report
My topic
Censorship in Education (Limiting course topics)
Scenario: The president of a university has been approached by a very large donor who is offering to donate 250 million dollars to the university. But the donor insists he will not give any money if the school continues to offer certain literature courses that he considers distasteful. The president is considering accepting the donation even though it means adhering to the donor’s conditions.
Dilemma: Is it ethical for the president of the university to accept the donation?
IS 350 – Final Project
Ethical Case Analysis of Your Current Events Topic
Due Dates
Aims
Confirm that you are able to conduct an ethical analysis of a socio-technical scenario
(a computing-related issue that affects people).
Confirm that you are able to use the ethical theories and professional codes of ethics we have learned to analyze a socio-technical scenario.
Preparation
Review Week 2 slides on doing an ethical analysis and watch the 5-video series on How to Do an Ethical Analysis., Then practice doing an ethical case analysis on some cases from class or the Quinn text.
Project – Analysis Format
Citation Note:
If you utilize materials you’ve found, be sure use
inline citations
(e.g., [1] or superscripts1) at the appropriate places within your statement and analysis sections that refer to the references in a bibliography.
Identification Section
Include “IS 350 Final”, and your name, section of IS 350 and current events
topic
, as part of the first page.
Statement Section
Describe your Current Events scenario, giving any necessary background on your current events topic. This section should be at least two full paragraphs.
Copy/paste your assigned scenario and dilemma
Explain your scenario in enough detail so the rest of the analysis is clear. Include any additional information necessary for understanding the rest of your analysis (including, if necessary, any background information regarding your current events topic). You may modify and use appropriate text from your midterm.
Let the reader know why your topic is an important topic to the Computing field.
Clearly state the ethical issue(s) that arise in your scenario.
Analysis Sections
Format:
As you know, an ethical analysis includes the following sections. Write each section separately, marked with its own section title. You must include your Scenario and Ethical Dilemma in the beginning of the document as noted above.
Unique Analysis:
Everyone’s analysis will be different. Your scenario will lead you to identify its particular moral agents, stakeholder, courses of action and consequences. You will uniquely apply the ethical theories to your scenario and choose the most relevant clauses from the codes of ethics for it.
Identify the moral agents (agency).
What of value is at stake?
Who/what are the stakeholders and briefly explain why each is a stakeholder?
2 possible courses of action (the moral agent doing the action of the scenario and the. moral agent not doing the action of the scenario).
Start a new paragraph for each. Begin that paragraph by stating:
“A possible course of action is XXX”
.
Describe the course of action clearly enough for the reader to understand your analysis.
Be sure that one course of action is the action in the scenario and another course of action is not doing the action in the scenario
.
Consequences associated with each course of action for each stakeholder.
Analyze the scenario by applying the 5 objective ethical theories
You will need 5 clearly marked subsections, one for each theory (Kantianism, Act Utilitarianism, Rule Utilitarianism, Social Contract Theory, Virtue Theory). How to apply each theory is shown in the assigned materials for Weeks 2 and 3.
You are to analyze the scenario based on the premise that the Moral Agent does the action.
Identify relevant clauses. in the two Codes of Ethics. Explain why each is relevant and if the clause is violated or not and why that is so You will need 2 clearly marked subsections, one for the
ACM Code of Ethics
and the other for the
Software Engineering Code of Ethics.
You must have a
minimum
of
three
(3) clauses from
each Code of Ethics
.
Give the clause number, summarize the actual clause
and then state
how
and
why
each would apply to this situation.
The clauses in the codes are generic enough that several codes can easily apply.
(Warning: Do not state that no clauses apply because they are software related if your case study is not about software. There are broader principles that do apply because your ethics scenario does concern computing and/or the design of systems with socio-technical aspects.
Which concrete action do you would recommend (supported by your analysis). This must be one of the actions proposed in number 4 above. Justify by clearly explaining why. State specific results of the analysis that support your recommendation
Bibliography: The bibliography is not part of your page count BUT must include at least three (3) sources. Use APA or MLA format – see the “Understanding Citations” link on Canvas.
Deliverables, Length, Format, Timing – What to Submit on Canvas
Your analysis deliverable may be any length up to 9 pages (not counting the bibliography). Format this double-spaced with one-inch margins all around, 12-point font, Times New Roman.
Late submissions will not be accepted unless there are extenuating circumstances
and
prior approval of the instructor has been received.
SUBMIT ONE DOCUMENT CONTAINING YOUR ANALYSIS to TurnItIn by using the link in the Canvas module for the Final Report. You will also have to copy and paste the sections in your document to the Final Report for Grading assignment to actually receive a grade.
Notes
Use the Grading Rubric (posted on Canvas) as a checklist to double check your report.
You must use the subject headings and subheadings from sections 1-9 above
Late submissions WILL NOT be accepted and will be given a grade of zero.
You must submit to both links on Canvas (one for Turnitin and one for grading) or your report will receive a grade of zero.
