Ethics in IT - Test 1 (Chapters 1 - 3)

false

If an employee acts in a manner contrary to corporate policy and their employee's directions, the employer cannot be held responsible for these actions. True or False?

drop this option, and implement the same policy as your competitors

If you find yourself rationalizing a decision with the statement "Well, our competitors are doing something far worse"—what action should you not take?

true

Important decisions with strong ethical implications are too often left to the technical experts; general business managers must assume greater responsibility for these decisions. True or False?

misuse of company time

According to the Ethics Resource Center, which is the most commonly observed form of employee misconduct?

True

An IT worker cannot be sued for professional malpractice unless he or she is licensed. True or False.

some 6.2 million

Approximately how many U.S. workers have reported worker or manager misconduct and then suffered some sort of retribution from their supervisor or negative reactions from their coworkers?

integrity

A person who acts with ________________ acts in accordance with a personal code of principles

code of ethics

A statement that highlights an organization's key ethical issues and identifies the over- arching values and principles that are important to the organization and its decision making.

about 40 percent

Nonmanagers are responsible for what percent of instances of reported misconduct?

professional malpractice

Professionals who breach the duty of care are liable for injuries that their negligence causes.

professional malpractice

Professionals who breach the duty of care are liable for injuries that their negligence causes. This liability is commonly referred to as _______________________.

Principles and Practices

To become licensed as a software engineer in the United States, one must pass the Fundamental of Engineering exam and a software engineering ___________________________ exam.

distributed denial-of-service (DDoS) attack

attack in which a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks

professional code of ethics

states the principles and core values that are essential to the work of a particular occupational group

botnet

term used to describe a large group of such computers, which are controlled from one or more remote locations by hackers, without the knowledge or consent of their owners computers within the group are called zombies

bribery

the act of providing money, property, or favors to someone in business or government in order to obtain a business advantage

Corporate Social Responsibility (CSR)

the concept that an organization should act ethi- cally by taking responsibility for the impact of its actions on its shareholders, consumers, employees, community, environment, and suppliers

fraud

the crime of obtaining goods, services, or property through deception or trickery

breach of the duty of care

the failure to act as a reasonable person would act

What measures can organizations take to improve their business ethics?

• An organization can take several actions to improve its business ethics including: appoint- ing a corporate ethics officer, requiring its board of directors to set and model high ethical standards, establish a corporate code of ethics, conduct social audits, require employees to take ethics training, include ethical criteria in employee appraisals, and create an ethical work environment

What is ethics?

• Ethics is a code of behavior that is defined by the group to which an individual belongs. • Morals are the personal principles upon which an individual bases his or her decisions about what is right and what is wrong. • A person who acts with integrity acts in accordance with a personal code of principles. • Law is a system of rules that tells us what we can and cannot do. Laws are enforced by a set of institutions (the police, courts, and law-making bodies). • A code of ethics states the principles and core values that are essential to one's work. • Just because an activity is defined as legal does not mean that it is ethical.

five good reasons to pursue CSR goals

• Gaining the goodwill of the community • Creating an organization that operates consistently • Fostering good business practices • Protecting the organization and its employees from legal action • Avoiding unfavorable publicity

How can you include ethical considerations in your decision making?

• Often, people employ a simple decision-making model that includes these steps: (1) define the problem, (2) identify alternatives, (3) choose an alternative, (4) implement the decision, and (5) monitor the results. • You can incorporate ethical considerations into decision making by identifying and involving the stakeholders; weighing various laws, guidelines, and principles—including the organization's code of ethics—that may apply; and considering the impact of the decision on you, your organization, stakeholders, your customers and suppliers, and the environment.

frequent causes of problems in IT projects

• Scope creep—Changes to the scope of the project or the system requirements can result in cost overruns, missed deadlines, and a project that fails to meet end-user expectations. • Poor communication—Miscommunication or a lack of communication between customer and vendor can lead to a system whose performance does not meet expectations. • Delivery of an obsolete solution—The vendor delivers a system that meets customer requirements, but a competitor comes out with a system that offers more advanced and useful features. • Legacy systems—If a customer fails to reveal information about legacy systems or databases that must connect with the new hardware or software at the start of a project, implementation can become extremely difficult

government license

government-issued permission to engage in an activity or to operate a business

virtue

habit that inclines people to do what is acceptable

firewall

hardware or software (or a combination of both) that serves as the first line of defense between an organization's network and the Internet limits access to the company's network based on the organization's Internet-usage policy

trade secret

information, generally unknown to the public, that a company has taken strong measures to keep confidential

body of knowledge

The core _____________________ for any profession outlines agreed-upon sets of skills and abilities that all licensed professionals must possess.

body of knowledge

The core for any profession outlines agreed-upon sets of skills and abilities that all licensed professionals must possess.

