D333 FLASHCARDS
(99 cards)
1
Q
Consequentialism/Utilitarianism
A
Maximizes positive consequences, focused on positive outcome for the “greater good”
2
Q
Deontology
A
An action is good if it follows from moral rules/commands
3
Q
Relativism
A
All ethical frameworks are subjective anchored in a place and time, no absolute right or wrong
4
Q
Ethics
A
A code of behavior that is defined by the group to which an individual belongs
4
Q
Virtue Ethics
A
Focuses on a person and the qualities of their character
5
Q
Morals
A
Personal principles upon which an individual bases his or her decisions about what is right and what is wrong
6
Q
Corporate Social Responsibility
A
The concept that an organization should act ethically by taking responsibility for the impact of its actions on its shareholders, consumers, employees, community, environment, and suppliers
7
Q
Supply chain sustainability
A
A component of CSR that focuses on developing and maintaining a supply chain that meets the needs of the present without compromising the ability of future generations to meet their needs
8
Q
5 Reasons for an organization to pursue CSR
A
- to gain the goodwill of the community 2. to create an organization that operates consistently 3. to foster good business practices 4. to protect the organization and its employees from legal action 5. to avoid unfavorable publicity
9
Q
5 Steps to include ethical considerations in decision making
A
- define the problem 2. identify alternatives 3. choose an alternative 4. implement the decision 5. monitor the results
10
Q
Which relationships must an IT worker manage?
A
IT workers must maintain good working relationships with employers, clients, suppliers, other professionals, IT users, and society at large. Each relationship has its own set of ethical issues and potential problems
11
Q
Relationship between IT workers and employers
A
Important issues include; setting and enforcing policies regarding the ethical use of IT, the potential for whistle-blowing, and the safeguarding of trade secrets
12
Q
Relationships between IT workers and clients
A
Important issues revolve around defining, sharing, and fulfilling each party’s responsibilities for successfully completing an IT project. The IT worker must remain objective and guard against any sort of conflict of interest, fraud, misrepresentation, or breach of contract
13
Q
Relationships between IT workers and suppliers
A
A major goal for this relationship is to develop good working relationships in which no action can be perceived as unethical
14
Q
Bribery
A
Act of providing money, property, or favors to someone is business or government in order to obtain a business advantage
15
Q
Internal Control
A
The process established by an organization’s board of directors, managers, and IT group to provide reasonable assurance for the effectiveness and efficiency of operations, the reliability of financial reporting, and compliance with applicable laws and regulations
16
Q
Policies
A
The guidelines, standards, and laws by which an organization must abide
17
Q
Foreign Corrupt Practices Act (FCPA)
A
Makes it a crime to bribe a foreign official, a foreign political party official, or a candidate for foreign political office. The act applies to any U.S. citizen or company and to any company with shares listed on any U.S. stock exchange
18
Q
Relationships between IT workers and other professionals
A
Priority is to improve the professions through activities such as mentoring inexperienced colleagues, demonstrating professional loyalty, and avoiding resume inflation and the inappropriate sharing of corporate information
19
Q
Relationships between IT workers and It users
A
Important issues include; software piracy, inappropriate use of IT resources, and inappropriate sharing of information
20
Q
Relationships between IT workers and society at large
A
Main challenge for IT workers is to practice the profession in ways that cause no harm to society and provide significant benefits
21
Q
Steps to improve professionalism
A
- subscribing to a professional code of ethics 2. joining and participating in professional organizations 3. obtaining appropriate certifications 4. supporting government licensing where available
22
Q
Professional code of ethics
A
States the principles and core values that are essential to the work of a particular occupational group, usually has 2 main parts- the first outlines what the organization aspires to become and the second typically lists rules and principles that members are expected to live by.
