Question 1.

Four ethical issues that arise when storing electronic information about individuals involves Confidentiality, Integrity, Availability, and Privacy:

1. Confidentiality is preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information. This basically means we are keeping information secure to only those are allowed to view it by the information owner. Ethical issues arise when companies are unable to keep customer data secure, Internally, an example of this would be developing permissions within a company to limit IT personnel from viewing customer billing information. Externally, an example would be to implement a firewall to keep bad actors out of secure systems.
2. Integrity is guarding against improper information modification or destruction. Ensuring that data a user has entered has not been altered or tampered in any way by unauthorized systems or people. Ethical concerns arise when inaccurate data is stored. An insider threat could alter numbers on a financial sheet and cost a company millions of dollars. Companies can safeguard against this by monitoring audit trails and encrypting data.
3. Availability means that authorized users have timely and easy access to information services. This involves protecting systems from threats such as malicious code, DDOS attacks, and even physical ones such as damage to the electrical grid or theft. Ethical concerns occur when an attack prevents a system from being available to its consumer and impacts essential services such as gas and electricity.
4. When users store data on a site or with a company, they expect that data to be contained and not given to other companies for their use. Ethical issues arise when more data is stored improperly or sold to other companies in turn resulting in identity theft or a violation of the user’s privacy rights.

Ref: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-59.pdf

Question 2.

Cyber security risks exist in every country not just the United States. Usually, unless an attack is state sponsored, bad actors don’t care who or what country they are attacking- they just have a goal of collecting data, stealing money, or disrupting service. In a study conducted by comparitech.com, 75 different countries were reviewed for their cyber security fitness. The least cyber secure countries included Tajikistan, Bangladesh, and China. The types of attacks and risks did vary however, with Tajikistan on the receiving end of the most banking malware attacks, ransomware trojans, and crypto miners coming from outside of their country. While the most secure was Denmark, Sweden, and Ireland. Denmark has been place in the top 10- having zero users attached by mobile ransomware trojans or mobile banking trojans. Where did the U.S fall? The United States fared well, averaging right in the middle between least and most safe.

ref: https:// (www.) comparitech.com/blog/vpn-privacy/cybersecurity-by-country/

I’m interested in cybersecurity mainly because it’s a way to stay in the IT field and upgrade my skills and depth of knowledge. For the previous 12 ½ years I was in the Navy working in the IT field. However, as an IT the job you do is very broad, you’re doing networking, sysadmin, cyber security, and radio comms, as well as managing a group of people – along with a million other things shipboard related. Which means while it’s possible to be a master of all, you’re more likely to be just a jack of all trades.

Which leads me to cyber security and why I landed on it in post-Navy college journey. Towards the end of my Navy career I started preparing myself to get out. In my last year I was able to get COMPTIA Security + and Cyber Security Analyst certified, mainly just to pad my resume and help open up some job opportunities. The material was very dry and I was quite sure I was uninterested in the field. Shortly after getting out I got a job as a System Administrator and actually quite enjoy it. However, I work next to one of the company’s sr cyber security analysts and seeing what he does everyday made me more interested in the field and it encouraged me to go back to school and pursue it as a degree. 

It’s also an industry that isn’t going anywhere anytime soon and one that every other industry relies on. To touch on that a bit more, here are four majors ODU offers: Nursing, Marketing, Elementary Education, and Criminology. How do they involve cyber security you may ask?

Nursing: Working in the medical field, nurses are in direct connection to a patient’s PII and PHI. If you are working in this field it is vital to protect your patients information. That means locking your computer, keeping your passwords protected, and keeping patient information locked down to those who need it. 

Marketing: Marketing teams work directly with cyber security folks to keep customer information secured as well as creating secure websites/accounts. 

Elementary Education: Web security helps keep elementary classroom networks secure, filtering out any sites that may be too adult for children. 

Criminology: Have a crime that’s been committed? Cyber security goes hand in hand with cyber forensics to secure data in a criminal case, as well as help keep the systems that are holding this information secure.