COMM 205 Unit 8 Flashcards
(20 cards)
Definition: Ethics
The moral principles of right and wrong that individuals use to make choices that guide their behaviour
Definition: Code of ethics
A collection of PRINCIPLES that are intended to guide decision making by members of an organization.
Fundamental principles of ethics:
- Responsibility – means that you accept the consequences of your decisions and actions.
- Accountability – determines who is responsible for actions that were taken.
- Liability – a legal concept meaning that individuals have the right to recover the damages done to them by other individuals, organizations, or systems.
Definition: PRIVACY
Privacy – involve collecting, storing and disseminating personal information about individuals.
Definition: Accuracy
Accuracy – involve the authenticity, fidelity and accuracy of information that is collected and processed.
Definition: Property
Property – involve the ownership and value of information.
Definition: Accessibility
Accessibility – revolve around who should have access to information and whether a fee should be paid for this access.
Ethics and information technology:
- PRIVACY
- Accuracy
- Property
- Accessibility
Definition: Information privacy
Privacy – the right to be left alone and to be free of unreasonable personal intrusion.
Information privacy – the right to determine when, and to what extent, information about you can be gathered and/or communicated to others.
It is about how personal information is collected and shared.
Information privacy legislation varies from Europe, the United States and Canada.
Major concerns of personal information in databases
Some of the major concerns are: Can you change inaccurate data? Personal Information in Databases Do you know where the records are? Are the records accurate? Under what circumstances will personal data be released? How are the data used?
Opt-in vs. opt-out model
Opt-in Model – PROHIBITS an organization from collecting any personal information UNLESS the customer specifically authorizes it.
Opt-out model – PERMITS the company to collect personal information UNTIL the customer specifically requests that the data not be collected.
Privacy policy guidelines for data collection
Data should be collected on individuals only for the purpose of accomplishing a legitimate business objectives.
Data Accuracy
Data should be kept current, where and when necessary.
Data Confidentiality
Computer security procedures should be implemented to
ensure against unauthorized disclosure of data.
Definition: Information security
Information Security – consists of the processes and policies designed to PROTECT an organization’s information and information systems (IS) from UNAUTHORIZED access, use, disclosure, disruption, modification or destruction.
Information must be PROTECTED to maintain a company’s competitive advantage.
Information must be protected to maintain customer PRIVACY.
How much should you spend on IT?
“Security is a trade-off between risk and cost, and enterprises in different industries may spend more or less depending on their situation.”
Definition: Vulnerability
Vulnerability – the POSSIBILITY that the system will be harmed by a threat.
Five key factors that affect the vulnerability of organizational information resources:
1. Today’s interconnected, interdependent, wirelessly networked business environment
2. Smaller, faster, cheaper computers and storage devices
3. Decreasing skills necessary to be a computer hacker
4. International organized crime taking over cybercrime
5. Lack of management support.
Major categories of threats
There are two major categories of threats:
unintentional threats
deliberate threats
The greatest threat to a business information system are (the first line of defence):
The greatest threat to a business information system are insiders, employees and authorized users of the IS:
Negligence, mistakes and ignorance of the consequences of risky behavior.
Victims of social engineering.
Definition: Social Engineering
Social engineering is a non-technical method of intrusion
hackers use that relies heavily on human interaction and often involves TRICKING PEOPLE into breaking normal security procedures. It is one of the greatest threats that organizations today encounter.
Human errors:
The higher the level of employee, the greater the threat he or she poses to information security.
Other employees include contract labour, consultants, and janitors and guards.
Human errors or mistakes by employees pose a large problem as the result of laziness, carelessness, or a LACK OF AWARENESS concerning information security.
This lack of awareness comes from POOR EDUCATION AND TRAINING efforts by the organization.
Conclusion
The ethical and moral issues are largely influenced by people’s individual ethical beliefs.
A variety of policies exist in organizations to help enforce proper information ethics and INFORMATION PRIVACY behaviours.
The effectiveness of information security measures and information POLICIES is highly dependent upon the PEOPLE in the organization who enforce and enact these measures and policies.