23
Q
Benefits of adhering to a code of ethics
A
Ethical decision making, high standards of practice and ethical behavior, trust and respect with the general public, and access to an evaluation benchmark that can be used for self-assessment
24
US-CERT
A partnership between DHS and the public and private sectors that was established to protect the nation's Internet infrastructure against cyberattacks by serving as a clearinghouse for information on new viruses, worms, and other computer security topics
25
CIA Triad
Confidentiality, integrity, availability
26
Fair Credit Reporting Act
regulates operations of credit reporting bureaus
27
Right to Financial Privacy Act
protects the financial records of financial institution customers from unauthorized scrutiny by the federal government
28
GLBA
established mandatory guidelines for the collection and disclosure of personal financial information by financial institutions; requires financial institutions to document their data security plans; and encourages institutions to implement safeguards against pretexting
29
Fair and Accurate Credit Transaction Act
allows consumers to request and obtain a free credit report each year from each of the three consumer credit reporting agencies
30
HIPAA
Defines numerous standards to improve the portability and continuity of health insurance coverage; reduce fraud, waste, and abuse in health insurance care and healthcare delivery; and simplify the administration of health insurance
31
The American Recovery and Reinvestment Act
included strong privacy provisions for EHRs, including banning the sale of health information, promoting the use of audit trails and encryption, and providing rights of access for patients. It also mandated that each individual whose health information has been exposed be notified within 60 days after discovery of a data breach
32
FERPA
provides students and their parents with specific rights regarding the release of student records
33
COPPA
requires websites that cater to children to offer comprehensive privacy policies, notify parents or guardians about their data collection practices, and receive parental consent before collecting any personal information from children under the age of 13
34
Wiretap Act
regulates the interception of telephone and oral communications
35
FISA
describes procedures for the electronic surveillance and collection of foreign intelligence information between foreign powers and agents of foreign powers
36
Executive Order 12333
identifies the various government intelligence-gathering agencies and defines what information can be collected, retained, and disseminated by the agencies. It allows for the tangential collection of U.S. citizen data-even when those citizens are not specifically targeted
37
ECPA
Deals with the protection of communications while in transit from sender to receiver; the protection of communications held in electronic storage; and the prohibition of devices from recording dialing, routing, addressing, and signaling information without a search warrant
38
CALEA
requires the telecommunications industry to build tools into its products that federal investigators can use -after gaining a court order to eavesdrop on conversations and intercept electronic communications
39
USA PATRIOT Act
modified 15 existing statues and gave sweeping new powers both to domestic law enforcement and to international intelligence agencies, including increasing the ability of law enforcement agencies to eavesdrop on phone communication, intercept email messages, and search medical, financial, and other records; the act also eased restrictions on foreign intelligence gathering in the United States
40
Foreign Intelligence Surveillance Act of 2004
authorized intelligence gathering on individuals not affiliated with any known terrorist organization ( so-called lone wolves)
41
Foreign Intelligence Surveillance Act of 1978/2008
granted the NSA expanded authority to collect, without court-approved warrants, international communications as the flow through the U.S. telecommunications equipment and facilities
42
PATRIOT Sunsets Extension Act
granted a four-year extension of provisions of the USA PATRIOT Act that allowed roving wiretaps and searches of business records. It also extended authorization intelligence gathering on "lone wolves"
43
USA Freedom Act
terminated the bulk collection of telephone metadata by the NSA instead requiring telecommunications carriers to hold the data and respond to NSA queries for data. The act also restored authorization for roving wiretaps and the tracking of lone wolf terrorists
44
"Fair information practices"
A term for a set of guidelines that govern the collection and use of personal data. Various organizations as well as countries have developed their own set of such guidelines and cal them by different names
45
The OECD for the Protection of Privacy and Transborder Data Flows of Personal Data
created a set of fair information practices that are often held up as the model for organizations to adopt for the ethical treatment of consumer data
46
The European Union Data Protection Directive
