ethics in tech general Flashcards

Question 1

Q

Black hat hacker

Answer

A

Someone who violates computer or Internet security maliciously or for illegal personal gain (in contrast to a white hat hacker who is someone who has been hired by an organization to test the security of its information systems)

Question 2

Q

Cracker

Answer

A

An individual who causes problems, steals data, and corrupts systems

Question 3

Q

Malicious insider

Answer

A

An employee or contractor who attempts to gain financially and/or disrupt a company’s information systems and business operations

Question 4

Q

Industrial spy

Answer

A

An individual who captures trade secrets and attempts to gain an unfair competitive advantage

Question 5

Q

Cybercriminal

Answer

A

Someone who attacks a computer system or network for financial gain

Question 6

Q

Hacktivist

Answer

A

An individual who hacks computers or websites in an attempt to promote a political ideology

Question 7

Q

Cyberterrorist

Answer

A

Someone who attempts to destroy the infrastructure components of governments, financial institutions, and other corporations, utilities, and emergency response units

Question 8

Q

Why are computer incidents so prevalent?

Answer

A

bring your own device (BYOD) policies

a growing reliance on software with known vulnerabilities

and the increasing sophistication of those who would do harm have caused a dramatic increase in the number, variety, and severity of security incidents

Question 9

Q

zero-day exploit

Answer

A

a cyberattack that takes place before the security community and/or software developers become aware of and fix a security vulnerability.

Question 10

Q

deontology

Answer

A

emphasizes moral obligation and describes principles that govern action,
the Ethics of Logical Consistency and Duty,

Question 11

Q

virtue ethics

Answer

A

focus on human character as the centre of moral activity

Question 12

Q

communitarianism

Answer

A

centers on the interdependence we have for all of life and people

Question 13

Q

utilitarianism

Answer

A

greatest benefit for the greatest number of people, happy consequences

Question 14

Q

“finding the mean” in virtue ethics

Answer

A

acting virtuously requires a balance between excess and deficiency.

Question 15

Q

utility in utilitarianism

Answer

A

utility is the greatest happiness principle, hard to determine what consequences should be considered

Question 16

Q

ransomware

Answer

A

malware that stops you from using your computer or accessing your data until you meet certain demands, such as paying a ransom or sending photos to the attacker.

Question 17

Q

virus

Answer

A

a piece of programming code, usually disguised as something else, that causes a computer to behave in an unexpected and usually undesirable manner.

Question 18

Q

worm

Answer

A

Unlike a computer virus, which requires users to spread infected files to other users, a worm is a harmful program that resides in the active memory of the computer and duplicates itself. Worms differ from viruses in that they can propagate without human intervention, often sending copies of themselves to other computers by email. A worm is capable of replicating itself on your computer so that it can potentially send out thousands of copies of itself to everyone in your email address book.

Question 19

Q

trojan horse

Answer

A

a seemingly harmless program in which malicious code is hidden. A victim on the receiving end of a Trojan horse is usually tricked into opening it because it appears to be useful software from a legitimate source,

Question 20

Q

blended threat

Answer

A

a sophisticated threat that combines the features of a virus, worm, Trojan horse, and other malicious code into a single payload.

Question 21

Q

How to spam legally?

Answer

A

spammers cannot disguise their identity by using a false return address, the email must include a label specifying that it is an ad or a solicitation, and the email must include a way for recipients to indicate that they do not want future mass mailings.

Question 22

Q

DDos Attack

Answer

A

a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks. A DDoS attack does not involve infiltration of the targeted system. Instead, it keeps the target so busy responding to a stream of automated requests that legitimate users cannot get in—the Internet equivalent of dialing a telephone number repeatedly so that all other callers hear a busy signal.

Question 23

Q

root kit

Answer

A

a set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge.

Question 24

Q

APT or advanced persistent threat

Answer

A

a network attack in which an intruder gains access to a network and stays there—undetected—with the intention of stealing data over a long period of time (weeks or even months). Attackers in an APT must continuously rewrite code and employ sophisticated evasion techniques to avoid discovery.

Question 25

Q

spear phishing

Answer

A

a variation of phishing in which the phisher sends fraudulent emails to a certain organization’s employees

Question 26

Q

Department of Homeland Security

Answer

A

a large federal agency with a budget of $65 billion whose goal is to provide for a “safer, more secure America which is resilient against terrorism and other threats.”

