Chapter 8: SECURITY AND ETHICAL CHALLENGES Flashcards

1
Q

As a business professional, you have a responsibility to promote ethical uses of information technology in the workplace. Whether or not you have managerial responsibilities, you should accept the ethical responsibilities that come with your work
activities. That includes properly performing your role as a vital human resource in the business systems you help develop and use in your organization. As a manager or business professional, it will be your responsibility to make decisions about business activities and the use of information technologies that may have an ethical dimension that must be considered.

A

Ethical Responsibility of Business Professionals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

is concerned with the numerous ethical questions that managers must confront as part of their daily business decision making

A

Business ethics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Enumeration:
Ethics questions that managers meet as part of their daily business decision making include:

A
  • Equity
  • Rights
  • Honesty
  • Exercise of corporate power
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Enumeration:
THEORIES OF CORPORATE SOCIAL RESPONSIBILITY

A
  • STOCK HOLDER THEORY
  • SOCIAL CONTRACT THEORY
  • STAKEHOLDER THEORY
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

holds that managers are agents of the stockholders, and their only ethical responsibility is to increase the profits of the business without violating the law or engaging in fraudulent practices.

A

STOCK HOLDER THEORY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

state that companies have ethical responsibilities to all members of society, which allows corporations to exist according to a social contract.

A

SOCIAL CONTRACT THEORY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

that managers have an ethical responsibility to manage a firm for the benefit of all its stakeholders, that is, all individuals and groups that have a stake in, or claim on, a company.

A

STAKEHOLDER THEORY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Enumeration:
Principles of Technology Ethics

A
  • Proportionality of benefits to risk
  • Informed consent to risk
  • Justice in distribution of risk with benefits derived to each sub unit
  • Minimized risk by the selected option
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The good achieved by the technology must outweigh the harm or risk. Moreover, there must be no alternative that achieves the same or comparable benefits with less harm or risk

A

Proportionality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Those affected by the technology should understand and accept the risks.

A

Informed Consent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The benefits and burdens of the technology should be distributed fairly. Those who benefit should bear their fair share of the risks, and those who do not benefit should not suffer a significant increase in risk.

A

Justice

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Even if judged acceptable by the other three guidelines, the technology must be implemented so as to avoid all unnecessary risk.

A

Minimized Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Enumeration:
ETHICAL GUIDELINES

A
  • Acting with integrity
  • Increasing your professional competence
  • Setting high standards of personal performance
  • Accepting responsibility for your work
  • Advancing the health, privacy, and general welfare of the public
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Enumeration:

AITP Standards of Professional Conduct
In recognition of my obligation to my employer I shall:

A
  • Avoid conflicts of interest and ensure that my employer is aware of any potential conflicts.
  • Protect the privacy and confidentiality of all information entrusted to me.
  • Not misrepresent or withhold information that is germane to the situation.
  • Not attempt to use the resources of my employer for personal gain or for any purpose
    without proper approval.
  • Not exploit the weakness of a computer system for personal gain or personal satisfaction.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Enumeration:

AITP Standards of Professional Conduct
In recognition of my obligation to society I shall:

A
  • Use my skill and knowledge to inform the public in all areas of my expertise.
  • To the best of my ability, ensure that the products of my work are used in a socially
    responsible way.
  • Support, respect, and abide by the appropriate local, state, provincial, and federal laws.
  • Never misrepresent or withhold information that is germane to a problem or a situation
    of public concern, nor will I allow any such known information to remain unchallenged.
  • Not use knowledge of a confidential or personal nature in any unauthorized manner to achieve personal gain.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

It is becoming one of the Net’s growth businesses

A

Cyber-crime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

a growing threat to society, is caused by the criminal or irresponsible actions of individuals who are taking advantage of the widespread use and vulnerability of computers and the Internet and other networks. It presents a major challenge to the ethical use of information technologies

A

Computer crime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

also poses serious threats to the integrity, safety, and survival of most business systems and thus makes the development of effective security methods a top priority

A

Computer crime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Enumeration:
Computer crime is defined by the Association of Information Technology Professionals (AITP) as including :

A
  1. the unauthorized use, access, modification, and destruction of hardware, software, data, or network resources;
  2. the unauthorized release of information;
  3. the unauthorized copying of software;
  4. denying an end user access to his or her own hardware, software, data, or network resources; and
  5. using or conspiring to use computer or network resources to obtain information or tangible property illegally.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

This definition was promoted by the AITP in a Model Computer Crime Act and is reflected in many computer crime laws.

