MIDTERM_AQUINO Flashcards
1
Q
It is a set of beliefs about right and wrong behavior within a society.
A
ETHICS
2
Q
conforms to generally accepted standards, many of which are almost universal.
A
Ethical behavior
3
Q
It is a set of guidelines which are designed to set out acceptable behavior of a group, association and profession.
A
Professional Code of Ethics?
4
Q
does not provide a complete guide to ethical behavior. Just because an activity is not defined as illegal does not mean it is ethical.
A
Law
5
Q
I will promote public knowledge, understanding and appreciation of Information and Communications technology
A
Code of Ethics for the Filipino ICT Professionals
6
Q
I will consider the general welfare and public welfare and public good in the performance of my work.
A
Code of Ethics for the Filipino ICT Professionals
7
Q
I will advertise goods or professional services in a clear and truthful manner.
A
Code of Ethics for the Filipino ICT Professionals
8
Q
Code of Ethics for the Filipino ICT Professionals
A
-I will promote public knowledge, understanding and appreciation of Information and Communications technology.
-I will consider the general welfare and public welfare and public good in the performance of my work.
-I will advertise goods or professional services in a clear and truthful manner.
-I will comply and strictly abide by the intellectual property laws, patent laws and other related laws in respect of Information and Communications Technology.
-I will accept the full responsibility for the work undertaken and utilize my skills with competence and professionalism.
9
Q
I will comply and strictly abide by the intellectual property laws, patent laws and other related laws in respect of Information and Communications Technology.
A
Code of Ethics for the Filipino ICT Professionals
10
Q
I will accept the full responsibility for the work undertaken and utilize my skills with competence and professionalism.
A
Code of Ethics for the Filipino ICT Professionals
11
Q
Thou shalt not use a computer to harm other people.
A
Ten Commandments of Computer Ethics defined by Computer Ethics Institute:
12
Q
Thou shalt not interfere with other people’s computer work.
A
Ten Commandments of Computer Ethics defined by Computer Ethics Institute:
13
Q
Thou shalt not snoop around in other people’s computer files.
A
Ten Commandments of Computer Ethics defined by Computer Ethics Institute:
14
Q
Thou shalt not use a computer to steal
A
Ten Commandments of Computer Ethics defined by Computer Ethics Institute:
15
Q
Thou shalt not use a computer to bear false witness
A
Ten Commandments of Computer Ethics defined by Computer Ethics Institute:
16
Q
Thou shalt not copy or use proprietary software for which you have not paid (without permission).
A
Ten Commandments of Computer Ethics defined by Computer Ethics Institute:
17
Q
Thou shalt not use other people’s computer resources without authorization or proper compensation
A
Ten Commandments of Computer Ethics defined by Computer Ethics Institute:
18
Q
Thou shalt not appropriate other people’s intellectual output.
A
Ten Commandments of Computer Ethics defined by Computer Ethics Institute:
19
Q
Thou shalt think about the social consequences of the program you are writing or the system you are designing.
A
Ten Commandments of Computer Ethics defined by Computer Ethics Institute:
20
Q
Thou shalt always use a computer in ways that ensure consideration and respect for your fellow humans.
A
Ten Commandments of Computer Ethics defined by Computer Ethics Institute:
21
Q
Ten Commandments of Computer Ethics defined by Computer Ethics Institute:
A
- Thou shalt not use a computer to harm other people.
- Thou shalt not interfere with 3. other people’s computer work.
- Thou shalt not snoop around in other people’s computer files.
- Thou shalt not use a computer to steal.
- Thou shalt not use a computer to bear false witness
- Thou shalt not copy or use proprietary software for which you have not paid (without permission).
- Thou shalt not use other people’s computer resources without authorization or proper compensation.
- Thou shalt not appropriate other people’s intellectual output.
- Thou shalt think about the social consequences of the program you are writing or the system you are designing.
- Thou shalt always use a computer in ways that ensure consideration and respect for your fellow humans.