Question 27

Q

Computer Fraud and Abuse Act (U.S. Code Title 18, Section 1030)

Answer

A

Addresses fraud and related activities in association with computers, including the following:

Accessing a computer without authorization or exceeding authorized access

Transmitting a program, code, or command that causes harm to a computer

Trafficking of computer passwords

Threatening to cause damage to a protected computer

Question 28

Q

Fraud and Related Activity in Connection with Access Devices Statute

Answer

A

Covers false claims regarding unauthorized use of credit cards

Question 29

Q

Stored Wire and Electronic Communications and Transactional Records Access Statutes

Answer

A

Focuses on unlawful access to stored communications to obtain, alter ot prevent unauthorized access to electronic communication while it is in electronic storage.

Question 30

Q

USA Patriot Act

Answer

A

defines cyber-terrorism and associated penalties

Question 31

Q

CIA Triad

Answer

A

confidentiality- only those with proper authority can access sensitive data
integrity- data can only be changed by authorized individuals
availability- data can be accessed where and when its needed

Question 32

Q

Layered security solution

Answer

A

The key to prevention of a computer security incident is to implement a layered security solution to make computer break-ins so difficult that an attacker eventually gives up or is detected before much harm is inflicted. In a layered solution, if an attacker breaks through one layer of security, another layer must then be overcome.
Organization, Network, Application and End User

Question 33

Q

risk assessment

Answer

A

the process of assessing security-related risks to an organization’s computers and networks from both internal and external threats. Such threats can prevent an organization from meeting its key business objectives

Question 34

Q

reasonable assurance

Answer

A

managers must use their judgment to ensure that the cost of control does not exceed the system’s benefits or the risks involved.

Question 35

Q

disaster recovery plan

Answer

A

a documented process for recovering an organization’s business information system assets—including hardware, software, data, networks, and facilities—in the event of a disaster.

Question 36

Q

business continuity plan

Answer

A

an organization should conduct a business impact analysis to identify critical business processes and the resources that support them. The recovery time for an information system resource should match the recovery time objective for the most critical business processes that depend on that resource. Some business processes are more pivotal to continued operations and goal attainment than others. These processes are called mission-critical process

Question 37

Q

What does a good security policy do?

Answer

A

delineates responsibility and the behaviour expected of members of the organization

Question 38

Q

What does a security audit do?

Answer

A

evaluates whether an organization has a well-considered security policy in place and if it is being followed.

Question 39

Q

Bank Secrecy Act of 190

Answer

A

Requires financial institutions in the United States to assist U.S. government agencies in detecting and preventing money laundering

Question 40

Q

Federal Information Security Management Act (44 U.S.C. § 3541, et seq.)

Answer

A

Requires each federal agency to provide information security for the data and information systems that support the agency’s operations and assets, including those provided or managed by another agency, contractor, or other source

Question 41

Q

Foreign Corrupt Practices Act (15 U.S.C. § 78dd-1, et seq.)

Answer

A

Makes certain payments to foreign officials and other foreign persons illegal and requires companies to maintain accurate records

Question 42

Q

Gramm-Leach-Bliley Act (Public Law 106-102)

Answer

A

Governs the collection, disclosure, and protection of consumers’ nonpublic personal information or personally identifiable information

Question 43

Q

Health Insurance Portability and Accountability Act (Public Law 104–191)

Answer

A

Regulates the use and disclosure of an individual’s health information

Question 44

Q

Payment Card Industry Data Security Standard (PCI DSS)

Answer

A

Provides a framework of specifications, tools, measurements, and support resources to help organizations ensure the safe handling of cardholder information

Question 45

Q

Sarbanes-Oxley Act (Public Law 107–204 116 Stat. 745)

Answer

A

Protects shareholders and the general public from accounting errors and fraudulent practices in the enterprise

Question 46

Q

NGFW vs standard firewall

Answer

A

Protects shareholders and the general public from accounting errors and fraudulent practices in the enterprise

Question 47

Q

encryption key

Answer

A

a value that is applied (using an algorithm) to a set of unencrypted text (plaintext) to produce encrypted text that appears as a series of seemingly random characters (ciphertext) that is unreadable by those without the encryption key needed to decipher it.

