19: Privacy, Ethics and Security

Question 1

Define privacy

Answer 1

Claim of individuals to be left alone, free from surveillance or interference from other individuals or organisations, or state - in control of your own information

Question 2

Define ethics

Answer 2

Principles of right and wrong that individuals used to make behavioural decisions

Question 3

Defkine security

Answer 3

Policies, procedures and technical measures used to prevent unauthorised access

Question 4

Define controls

Answer 4

methods, policies and organisational procedures that ensure safety of an organisations assets and adherance to standards

Question 5

list 7 key ethocal questions

Answer 5

• who decides what can be collected
• Who owns the collected data
• what are the user rights regarding collection
• who regulates how tje data is managed
• what responsibilities do the organisations have
• what laws are there for updating regulations
• how can individuals or organisations secure their data

Question 6

list 4 tech trends that raise ethical issues

Answer 6

• increases in computing power
• decreases in storage costs
• advances in data analytics
• networking advances
• mobile device growth impact

Question 7

List 2 categories of advancements in data analytics

Answer 7

1. profiling: combining data from multiple sources to create dossiers of detailed information on individuals
2. Non0obvious relationship awareness (NORA) - combining data to find obscure hidden connections to help identify criminals

Question 8

list 3 ways of managing ethics

Answer 8

• rights
• regulation
• responsibilities

Question 9

what is responsibility

Answer 9

accepting costs, duties and obligations for decisions

Question 10

define accountability

Answer 10

Mechanisms for identifying responsible parties

Question 11

define liability

Answer 11

Permits to recover damages done to them

Question 12

define due process

Answer 12

laws are well known and understood

Question 13

list the 2022 2Laudon 5 step process for ethical analysis

Answer 13

1. identify and clearly describe facts
2. define conflict or dillema and identify the higher order values involved
3. identify stakeholders
4. identify the options that can you can reasonably take
5. identify the potential consequences of your options

Question 14

List the 6 candidate ethical principles/rules:

Answer 14

1. golden rule - do to others what you would have them do to you
2. Immanuel Kants categorical imperative: if an action is not right for everyone, it is not right for anyone
3. slippery slope rule: if an action cannot be taken repeatedly it is wrong
4. Utalitarian principle: take the action that achieves the higher or greater value
5. risk aversion principle: take action that produces least harm or potential cost
6. ethical “no free lunch” rule: assure that virtually all tangible and objects are owned by someone unless there is a specific declaration otherwise

Question 15

name and explain the US policy

Answer 15

US federal trade commission fair information practice principles:
- notice/awareness
- choice/consent
- access/participation
- security/enforcement

Question 16

name and explain the EU policy

Answer 16

EU General data protection regulation
- Requires unambiguous explicit customer consent
- countries cant transfer data to other countries
- privacy shield - all countries processing EU data must conform to the policy
- heavy fines

Question 17

list 4 factors that have grown importance of privacy ethics etc

Answer 17

• web 2.0 extended reach of internet beyond business relationships
• more devices per use = more data
• lots more types of data per individual
• laws and regulations playing catch-up

Question 18

List 3 security vulnaribilities of the internet

Answer 18

• Network is open to anyone so abuses have a wide impact
• corporate networks linked to internet are more vulnerable
• email, IM (back door to secure network), and P2P (transmission of malicious software to expose corporate data) Increase vulnarability

Question 19

list 3 types of malicious software

Answer 19

• trojan horse
• SQL injection attacks
• Ransomware
• Spyware

Question 20

list 6 types of computer crime

Answer 20

• System intrusion
• system damage
• cyber vandalism
• identity theft
• spam
• cyberterrorism
• cyberwarfare

Question 21

outline the 5 step organosational FW for security and control:

Answer 21

• IS controls
• Risk assesment
• security policy
• disaster recovery planning and business continuity planning
• auditing

Question 22

explain IS control as part of org FW for security

Answer 22

• general controls: govern design, security and use ; software controls, hardware controls, sata security etc

Question 23

explain risk assesmmnet as part of org FW for security

Answer 23

Outline:
- type of threat
- probability of occurance
- impact/potential losses
- financial impact

Question 24

explain security policy as part of org FW for security

Answer 24

• rank info risk, identify security goals and mechanisms for achieving
• drives other policies
• acceptable use policies
• identity management of valid users and controlling access

Question 25

explain disaster recovery planning and business continuity planning as part of org FW for security

Answer 25

• disaster recovery planning
• continuity planning: restoring ops after
• both plans must identify critical areas`

Question 26

explain audit as part of org FW for security

Answer 26

• IS audit for overall security
• security audits in specific areas - tech, docs…
• rank weaknesses
• assess financial and org impact of each threat

Question 27

list 7 technologies for safeguarding information

Answer 27

• authentications
• firewalls, antimalware software
• secure wireless networks
• encryption and public key infrastructure
• securing transactions
• ensuring system availability
• achieving digital resillience