WGU - Introduction to IT - D322 Section 8 Review

Which regulation governs the actions of a company in the case of data records being compromised, lost, or stolen?

Computer Matching and Primary Protection Act of 1988

Security Breach Notification laws

The Electronic Communication Privacy Act of 1986

Digital Signature and Electronic Authorization laws

Security Breach Notification laws

What is part of the role of an IT professional association?

Engages in best practices for information systems

Provides professional standards for ethical behavior

Writes laws dealing with information technology

Engages in best practices for information systems

Provides professional standards for ethical behavior

What is not part of the role of an IT professional association?

Engages in best practices for information systems

Provides professional standards for ethical behavior

Writes laws dealing with information technology

Writes laws dealing with information technology

How can an organization assist employees with the ethical use of information technology?

By developing policies for information usage

By monitoring network throughput

By ensuring databases are backed up

By establishing optimal server performance

By developing policies for information usage

Computer Security

Focuses on protecting data from unauthorized use and the exploitation of stolen data for profit.

Computer Ethics

Moral guidelines that govern the use of computers and information systems.

Computer Privacy

Focuses on the use and governance of personal data, ensuring that it is collected, shared, and used appropriately.

What does the acronym CIA stand for in cybersecurity?

Central Intelligence Agency

Confidentiality, integrity, and availability

Confidentiality, intelligence, accessibility

Cybersecurity, internet, accessibility

Confidentiality, integrity, and availability

Confidentiality [CIA triad]

the rules that restrict access to only those who need to know.

Integrity [CIA triad]

Addresses the level of assurance that can be given as to how accurate and trustworthy data is.

Availability [CIA triad]

Data being available to the people who need it when they need it.

Ways to enforce confidentiality

- Implementing access controls

- Training clients to identify and reduce security risks by doing the following: Create strong password policies and Recognize social engineering attacks.

Social Engineering

a general term that describes any attack that takes advantage of humans' trusting nature.

Ways to maintain Integrity

- file permissions

- user access controls

- version control

- redundant systems or copies.

Ways to ensure availability

- rigorously maintaining all hardware

- testing compatibility with operating systems and installed applications

- keeping systems patched and up-to-date.

Mei is buying equipment from an online retail site, and she finds that she is able to change the price of the equipment from $1,000 to $10.

Which part of the CIA triad has been broken in this scenario?

Confidentiality

Availability

Integrity

None of the above

Integrity

Mei is downloading payment details from the portal of an insurance company when the portal crashes. She is unable to continue the download of records.

Which part of the CIA triad has been compromised in this scenario?

Availability

Confidentiality

Integrity

None of the above

Availability

Mei gets the company's phone service invoice in the mail. The bill was supposed to be for $800, but the receptionist spilled water on it and smeared the ink. The bill now asks for $80.

Which part of the CIA triad has been compromised in this scenario?

Confidentiality

Integrity

Availability

None of the above

Integrity

conflict of interest

a situation in which a person has two relationships that might be incompatible with each other.

Organizations should provide clear outlines on how to handle conflicts of interest.

true

information privacy

the right to control how your personal information is collected, used, and exchanged.

1st commandment of computer ethics

Thou shalt not use a computer to harm other people.

2nd commandment of computer ethics

Thou shalt not interfere with other people's computer work.

3rd commandment of computer ethics

Thou shalt not snoop around in other people's computer files.

4th commandment of computer ethics

Thou shalt not use a computer to steal.

5th commandment of computer ethics

Thou shalt not use a computer to bear false witness.

6th commandment of computer ethics

Thou shalt not copy or use proprietary software for which you have not paid.

7th commandment of computer ethics

Thou shalt not use other people's computer resources without authorization or proper compensation.

8th commandment of computer ethics

Thou shalt not appropriate other people's intellectual output.

9th commandment of computer ethics

Thou shalt think about the social consequences of the program you are writing or the system you are designing.

10th commandment of computer ethics

Thou shalt always use a computer in ways that ensure consideration and respect for other humans.

