Section 1 Study Guide

Question 1

What is a normative statement?

Answer 1

A normative statement expresses a judgment about what ought to be rather than what is.

Question 2

What is a descriptive statement?

Answer 2

It explains or describes the way things are, were, or will be—without expressing opinions or judgments.

Question 3

What is an ethical framework?

Answer 3

It guides decision-making about what is right and wrong.

Question 4

What are the three basic problems in ethics?

Answer 4

• Limited resources
• Competing kinds of goods
• Different ideas about what is good

Question 5

How do ethics and self-interest relate according to the chapter?

Answer 5

Ethics and self-interest aren’t opposites; you can pursue goals without harming others while considering their well-being.

Question 6

What is the ‘invisibility factor’ of computing technologies?

Answer 6

It includes issues like malicious abuse, programming values, and unchallenged assumptions about complex calculations.

Question 7

What are the three changes brought about by computer technologies?

Answer 7

• Reproducibility
• Information flow
• Identity conditions

Question 8

What are two advantages of using stories to examine ethical issues?

Answer 8

• Stories capture unexpected ethical quandaries
• Characters shape perceptions and choices

Question 9

What role do professional societies play in ethical norms?

Answer 9

They articulate a code of ethics for practitioners and express the collective wisdom of the field.

Question 10

What is the Hippocratic Oath?

Answer 10

A code of ethics for medical professionals that guides them to help the sick without causing harm.

Question 11

What is communitarianism in ethics?

Answer 11

An ethical framework emphasizing social connections that inform ethical judgments.

Question 12

What does virtue ethics focus on?

Answer 12

Moral development and the formation of good habits, emphasizing character over rules or consequences.

Question 13

What is deontology?

Answer 13

An ethical approach focused on duties, rights, and moral obligations, emphasizing the rightness or wrongness of actions.

Question 14

What are the three major traditions within deontology?

Answer 14

• Social Contract Theory
• Theological Deontology
• Rationalist Deontology

Question 15

What is the ultimate goal of virtue ethics?

Answer 15

Human flourishing or eudaimonia—living well and fulfilling one’s potential.

Question 16

What is utilitarianism?

Answer 16

A moral theory evaluating actions based on outcomes, aiming to produce the greatest happiness for the greatest number.

Question 17

What are the core principles of utilitarianism?

Answer 17

• Principle of Utility
• Equality
• Hedonism in Classical Utilitarianism

Question 18

What are the main criticisms of traditional ethical frameworks?

Answer 18

They often have a narrow view of cause and effect, oversimplifying complex ethical situations.

Question 19

What is feminist ethics?

Answer 19

An ethical approach that challenges the exclusion of women and marginalized groups, focusing on lived experiences and relationships.

Question 20

What is the Capability Approach?

Answer 20

An approach focusing on creating conditions for individuals to realize their full potential, evaluating actions and policies based on capabilities.

Question 21

What is a profession?

Answer 21

A service needed by society, requiring expertise not easily controlled by non-expert regulators.

Question 22

What is a conflict of interest?

Answer 22

When a professional acts in the interest of one client that may harm another client.

Question 23

What is certification?

Answer 23

A credential verifying knowledge or skills in a specific field, often valued by employers.

Question 24

What is licensing?

Answer 24

Official permission granted by a government authority to engage in a specific activity, requiring minimum competence.

Question 25

What are the core characteristics of a profession?

Answer 25

* Core body of theoretical knowledge * Authority for decision-making * Special privileges by the community * Code of Ethics * Culture

Question 26

What are three functions of codes of ethics?

Answer 26

* Guide Professional Conduct for the Public Good * Establish Standards for Technology Use * Build Public Trust

Question 27

What are the three utilitarian approaches to ethical decision-making?

Answer 27

* Cost-benefit analysis approach * Act-utilitarian approach * Rule-utilitarian approach

Question 28

What are the three approaches based on respect for persons?

Answer 28

* Golden rule approach * Self-defeating approach * Rights approach

Question 29

What is the SECEPP?

