Ethics in technology D333 Flashcards
acceptable use policy (AUP)
A document that stipulates restrictions and practices that a user must agree in order to use organizational computing and network resources.
acceptance
When an organization decides to accept a risk because the cost of avoiding the risk outweighs the potential loss of the risk. A decision to accept a risk can be extremely difficult and controversial when dealing with safety-critical systems because making that determination involves forming personal judgments about the value of human life, assessing potential liability in case of an accident, evaluating the potential impact on the surrounding natural environment, and estimating the system’s costs and benefits.
advanced persistent threat (APT)
A network attack in which an intruder gains access to a network and stays there—undetected—with the intention of stealing data over a long period of time (weeks or even months).
agile development
A software development methodology in which a system is developed in iterations lasting from one to four weeks. Unlike the waterfall system development model, agile development accepts the fact that system requirements are evolving and cannot be fully understood or defined at the start of the project.
Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS)
An agreement of the World Trade Organization that requires member governments to ensure that intellectual property rights can be enforced under their laws and that penalties for infringement are tough enough to deter further violations.
American Recovery and Reinvestment Act
A wide-ranging act that authorized $787 billion in spending and tax cuts over a 10-year period and included strong privacy provisions for electronic health records, such as banning the sale of health information, promoting the use of audit trails and encryption, and providing rights of access for patients.
annualized loss expectancy (ALE)
The estimated loss from a potential risk event over the course of a year. The following equation is used to calculate the annual loss expectancy: ARO × SLE = ALE. Where ARO is the annualized rate of occurrence, an estimate of the probability that this event will occur over the course of a year and SLE is the single loss expectancy, the estimated loss that would be incurred if the event happens.
annualized rate of occurrence (ARO)
An estimate of the probability that a risk event will occur over the course of a year.
anonymous expression
The expression of opinions by people who do not reveal their identity.
anonymous remailer service
A service that allows anonymity on the Internet by using a computer program that strips the originating header and/or IP address from the message and then forwards the message to its intended recipient.
anti-SLAPP laws
Laws designed to reduce frivolous SLAPPs (strategic lawsuit against public participation (SLAPP), which is a lawsuit filed by corporations, government officials, and others against citizens and community groups who oppose them on matters of concern).
antivirus software
Software that scans for a specific sequence of bytes, known as a virus signature, that indicates the presence of a specific virus.
artificial intelligence systems
The people, procedures, hardware, software, data, and knowledge needed to develop computer systems and machines that can simulate human intelligence processes, including learning (the acquisition of information and rules for using the information), reasoning (using rules to reach conclusions), and self-correction (using the outcome from one scenario to improve its performance on future scenarios).
audit committee
A group that provides assistance to the board of directors in fulfilling its responsibilities with respect to the oversight of the quality and integrity of the organization’s accounting and reporting practices and controls, including financial statements and reports; the organization’s compliance with legal and regulatory requirements; the qualifications, independence, and performance of the company’s independent auditor; and the performance of the company’s internal audit team.
avoidance
The elimination of a vulnerability that gives rise to a particular risk in order to avoid the risk altogether. This is the most effective solution but often not possible due to organizational requirements and factors beyond an organization’s control.
Bathsheba syndrome
The moral corruption of people in power, which is often facilitated by a tendency for people to look the other way when their leaders act inappropriately.
best practice
A method or technique that has consistently shown results superior to those achieved with other means and that is used as a benchmark within a particular industry.
Bill of Rights
The first 10 amendments to the United States Constitution that spell out additional rights of individuals.
black-box testing
A type of dynamic testing that involves viewing the software unit as a device that has expected input and output behaviors but whose internal workings are unknown (a black box).
blended threat
A sophisticated threat that combines the features of a virus, worm, Trojan horse, and other malicious code into a single payload.
body of knowledge
An agreed-upon sets of skills and abilities that all licensed professionals must possess.
botnet
A large group of computers, which are controlled from one or more remote locations by hackers, without the knowledge or consent of their owners.
breach of contract
The failure of one party to meet the terms of a contract.
breach of the duty of care
The failure to act as a reasonable person would act.
breach of warranty
When a product fails to meet the terms of its warranty.
bribery
The act of providing money, property, or favors to someone in business or government in order to obtain a business advantage.
bring your own device (BYOD)
A business policy that permits, and in some cases, encourages employees to use their own mobile devices (smartphones, tablets, or laptops) to access company computing resources and applications, including email, corporate databases, the corporate intranet, and the Internet.
BSA | The Software Alliance
A trade group that represent the world’s largest software and hardware manufacturers.
business continuity plan
A risk-based strategy that includes an occupant emergency evacuation plan, a continuity of operations plan, and an incident management plan with an active governance process to minimize the potential impact of any security incident and to ensure business continuity in the event of a cyberattack or some form of disaster.
business information system
A set of interrelated components—including hardware, software, databases, networks, people, and procedures—that collects and processes data and disseminates the output.
Capability Maturity Model Integration (CMMI) models
Collection of best practices that help organizations improve their processes.
CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart)
Software that generates and grades tests that humans can pass and all but the most sophisticated computer programs cannot.
certification
Indicates that a professional possesses a particular set of skills, knowledge, or abilities, in the opinion of the certifying organization. Certification can also apply to products (e.g., the Wi-Fi CERTIFIED logo assures that the product has met rigorous interoperability testing to ensure that it will work with other Wi-Fi-certified products) and is generally voluntary.
Child Online Protection Act (COPA)
An act signed into law in 1998 with the aim of prohibiting the making of harmful material available to minors via the Internet; the law was ultimately ruled largely unconstitutional.
Children’s Internet Protection Act (CIPA)
An act passed in 2000; it required federally financed schools and libraries to use some form of technological protection (such as an Internet filter) to block computer access to obscene material, pornography, and anything else considered harmful to minors.
Children’s Online Privacy Protection Act (COPPA)
An act implemented in 1998 in an attempt to give parents control over the collection, use, and disclosure of their children’s personal information.
CIA security triad
Refers to confidentiality, integrity, and availability.
clinical decision support (CDS)
A process and a set of tools designed to enhance healthcare-related decision making through the use of clinical knowledge and patientspecific information to improve healthcare delivery.
CMMI-Development (CMMI-DEV)
A specific application of CMMI frequently used to assess and improve software development practices.
code of ethics
A statement that highlights an organization’s key ethical issues and identifies the overarching values and principles that are important to the organization and its decision making.
coemployment relationship
A employment situation in which two employers have actual or potential legal rights and duties with respect to the same employee or group of employees.
Communications Assistance for Law Enforcement Act (CALEA)
An act passed in 1994 that amended the Wiretap Act and Electronic Communications Privacy Act, which required the telecommunications industry to build tools into its products that federal investigators could use—after obtaining a court order—to eavesdrop on conversations and intercept electronic communications.
Communications Decency Act (CDA)
Title V of the Telecommunications Act, it aimed at protecting children from pornography, including imposing $250,000 fines and prison terms of up to two years for the transmission of “indecent” material over the Internet.
compliance
To be in accordance with established policies, guidelines, specifications, or legislation.
computer forensics
A discipline that combines elements of law and computer science to identify, collect, examine, and preserve data from computer systems, networks, and storage devices in a manner that preserves the integrity of the data gathered so that it is admissible as evidence in a court of law.
computerized provider order entry (CPOE) system
A system that enables physicians to place orders (for drugs, laboratory tests, radiology, physical therapy) electronically, with the orders transmitted directly to the recipient.
conflict of interest
A conflict between a person’s (or firm’s) self-interest and the interests of a client.
contingent work
A job situation in which an individual does not have an explicit or implicit contract for long-term employment.
contributory negligence
When the plaintiffs’ own actions contributed to their injuries.
Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM)
A law that specifies that it is legal to spam, provided the messages meet a few basic requirements—spammers cannot disguise their identity by using a false return address, the email must include a label specifying that it is an ad or a solicitation, and the email must include a way for recipients to indicate that they do not want future mass mailings.
cookie
Text files that can be downloaded to the hard drives of users who visit a website, so that the website is able to identify visitors on subsequent visits.
copyright
The exclusive right to distribute, display, perform, or reproduce an original work in copies or to prepare derivative works based on the work; granted to creators of original works of authorship.
copyright infringement
A violation of the rights secured by the owner of a copyright; occurs when someone copies a substantial and material part of another’s copyrighted work without permission.
corporate compliance officer
AKA corporate ethics officer. A senior-level manager who provides an organization with vision and leadership in the area of business conduct.
corporate ethics officer
A senior-level manager who provides an organization with vision and leadership in the area of business conduct.
corporate social responsibility (CSR)
The concept that an organization should act ethically by taking responsibility for the impact of its actions on its shareholders, consumers, employees, community, environment, and suppliers.
cost per click (CPC)
One of the two common methods of charging for paid media, where ads are paid for only when someone actually clicks on them.
cost per thousand impressions (CPM)
One of the two common methods of charging for paid media, where ads are billed at a flat rate per 1,000 impressions, which is a measure of the number of times an ad is displayed—whether it was actually clicked on or not.
cyber abuse
Any form of mistreatment or lack of care, both physical and mental, based on the use of an electronic communications device that causes harm and distress to others.
cyberespionage
The deployment of malware that secretly steals data in the computer systems of organizations, such as government agencies, military contractors, political organizations, and manufacturing firms.
cyberharassment
A form of cyberabuse in which the abusive behavior, which involves the use of an electronic communications device, is degrading, humiliating, hurtful, insulting, intimidating, malicious, or otherwise offensive to an individual or group of individuals causing substantial emotional distress.
cyberloafing
Using the Internet for purposes unrelated to work such as posting to Facebook, sending personal emails or Instant messages, or shopping online.
cybersquatter
A person or company that registers domain names for famous trademarks or company names to which they have no connection, with the hope that the trademark’s owner will buy the domain name for a large sum of money.
cyberstalking
Threatening behavior or unwanted advances directed at an adult using the Internet or other forms of online and electronic communications; the adult version of cyberbullying.
decision support system (DSS)
A type of business information system used to improve decision making in a variety of industries.
cyberterrorism
The intimidation of government or civilian population by using information technology to disable critical national infrastructure (e.g., energy, transportation, financial, law enforcement, and emergency response) to achieve political, religious, or ideological goals.
defamation
Making either an oral or a written statement of alleged fact that is false and that harms another person.
