Chapter 8: SECURITY AND ETHICAL CHALLENGES Flashcards
1
Q
As a business professional, you have a responsibility to promote ethical uses of information technology in the workplace. Whether or not you have managerial responsibilities, you should accept the ethical responsibilities that come with your work
activities. That includes properly performing your role as a vital human resource in the business systems you help develop and use in your organization. As a manager or business professional, it will be your responsibility to make decisions about business activities and the use of information technologies that may have an ethical dimension that must be considered.
A
Ethical Responsibility of Business Professionals
2
Q
is concerned with the numerous ethical questions that managers must confront as part of their daily business decision making
A
Business ethics
3
Q
Enumeration:
Ethics questions that managers meet as part of their daily business decision making include:
A
- Equity
- Rights
- Honesty
- Exercise of corporate power
4
Q
Enumeration:
THEORIES OF CORPORATE SOCIAL RESPONSIBILITY
A
- STOCK HOLDER THEORY
- SOCIAL CONTRACT THEORY
- STAKEHOLDER THEORY
5
Q
holds that managers are agents of the stockholders, and their only ethical responsibility is to increase the profits of the business without violating the law or engaging in fraudulent practices.
A
STOCK HOLDER THEORY
6
Q
state that companies have ethical responsibilities to all members of society, which allows corporations to exist according to a social contract.
A
SOCIAL CONTRACT THEORY
7
Q
that managers have an ethical responsibility to manage a firm for the benefit of all its stakeholders, that is, all individuals and groups that have a stake in, or claim on, a company.
A
STAKEHOLDER THEORY
8
Q
Enumeration:
Principles of Technology Ethics
A
- Proportionality of benefits to risk
- Informed consent to risk
- Justice in distribution of risk with benefits derived to each sub unit
- Minimized risk by the selected option
9
Q
The good achieved by the technology must outweigh the harm or risk. Moreover, there must be no alternative that achieves the same or comparable benefits with less harm or risk
A
Proportionality
10
Q
Those affected by the technology should understand and accept the risks.
A
Informed Consent
11
Q
The benefits and burdens of the technology should be distributed fairly. Those who benefit should bear their fair share of the risks, and those who do not benefit should not suffer a significant increase in risk.
A
Justice
12
Q
Even if judged acceptable by the other three guidelines, the technology must be implemented so as to avoid all unnecessary risk.
A
Minimized Risk
12
Q
A
13
Q
Enumeration:
ETHICAL GUIDELINES
A
- Acting with integrity
- Increasing your professional competence
- Setting high standards of personal performance
- Accepting responsibility for your work
- Advancing the health, privacy, and general welfare of the public
14
Q
Enumeration:
AITP Standards of Professional Conduct
In recognition of my obligation to my employer I shall:
A
- Avoid conflicts of interest and ensure that my employer is aware of any potential conflicts.
- Protect the privacy and confidentiality of all information entrusted to me.
- Not misrepresent or withhold information that is germane to the situation.
- Not attempt to use the resources of my employer for personal gain or for any purpose
without proper approval. - Not exploit the weakness of a computer system for personal gain or personal satisfaction.
15
Q
Enumeration:
AITP Standards of Professional Conduct
In recognition of my obligation to society I shall:
A
- Use my skill and knowledge to inform the public in all areas of my expertise.
- To the best of my ability, ensure that the products of my work are used in a socially
responsible way. - Support, respect, and abide by the appropriate local, state, provincial, and federal laws.
- Never misrepresent or withhold information that is germane to a problem or a situation
of public concern, nor will I allow any such known information to remain unchallenged. - Not use knowledge of a confidential or personal nature in any unauthorized manner to achieve personal gain.