A

Computer crime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

in computerese, is the obsessive use of computers or the unauthorized access and use of networked computer systems. Hackers can be outsiders or company employees who use the Internet and other networks to steal or damage data and programs. One of the issues in hacking is what to do about a hacker who commits only electronic breaking and entering, that is, gets access to a computer system and reads some files but neither steals nor damages anything.

A

Hacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

have at their fingertips a dozen dangerous tools, from “scans” that ferret
out weaknesses in Web site software programs to “sniffers” that snatch passwords

A

Cyber-thieves

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A ________ (also called a black hat or darkside hacker) is a malicious or criminal hacker. Usually a ________ is a person who maintains knowledge of the vulnerabilities he or she finds and exploits them for private advantage, not revealing them to either the general public or the manufacturer for correction.

A

cracker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Enumeration:

Common Hacking Tactics

A
  • Denial of Service
  • Scans
  • Sniffer
  • Spoofing
  • Trojan Horse
  • Back Doors
  • Malicious Applets
  • War Dialing
  • Logic Bombs
  • Buffer Overflow
  • Password Crackers
  • Social Engineering
  • Dumpster Diving
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

This is becoming a common networking prank. By hammering a Web site’s equipment
with too many requests for information, an attacker can effectively clog the system,
slowing performance or even crashing the site. This method of overloading computers is sometimes used to cover up an attack.

A

Denial of Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Widespread probes of the Internet to determine types of computers, services, and connections. That way the bad guys can take advantage of weaknesses in a particular make of computer or software program.

A

Scans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Programs that covertly search individual
packets of data as they pass through the Internet, capturing passwords or the entire contents.

A

Sniffer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Faking an e-mail address or Web page to trick users into passing along critical information like passwords or credit card numbers.

A

Spoofing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

A program that, unknown to the user,
contains instructions that exploit a known vulnerability in some software

A

Trojan Horse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

In case the original entry point has been
detected, having a few hidden ways back makes reentry easy—and difficult to detect.

A

Back Doors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Tiny programs, sometimes written in the popular Java computer language, that misuse
your computer’s resources, modify files on the hard disk, send fake e-mail, or steal passwords.

A

Malicious Applets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Programs that automatically dial thousands of telephone numbers in search of a way in through a modem connection.

A

War Dialing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

An instruction in a computer program
that triggers a malicious act.

A

Logic Bombs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

A technique for crashing or gaining control of a computer by sending too much data to the buffer in a computer’s memory.

A

Buffer Overflow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Software that can guess passwords.

A

Password Crackers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

A tactic used to gain access to computer systems by talking unsuspecting company employees out of valuable information such as passwords.

A

Social Engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Sifting through a company’s garbage to find information to help break into their computers. Sometimes the information is used to make a stab at social engineering more credible.

A

Dumpster Diving

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

They can monitor e-mail, Web server access, or file transfers to extract passwords,
steal network files, or plant data that will cause a system to welcome intruders

A

Hackers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

They may also use remote services that allow one computer on a network to execute programs on another computer to gain privileged access within a network.

A

Hackers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

an Internet tool for interactive use of remote computers, can help hackers discover information to plan other attacks

A

Telnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

The term cracker was coined by ______________ to provide an alternative to abusing the existing word hacker for this meaning. This term’s use is limited (as is “black hat”) mostly to some areas of the computer and security field and, even there, is considered controversial.

A

Richard Stallman

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Many computer crimes involve the theft of money. In the majority of cases, they are inside jobs that involve unauthorized network entry and fraudulent alteration of computer databases to cover the tracks of the employees involved.

A

CYBER-THEFT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

In most cases, the scope of such financial losses is much larger than the incidents reported. Companies don’t usually reveal that they have been targets or victims of computer crime.