Defend Trade Secrets Act of 2016
An act passed in 2016 that amended the Economic Espionage Act to create a federal civil remedy for trade secret misappropriation.
deliverable
Products created during various stages of the development process, including statements of requirements, flowcharts, and user documentation.
Department of Homeland Security (DHS)
A large federal agency with more than 240,000 employees and a budget of almost $65 billion whose goal is to provide for a “safer, more secure America, which is resilient against terrorism and other potential threats.”
design patent
A type of patent that permits its owner to exclude others from making, using, or selling the design in question.
Digital Millennium Copyright Act (DMCA)
Signed into law in 1998, the act addresses a number of copyright-related issues, with Title II of the act providing limitations on the liability of an Internet service provider for copyright infringement.
disaster recovery plan
A documented process for recovering an organization’s business information system assets—including hardware, software, data, networks, and facilities—in the event of a disaster.
distributed denial-of-service (DDoS) attack
An attack in which a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks.
Doxing
Doing research on the Internet to obtain someone’s private personal information—such as home address, email address, phone numbers, and place of employment—and even private electronic documents, such as photographs, and then posting that information online without permission.
duty of care
The obligation to protect people against any unreasonable harm or risk.
dynamic testing
A QA process that tests the code for a completed unit of software by actually entering test data and comparing the results to the expected results.
earned media
Media exposure an organization gets through press and social media mentions, positive online ratings, reviews, tweets and retweets, reposts (or “shares”), recommendations, and so on.
Economic Espionage Act (EEA) of 1996
An act passed in 1996 to help law enforcement agencies pursue economic espionage. It imposes penalties of up to $10 million and 15 years in prison for the theft of trade secrets.
Electronic Communications Privacy Act (ECPA)
An act that deals with the protection of three main issues: (1) the protection of communications while in transfer from sender to receiver; (2) the protection of communications held in electronic storage; and (3) the prohibition of devices from recording dialing, routing, addressing, and signaling information without a search warrant.
electronic discovery (e-discovery)
The collection, preparation, review, and production of electronically stored information for use in criminal and civil actions and proceedings.
electronic health record (EHR)
A comprehensive view of the patient’s complete medical history designed to be shared with authorized providers and staff from more than one organization.
electronic medical record (EMR)
A collection of health-related information on an individual that is created, managed, and consulted by authorized clinicians and staff within a single healthcare organization.
Electronic Product Environmental Assessment Tool (EPEAT)
A system that enables purchasers to evaluate, compare, and select electronic products based on a total of 51 environmental criteria.
electronically stored information (ESI)
Any form of digital information, including emails, drawings, graphs, web pages, photographs, word-processing files, sound recordings, and databases stored on any form of magnetic storage device, including hard drives, CDs, and flash drives.
employee leasing
A business arrangement in which an organization (called the subscribing firm) transfers all or part of its workforce to another firm (called the leasing firm), which handles all human resource-related activities and costs, such as payroll, training, and the administration of employee benefits. The subscribing firm leases these workers to an organization, but they remain employees of the leasing firm.
encryption
The process of scrambling messages or data in such a way that only authorized parties can read it.
encryption key
A value that is applied (using an algorithm) to a set of unencrypted text (plaintext) to produce encrypted text that appears as a series of seemingly random characters (ciphertext) that is unreadable by those without the encryption key needed to decipher it.
ethics
A code of behavior that is defined by the group to which an individual belongs.
European Union Data Protection Directive
A directive that requires any company doing business within the borders of the countries comprising the European Union (EU) to implement a set of privacy directives on the fair and appropriate use of information.
exploit
An attack on an information system that takes advantage of a particular system vulnerability.
failure mode
A description of how a product or process could fail to perform the desired functions described by the customer.
failure mode and effects analysis (FMEA)
An important technique used to develop ISO 9000-compliant quality systems by both evaluating reliability and determining the effects of system and equipment failures.
Fair and Accurate Credit Transactions Act
An amendment to the Fair Credit Reporting Act passed in 2003 that allows consumers to request and obtain a free credit report once each year from each of the three primary consumer credit reporting companies (Equifax, Experian, and TransUnion).
Fair Credit Reporting Act
An act that regulates the operations of credit-reporting bureaus, including how they collect, store, and use credit information.
fair information practices
A term for a set of guidelines that govern the collection and use of personal data.
fair use doctrine
A legal doctrine that allows portions of copyrighted materials to be used without permission under certain circumstances. Title 17, section 107, of the U.S. Code established the following four factors that courts should consider when deciding whether a particular use of copyrighted property is fair and can be allowed without penalty: (1) the purpose and character of the use (such as commercial use or nonprofit, educational purposes), (2) the nature of the copyrighted work, (3) the portion of the copyrighted work used in relation to the work as a whole, and (4) the effect of the use on the value of the copyrighted work.
False Claims Act
A law enacted during the U.S. Civil War to combat fraud by companies that sold supplies to the Union Army; also known as the Lincoln Law. See also qui tam.