Asimov's Three Laws of Robotics

1. A robot may not injure a human being or, through inaction, allow a human being to come to harm.

2. A robot must obey orders given it by human beings except where such orders would conflict with the First Law.

3. A robot must protect its own existence as long as such protection does not conflict with the First or Second Law.

EPSRC

Engineering and Physical Sciences Research Council - creates knowledge in engineering and physical sciences for UK capability to benefit society and the economy.

AHRC

Arts and Humanities Research Council - funds outstanding original research across the whole range of the arts and humanities.

Engineering and Physical Sciences Research Council (EPSRC) and the Arts and Humanities Research Council (AHRC) of Great Britain's set of five ethical "principles for designers, builders and users or robots:"

- Robots should not be designed solely or primarily to kill or harm humans.

- Humans, not robots, are responsible agents. Robots are tools designed to achieve human goals.

- Robots should be designed in ways that assure their safety and security.

- Robots are artifacts; they should not be designed to exploit vulnerable users by evoking an emotional response or dependency. It should always be possible to tell a robot from a human.

- It should always be possible to find out who is legally responsible for a robot.

IEEE

Institute of Electrical and Electronics Engineers. A professional organization that develops communications and network standards, among other activities.

ACM

Association for Computing Machinery

Membership organization for computing professionals

Provides resources

Professional development

Promotes policies and research for the benefit of society

AUP

Acceptable Use Policy - Rules or guidelines for the proper use of technology or digital devices within an organization.

AITP

Association of Information Technology Professionals - a professional association that focuses on information technology education for business professionals.

Network Types

Personal area network (PAN)

local area network (LAN)

wireless LAN (WLAN)

metropolitan area network (MAN)

virtual private network (VPN)

wide area network (WAN)

virtual LAN (VLAN)

home network

Role of Organizational Culture

ethical values and norms help organizational members resist self-interested action and realize they are part of something bigger than themselves.

Role of IT professional associations

- Publish professional journals, develop standards of professional ethics and excellence, and raise public awareness.

- support single disciplines through educational and informational missions.

Role of Government Regulations in Ethics

to represent and protect individuals from computer crimes and abuse of technology

IT Law Organizations

- Computer Professionals for Social Responsibility (CPSR)

- Federal Communications Commission (FCC)

- Institute for Telecommunication Sciences (ITS)

- National Institute of Standards and Technology (NIST)

- National Security Agency (NSA)

Computer Professionals for Social Responsibility (CPSR)

promotes the responsible use of technology through education.

Federal Communications Commission (FCC)

an independent U.S. government agency that regulates communications by radio, television, wire, satellite, and cable.

Institute for Telecommunication Sciences (ITS)

the research and engineering laboratory of the National Telecommunications and Information Administration (NTIA). It promotes the development of advanced telecommunications and information infrastructure in the United States.

National Institute of Standards and Technology (NIST)

promotes the development and deployment of systems that are reliable, usable, interoperable, and secure; advances measurement science through innovations in mathematics, statistics, and computer science; and conducts research to develop the measurements and standards infrastructure for emerging information technologies and applications in the United States.

National Security Agency (NSA)

the U.S. government agency that is responsible for the health and security of American vital data and networks. Some examples may be confidential resources stored at the Department of Defense, networks responsible for the U.S. power grid, and military operations.

US Federal IT Regulations

- Computer Fraud and Abuse Act

- Electronic Communication Privacy Act

- Communication Assistance for Law Enforcement Act

- Anticybersquatting Consumer Protection Act

- Federal Information Security Management Act

- Health Insurance Portability and Accountability Act

- Section 508 of the Rehabilitation Act

- Family Educational Rights and Privacy Act

- Computer Matching and Privacy Protection Act

- Digital Millennium Copyright Act

Electronic Communication Privacy Act

Confirms an individual's right to private communication, making it illegal for ISPs to share information about clients' communication

Computer Fraud and Abuse Act

Prohibits intentionally accessing a computer without authorization or in excess of authorization; the anti-hacking law

Communication Assistance for Law Enforcement Act

Requires U.S. telecommunications carriers to modify their equipment to accommodate law enforcement tabs

