial (including credit cards, checking and savings accounts, loans, payroll direct deposit, and brokerage accounts). Fair Credit Reporting Act (1970) The Fair Credit Reporting Act (15 U.S.C. § 1681) regulates the operations of credit reporting bureaus, including how they collect, store, and use credit information. Privacy Protection and the Law (US) -The Right to Financial Privacy Act (12 U.S.C. § 3401) protects the records of financial institution customers from unauthorized scrutiny by the federal government. -Under this act, a customer must receive written notice that a federal agency intends to obtain his or her financial records, along with an explanation of the purpose for which the records are sought. In addition, to gain access to a customer’s financial records, the government must obtain one of the following: an authorization signed by the customer that identifies the records, the reasons the records are requested, and the customer’s rights under the act; Privacy Protection and the Law (US) an appropriate administrative or judicial subpoena or summons; a qualified search warrant or a formal written request by a government agency. - The financial institution cannot release a customer’s financial records until the government authority seeking the records certifies in writing that it has complied with the applicable provision of the act. - The Right to Financial Privacy Act (12 U.S.C. § 3401) protects the records of financial institution customers from unauthorized scrutiny by the federal government. Privacy Protection and the Law (US) - The Gramm-Leach-Bliley Act (GLBA) (Public Law 106-102), also known as the Financial Services Modernization Act of 1999, was a bank deregulation law that repealed a Depression-era law known as Glass-Steagall. Glass-Steagall prohibited any one institution from offering investment, commercial banking, and insurance services; individual companies were only allowed to offer one of those types of financial service products. Privacy Protection and the Law (US) GLBA also included three key rules that affect personal privacy: Financial Privacy Rule—This rule established mandatory guidelines for the collection and disclosure of personal financial information by financial organizations. Safeguards Rule—This rule requires each financial institution to document a data security plan describing its preparation and plans for the ongoing protection of clients’ personal data. Pretexting Rule—This rule addresses attempts by people to access personal information without proper authority by means such as impersonating an account holder or phishing. Privacy Protection and the Law (US) - The Fair and Accurate Credit Transactions Act (Public Law 108-159) was passed in 2003 as an amendment to the Fair Credit Reporting Act, and it allows consumers to request and obtain a free credit report once each year. 2. Health Information The use of electronic medical records and the subsequent interlinking and transferring of this electronic information among different organizations has become widespread. The Health Insurance Portability and Accountability Act (HIPAA) (Public Law 104- 191) was designed to improve the portability and continuity of health insurance coverage; to reduce fraud, waste, and abuse in health insurance and healthcare delivery; and to simplify the administration of health insurance Privacy Protection and the Law (US) The American Recovery and Reinvestment Act (Public Law 111-5) is a wide- ranging act passed in 2009 that authorized $787 billion in spending and tax cuts over a 10- year period. 3. Children’s Personal Data A recent survey revealed that teens spend more than nine hours per day on average watching television, playing video games, social networking, browsing websites, or doing other things on a computer, smartphone, or tablet. -Tweens (children aged 8 to 12) spend about six hours on average consuming media. The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g) is a federal law that assigns certain rights to parents regarding their children’s educational records. Privacy Protection and the Law (US) - Under FERPA, the presumption is that a student’s records are private and not available to the public without the consent of the student. According to the Children’s Online Privacy Protection Act (COPPA) (15 U.S.C. §§ 6501–6506), any website that caters to children must offer comprehensive privacy policies, notify parents or guardians about its data collection practices, and receive parental consent before collecting any personal information from children under 13 years of age. COPPA - Was implemented in 1998; - To give parents control over the collection, use, and disclosure of their children’s personal information; - It does not cover the dissemination of information to children. Privacy Protection and the Law (US) 4. Electronic Surveillance - This section discusses government surveillance, including various forms of electronic surveillance, as well as some of the laws governing those activities. Title III of the Omnibus Crime Control and Safe Streets Act (Public Law 90- 351), also known as the Wiretap Act, regulates the interception of wire (telephone) and oral communications. - It allows state and federal law enforcement officials to use wiretapping and electronic eavesdropping, but only under strict limitations. The Foreign Intelligence Surveillance Act (FISA) (50 U.S.C.) describes procedures for the electronic surveillance and collection of foreign intelligence information in communications. Privacy Protection and the Law (US) Foreign intelligence is information relating to the capabilities, intentions, or activities of foreign governments or agents of foreign governments or foreign organizations. FISA also created the FISA Court, which meets in secret to hear applications for orders approving electronic surveillance anywhere within the United States. Privacy Protection and the Law (US) The Electronic Communications Privacy Act (ECPA) (18 U.S.C. § 2510-22) deals with three main issues: the protection of communications while in transfer from sender to receiver; the protection of communications held in electronic storage; and The prohibition of devices from recording dialing, routing, addressing, and signaling information without a search warrant. Privacy Protection and the Law (US) The Communications Assistance for Law Enforcement