Uploaded by Jhazel salgado

CSPC54-PRELIM

advertisement
CHAPTER 1
MORAL CODE
 set of rules
 establishes boundaries of generally accepted behavior
 different rules often have contradictions
MORALITY
 social conventions about right and wrong
 widely shared
MORALITY MAY VARY BY:
 age
 cultural group
 ethnic background
 religion
 gender
ETHICS
 set of beliefs about right and wrong behavior
ETHICAL BEHAVIOR
 conforms to generally accepted social norms

VIRTUES
habits that incline people to do what is acceptable
VICES
 habits of unacceptable behavior
BRIBES
made in secret, neither
legally
nor
morally
acceptable
often
made
indirectly
through a third party
encourage an obligation for
recipient to act favorably
toward the donor
PROFESSIONAL ETHICS
 plays a crucial role in the CS profession
 defines the standards and conduct expected from company
secretaries
 ensures:
 integrity
 credibility
 transparency
 trustworthiness
 responsible decision-making
COMPUTER ETHICS
 field of applied ethics
 addresses ethical issues in use, design and management of IT and
in formulation of ethical policies for its regulation in society
COMPUTER PROFESSIONALS
 have ethical obligations to clients, employers, other professionals,
and the public, in fulfilling their professional responsibilities
PROFESSIONAL RELATIONSHIPS THAT MUST BE MANAGED
 client
 supervisor
 employer
 some of developers
 CS users
JOBS FOR CS PROFESSION
1. AI ENGINEER
 create computer systems that can do the tasks humans would
otherwise do.
GIFTS
made openly and publicly as a gesture
of friendship or good will
2.
INFORMATION SECURITY ANALYST
 requires you to ensure computer network security.
made directly from donor to recipient
3.
IT PROJECT MANAGER
 leads a team of computer professionals in projects from
conception to completion.
4.
SOFTWARE DEVELOPER/ENGINEER
 design, develop, maintain software applications.
 involves programming, debugging, and collaborating with
other team members to create functional and efficient
software solutions.
come with no expectation of a future
favor for the donor
SOCIAL AUDIT
 identifies ethical lapses committed in the past
 sets directives for avoiding similar missteps in the future
THEORIES FOR ETHICAL DECISION MAKING
APPROACH
PRINCIPLE (ETHICAL CHOICE)
Virtue Ethics Approach
best reflects moral virtues in yourself
and your community
Utilitarian Approach
produces the greatest excess of
benefits over harm
Fairness Approach
treats everyone the same and shows
no favoritism or discrimination
Common Good Approach advances the common good
CHAPTER 2
CS PROFESSIONAL SUITE
 most comprehensive line of integrated software and services
available to tax and accounting professionals
5.
SYSTEMS ANALYST
 analyze and improve computer systems for organizations.
 work to understand user requirements, design efficient
systems, and ensure that technology solutions align with
business goals.
POSSIBLE CAREERS – CS DEGREE
 web developer
 software engineering
 data scientist
 computer engineering
 computer programmer
 IT security analyst
 database administrator
 game designer
ARE CS WORKERS PROFESSIONALS?
 CS workers are considered professionals.
RELATIONSHIPS BETWEEN CS PROFESSIONALS AND
EMPLOYERS
 a critical aspect of the working environment. Effective
management of this relationship is crucial for both individual
career development and the success of the organization.
 should have a clear understanding of expectations. This
includes job responsibilities, project goals, performance
metrics, and any other relevant criteria. Clear communication at
the beginning of employment helps establish a foundation for a
successful working relationship.
 should work together to identify opportunities for professional
growth. Employers can support their staff by providing training,
resources, and opportunities for skill development. CS
professionals, on the other hand, can express their career goals
and actively seek out learning opportunities that align with the
organization's needs.
 PERFORMANCE EVALUATION
 evaluations to assess the contributions of CS professionals
 constructive feedback during these evaluations helps
professionals understand areas for improvement and reinforces
positive contributions
 regular performance reviews contribute to the professional
development of individuals and the overall success of the team
 ETHICAL CONSIDERATIONS
 CS professionals are expected to adhere to ethical standards
in their work.
 employers should establish a culture that promotes ethical
behavior and provides guidance on navigating ethical
dilemmas.
 CS professionals are responsible for upholding these ethical
standards in their daily activities.
COMMON ETHICAL ISSUES
1. PRIVACY CONCERNS
 DATA PRIVACY: handling and protecting user data
responsibly.
 SURVEILLANCE: balancing the use of observation to
technologies with individual privacy rights.
2.
ARTIFICIAL INTELLIGENCE ETHICS
 AUTONOMOUS SYSTEMS: ensuring ethical behavior in AI
systems, particularly in critical applications like autonomous
vehicles and healthcare.
3.
SECURITY
 CYBERSECURITY: developing
protecting against cyber threats.
secure
systems
and
 ETHICAL HACKING: conducting ethical hacking without
violating laws or privacy.
CHAPTER 3
TYPES OF ATTACKS
1. VIRUS
 pieces of programming code usually disguised as something
else and can cause unexpected, usually undesirable events
 often attached to files, deliver a “payload”
 does not spread itself from computer to computer
2.
3.
4.
WORMS
 harmful programs that duplicate themselves
 negative impact of virus or worm attack
TROJAN HORSES
 programs that a hacker secretly installs
 users are tricked into installing it, logic bomb
DENIAL-OF-SERVICE (DOS) ATTACKS

malicious hacker takes over computers on the Internet and
cause them to flood a target site with demands for data and
other small tasks

computers taken over are called ZOMBIES

does not involve a break-in at the target computer
a. INGRESS FILTERING: ISPs prevent incoming
packets with false IP addresses from being passed on
b.
EGRESS FILTERING: ensuring spoofed packets
don’t leave a network
PERPETRATORS
1. HACKERS
 test limitations of systems out of intellectual curiosity
2.
3.
4.
5.
6.
CRACKERS
 cracking is a form of hacking clearly criminal activity
INDUSTRIAL SPIES
 illegally obtain trade secrets from competitors
MALICIOUS INSIDERS
 due to weaknesses in internal control procedures
 INSIDERS are not necessarily employees
CYBERCRIMINAL
 hack into corporate computers and steal
 engage in all forms of computer fraud
CYBERTERRORISTS
 intimidate governments to advance political/social objectives
SECURITY POLICY
 organization’s security requirements
 controls and sanctions needed to meet the requirements
CHAPTER 4
RIGHT TO PRIVACY
 right of individuals to control their personal information and decide
how it is gathered, used, and shared, the right use of ICT.
HISTORY OF PRIVACY PROTECTION
1. COMMUNICATION ACT OF 1934
 combined and organized federal regulation of telephone,
telegraph, and radio communications.
TWO CATEGORIES OF IDENTITY THEFT
1. TRUE-NAME IDENTITY THEFT
 thief uses PII to open new accounts
2.
2.
3.
FREEDOM OF INFORMATION ACT (FOIA)
 gives any person the right to request access to records of the
Executive Branch of the United States Government.
FAIR CREDIT REPORTING ACT OF 1970
 regulates the collection of consumers' credit information and
access to their credit reports.
LAWS FOR ELECTRONIC SURVEILLANCE
1. FEDERAL WIRETAP ACT
 outlines processes to obtain court authorization
surveillance of all kinds of electronic communications
2.
IDENTITY THEFT TECHNIQUES
1. DUMPSTER DIVING
 retrieving personal paperwork and discarded mail from
dumpsters
2.
PHISHING
 involves using email to trick people into offering up their PII
 PHISHING EMAILS might contain malicious attachments
designed to steal PII or links to fraudulent websites where
people are prompted to enter their information.
3.
SPYWARE
 malicious software that enters a user's computer, gathers
data from the device and user, and sends it to third parties
without their consent
for
EXECUTIVE ORDER 12333
 legal authority for electronic surveillance outside the US
DATA ENCRYPTION
 security method that translates data into a code, or cipher text
 can only be read by people with access to a secret key or password
CRYPTOGRAPHY
 process of encoding information, only sender and intended receiver
can understand it.
 key tool for ensuring confidentiality, integrity, authenticity of
electronic messages and online business transactions.
ENCRYPTION
 process of converting electronic information or signals into a secret
code that hides the information's true meaning.
PUBLIC KEY ENCRYPTION
 method of encrypting or signing data with two different keys and
making one of the keys, the public key, available for anyone to use.
PRIVATE KEY ENCRYPTION
 cryptographic techniques that use the same key for encryption and
decryption
IDENTITY THEFT
 also known as ‘Identity Fraud’
 crime that occurs when someone steals another person’s personal
information and credentials used mostly for monetary gain.
EXAMPLES OF IDENTITY THEFT
 Financial identity theft
 Child identity theft
 Tax-related identity theft
 Senior identity theft
 Medical identity theft
 Identity cloning for concealment
 Criminal identity theft
 Synthetic identity theft
ACCOUNT-TAKEOVER IDENTITY THEFT
 imposter uses PII to gain access to person's existing accounts
LAWS PROTECTING AGAINST IDENTITY THEFT
1. CYBERCRIME PREVENTION ACT OF 2012 (RA NO. 10175)
 the act recognizes the far-reaching implications of crimes
committed on the internet or through computer systems
2.
DATA PRIVACY ACT OF 2012 (RA 10173)
 aims to protect personal data in information and
communications systems both in the government and the
private sector
CONSUMER PROFILING
 marketing method that collects and analyzes customer data to
make a detailed picture of their typical customer.
 COOKIE: piece of data from a website that is stored within a web
browser that the website can retrieve at a later time.
 AFFILIATED WEBSITES: group of websites served by a single
advertising network.
TYPES OF DATA COLLECTED WHILE SURFING THE WEB
1. GET data
2. POST data
3. Click-stream data
EMPLOYERS MONITOR WORKERS
 ensure that corporate IT usage policies are followed
SPAMMING
 use of messaging systems to send multiple unsolicited messages
to large numbers of recipients
Download