Question 48

Q

transport layer security (TLS)

Answer

A

a communication protocol or system of rules that ensures privacy between client and server

Question 49

Q

intrusion detection system (IDS)

Answer

A

software and/or hardware that monitors system and network resources and activities and notifies network security personnel when it detects network traffic that attempts to circumvent the security measures of a networked computer environment (see Figure 3-7). Such activities usually signal an attempt to breach the integrity of the system or to limit the availability of network resources.

Question 50

Q

Antivirus software scans for a specific sequence of bytes, known as a __________________ , that indicates the presence of a specific virus.

Answer

A

virus signature

Question 51

Q

what must be done before eradication of a cyber attack?

Answer

A

incident containment, and collection and log of all possible criminal evidence of the attack

Question 52

Q

What is a MSSP?

Answer

A

a managed security service provider (MSSP) , which is a company that monitors, manages, and maintains computer and network security for other organizations. MSSPs include such companies as AT&T, Computer Sciences Corporation, Dell SecureWorks, IBM, Symantec, and Verizon. MSSPs provide a valuable service for IT departments drowning in reams of alerts and false alarms coming from VPNs; antivirus, firewall, and IDSs; and other security-monitoring systems. In addition, some MSSPs provide vulnerability scanning and web blocking and filtering capabilities.

Question 53

Q

right of privacy

Answer

A

“the right to be left alone—the most comprehensive of rights, and the right most valued by a free people.”*

Question 54

Q

Fair Credit Reporting Act

Answer

A

regulates the operations of credit reporting bureaus, including how they collect, store, and use credit information. The act, enforced by the U.S. Federal Trade Commission,

Question 55

Q

Right to Financial Privacy Act (1978)

Answer

A

protects the records of financial institution customers from unauthorized scrutiny by the federal government

Question 56

Q

Gramm-Leach-Bliley Act (1999)

Answer

A

was a bank deregulation law that repealed a Depression-era law known as Glass-Steagall, included three key rules that affect personal privacy, financial privacy, safeguards, and pretexting rules

Question 57

Q

Fair and Accurate Credit Transactions Act (2003)

Answer

A

allows consumers to request and obtain a free credit report once each year from each of the three primary consumer credit reporting companies

Question 58

Q

Health Insurance Portability and Accountability Act (1996)

Answer

A

designed to improve the portability and continuity of health insurance coverage; to reduce fraud, waste, and abuse in health insurance and healthcare delivery; and to simplify the administration of health insurance.

Question 59

Q

The American Recovery and Reinvestment Act (2009)

Answer

A

a wide-ranging act passed in 2009 that authorized $787 billion in spending and tax cuts over a 10-year period. Title XIII, Subtitle D, of this act (known as the Health Information Technology for Economic and Clinical Health Act, or HITECH) included strong privacy provisions for electronic health records (EHRs), including banning the sale of health information, promoting the use of audit trails and encryption, and providing rights of access for patients. It also mandated that each individual whose health information has been exposed be notified within 60 days after discovery of a data breach.

Question 60

Q

Family Educational Rights and Privacy Act (1974)

Answer

A

a federal law that assigns certain rights to parents regarding their children’s educational records. These rights transfer to the student once the student reaches the age of 18, or earlier, if he or she attends a school beyond the high school level. These rights include:

the right to access educational records maintained by a school;

the right to demand that educational records be disclosed only with student consent;

the right to amend educational records; and

the right to file complaints against a school for disclosing educational records in violation of FERPA.

Question 61

Q

Children’s Online Privacy Protection Act (1998)

Answer

A

any website that caters to children must offer comprehensive privacy policies, notify parents or guardians about its data collection practices, and receive parental consent before collecting any personal information from children under 13 years of age. COPPA was implemented in 1998 in an attempt to give parents control over the collection, use, and disclosure of their children’s personal information; it does not cover the dissemination of information to children.

Question 62

Q

Title III of the Omnibus Crime Control and Safe Streets Act (1968; Amended 1986)

Answer

A

also known as the Wiretap Act , regulates the interception of wire (telephone) and oral communications. It allows state and federal law enforcement officials to use wiretapping and electronic eavesdropping, but only under strict limitations. Under this act, a warrant must be obtained from a judge to conduct a wiretap.

Question 63

Q

The Foreign Intelligence Surveillance Act (1978)

Answer

A

describes procedures for the electronic surveillance and collection of foreign intelligence information in communications between foreign powers and the agents of foreign powers. foreign intelligence is information relating to the capabilities, intentions, or activities of foreign governments or agents of foreign governments or foreign organizations.