Family Educational Rights and Privacy Act (FERPA)
A federal law that assigns certain rights to parents regarding their children’s educational records.
firewall
Hardware or software (or a combination of both) that serves as the first line of defense between an organization’s network and the Internet; a firewall also limits access to the company’s network based on the organization’s Internet-usage policy.
First Amendment
The first amendment in the U.S. Constitution that protects Americans’ rights to freedom of religion, freedom of expression, and freedom to assemble peaceably.
Foreign Corrupt Practices Act (FCPA)
An act that makes it a crime to bribe a foreign official, a foreign political party official, or a candidate for foreign political office.
foreign intelligence
Information relating to the capabilities, intentions, or activities of foreign governments or agents of foreign governments or foreign organizations.
Foreign Intelligence Surveillance Act (FISA)
Describes procedures for the electronic surveillance and collection of foreign intelligence information in communication between foreign powers and the agents of foreign powers.
Foreign Intelligence Surveillance Act (FISA) Court
Created by the FISA, this court meets in secret to hear applications for orders approving electronic surveillance anywhere within the United States.
Foreign Intelligence Surveillance Amendments Act of 2008
An act that granted NSA expanded authority to collect, without courtapproved warrants, international communications as they flow through U.S. telecommunications network equipment and facilities.
Fourth Amendment
An amendment to the United States Constitution that protects citizens from unreasonable government searches and is often invoked to protect the privacy of government employees.
fraud
The crime of obtaining goods, services, or property through deception or trickery.
Freedom of Information Act (FOIA)
A law that grants citizens the right to access certain information and records of federal, state, and local governments upon request.
gig economy
A work environment in which temporary positions are common and organizations contract with independent workers for short-term engagements.
government license
A government-issued permission to engage in an activity or to operate a business.
Gramm-Leach-Bliley Act (GLBA)
A bank deregulation law that repealed a Depression-era law known as Glass-Steagall and requires companies that offer consumers financial products or services like loans, financial or investment advice, or insurance—to explain their information-sharing practices to their customers and to safeguard sensitive data.
green computing
Efforts directed toward the efficient design, manufacture, operation, and disposal of IT-related products, including personal computers, laptops, servers, printers, and printer supplies.
H-1B visa
a
A temporary work visa granted by the U.S. Citizenship and Immigration Services (USGIS) for people who work in specialty occupations—jobs that require a four-year bachelor’s degree in a specific field, or equivalent experience.
hate speech
Persistent or malicious harassment aimed at a specific person that can be prosecuted under the law.
hazard log
A logging and monitoring system used by safety engineers to track hazards from a project’s start to its finish.
health information exchange (HIE)
The process of sharing patient-level electronic health information between different organizations.
Health Information Technology for Economic and Clinical Health Act (HITECH)
A program to incentivize physicians and hospitals to implement such systems. Under this act, increased Medicaid and Medicare reimbursements are made to doctors and hospitals that demonstrate “meaningful use” of electronic health record (EHR) technology.
Health Insurance Portability and Accountability Act (HIPAA)
An act designed to improve the portability and continuity of health insurance coverage; to reduce fraud, waste, and abuse in health insurance and healthcare delivery; and to simplify the administration of health insurance.
high-quality software system
Systems that are easy to learn and use because they perform quickly and efficiently; they meet their users’ needs; and they operate safely and reliably so that system downtime is kept to a minimum.
identity theft
The theft of personal information, which is then used without the owner’s permission.
independent contractor
An individual who provides services to another individual or organization according to terms defined in a written contract or within a verbal agreement.
industrial espionage
The use of illegal means to obtain business information not available to the general public.
information privacy
The combination of communications privacy and data privacy.
information security (infosec) group
A group within an organization managing the processes, tools, and policies necessary to prevent, detect, document, and counter threats to digital and nondigital information, whether it is in transit, being processed, or at rest in storage.
integration testing
Software testing done after successful unit testing, where the software units are combined into an integrated subsystem that undergoes rigorous testing to ensure that the linkages among the various subsystems work successfully.
integrity
Adherence to a personal code of principles.
intellectual property
Works of the mind—such as art, books, films, formulas, inventions, music, and processes—that are distinct and owned or created by a single person or group. Intellectual property is protected through copyright, patent, trade secret, and trademark laws.
internal control
The process established by an organization’s board of directors, managers, and IT systems people to provide reasonable assurance for the effectiveness and efficiency of operations, the reliability of financial reporting, and compliance with applicable laws and regulations.
Internet censorship
The control or suppression of the publishing or accessing of information on the Internet.
Internet filter
Software that can be used to block access to certain websites that contain material deemed inappropriate or offensive.
intrusion detection system (IDS)
Software and/or hardware that monitors system and network resources and activities and notifies network security personnel when it detects network traffic that attempts to circumvent the security measures of a networked computer environment.
ISAE No. 3402
Developed to provide an international assurance standard for allowing public accountants to issue a report for use by user organizations and their auditors (user auditors) on the controls at a service organization that are likely to impact or be a part of the user organization’s system of internal control over financial reporting. The international counterpart to SSAE No. 16. See also SSAE No. 16 audit report.