A

CYBER-THEFT

44
Q

It is the leveraging of an organization’s or government’s computers and
information, particularly via the Internet, to cause physical, real-world harm or severe
disruption of infrastructure.

A

Cyberterrorism

45
Q

The National Conference of State Legislatures (NCSL) puts a much finer point
on the definition of the term:
the use of information technology by terrorist groups and individuals to further their
agenda. This can include use of information technology to organize and execute attacks
against networks, computer systems and telecommunications infrastructures, or for
exchanging information or making threats electronically.

A

Cyberterrorism

46
Q

The unauthorized use of computer systems and networks can be called?

A

time and resource theft

47
Q

Network monitoring software, called _______, is frequently used to monitor network traffic to evaluate network capacity, as well as to reveal evidence of improper
use

A

sniffers

48
Q

Include spamming, harassments, chain letters, solicitations, spoofing, propagations of viruses/worms, and defamatory statements.

A

General E-mail Abuses

49
Q

Sharing of passwords and access into networks without permission.

A

Unauthorized Usage and Access

50
Q

Using illegal or pirated software that costs organizations millions of dollars because of copyright infringements. Copying of Web sites and copyrighted logos.

A

Copyright Infringement/Plagiarism

51
Q

Posting of messages on various non-work–related topics from sex to lawn care advice.

A

Newsgroup Postings

52
Q

Using the Internet to display or transmit trade secrets.

A

Transmission of Confidential Data

53
Q

Accessing sexually explicit sites from workplace as well as the display, distribution, and surfing of these offensive sites.

A

Pornography

54
Q

Hacking of Web sites, ranging from denial of service attacks to accessing organizational databases.

A

Hacking

55
Q

Propagation of software that ties up office bandwidth. Use of programs that allow the transmission of movies, music, and graphical materials.

A

Non-Work–Related Download/Upload

56
Q

Loafing around the Internet, which includes shopping, sending e-cards and personal e-mail, gambling online, chatting, game playing, auctioning, stock trading, and doing other personal activities.

A

Leisure Use of the Internet

57
Q

Using an external ISP to connect to the Internet to avoid detection.

A

Usage of External ISPs

58
Q

Using office resources such as networks and computers to organize and conduct personal business (side jobs).

A

Moonlighting

59
Q

Computer programs are valuable property and thus the subject of theft from computer systems. However, unauthorized copying of software, or_______________ , is also a major form of software theft. ___________ by company employees is widespread, which has resulted in lawsuits by the _______, an industry association of software developers, against major corporations that allowed unauthorized copying of their programs. Unauthorized copying is illegal because software is intellectual property that is protected by copyright law and user licensing agreements.

A
  • software piracy
  • Software Publishers Association
60
Q

which allows you to make copies of software
for others

A

shareware

61
Q

which is not copyrighted

A

public domain software

62
Q

Therefore, many companies sign __________ that legally allow them to make a certain number of copies for use by their employees at a particular location

A

site licenses

63
Q

Software is not the only property that is subject to computer-based piracy. Other _______________occurs in the form of infringements of copyrighted material, such as music, videos, images, articles, books, and other written works, which most courts have deemed illegal.

A

INTELLECTUAL PROPERTY THEFT

64
Q

_________ is the more popular term, but technically, a ______ is a program code that cannot work without being inserted into another program.

A

Virus

65
Q

T or F.

Thus, a computer virus or worm can spread destruction among many users. Although they sometimes display only humorous messages, they more often destroy the contents of memory, hard disks, and other storage devices.

A

True

66
Q

A ________ is a distinct program that can run unaided.

A

worm

67
Q

T or F.

In either case, these programs copy annoying or destructive routines into the networked computer systems of anyone who accesses computers infected with the virus or who uses copies of magnetic disks taken from infected computers.

A

True

68
Q

T or F.

Copies of shareware software downloaded from the Internet can be another
source of viruses.

A

True

69
Q

You should also regularly use ___________that can help diagnose and remove computer viruses from infected files on your hard disk.

A

antivirus programs

70
Q

is software that, while purporting to serve some useful function and often fulfilling that function, also allows Internet advertisers to display advertisements as banners and pop-up ads without the consent of the computer user.
In the extreme, adware can also collect information about the user of its host computer and send it over the Internet to its owner.