Act (CALEA) requires the telecommunications industry to build tools into its products that federal investigators can use—after gaining a court order—to eavesdrop on conversations and intercept electronic communications. The USA PATRIOT Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism) (Public Law 107- 56) was passed just five weeks after the terrorist attacks of September 11, 2001. In 2004, Congress amended the FISA to authorize intelligence gathering on individuals not affiliated with any known terrorist organization. Privacy Protection and the Law (US) A few months after the September 11, 2001, terrorist attacks, President George W. Bush signed an executive order that secretly authorized the NSA to monitor the international calls and emails of people inside the United States without court- approved warrants. The New York Times revealed the warrantless eavesdropping program in late 2005 after an investigation that lasted over a year. Due to the controversial nature of the program, it was suspended temporarily in January 2007. The Bush administration and other advocates of the program say this action was necessary to disrupt terrorist plots and prevent further attacks within the United States. Privacy Protection and the Law (US) Foreign Intelligence Surveillance Act of 1978 Amendments Act of 2008, granting NSA expanded authority to collect, without court approved warrants, international communicationsas they flow through U.S. telecommunications network equipment and facilities. The USA Freedom Act terminated the bulk collection of telephone metadata by the NSA in 2015. The PATRIOT Sunsets Extension Act of 2011 (Public Law 112-14) granted a four-year extension of two key provisions in the USA PATRIOT Act that allowed roving wiretaps and searches of business records. Privacy Protection and the Law (US) 5. Fair Information Practices Fair information practices is a term for a set of guidelines that govern the collection and use of personal data. The overall goal is to stop the unlawful storage of personal data, eliminate the storage of inaccurate personal data, and prevent the abuse or unauthorized disclosure of such data. The Organization for Economic Co-operation and Development (OECD) is an international organization currently consisting of 35 member countries, including Australia, Canada, France, Germany, Italy, Japan, Mexico, New Zealand, Turkey, the United Kingdom, and the United States. Privacy Protection and the Law (US) Its goals are to set policy and to come to agreement on topics for which multilateral consensus is necessary in order for individual countries to make progress in a global economy. The General Data Protection Regulation (GDPR; officially known as Regulation EU 2016/679) is designed to strengthen data protection for individuals within the EU by addressing the export of personal data outside the EU, enabling citizens to see and correct their personal data, and ensure data protection consistency across the EU. 6. Access to Government Records The U.S. government has a great capacity to store data about each and every one of us and about the proceedings of its various agencies. Privacy Protection and the Law (US) The Freedom of Information Act (FOIA) grants citizens the right to access certain information and records of federal, state, and local governments upon request. The Privacy Act establishes a code of fair information practices that sets rules for the collection, maintenance, use, and dissemination of personal data that is kept in systems of records by federal agencies. Privacy Protection and the Law (PH) Privacy Laws, Applications, and Court Rulings in the Philippines -This section outlines a number of legislative acts that affect a person’s privacy. 1. Financial Data personal financial (including credit cards, checking and savings accounts, loans, payroll direct deposit, and brokerage accounts). Data Privacy Act of 2012 (Republic Act No. 10173) - The Data Privacy Act protects personal information, including financial data, from unauthorized access, use, and disclosure. Privacy Protection and the Law (PH) Anti-Money Laundering Act (AMLA) of 2001 (Republic Act No. 9160) - This act provides for the confidentiality of bank accounts and prohibits the unauthorized examination of bank records. However, the act allows the Anti-Money Laundering Council (AMLC) to examine bank records for specific reasons such as investigating suspicious transactions. General Banking Law of 2000 (Republic Act No. 8791) - This law provides for the confidentiality of bank deposits and investments with banks in the Philippines, ensuring that these financial records are protected from unauthorized access, except under certain conditions such as court orders. Privacy Protection and the Law (PH) 2. Health Information Data Privacy Act of 2012 (Republic Act No. 10173) - The Data Privacy Act covers health information. Hospitals and healthcare providers must protect the confidentiality of patient records and ensure that such information is not disclosed without the patient’s consent. Magna Carta of Patient's Rights and Obligations (House Bill No. 6750) - Although not yet a law, this bill seeks to provide patients with the right to privacy and confidentiality of their medical information, emphasizing the need for informed consent before any personal health data is shared. Privacy Protection and the Law (PH) 3. Children’s Personal Data Data Privacy Act of 2012 (Republic Act No. 10173) - The Data Privacy Act includes provisions for protecting the personal data of children, particularly in educational settings and online environments. Special Protection of Children Against Abuse, Exploitation, and Discrimination Act (Republic Act No. 7610) - This law indirectly supports the protection of children's data by safeguarding them from exploitation, which includes protecting their personal information from being misused. Cybercrime Prevention Act of 2012 (Republic Act No. 10175) - This law also provides protection against online crimes involving children, including the exploitation of their personal information. Privacy Protection and the Law (PH) 4. Electronic Surveillance Anti-Wiretapping Law (Republic Act No. 4200) - This law prohibits and penalizes wiretapping or the interception of any private communication without the consent of all parties involved. It provides strict limitations on