Chapter 8: SECURITY AND ETHICAL CHALLENGES

Question 1

As a business professional, you have a responsibility to promote ethical uses of information technology in the workplace. Whether or not you have managerial responsibilities, you should accept the ethical responsibilities that come with your work
activities. That includes properly performing your role as a vital human resource in the business systems you help develop and use in your organization. As a manager or business professional, it will be your responsibility to make decisions about business activities and the use of information technologies that may have an ethical dimension that must be considered.

Answer 1

Ethical Responsibility of Business Professionals

Question 2

is concerned with the numerous ethical questions that managers must confront as part of their daily business decision making

Answer 2

Business ethics

Question 3

Enumeration:
Ethics questions that managers meet as part of their daily business decision making include:

Answer 3

• Equity
• Rights
• Honesty
• Exercise of corporate power

Question 4

Enumeration:
THEORIES OF CORPORATE SOCIAL RESPONSIBILITY

Answer 4

• STOCK HOLDER THEORY
• SOCIAL CONTRACT THEORY
• STAKEHOLDER THEORY

Question 5

holds that managers are agents of the stockholders, and their only ethical responsibility is to increase the profits of the business without violating the law or engaging in fraudulent practices.

Answer 5

STOCK HOLDER THEORY

Question 6

state that companies have ethical responsibilities to all members of society, which allows corporations to exist according to a social contract.

Answer 6

SOCIAL CONTRACT THEORY

Question 7

that managers have an ethical responsibility to manage a firm for the benefit of all its stakeholders, that is, all individuals and groups that have a stake in, or claim on, a company.

Answer 7

STAKEHOLDER THEORY

Question 8

Enumeration:
Principles of Technology Ethics

Answer 8

• Proportionality of benefits to risk
• Informed consent to risk
• Justice in distribution of risk with benefits derived to each sub unit
• Minimized risk by the selected option

Question 9

The good achieved by the technology must outweigh the harm or risk. Moreover, there must be no alternative that achieves the same or comparable benefits with less harm or risk

Answer 9

Proportionality

Question 10

Those affected by the technology should understand and accept the risks.

Answer 10

Informed Consent

Question 11

The benefits and burdens of the technology should be distributed fairly. Those who benefit should bear their fair share of the risks, and those who do not benefit should not suffer a significant increase in risk.

Answer 11

Justice

Question 12

Even if judged acceptable by the other three guidelines, the technology must be implemented so as to avoid all unnecessary risk.

Answer 12

Minimized Risk

Question 13

Enumeration:
ETHICAL GUIDELINES

Answer 13

• Acting with integrity
• Increasing your professional competence
• Setting high standards of personal performance
• Accepting responsibility for your work
• Advancing the health, privacy, and general welfare of the public

Question 14

Enumeration:

AITP Standards of Professional Conduct
In recognition of my obligation to my employer I shall:

Answer 14

• Avoid conflicts of interest and ensure that my employer is aware of any potential conflicts.
• Protect the privacy and confidentiality of all information entrusted to me.
• Not misrepresent or withhold information that is germane to the situation.
• Not attempt to use the resources of my employer for personal gain or for any purpose
  without proper approval.
• Not exploit the weakness of a computer system for personal gain or personal satisfaction.

Question 15

Enumeration:

AITP Standards of Professional Conduct
In recognition of my obligation to society I shall:

Answer 15

• Use my skill and knowledge to inform the public in all areas of my expertise.
• To the best of my ability, ensure that the products of my work are used in a socially
  responsible way.
• Support, respect, and abide by the appropriate local, state, provincial, and federal laws.
• Never misrepresent or withhold information that is germane to a problem or a situation
  of public concern, nor will I allow any such known information to remain unchallenged.
• Not use knowledge of a confidential or personal nature in any unauthorized manner to achieve personal gain.

Question 16

It is becoming one of the Net’s growth businesses

Answer 16

Cyber-crime

Question 17

a growing threat to society, is caused by the criminal or irresponsible actions of individuals who are taking advantage of the widespread use and vulnerability of computers and the Internet and other networks. It presents a major challenge to the ethical use of information technologies

Answer 17

Computer crime

Question 18

also poses serious threats to the integrity, safety, and survival of most business systems and thus makes the development of effective security methods a top priority

Answer 18

Computer crime

Question 19

Enumeration:
Computer crime is defined by the Association of Information Technology Professionals (AITP) as including :

Answer 19

1. the unauthorized use, access, modification, and destruction of hardware, software, data, or network resources;
2. the unauthorized release of information;
3. the unauthorized copying of software;
4. denying an end user access to his or her own hardware, software, data, or network resources; and
5. using or conspiring to use computer or network resources to obtain information or tangible property illegally.

