WGU D322 - Introduction to IT Section 8: Ethics

Three Primary Stages of Data

Data at rest, data in transit, and data in use

Data in Use

Where the data was temporarily stored

Data at Rest

Where the server is located

Data in transit

The many locations the data passed through

Ethics

The morals that individuals and organization abide by.

Regulations

Requirements set by governing bodies and can result in penalties, fines, or even criminal charges.

Ethical Considerations

1. Privacy of data

2. Ownership of data

3. Control Access to resources

4. Data accuracy

5. Data Security

HIPAA (Health Insurance Portability and Accountability Act)

U.S policy: Governs access to and control over health data.

Asimov's Three Laws of Robotics

1. A robot may not injure a human being or, through inaction, allow a human being to come to harm.

2. A robot must obey orders given it by human beings except where such orders would conflict with the First Law.

3. A robot must protect its own existence as long as such protection does not conflict with the First or Second Law.

EPSRC

Engineering and Physical Sciences Research Council

AHRC

Arts and Human Research Council

ACM

Association for Computing Machinery

IEEE

Institution of Electrical and Electronics Engineers.

ASA

American Statistical Association

AITP

Association of Information Technology Professionals

AWC

Association for Women in Computing

AAAI

Association for the Advancement of Artificial Intelligence

ABET

Accreditation Board for Engineering and Technology

Organization Culture

Defined by the expectations, experiences, philosophy, and values that guide employees' behavior.

AUP

Acceptable Use Policy - Rules or guidelines for the proper use of technology or digital devices within an organization.

Information Privacy

Refers to the right to control how your personal information is collected, used, and exchanged. Privacy focuses on the use and governance of personal data, ensuring that it is collected, shared, and used appropriately.

Conflict of Interest

It is a situation in which a person has two relationships that might be incompatible with each other.

Confidentiality

A set of rules that limit access to data/information. Implementing access controls is largely responsible for enforcing confidentiality.

1. Create strong password policies

2. Recognize social engineering attacks.

Phishing

A method of capturing victim's valuable information (e.g., username and password, personal identifiable information) by sending emails that mimic real emails from businesses. These emails seemingly request that you reset the password for your account when in reality the attackers capture the victim's input for their own use.

Integrity

Maintained when the data/information is both trustworthy and accurate. Data must not be changed in transit or altered by unauthorized users.

Methods for maintaining integrity include file permissions, user access controls, version control, and redundant systems or copies.

Availability

Refers to ability to provide reliable access to the data/information for authorized user. Best ensured by rigorously maintaining all hardware, testing compatibility with operating systems and installed applications, and keeping systems patched and up-to-date.

CIA Triad

Confidentiality, Integrity, Availability

United States' Security Breach Notification Laws

Govern the action of a company in the case of data records being compromised, lost, or stolen.