A
71
Q

This special class of adware is called ______and is defined as any software that employs users’ Internet connection in the background without their knowledge or explicit permission. __________ programs collect specific information about you, ranging from general demographics like name, address, and Internet surfing habits to credit card, Social Security number, user names, passwords, or other personal information.

A

spyware

72
Q

______________and mistakes in the of personal data are other
controversial threats to privacy. Individuals have been mistakenly arrested and jailed
and people have been denied credit because their physical profiles or personal data
have been used by profiling software to match them incorrectly or improperly with
the wrong individuals.

A
  • Computer profiling
  • computer matching
73
Q

The opposite side of the privacy debate is the right of people to know about matters
others may want to keep private (freedom of information), the right of people to express their opinions about such matters (freedom of speech), and the right of people to
publish those opinions (freedom of the press).

A

Computer Libel and Censorship

74
Q

_____________is the indiscriminate sending of unsolicited e-mail messages ( spam) to many Internet users. ____________ is the favorite tactic of mass mailers of unsolicited advertisements, or junk e-mail. ___________ has also been used by cyber-criminals to spread computer viruses or infiltrate many computer systems.

A

Spamming

75
Q

____________ is the practice of sending extremely critical, derogatory, and often vulgar
e-mail messages ( flame mail) or newsgroup postings to other users on the Internet or
online services. ___________is especially prevalent on some of the Internet’s special-interest newsgroups.

A

Flaming

76
Q

_______– is the term used to describe laws intended to regulate activities over the
Internet or via the use of electronic data communications. ________ encompasses a
wide variety of legal and political issues related to the Internet and other communications technologies, including intellectual property, privacy, freedom of expression, and
jurisdiction.

A

Cyber law

77
Q

The impact of information technologies on employment is a major ethical concern that is directly related to the use of computers to achieve automation of work activities.

A

EMPLOYMENT CHALLENGES

78
Q

One of the most explosive ethical issues concerning workplace privacy and the quality of working conditions in business is computer monitoring. That is, computers are being used to monitor the productivity and behavior of millions of employees while they work.

A

COMPUTER MONITORING

79
Q

Information technology has eliminated monotonous or obnoxious tasks in the office and the factory that formerly had to be performed by people.

A

CHALLENGES IN WORKING CONDITIONS

80
Q

A frequent criticism of information systems centers on their negative effect on the individuality of people.

A

CHALLENGES OF INDIVIDUALITY

81
Q

The use of information technology in the workplace raises a variety of health issues. Heavy use of computers is reportedly causing health problems like job stress, damaged arm and neck muscles, eyestrain, radiation exposure, and even death by computer caused accidents.

A

HEALTH ISSUES

82
Q

Solutions to some of these health problems are based on the science of ergonomics , sometimes called human factors engineering. The goal of ergonomics is to design healthy work environments that are safe, comfortable, and pleasant for people to work in, thus increasing employee morale and productivity.

A

ERGONOMICS

83
Q

We can use information technologies to solve human and social problems through societal solutions such as medical diagnosis, computer-assisted instruction, governmental program planning, environmental quality control, and law enforcement.

A

SOCIETAL SOLUTIONS

84
Q

Information technologies can be used for crime control through various law enforcement applications. For example, computerized alarm systems allow police to identify and respond quickly to evidence of criminal activity.

A

SOCIETAL SOLUTIONS

85
Q

a unique combination of passwords, PINs, and other secure identifying elements used for verifying authenticity and accessing accounts or services.

A

OTHER SECURITY MEASURES

86
Q

are duplicate files of data or programs, are another important security measure.

A

BACKUP FILES

87
Q

System security monitors are programs that monitor the use of computer systems and networks and protect them from unauthorized use, fraud, and destruction. Such programs provide the security measures needed to allow only authorized users to access the networks. For example, identification codes and passwords are frequently used for this purpose.