Question 64

Q

Executive Order 12333 (1981)

Answer

A

Executive Order 12333, which was issued by President Reagan in 1981 and has been amended several times, identifies the various U.S. governmental intelligence-gathering agencies (see Table 4-2) and defines what information can be collected, retained, and disseminated by these agencies. Under Executive Order 12333, intelligence-gathering agencies are allowed to collect information—including message content—obtained in the course of a lawful foreign intelligence, counterintelligence, international drug, or international terrorism investigation, as well as incidentally obtained information that may indicate involvement in activities that may violate federal, state, local, or foreign laws. This tangential collection of U.S. citizen data—even when those citizens are not specifically targeted—is forbidden under FISA. Thus, there is an unresolved conflict between Executive Order 12333 and FISA.

Answer 65

A

The Electronic Communications Privacy Act (ECPA) (18 U.S.C. § 2510-22) deals with three main issues:

(1)

the protection of communications while in transfer from sender to receiver;
(2)

the protection of communications held in electronic storage; and
(3)

the prohibition of devices from recording dialing, routing, addressing, and signaling information without a search warrant.

Answer 66

A

was passed by Congress in 1994 and amended both the Wiretap Act and ECPA. CALEA was a hotly debated law because it required the telecommunications industry to build tools into its products that federal investigators could use—after obtaining a court order—to eavesdrop on conversations and intercept electronic communications. Such a court order can only be obtained if it is shown that a crime is being committed, that communications about the crime will be intercepted, and that the equipment being tapped is being used by the suspect in connection with the crime.

Answer 67

A

as passed just five weeks after the terrorist attacks of September 11, 2001. It gave sweeping new powers to both domestic law enforcement and U.S. international intelligence agencies, including increasing the ability of law enforcement agencies to search telephone, email, medical, financial, and other records. It also eased restrictions on foreign intelligence gathering in the United States.

Answer 68

A

In 2004, Congress amended the FISA to authorize intelligence gathering on individuals not affiliated with any known terrorist organization (so-called lone wolves), with a sunset date to correspond with certain key provisions of the USA PATRIOT Act.

Answer 69

A

granting NSA expanded authority to collect, without court-approved warrants, international communications as they flow through U.S. telecommunications network equipment and facilities. The targets of the warrantless eavesdropping had to be “reasonably believed” to be outside the United States; warrants were still required to monitor wholly domestic communications

Answer 70

A

The USA Freedom Act was passed following startling revelations by Edward Snowden (a former government contractor who copied and leaked classified information from the NSA in 2013 without authorization) of secret NSA surveillance programs. Here is a partial list of those revelations:*
, *

U.S. phone companies had been providing the NSA with all of their customers records, not just metadata (when each call was made and to what number).

The NSA had been spying on over 120 world leaders, including German chancellor Angela Merkel, a U.S. ally.

The NSA has developed a variety of tools to circumvent widely used Internet data encryption methods.

An NSA team of expert hackers called the Tailored Access Operations hack into computers worldwide to infect them with malware.

The FISA Court reprimanded the NSA for frequently providing misleading information about its surveillance practices.

The USA Freedom Act terminated the bulk collection of telephone metadata by the NSA. Instead, telecommunications providers are now required to hold the data and respond to NSA queries on the data.

Answer 71

A

The OECD’s fair information practices, established in 1980, are often held up as the model for ethical treatment of consumer data. These guidelines are composed of the eight principles summarized in Table 4-3. The OECD guidelines were nonbinding and as a result data privacy laws still vary widely across its member countries.

Answer 72

A

requires any company doing business within the borders of the countries comprising the European Union (EU) to implement a set of privacy directives on the fair and appropriate use of information

Answer 73

A

designed to strengthen data protection for individuals within the EU by addressing the export of personal data outside the EU, enabling citizens to see and correct their personal data, and ensure data protection consistency across the EU.

Answer 74

A

The Freedom of Information Act (FOIA) grants citizens the right to access certain information and records of federal, state, and local governments upon request. FOIA is a powerful tool that enables journalists and the public to acquire information that the government is reluctant to release.

Answer 75

A

The Privacy Act establishes a code of fair information practices that sets rules for the collection, maintenance, use, and dissemination of personal data that is kept in systems of records by federal agencies. It also prohibits U.S. government agencies from concealing the existence of any personal data record-keeping system.