Answer 29

The Software Engineering Code of Ethics, developed to target software engineering specifically.

Question 30

What is the Golden rule approach in ethical decision-making?

Answer 30

Imagine what would happen if another person/company acted as we are considering.

Question 31

What does the self-defeating approach in ethical decision-making entail?

Answer 31

Look at the action in a negative way; would other people acting in this way invalidate or reduce the usefulness of this action.

Question 32

What is the rights approach in ethical decision-making?

Answer 32

List all the rights people have relevant to the action then decide on one that does not impinge these rights.

Question 33

What does SECEPP stand for?

Answer 33

Software Engineering Code of Ethics and Professional Practice.

Question 34

What is the purpose of the SECEPP?

Answer 34

Provides detailed ethical guidelines for software engineers to help make ethical decisions, promote integrity, responsibility, and prioritize public interest.

Question 35

How does the ACM Code of Ethics address privacy?

Answer 35

RESPECT PRIVACY.

Question 36

How does the IEEE Code of Ethics address discrimination?

Answer 36

To treat all persons fairly, regardless of differences or prejudices.

Question 37

What do the ACM and IEEE codes of ethics say about professional development?

Answer 37

Maintain high standards of professional and technical competence, and support colleagues in the growth of the profession.

Question 38

What are the seven principles outlined by the ACM for algorithms?

Answer 38

Awareness, Access and Redress, Accountability, Explanation, Data Provenance, Auditability, Validation and Testing.

Question 39

Define moral imagination.

Answer 39

The ability to think creatively and empathetically about ethical issues, considering different perspectives and possible consequences.

Question 40

What is the importance of moral imagination in ethical decision-making?

Answer 40

Helps go beyond rigid rules, encourages empathy, supports creative solutions, and aids in avoiding unintended harm.

Question 41

Define a Zero-day exploit.

Answer 41

A cyberattack that happens before the security community becomes aware of and fixes a security weakness.

Question 42

What are several reasons why computer incidents are prevalent?

Answer 42

* Increasing complexity increases vulnerability * Expanding systems introduce new risks * BYOD policies encourage access from personal devices * Reliance on commercial software with known vulnerabilities.

Question 43

What is a Black hat hacker?

Answer 43

Someone who violates computer or Internet security maliciously or for illegal personal gain.

Question 44

What is a malicious insider?

Answer 44

An employee or contractor who attempts to gain financially or disrupt a company’s information systems.

Question 45

Define Cybercriminal.

Answer 45

Someone who attacks a computer system or network for financial gain.

Question 46

What is a Cyberterrorist?

Answer 46

Someone who attempts to destroy the infrastructure components of governments, financial institutions, and other corporations.

Question 47

What is a Cracker?

Answer 47

An individual who causes problems, steals data, and corrupts systems.

Question 48

Define Ransomware.

Answer 48

Malware that keeps you from using your computer or accessing data until certain demands are met.

Question 49

What is a Virus?

Answer 49

A piece of programming code that causes a computer to behave in an unexpected manner.

Question 50

Define a Worm.

Answer 50

A harmful program that resides in the active memory of the computer and duplicates itself.

Question 51

What is a Trojan Horse?

Answer 51

A seemingly harmless program in which malicious code is hidden.

Question 52

Define a Blended Threat.

Answer 52

A sophisticated threat that combines features of a virus, worm, trojan horse, and other malicious code.

Question 53

What are the usual requirements for spamming in legal states?

Answer 53

* Cannot disguise identity * Must include an ad label * Must include a way to deny future mailings.

Question 54

How common is spam?

Answer 54

Spam averaged 57 percent of emails in one week in January, 2015.

Question 55

Define a DDoS Attack.

Answer 55

A malicious hacker takes over computers to flood a target site with demands.

Question 56

What is a Botnet?

Answer 56

A large group of computers controlled by hackers without the owners' knowledge.

Question 57

Define a Rootkit.