Here is just sample do not use this for my scenario
Final Report Sample - What would be submitted to Turnitin
IS350 sample Final paper – DO not copy this a sample of a paper that would ne submitted to Turnitin.com
IS 350 Final –Corporate Breaches
Statement
Corporate and government breaches and theft of personal information are becoming more common. Security breaches of information systems expose personal data that puts people and their finances at risk. Currently, there is little guidance on how companies should handle data breaches. The government is considering adding guidelines and regulations to protect the public.
People and corporations are becoming increasingly comfortable using technology to save time and money. Corporations are using technology to enhance profit margins by cutting the cost of their services thru increased efficiencies and reductions in their work force. People have busy lives, technology offers them a way to save time. They don’t have to stand on bank lines or mail their income tax statement, no more trips to the mall fighting traffic and crowds, a click and it’s done. The basic nature of these services require corporations to maintain more information about their customer’s financial situation. These days information is money. You ask a bank robber, why did you rob the bank? They will answer, because that’s where the money is. Why do bad actors breach companies? Because that’s where the information they want resides. A corporate breach is when a bad actor, internal (employee) or external person (hackers and cybercriminals) breaks into a company’s network and takes customer names, financial records, debit or credit card information or medical records. Sometimes the theft of the information is held for ransom, most of the times though, it is used to impersonate the person with the goal of obtaining financial gains.
When people’s financial information is compromised they lose buying power, their credit rating might be affected, legal fees and protection costs are incurred, and they will endure stress and uncertainty for countless days. The issues surrounding credit and securing their financial information will take years to untangle, if it ever does. [1]
In July 2017, cybercriminals penetrated Equifax servers and stole the personal data of 145 million customers. Equifax, one of the largest rating bureaus, announced to the public six months after the breach that the names, home addresses and social security numbers of many of its customers were compromised. As reported by the Washington Post, in late February 2018, Equifax acknowledged that an additional 2.5 million customers were affected by the breach. By delaying the communication of a breach to customers, significant personal and financial damage occurs and the company is publicly scrutinized. Corporations will try to protect their self-interest and the interests of their stockholders before their customers.
The CEO of Equifax has to decide to whether they should immediately inform customers of the breach or not.
Analysis Sections
1) Identify the moral agents (agency)
The moral agents for this analysis is the CEO of the company. He/she makes the decision as to when and how the public is informed.
Everyone else is a potential stakeholder but NOT a moral agent as they have no part in the decision of the CEO.
2) What is at stake?
Our modern society is facing a new problem largely due to the fact that corporations need to know more about us, the consumer, in order to provide us all the conveniences that we want.
At stake to the companies is the cost associated with a breach. The cost includes mobilizing a breach team. Companies have to fix the vulnerability quickly, sometimes it’s with technology and sometimes it’s with procedure and policy enhancements. Other costs to the company are legal fees and ongoing litigation (lawsuits), public relations, helpdesk support and loss of productivity.
There are also costs that are difficult to quantify, for example, customer turnover and the loss of consumer confidence. The breach may lead to industry regulation imposed by the government or regulatory agency, depending on the business segment and have serious repercussions on the company’s stock price which would ultimately affect the shareholders.
The companies are not the only ones who experience hardship, the consumer is also affected. The loss of their data means that the information could be misused for tax fraud or creation of a factitious credit card account and typically results in stress associated with the uncertainty of their financial future. Consumers may also experience the loss of buying power if their credit rating is affected and loss of convenience due to the fact that their credit must be locked to provide some certainty going forward.
3) Who/what are the stakeholders?
The primary stakeholders are the corporate officers as defined by the company, including the CEO and customers.
Since the price of the stock could be affected, the shareholders may be included as secondary stakeholders. If there is a change in regulation, then the government, regulatory agencies, and other business would also be included as secondary stakeholders.
4) Possible courses of action (identify at least 2)
A possible course of action is that the company does not immediately inform the public or the authorities. The company quickly assembles subject matter experts from different parts of the firm and creates a think tank. This group’s sole mission is to address the immediate threat and
develop a strategy to identify and deal with the difficulties the firm will face once the public is informed. This group of people would also determine how much information should be released to the public and stockholders.
IS350 sample Final paper – DO not copy
Another possible course of action is the company immediately informs the authorities and the public that they have identified a potential breach. The company will keep all interested parties informed as to the severity of the breach and inform consumers on steps to take to protect their data. The firm would follow up with letters to all individuals who were affected by the breach without undo delay.
5) Consequences associated with each course of action.
A consequence of the action not to immediately notify the public or the authorities would be that the company would be subjected to a great deal of scrutiny by the government and the public. Depending on the time it takes for the information to be made public, the customers’ financial integrity would be at risk. The customers are not given information early enough to protect their information. They could already be experiencing financial problems and are only recently given the reason why.
Another consequence of the action not to immediately inform the public and authorities is that it would give the perpetrators additional time to sell the financial information. The additional time could increase the amount of fraudulent charges on credit cards. The bad actors will have more time to follow through with financial schemes to defraud business.
A consequence of the action to notify the authorities and the public as soon as possible is that the perpetrators, knowing that the breach has been discovered, take evasive action and cover their tracks to avoid apprehension by the authorities.