Answer 76

A

makes identity theft a federal crime, with penalties of up to 15 years of imprisonment and a maximum fine of $250,000.

Answer 77

A

is defined as using the Internet for purposes unrelated to work such as posting to Facebook, sending personal emails or Instant messages, or shopping online. It is estimated that cyberloafing costs U.S. business as much as $85 billion a year. Some surveys reveal that the least productive workers cyberloaf more than 60 percent of their time at work.*

Answer 78

A

oral defamatory statement

Answer 79

A

written defamatory statement

Answer 80

A

Its primary purpose was to allow free competition among phone, cable, and TV companies. The act was broken into seven major sections or titles. Title V of the Telecommunications Act was the Communications Decency Act (CDA) , aimed at protecting children from pornography. The CDA imposed $250,000 fines and prison terms of up to two years for the transmission of “indecent” material over the Internet.

Answer 81

A

COPA states that “whoever knowingly and with knowledge of the character of the material, in interstate or foreign commerce by means of the World Wide Web, makes any communication for commercial purposes that is available to any minor and that includes any material that is harmful to minors shall be fined not more than $50,000, imprisoned not more than 6 months, or both.”

Answer 82

A

The ruling made it clear that COPA was unconstitutional and could not be used to shelter children from online pornography.

Answer 83

A

A strategic lawsuit against public participation (SLAPP) is employed by corporations, government officials, and others against citizens and community groups who oppose them on matters of public interest.

Answer 84

A

involves doing research on the Internet to obtain someone’s private personal information—such as home address, email address, phone numbers, and place of employment—and even private electronic documents, such as photographs, and then posting that information online without permission.

Answer 85

A

which uses a computer program to strip the originating header and/or IP number from the message. It then forwards the message to its intended recipient—an individual, a chat room, or a newsgroup—with either no IP address or a fake one, ensuring that the header information cannot be used to identify the author

Answer 86

A

a lawsuit filed against an anonymous entity

Answer 87

A

persistent and malicious harassment aimed at a specific person

Answer 88

A

works of the mind—such as art, books, films, formulas, inventions, music, and processes—that are distinct and owned or created by a single person or group. It is protected through copyright, patent, and trade secret laws

Answer 89

A

the exclusive right to distribute, display, perform, or reproduce an original work in copies or to prepare derivative works based on the work. Copyright protection is granted to the creators of “original works of authorship in any tangible medium of expression, now known or later developed, from which they can be perceived, reproduced, or otherwise communicated, either directly or with the aid of a machine or device.

Answer 90

A

endures for life of the author plus 70 years

Answer 91

A

The purpose and character of the use (such as commercial use or nonprofit, educational purposes)

The nature of the copyrighted work

The portion of the copyrighted work used in relation to the work as a whole

The effect of the use on the value of the copyrighted work

Answer 92

A

“first-inventor-to-file”

Answer 93

A

abstract ideas, laws of nature, and natural phenomena.

Answer 94

A

issued for the invention of a new and useful process, machine, manufacture, or composition of matter, or a new and useful improvement thereof, it generally permits its owner to exclude others from making, using, or selling the invention for a period of up to twenty years from the date of patent application filing, subject to the payment of maintenance fees

Answer 95

A

issued for a new, original, and ornamental design embodied in or applied to an article of manufacture

Answer 96

A

the existing body of knowledge available to a person of ordinary skill in the art

Answer 97

A

There are no time limitations on the protection of trade secrets, as there are with patents and copyrights.

There is no need to file an application, make disclosures to any person or agency, or disclose a trade secret to outsiders to gain protection. (After the USPTO issues a patent, competitors can obtain a detailed description of it.) Hence, no filing or application fees are required to protect a trade secret.

Although patents can be ruled invalid by the courts, meaning that the affected inventions no longer have patent protection, this risk does not exist for trade secrets.

Answer 98

A

The UTSA defines a trade secret as “information, including a formula, pattern, compilation, program, device, method, technique, or process, that:

Derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by, persons who can obtain economic value from its disclosure or use, and

Is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.”

Answer 99

A

imposes penalties of up to $10 million and 15 years in prison for the theft of trade secrets.

Answer 100

A

amended the EEA to create a federal civil remedy for trade secret misappropriation.

Answer 101

A

departing employees cannot take copies of computer programs or reveal the details of software owned by the firm.