the use of electronic surveillance by both private individuals and law enforcement agencies. Human Security Act of 2007 (Republic Act No. 9372) - This law allows for electronic surveillance, such as wiretapping, under strict conditions for the purpose of counterterrorism. It requires judicial authorization for such activities. Cybercrime Prevention Act of 2012 (Republic Act No. 10175) - This law covers various forms of electronic surveillance, especially in combating cybercrimes, including illegal access to data and unauthorized interception of communications. Privacy Protection and the Law (PH) 5. Foreign Intelligence and Surveillance Human Security Act of 2007 (Republic Act No. 9372) - Similar to the U.S. Foreign Intelligence Surveillance Act (FISA), the Human Security Act allows for electronic surveillance for the purpose of counterterrorism but with strict limitations. It requires judicial authorization for such activities, safeguarding against potential abuses. Data Privacy Act of 2012 (Republic Act No. 10173) - Data Privacy Act provides protection against unauthorized interception of electronic communications. This act ensures that any surveillance activities involving personal data must comply with data privacy laws. Anti-Wiretapping Law (Republic Act No. 4200) - This law prohibits wiretapping and unauthorized interception of private communications, ensuring that surveillance activities are carried out under strict legal conditions. Privacy Protection and the Law (PH) 6. Fair Information Practices Data Privacy Act of 2012 (Republic Act No. 10173) - This act embodies fair information practices by regulating the collection, use, storage, and disposal of personal data. It aims to prevent unauthorized use and ensure accuracy and integrity of personal data. Philippine E-Commerce Act (Republic Act No. 8792) - The E-Commerce Act promotes the use of electronic documents and signatures and includes provisions for protecting the integrity and confidentiality of data in electronic transactions. Privacy Protection and the Law (PH) 7. Access to Government Records Freedom of Information (FOI) Executive Order No. 2, s. 2016 - The FOI Executive Order allows Filipino citizens to access information and records from government agencies, promoting transparency and accountability. Data Privacy Act of 2012 (Republic Act No. 10173) - This act also includes provisions that balance access to information with the need to protect personal data, ensuring that government-held data is not misused. Subtopic 2 Key Privacy and Anonymity Issues Intended Learning Outcomes -Discuss the capabilities of advanced surveillance technologies; -Know the various strategies for consumer profiling; and -Understand the meaning of e-discovery, and how is it being used. Key Privacy and Anonymity Issues 1. Consumer Profiling Companies openly collect personal information about users when they register at websites, complete surveys, fill out forms, follow them on social media, or enter contests online. A data breach is the unintended release of sensitive data or the access of sensitive data by unauthorized individuals. Largest data breaches in the past five years Key Privacy and Anonymity Issues Identity theft is the theft of personal information, which is then used without the owner’s permission. 2. Electronic Discovery (e-discovery) - Is the collection, preparation, review, and production of electronically stored information for use in criminal and civil actions and proceedings. Electronically stored information (ESI) includes any form of digital information, including emails, drawings, graphs, web pages, photographs, word-processing files, sound recordings, and databases stored on any form of magnetic storage device, including hard drives, CDs, and flash drives. Key Privacy and Anonymity Issues E-discovery software that provides the ability to do the following: Analyze large volumes of ESI quickly to perform early case assessments Simplify and streamline data collection from across all relevant data sources in multiple data formats Cull large amounts of ESI to reduce the number of documents that must be processed and reviewed Identify all participants in an investigation to determine who knew what and when Key Privacy and Anonymity Issues Predictive coding is a process that couples human guidance with computer-driven concept searching in order to “train” document review software to recognize relevant documents within a document universe. Two key issues are raised with the use of predictive coding: 1. are attorneys still able to meet their legal obligations to conduct a reasonable search for pertinent documents using predictive coding and; 2. how can counsel safeguard a client’s attorney-client privilege if a privileged document is uncovered. Key Privacy and Anonymity Issues 3. Workplace Monitoring Cyberloafing is defined as using the Internet for purposes unrelated to work such as posting to Facebook, sending personal emails or Instant messages, or shopping online. - Many organizations have developed policies on the use of IT in the workplace in order to protect against employee’s abuses that reduce worker productivity or that expose the employer to harassment lawsuits. - A private organization can defeat a privacy claim simply by proving that an employee had been given explicit notice that email, files, and Internet data held on company computers and transferred over company networks were not private and might be monitored. Key Privacy and Anonymity Issues - Your employer may legally monitor your use of any employer-provided mobile phone or computing device including contact lists, call logs, email, location, photos, videos, and web browsing. - Many employers permit their employees to use their own personal mobile phones or computing devices for work purposes in a policy called Bring Your Own Device (BYOD). Key Privacy and Anonymity Issues 4. Advanced Surveillance Technology Surveillance cameras and satellite-based systems can pinpoint a person’s physical location—provide amazing new data-gathering capabilities. - Camera Surveillance Surveillance cameras are used in major cities around the world in an effort to deter crime and terrorist activities. - A vehicle event data recorder (EDR) is a device that records vehicle and occupant data for a few seconds before, during, and after any vehicle crash that is severe enough to deploy the vehicle’s air bags. Key Privacy and Anonymity Issues Stalking Apps - A Cell phone spy software that can be loaded onto someone’s cell phone or smartphone within minutes. - A built-in microphone can be activated remotely to use as a listening device even when the phone is turned off. All information gathered from such apps can be sent to the user’s email account to be accessed live or at a later time. References Reynolds, G. (2018). Ethics in Information Technology: Cengage Learning. Example of Privacy.