Understanding Ethics

What is ethics?

Ethical theories

Examples of and resolving ethical dilemmas

Ethical reasoning

The Importance of Integrity

Ethical Decision-Making

Cyber liability: Discrimination, harassment, obscenity and pornography, defamation and libel, information leaks, spam

Ethics in Business and Information Technology

History of business ethics

Unethical behavior

Building and operating an ethical business

Ethics for IT professionals and IT users

Why Fostering Good Business Ethics Is Important

Improving Corporate Ethics

When Good Ethics Result in Short Term Losses

Creating an Ethical Work Environment

Definition of an IT Professional

Professional Relationships That Must Be Managed

Professional Codes of Ethics

IT Users and Common Ethical Issues

Supporting the Ethical Practices of IT Users

Professional Organizations

Corporate Social Responsibility

Management ethical responsibilities

Triple bottom line

Employer/Employee Issues

Educating employees

          -Non-traditional workers

          -Contingent workers

          -H-1 B workers

          -Offshore outsourcing

Corporate Governance

What is corporate governance?

Effective corporate governance

Fiduciary responsibility

Role of Government

Foreign Corrupt Practices Act

Defense industry initiatives

U.S. Federal Sentencing Guidelines for Organizations and Revisions

Sarbanes-Oxley Act

Blowing the Whistle

Ethics of whistle-blowing

Duty to respond

Risks of whistle blowing

Protection for Whistle Blowers

Dealing with a Whistle Blowing Situation

Ethics and Technology

Intranets and extranets

Privacy of personal information and the law

-Key privacy and anonymity issues

-Data encryption

-Consumer profiling and handling consumer data

-First amendment rights

-Key freedom of expression issues

Controlling Access to Information on the Internet

Anonymity

Defamation and Hate Speech

Pornography

Electronic monitoring/surveillance of workplace

The Right of Privacy

Recent History of Privacy Protection

OECD privacy guidelines

Spamming

Carnivore

Advanced Surveillance Technology

Intellectual property

Types of intellectual property

-Copyrights

-Patents

-Trade Secret Laws

Reverse engineering

Uniform Computer Information Transactions Act

Competitive intelligence

Cybersquating

Computer and Internet Crime

Cost of Computer Crimes

Types of Attacks: 

-Packet-sniffing

-Perpetrator types

-Keystroke loggers

-Phone monitoring

-Video surveillance

-Smart ID cards

-Psychometric testing

-Worms and viruses

-Trojan Horse

-Zombies

-Denial of Service

-File infectors

-System or boot-record infectors

-Macro viruses

-IT security incidents

Perpetrator Types:  hackers, crackers, insiders, industrial spying, cybercriminals, cyberterrorists, malicious insiders

Reducing vulnerabilities

Risk Assessment

Prevention:  firewalls, anti-virus software, ingress, egress, filtering

Detection

Response:  IT audits, Backup and Recovery procedures

Establish A Security Policy: Top 10 Internet Security Flaws, Management procedures that define expectations and required employee behavior

Educate Employees, Contractors, and Part-Time Workers

Ethics and Globalization

-Multinational corporations

-Ethical relativism

-Global code of conduct

-UN Global Compact

-Organization for Economic Cooperation and Development Guidelines for Multinational Enterprises

Doing what is right in a competitive market

Establishing a code of ethics

Ethics training

Ethics and compliance officers

Promoting ethical behavior

Monitoring ethical behavior

Discussion of Professional Ethics Codes

-Ten commandments of Computer Ethics

-Enron Code of Ethics

-Triple Bottom Line Accounting

-Association for Computing Machinery Code of Ethics and Professional Conduct

-Association of Information Technology Professionals Code of Ethics

-Software Engineering Code of Ethics and Professional Practice

-Institute of Electrical and Electronics Engineers Code of Ethics

-Institute of Internal Auditors Code of Ethics

-American Society of Civil Engineers Code of Ethics

Additional Information

Telecommuting

Thin and thick consent

Vicarious liability

Planning for redundancy

Reliability

ISO 9000 documentation of standards

Access controls in file and directory permissions

Encryption technology to verify information

Card verification value

Transaction risk scoring software

Smartcards

Creating rolls and user accounts so users have authority to perform responsibilities but no more

Separating responsibilities

Rotating people in sensitive positions

Procedures to ensure security of the AIS:

Immediately deleting accounts, logins and passwords of departing employees

Blocking mail with executable attachments

Verifying backups to enable full, quick recovery of data

Responses to intrusion

Regaining control

Notifications

Documentation of security incidents in logbook including chronology of events, personal involved, etc.

Incident containment

Incident eradication of virus and contaminated information

Documentation of cost of incident

Security policy that includes what needs to be done, how to do it, and how to report violation of policy

When to report a security breach and to whom

Auditing and monitoring topics:

-Conducting periodic IT security audits to see if security policy is being followed

-Intrusion detection systems to monitor and notify if there is a possible instruction (knowledge based and behavior based systems)

-Compare current activity with normal system behavior

-Network based honeypots

-Test system safeguards to ensure correct operation