Policies and Laws chapter2

Flashcards covering key vocabulary terms related to cybersecurity policies, ethics, compliance, and professional conduct in information technology, based on lecture notes.

Morals

Personal principles upon which an individual bases his or her decisions about what is right and what is wrong, shaped by upbringing, religion, culture, and personal experiences.

Ethics

A code of behavior or set of rules defined by the group to which an individual belongs, usually based on generally acceptable norms and set by organizations, industries, or governing bodies.

Law

A system of rules, enforced by a set of institutions, that tells us what we can and cannot do.

Integrity

Acting in accordance with a personal code of principles and applying the same moral codes in all situations.

Bathsheba Syndrome

describe the moral corruption of those in power, often facilitated by a tendency for people to look the other way when their leaders behave inappropriately.

Corporate Social Responsibility (CSR)

organization taking responsibility for the impact of its actions and decisions on shareholders, consumers, employees, community, environment, and suppliers.

Corporate Ethics Officer

(Senior level manager)

(Corporate compliance officer)

who provides an organization with vision and leadership in business conduct, ensuring compliance and maintaining the ethics culture.

Code of Ethics (Code of Conduct)

highlights an organization’s key ethical issues and identifies the overarching values and principles important to the organization and its decision making.

Social Audit

When organization reviews how well it is meets its ethical and social responsibility goals and communicates inew goals for the upcoming year.

Software & Information Industry Association (SIIA)

A trade group that promotes the common interests of the software and digital content industries and provides services in business development and intellectual property protection.

Business Software Alliance (BSA)

A trade group that investigates piracy cases and insider reports for financial rewards, often contacting companies to verify software licenses.

Trade Secret

Information that a company has taken strong measures to keep confidential.

Whistle-blowing

An effort by an employee to attract attention to an act by a company that threatens the public interest.

Conflict of Interest (IT/Client)

A conflict between the IT worker’s (or the IT firm’s) self-interest and the client’s interests.

Fraud

The crime of obtaining goods, services, or property through deception or trickery.

Misrepresentation

The misstatement or incomplete statement of a material fact.

Breach of Contract

Occurs when one party fails to meet the terms of a contract.

Material Breach of Contract

Occurs when a party fails to perform certain obligations, thus, impairing or destroying the essence of the contract.

Bribery

The act of providing money, property, or favors to obtain a business advantage, typically done in secret with an expectation of future favor.

Foreign Corrupt Practices Act (FCPA)

A law that makes it a crime to bribe a foreign official, a foreign political party official, or a candidate for foreign political office, applying to any U.S. citizen or company with shares on a U.S. stock exchange.

Résumé Inflation

Lying on a résumé about one’s qualifications or exaggerating experiences.

Professional

One who possesses the skill, good judgment, and work habits expected from a person who has the training and experience to do a job well, adhering to high ethical and moral standards.

Professional Code of Ethics

A principles and core values that are essential to the work of a particular occupational group, benefiting individuals, the profession, and society.

Certification

A recognition that a professional possesses a particular set of skills, knowledge, or abilities, in the opinion of the certifying organization, often requiring prerequisite education, experience, and passing an exam.

Government License

Permission to engage in an activity or to operate a business, intended to improve information systems and encourage high professional standards for IT workers.

Body of Knowledge

For a given profession, it outlines an agreed-upon set of skills and abilities that all licensed professionals must possess.

Negligence

Not doing something that a reasonable person would do or doing something that a reasonable person would not do.

Duty of Care

The obligation to protect people against unreasonable harm or risk.

Reasonable Person Standard

A standard used by courts to evaluate how an objective, careful, and conscientious person would have acted in the same circumstances.

Reasonable Professional Standard

A standard used to measure the actions of professionals who have particular expertise or competence.

Breach of the Duty of Care

The failure to act as a reasonable person would act.

Professional Malpractice

The liability of professionals who breach the duty of care, resulting in negligent care and injuries.

Ethical Hacking (White Hat)

Authorized hacking activities conducted to test and improve security, identify vulnerabilities, and report findings responsibly with written permission.

Malicious Hacking (Black Hat)

Unauthorized hacking done for personal gain, revenge, or disruption, without consent or authorization, often involving data theft, malware, extortion, or system damage.

Acceptable Use Policy (AUP)

A policy that establishes guidelines for the appropriate use of company hardware and software.

Firewall

Hardware or software that serves as the first line of defense between an organization’s network and the Internet, also limiting access based on internet-usage policy.

Compliance

The state of being in accordance with established policies, guidelines, specifications, or legislation.

Audit Committee

A committee that assists the board of directors with the oversight of accounting practices, regulatory compliance, independence of auditors, and performance of internal audit.

Internal Audit Department

A department responsible for determining the effectiveness of internal systems and controls, verifying assets safeguards, measuring policy compliance, and evaluating information reliability for management.