(2011).Retrieved from https://www.slideshare.net/vinyas87/privacy-issues-and-internet-privacy How our Personal Information Gets Revealed.(2011). Retrieved from https://www.slideshare.net/vinyas87/privacy-issues-and-internet-privacy Ways to Protect Privacy.(2008).Retrieved from https://www.slideshare.net/tomasztopa/privacy-today-slide-presentation Types of Privacy Harm.(2008). Retrieved from https://www.slideshare.net/tomasztopa/privacy-today-slide-presentation Laviña, C. (2023). Social, Ethical, Legal and Professional Issues in Computing: with complete explanation of the PHILIPPINE CYBERCRIME LAWS Official Gazette of the Republic of the Philippines (2024). Retrieved from https://www.officialgazette.gov.ph/1997/06/06/republic-act-no-8293/ Social and Professional Issues Module 5 Cyberattacks and Cybersecurity Subtopic 1 The Threat Landscape Intended Learning Outcomes – Discuss the categories of Cybercrime; – Explain the principles of Computer Security; – Enumerate the different Types of Cybercrime; and – Know the advantages of Cybersecurity and response to Cyber attack. The Threat Landscape - Confidential business data and private customer and employee information must be safeguarded, and systems must be protected against malicious acts of theft or disruption. - Crime committed using a computer and the internet to steal a person’s identity or illegal imports or malicious programs. - Cyber crime is an activity done using computers and the internet. - Cyber security refers to the technologies and processes designed to protect computers, networks and data from unauthorized access and attacks delivered via the internet by cyber criminals. Categories of Cyber Crime The computer as a target: Using a computer to attacks other computer (Hacking, Virus/Worms attacks, DoS attack etc. The computer as a weapon: Using a computer to commit real world crime e.g. credit card fraud etc. Why Computer Incidents Are So Prevalent? Increasing Complexity Increases Vulnerability Expanding and Changing Systems Introduce New Risks Increasing Prevalence of BYOD Policies Bring your own device (BYOD) is a business policy that permits, and in some cases encourages, employees to use their own mobile devices. Growing Reliance on Commercial Software with Known Vulnerabilities In computing, an exploit is an attack on an information system that takes advantage of a particular system vulnerability. Why Computer Incidents Are So Prevalent? Growing Reliance on Commercial Software with Known Vulnerabilities - In computing, an exploit is an attack on an information system that takes advantage of a particular system vulnerability. - Often this attack is due to poor system design or implementation. - Once the vulnerability is discovered, software developers create and issue a fix, or patch, to eliminate the problem. Increasing Sophistication of Those Who Would Do Harm - Previously, the stereotype of a computer troublemaker was that of an introverted ―geek‖ working on his or her own and motivated by the desire to gain some degree of notoriety. Why Computer Incidents Are So Prevalent? Classifying perpetrators of computer crime Types of Exploits Ransomware is malware that stops you from using your computer or accessing your data until you meet certain demands, such as paying a ransom or sending photos to the attacker. Virus is a piece of programming code, usually disguised as something else, that causes a computer to behave in an unexpected and usually undesirable manner. Worm is a harmful program that resides in the active memory of the computer and duplicates itself. Trojan horse is a seemingly harmless program in which malicious code is hidden. Types of Exploits Blended threat is a sophisticated threat that combines the features of a virus, worm, Trojan horse, and other malicious code into a single payload. Email spam is the use of email systems to send unsolicited email to large numbers of people. The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act states that it is legal to spam, provided the messages meet a few basic requirement. CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) software generates and grades tests that humans can pass and all but the most sophisticated computer programs cannot. Types of Exploits Phishing is the act of fraudulently using email to try to get the recipient to reveal personal data. Spear phishing is a variation of phishing in which the phisher sends fraudulent emails to a certain organization’s employees. Smishing is another variation of phishing that involves the use of texting. Vishing is similar to smishing except that the victims receive a voice-mail message telling them to call a phone number or access a website. Types of Exploits Cyberespionage involves the deployment of malware that secretly steals data in the computer systems of organizations, such as government agencies, military contractors, political organizations, and manufacturing firms. Cyberterrorism is the intimidation of government or civilian population by using information technology to disable critical national infrastructure. The Department of Homeland Security (DHS) is a large federal agency with more than 240,000 employees and a budget of almost $65 billion whose goal is to provide for a ―safer, more secure America, which is resilient against terrorism and other potential threats. The Philippine Department of National Defense (DND) is the primary government agency responsible for safeguarding the national sovereignty, territorial integrity, and peace and security of the Philippines. It oversees the Armed Forces of the Philippines (AFP) and is a critical player in disaster response, counter-terrorism, and national security. Common Types of Cybersecurity Network Security protects network traffic by controlling incoming and outgoing connections to prevent threats from entering or spreading on the network. Data Loss Prevention (DLP) protects data by focusing on the location, classification and monitoring of information at rest, in use and in motion. Cloud Security provides protection for data used in cloud-based services and applications. Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS) work to identify potentially hostile cyber activity. Common Types of Cybersecurity Identity and Access Management (IAM) use authentication services to limit and track employee access to protect internal systems from malicious entities. Encryption is the process of encoding data to render it unintelligible, and is often used during data transfer to prevent theft in transit. Antivirus/anti-malware solutions scan computer systems for known threats. Modern solutions are even able to detect previously unknown threats based on their behavior. Advantage of Cybersecurity It will defend us from hacks and virus. It helps us to browse the safe website. Internet Security process all the incoming and outgoing data on our computer. The cyber security will defend us from critical attacks. The application of cyber security used in our PC needs update every week. The security developers will update their database every week once. Subtopic 2 The CIA Security TRIAD Intended Learning Outcomes – Know the actions must be taken in the event of a successful security intrusion. The CIA Security TRIAD The IT security practices of organizations worldwide are focused on ensuring confidentiality, maintaining integrity, and guaranteeing the availability of systems and data. Confidentiality ensures that only those individuals with the proper authority can access sensitive data such as employee personal data, customer and product sales data, and new product and advertising plans. Integrity ensures that data can only be changed by authorized individuals so that the accuracy, consistency, and trustworthiness of data are guaranteed. Availability ensures that the data can be accessed when and where needed, including during times of both normal and disaster recovery operations. Confidentiality, integrity, and availability are referred to as the CIA security triad. Implementing CIA at the Organization Level Implementing CIA begins at the organization level with the definition of an overall security strategy, performance of a risk assessment, laying out plans for disaster recovery, setting security policies, conducting security audits, ensuring regulatory standards compliance, and creating a security dashboard. - Security Strategy Implementing CIA security at the organization level requires a risk-based security strategy with an active governance process to minimize the potential impact of any security incident and to ensure business continuity in the event of a cyberattack. Creating such a strategy typically begins with performing a risk assessment to identify and prioritize the threats that the organization faces. The security strategy must define a disaster recovery plan that ensures the availability of key data and information technology assets. Implementing CIA at the Organization Level - Risk Assessment is the process of assessing security-related risks to an organization’s computers and networks from both internal and external threats. Such threats can prevent an organization from meeting its key business objectives. The goal of risk assessment is to identify which investments of time and resources will best protect the organization from its most likely and serious threats. - Disaster Recovery Data availability requires implementing products, services, policies, and procedures that ensure that data are accessible even during disaster recovery operations. To accomplish this goal, organizations typically implement a disaster recovery plan, which is a documented process for recovering an organization’s business information system assets—including hardware, software, data, networks, and facilities—in the event of a disaster. Implementing CIA at the Organization Level - Security Policies A security policy defines an organization’s security requirements, as well as the controls and sanctions needed to meet those requirements. A good security policy delineates responsibilities and the behavior expected of members of the organization. A security policy outlines what needs to be done but not how to do it. The details of how to accomplish the goals of the policy are typically provided in separate documents and procedure guidelines. The SysAdmin, Audit, Network, Security (SANS) Institute’s website (www.sans.org) offers a number of security-related policy templates that can help an organization to quickly develop effective security policies. Implementing CIA at the Organization Level - Security Audits Another important prevention tool is a security audit that evaluates whether an organization has a well-considered security policy in place and if it is being followed. For example, if a policy says that all users must change their passwords every 30 days, the audit must check how well that policy is being implemented. The audit should also review who has access to particular systems and data and what level of authority each user has. - Regulatory Standards Compliance In addition to the requirement to comply with your own security program, your organization may also be required to comply with one or more standards defined by external parties. In that case, your organization’s security program must include a definition of what those standards are and how the organization will comply. Implementing CIA at the Organization Level - Security Dashboard Many organizations use security dashboard software to provide a comprehensive display of all key performance indicators related to an organization’s security defenses, including threats, exposures, policy compliance, and incident alerts. The purpose of a security dashboard is to reduce the effort required to monitor and identify threats in time to take action. The Internet provides a wide-open and well-travelled pathway for anyone in the world to reach your organization’s network. As a result, organizations are continuing to move more of their business processes to the Internet to better serve customers, suppliers, employees, investors, and business partners. Implementing CIA at the Organization Level - Authentication Methods To maintain a secure network, an