requires member countries to ensure that data transferred to non-EU countries is protected. It also bars the export of data to countries that do not have data privacy protection standards comparable to those of the EU. After the passage of this directive, the EU and the United States worked out an agreement that allowed U.S. companies that were certified as meeting certain "safe harbor" principles to process and store data of European consumers and companies
47
The European-United States Privacy Shield Data Transfer Program Guidelines
a stopgap measure that allows business to transfer personal data about European citizens to the United States. The guidelines were established after the European Court of Justice declared invalid the Safe Harbor agreement between the EU and the United States
48
GPDR
takes effect in May 2018 and addresses the export of personal data outside the EU enabling citizens to see and correct their personal data, standardizing data privacy regulations within the EU, and establishing substantial penalties for violation of its guidelines
49
The FOIA
grants citizens the right to access certain information and records of the federal government upon request
50
The Privacy Act
prohibits U.S. government agencies from concealing the existence of any personal data record-keeping system
51
Discovery
part of the pretrial phase of a lawsuit in which each party can obtain evidence from the other party by various means, including requests for the production of documents
52
E-discovery
collection, preparation, review, and production of electronically stored information for use in criminal and civil actions and proceedings
53
EDR
A device that records vehicle and occupant data for a few seconds before, during, and after any vehicle crash that is severe enough to deploy the vehicle's airbags. The fact that most cards now come equipped with an EDR and that the data from this device may be used as evidence in a court of law is not broadly known by the public.
54
Communications Decency Act (CDA)
aimed at protecting children from online pornography
55
Child Online Protection Act (COPA)
prohibits making harmful material available to minors via the Internet
56
Children's Internet Protection Act (CIPA)
requires federally financed schools and libraries to use filters to block computer access to any material considered harmful to minors.
57
Digital Millennium Copyright Act (DMCA)
addresses a number of copyright-related issues, with Title II of the act providing limitations on the liability of and ISP for copyright infringement
58
SLAPP (Strategic lawsuit against public participation)
a lawsuit filed by corporations, government officials, and others against citizens and community groups who oppose them on matters of concern. Anti-SLAPP laws are designed to reduce frivolous SLAPPs.
59
John Doe lawsuit
a lawsuit that may enable an organization to gain subpoena power in an effort to learn the identity of anonymous Internet users who they believe have caused some form of harm to the organization through their postings
60
Controlling the Assault of Non Solicited Pornography and Marketing (CAN-SPAM) Act
specifies requirements that commercial emailers must follow when sending out messages that advertise a commercial product or service
61
Intellectual property
works of the mind- such as art, books, films, formulas, inventions, music, and processes- that are distinct and owned or created by a single person or group
62
Copyright
the exclusive right to distribute, display, perform, or reproduce an original work in copies; to prepare derivative works based on the work; to and grant these exclusive rights to others
63
Copyright infringement
violation of the rights secured by the owner of a copyright. Infringement occurs when someone copies a substantial and material part of another's copyrighted work without permissions
64
4 factors of the fair use doctrine
1. the purpose and character of the use 2. the nature of the copyrighted work 3. the portion of the copyrighted work used 4. the effect of the use on the value of the copyrighted work
65
Prioritizing Resources and Organization for Intellectual Property (PRO-IP) Act of 2008
increased trademark and copyright enforcement; it also substantially increased penalties for infringement
66
World Intellectual Property Organization (WIPO)
an agency of the United Nations dedicated to "the use of intellectual property as a means to stimulate innovation and creativity"
67
Patent
a grant of property right issued by the U.S. Patent and Trademark Office (USPTO) to an inventor that permits its owner to exclude the public from making, using, or selling a protected invention, and it allows for legal action against violators. A patent prevents copying as well as independent creation
68
Leahy-Smith America Invents Act
changed the U.S. patent system from a "first-to-invent" to a "first-inventor-to-file" system and expanded the definition of prior art, which is used to determine the novelty of an invention and whether it can be patented. The act made it more difficult to obtain a patent in the United States.