Answer 57

A set of programs that enables user to gain administrator-level access without consent.

Question 58

What does APT stand for?

Answer 58

Advanced Persistent Threat.

Question 59

What is Spear Phishing?

Answer 59

A variation of phishing targeting specific organization employees with fraudulent emails.

Question 60

Define Smishing.

Answer 60

A variation of phishing that involves texting.

Question 61

What is the Department of Homeland Security (DHS)?

Answer 61

A federal agency with a budget of almost $65 billion aimed at providing a safer America.

Question 62

What does the Computer Fraud and Abuse Act address?

Answer 62

Fraud and related activities in association with computers.

Question 63

What does the Fraud and Related Activity in Connection with Access Devices Statute cover?

Answer 63

False claims regarding unauthorized use of credit cards.

Question 64

What does the Stored Wire and Electronic Communications and Transactional Records Access Statutes focus on?

Answer 64

Unlawful access to stored communications.

Question 65

What does the USA Patriot Act define?

Answer 65

Cyberterrorism and associated penalties.

Question 66

What are the three components of the CIA triad?

Answer 66

* Confidentiality * Integrity * Availability.

Question 67

Define Risk-Assessment.

Answer 67

The process of assessing security-related risks to an organization’s computers and networks.

Question 68

What does Reasonable Assurance mean?

Answer 68

Managers must ensure that the cost of control does not exceed benefits or risks.

Question 69

What is a Disaster Recovery Plan?

Answer 69

A documented process for recovering an organization’s business information system assets after a disaster.

Question 70

What is a Business Continuity Plan?

Answer 70

Conduct a business impact analysis to identify critical business processes and resources.

Question 71

What does a good security policy do?

Answer 71

Delineates responsibilities and expected behavior of organization members.

Question 72

What should a good security audit do?

Answer 72

Test system safeguards to ensure they are operating as intended.

Question 73

What does the Bank Secrecy Act of 190 require?

Answer 73

Financial institutions to assist U.S. government agencies in detecting and preventing money laundering.

Question 74

What does the Foreign Corrupt Practices Act make illegal?

Answer 74

Certain payments to foreign officials.

Question 75

What does the Gramm-Leach-Bliley Act govern?

Answer 75

Collection, disclosure, and protection of consumers’ personal information.

Question 76

What does the Health Insurance Portability and Accountability Act regulate?

Answer 76

Use and disclosure of an individual’s health information.

Question 77

What does the Payment Card Industry Data Security Standard provide?

Answer 77

Framework for safe handling of cardholder information.

Question 78

What does the Sarbanes-Oxley Act protect against?

Answer 78

Accounting errors and fraudulent practices in enterprises.

Question 79

Give an example of an authentication method.

Answer 79

A user logs into their email account by entering a username and password.

Question 80

How is a next-generation firewall (NGFW) different from a standard firewall?

Answer 80

An NGFW detects and blocks sophisticated attacks by filtering network traffic based on packet contents.

Question 81

Define an Encryption Key.

Answer 81

A special code used to lock or unlock information.

Question 82

What is Triple Layer Security (TLS)?

Answer 82

A communications protocol ensuring privacy between applications and users on the internet.

Question 83

How does an intrusion detection system work?

Answer 83

Monitors system and network resources, notifying security personnel of suspicious activities.

Question 84

What are several components of a good security education for employees?

Answer 84

* Guard passwords * Prohibit others from using passwords * Report unusual activity.

Question 85

What does most antivirus software scan for?

Answer 85

Scans for viruses and specific sequences of bytes known as virus signatures.

Question 86

What are key elements included in a formal incident report after a cyberattack?

Answer 86

* Method used to gain access * Discussion of exploited vulnerabilities * Determination of host compromise.

Question 87

What is a Managed Security Service Provider (MSSP)?

Answer 87

A company that monitors, manages, and maintains security for other organizations.

Question 88

What is the role of a computer forensics team?

Answer 88

Investigate incidents and conduct forensic analysis to ensure network security.