ISO 9001 family of standards
A set of standards written to serve as a guide to quality products, services, and management. It provides a set of standardized requirements for a quality management system.
IT user
A person who uses a hardware or software product; the term distinguishes end users from the IT workers who develop, install, service, and support the product. IT users need the product to deliver organizational benefits or to increase their productivity.
John Doe lawsuit
A type of lawsuit that organizations may file in order to gain subpoena power in an effort to learn the identity of anonymous Internet users who they believe have caused some form of harm to the organization through their postings.
labor productivity
A measure of economic performance that compares the amount of goods and services produced (output) with the number of labor hours used in producing those goods and services.
law
A system of rules that tells us what we can and cannot do.
Leahy-Smith America Invents Act
An act that changed the U.S. patent system so that the first person to file with the U.S. Patent and Trademark Office will receive the patent, not necessarily the person who actually invented the item first.
libel
A written defamatory statement.
litigation hold notice
Instructions sent by organizations to inform its employees (or employees of the opposing party) to save relevant data and to suspend data that might be due to be destroyed based on normal data-retention rules.
live telemedicine
A form of telemedicine in which patients and healthcare providers are present at different sites at the same time; often involves a videoconference link between the two sites.
logic bomb
A type of Trojan horse malware that executes when it is triggered by a specific event or at a predetermined time.
machine learning
A type of artificial intelligence (AI), involves computer programs that can learn some task and improve their performance with experience
managed security service provider (MSSP)
A company that monitors, manages, and maintains computer and network security for other organizations.
material breach of contract
The failure of one party to perform certain expressed or implied obligations, which impairs or destroys the essence of the contract.
misrepresentation
The misstatement or incomplete statement of a material fact.
mission-critical process
Business processes that are more pivotal to continued operations and goal attainment than others.
mitigation
The reduction in either the likelihood or the impact of the occurrence of a risk.
morals
The personal principles upon which an individual bases his or her decisions about what is right and what is wrong.
National Security Letter (NSL)
Compels holders of your personal records to turn them over to the government; an NSL is not subject to judicial review or oversight.
natural language processing
An aspect of artificial intelligence that involves technology that allows computers to understand, analyze, manipulate, and/or generate “natural” languages, such as English.
negligence
Not doing something that a reasonable person would do or doing something that a reasonable person would not do.
next-generation firewall (NGFW)
A hardware- or software-based network security system that is able to detect and block sophisticated attacks by filtering network traffic dependent on the packet contents.
noncompete agreement
Terms of an employment contract that prohibit an employee from working for any competitors for a specified period of time, often one to two years.
nondisclosure clauses
Terms of an employment contract that prohibit an employee from revealing secrets.
NSL gag provision
Prohibits National Security Letter (NSL) recipients from informing anyone, even the person who is the subject of the NSL request, that the government has secretly requested his or her records.
N-version programming
An approach to minimizing the impact of software errors by independently implementing the same set of user requirements N times (where N could be 2, 3, 4 or more); the N-versions of software are run in parallel; and, if a difference is found, a “voting algorithm” is executed to determine which result to use.
offshore outsourcing
A form of outsourcing in which services are provided by an organization whose employees are in a foreign country.
open source code
Any program whose source code is made available for use or modification, as users or other developers see fit.
opt in
To give an organization the right to share personal data, such as annual earnings, net worth, employers, personal investment information, loan amounts, and Social Security numbers, to other organizations.
opt out
To refuse to give an organization the right to collect and share personal data with unaffiliated parties.
organic media marketing
A form of marketing that employs tools provided by or tailored for a particular social media platform to build a social community and interact with it by sharing posts and responding to customer comments on the organization’s blog and social media accounts.
outsourcing
A long-term business arrangement in which a company contracts for services with an outside organization that has expertise in providing a specific function.
paid media marketing
A form of marketing that involves paying a third party to broadcast an organization’s display ads or sponsored messages to social media users.
patent
A grant of a property right issued by the U.S. Patent and Trademark Office to an inventor; permits its owner to exclude the public from making, using, or selling a protected invention, and allows for legal action against violators.
patent infringement
A violation of the rights secured by the owner of a patent; occurs when someone makes unauthorized use of another’s patent.
PATRIOT Sunsets Extension Act of 2011
An act that granted a four-year extension of two key provisions in the USA PATRIOT Act that allowed roving wiretaps and searches of business records.
pen register
A device that records electronic impulses to identify the numbers dialed for outgoing calls.
personal health record (PHR)
Information from the electronic health record (EHR) that are routinely shared with the patient—such as personal identifiers, contact information, health provider information, problem list, medication history, allergies, immunizations, and lab and test results.
phishing
The act of fraudulently using email to try to get the recipient to reveal personal data.
plagiarism
The act of stealing someone’s ideas or words and passing them off as one’sown.
policy
The guidelines and standards by which the organization must abide.
prior art
The existing body of knowledge that is available to a person of ordinary skill in the art.
predictive coding
A process that couples human guidance with computer-driven concept searching in order to “train” document review software to recognize relevant documents within a large collection of documents.