69
trademark
a logo, package design, phrase, sounds, or word that enables a consumer to differentiate one company's products from another's. Website owners who sell trademarked goods or services must take care to ensure they are not sued for trademark infringement
70
warranty
assured buyers or leasers that a product meets certain standards of quality and may be either expressly stated or implied by law. If the product fails to meet the terms of its warranty, the buyer or lessee can sue for breach of warranty
71
High-quality software systems
easy to learn and use. perform quickly and efficiently to meet their users' needs, operate safely and reliably, and have a high degree of availability that keeps unexpected downtime to a minimum
72
Business information system
a set of interrelated components- including hardware, software, databases, networks, people, and procedures- that collects and processes data and disseminated the output
73
software development methodology
a standard, proven work process that enables systems analysts, programmers, project managers, and others to make controlled and orderly progress in developing high-quality software. Software methodologies define the activities in the software development process as well as the individual and group responsibilities for accomplishing objectives, recommend specific techniques for accomplishing the objectives, and offer guidelines for managing the quality of the products during the various stages of the development cycle
74
waterfall system development model
a sequential, multistage system development process in which development of the next stage of the system cannot begin until the results of the current stage are approved or modified as necessary
75
Agile development methodology
a system is developed in iterations (or sprints), lasting from 1-4 weeks. Agile development, which accepts the fact that system requirements are evolving and cannot be fully understood or defined at the start of the project, concentrates on maximizing the team's ability to deliver quickly and respond to emerging requirements.
76
Capability Maturity Model Integration (CMMI)
models are collections of best practices that help organizations improve their processes. A best practice is a method or technique that has consistently shown results superior to those achieved with other means, and that is used as a benchmark within a particular industry. CMMI-Development is frequently used to assess and improve software development practices
77
Annualized Rate of Occurrence (ARO)
estimate of the probability that an event will occur over the course of a year
78
Single loss expectancy (SLE)
Estimated loss that would be incurred if the event happens.
79
Annualized loss expectancy (ALE)
estimated loss from this risk over the course of a year ( ARO X SLE = ALE)
80
Risk
the potential of gaining or losing something of value
81
risk management
the process of identifying, monitoring, and limiting risks to a level that an organization is willing to accept
82
Electronic Medical Record (EMR)
a collection of health-related information on an individual that is created, managed, and consulted by authorized clinicians and staff within a single healthcare organization.
83
Electronic Health Record (EHR)
a comprehensive view of the patient's complete medical history designed to be shared with authorized providers and staff from more than one organization
84
Health information exchange (HIE)
process of sharing patient-level electronic health information between different organizations HIE can results in more cost-effective and higher-quality care.
85
Contingent work
a job situation in which an individual does not have an explicit or implicit contract for long-term employment
86
H1-B
temporary work visa granted the the U.S. for people who work in specialty occupations-jobs that require at least a four-year bachelor's degree in a specific field, or equivalent experience.
87
whistle-blowing
an effort to attract public attention to a negligent, illegal, unethical, abusive, or dangerous act by a company or some other organization
88
green computing
concerned with the efficient and environmentally responsible design, manufacture, operation, and disposal of IT-related products.
89
Skewed Sample
occurs when the training data doesn't fairly represent all groups or situations
90
Limited Features/Sample size disparity
occurs when some types of data are much more common than others in the training set
91
Tainted Examples
when the training data includes biased or incorrect information
92
Proxy Bias
This occurs when seemingly neutral information in the data is actually linked to sensitive topics
93
Fairness Metric
A way to measure how fair an AI system is. It helps us know if an AI system treats different groups equally
94
Protected Class
A general category of people who share a characteristic that is legally protected against discrimination
95
Protected Feature
Specific instances or attributes within a protected class. These are particular things about a person that shouldn't influence the AI's decisions unfairly
96
Pre-processing
changing or fixing the training data before using it to train the AI
97
In-processing
changing how the AI learns during training to make it fairer
98
Post-processing
changing the AI's outputs after it has made a decision to make the results fairer
