Complete Chapter Review questions 1- 11 p 313

 

  1. What are ethics? What are two broad categories of ethics? What approach does each category take? What are examples of each category of ethics? What is the difference between ethics and the law?

Ethics refer to a system of moral principles that can be used by human beings in judging right and wrong and in developing rules of conducts. The two broad categories of ethics are;

  1. The natural laws and rights. This refers to where actions are judged to be ethical or unethical according to how well they adhere to broadly accepted rules derived from natural laws. They include though shall not kill, right to privacy, right to free press etc.
  2. Utilitarianism. This refers to where actions are ethical or unethical basing on their consequences and outcomes. They include the needs of the many outweigh the needs of the law and the greatest good for the greatest number.

Difference between Ethics and Law

  • Some laws have less to do with ethics and instead result from the pushes and pulls of lobbying efforts and political pressure.
  • Laws don’t cover all ethical principles, so just because an action is legal does not mean it is ethical. For instance, depending on the circumstances, lying might be legal but at the same time grossly unethical.

 

 

  1. What is intellectual property (IP)? What are the information ethics associated with IP? What is the impact of digital media on the information ethics of IP? What are examples of technologies used to control access to digitized intellectual property?

Intellectual property (IP) refers to intangible assets like the music, art, movies, written work, creative ideas, software, designs, inventions, discoveries and any other expressions of the human mind that can be protected legally by means of copyrights or patents.

Some of the information ethics related to Intellectual Property include;

  • Intellectual property rights
  • Hacking
  • Plagiarism
  • Parasitic computing and
  • Spam

Digital rights management (DRM) is a technology that have been developed by software developers, publishers, media companies and other intellectual property owners in order to be used in to control access to their digital content. One of the schemes require end users  to first connect to a content service to request the material; a request is then sent to another server to obtain the license for actually viewing. This enhance security of digital information hence reserve intellectual property rights.

Some of the technologies used in protecting digital Intellectual property include the use of digital rights management (DRM) used by developers, publishers, media companies etc. and the iTunes Match service used by Apple.

  1. What is plagiarism? What are the information ethics associated with plagiarism? What is the impact of digital media on the information ethics of plagiarism? What are examples of technologies used to detect plagiarism?

Plagiarism refers to a type of an intellectual property theft that mushroomed with an online “cut-and-paste” and it involves reproducing the words of another and passing them off as your own original work without crediting the source. this act have resulted in scandals that have tarnished some of the prominent authors as one copies their work without citing the source making the work appears theirs. Digital media have made it possible to track plagiarism although the internet have made plagiarism possible, but have provided an easy way to track it. Turnitin.com is one of the technologies that is used in checking originality of the work and it is a service that color codes documents submitted to it showing the sources of passages that match existing written work.

 

  1. What is information privacy? What is anonymity? What are strategies that may be used to achieve anonymity on the Internet?

Information privacy refers to the protection of data about individuals. Anonymity on the other hand refers to a feature that is common to online games and public discussion forums. It is mainly important for whistleblowers, police tipsters, news sources and political activists in oppressive regimes.

Achieving online anonymity

Online identity can be obscured using fake names, nicknames, free email and public computers and deletion of the online tracks makes it challenging. This makes any network connection to demand a handshake between the device and the server in order for the IP address of the device along with its location to be exposed. Hiding of that information normally requires handling off the transmission to a proxy which is an intermediary server that receives and analyzes requests from clients and then directs them to their destinations, the transmission the appears to be coming from the proxy and not the actual sender.

 

  1. Why do organizations implement surveillance? What are the advantages of surveillance? What are the disadvantages of surveillance?

Organizations implement surveillance for the following reasons;

  • The organization is concern about the liability of the employer for allowing harassment or hostile work environments
  • Organizations need to protect security and confidentiality
  • Organizations are concern about employee productivity and cyber slacking
  • In order to meet concerns about bogging down corporate servers with personal files

Advantages of Surveillance

  • It helps in holding employees responsible for their offensive online behavior by their employer.
  • It is also important for security reasons about trade secrets as the employers keep tabs on communications
  • Helpful in preventing leaks

 

Disadvantages of surveillance

  • It can sometimes cause a drop in productivity as it suggests lack of trust between the management and the staff
  • Monitoring employees result in suffering more of stress that can result in an increase in absenteeism hence lowering productivity

 

  1. What are the steps that organizations take in order to manage information security risks and build a risk matrix? What is involved in each step of this process?

