ITS 321 - Legal and Ethical Issues in Information Technology
Review for First Test
The following questions are provided to help you study for the first test. Do not expect to see these exact questions on the test.
- You should know the distinctions between key words in the chapter. Explain the meanings of:
- What are vices and virtues? Come up with two situations in which the same quality is a virtue in one, but a vice in the other.
- Discuss the concept of respondeat superior, in terms of a rogue employee and in terms of an employee who is "only following orders".
- The text lists five reasons for a company to have a code of ethics. Explain two of these reasons using a company you have worked for or want to work for as an example.
- What is the main requirement established in section 404 of the Sarbanes-Oxley Act of 2002? What are the two main requirements of section 406 of the same act?
- What circumstances would make it useful for a company to release its annual social audit to the public?
- How does establishing ethics training give a company a form of plausible deniability?
- Discuss the differences between the four kinds of ethics listed in chapter 1.
- Why are IT staff not considered professionals under the legal definition? What advantage does that give them?
- How might an employee act unethically with regard to their employer in a way that involves software?
- Why might a company choose to keep something as a trade secret instead of copyrighting it?
- Is a whistle blower acting in an ethical or unethical way? How can you tell?
- What are the requirements listed in the text for an act to be considered as fraud? What is the fifth requirement not listed in the text?
- What would be the difference between a breach of contract and a material breach of contract, with regard to legal remedies that might be sought?
- What is a general definition of a bribe? Under what circumstances is a bribe "legal"?
- What is résumé inflation, explained in simpler terms?
- Name some examples of industry associations that offer certifications for IT workers.
- Explain the meaning of negligence, as it relates to an IT activity.
- Explain the difference between the reasonable person standard and the reasonable professional standard.
- You should be familiar with the terms asset, threat, exploit, and vulnerability with regard to computer security.
- What is a zero day attack?
- Why are employees possible security threats? Explain three ways they could be.
- What is the difference between a cybercriminal and a cyberterrorist?
- What makes an email spam?
- Viruses and worms both infect systems. What is an operational difference between them?
- Why can a rootkit virus be called a privilege elevator?
- What is a denial of service attack?
Why would a botnet be useful for this kind of attack?
- What is the purpose of a firewall?
- What are three elements that appear in the manager's checklist on page 115 that contribute to the value of a security policy?
- Which ammendment to the US Constitution provides protection from unreasonable search and seizure?
What must a warrant state regarding searching and seizing?
- What would be an example of an aspect of employment where the employee should have no expectation of privacy?
- Which law, listed in the text, restricts collection and use of credit information by credit agencies?
- Which law, listed in the text, allowed the same agencies to offer banking, investments, and insurance services?
- Which law, listed in the text, established a format for sharing health information but restricted who it may be shared with?
- Which law, listed in the text, made it a crime to collect personal information from pre-teens without parental consent?
- What did the Patriot act allow the FBI to do without a court order? What must they use instead?
- Discuss some of the suggestions that the text makes about protecting yourself from identity theft. Are any of them practical?
- How do browser cookies relate to consumer profiling?
- Name a recent or famous case of a company whose customer data files were breached by an attacker. What should the customers have done previously to be better protected, and what should they have done when told about the breach?