22
Q
With tools like the internet, hackers have found it very easy to hack into any computer or system as long as it is connected on internet
A
Security
23
Q
As much as Information Communication Technology has enabled us to share and find relevant information online, it has also exploited our freedom of privacy
A
Privacy Issues
24
Q
Information and Communications Technology has made it easy for users to access any information or artifact at any given time.
A
Copyright Infringement
25
Since information and Communications Technology systems must run all the time, pressure is mounted on ICT experts to ensure the accuracy and availability of these systems.
Increased pressure on ICT experts
26
Information and Communications technology has many opportunities and it has shaped many industries in developed countries
Digital divide
27
are statements of what you believe to be rules of right conduct.
moral principles
28
are one’s personal beliefs about right and wrong.
Morals
29
describes standards or codes of behavior expected of an individual by a group (nation, organization, profession) to which an individual belongs.
ethics
30
is a system of rules that tells us what we can and cannot do
Law
31
has risen to the top of the business agenda because the risks associated with inappropriate behavior have increased, both in their likelihood and in their potential negative impact
Ethics
32
is a statement that highlights an organization’s key ethical issues
code of ethics
33
is frequently include a set of formal, written statements about the purpose of an organization, its values, and the principles that should guide its employees’ actions
Code of Ethics
34
should focus employees on areas of ethical risk relating to their role in the organization
Code of Ethics
35
Decisions about right and wrong permeate everyday life.
Ethical Decision Making
36
Acting properly as individuals, creating responsible organizations and governments, and making our society as a whole more ethical.
Ethical Decision Making
37
It recognizes that decisions about “right” and “wrong” can be difficult, and may be related to individual context.
Ethical Decision Making
38
can be traced back to the school of the Ancient Greek philosopher Epicurus of Samos (341-270 BCE), who argued that the best life is one that produces the least pain and distress.
Utilitarianism
39
states that people should maximize human pleasure.
Hedonism
40
An approach also known as ethical egoism, or the ethics of self- interest. In this approach, an individual often uses utilitarian calculation to produce the greatest amount of good for him or herself.
Egoistic Approach
41
is most commonly associated with the philosopher Immanuel Kant (1724-1804). Kant argued that doing what is right is not about the consequences of our actions (something over which we ultimately have no control) but about having the proper intention in performing the action
Deontological ethics
42
This approach stipulates that the best ethical action is that which protects the ethical rights of those who are affected by the action. It emphasizes the belief that all humans have a right to dignity.
The Rights Approach
43
this approach sees what is right as the same as what God commands, and ethical standards are the creation of God’s will.
The Divine Command Approach
44
One long-standing ethical principle argues that ethical actions should be consistent with ideal human virtues.
The Virtue Approach
45
CONSEQUENTIALIST THEORIES
U:
H:
E:
D:
R:
C:
V:
UHEDRCV
U: Utilitarianism
H: Hedonism
E: Egoistic Approach
D: Deontological Ethics
R: Rights Approach
C: Divine Command Approach
V: Virtue Approach
46
, just because you can do something doesn’t mean you should do it.
Melissa Woo
47
IT code of ethics
Integrity
Competence
Professional Responsibilities
Work Responsibilities
Societal responsibilities
48
indicates that a professional possesses a particular set of skills, knowledge, or abilities, in the opinion of the certifying organization.
Certification
49
applies only to people and is required by law
licensing
50
is government-issued permission to engage in an activity or to operate a business
government license
51
is generally administered at the state level and often requires that the recipient pass a test of some kind.
government license
52
has been defined as not doing something that a reasonable person would do, or doing something that a reasonable person would not do.
Negligence
53
refers to the obligation to protect people against any unreasonable harm or risk
Duty of care
54
Those people who use PCs, tablets, cellphones and other devices to access information systems, data, and the Internet.
IT Users
55
Almost as soon as computers began to be used commercially, people began to exploit them for illicit purposes. As the use of computer has spread, so too has computer crime.