Prioritizing Resources and Organization for Intellectual Property (PRO-IP) Act of 2008
An act that created the position of Intellectual Property Enforcement Coordinator within the Executive Office of the President. It also increased trademark and copyright enforcement and substantially increased penalties for infringement.
Privacy Act
Establishes a code of fair information practices that sets rules for the collection, maintenance, use, and dissemination of personal data that is kept in systems of records by federal agencies.
problem statement
A clear, concise description of the issue that needs to be addressed.
procedure
Defines the exact instructions for completing each task in a process.
process
A collection of tasks designed to accomplish a stated objective.
product liability
The liability of manufacturers, sellers, lessors, and others for injuries caused by defective products.
professional code of ethics
The principles and core values that are essential to the work of a particular occupational group.
professional employer organization (PEO)
A business entity that coemploys the employees of its clients and typically assumes responsibility for all human resource management functions.
professional malpractice
Breach of the duty of care by a professional.
quality assurance (QA)
Methods within the development process that are designed to guarantee reliable operation of a product.
quality management
The defining, measuring, and refining of the quality of the development process and the products developed during its various stages. The objective of quality management is to help developers deliver high-quality systems that meet the needs of their users.
qui tam
A provision of the False Claims Act that allows a private citizen to file a suit in the name of the U.S. government, charging fraud by government contractors and other entities who receive or use government funds. See also False Claim Act.
ransomware
Malware that stops you from using your computer or accessing your data until you meet certain demands, such as paying a ransom or sending photos to the attacker.
reasonable assurance
A concept in computer security that recognizes that managers must use their judgment to ensure that the cost of control does not exceed the system’s benefits or the risks involved.
reasonable person standard
A legal standard that defines how an objective, careful, and conscientious person would have acted in the same circumstances.
reasonable professional standard
A legal standard that defendants who have particular expertise or competence are measured against.
redundancy
The provision of multiple interchangeable components to perform a single function in order to cope with failures and errors.
reliability
A measure of the rate of failure in a system that would render it unusable over its expected lifetime.
remote monitoring
Also called home monitoring, it is the regular, ongoing, accurate measurement of an individual’s vital signs (temperature, blood pressure, heart rate, and breathing rate) and other health measures (e.g., glucose levels for a diabetic) and the transmission of this data to a healthcare provider.
résumé inflation
Falsely claiming competence in a skill, usually because that skill is in high demand.
reverse engineering
The process of taking something apart in order to understand it, build a copy of it, or improve it.
right of privacy
” the right to be left alone—the most comprehensive of rights, and the right most valued by a free people.”
Right to Financial Privacy Act
An act that protects the records of financial institution customers from unauthorized scrutiny by the federal government.
risk assessment
The process of assessing security-related risks to an organization’s computers and networks from both internal and external threats.
risk
The potential of gaining or losing something of value. Risk can be quantified by three elements: a risk event, the probability of the event happening, and the impact (positive or negative) on the business outcome if the risk does actually occur.
risk management
The process of identifying, monitoring, and limiting risks to a level that an organization is willing to accept.
robotics
A branch of engineering that involves the development and manufacture of mechanical or computer devices that can perform tasks that require a high degree of precision or that are tedious or hazardous for human beings, such as painting cars or making precision welds.
rootkit
A set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge.
safety-critical system
A system whose failure may cause human injury or death.
Section 230 of the CDA
A section of the Communications Decency Act that provides immunity to an Internet service provider (ISP) that publishes user-generated content, as long as its actions do not rise to the level of a content provider.
security audit
An evaluation of whether an organization has a well-considered security policy in place and if it is being followed.
security policy
An organization’s security requirements, as well as the controls and sanctions needed to meet those requirements.
separation of duties
The concept of having different aspects of a process handled by different people to prevent fraud.
sexting
Sending sexual messages, nude or seminude photos, or sexually explicit videos over a cell phone.
single loss expectancy (SLE)
The estimated loss that would be incurred if a risk event occurs.
slander
An oral defamatory statement.
smishing
Another variation of phishing that involves the use of texting.
social audit
A process whereby an organization reviews how well it is meeting its ethical and social responsibility goals and communicates its new goals for the upcoming year.
social media
Web-based communication channels and tools that enable people to interact with each other by creating online communities where they can share information, ideas, messages, and other content, including images, audio, and video.
social media marketing
A form of marketing that involves the use of social networks to communicate and promote the benefits of products and services.
social networking platform
Technology that allows creation of an online community of Internet users that enables members to break down barriers created by time, distance, and cultural differences.
social shopping platform
A combination of shopping and social networking.
Software & Information Industry Association (SIIA)
A trade group that represents the world’s largest software and hardware manufacturers.
software defect
Any error that, if not removed, could cause a software system to fail to meet its users’ needs.
software development methodology
A standard, proven work process that enables systems analysts, programmers, project managers, and others to make controlled and orderly progress in developing high-quality software.
software engineer
One who applies engineering principles and practices to the design, development, implementation, testing, and maintenance of software.
software piracy
A form of copyright infringement that involves making copies of software or enabling others to access software to which they are not entitled.
software quality
The degree to which a software product meets the needs of its users.
spam
The use of email systems to send unsolicited email to large numbers of people.
spear phishing
A variation of phishing in which the phisher sends fraudulent emails to a certain organization’s employees.