16
Q
It is becoming one of the Net’s growth businesses
A
Cyber-crime
17
Q
a growing threat to society, is caused by the criminal or irresponsible actions of individuals who are taking advantage of the widespread use and vulnerability of computers and the Internet and other networks. It presents a major challenge to the ethical use of information technologies
A
Computer crime
18
Q
also poses serious threats to the integrity, safety, and survival of most business systems and thus makes the development of effective security methods a top priority
A
Computer crime
19
Q
Enumeration:
Computer crime is defined by the Association of Information Technology Professionals (AITP) as including :
A
- the unauthorized use, access, modification, and destruction of hardware, software, data, or network resources;
- the unauthorized release of information;
- the unauthorized copying of software;
- denying an end user access to his or her own hardware, software, data, or network resources; and
- using or conspiring to use computer or network resources to obtain information or tangible property illegally.
20
Q
This definition was promoted by the AITP in a Model Computer Crime Act and is reflected in many computer crime laws.
A
Computer crime
21
Q
in computerese, is the obsessive use of computers or the unauthorized access and use of networked computer systems. Hackers can be outsiders or company employees who use the Internet and other networks to steal or damage data and programs. One of the issues in hacking is what to do about a hacker who commits only electronic breaking and entering, that is, gets access to a computer system and reads some files but neither steals nor damages anything.
A
Hacking
22
Q
have at their fingertips a dozen dangerous tools, from “scans” that ferret
out weaknesses in Web site software programs to “sniffers” that snatch passwords
A
Cyber-thieves
23
Q
A ________ (also called a black hat or darkside hacker) is a malicious or criminal hacker. Usually a ________ is a person who maintains knowledge of the vulnerabilities he or she finds and exploits them for private advantage, not revealing them to either the general public or the manufacturer for correction.
A
cracker
24
Enumeration:
Common Hacking Tactics
- Denial of Service
- Scans
- Sniffer
- Spoofing
- Trojan Horse
- Back Doors
- Malicious Applets
- War Dialing
- Logic Bombs
- Buffer Overflow
- Password Crackers
- Social Engineering
- Dumpster Diving
25
This is becoming a common networking prank. By hammering a Web site’s equipment
with too many requests for information, an attacker can effectively clog the system,
slowing performance or even crashing the site. This method of overloading computers is sometimes used to cover up an attack.
Denial of Service
26
Widespread probes of the Internet to determine types of computers, services, and connections. That way the bad guys can take advantage of weaknesses in a particular make of computer or software program.
Scans
27
Programs that covertly search individual
packets of data as they pass through the Internet, capturing passwords or the entire contents.
Sniffer
28
Faking an e-mail address or Web page to trick users into passing along critical information like passwords or credit card numbers.
Spoofing
29
A program that, unknown to the user,
contains instructions that exploit a known vulnerability in some software
Trojan Horse
30
In case the original entry point has been
detected, having a few hidden ways back makes reentry easy—and difficult to detect.
Back Doors
31
Tiny programs, sometimes written in the popular Java computer language, that misuse
your computer’s resources, modify files on the hard disk, send fake e-mail, or steal passwords.
Malicious Applets
32
Programs that automatically dial thousands of telephone numbers in search of a way in through a modem connection.
War Dialing
33
An instruction in a computer program
that triggers a malicious act.
Logic Bombs
34
A technique for crashing or gaining control of a computer by sending too much data to the buffer in a computer’s memory.
Buffer Overflow
35
Software that can guess passwords.
Password Crackers
36
A tactic used to gain access to computer systems by talking unsuspecting company employees out of valuable information such as passwords.
Social Engineering
37
Sifting through a company’s garbage to find information to help break into their computers. Sometimes the information is used to make a stab at social engineering more credible.
Dumpster Diving
38
They can monitor e-mail, Web server access, or file transfers to extract passwords,
steal network files, or plant data that will cause a system to welcome intruders
Hackers
39
They may also use remote services that allow one computer on a network to execute programs on another computer to gain privileged access within a network.
Hackers
40
an Internet tool for interactive use of remote computers, can help hackers discover information to plan other attacks
Telnet
41
The term cracker was coined by ______________ to provide an alternative to abusing the existing word hacker for this meaning. This term’s use is limited (as is “black hat”) mostly to some areas of the computer and security field and, even there, is considered controversial.
