Chapter 1 are acts that conform to the law.

QUOTE "Integrity is doing the right thing, even Moral acts:

when nobody is watching". Anonymous conform to what an individual believes to be
What is ethics? the right thing to do.

Every society forms a set of rules that Laws:

establishes the boundaries of generally can proclaim an act as legal, although many
accepted behavior. people may consider the act immoral.
The term morality: Corporate social responsibility (CSR):
refers to social conventions about right and is the concept that an organization should act
wrong that are so widely shared that they ethically by taking responsibility for the impact
become the basis for an established of its actions on the environment, the
consensus. community, and the welfare of its employees.
Ethics: Supply chain sustainability:
is a set of beliefs about right and wrong is a component of CSR that focuses on
behavior within a society. developing and maintaining a supply chain
Software piracy: that meets the needs of the present without
compromising the ability of future generations
a form of copyright infringement that involves to meet their needs.
making copies of software or enabling others
to access software to which they are not Organizations have at least five good reasons
entitled range from strong opposition to for pursuing CSR goals and for promoting a
acceptance of the practice as a standard work environment in which employees are
approach to conducting business. encouraged to act ethically when making
business decisions:
Morals:
• Gaining the goodwill of the
are one’s personal beliefs about right and community.
wrong. • Creating an organization that operates
The term ethics describes: consistently.
• Fostering good business practices.
standards or codes of behavior expected of an • Protecting the organization and its
individual by a group (nation, organization, employees from legal action.
profession) to which an individual belongs. • Avoiding unfavorable publicity.

Law: Philanthropy:
is a system of rules that tells us what we can is one way in which an organization can
and cannot do. Laws are enforced by a set of demonstrate its values in action and make a
positive connection with its stakeholders.
institutions (the police, courts, law-making
bodies).
A stakeholder:
Legal acts:
is someone who stands to gain or lose, • which is of such character that the
depending on how a situation is resolved. output produced or the result
accomplished.
Consistency: IT workers are not recognized as professionals
because they are not licensed by the state or
also means that shareholders, customers,
federal government.
suppliers, and the community know what they
can expect of the organization that it will
behave in the future much as it has in the past.
IT workers typically become involved in many
Although each company’s value system is different relationships, including:
different, many share the following values:
• Employers.
• Operate with honesty and integrity, • Clients.
staying true to organizational • Suppliers.
principles. • Other professionals.
• Operate according to standards of • IT users.
ethical conduct, in words and action. • Society.
• Treat colleagues, customers, and
consumers with respect.
• Strive to be the best at what matters each relationship, an ethical IT worker acts
most to the organization. honestly and appropriately.
• Value diversity.
• Make decisions based on facts and
principles. an employee cannot be required to do
anything illegal, such as falsify the results of a
quality assurance test.
Chapter 2
QUOTE "This above all: to thine own self be
The Business Software Alliance (BSA):
true". William Shakespeare, playwright
is a trade group that represents the world’s
A profession:
largest software and hardware manufacturers.
is a calling that requires specialized knowledge
and often long and intensive academic
preparation BSA:

The United States Code of federal regulations is funded both through dues based on
defines a “professional employee” as one who member companies’ software revenues and
is engaged in the performance of work: through settlements from companies that
commit piracy.
• requiring knowledge.
• requiring the consistent exercise.
• which is predominantly intellectual and
varied.
More than 100 BSA lawyers and investigators The H-1B visa:
prosecute thousands of cases of software
is a work visa that allows foreigners to come to
piracy each year.
the United States and work full-time in
specialty occupations that require at least a
four-year bachelor’s degree in a specific field.

BSA investigations:
Fraud:
are usually triggered by calls to the BSA hotline
(1-888-NO-PIRACY), reports sent to the BSA is the crime of obtaining goods, services, or
Web site (www.nopiracy.org), and referrals property through deception or trickery.
from member companies.