Answer 102

A

the process of taking something apart in order to understand it

Answer 103

A

unethical bc they do not actually own the right to the software, good bc coders can make next gen tools more easily

Answer 104

A

Competitive intelligence analysts must avoid unethical or illegal actions, such as lying, misrepresentation, theft, bribery, or eavesdropping with illegal devices. Table 6-4 provides a manager’s checklist for running an ethical competitive intelligence operation.

Answer 105

A

a logo, package design, phrase, sound, or word that enables a consumer to differentiate one company’s products from another’s. Consumers often cannot examine goods or services to determine their quality or source, so instead they rely on the labels attached to the products.

Answer 106

A

defendant must show three things:

that the plaintiff’s product or service cannot be readily identifiable without using the plaintiff’s mark,

that it uses only as much of the plaintiff’s mark as necessary to identify the defendant’s product or service, and

that the defendant does nothing with the plaintiff’s mark that suggests endorsement or sponsorship by the plaintiff.

Answer 107

A

registered domain names for famous trademarks or company names to which they had no connection, with the hope that the trademark’s owner would eventually buy the domain name for a large sum of money.

Answer 108

A

focuses on defining, measuring, and refining the quality of the development process and the products developed during its various stages. These products—including statements of requirements, flowcharts, and user documentation—are known as a deliverable . The objective of quality management is to help developers deliver high-quality systems that meet the needs of their users

Answer 109

A

business information system

Answer 110

A

decision support system, which is used to improve decision making in a variety of industries. A DSS can be used to develop accurate forecasts of customer demand, recommend stocks and bonds for an investment portfolio, or schedule shift workers in such a way as to minimize cost while meeting customer service goals.

Answer 111

A

The liability of manufacturers, sellers, lessors, and others for injuries caused by defective products is commonly referred to as product liability

Answer 112

A

means that the defendant is held responsible for injuring another person, regardless of negligence or intent. The plaintiff must prove only that the software product is defective or unreasonably dangerous and that the defect caused the injury. There is no requirement to prove that the manufacturer was careless or negligent, or to prove who caused the defect.

Answer 113

A

a sequential, multistage system development process in which development of the next stage of the system cannot begin until the results of the current stage are approved or modified as necessary. This approach is referred to as a waterfall process because progress is seen as flowing steadily downward (like a waterfall) through the various stages of the development.

Answer 114

A

a system is developed in iterations (often called sprints) lasting from one to four weeks

Answer 115

A

viewing the software unit as a device that has expected input and output behaviors but whose internal workings are unknown (a black box)

Answer 116

A

treats the software unit as a device that has expected input and output behaviors but whose internal workings, unlike the unit in black-box testing, are known.

Answer 117

A

This is a software-testing technique in which software is tested without actually executing the code. It consists of two steps—review and static analysis.

Answer 118

A

this involves testing individual components of code (subroutines, modules, and programs) to verify that each unit performs as intended. Unit testing is accomplished by developing test data that ideally force the code to execute all of its various functions and user features. As testers find problems, they modify the code to work correctly.

Answer 119

A

After successful unit testing, the software units are combined into an integrated subsystem that undergoes rigorous testing to ensure that the linkages among the various subsystems work successfully.

Answer 120

A

—After successful integration testing, the various subsystems are combined to test the entire system as a complete entity.

Answer 121

A

—Trained end users conduct independent user acceptance testing to ensure that the system operates as they expect.

Answer 122

A

Process is ad hoc and chaotic; organization tends to overcommit and processes are often abandoned during times of crisis.

Answer 123

A

Projects employ processes and skilled people; status of work products is visible to management at defined points.

Answer 124

A

Processes are well defined and understood and are described in standards, procedures, tools, and methods; processes are consistent across the organization.

Answer 125

A

Quantitative objectives for quality and process performance are established and are used as criteria in managing projects; specific measures of process performance are collected and statistically analyzed.

Answer 126

A

Organization continually improves its processes; changes are based on a quantitative understanding of its business objectives and performance needs.

Answer 127

A

one whose failure may cause human injury or death.

Answer 128

A

has explicit responsibility for the system’s safety

Answer 129

A

is the estimated loss from this risk over the course of a year.