True

Under the Foreign Corrupt Practices Act (FCPA), it is permissible to pay an official to per- form some official function faster (for example, to speed customs clearance). True or False.

False

Unlike certification, which applies only to people and is required by law, licensing can also apply to products. True or False.

gifts

are made openly and publicly, as a gesture of friendship or goodwill are made directly from donor to recipient come with no expectation of a future favor for the donor

separation of duties

associated with any process that involves the handling of financial transactions so that different aspects of the process are handled by different people

Foreign Corrupt Practices Act

(FCPA, 15 U.S. Code § 78dd-1) makes it a crime to bribe a foreign official, a foreign political party official, or a candidate for foreign political office.

firewall

A ________________ is hardware or software (or a combination of both) that serves as the first line of defense between an organization's network and the Internet; it also limits access to the company's network based on the organization's Internet-usage policy.

What is corporate social responsibility, and why is fostering good business ethics important?

Corporate social responsibility is the concept that an organization should act ethically by taking responsibility for the impact of its actions on its shareholders, consumers, employ- ees, community, environment, and suppliers. • Supply chain sustainability is a component of CSR that focuses on developing and main- taining a supply chain that meets the needs of the present without compromising the ability of future generations to meet their needs. • Each organization must decide if CSR is a priority, and if so, what its specific CSR goals are. • Organizations have five good reasons for pursuing CSR goals and promoting a work environment in which they encourage employees to act ethically: (1) to gain the goodwill of the community, (2) to create an organization that operates consistently, (3) to foster good business practices, (4) to protect the organization and its employees from legal action, and (5) to avoid unfavorable publicity.

What trends have increased the likelihood of an unethical behavior?

Globalization has created a much more complex work environment, making it more difficult to apply principles and codes of ethics consistently. • Organizations may be tempted to resort to unethical behavior to maintain profits in today's more challenging and uncertain economic climate. • It is not unusual for powerful, highly successful individuals to fail to act in morally appropriate ways as such people are often aggressive in striving for what they want and are used to having privileged access to information, people, and other resources. Furthermore, their success often inflates their belief that they have the ability and the right to manipulate the outcome of any situation.

define the problem

Identifying the stakeholders and their positions on an issue is a part of which decision- making step?

false

Laws provide a complete guide to ethical behavior. True or False?

vice

a habit of unacceptable behavior

rootkit

a set of programs that enables its user to gain administrator-level access to a computer without the end user's consent or knowledge

IT user

refers to a person who uses a hardware or software product; the term distinguishes end users from the IT workers who develop, install, service, and support the product

duty of care

refers to the obligation to protect people against any unreasonable harm or risk

CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart)

software that generates and grades tests that humans can pass and all but the most sophisticated computer programs cannot

stakeholder

someone who stands to gain or lose, depending on how a particular situation is resolved.

Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM)

states that it is legal to spam, provided the messages meet a few basic requirements—spammers cannot disguise their identity by using a false return address, the email must include a label specifying that it is an ad or a solicitation, and the email must include a way for recipients to indicate that they do not want future mass mailings

True

Senior management (including members of the audit committee) must always follow the recommendations of the internal audit committee. True or False.

reasonable person standard

The courts decide whether parties owe a duty of care by applying a _______________________ to evaluate how an objective, careful, and conscientious person would have acted in the same circumstances.

false

The goodwill that CSR activities generate can make it easier for corporations to conduct their business but is unlikely to affect the profitability of the firm. True or False?

What trends have increased the risk that information technology will be used in an unethical manner?

The growth of the Internet and social networks; the ability to capture, store, and analyze vast amounts of personal data; and a greater reliance on information systems in all aspects of life have increased the risk that information technology will be used unethically. • In the midst of the many IT breakthroughs in recent years, the importance of ethics and human values has been underemphasized—with a range of consequences

stop the unauthorized copying of software produced by its members

The mission of the Software & Information Industry Association and the Business Software Alliance is to ___________________.

