WGU D333 Ethics in Technology - Vocabulary Flashcards

Vocabulary flashcards derived from key terms and definitions in the lecture notes.

acceptable use policy (AUP)

A document that stipulates restrictions and practices that a user must agree in order to use organizational computing and network resources.

acceptance

When an organization decides to accept a risk because the cost of avoiding the risk outweighs the potential loss of the risk.

advanced persistent threat (APT)

A network attack in which an intruder gains access to a network and stays there undetected with the intention of stealing data over a long period of time.

agile development

A software development methodology in which a system is developed in iterations lasting from one to four weeks, accepting evolving requirements.

Agreement on Trade Related Aspects of Intellectual Property Rights (TRIPS)

A WTO agreement that requires member governments to enforce intellectual property rights and deter infringement through penalties.

American Recovery and Reinvestment Act (ARRA)

An act authorizing 787 billion in spending and tax cuts over 10 years with privacy provisions for electronic health records and patient rights of access.

annualized loss expectancy (ALE)

The estimated loss from a potential risk event over a year; ALE = ARO × SLE.

annualized rate of occurrence (ARO)

An estimate of the probability that a risk event will occur over the course of a year.

anonymous expression

The expression of opinions by people who do not reveal their identity.

anonymous remailer service

A service that allows anonymity by stripping headers and IP addresses and forwarding the message.

anti-SLAPP laws

Laws designed to reduce frivolous strategic lawsuits against public participation.

antivirus software

Software that scans for virus signatures to detect malware.

artificial intelligence systems

Systems that simulate human intelligence processes including learning, reasoning, and self-correction.

audit committee

A group that assists the board in overseeing accounting, reporting, compliance, and auditor independence.

avoidance

Eliminating a vulnerability to avoid a risk, often the most effective solution but not always possible.

Bathsheba syndrome

Moral corruption of power where leaders act inappropriately and others look the other way.

best practice

A method that consistently yields superior results and is used as a benchmark in an industry.

Bill of Rights

The first 10 amendments to the U.S. Constitution outlining individual rights.

black-box testing

Dynamic testing where the internal workings are unknown and only inputs and outputs are observed.

blended threat

A sophisticated threat combining features of multiple malware types into one payload.

body of knowledge

An agreed-upon set of skills and abilities that licensed professionals must possess.

botnet

A large group of computers controlled from remote locations by hackers.

breach of contract

The failure of one party to meet the terms of a contract.

breach of the duty of care

The failure to act as a reasonable person would act.

breach of warranty

When a product fails to meet the terms of its warranty.

bribery

Providing money or favors to obtain a business or government advantage.

bring your own device (BYOD)

A policy that allows employees to use their own devices to access company resources.

BSA The Software Alliance

A trade group representing software and hardware manufacturers.

business continuity plan

A risk based plan including evacuation, operations continuity, and incident management to minimize impact of security incidents.

business information system

A set of interrelated components that collect, process, and disseminate data.

Capability Maturity Model Integration (CMMI)

A collection of best practices to help organizations improve processes.

CAPTCHA

Completely Automated Public Turing Test to Tell Computers and Humans Apart; tests that humans can pass but computers typically cannot.

certification

Indicates a professional possesses a certain set of skills or that a product meets standards; often voluntary.

Child Online Protection Act (COPA)

An act aimed at prohibiting harmful material to minors, largely struck down as unconstitutional.

Children's Internet Protection Act (CIPA)

An act requiring filters to block obscene material in federally funded schools and libraries.

Children's Online Privacy Protection Act (COPPA)

An act to give parents control over the collection of children's personal information online.

CIA security triad

Confidentiality, integrity, and availability.

clinical decision support (CDS)

Tools to enhance healthcare decision making using clinical knowledge and patient data.

CMMI-Development (CMMI-DEV)

CMMI used to assess and improve software development practices.

code of ethics

A statement of an organization's key ethical issues and guiding values.

coemployment relationship

An employment arrangement where two employers share rights and duties toward the same employee.

CALEA

An act requiring the telecom industry to build tools for lawful intercepts with court orders.