Richard Stallman
42
Many computer crimes involve the theft of money. In the majority of cases, they are inside jobs that involve unauthorized network entry and fraudulent alteration of computer databases to cover the tracks of the employees involved.
CYBER-THEFT
43
In most cases, the scope of such financial losses is much larger than the incidents reported. Companies don’t usually reveal that they have been targets or victims of computer crime.
CYBER-THEFT
44
It is the leveraging of an organization’s or government’s computers and
information, particularly via the Internet, to cause physical, real-world harm or severe
disruption of infrastructure.
Cyberterrorism
45
The National Conference of State Legislatures (NCSL) puts a much finer point
on the definition of the term:
the use of information technology by terrorist groups and individuals to further their
agenda. This can include use of information technology to organize and execute attacks
against networks, computer systems and telecommunications infrastructures, or for
exchanging information or making threats electronically.
Cyberterrorism
46
The unauthorized use of computer systems and networks can be called?
time and resource theft
47
Network monitoring software, called _______, is frequently used to monitor network traffic to evaluate network capacity, as well as to reveal evidence of improper
use
sniffers
48
Include spamming, harassments, chain letters, solicitations, spoofing, propagations of viruses/worms, and defamatory statements.
General E-mail Abuses
49
Sharing of passwords and access into networks without permission.
Unauthorized Usage and Access
50
Using illegal or pirated software that costs organizations millions of dollars because of copyright infringements. Copying of Web sites and copyrighted logos.
Copyright Infringement/Plagiarism
51
Posting of messages on various non-work–related topics from sex to lawn care advice.
Newsgroup Postings
52
Using the Internet to display or transmit trade secrets.
Transmission of Confidential Data
53
Accessing sexually explicit sites from workplace as well as the display, distribution, and surfing of these offensive sites.
Pornography
54
Hacking of Web sites, ranging from denial of service attacks to accessing organizational databases.
Hacking
55
Propagation of software that ties up office bandwidth. Use of programs that allow the transmission of movies, music, and graphical materials.
Non-Work–Related Download/Upload
56
Loafing around the Internet, which includes shopping, sending e-cards and personal e-mail, gambling online, chatting, game playing, auctioning, stock trading, and doing other personal activities.
Leisure Use of the Internet
57
Using an external ISP to connect to the Internet to avoid detection.
Usage of External ISPs
58
Using office resources such as networks and computers to organize and conduct personal business (side jobs).
Moonlighting
59
Computer programs are valuable property and thus the subject of theft from computer systems. However, unauthorized copying of software, or_______________ , is also a major form of software theft. ___________ by company employees is widespread, which has resulted in lawsuits by the _______, an industry association of software developers, against major corporations that allowed unauthorized copying of their programs. Unauthorized copying is illegal because software is intellectual property that is protected by copyright law and user licensing agreements.
- software piracy
- Software Publishers Association
60
which allows you to make copies of software
for others
shareware
61
which is not copyrighted
public domain software
62
Therefore, many companies sign __________ that legally allow them to make a certain number of copies for use by their employees at a particular location
site licenses
63
Software is not the only property that is subject to computer-based piracy. Other _______________occurs in the form of infringements of copyrighted material, such as music, videos, images, articles, books, and other written works, which most courts have deemed illegal.
INTELLECTUAL PROPERTY THEFT
64
_________ is the more popular term, but technically, a ______ is a program code that cannot work without being inserted into another program.
Virus
65
T or F.
Thus, a computer virus or worm can spread destruction among many users. Although they sometimes display only humorous messages, they more often destroy the contents of memory, hard disks, and other storage devices.
True
66
A ________ is a distinct program that can run unaided.
worm
67
T or F.
In either case, these programs copy annoying or destructive routines into the networked computer systems of anyone who accesses computers infected with the virus or who uses copies of magnetic disks taken from infected computers.
True
68
T or F.
Copies of shareware software downloaded from the Internet can be another
source of viruses.