Bathsheba syndrome

The moral corruption of people in power has been given the name ________________________.

become familiar with various philosophers and how they dealt with ethical issues

Which of the following is not a key goal of employee ethics training? -Increase the percentage of employees who report incidents of misconduct. -Make employees more aware of the company's code of ethics and how to apply it. -Become familiar with various philosophers and how they dealt with ethical issues. -Reduce the company's liability in the event of legal action

Background and make-up of the infosec organization that enforces the AUP

Which of the following is not one of the five key elements of an acceptable use policy (AUP)? -Purpose of the AUP, why it is needed and what are its goals -Background and make-up of the infosec organization that enforces the AUP -Definition of the actions that will be taken against an individual who violates the policy -Scope of who and what is covered under the AUP

morals

________________ is/are one's personal beliefs about what is right and wrong

whistle-blowing

___________________ is an effort by an employee to attract attention to a negligent, illegal, unethical, abusive, or dangerous act by a company that threatens the public interest.

Material breach of contract

______________________ occurs when a party fails to perform certain express or implied obligations, which impairs or destroys the very essence of a contract.

Internal control

_______________________ is the process established by an organization's board of directors, managers, and IT systems people to provide reasonable assurance for the effectiveness and efficiency of operations, the reliability of financial reporting, and compliance with applicable laws and regulations.

Bring your own device (BYOD)

a business policy that permits, and in some cases encourages, employees to use their own mobile devices (smartphones, tablets, or laptops) to access company computing resources and applications, including email, corporate databases, the corporate intranet, and the Internet.

problem statement

a clear, concise description of the issue that needs to be addressed answers the following questions: What do people observe that causes them to think there is a problem? Who is directly affected by the problem? Is anyone else affected? How often does the problem occur? What is the impact of the problem? How serious is the problem?

ethics

a code of behavior that is defined by the group to which an individual belongs.

processes

a collection of tasks designed to accomplish a stated objective

supply chain sustainability

a component of CSR that focuses on developing and maintaining a supply chain that meets the needs of the present without compromising the ability of future generations to meet their needs

conflict of interest

a conflict between the IT worker's (or the IT firm's) self-interest and the client's interests

zero-day exploit

a cyberattack that takes place before the security community and/or software developers become aware of and fix a security vulnerability

acceptable use policy (AUP)

a document that stipulates restrictions and practices that a user must agree to in order to use organizational computing and network resources

blended threat

a sophisticated threat that combines the features of a virus, worm, Trojan horse, and other malicious code into a single payload might attack multiple EXE files, HTML files, and registry keys simultaneously (instead of a narrowly focused attack)

code of ethics

a statement that highlights an organization's key ethical issues and identifies the overarching values and principles that are important to the organization and its decision making

law

a system of rules that tells us what we can and cannot do enforced by a set of institutions (police, courts, law-making bodies)

exploit

an attack on an information system that takes advantage of a particular system vulnerability

whistle-blowing

an effort by an employee to attract attention to a negligent, illegal, unethical, abusive, or dangerous act by a company that threatens the public inter- est

social audit

an organization reviews how well it is meeting its ethical and social responsibility goals and communicates its new goals for the upcoming year information is shared with employees, shareholders, investors, market analysts, customers, suppliers, government agencies, and the communities in which the organization operates.

logic bomb

another type of Trojan horse, which executes when it is triggered by a specific event For example, can be triggered by a change in a particular file, by typing a specific series of keystrokes, or at a specific time or date

negligence

defined as not doing something that a reasonable person would do or doing something that a reasonable person would not do

procedure

defines the exact instructions for completing each task in a process

certification

indicates that a professional possesses a particular set of skills, knowledge, or abilities, in the opinion of the certifying organization

Ransomware

malware that stops you from using your computer or accessing your data until you meet certain demands, such as paying a ransom or sending photos to the attacker

advanced persistent threat (APT)

network attack in which an intruder gains access to a network and stays there—undetected—with the intention of stealing data over a long period of time (weeks or even months) must continuously rewrite code and employ sophisticated evasion techniques to avoid discovery.

material breach of contract

occurs when a party fails to perform certain express or implied obligations, which impairs or destroys the essence of the contract

breach of contract

occurs when one party fails to meet the terms of a contract

corporate ethics officer (corporate compliance officer)

provides an organization with vision and leadership in the area of business conduct. This individual "aligns the practices of a workplace with the stated ethics and beliefs of that workplace, holding people accountable to ethical standards."3

five-step ethical decision-making process

1) develop problem statement 2) identify alternatives 3) choose alternatives 4) implement decision 5) evaluate results