organization must authenticate users attempting to access the network by requiring them to enter a username and password; inserting a smart card and entering the associated PIN; or providing a fingerprint, voice pattern sample, or retina scan Implementing CIA at the Organization Level - Firewall Installation of a corporate firewall is the most common security precaution taken by businesses. A firewall is a system of software, hardware, or a combination of both that stands guard between an organization’s internal network and the Internet and limits network access based on the organization’s access policy. A next-generation firewall (NGFW) is a hardware- or software-based network security system that is able to detect and block sophisticated attacks by filtering network traffic dependent on the packet contents. Implementing CIA at the Organization Level - Encryption Encryption is the process of scrambling messages or data in such a way that only authorized parties can read it. It is used to protect billions of online transactions each day, enabling consumers to order more than $300 billion in merchandise online and banks to route some $40 trillion in financial transactions each year. An encryption key is a value that is applied (using an algorithm) to a set of unencrypted text (plaintext) to produce encrypted text that appears as a series of seemingly random characters (ciphertext) that is unreadable by those without the encryption key needed to decipher it. There are two types of encryption algorithms: symmetric and asymmetric. Symmetric algorithms use the same key for both encryption and decryption. Asymmetric algorithms use one key for encryption and a different key for decryption. Implementing CIA at the Organization Level - Proxy Servers and Virtual Private Networks A proxy server serves as an intermediary between a web browser and another server on the Internet that makes requests to websites, servers, and services on the Internet for you. When you enter the URL for a website, the request is forwarded to the proxy server, which relays the request to the server where the website is hosted. The homepage of the website is returned to the proxy server, which then passes it on to you. Implementing CIA at the Organization Level - Intrusion Detection System An intrusion detection system (IDS) is software and/or hardware that monitors system and network resources and activities and notifies network security personnel when it detects network traffic that attempts to circumvent the security measures of a networked computer environment. Implementing CIA at the Organization Level - Authentication Methods For many applications, users are required to enter a username and password to gain access. Two-factor authentication requires the user to provide two types of credential before being able to access an account; the two credentials can be any of the following: Something you know, such as a PIN or password Something you have, such as some form of security card or token Something you are, such as a biometric (for example, a fingerprint or retina scan) Implementing CIA at the Organization Level - User Roles and Accounts Another important safeguard at the application level is the creation of roles and user accounts so that once users are authenticated, they have the authority to perform their responsibilities and nothing more. Data Encryption Major enterprise systems such as enterprise resource planning (ERP), customer relationship management (CRM), and product lifecycle management (PLM) access sensitive data residing on data storage devices located in data centers, in the cloud, or at third-party locations. Implementing CIA at the Organization Level - Security Education Creating and enhancing user awareness of security policies is an ongoing security priority for companies. Employees and contract workers must be educated about the importance of security so that they will be motivated to understand and follow security policies. Authentication Methods End users should be required to implement a security passcode that must be entered before their computing/communications device accepts further input. Implementing CIA at the Organization Level - Antivirus Software Antivirus software should be installed on each user’s personal computer to scan a computer’s memory and disk drives regularly for viruses. Antivirus software scans for a specific sequence of bytes, known as a virus signature, that indicates the presence of a specific virus. - Data Encryption While you should already have a login password for your mobile computing device or workstation, those measures won’t protect your data if someone steals your device Implementing CIA at the Organization Level - Incident Notification A key element of any response plan is to define who to notify and who not to notify in the event of a computer security incident. - Protection of Evidence and Activity Logs An organization should document all details of a security incident as it works to resolve the incident. - Incident Containment The incident response plan should clearly define the process for deciding if an attack is dangerous enough to warrant shutting down or disconnecting critical systems from the network. Implementing CIA at the Organization Level - Eradication Before the IT security group begins the eradication effort, it must collect and log all possible criminal evidence from the system and then verify that all necessary backups are current, complete, and free of any malware. - Incident Follow-Up An essential part of follow-up is to determine how the organization’s security was compromised so that it does not happen again. References Blundell, B. (2020). Ethics in Computing, Science, and Engineering: A Student’s Guide to Doing Things Right 1st ed. 2020 Edition: Springer. Hauptman, R. (2019). The Scope of Information Ethics: Challenges in Education, Technology, Communications, Medicine and Other Domains: McFarland. Kizza, J.M. (2019). Ethical and Secure Computing: A Concise Module (Undergraduate Topics in Computer Science) 2nd ed.:Springer. Reynolds, G. (2018). Ethics in Information Technology: Cengage Learning. Kizza, J.M (2017).Ethical and Social Issues in the Information Age 6th ed: Springer. Laviña, C. (2023). Social, Ethical, Legal and Professional Issues in Computing: with complete explanation of the PHILIPPINE CYBERCRIME LAWS Social and