Answer 130

A

the process of identifying, monitoring, and limiting risks to a level that an organization is willing to accept

Answer 131

A

acceptance- cost of avoidance is worse than cost of risk so it is accepted

avoidance- choose to eliminate the risk

mitigation- reduce likelihood of risk

redundancy- provision of multiple interchangeable components to perform a single function

transference- insurance, transfer the risk

Answer 132

A

reliability, safety

Answer 133

A

serves as a guide to quality products, services, and management. ISO 9001 provides a set of standardized requirements for a quality management system. In 2015, more than 1.5 million ISO 9001 certificates were issued to organizations around the world

Answer 134

A

an important technique used to develop ISO 9000–compliant quality systems by both evaluating reliability and determining the effects of system and equipment failures.

Answer 135

A

incentivize physicians and hospitals to implement such systems. Under this act, increased Medicaid and Medicare reimbursements are made to doctors and hospitals that demonstrate “meaningful use” of EHR technology.

Answer 136

A

involves computer programs that can learn some task and improve their performance with experience.

Answer 137

A

a branch of engineering that involves the development and manufacture of mechanical or computer devices that can perform tasks that require a high degree of precision or that are tedious or hazardous for human beings, such as painting cars or making precision welds.

Answer 138

A

an aspect of artificial intelligence that involves technology that allows computers to understand, analyze, manipulate, and/or generate “natural” languages, such as English

Answer 139

A

a model, a parameter, and a learner

Answer 140

A

the process of sharing patient-level electronic health information between different organizations.

Answer 141

A

a process and a set of tools designed to enhance healthcare-related decision making through the use of clinical knowledge and patient-specific information to improve healthcare delivery.

Answer 142

A

enables physicians to place orders (for drugs, laboratory tests, radiology, physical therapy) electronically, with the orders transmitted directly to the recipient.

Answer 143

A

employs electronic information processing and telecommunications to support at-a-distance health care, provide professional and patient health-related training, and support healthcare administration.

Answer 144

A

store and forward telemedicine
live telemedicine
remote monitoring

Answer 145

A

The Sex Offender Registration and Notification Provisions (SORNA) of the Adam Walsh Child Protection and Safety Act of 2006 improved on the Wetterling Act by setting national standards that govern which sex offenders must register and what data must be captured

Answer 146

A

private employers+

Answer 147

A

in which we do not choose a sample randomly and hence our estimates of a population are inaccurate.

Answer 148

A

the practice of offering services such as home loans or insurance on a selective basis, making them unavailable to the residents of neighborhoods that are predominantly poor or are ethnic minorities

Answer 149

A

Cowgill et al. found no evidence that minority or low-implicit-bias workers generate better, less biased predictions. Conversely, better data leads to better predictions, and as Cowgill et al. found in their study, so does a simple intervention that reminds workers, “As you write your algorithm, please be mindful that your training data set may originate in a biased social system. Adjusting your algorithm to account for discrimination in hiring, self-sorting of applicants, or other sources of such bias could improve your accuracy on the test set. You will be evaluated only on the accuracy of your predictions on the test set.” Cowgill et al. found that this warning serves as a reminder about the main point of the first part of this chapter: that data is not value-neutral and that we must carefully reflect on what the data is, where it comes from, and why it was collected, before we leverage that data (or decide not to) in the design and development of new systems.

Answer 150

A

a cover-up or facade to hide unethical behavior

Answer 151

A

heuristic or shortcut that one may use to make decisions, possibly irrationally.

These can be both positive (e.g., the optimism bias may incline you to believe that things will work out) or negative (e.g., the base rate bias that leads us to focus on salient, specific instances instead of more general trends

Answer 152

A

Deontological ethics focuses on the adherence to moral rules or duties. In IT ethics, a deontologist would evaluate actions based on whether they comply with established ethical principles, regardless of the outcomes

Answer 153

A

Consequentialism, particularly utilitarianism, evaluates actions based on their outcomes or consequences. In IT ethics, a consequentialist would consider the overall impact of an action on all stakeholders to determine its ethicality

Answer 154

A

Virtue ethics emphasizes the character and virtues of the moral agent rather than specific actions. In IT ethics, a virtue ethicist would focus on cultivating moral virtues like honesty, integrity, and fairness within IT professionals.

Answer 155

A

Ethical relativism suggests that moral standards are culturally or individually based and that no one moral framework is universally applicable. In IT ethics, a relativist might argue that ethical practices can vary depending on cultural, social, or organizational norms

Brainscape's Knowledge GenomeTM

ethics in tech general Flashcards

Brainscape's Knowledge Genome^TM