Software Engineering Code of Ethics and Professional Practice

1. Public - Software engineers shall act consistently with the public interest. 2. Client and Employer - Software engineers shall act in a manner that is in the best interests of their client and employer consistent with the public interest. 3. Product - Software engineers shall ensure that their products and related modifica- tions meet the highest professional standards possible. 4. Judgment - Software engineers shall maintain integrity and independence in their professional judgment. 5. Management - Software engineering managers and leaders shall subscribe to and pro- mote an ethical approach to the management of software development and maintenance. 6. Profession - Software engineers shall advance the integrity and reputation of the profession consistent with the public interest. 7. Colleagues - Software engineers shall be fair to and supportive of their colleagues. 8. Self - Software engineers shall participate in lifelong learning regarding the practice of their profession and shall promote an ethical approach to the practice of the profession.

professional code of ethics or code of ethics

A(An) ___________________ states the principles and core values that are essential to the work of a particular occupational group.

audit committee

The ________________ of a board of directors provides assistance to the board in fulfilling its responsibilities with respect to the oversight of the following areas of activity: • The quality and integrity of the organization's accounting and reporting practices and controls, including financial statements and reports • The organization's compliance with legal and regulatory requirements The qualifications, independence, and performance of the company's independent auditor (a certified public accountant who provides a company with an accountant's opinion but who is not otherwise associated with the company) • The performance of the company's internal audit team

Bathsheba syndrome

The moral corruption of people in power, which is often facilitated by a tendency for people to look the other way when their leaders act inappropriately reference to the biblical story of King David, who became corrupted by his power and success.

exceed 70 percent

The software piracy rates in Albania, Kazakhstan, Libya, Panama, and Zimbabwe ________________________.

virtues

The term describes the standards or codes of behavior expected of an individual by a group to which the individual belongs

worm

a harmful program that resides in the active memory of the computer and duplicates itself differ from viruses in that they can propagate without human intervention, often sending copies of themselves to other computers by email

virus

a piece of programming code, usually disguised as something else, that causes a computer to behave in an unexpected and usually undesirable manner

Trojan horse

a seemingly harmless program in which malicious code is hidden usually tricked into opening it because it appears to be useful software from a legitimate source, such as an update for software the user currently has installed on his or her computer program's harmful payload might be designed to enable the hacker to destroy hard drives, corrupt files, control the computer remotely, launch attacks against other computers, steal passwords, or spy on users by recording keystrokes and transmitting them to a server operated by a third party. often creates a "backdoor" on a computer that enables an attacker to gain future access

policies

the guidelines and standards by which the organization must abide. The guidelines and standards are often in response to some law drive processes and procedures

Lawrence Kohlberg

the late Harvard psychologist found that many factors stimulate a person's moral development, but one of the most crucial is education. Other researchers have repeatedly supported the idea that people can continue their moral development through further education, such as working through case studies and examining contemporary issues. Theory of Moral Development

misrepresentation

the misstatement or incomplete statement of a material fact

morals

the personal principles upon which an individual bases his or her decisions about what is right and what is wrong

spam

the use of email systems to send unsolicited email to large numbers of people

compliance

to be in accordance with established policies, guidelines, specifications, or legislation. Records management software, for example, may be developed in compliance with the U.S. Department of Defense's Design Criteria Standard for Electronic Management Software applications (known as DoD 5015) that defines mandatory functional requirements for records management software used within the Department of Defense.

Software & Information Industry Association (SIIA) and the BSA | The Soft- ware Alliance (BSA)

trade groups that represent the world's largest software and hardware manufacturers

benefits of following a professional code of conduct

• Ethical decision making—Adherence to a professional code of ethics means that practitioners use a common set of core values and beliefs as a guideline for ethical decision making. • High standards of practice and ethical behavior—Adherence to a code of ethics reminds professionals of the responsibilities and duties that they may be tempted to compromise to meet the pressures of day-to-day business. The code also defines acceptable and unacceptable behaviors to guide professionals in their interactions with others. Strong codes of ethics have procedures for censuring professionals for serious violations, with penalties that can include the loss of the right to practice. Such codes are the exception, however, and few exist in the IT arena. • Trust and respect from the general public—Public trust is built on the expectation that a professional will behave ethically. People must often depend on the integrity and good judgment of a professional to tell the truth, abstain from giving self-serving advice, and offer warnings about the potential negative side effects of their actions. Thus, adherence to a code of ethics enhances trust and respect for professionals and their profession. • Evaluation benchmark—A code of ethics provides an evaluation benchmark that a professional can use as a means of self-assessment. Peers of the professional can also use the code for recognition or censure.