IT Security Incidents
56
is a crime that is executed using computers or networks of computers. It is done to damage people’s or organizations’ reputation. Some are the ways of computer crimes pose threats are as follows:
Computer crime
57
Computer crime:
Threat to an individual
Threat to an organization
Threat to groups
Threat to a nation
58
is a cyberattack that takes place before the security community and/or software developers become aware of and fix a security vulnerability. It takes advantage of security flaws that enable unauthorized users to gain access to a computer system or to download sensitive user data
zero-day exploit
59
The number of possible entry points to a network expands continually as more devices are added, increasing the possibility of security breaches.
Increasing Complexity Increases Vulnerability
60
Time means money. The earlier the active computer users can resolve a problem, the more productive they can be. As a result, computer support desks are under extreme pressure to counter very instantly to user’s questions.
Higher Computer User Expectations
61
IT organizations prefer to use already installed software “as is” rather than implement security fixes that will either make the software harder to use or eliminate software harder to use or eliminate “nice to have” features suggested by current users or potential customers, which will help sell the software
Increase Reliance on Commercial Software with Known Vulnerabilities
62
With expanded business needs, globalization, collaborative working, and new technological breakthroughs today, information is being shared on networks with millions of other computers.
Technological Advancement Introduce New Risks
63
Employees access company data by using their devices such as mobiles, tablets, and personal laptops to have all-time availability and connection with the work, which generates a security threat.
Bringing your own device (BYOD) policy
64
Most organizations do not understand the upcoming risks and delay software updates for multiple reasons such as time shortage, extra cost involved, or just negligence, making the organization’s computer vulnerable to attack.
Delay in software updates
65
is an attack on an information system that takes advantage of a particular system vulnerability due to poor system design or implementation.
exploit
66
is a piece of programming code, usually disguised as something else, that causes a computer to behave unexpectedly and often undesirably.
Viruses
67
is a harmful program that resides in the active memory of the computer and duplicates itself without human intervention.
worm
68
is a program in which malicious code is hidden inside a seemingly harmless program
Trojan horse
69
is a large group of computers controlled from one or more remote locations by hackers, without the knowledge or consent of their owners.
botnet
70
happens when a malicious hacker takes over computers on the Internet and cause them to flood a target site with demand for data and other small tasks.
Distributed Denial-of-Service (DDos) Attacks:
71
is a set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge
Rootkits:
72
is the abuse of e-mail systems to send unsolicited e-mail to large numbers of people.
E-mail spam
73
is the act of using e-mail fraudulently to try to get the recipient to reveal personal data
. Phishing
74
is malware that stops you from using your computer or accessing your data until you meet certain demands, such as paying a ransom or sending photos to the
attacker.
Ransomware
75
A person who carries out a harmful, illegal, or immoral act, is called perpetrators.
Perpetrators
76
They test the limitations of information systems out of intellectual curiosity to see whether they can gain access and how far they can go.
Hackers:
77
They break into other people’s networks and systems to cause harm such as defacing Web pages, crashing computers, spreading harmful programs or hateful messages, and writing scripts and automated programs that let other people do the same things.
Crackers:
78
They are extremely difficult to detect or stop because they are often authorized to access the very systems they abuse.
Malicious Insiders:
79
They use illegal means to obtain trade secrets from competitors of their sponsor
Industrial Spies
80
They are engaged in all forms of computer fraud: stealing and reselling credit card numbers, personal identities, and cellphone IDs.
Cybercriminals:
81
Hacktivism is a combination of the words “hacking” and “activism.” This is done to achieve political or social goal.
Hacktivists and Cyberterrorists:
82
A firewall stands as guard between an organization’s internal network and the Internet. It also limits network access based on the organization’s access policy.
Installing a corporate firewall
83
These work to prevent an attack by blocking viruses, malformed packets, and other threats from getting into the protected network.
Intrusion prevention systems (IPSs
84
scans for a specific sequence of bytes, known as a virus signature, that indicates the presence of specific viruses. If it finds a virus, the antivirus software informs the user, and it may clean, delete, or quarantine any files, directories, or disks affected by the malicious codes
Antivirus software
85
Organizations need to define employee roles carefully and separate key responsibilities properly so that a single person is not responsible for accomplishing a task that has high security
Implementing safeguards against attacks by malicious insiders
86
The actions required to address these issues include installing a known patch to the software and keeping applications and operating systems up to date. Those responsible for computer security must make it a priority to prevent attacks using these vulnerabilities.