To prove fraud in a court of law, prosecutors

Trade secrecy: must demonstrate the following elements:

is another area that can present challenges for • The wrongdoer made a false
IT workers and their employers. representation of material fact.
• The wrongdoer intended to deceive
the innocent party.
A trade secret: • The innocent party justifiably relied on
the misrepresentation.
is information, generally unknown to the
• The innocent party was injured.
public, that a company has taken strong
measures to keep confidential.

Misrepresentation:

Trade secrets can include: is the misstatement or incomplete statement

of a material fact.
• the design of new software code.
• hardware designs.
• business plans.
Breach of contract occurs when one party fails
• the design of a user interface to a
to meet the terms of a contract.
computer program.
• manufacturing processes.

Material breach of contract occurs when a

party fails to perform certain express or
Whistle-blowing:
implied obligations, which impairs or destroys
is an effort by an employee to attract attention the essence of the contract.
to a negligent, illegal, unethical, abusive, or
dangerous act by a company that threatens
the public interest. Because there is no clear line between a minor
breach and a material breach, determination is
made on a case-by-case basis. “When there
has been a material breach of contract, the QUOTE " The most dangerous criminal may be
nonbreaching party can either: (1) rescind the the man gifted with reason, but with no
contract, seek restitution of any compensation morals". Martin Luther King, Jr.
paid under the contract to the breaching party,
Ransomware:
and be discharged from any further
performance under the contract; or (2) treat is malware that disables a computer or
the contract as being in effect and sue the smartphone until the victim pays a fee, or
breaching party to recover damages.” ransom.

The Reveton ransomware:

Consider the following frequent causes of is delivered by the popular Russian-language

problems in IT projects: Citadel malware toolkit.

• The customer changes the scope of the

project or the system requirements.
An early Reveton ransomware attack made use
• Poor communication between
of a vulnerability in a version of Java that had
customer and vendor leads to
just been patched a month prior.
performance that does not meet
expectations.
• The vendor delivers a system that
Virtualization software operates in a software
meets customer requirements, but a
layer that runs on top of the operating system.
competitor comes out with a system
that offers more advanced and useful
features.
Bring your own device (BYOD):
• The customer fails to reveal
information about legacy systems or is a business policy that permits, and in some
databases that make the new system cases encourages, employees to use their own
extremely difficult to implement. mobile devices (smartphones, tablets, or
laptops) to access company computing
resources and applications.
Bribery:

is the act of providing money, property, or

Exploit:
favors to someone in business or government
in order to obtain a business advantage. is an attack on an information system that
takes advantage of a particular system
vulnerability.
An obvious example is a software supplier
Types of Exploits:
sales representative who offers money to
another company’s employee to get its virus, worm, Trojan horse, spam, distributed
business. This type of bribe is often referred to denial-of-service, rootkit, phishing, spear-
as a kickback or a payoff. phishing, smishing, and vishing.

Chapter 3 Virus:
is a piece of programming code, usually is the abuse of email systems to send
disguised as something else, that causes a unsolicited email to large numbers of people.
computer to behave in an unexpected and
Most spam:
usually undesirable manner.
is a form of low-cost commercial advertising,
sometimes for questionable products such as
A true virus does not spread itself from pornography, phony get-rich-quick schemes,
computer to computer. A virus is spread to and worthless stock.
other machines when a computer user opens
an infected email attachment, downloads an
infected program, or visits infected Web sites. Chapter 4
In other words, viruses spread by the action of
the “infected” computer user. QUOTE " When it comes to privacy and
accountability, people always demand the
former for themselves and the latter for
Worm: everyone else". David Brin, American science
fiction writer
is a harmful program that resides in the active
memory of the computer and duplicates itself. The National Security Agency (NSA):

Worms differ from viruses in that they can an intelligence agency of the U.S. government,
propagate without human intervention, often is responsible for the making and breaking of
sending copies of themselves to other codes used to encrypt sensitive
computers by email. communications, and for the interception of
signals on behalf of the federal government.
Worm Unlike a computer virus, which requires
users to spread infected files to other users.
The Advanced Encryption Standard (AES):

Trojan horse: algorithm is the current state-of-the-art

standard for encrypting top-secret
is a program in which malicious code is hidden communications.
inside a seemingly harmless program.

