Chapter 3 and 4 Flashcards
(17 cards)
What is ethics?
A set of principles of right and wrong used by individuals and organizations to make choices and guide behavior.
What are the four major categories of information ethical issues?
A:
Privacy
Accuracy
Property
Accessibility (PAPA framework).
What is the “right to privacy”?
The right to be left alone and free from unreasonable personal intrusions.
What are threats to privacy?
Personal information in databases.
Electronic surveillance.
Social media misuse.
What are accuracy issues in information ethics?
Concerns about the authenticity, fidelity, and correctness of information, including threats like misinformation and algorithm inaccuracies.
What are property issues in information ethics?
Questions about who owns information and how to determine fair prices for its exchange, especially in IoT systems
What are accessibility issues in information ethics?
Concerns about who has the right to access information and under what conditions, including algorithm transparency.
What are the three general ethical standards?
Utilitarian: The greatest good for the greatest number.
Rights-based: Respect and protect the rights of affected parties.
Fairness: Equal treatment of all individuals.
What legal protections exist for privacy?
PIPEDA (Personal Information Protection and Electronic Documents Act).
The Privacy Act.
GDPR (General Data Protection Regulation).
What is information security?
Processes and policies designed to protect information and systems from unauthorized access, use, disruption, modification, or destruction.
What are the two main categories of threats to information security?
People threats: Human error, social engineering.
Technology threats: Software attacks (e.g., DDoS), SCADA attacks.
What is social engineering?
Manipulating individuals into providing confidential information, such as passwords.
What is phishing?
Attempts to obtain sensitive information by pretending to be a trustworthy entity via email, IM, social networks, or vishing.
What is spear-phishing?
A phishing attack targeted at a specific organization, often with high stakes.
What is a Distributed Denial of Service (DDoS) attack?
An attack where multiple compromised devices flood a target system with information requests, causing it to crash.
What are SCADA systems, and why are they vulnerable?
Large-scale, distributed monitoring systems used in critical infrastructures like electricity and nuclear plants.
They were not originally designed with IT security in mind but are now increasingly connected to the internet.
What is the information security control framework?
Defense mechanisms to safeguard assets, optimize resource use, and prevent or detect errors and fraud.