Addressing the most critical internet security threats
87
Security audit is a prevention tool that evaluates whether an organization has a well-considered security policy in place and if it is being followed (e.g., password policy, system access, and level of authority).
Conducting periodic IT security audits
88
is a branch of forensic science which deals with the application of investigative analysis techniques on computers in order to retrieve and preserve evidence in a way that is legally admissible. This means that a major aspect of the science of computer forensics lies in the ability of the forensics expert to present findings in a way that is acceptable and usable by a court of law
Computer forensics
89
Confidentiality safeguards are intended to prevent unauthorized information disclosure.
Confidentiality
90
Data consistency includes safeguarding against unauthorized changes (additions, deletions, alterations, and so on). The integrity principle ensures that data is accurate and reliable, and that it is not incorrectly modified, whether accidentally or maliciously.
Integrity
91
The information must be present when needed. The protection of a system's ability to make software systems and data fully available when a user requires it is known as availability (or at a specified time).
Availability
92
CIA TRIAD
integrity, confidentiality, availability,
93
Cybercrime Prevention Act of 2012" (CPA) was approved, which is the comprehensive legislation on cybercrimes. Notably, it defined "cybersecurity" as the "application of security measures to ensure confidentiality, integrity, and availability of data.
Republic Act No. 10175
94
It establishes the relationship of the individual to the State and defines the rights of the individual by limiting the lawful powers of the State.
Article III of the Philippine Constitution
95
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
The Fourth Amendment is as follows:
96
the combination of communications privacy (the ability to communicate with others without those communications being monitored by other persons or organizations) and data privacy (the ability to limit access to one’s personal data by other individuals and organizations in order to exercise a substantial degree of control over that data and their use).
Information Privacy
97
outlines a number of legislative acts that affect a person’s privacy. Note that most of these actions address invasion of privacy by the government. Legislation that protects people from data privacy abuses by corporations is almost nonexistent.
Privacy Laws, Applications, and Court Rulings
98
Individuals must reveal much of their personal financial data in order to take advantage of the wide range of financial products and services available, including credit cards, checking and savings accounts, loans, payroll direct deposit, and brokerage accounts. The inadvertent loss or disclosure of this personal financial data carries a high risk of loss of privacy and potential financial loss.
Financial Data
99
regulates the operations of credit-reporting bureaus, including how they collect, store, and use credit information. The act, enforced by the U.S. Federal Trade Commission, is designed to ensure the accuracy, fairness, and privacy of information gathered by the credit-reporting companies and to check those systems that gather and sell information about people
Fair Credit Reporting Act (1970)
100
protects the records of financial institution customers from unauthorized scrutiny by the federal government.
Right to Financial Privacy Act (1978)
101
Individuals are rightly concerned about the erosion of privacy of data concerning their health. They fear intrusions into their health data by employers, schools, insurance firms, law enforcement agencies, and even marketing firms looking to promote their products and services.
Health Information
102
was designed to improve the portability and continuity of health insurance coverage; to reduce fraud, waste, and abuse in health insurance and healthcare delivery; and to simplify the administration of health insurance.
Health Insurance Portability and Accountability Act (HIPAA) (1996)
103
According to the Center for Media Research, teens spend over five hours per week surfing the Web, and over 40 percent of them claim that their parents have no idea what they are looking at online. Many people feel that there is a need to protect children from being exposed to inappropriate material and online predators; becoming the target of harassment; divulging personal data; and becoming involved in gambling or other inappropriate behavior.
Children’s Personal Data
104
is a federal law that assigns certain rights to parents regarding their children’s educational records. These rights transfer to the student once the student reaches the age of 18 or if he or she attends a school beyond the high school level.