SSAE No. 16 audit report
An auditing standard issued by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA). It demonstrates that an outsourcing firm has effective internal controls in accordance with the Sarbanes-Oxley Act of 2002.
stakeholder
Someone who stands to gain or lose, depending on how a particular situation is resolved.
stalking app
A cell phone spy software that can be loaded onto someone’s cell phone or smartphone within minutes, making it possible for the user to perform location tracking, record calls, view every text message or pic turesent or received, and record the URLs of any website visited on the phone.
static testing
A software-testing technique in which software is tested without actually executing the code. It consists of two steps—review and static analysis.
store-and-forward telemedicine
The acquiring of data, sound, images, and video from a patient and then transmitting everything to a medical specialist for later evaluation.
strategic lawsuit against public participation (SLAPP)
A lawsuit filed by corporations, government officials, and others against citizens and community groups who oppose them on matters of concern. The lawsuit is typically without merit and is used to intimidate critics out of fear of the cost and effort associated with a major legal battle.
strict liability
A situation in which the defendant is held responsible for injuring another person, regardless of negligence or intent.
supply chain sustainability
A component of corporate social responsibility (CSR) that focuses on developing and maintaining a supply chain that meets the needs of the present without compromising the ability of future generations to meet their needs.
system safety engineer
Someone who has explicit responsibility for ensuring that a system will operate in a safe and reliable manner while meeting its users’ needs.
system testing
Software testing done after successful integration testing, where the various subsystems are combined to test the entire system as a complete entity.
telehealth
Employs electronic information processing and telecommunications to support at-a-distance health care, provide professional and patient health-related training, and support healthcare administration.
telemedicine
A component of telehealth that provides medical care to people at a location different from the healthcare providers.
Title III of the Omnibus Crime Control and Safe Streets Act
A law that regulates the interception of wire (telephone) and oral communications; also known as the Wiretap Act.
trade secret Information
Generally unknown to the public, that a company has taken strong measures to keep confidential.
trademark
A logo, package design, phrase, sound, or word that enables a consumer to differentiate one company’s products from another’s.
transborder data flow
The flow of personal data across national boundaries.
transference
A risk management strategy in which the risk, should it happen, does not rest solely on one individual or organization. For example, a common way to accomplish risk transference is for an individual or an organization to purchase insurance, such as auto or business liability insurance. Another way to transfer risk is to outsource the risk by contracting with a third party to manage the risk.
Transport Layer Security (TLS)
A communications protocol or system of rules that ensures privacy between communicating applications and their users on the Internet.
trap and trace
A device that records the originating number of incoming calls for a particular phone number.
Trojan horse
A seemingly harmless program in which malicious code is hidden.
U.S. Computer Emergency Readiness Team (US-CERT)
Established in 2003 to protect the nation’s Internet infrastructure against cyberattacks, it serves as a clearinghouse for information on new viruses, worms, and other computer security topics.
U.S. person
Under FISA, it is defined as a U.S. citizen, permanent resident, or company.
Uniform Trade Secrets Act (UTSA)
An act drafted in the 1970s to bring uniformity to all the United States in the area of trade secret law.
unit testing
A software-testing technique that involves testing individual components of code (subroutines, modules, and programs) to verify that each unit performs as intended.
USA Freedom Act
An act passed following startling revelations by Edward Snowden of secret NSA surveillance programs, which terminated the bulk collection of telephone metadata by the NSA.
USA PATRIOT Act
An act passed 5 weeks after the terrorist attacks of September 11, 2001. It gave sweeping new powers both to domestic law enforcement and U.S. international intelligence agencies, including increasing the ability of law enforcement agencies to search telephone, email, medical, financial, and other records.
user acceptance testing
Software testing done independently by trained end users to ensure the system operates as expected.
utility patent
A type of patent “issued for the invention of a new and useful process, machine, manufacture, or composition of matter, or a new and useful improvement thereof, it generally permits its owner to exclude others from making, using, or selling the invention for a period of up to 20 years from the date of patent application filing, subject to the payment of maintenance fees.”
vehicle event data recorder (EDR)
A device that records vehicle and occupant data for a few seconds before, during, and after any vehicle crash that is severe enough to deploy the vehicle’s air bags.
vice
A habit of unacceptable behavior.
viral marketing
An approach to advertising that encourages individuals to pass along a marketing message to others, thus creating the potential for exponential growth in the message’s exposure and influence.
virtue
A habit that inclines people to do what is acceptable.
virus
A piece of programming code, usually disguised as something else, that causes a computer to behave in an unexpected and usually undesirable manner.
virus signature
A specific sequence of bytes that indicates to antivirus software that a specific virus is present.
vishing
Similar to smishing except that the victims receive a voice-mail message telling them to call a phone number or access a website.
warranty
Assures buyers or lessees that a product meets certain standards of quality.
waterfall system development model
A software development methodology that involves a sequential, multistage system development process in which development of the next stage of the system cannot begin until the results of the current stage are approved or modified as necessary.
whistle-blowing
An effort by an employee to attract attention to a negligent, illegal, unethical, abusive, or dangerous act by a company that threatens the public interest.
white-box testing
A type of dynamic testing that treats the software unit as a device that has expected input and output behaviors but whose internal workings, unlike the unit in black-box testing, are known.