Steps to manage information security risks

  1. Identifying threats. This can be done by asking the following questions; what information needs protection? What are the major threats from inside or outside the organization? What are the organization’s weaknesses, strengths and vulnerabilities? What would be the impact of any particular risk? How likely are each of the risks? And what controls can be used to mitigate risks?
  2. Assessing Vulnerability. This is where an organization examine vulnerability of the risk assessment in order to determine how effective its existing security measure are. These include the following questions; are employees ignoring warning not to share passwords? Does the information system maintain a log of every access attempt? Are administrators alerted about water in the data center? Etc.
  • Taking Administrative Security Controls. This include all the processes, policies and plans that an organization creates to enhance information security and ensure that it can recover when danger strikes.
  1. Undertaking technical security controls. This involves the use of available technologies that protect information assets in the following ways; deterring any attack, preventing any attack and detecting that an attack occurred.

 

  1. What are the two types of threats to information security? What are examples of each type of threat?
  • Distributed denial of service-this is where zombies are directed to flood a single website server with rapid-fire page requests, causing it to slow to a crawl or just crash.
  • Malware and Botnets- these are human made threats pound to servers and computers everyday with automated attempts to install all types of malware. Examples of such malware include computer viruses, spyware, key logger, worm and Trojan horse.
  • Phishing attacks- this type of attack starts with email luring users to click on the link. This leads them to a link that appears to be genuine and this force them to type in their social security number and other personal details leading to their personal details exposed and anything can happen. The person will start receiving email messages on employment and others that needs to reset account and password.

 

  1. What are information security vulnerabilities? How do organizations assess vulnerability?

Information security vulnerabilities refers to where an organization determine how effective its security measures are. These include asking the following questions; are employees ignoring warnings not to share passwords? Does the information system maintain a log of every access attempt? Are administrators alerted about water in the data centers and many other questions that aids in assessing the likelihood of a threat occurring.

 

  1. What are examples of administrative controls that organizations implement to improve security?

Administrative security controls include all processes, policies and plans that an organization creates in order to enhance information security and to ensure that it can recover when danger strikes. They include;

  • Account management- the organization needs appropriate approvals for requests in order to establish accounts.
  • Access controls- the organization defines the information to be encrypted or stored offline in a secured location. At the same time, organization defines the privileged commands for which dual authorization is to be enforced.
  • Information inflow- this is where organization defines the security policy that determines what events required human review.
  • Separation of duties- this is where the organization separates duties of individuals as necessary to prevent malevolent activity without collusion.

 

 

 

  1. What are examples of technical controls that organizations implement to improve security?

Some of the important tasks that available technologies protect information include deterring attacks, detecting that an attack have occurred and preventing any attack. Some of the technical controls available include;

  • Authentication strategies- this is a technical control used in preventing unauthorized access and is drawn on technologies that can authenticate people and determine what access privileges they should be granted.
  • Encryption- this is a powerful technical control that is used in protecting sensitive data. It transforms data into an unreadable form using mathematical formulas so the no one can read it unless they know the key to unscramble them.
  • Intrusion prevention and detection systems- these are tools used in preventing unauthorized traffic from entering the network and to detect any intrusions that make it through.
  • Use of firewalls- this is a technical control that inspects incoming and outgoing traffic and either blocks or permits it according to the rules the organization chooses.
  • Blocking spam

 

 

 

 

  1. Why is human behavior often the weakest link for information ethics, information privacy, and information security? What are examples of strategies that organizations can implement to counteract the weaknesses in human behavior and decision making that have a negative impact on information security and privacy?

Human being are great threat to security due to the following reasons;

  • Cognitive issues and productivity. This are some of the actions done by humans that result in calamities and they include turning off their security features in a computer in order to install a software. Others include creation of weak passwords that can easily be guessed and reducing complexity by using less passwords to enter the system (single sign in).
  • Social engineering and information security- social engineering can influence people into breaking normal security procedures or to divulge confidential information.

Strategies done to ensured security of information

  • Creation and use of secure passwords. This is done by not including personal information like names, addresses or phone numbers, not using real words, mixing different character types, changing password every 30 to 60 days etc.
  • Use of several layers of security that should be logged in to access information
  • Ensuring that employees are aware of security and ethical decision making