Question 20

This definition was promoted by the AITP in a Model Computer Crime Act and is reflected in many computer crime laws.

Answer 20

Computer crime

Question 21

in computerese, is the obsessive use of computers or the unauthorized access and use of networked computer systems. Hackers can be outsiders or company employees who use the Internet and other networks to steal or damage data and programs. One of the issues in hacking is what to do about a hacker who commits only electronic breaking and entering, that is, gets access to a computer system and reads some files but neither steals nor damages anything.

Answer 21

Hacking

Question 22

have at their fingertips a dozen dangerous tools, from “scans” that ferret
out weaknesses in Web site software programs to “sniffers” that snatch passwords

Answer 22

Cyber-thieves

Question 23

A ________ (also called a black hat or darkside hacker) is a malicious or criminal hacker. Usually a ________ is a person who maintains knowledge of the vulnerabilities he or she finds and exploits them for private advantage, not revealing them to either the general public or the manufacturer for correction.

Answer 23

cracker

Question 24

Enumeration:

Common Hacking Tactics

Answer 24

• Denial of Service
• Scans
• Sniffer
• Spoofing
• Trojan Horse
• Back Doors
• Malicious Applets
• War Dialing
• Logic Bombs
• Buffer Overflow
• Password Crackers
• Social Engineering
• Dumpster Diving

Question 25

This is becoming a common networking prank. By hammering a Web site’s equipment
with too many requests for information, an attacker can effectively clog the system,
slowing performance or even crashing the site. This method of overloading computers is sometimes used to cover up an attack.

Answer 25

Denial of Service

Question 26

Widespread probes of the Internet to determine types of computers, services, and connections. That way the bad guys can take advantage of weaknesses in a particular make of computer or software program.

Answer 26

Scans

Question 27

Programs that covertly search individual
packets of data as they pass through the Internet, capturing passwords or the entire contents.

Answer 27

Sniffer

Question 28

Faking an e-mail address or Web page to trick users into passing along critical information like passwords or credit card numbers.

Answer 28

Spoofing

Question 29

A program that, unknown to the user,
contains instructions that exploit a known vulnerability in some software

Answer 29

Trojan Horse

Question 30

In case the original entry point has been
detected, having a few hidden ways back makes reentry easy—and difficult to detect.

Answer 30

Back Doors

Question 31

Tiny programs, sometimes written in the popular Java computer language, that misuse
your computer’s resources, modify files on the hard disk, send fake e-mail, or steal passwords.

Answer 31

Malicious Applets

Question 32

Programs that automatically dial thousands of telephone numbers in search of a way in through a modem connection.

Answer 32

War Dialing

Question 33

An instruction in a computer program
that triggers a malicious act.

Answer 33

Logic Bombs

Question 34

A technique for crashing or gaining control of a computer by sending too much data to the buffer in a computer’s memory.

Answer 34

Buffer Overflow

Question 35

Software that can guess passwords.

Answer 35

Password Crackers

Question 36

A tactic used to gain access to computer systems by talking unsuspecting company employees out of valuable information such as passwords.

Answer 36

Social Engineering

Question 37

Sifting through a company’s garbage to find information to help break into their computers. Sometimes the information is used to make a stab at social engineering more credible.

Answer 37

Dumpster Diving

Question 38

They can monitor e-mail, Web server access, or file transfers to extract passwords,
steal network files, or plant data that will cause a system to welcome intruders

Answer 38

Hackers

Question 39

They may also use remote services that allow one computer on a network to execute programs on another computer to gain privileged access within a network.

Answer 39

Hackers

Question 40

an Internet tool for interactive use of remote computers, can help hackers discover information to plan other attacks

Answer 40

Telnet

Question 41

The term cracker was coined by ______________ to provide an alternative to abusing the existing word hacker for this meaning. This term’s use is limited (as is “black hat”) mostly to some areas of the computer and security field and, even there, is considered controversial.

Answer 41

Richard Stallman

Question 42

Many computer crimes involve the theft of money. In the majority of cases, they are inside jobs that involve unauthorized network entry and fraudulent alteration of computer databases to cover the tracks of the employees involved.