Family Educational Rights and Privacy Act (1974)
105
any Web site that caters to children must offer comprehensive privacy policies, notify parents or guardians about its data collection practices, and receive parental consent before collecting any personal information from children under 13 years of age.
Children’s Online Privacy Protection Act (1998)
106
This laws address government surveillance, including various forms of electronic surveillance. New laws have been added and old laws amended in recent years in reaction to worldwide terrorist activities and the development of new communication technologies.
Electronic Surveillance
107
The Communications Act established the Federal Communications Commission and gave it responsibility for regulating all non-federal-government use of radio and television broadcasting and all interstate telecommunications as well as all international communications
Communications Act (1934)
108
deals with three main issues: (1) the protection of communications while in transfer from sender to receiver; (2) the protection of communications held in electronic storage; and (3) the prohibition of devices from recording dialing, routing, addressing, and signaling information without a search warrant.
Electronic Communications Privacy Act (1986)
109
Electronic Communications Privacy Act (1986) deals with 3 issues:
(1) the protection of communications while in transfer from sender to receiver; (2) the protection of communications held in electronic storage; and (3) the prohibition of devices from recording dialing, routing, addressing, and signaling information without a search warrant.
110
is a term for a set of guidelines that govern the collection and use of personal data. The overall goal of such guidelines is to stop the unlawful storage of personal data, eliminate the storage of inaccurate personal data, and prevent the abuse or unauthorized disclosure of such data.
Fair Information Practices
111
The government has a great capacity to store data about each and every one of us and about the proceedings of its various organizations. The Freedom of Information Act enables the public to gain access to certain government records, and the Privacy Act prohibits the government from concealing the existence of any personal data recordkeeping systems.
Access to Government Records
112
establishes a code of fair information practices that sets rules for the collection, maintenance, use, and dissemination of personal data that is kept in systems of records by federal agencies.
Privacy Act (1974)
113
Companies openly collect personal information about users when they register at Websites, complete surveys, fill out forms, or enter contests online. Many companies also obtain information about Web surfers through the use of cookies—text files that can be downloaded to the hard drives of users who visit a Web site, so that the Web site is able to identify visitors on subsequent visits.
Consumer Profiling
114
is the unintended release of sensitive data or the access of sensitive data (e.g., credit card numbers, health insurance member ids, and Social Security numbers) by unauthorized individuals.
data breach
115
is the theft of personal information, which is then used without the owner’s permission. Often, stolen personal identification information, such as a person’s name, Social Security number, or credit card number, is used to commit fraud or other crimes. Thieves may use a consumer’s credit card number to charge items to that person’s account, use identification information to apply for a new credit card or a loan in a consumer’s name, or use a consumer’s name and Social Security number to obtain government benefits. Thieves also often sell personal identification information on the black market
Identity theft
116
A number of advances in information technology—such as surveillance cameras and satellite-based systems that can pinpoint a person’s physical location—provide amazing new data-gathering capabilities. However, these advances can also diminish individual privacy and complicate the issue of how much information should be captured about people’s private lives.
Advanced Surveillance Technology
117
Technology has made it easy for a person to track the whereabouts of someone else at all times, without ever having to follow the person. Cell phone spy software called a stalking app can be loaded onto someone’s cell phone or smartphone within minutes, making it possible for the user to perform location tracking, record calls, view every text message or picture sent or received, and record the URLs of any website visited on the phone. A built-in microphone can be activated remotely to use as a listening device even when the phone is turned off.
Stalking Apps
118
is the concept of ensuring proper use of personal data by giving individuals control over how their data is accessed, used, or shared.
Data privacy
119
keeps that data safe from unauthorized access.
data security
120
AN ACT PROTECTING INDIVIDUAL PERSONAL INFORMATION IN INFORMATION AND COMMUNICATIONS SYSTEMS IN THE GOVERNMENT AND THE PRIVATE SECTOR, CREATING FOR THIS PURPOSE A NATIONAL PRIVACY COMMISSION, AND FOR OTHER PURPOSES
REPUBLIC ACT NO. 10173
This Act shall be known as the “Data Privacy Act of 2012”.