A

SECURITY MONITORS

88
Q

The goal of __________ is the accuracy, integrity, and safety of all information system processes and resources. Thus, effective security management can minimize errors, fraud, and losses in the information systems that interconnect today’s companies and their customers, suppliers, and other stakeholders

A

security management

89
Q

Enumeration:
Examples of important security measures

A
  • Virtual Private Networks
  • Encryption
  • Access Control
  • Proxy Agents/Systems
  • Firewalls
  • Authentication
  • Network Security Protocols
  • Security Software Tools
  • Intrusion Detection
90
Q

is a fast-growing area of computer security. These are security measures provided by computer devices that measure physical traits that make each individual unique, such as voice verification, fingerprints, hand geometry, signature dynamics, keystroke analysis, retina scanning, face recognition, and genetic pattern analysis.

A

BIOMETRIC SECURITY

91
Q

______________ use special-purpose sensors to measure and digitize a biometric profile of a person’s fingerprints, voice, or other physical trait. The digitized signal is processed and compared to a previously processed profile of the individual stored on magnetic disk. If the profiles match, the individual is allowed entry into a computer network and given access to secure system resources.

A

Biometric control devices

92
Q

________ of data has become an important way to protect data and other computer
network resources, especially on the Internet, intranets, and extranets. Passwords,
messages, files, and other data can be transmitted in scrambled form and unscrambled by computer systems for authorized users only. ________ involves using special mathematical algorithms, or keys, to transform digital data into a scrambled code before they are transmitted, and then to decode the data when they are received. T

A

Encryption

93
Q

Enumeration:
There are several competing software encryption standards

A
  • RSA (by RSA Data Security, software products including Microsoft Windows XP, Novell NetWare, and Lotus Notes offer encryption features using RSA software.
  • PGP (which stands for “pretty good privacy”), a popular encryption program available on the Internet.
94
Q

_________-is a network security device that observes and filters incoming and outgoing network traffic, adhering to the security policies defined by an organization. Essentially, it acts as a protective wall between a private internal network and the public Internet.

A

Firewall

95
Q

A _________attack is a malicious attempt to disrupt the normal functioning of a targeted server, service, or network by overwhelming it with a flood of illegitimate traffic.

A

Denial of Service (DoS)

96
Q

The practice of tracking and analyzing email communications sent and received within an organization.

A

E-MAIL MONITORING

97
Q

also known as antivirus or anti-malware defenses, are measures implemented to protect computer systems, networks, and devices from malicious software (malware) threats, including viruses, worms, Trojans, ransomware, and spyware.

A

VIRUS DEFENSES

98
Q

This feature adds another level of protection to stored data resources. For even stricter security, however, passwords can be scrambled, or encrypted, to avoid their theft or improper use, as we will discuss shortly. In addition, smart cards, which contain microprocessors that generate random numbers to add to an end user’s password, are used in some secure systems.

A

Security Codes

99
Q

Files can also be protected by ___________measures that involve storing copies
of files from previous periods. If current files are destroyed, the files from previous periods can be used to reconstruct new current files.

A

file retention

100
Q

_____________, which are duplicate files of data or programs, are another important security
measure.

A

Backup files

101
Q

______________are programs that monitor the use of computer systems and networks and protect them from unauthorized use, fraud, and destruction

A

System security monitors

102
Q

is a fast-growing area of computer security. These are security measures provided by computer devices that measure physical traits that make each individual unique, such as voice verification, fingerprints, hand geometry, signature dynamics, keystroke analysis, retina scanning, face recognition, and genetic pattern analysis.

A

Biometric security

103
Q

“Sorry, our computer systems are down” is a well-known phrase to many end users. A variety of controls can prevent such computer failure or minimize its effects.

A

Computer Failure Controls

104
Q

Many firms also use ____________computer systems that have redundant processors, peripherals, and software that provide a fail-over capability to back up components in
the event of system failure.

A

fault-tolerant

105
Q

It specifies which employees will participate in disaster recovery and what their duties will be; what hardware, software, and facilities will be used; and the priority of applications that will be processed.

A

Disaster Recovery

106
Q

are methods and devices that attempt to ensure the accuracy, validity, and propriety of information system activities. Information system (IS) controls must be developed to ensure proper data entry, processing techniques, storage methods, and information output

A

Information system controls

107
Q

An ______ can be defined as the presence of documentation that allows a transaction to be traced through all stages of its information processing.

A

audit trail