Professional Issues Module 6 Risk and Responsibility Subtopic 1 Computer Liability Intended Learning Outcomes – Discuss the hardware and software risks involved in the use of computers in society; – Explain how information stored on computers can be kept safe; and – Describe how effective design can impact information technology. Computer Liability Hardware Reliability Features Failure is usually due to physical deterioration Hardware reliability tends, more than software, towards a constant value, Hardware reliability usually follows the “bathtub‟ principle, Environment is important; a proportion of hardware faults are design faults Computer Liability Reliability Measures There are four general ways of measuring failures against time: 1. Time of failure 2. Interval between failures 3. Cumulative failures experienced up to a given time 4. Failures experienced in a time interval Computer Liability - Barriers in digital communication 1. Physical barriers - Physical barriers present different challenges for offline versus online communication. Physical Barriers to digital communication include other environmental conditions like time, place and medium. Computer Liability 2. Emotional Barriers An individual’s beliefs, attitudes, and values have a strong influence on how they process information. People can easily misinterpret digital communication, which often does not include vocal inflections, tone of voice, facial expressions, body language, or other types of visual or audio cues people rely on to understand emotional meaning. Computer Liability 3. Identity barriers Identity barriers can lead to miscommunications and misunderstandings as well as misrepresentation of people and their ideas Computer Liability 4. Semantic barriers Semantic barriers are about the different interpretations of words and symbols used to communicate. It can be people who speak a different language or dialect, have limited language proficiency, don’t have as much knowledge about an issue, or use words and symbols differently than you do. Computer Liability 5. Accessibility barriers Digital communication is effective only when people of all abilities can access and understand information. Photos, graphics, emoji, live streaming, webinars, podcasts, PDFs, videos, and other audio and visual formats are now important parts of how people and organizations communicate online. Computer Liability 6. Attention barriers Attention barriers are when people miss out on what you have to say because they are distracted from giving your message their full focus. People may also be fatigued by information overload, with little attention span left. Computer Liability 7. Credibility barriers Credibility barriers interfere with digital communications when people can’t trust the message, the messenger, or both. Simple Ways To Keep Files Safe Regularly backup your files Use an external hard drive Store files in the cloud Control access to your files Encrypt your hard drive Evaluation of Safety Critical System Based on the data on recent failures of critical systems, the following can be concluded Failures become more and more distributed and often nation-wide (e.g. commercial systems like credit card denial of authorization). The source of failure is more rarely in hardware (physical faults), and more frequently in system design or end-user operation / interaction (software). Values in Design - Solutions to Software Development Problems Solid Requirements Clear, complete, detailed, cohesive, attainable, testable requirements that are agreed to by all players. Realistic Schedules Allow adequate time for planning, design, testing, bug fixing, re-testing, changes, and documentation. Adequate Testing Start testing early on, re-test after fixes or changes, plan for adequate time for testing and bug-fixing. Values in Design - Solutions to Software Development Problems Stick to Initial Requirements where Feasible Be prepared to defend against excessive changes and additions once development has begun, and be prepared to explain consequences. Communication Require walkthroughs and inspections when appropriate; make extensive use of group communication tools – groupware, wiki’s, bug-tracking tools and change management tools, intranet capabilities What Do Computer Scientists Do? Develop and/or simplify algorithms Create new computing languages Determine new methods for working with computers Test new systems and designs Develop models and theories to address issues in the field Present findings to the scientific community Improve computer hardware performance Increase the efficiency of computer software and/or hardware Subtopic 2 Ethics and Professional Responsibility in Computing Intended Learning Outcomes – Evaluate accountability issues in our computerized society; and – Discuss the ethical, legal and social issues regarding the risk and responsibility for public information. Responsibilities of computing professionals toward society Understand what success means Include users (such as medical staff, technicians, pilots, office workers) in the design and testing stages to provide safe and useful systems Do a thorough, careful job when planning and scheduling a project and when writing bids or contracts Design for real users and be inclusive Responsibilities of computing professionals toward society Don’t assume existing software is safe or correct Review and test it Be open and honest about capabilities, safety, and limitations of software Require a convincing case for safety Pay attention to defaults Develop communication skills Ethics and Professional Responsibility in Computing Professionals tend to have clients, not customers. Whereas a sales clerk should try to satisfy the customer’s desires, the professional should try to meet the client’s needs (consistent with the welfare of the client and the public). To become a computing professional, an individual must acquire specialized knowledge about discrete algorithms and relational database theory, and specialized skills such as software development techniques and digital system design. Computing professionals usually learn this knowledge and acquire these skills by earning a baccalaureate degree in computer science, computer engineering, information systems, or a related field. Ethics and Professional Responsibility in Computing What Is Moral Responsibility in Computing? - In