Communications Decency Act (CDA)

Legislation addressing indecent content on the Internet and penalties for violations.

compliance

Being in accordance with policies, guidelines, or laws.

computer forensics

A discipline combining law and computer science to collect and preserve data for legal admissibility.

computerized provider order entry (CPOE) system

An electronic system for physicians to place orders directly to recipients.

conflict of interest

A conflict between self-interest and the interests of a client.

contingent work

A job with no long-term employment contract.

contributory negligence

Plaintiffs' own actions contributed to their injuries.

CAN-SPAM

A law governing commercial email that sets requirements to avoid deceptive practices.

cookie

Text files downloaded to a user’s device to identify them on later visits.

copyright

The exclusive right to distribute, display, perform, and reproduce original works.

copyright infringement

Copying a substantial portion of a copyrighted work without permission.

corporate compliance officer

A senior manager guiding the organization on business conduct and compliance.

corporate ethics officer

A senior manager providing vision and leadership on ethics in business conduct.

corporate social responsibility (CSR)

The idea that organizations should act ethically and consider impact on stakeholders and society.

cost per click (CPC)

A paid media model where advertisers pay when users click an ad.

cost per thousand impressions (CPM)

A paid media model where advertisers are billed per 1000 impressions regardless of clicks.

cyberabuse

Mistreatment or harm via electronic communications.

cyberespionage

Malware used to secretly steal data from organizations.

cyberharassment

Cyberbullying or harassing behavior conducted through electronic means.

cyberloafing

Using the Internet for nonwork activities at work.

cybersquatter

Registering domain names of famous brands to resell at a higher price.

cyberstalking

Threatening or unwanted online advances toward an adult.

cyberterrorism

Using information technology to intimidate to achieve political or ideological goals.

decision support system (DSS)

A business information system to aid decision making.

defamation

A harmful false statement either spoken or written.

Defend Trade Secrets Act of 2016

Federal civil remedy for trade secret misappropriation.

deliverable

Products or documents produced during development stages.

Department of Homeland Security (DHS)

A federal agency tasked with safeguarding the nation from threats.

design patent

A patent that protects the ornamental design of a functional item.

Digital Millennium Copyright Act (DMCA)

Law addressing copyright issues with provisions limiting ISP liability.

disaster recovery plan

A documented process for recovering IT assets after a disaster.

distributed denial-of-service (DDoS) attack

An attack where compromised devices flood a target with traffic to disrupt service.

Doxing

Researching and posting private information about a person online without permission.

duty of care

The obligation to protect people from unreasonable harm.

dynamic testing

QA testing by executing code with test data to compare results.

earned media

Media exposure gained through PR and online activity rather than paid advertising.

Economic Espionage Act (EEA) of 1996

An act to deter and punish theft of trade secrets with penalties for violations.

Electronic Communications Privacy Act (ECPA)

Law protecting communications in transit and stored electronic communications.

electronic discovery (e-discovery)

Collecting and producing electronically stored information for legal actions.

electronic health record (EHR)

A comprehensive, shareable view of a patient’s medical history across organizations.

electronic medical record (EMR)

Health information stored within a single organization’s system.

EPEAT

System for evaluating environmental criteria for electronic products.

electronically stored information (ESI)

Digital information including emails, files, and databases stored electronically.

employee leasing

A business arrangement where a firm leases employees from a leasing firm.

encryption

Scrambling data so that only authorized parties can read it.

encryption key

A value used to transform plaintext into ciphertext and back again.

ethics

A code of behavior defined by a group or organization.

European Union Data Protection Directive

Directive requiring privacy protections and rights for individuals in the EU.

exploit

An attack that takes advantage of a vulnerability in a system.

failure mode

A description of how a product or process could fail to perform.

FMEA

Failure Mode and Effects Analysis; a technique for reliability and quality assessment.

Fair and Accurate Credit Transactions Act

Requires free annual credit reports from major bureaus.

Fair Credit Reporting Act

Regulates how credit bureaus collect, store, and use information.

fair information practices

Guidelines governing collection and use of personal data.

fair use doctrine

Allows limited use of copyrighted material under defined circumstances.

False Claims Act

A law to combat fraud against the government with qui tam provisions.

FERPA

Family Educational Rights and Privacy Act protecting student records.

firewall

A barrier that controls traffic between networks based on policy.