Deck 12: Ethical, privacy, and Security Issues

A virus is a piece of programming code,usually disguised as something innocuous that causes some unexpected and usually undesirable event.

Nearly everyone would agree that it is acceptable to tell a lie to protect someone's feelings or to keep a friend from getting into trouble.

The ethics officer tries to establish an environment that encourages ethical decision making.

Making ethical decisions in the area of information technology is really no different than in other areas,although the specific issues may be different.

More than 90 percent of major U.S.firms find it necessary to record and review employee communications and activities on the job,including e-mail,Web surfing,and phone usage.

The security of any system or network is always about technology.

Most firewalls are configured to allow e-mail and benign-looking attachments to reach their intended recipient.

In a nonprofit corporation,the board reports to shareholders,customers,employees,suppliers,and the community.

The board of directors is responsible for the careful and responsible management of an organization.

The presence of a corporate ethics officer has become increasingly common.

The IPS sits directly in front of the firewall and examines all the traffic passing through it.

Viruses differ from worms in that they can propagate over a network without human intervention,sending copies of themselves to other computers by e-mail or Internet Relay Chat (IRC).

Doing what is ethical is always easy in any situation.

An organization should be prepared for the worst-a successful attack that defeats all or some of a system's defenses and damages data and information systems.

Significant improvements in security can require years and do not come easy.

The overwhelming majority of successful computer attacks are made possible by taking advantage of little-known vulnerabilities.

Although private-sector employees can seek legal protection against an invasive employer under various state statutes,the degree of protection varies widely by state.

Employees are increasingly evaluated on their demonstration of qualities and characteristics that are highlighted in the corporate code of ethics.

Often a corporation will down play ethics policies following a major scandal within the organization.

Discussing security attacks through public trials and the associated publicity not only has enormous potential costs in public relations,but no real monetary costs.

An essential part of follow-up is to determine how the organization's security was compromised so that it does not happen again.

Expert crackers can conceal their identity and tracking them down can take a long time as well as a tremendous amount of corporate resources.

Even if a company decides that the negative publicity risk from a security breach is worth it and goes after the perpetrator,documents containing proprietary information that must be provided to the court could cause even greater security threats in the future.

All parties working on the problem need to be kept informed and up-to-date,even if it means using systems connected to the compromised system.

A(n)____________________ test entails assigning individuals to try to break through the measures and identify vulnerabilities that still need to be addressed.

___________________ software should be installed on each user's personal computer to scan a computer's memory and disk drives regularly for viruses.

The ___________________ should provide guidance to help an organization recognize and deal with ethical issues,provide mechanisms for reporting unethical conduct,and foster a culture of honesty and accountability.

The _________________________ role includes "integrating their organization's ethics and values initiatives,compliance activities,and business conduct practices into the decision-making processes at all levels of the organization."

When dealing with customer data,strong measures are required to avoid customer ___________________ problems.

In most corporations,the ___________________ is responsible for monitoring network security Web sites frequently and downloading updated antivirus software as needed.

___________________ is a broad class of cybercrime that involves the use of computer hardware,software,or networks to misrepresent facts for the purpose of causing someone to do or refrain from doing something that causes loss.

The key to security is to implement a(n)____________________ security solution to make computer break-ins so difficult that an attacker eventually gives up.

____________________ is a set of beliefs about right and wrong behavior.

A completed ____________________ identifies the most dangerous threats to a company and helps focus security efforts on the areas of highest payoff.

Creating a detailed ____________________ of all events also will document the incident for later prosecution.

Why is it important to conduct periodic IT security audits?

A well-developed ____________________ helps keep an incident under technical and emotional control.

List three specific responsibilities of an ethics officer.

Because security incident documentation may become court evidence,an organization should establish a set of document handling procedures using the ____________________ department as a resource.

A(n)_____________________ should be conducted after an incident to determine exactly what happened and to evaluate how the organization responded.

List four tasks that are critical to establishing an effective data privacy program.

A(n)______________________________ is software and/or hardware that monitors system and network resources and activities,and notifies network security personnel when it identifies possible intrusions from outside the organization or misuse from within the organization.

List three potential costs of a security breach.

Define corporate ethics and explain the primary function of a corporate ethics policy.