True
69
You should also regularly use ___________that can help diagnose and remove computer viruses from infected files on your hard disk.
antivirus programs
70
is software that, while purporting to serve some useful function and often fulfilling that function, also allows Internet advertisers to display advertisements as banners and pop-up ads without the consent of the computer user.
In the extreme, adware can also collect information about the user of its host computer and send it over the Internet to its owner.
71
This special class of adware is called ______and is defined as any software that employs users’ Internet connection in the background without their knowledge or explicit permission. __________ programs collect specific information about you, ranging from general demographics like name, address, and Internet surfing habits to credit card, Social Security number, user names, passwords, or other personal information.
spyware
72
______________and mistakes in the of personal data are other
controversial threats to privacy. Individuals have been mistakenly arrested and jailed
and people have been denied credit because their physical profiles or personal data
have been used by profiling software to match them incorrectly or improperly with
the wrong individuals.
- Computer profiling
- computer matching
73
The opposite side of the privacy debate is the right of people to know about matters
others may want to keep private (freedom of information), the right of people to express their opinions about such matters (freedom of speech), and the right of people to
publish those opinions (freedom of the press).
Computer Libel and Censorship
74
_____________is the indiscriminate sending of unsolicited e-mail messages ( spam) to many Internet users. ____________ is the favorite tactic of mass mailers of unsolicited advertisements, or junk e-mail. ___________ has also been used by cyber-criminals to spread computer viruses or infiltrate many computer systems.
Spamming
75
____________ is the practice of sending extremely critical, derogatory, and often vulgar
e-mail messages ( flame mail) or newsgroup postings to other users on the Internet or
online services. ___________is especially prevalent on some of the Internet’s special-interest newsgroups.
Flaming
76
_______-- is the term used to describe laws intended to regulate activities over the
Internet or via the use of electronic data communications. ________ encompasses a
wide variety of legal and political issues related to the Internet and other communications technologies, including intellectual property, privacy, freedom of expression, and
jurisdiction.
Cyber law
77
The impact of information technologies on employment is a major ethical concern that is directly related to the use of computers to achieve automation of work activities.
EMPLOYMENT CHALLENGES
78
One of the most explosive ethical issues concerning workplace privacy and the quality of working conditions in business is computer monitoring. That is, computers are being used to monitor the productivity and behavior of millions of employees while they work.
COMPUTER MONITORING
79
Information technology has eliminated monotonous or obnoxious tasks in the office and the factory that formerly had to be performed by people.
CHALLENGES IN WORKING CONDITIONS
80
A frequent criticism of information systems centers on their negative effect on the individuality of people.
CHALLENGES OF INDIVIDUALITY
81
The use of information technology in the workplace raises a variety of health issues. Heavy use of computers is reportedly causing health problems like job stress, damaged arm and neck muscles, eyestrain, radiation exposure, and even death by computer caused accidents.
HEALTH ISSUES
82
Solutions to some of these health problems are based on the science of ergonomics , sometimes called human factors engineering. The goal of ergonomics is to design healthy work environments that are safe, comfortable, and pleasant for people to work in, thus increasing employee morale and productivity.
ERGONOMICS
83
We can use information technologies to solve human and social problems through societal solutions such as medical diagnosis, computer-assisted instruction, governmental program planning, environmental quality control, and law enforcement.
SOCIETAL SOLUTIONS
84
Information technologies can be used for crime control through various law enforcement applications. For example, computerized alarm systems allow police to identify and respond quickly to evidence of criminal activity.
SOCIETAL SOLUTIONS
85
a unique combination of passwords, PINs, and other secure identifying elements used for verifying authenticity and accessing accounts or services.
OTHER SECURITY MEASURES
86
are duplicate files of data or programs, are another important security measure.
BACKUP FILES
87
System security monitors are programs that monitor the use of computer systems and networks and protect them from unauthorized use, fraud, and destruction. Such programs provide the security measures needed to allow only authorized users to access the networks. For example, identification codes and passwords are frequently used for this purpose.