Answer 42

CYBER-THEFT

Question 43

In most cases, the scope of such financial losses is much larger than the incidents reported. Companies don’t usually reveal that they have been targets or victims of computer crime.

Answer 43

CYBER-THEFT

Question 44

It is the leveraging of an organization’s or government’s computers and
information, particularly via the Internet, to cause physical, real-world harm or severe
disruption of infrastructure.

Answer 44

Cyberterrorism

Question 45

The National Conference of State Legislatures (NCSL) puts a much finer point
on the definition of the term:
the use of information technology by terrorist groups and individuals to further their
agenda. This can include use of information technology to organize and execute attacks
against networks, computer systems and telecommunications infrastructures, or for
exchanging information or making threats electronically.

Answer 45

Cyberterrorism

Question 46

The unauthorized use of computer systems and networks can be called?

Answer 46

time and resource theft

Question 47

Network monitoring software, called _______, is frequently used to monitor network traffic to evaluate network capacity, as well as to reveal evidence of improper
use

Answer 47

sniffers

Question 48

Include spamming, harassments, chain letters, solicitations, spoofing, propagations of viruses/worms, and defamatory statements.

Answer 48

General E-mail Abuses

Question 49

Sharing of passwords and access into networks without permission.

Answer 49

Unauthorized Usage and Access

Question 50

Using illegal or pirated software that costs organizations millions of dollars because of copyright infringements. Copying of Web sites and copyrighted logos.

Answer 50

Copyright Infringement/Plagiarism

Question 51

Posting of messages on various non-work–related topics from sex to lawn care advice.

Answer 51

Newsgroup Postings

Question 52

Using the Internet to display or transmit trade secrets.

Answer 52

Transmission of Confidential Data

Question 53

Accessing sexually explicit sites from workplace as well as the display, distribution, and surfing of these offensive sites.

Answer 53

Pornography

Question 54

Hacking of Web sites, ranging from denial of service attacks to accessing organizational databases.

Answer 54

Hacking

Question 55

Propagation of software that ties up office bandwidth. Use of programs that allow the transmission of movies, music, and graphical materials.

Answer 55

Non-Work–Related Download/Upload

Question 56

Loafing around the Internet, which includes shopping, sending e-cards and personal e-mail, gambling online, chatting, game playing, auctioning, stock trading, and doing other personal activities.

Answer 56

Leisure Use of the Internet

Question 57

Using an external ISP to connect to the Internet to avoid detection.

Answer 57

Usage of External ISPs

Question 58

Using office resources such as networks and computers to organize and conduct personal business (side jobs).

Answer 58

Moonlighting

Question 59

Computer programs are valuable property and thus the subject of theft from computer systems. However, unauthorized copying of software, or_______________ , is also a major form of software theft. ___________ by company employees is widespread, which has resulted in lawsuits by the _______, an industry association of software developers, against major corporations that allowed unauthorized copying of their programs. Unauthorized copying is illegal because software is intellectual property that is protected by copyright law and user licensing agreements.

Answer 59

• software piracy
• Software Publishers Association

Question 60

which allows you to make copies of software
for others

Answer 60

shareware

Question 61

which is not copyrighted

Answer 61

public domain software

Question 62

Therefore, many companies sign __________ that legally allow them to make a certain number of copies for use by their employees at a particular location

Answer 62

site licenses

Question 63

Software is not the only property that is subject to computer-based piracy. Other _______________occurs in the form of infringements of copyrighted material, such as music, videos, images, articles, books, and other written works, which most courts have deemed illegal.

Answer 63

INTELLECTUAL PROPERTY THEFT

Question 64

_________ is the more popular term, but technically, a ______ is a program code that cannot work without being inserted into another program.

Answer 64

Virus

Question 65

T or F.

Thus, a computer virus or worm can spread destruction among many users. Although they sometimes display only humorous messages, they more often destroy the contents of memory, hard disks, and other storage devices.

Answer 65

True

Question 66

A ________ is a distinct program that can run unaided.

Answer 66

worm

Question 67

T or F.

In either case, these programs copy annoying or destructive routines into the networked computer systems of anyone who accesses computers infected with the virus or who uses copies of magnetic disks taken from infected computers.

Answer 67

True

Question 68

T or F.

Copies of shareware software downloaded from the Internet can be another
source of viruses.

Answer 68

True

Question 69

You should also regularly use ___________that can help diagnose and remove computer viruses from infected files on your hard disk.