The program’s harmful payload might be

designed to enable the hacker to destroy hard NSA’s intelligence gathering:
drives, corrupt files, control the computer is limited to the interception of foreign
remotely, launch attacks against other communications.
computers, steal passwords or Social Security
numbers, or spy on users by recording A broad definition of the right of privacy:
keystrokes and transmitting them to a server is "the right to be left alone—the most
operated by a third party. comprehensive of rights, and the right most
valued by a free people".

Email spam: Information privacy:

is the combination of communications privacy • a formal written request by a
(the ability to communicate with others government agency (can be used only
without those communications being if no administrative summons or
monitored by other persons or organizations) subpoena authority is available).
and data privacy (the ability to limit access to
one’s personal data by other individuals and
organizations in order to exercise a substantial Gramm-Leach-Bliley Act (GLBA)
degree of control over that data and its use).
also known as the Financial Services
Topics of Privacy Laws, Applications, and Court Modernization Act of 1999, was a bank
Rulings: deregulation law that repealed a Depression
era law known as Glass-Steagall.15 Glass-
• Financial Data.
Steagall prohibited any one institution from
• Health Information.
offering investment, commercial banking, and
• Children’s Personal Data.
insurance services; individual companies were
• Electronic Surveillance.
only allowed to offer one of those types of
• Fair Information Practices.
financial service products.
• Access To Government Records.

Financial Data:
GLBA enabled such entities to merge.
Fair Credit Reporting Act (FCRA):

regulates the operations of credit-reporting

bureaus, including how they collect, store, and Three key rules that affect personal privacy:
use credit information.

Right to Financial Privacy Act (RFPA):

1) Financial Privacy Rule:
protects the records of financial institution
This rule established mandatory guidelines for
customers from unauthorized scrutiny by the
the collection and disclosure of personal
federal government.
financial information by financial
organizations.

To gain access to a customer’s financial 2) Safeguards Rule:

records, the government must obtain one of
This rule requires each financial institution to
the following:
document a data security plan describing the
• an authorization signed by the company’s preparation and plans for the
customer that identifies the records, ongoing protection of clients’ personal data.
the reasons the records are requested,
3) Pretexting Rule:
and the customer’s rights under the
act. This rule addresses attempts by people to
• an appropriate administrative or access personal information without proper
judicial subpoena or summons. authority by such means as impersonating an
• a qualified search warrant. account holder or phishing.
Fair and Accurate Credit Transactions Act is a federal law that assigns certain rights to
(FACTA): parents regarding their children’s educational
records.
was passed in 2003 as an amendment to the
Fair Credit Reporting Act, and it allows
consumers to request and obtain a free credit
Rights of FERPA include
report once each year from each of the three
primary consumer credit reporting companies • the right to access educational records
(Equifax, Experian, and TransUnion). maintained by a school;
• the right to demand that educational
records be disclosed only with student
Health Information: consent;
• the right to amend educational
records;
Health Insurance Portability and • the right to file complaints against a
Accountability Act (HIPAA): school for disclosing educational
records in violation of FERPA.
was designed to improve the portability and
continuity of health insurance coverage; to
reduce fraud, waste, and abuse in health
Children’s Online Privacy Protection Act
insurance and healthcare delivery; and to
(COPPA)
simplify the administration of health insurance.
any Web site that caters to children must offer
comprehensive privacy policies, notify parents
American Recovery and Reinvestment Act or guardians about its data collection
(ARRA): practices, and receive parental consent before
collecting any personal information from
is a wide-ranging act passed in 2009 that
children under 13 years of age.
authorized $787 billion in spending and tax
cuts over a 10-year period.

Title XIII, Subtitle D of this act (known as the

Health Information Technology for Economic
and Clinical Health Act, or HITECH) included
strong privacy provisions for electronic health
records, including banning the sale of health
information, promoting the use of audit trails
and encryption, and providing rights of access
for patients.

Children’s Personal Data:

Family Educational Rights and Privacy Act

(FERPA):