SECURITY MONITORS
88
The goal of __________ is the accuracy, integrity, and safety of all information system processes and resources. Thus, effective security management can minimize errors, fraud, and losses in the information systems that interconnect today’s companies and their customers, suppliers, and other stakeholders
security management
89
Enumeration:
Examples of important security measures
- Virtual Private Networks
- Encryption
- Access Control
- Proxy Agents/Systems
- Firewalls
- Authentication
- Network Security Protocols
- Security Software Tools
- Intrusion Detection
90
is a fast-growing area of computer security. These are security measures provided by computer devices that measure physical traits that make each individual unique, such as voice verification, fingerprints, hand geometry, signature dynamics, keystroke analysis, retina scanning, face recognition, and genetic pattern analysis.
BIOMETRIC SECURITY
91
______________ use special-purpose sensors to measure and digitize a biometric profile of a person’s fingerprints, voice, or other physical trait. The digitized signal is processed and compared to a previously processed profile of the individual stored on magnetic disk. If the profiles match, the individual is allowed entry into a computer network and given access to secure system resources.
Biometric control devices
92
________ of data has become an important way to protect data and other computer
network resources, especially on the Internet, intranets, and extranets. Passwords,
messages, files, and other data can be transmitted in scrambled form and unscrambled by computer systems for authorized users only. ________ involves using special mathematical algorithms, or keys, to transform digital data into a scrambled code before they are transmitted, and then to decode the data when they are received. T
Encryption
93
Enumeration:
There are several competing software encryption standards
- RSA (by RSA Data Security, software products including Microsoft Windows XP, Novell NetWare, and Lotus Notes offer encryption features using RSA software.
- PGP (which stands for “pretty good privacy”), a popular encryption program available on the Internet.
94
_________-is a network security device that observes and filters incoming and outgoing network traffic, adhering to the security policies defined by an organization. Essentially, it acts as a protective wall between a private internal network and the public Internet.
Firewall
95
A _________attack is a malicious attempt to disrupt the normal functioning of a targeted server, service, or network by overwhelming it with a flood of illegitimate traffic.
Denial of Service (DoS)
96
The practice of tracking and analyzing email communications sent and received within an organization.
E-MAIL MONITORING
97
also known as antivirus or anti-malware defenses, are measures implemented to protect computer systems, networks, and devices from malicious software (malware) threats, including viruses, worms, Trojans, ransomware, and spyware.
VIRUS DEFENSES
98
This feature adds another level of protection to stored data resources. For even stricter security, however, passwords can be scrambled, or encrypted, to avoid their theft or improper use, as we will discuss shortly. In addition, smart cards, which contain microprocessors that generate random numbers to add to an end user’s password, are used in some secure systems.
Security Codes
99
Files can also be protected by ___________measures that involve storing copies
of files from previous periods. If current files are destroyed, the files from previous periods can be used to reconstruct new current files.
file retention
100
_____________, which are duplicate files of data or programs, are another important security
measure.
Backup files
101
______________are programs that monitor the use of computer systems and networks and protect them from unauthorized use, fraud, and destruction
System security monitors
102
is a fast-growing area of computer security. These are security measures provided by computer devices that measure physical traits that make each individual unique, such as voice verification, fingerprints, hand geometry, signature dynamics, keystroke analysis, retina scanning, face recognition, and genetic pattern analysis.
Biometric security
103
“Sorry, our computer systems are down” is a well-known phrase to many end users. A variety of controls can prevent such computer failure or minimize its effects.
Computer Failure Controls
104
Many firms also use ____________computer systems that have redundant processors, peripherals, and software that provide a fail-over capability to back up components in
the event of system failure.
fault-tolerant
105
It specifies which employees will participate in disaster recovery and what their duties will be; what hardware, software, and facilities will be used; and the priority of applications that will be processed.
Disaster Recovery
106
are methods and devices that attempt to ensure the accuracy, validity, and propriety of information system activities. Information system (IS) controls must be developed to ensure proper data entry, processing techniques, storage methods, and information output
Information system controls
107
An ______ can be defined as the presence of documentation that allows a transaction to be traced through all stages of its information processing.
audit trail