Answer 69

antivirus programs

Question 70

is software that, while purporting to serve some useful function and often fulfilling that function, also allows Internet advertisers to display advertisements as banners and pop-up ads without the consent of the computer user.
In the extreme, adware can also collect information about the user of its host computer and send it over the Internet to its owner.

Question 71

This special class of adware is called ______and is defined as any software that employs users’ Internet connection in the background without their knowledge or explicit permission. __________ programs collect specific information about you, ranging from general demographics like name, address, and Internet surfing habits to credit card, Social Security number, user names, passwords, or other personal information.

Answer 71

spyware

Question 72

______________and mistakes in the of personal data are other
controversial threats to privacy. Individuals have been mistakenly arrested and jailed
and people have been denied credit because their physical profiles or personal data
have been used by profiling software to match them incorrectly or improperly with
the wrong individuals.

Answer 72

• Computer profiling
• computer matching

Question 73

The opposite side of the privacy debate is the right of people to know about matters
others may want to keep private (freedom of information), the right of people to express their opinions about such matters (freedom of speech), and the right of people to
publish those opinions (freedom of the press).

Answer 73

Computer Libel and Censorship

Question 74

_____________is the indiscriminate sending of unsolicited e-mail messages ( spam) to many Internet users. ____________ is the favorite tactic of mass mailers of unsolicited advertisements, or junk e-mail. ___________ has also been used by cyber-criminals to spread computer viruses or infiltrate many computer systems.

Answer 74

Spamming

Question 75

____________ is the practice of sending extremely critical, derogatory, and often vulgar
e-mail messages ( flame mail) or newsgroup postings to other users on the Internet or
online services. ___________is especially prevalent on some of the Internet’s special-interest newsgroups.

Answer 75

Flaming

Question 76

_______– is the term used to describe laws intended to regulate activities over the
Internet or via the use of electronic data communications. ________ encompasses a
wide variety of legal and political issues related to the Internet and other communications technologies, including intellectual property, privacy, freedom of expression, and
jurisdiction.

Answer 76

Cyber law

Question 77

The impact of information technologies on employment is a major ethical concern that is directly related to the use of computers to achieve automation of work activities.

Answer 77

EMPLOYMENT CHALLENGES

Question 78

One of the most explosive ethical issues concerning workplace privacy and the quality of working conditions in business is computer monitoring. That is, computers are being used to monitor the productivity and behavior of millions of employees while they work.

Answer 78

COMPUTER MONITORING

Question 79

Information technology has eliminated monotonous or obnoxious tasks in the office and the factory that formerly had to be performed by people.

Answer 79

CHALLENGES IN WORKING CONDITIONS

Question 80

A frequent criticism of information systems centers on their negative effect on the individuality of people.

Answer 80

CHALLENGES OF INDIVIDUALITY

Question 81

The use of information technology in the workplace raises a variety of health issues. Heavy use of computers is reportedly causing health problems like job stress, damaged arm and neck muscles, eyestrain, radiation exposure, and even death by computer caused accidents.

Answer 81

HEALTH ISSUES

Question 82

Solutions to some of these health problems are based on the science of ergonomics , sometimes called human factors engineering. The goal of ergonomics is to design healthy work environments that are safe, comfortable, and pleasant for people to work in, thus increasing employee morale and productivity.

Answer 82

ERGONOMICS

Question 83

We can use information technologies to solve human and social problems through societal solutions such as medical diagnosis, computer-assisted instruction, governmental program planning, environmental quality control, and law enforcement.

Answer 83

SOCIETAL SOLUTIONS

Question 84

Information technologies can be used for crime control through various law enforcement applications. For example, computerized alarm systems allow police to identify and respond quickly to evidence of criminal activity.

Answer 84

SOCIETAL SOLUTIONS

Question 85

a unique combination of passwords, PINs, and other secure identifying elements used for verifying authenticity and accessing accounts or services.

Answer 85

OTHER SECURITY MEASURES

Question 86

are duplicate files of data or programs, are another important security measure.

Answer 86

BACKUP FILES

Question 87

System security monitors are programs that monitor the use of computer systems and networks and protect them from unauthorized use, fraud, and destruction. Such programs provide the security measures needed to allow only authorized users to access the networks. For example, identification codes and passwords are frequently used for this purpose.