Wiretap Act
A law that regulates the interception of wire (telephone) and oral communications; also known as the Title III of the Omnibus Crime Control and Safe Streets Act.
worm
A harmful program that resides in the active memory of the computer and duplicates itself.
zero-day exploit
A cyberattack that takes place before the security community and/or software developers become aware of and fix a security vulnerability.
zombie
A computer that is part of a botnet and that is controlled by a hacker without the knowledge or consent of the owner.
Legal Acts
Acts that conform to the law
Corporate Social Responsibility
the notion that corporations are expected to go above and beyond following the law and making a profit
Supply Chain Sustainability
A component of corporate social responsibility (CSR) that focuses on developing and maintaining a supply chain that meets the needs of the present without compromising the ability of future generations to meet their needs.
A Stakeholder
Someone who stands to gain or lose, depending on how a particular situation is resolved.
Code of Ethics
A statement that highlights an organization’s key ethical issues and identifies the overarching values and principles that are important to the organization and its decision making.
Problem Statement
A clear and concise identification and description of the design problem or opportunity.
Vice
immoral or wicked behavior
Trade Secret
Is information, generally unknown to the public, that a company has taken strong measures to keep confidential.
Whistle blowing
an effort by an employee to attract attention to a negligent, illegal, unethical, abusive, or dangerous act by a company that threatens the public interest
Conflict of interest (COI)
A conflict between the IT worker’s (or the IT Firm’s) self-interest and the client’s interests.
Fraud
The crime of obtaining goods, services, or property through deception or trickery.
Misrepresentation
The misstatement or incomplete statement of a material fact.
Bribery
The act of providing money, property, or favors to someone in business or government in order to obtain a business advantage.
Internal Control
The process established by an organization’s board of directors, managers, and IT systems people to provide reasonable assurance for the effectiveness and efficiency of operations, the reliability of financial reporting, and compliance with applicable laws and regulations.
Policies
The guidelines and standards by which the organization MUST abide.
Processes
a collection of steps designed to direct the most important tasks of an organization
Procedure
Defines the exact instructions for completing each task in a process.
resume inflation
Falsely claiming competence in a skill, usually because that skill is in high demand.
Certification
process by which a person who has met certain criteria established by a nongovernmental association is granted recognition
breach of care of duty
Failure to act as a reasonable person would act.
common Ethical issues for IT users
Software Piracy
Inappropriate use of computing resources
Inappropriate Sharing of information
Acceptable Use Policy (AUP)
5 key elements:
- Purpose of the AUP - Why is the policy needed and what are its goals?
- Scope - Who and what is covered under the AUP?
- Policy - How are both acceptable use and unacceptable use defined; what are some examples of each?
- Compliance - Who is responsible for monitoring compliance and how will it be measured?
- Sanctions - What actions will be taken against an individual who violates the policy?
Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act
states that it is legal to spam, provided the messages meet a few basic requirements—spammers cannot disguise their identity by using a false return address, the email must include a label specifying that it is an ad or a solicitation, and the email must include a way for recipients to indicate that they do not want future mass mailings.
mission-critical processes
business processes that are essential to continued operations and goal attainment
Executive order 12333
Identifies the various U.S. governmental intelligence-gathering agencies, and defines what information can be collected, retained, and disseminated by these agencies
General Data Protection Regulation (GDPR)
Designed to strengthen data protection for individuals within the EU by addressing the export of personal data outside the EU.
competitive intelligence (CI)
Legally obtained information that is fathered to help a company fain and advantage over its rivals.
Adam Walsh Child Protection and Safety Act
Also known as the Sex Offender Registration and Notification Act (SORNA), Congress enacted this law in 2006 in memory of a 6 year old abducted from a department store and murdered
European Union Data Protection Directive:
The following list summarizes the basic tenets of the directive:
Notice—An individual has the right to know if his or her personal data are being collected, and any data must be collected for clearly stated, legitimate purposes.
Choice—An individual has the right to elect not to have his or her personal data collected.
Use—An individual has the right to know how personal data will be used and the right to restrict their use.
Security—Organizations must “implement appropriate technical and organizations measures” to protect personal data, and the individual has the right to know what these measures are.
Correction—An individual has the right to challenge the accuracy of the data and to provide corrected data.
Enforcement—An individual has the right to seek legal relief through appropriate channels to protect privacy rights
The following list shows some of the actions that schools can take to combat student plagiarism:
Help students understand what constitutes plagiarism and why they need to cite sources properly.
Show students how to document web pages and materials from online databases.
Schedule major writing assignments so that portions are due over the course of the term, thus reducing the likelihood that students will get into a time crunch and be tempted to plagiarize to meet the deadline.
Make clear to students that instructors are aware of Internet paper mills.
Ensure that instructors both educate students about plagiarism detection services and make them aware that they know how to use these services.
Incorporate detection software and services into a comprehensive antiplagiarism program.
Risk Management: Strategies for addressing a particular risk include the following:
Acceptance
Avoidance
Mitigation
Redundancy
Transference