Anticybersquatting Consumer Protection Act

Protects U.S. organizations from purchasing domain names that are identical and confusingly similar to a trademarked name

Federal Information Security Management Act

Requires each U.S. federal agency to develop, document, and implement an agencywide program providing information security

Health Insurance Portability and Accountability Act

Provides U.S. federal protections for personal health information and gives patients' rights with respect to their health information

Section 508 of the Rehabilitation Act

Requires the U.S. Federal government's information and communications be accessible to persons with disabilities

Family Educational Rights and Privacy Act

Gives U.S. students a right to their own protected records, and prevents colleges from sharing student information without explicit authorization

Computer Matching and Privacy Protection Act

Requires written agreements between agencies before data for use in matching programs can be shared

Digital Millennium Copyright Act

Specifies the rights of copyright owners and users of digital media

Mei's medical office is looking for a system to manage the electronic health records of its patients and has published a request for proposals (RFP). Tom, Mei's brother, is managing a team at a large software producer that has decided to bid for the contract to provide a solution for the medical office.

What could Mei and Tom do to avoid possible conflicts of interest?

Choose 3 answers.

Tom should resign from the software production company.

Tom and Mei should not discuss details of the contract outside official channels.

Mei should not disclose details of offers by any respondents to the RFP.

Both Tom and Mei should disclose the conflict of interest.

Tom and Mei should not discuss details of the contract outside official channels.

Mei should not disclose details of offers by any respondents to the RFP.

Both Tom and Mei should disclose the conflict of interest.

The medical office is hiring a support specialist to assist Mei in managing the technology supporting business operations. Dozens of qualified candidates have applied, including the daughter of the office's receptionist, Mary. Mary and Mei are good friends outside of work.

How could Mei stay objective in the selection of the new technical support specialist? What can she do to avoid pressure from her friend Mary?Select all that apply.

Mei should use the same selection criteria for all candidates.

Mei should not discuss the job with Mary.

Mei should ask a colleague to interview Mary's daughter.

Mei should ask a colleague to sit in on the interview with Mary's daughter.

All of the above

The medical office treated A.J. three days ago. Today, the police are in Mei's office asking for A.J.'s medical records.

What information can Mei release without a warrant? Choose 2 answers.

Mei can disclose information about A.J. only with a warrant.

Mei should only follow HIPAA guidelines and disclose information about A.J. to law enforcement.

Mei should follow the protocol advised by the medical council of her state.

Mei should follow both HIPAA and state privacy protocols.

Mei should follow the protocol advised by the medical council of her state.

Mei should follow both HIPAA and state privacy protocols.

When you visit the website for Mei's office, the site (like many other websites) has the capability of recording data, called cookies, on your computer indicating that you have visited that site. These cookies can then be used to identify return visitors and to record other activity so that future visits to the site can be handled more efficiently. The cookies on your computer also provide a record of the sites that you have visited.

Should the website for Mei's office have the capability to record cookies on its patients' computers?

Yes, as long as the patient regularly clears cookies from their machine.

No, patient information could be leaked.

No, they impede the user interaction with the website.

Yes, the cookies allow a web application to respond to the user as an individual.

Yes, the cookies allow a web application to respond to the user as an individual.

Reflect for a moment about ethics, then respond to the following question.

As an IT professional in a situation that might compromise data security, which of the following is an advantage of having an explicit professional code of conduct?

- It provides a legal mechanism for prosecuting unethical people.

- It outlines what is not acceptable use of computers.

- It clarifies the recommended acceptable standards of behavior for a professional group consisting of a wide variety of people.

- It can be used by companies to train professionals how to act.

It clarifies the recommended acceptable standards of behavior for a professional group consisting of a wide variety of people.

Which of the following would be a disadvantage of an ethical code of conduct?

Choose 3 answers.

It has no legal impact.

It is entirely voluntary.

It is legally binding.

It may not apply to new issues.

It has no legal impact.

It is entirely voluntary.

It may not apply to new issues.