Answer 87

SECURITY MONITORS

Question 88

The goal of __________ is the accuracy, integrity, and safety of all information system processes and resources. Thus, effective security management can minimize errors, fraud, and losses in the information systems that interconnect today’s companies and their customers, suppliers, and other stakeholders

Answer 88

security management

Question 89

Enumeration:
Examples of important security measures

Answer 89

• Virtual Private Networks
• Encryption
• Access Control
• Proxy Agents/Systems
• Firewalls
• Authentication
• Network Security Protocols
• Security Software Tools
• Intrusion Detection

Question 90

is a fast-growing area of computer security. These are security measures provided by computer devices that measure physical traits that make each individual unique, such as voice verification, fingerprints, hand geometry, signature dynamics, keystroke analysis, retina scanning, face recognition, and genetic pattern analysis.

Answer 90

BIOMETRIC SECURITY

Question 91

______________ use special-purpose sensors to measure and digitize a biometric profile of a person’s fingerprints, voice, or other physical trait. The digitized signal is processed and compared to a previously processed profile of the individual stored on magnetic disk. If the profiles match, the individual is allowed entry into a computer network and given access to secure system resources.

Answer 91

Biometric control devices

Question 92

________ of data has become an important way to protect data and other computer
network resources, especially on the Internet, intranets, and extranets. Passwords,
messages, files, and other data can be transmitted in scrambled form and unscrambled by computer systems for authorized users only. ________ involves using special mathematical algorithms, or keys, to transform digital data into a scrambled code before they are transmitted, and then to decode the data when they are received. T

Answer 92

Encryption

Question 93

Enumeration:
There are several competing software encryption standards

Answer 93

• RSA (by RSA Data Security, software products including Microsoft Windows XP, Novell NetWare, and Lotus Notes offer encryption features using RSA software.
• PGP (which stands for “pretty good privacy”), a popular encryption program available on the Internet.

Question 94

_________-is a network security device that observes and filters incoming and outgoing network traffic, adhering to the security policies defined by an organization. Essentially, it acts as a protective wall between a private internal network and the public Internet.

Answer 94

Firewall

Question 95

A _________attack is a malicious attempt to disrupt the normal functioning of a targeted server, service, or network by overwhelming it with a flood of illegitimate traffic.

Answer 95

Denial of Service (DoS)

Question 96

The practice of tracking and analyzing email communications sent and received within an organization.

Answer 96

E-MAIL MONITORING

Question 97

also known as antivirus or anti-malware defenses, are measures implemented to protect computer systems, networks, and devices from malicious software (malware) threats, including viruses, worms, Trojans, ransomware, and spyware.

Answer 97

VIRUS DEFENSES

Question 98

This feature adds another level of protection to stored data resources. For even stricter security, however, passwords can be scrambled, or encrypted, to avoid their theft or improper use, as we will discuss shortly. In addition, smart cards, which contain microprocessors that generate random numbers to add to an end user’s password, are used in some secure systems.

Answer 98

Security Codes

Question 99

Files can also be protected by ___________measures that involve storing copies
of files from previous periods. If current files are destroyed, the files from previous periods can be used to reconstruct new current files.

Answer 99

file retention

Question 100

_____________, which are duplicate files of data or programs, are another important security
measure.

Answer 100

Backup files

Question 101

______________are programs that monitor the use of computer systems and networks and protect them from unauthorized use, fraud, and destruction

Answer 101

System security monitors

Question 102

is a fast-growing area of computer security. These are security measures provided by computer devices that measure physical traits that make each individual unique, such as voice verification, fingerprints, hand geometry, signature dynamics, keystroke analysis, retina scanning, face recognition, and genetic pattern analysis.

Answer 102

Biometric security

Question 103

“Sorry, our computer systems are down” is a well-known phrase to many end users. A variety of controls can prevent such computer failure or minimize its effects.

Answer 103

Computer Failure Controls

Question 104

Many firms also use ____________computer systems that have redundant processors, peripherals, and software that provide a fail-over capability to back up components in
the event of system failure.

Answer 104

fault-tolerant

Question 105

It specifies which employees will participate in disaster recovery and what their duties will be; what hardware, software, and facilities will be used; and the priority of applications that will be processed.

Answer 105

Disaster Recovery

Question 106

are methods and devices that attempt to ensure the accuracy, validity, and propriety of information system activities. Information system (IS) controls must be developed to ensure proper data entry, processing techniques, storage methods, and information output

Answer 106

Information system controls

Question 107

An ______ can be defined as the presence of documentation that allows a transaction to be traced through all stages of its information processing.

Answer 107

audit trail