the early 1980s, Atomic Energy of Canada Limited (AECL) manufactured and sold a cancer radiation treatment machine called the Therac-25, which relied on computer software to control its operation. Between 1985 and 1987, the Therac-25 caused the deaths of three patients and serious injuries to three others. We can use the Therac-25 case to distinguish between four different kinds of Responsibility. Causal responsibility - Responsibility can be attributed to causes: for example, “the tornado was responsible for damaging the house.” In the Therac-25 case, the proximate cause of each accident was the operator, who started the radiation treatment. Ethics and Professional Responsibility in Computing Role responsibility - An individual who is assigned a task or function is considered the responsible person for that role. In this sense, a foreman in a chemical plant may be responsible for disposing of drums of toxic waste, even if a forklift operator actually transfers the drums from the plant to the truck. Legal responsibility - An individual or an organization can be legally responsible, or liable, for a problem. That is, the individual could be charged with a crime, or the organization 5 could be liable for damages in a civil lawsuit. Moral responsibility - Causal, role, and legal responsibilities tend to be exclusive: if one individual is responsible, then another is not. Ethics and Professional Responsibility in Computing Responsibilities to Employers - Most computing professionals work for employers. The employment relationship is contractual: the professional promises to work for the employer in return for a salary and benefits. Responsibilities to Other Professionals - While everyone deserves respect from everyone else, when professionals interact with each other, they should demonstrate a kind of respect called collegiality. - Because clients cannot adequately evaluate the quality of professional service, individual professionals know that their work must be evaluated by other members of the same profession. - This evaluation, called peer review, occurs in both practice and research. Ethics and Professional Responsibility in Computing Responsibilities to the Public - According to engineering codes of ethics, the engineer’s most important obligation is to ensure the safety, health, and welfare of the public. Although everyone must avoid endangering others, engineers have a special obligation to ensure the safety of the objects that they produce. - Computing professionals share this special obligation to guarantee the safety of the public, and to improve the quality of life of those who use computers and information systems. Ethics and Professional Responsibility in Computing Responsibilities to the Public - The responsibility to educate the public is a collective responsibility of the computing profession as a whole; individual professionals might fulfill this responsibility in their own ways. - Examples of such public service to include advising a church on the purchase of computing equipment, and writing a letter to the editor of a newspaper about technical issues related to proposed legislation to regulate the Internet. References Evaluation of Safety Critical System. (2020). Retrieved from https://www.powershow.com/view1/7dc2f-ZDc1Z/Safety- Critical_Systems_3_Hardware_Software_powerpoint_ppt_presentation What Do Computer Scientists Do?. (2019). Retrieved from https://study.com/articles/Computer_Scientist_Job_Description_Duties_and_Require ments.html Solutions to Software Development Problems. (2018). Retrieved from https://www.360logica.com/blog/five-common-solutions-to-software-development- problems Barriers in digital communication. (2018). Retrieved from https://www.govloop.com/community/blog/7-barriers-digital-communication/ Simple Ways To Keep Files Safe. (2014). Retrieved from https://boston.cbslocal.com/2014/01/27/business-security-5-simple-ways-to-keep- files-safe/ References Hardware and Software Reliability. (2013). Retrieved from https://www.slideshare.net/sandeeppatalay/software-and-hardware-reliability Bathtub Curve for hardware reliability. (2008). Retrieved from https://www.researchgate.net/figure/Bathtub-curve-for-hardware- reliability_fig1_228732541 Evaluation of Safety Critical System. (2020). Retrieved from https://www.powershow.com/view1/7dc2f-ZDc1Z/Safety- Critical_Systems_3_Hardware_Software_powerpoint_ppt_presentation Ethics and Professional Responsibility in Computing.(2019). Retrieved from https://www.onlineethics.org/Resources/ethics-and-professional-responsibility-in-computing.aspx Social and Professional Issues Module 7 Ethical Decisions in Software Development Subtopic 1 Software Quality Intended Learning Outcomes – Explain the use of high quality software in the business system; – Enumerate the types of Software Product Liability; and – Understand the ethical practices of the users. Strategies for Engineering Quality Software High-quality software systems - Easy to learn and use because they perform quickly and efficiently; - Meet their users’ needs; and - They operate safely and reliably so that system downtime is kept to a minimum. Software defect - Is any error that, if not removed, could cause a software system to fail to meet its users’ needs. Software quality - The degree to which a software product meets the needs of its users. Strategies for Engineering Quality Software Quality management - Focuses on defining, measuring, and refining the quality of the development process and the products developed during its various stages. - The objective of quality management is to help developers deliver high-quality systems that meet the needs of their users. - A primary cause of poor software quality is that many developers do not know how to design quality into software from the very start; some simply do not take the time to do so. - To develop high-quality software, developers must define and follow a set of rigorous software engineering principles and be committed to learning from past mistakes. The Importance of Software Quality - A business information system is a set of interrelated components—including hardware, software, databases, networks, people, and procedures—that collects and processes data and disseminates the output. - A

Ethics for IT Professionals and IT Users PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue