Course Description:

This course examines ethical issues relevant to computing and information technology, including: privacy; freedom of speech and content control on the Internet; individual and social responsibility; cybersecurity; cybercrimes; social impact of computers and other digital technologies; and ethical obligations of IT professionals. Students will gain a broad understanding of central issues in cyberethics and the ways that fundamental ethical theories relate to these core issues..

Learning Goals:

1)  Analyze ethical problems and make decisions based on ethical principles to solve them

2)  Apply these skills specifically to issues in cybersecurity

Learning Objectives:

1. Analyze ethical problems related to cybersecurity

2. Apply principles learned from ethical theories to cybersecurity case studies

3. Identify the most common ethical issues in the cybersecurity field

4. Deliberate effectively about issues in cybersecurity ethics by clearly articulating a considered opinion in the context of relevant alternatives

5. Explain ethical principles, problems, and potential solutions clearly

Equifax Breach
Since I started my journey of interest in cyber security until this day, I have asked to know what I think about ethical considerations. I have always been apprehensive about those
companies collecting consumer credit reporting; these companies tend to collect information on
credit histories, repayment histories, and borrowers’ information, and based on this information,
the credit reporting agency determines credit scores. I fear this information can be hacked,
especially in the current era. Equifax is a company that holds and gathers from various sources
such as banks, credit card companies, and creditors; this information will asset banks and other
sectors to examine individual’s financial situations and will determine the FICO score that most
people in America compete to move FICO score up. The FICO score will give individuals the
opportunity to apply for loans. For instance, if I wanted to apply for a loan to pay my college
tuition, the bank would request the information (FICO) from companies like Equifax to
determine the loan amount and the interest fee. Nonetheless, these companies are like deer to lion, which means hackers see those companies as gold mining to hackers. In 2017, Equifax was hit by extreme data breaches that affected 147 million people in the United States. As a result of Equifax data breaches, there were many financial losses, identity theft, privacy violations, and trust-free and psychological impacts. Financial losses can be defined as credit card information and potentially the risk of leading to financial fraud, drained bank accounts, and loans under the victim’s name. Identity theft is one of the issues that victims of Equifax experience; Equifax holds victims’ personal information, such as social security numbers and mailing addresses, obtains and applies for loans, and, most importantly, hackers can ruin victims’ credit card history. Privacy violations will make victims feel uncomfortable due to hackers stalking the victim’s moves. Trust-free will make the individual uncertain of trusting anyone within their circle. Lastly, the psychological impact that the victim experienced, such as anxiety and stress. Friedman’s article aroused heated debate and controversy, calling into question long-held
beliefs about corporations’ social responsibility. Friedman also noted that firms must adhere to
legal and ethical standards. He maintained that, beyond these restrictions, firms should not be
expected to pursue ethical or environmental goals unless they directly benefit shareholders.
While some opponents claim that his perspective is minimal and ignores the broader impact of
businesses on society and the environment, others believe it gives a clear and practical
framework for understanding firms’ roles in a capitalist economy. Friedman had perspectives that
the article showed, such as responsibility; Friedman argued that a corporation’s management or
executives are employees of the shareholders and should thus behave in their best interests. This usually involves maximizing profits, as shareholders have invested in the company to receive a return. In addition, Friedman also noted that firms must adhere to legal and ethical standards. He maintained that, beyond these restrictions, firms should not be expected to pursue ethical or environmental goals unless they directly benefit shareholders. Lastly, Friedman cautioned corporations against taking on more significant social duties, claiming that doing so could result in inefficiencies and eventually harm the company and society. He argued that enterprises needed to be more suited to solve societal concerns effectively and efficiently and that doing so would take away from their fundamental economic function. Friedman’s article aroused heated debate and controversy, calling into question long-held beliefs about corporations’ social responsibility. While some opponents claim that his perspective is minimal and ignores the
broader impact of businesses on society and the environment, others believe it gives a clear and
practical framework for understanding firms’ roles in a capitalist economy. Friedman
acknowledged that ethical limitations govern corporate action, noting that enterprises must
follow the law and conform to ethical norms. However, he contended that, beyond these legal
and ethical limits, firms should not be asked to take on more significant social duties unless they
directly benefit shareholders. Friedman believes that while businesses have ethical commitments, their primary economic responsibility is to earn profits for their shareholders while adhering to the rules of the law and established ethical standards. As a result, Friedman ensures that managers or executives behave in the company’s or organization’s best interests. This usually
provides a prosperous outcome.
I wanted to read Anshen due to the similarities in our perspectives. For instance, Anshen
explores the changing link between businesses and society. Anshen contends that firms should
take a more active role in addressing society’s concerns than simply seeking profit. He contends
that the traditional social compact, which prioritizes business maximization and shareholder
value, needs to be updated in today’s complex environment. Anshen advocates a new social
compact in which firms accept greater responsibility for social and environmental challenges. He
pushes for a change toward a stakeholder-centric strategy, in which firms consider the interests
of multiple stakeholders, including employees, customers, communities, and the environment, in
addition to shareholders. Anshen emphasizes the importance of corporate social responsibility
(CSR) efforts and ethical company practices in building trust and ensuring long-term viability.
He believes firms may add value to shareholders and society by connecting their objectives with
broader societal requirements. Anshen advocates for a reevaluation of businesses’ position in
society, asking corporations to adopt a more holistic strategy that helps their bottom line and the
well-being of communities and the environment. Anshen has mentioned integrity and ethical
leadership at all levels of the organization. This involves promoting a culture of honesty,
fairness, and ethical behavior and holding leaders accountable for their actions and decisions.
Anshen supports a comprehensive approach to corporate ethics that considers the interests of all
stakeholders and aims to create long-term value while adhering to ethical standards and societal
norms. Anshen may argue that firms must protect the data they collect from consumers,
employees, and other stakeholders. This includes implementing strong cybersecurity safeguards,
encryption procedures, and data protection rules to secure sensitive information from
unauthorized access or intrusion. Anshen emphasized the value of trust and reputation in commercial partnerships. Data breaches
can undermine trust among consumers, investors, and other stakeholders, resulting in
reputational harm and a loss of credibility. As a result, he may suggest that organizations
prioritize data security and transparency to maintain trust and a good reputation. I think Anshen
had some insight into the legal and regulatory repercussions of data breaches. Businesses may
face legal ramifications, including penalties and litigation if they fail to appropriately protect
customer data or comply with data protection rules such as the General Data Protection
Regulation (GDPR) or the California Consumer Privacy Act. He might emphasize the need for
firms to follow these policies to avoid legal ramifications and maintain ethical standards. Ethical
concerns around data use. He may argue that firms should only acquire and utilize data for legal
objectives and with consumers’ agreement, avoiding unethical behaviors like data mining,
profiling, and selling personal information without permission.

In conclusion, we must apply high standards regarding companies such as Equifax and
TransUnion. These standards must be implemented laws, inspections from our US defense
department, and strict laws that Equifax and TransUnion must follow. Hence, these laws and
regulations will comfort users when sharing their identities with these organizations. I had a

heated argument last week with my company’s chief of technology regarding the firewalls that
we had lately. Weeks ago, we had bidding from the Department of State regarding certain
services that our company conducts. Unfortunately, our state department has not received an
email on the bidding process and procedure. Our chief of technology has implemented new
firewalls and specific cyber devices with suspicious email attachments. Our contact in the
Department of State sent an email with multiple attachments, including zip files; due to our
information technology’s numerous files, the email for suspicious, and the IT department should
have notified me. As a result, we lost the contract, and we tried to speak with our contractor, but
they refused due to fair market share with other competitors. Lately, our company experienced
high cyber attacks due to our high-profile contractors. Since I am a cyber security student, I
understand the reason for my chief of technology concerns, but losing a contract for a year
reminds me of the phrase, “This is a stab in the back.” From our contractor, and our contractor
could not understand even though they understood the safety concerns that similar companies
need to apply. We need guidelines, strict laws, and cybersecurity inspections from our defense
department, and most importantly, people need to know when it comes to cybersecurity
guidelines.

Since I was interested in cybersecurity until this day, I always had an assignment on CIA triads. According to the Coursera article, the CIA is a framework or model cybersecurity experts use when auditing, implementing, and improving systems, tools, and programs for organizations. CIA stands for confidentiality, integrity, and availability of those elements that form the CIA. Confidentiality means protecting sensitive information or data from unauthorized access. For instance, think of the HR department in your organization. Furthermore, HR tends to record employee information such as phone number, address, social security number, performance review, background checks, health related information, pay levels, etc. HR applies confidentiality by keeping employees’ records safe and not allowing unauthorized access to employee’s records. The second element of the CIA is integrity, which keeps confidentiality going. Integrity means maintaining data and keeping the data accurate, trustworthy, and updated. For instance, HR must keep employees’ data secure, updated, and trustworthy. Finally, availability is the third element of the CIA. Availability means the information is accessible to the authorized people and is readable to the authorized whenever the information is requested. For instance, if the CEO of your company requests HR for an employee’s review, HR must be able to provide the CEO with an employee’s review at any time. Haider Abduljabbar CYSE200T 09/17/2023 However, per ODU.odu Ryanmoss article, CIA triad interconnect with authentication and Authorization. Authentication is a way that the system uses to verify the user’s identity. For example, students at ODU have access to DUO authentication, which every student has to have access to; authentication verifies that I, as a student, am eligible to use the ODU website. On the other hand, Authorization is when the user has privileges to access the authenticated website. For instance, I can only access the ODU portal with a DUO application. The DUO application is connected to ODU authentication. Authorization grantees that I can only access specific applications such as Canvas, Leo Learnings, etc. Authorization is the second phase of authentication. In conclusion, when trying to get into the ODU portal, first, you have to have authentication, which in this case, represents the Duo application in the ODU system. Then, students will be authorized only to specific platforms such as Canvas.

Work cited:

Ledesma, Josue “What is the CIA Triad?.” June 16, 2023

https://www.varonis.com/blog/cia-triad
https://sites.wp.odu.edu/ryanmoss/2022/04/19/the-cia-triad-authentication-andauthorization/

https://www.coursera.org/articles/cia-triad

Last week, our CTO at my work changed the firewall in the server room in the office. For some reason, the server room door was slightly opened. I was going to the kitchen when I saw the door and my vice president in the kitchen. She was exhausted, and she told me, “You are studying cybersecurity. Can you hack the company for a few days so we can rest?” I told her, ” Well, the server room door is open. I can hack it easily.”

Unfortunately, sometimes employees can be stressed, overwhelmed, bored, unmotivated, etc. As a result, sometimes employees feel they want revenge from the society. Besides that, sometimes, there is hatred in the workplace that will result in data breaches, especially when the workplace has a toxic environment. Unfortunately, we are using technology in abominable ways. For instance, we encounter a lot of this day, and this is due to hatred of each other. We developed technology and intended to develop ourselves, but as we move forward, we move towards the dark side.

Nonetheless, those employees who hate are bored and exhausted and are called insider threats. As per Poremba in the article of Verizon, an insider threat is a person in an organization who uses their authorized access intentionally or unintentionally to reveal a company’s data. Insider threats can easily access endpoint systems, servers, networks, domains, and all critical network systems. Insider threats are unpredictable and difficult to detect or trace. Per Poremba ins, insider threats can be mitigated by behavior analytics solutions, which typically analyze employee behavior or actions. The trusted employee is difficult to hire, but there are signs that HR should see before hiring employees who might end up in server rooms or crucial roles.

Works Cited:

Poremba, Sue “ What are insider threats? Definition, types, and how to mitigate them.” Sept. 22, 2022

https://www.verizon.com/business/resources/articles/s/the-risk-of-insider-threat-actors/

I recently read “Technology And Responsibility,” by Hans Jonas in 1973. For some reason, I felt Jonas had insight into the future. For instance, Jonas has mentioned a set of ethics that technology must obey. Jonas has mentioned the thesis on the first page: “More specifically, it will be my contention that certain development of our powers the nature of human action has changed, and since ethics is concerned with action, it should follow that the changing nature of human action calls for a change in ethics as well.” (Jonas. P. 1). Jones has mentioned that technology is affecting nature, and its existing and technology effects could reflect the weather, even though Jonas did not know about global warming. Technology is developing, and humans thought the outcome would come up simultaneously and humans thought that effects would show up in a short time. Jonas also mentioned “reshaping techne” which means the singularity in technology. This reminds me of Gene editing, the discussion that we had in this course. Jonas has mentioned that we must think of the outcome. Thus, we must make an adequate framework that considers some ethical aspects or responsible restraint such as human, nature, privacy, etc. Jonas mentioned “Utopian,” which means that technology is moving, and he assumes that it could work for humans and non-humans. In addition, Jonas has mentioned, “One other aspect of the required new ethics of responsibility for and to a distant future is worth mentioning: the insufficiency of representative government to meet the new demands on its normal principles and by its normal mechanics.” (Jonas, P. 51) Agencies that develop technology must hold new ethical considerations, and those ethical considerations must be taken into account.

As you can see, in developing technology, cyber-policy, and infrastructure, we must think thoroughly and take ethical considerations such as nature, humans, privacy, and much more. For instance, technology is not affected by an individual; it is the whole world. Humans must think of the consequences of developing technology. Humans must think thoroughly about all the aspects prior to developing a technology.

Works Cited

https://www.jstor.org/stable/40970125?origin=JSTOR-pdf

Can you be more creative with the password? When the user creates a password, they think of something personal, which, in my suggestion, is entirely wrong. Personal passwords are often the most vulnerable way for users to use. According to the academic article written by Wash, “Good passwords have two goals that are very difficult to meet simultaneously: they must be sufficiently complex, unique, and difficult to guess that attackers cannot crack them, even using brute force (the security goal); and they must be sufficiently simple and straightforward that the user can easily remember them and enter them when they need to (the usability goal)” (Wash, 2021, P. 1 )  According to some of the articles that I have read, a solid and secured password consists with 12 characters. The 12 characters must be upper case, lower case, numbers, and special characters. In reference to the article that was written by Potuck,

“ “guest” beat out “123456” to be the most popular password among Americans in 2022.” (Potuck. 2023, P. 1) Can you believe that we are using “123456” as a password in 2022, where some of us have either heard about cybersecurity or heard about cyber-attacks? In our class, our professor mentioned that we must spread cyber security awareness with our family. Once our families, friends, and grandparents are educated on cyber security awareness, they are protected from cyberbullying or hacking. At least we must educate the close one to choose a strong password. Besides creating a strong password, we need to let them know about MFA (Multi-Factor Authentication), and this will guarantee that our loved ones are secured from hacking. We have gone over cyber hygiene, and I think creating a strong and secure password is one of the best ways to use cyber hygiene. According to Potuck, an example of a solid password could be X5j13$#eCM1cG@Kdc, and if you could look into it closely, there is no personal that is associated with the creator, no meaning, and it is not a complete word. Some websites help you create a strong password, but for some reason, I feel it is not safe to choose a password that a random website generates for you.

As you can see, the password is one of the crucial aspects of cyber security, and our societies do not have the cyber awareness that keeps our society at the water level; some of our people are drowning. There are many challenges that our society is facing with cybersecurity. Unfortunately, we have limited knowledge, especially with our families and loved ones. Those groups are getting affected by the cyber threat. “123456” is one of the passwords that was used in 2022, and this is a big concern towards me as a cyber student.

Work Cited:

Karbauskas, Šarūnas “How to create strong passwords: best practices (2023)” Nov. 5, 2023

https://cybernews.com/best-password-managers/how-to-create-a-strong-password/

Potuck, Michael “Study reveals top 20 most used passwords; 83% can be cracked in a second” May 2, 2023.

Wash, Rick “Prioritizing security over usability: Strategies for how people choose passwords” June 1, 2021

Unfortunately, we live in a world where the knowledge we learn is used against each other. Although Cyber Security was started by Bob Thomas in 1971, now we are seeing the outcome of the internet. Woefully, women who are the beauty of this life are experiencing cyberbullying. Why would cybersecurity choose women as victims? According to the article Security Information, written by Bocetta, “Although an estimated 90% of cybersecurity experts are men, staying safe online begins with good password management.” (Bocetta, 2020, p.1) Men use their cyber knowledge to conduct cyber-attacks against women for sexual harassment; women are more likely to be targeted by stalkers and, sometimes, the attacker’s determinism issue. Implementing cybersecurity awareness classes in high school will have many advantages for the girls in high school. Implementing the cybersecurity class awareness will not allow the attackers to take advantage of the new girl generation.

On the other hand, the US government, with the help of the Department of Health and Human Services, has created a hotline for cyberbullying, and there is a website named StopBullying.gov. The US government strictly announced that cyberbullying must be reported to the local FBI. However, the US government and states have implemented many laws and policies, for instance. In California, there are penalties that cyberbullying could face, such as one to five years in jail, a misdemeanor, and or a $1,000 fine.

On the other part of the world, a country named Iraq. The first country that made law was Iraq. Unfortunately, I was trying to find an article to analyze it, and I saw an article published by the International Journal of Cyber Criminology by Iraqi students. https://cybercrimejournal.com/menuscript/index.php/cybercrimejournal/article/view/73/13

The students were discussing that there is no actual law against women cyberbullying. The Iraqi government is not living in modern life. In the meantime, the people are now ahead of the government. As an Iraqi, I heard there is a hotline for cyberbullying, and police are taking serious steps against cyberbullying individuals, yet there is no law. According to the article, more than 45% of women were victims of cyber attacks. I have advised my nieces to stay off social media, and I advised them to stay on the YouTube kids version. When I go to Iraq, I let my nieces use my phone for browsing Facebook, Instagram, and TikTok. Precautions that I can come up with, and once my nieces have a phone, I will share my experience with them. Professor Leigh advised that we must help our family with new technology, especially the elders and the youngest.

According to Attorney Bergman’s article, cyberbullying symptoms can be that victims will not use their devices, are unwilling to go to school or outside, are angry and depressed, avert usage of discussing social media, and change eating patterns. I believe that this topic has a parallel relation between social science and cyberbullying. Social science means the study of social life and social behavior. On the other hand, cyberbullying is defined as a type of bullying that can be seen through social media. Social science can help us understand the impact of cyberbullying, and recently, we have seen families being divided; each individual has a phone, and we do not communicate with each other. Each individual is in their room and looking at a screen for hours. We have seen bullying in study hall in school, yet cyberbullying was born not too long ago, and we are trying to analyze or find a solution. However,  we can not control human behavior, but we can educate ourselves. Cyberbullying victims need to speak up and never feel guilty towards those illegal groups, and victims need to think of other women. Women must think of others, and this will help society to get rid of the cyber bullies. According to an article published by TechTarget written by Robert Sheldon, “According to their results, 36.5% of the students reported that they had been victims of cyberbullying at some point in their lives (34.1% of the boys and 38.7% of the girls).”

For women, it is difficult to speak up and share their feelings, but in the US, women are gifted that they can speak up. Third, I know it is difficult for women to speak up due to restricted culture, yet some women call the national security in Iraq and file a claim. Regardless of the outcome, the fear that cyberbullies experience when national security knocks on their door is worth it.

https://cybercrimejournal.com/menuscript/index.php/cybercrimejournal/article/view/73/13

Bergman, Matthew “Effects of Cyberbullying.” Sept. 18, 2023

Bocetta, Sam “Are women better at protecting themselves than men when it comes to cybersecurity?” July 22, 2023

Callahan, Claire “THE EFFECTS OF CYBERBULLYING ON THE WELL-BEING OF FEMALE ADOLESCENTS.” (No Date)

Sheldon, Robert “cyberbullying” ( No Date)