IS350 sample Final paper – DO not copy
Another consequence of the action to notify the authorities and the public as soon as possible is that the customers affected by the breach are able to take measures to secure and monitor their financial information. These measure should decrease the amount of money lost to the criminals. If the actions taken limit the amount of money stolen it could make these crimes less attractive to the bad actors.
6) Analyze the case using the 5 objective ethical theories.
Act Utilitarianism
There are many corporate breaches reported each year, therefore, for this analysis we will use the Equifax breach as the example. Equifax, a credit reporting company, was breached in May and it is unclear as to when the company knew of the incident. Equifax informed the public in early September that 145 million accounts were compromised. The customer’s financial data was available for use by the bad actors throughout the world for at least 4 months before anyone knew about it. Because of the size of the breach we will apply the maximum cost to the firm times two. The maximum cost we will use came from a report by the [2]IBM Ponemon Institute report of 16 million dollars.
This number includes all the costs associated with assembling a breach team to identify, correct, and analyze the breach. It also includes the cost of helpdesk support to handle customer questions. We could also assume that a public relations company is hired, adding another 5 million to the cost. All told, the cost to the company is approximately $37 million. If you include the identity theft protection for the average person it would be $10 per person, per year. The company is only required to give customers one year of free coverage. We will say that about 60 percent of the customers sign up for the service. So that would be $10 x (.6 x 145 million) which gives us $870 million dollars added to the $37 million cost to manage the breach for an approximate total cost to the company of $907 million dollars.
IS350 sample Final paper – DO not copy
Now let’s summarize the cost to consumers. Due to the fact that affected customers were not able to protect their data immediately after the breach, their accounts were at risk for fraud. The average fraudulent credit card charge is about $120. We will say that about 15 percent (my estimation/unable to find actual statistics) of the breached population had a fraudulent charge by the time they were properly informed. That would be 15 percent of the 145 million accounts compromised or 6.75 million accounts with potential fraudulent charges. The average charge is $120 X 6.75 million gives us about $804 million. We will also include the cost of securing their financial information for an additional year after the free year expires at the same rate of $10 for the same population used for the company calculation of 60 percent. If we add $804 million in fraudulent purchases to the cost of protecting the customer’s financial information $804 + $870 it gives us a total cost to the consumer of approximately $1.67 billion. Given the fact that the consumer will have to protect their financial data for an undetermined amount of time and if you include a cost to the stress and inconvenience they will have to endure, the cost to the consumer exceeds the cost to the corporation.
If the company was to inform the public with undue delay the consumer would have the opportunity to secure their financial information thus limiting the amount of fraudulent charges, stress and inconvenience. The cost to the company is about the same whether they inform the public right away or if they delay informing the public, barring any legal action like lawsuits. Another consideration is the stock price and the financial hardship to the stockholders. The price of the stock will change whether or not the customers are informed earlier or later. The price of the stock is reflective of the health of the company. Whichever way the firm decides to handle the situation, the cost of the breach will affect the stock price. The analysis shows that informing the customers early should reduce the cost to the customer (increasing the level of happiness)
IS350 sample Final paper – DO not copy
however, the cost to the company would be the same, and therefore we must conclude that informing the public early is the correct action to pursue.
Rule Utilitarianism
The rule utilitarianism is choosing to follow a moral rule and its universal adoption would result in the greatest good. For this analysis we will choose the following rule to consider. “The corporations themselves will choose the response to a breach of their systems that works best for themselves.” Each and every company will choose their own course of action when their system is breached and customer records are lost.
One detrimental problem with this rule is that every company will handle the problem differently. The customers will not have any reasonable expectation as to when they will be informed about the breach. The company could inform the public that customer data was compromised in six weeks or a year. This would put all customers affected in a very precarious situation.
Another detrimental problem is whether the company will inform the public at all. The company could keep the breach a secret and never disclose it or simply deny that a breach occurred. This type of action could really harm the customers and it could have bigger consequences on the whole economy. The Equifax breach affected over 145 million customers which is a third of the total United States population.
All told, the harm to the public is substantial so adopting this moral rule will harm the general population. Therefore, the rule fails.
Kantianism
IS350 sample Final paper – DO not copy
Categorical Imperative (First Formulation)
The book defines this as “act only from moral rules that you can at the same time will to be universal moral laws.” Now let’s apply the rule universally. The CEO is informed that a breach has occurred and a huge amount of data, customers’ financial information, has been stolen. The CEO decides to delay informing the public in order to give a team of subject matter experts time to devise a strategy to handle the problem. If you apply this choice to a universal rule it would be: If you encounter a problem as an employee of a firm, you have a right to delay informing your customers.
If you apply this rule universally then you could say that you can always delay telling the customers. This obviously fails as it means they company always will not be telling the customers. This universal rule fails, therefore the CEO’s reason for delaying informing the public is wrong.
Categorical Imperative (Second Formulation)
What is the intention of the CEO when he delays informing the public? He/she is delaying informing the public to give his/her team of subject matter experts time to formulate a strategy to deal with the fallout of the breach. The CEO has an obligation to inform the public as soon as possible but this obligation has the potential to harm the company’s bottom line.
The theory’s second formulation of the categorical imperative states that “we should respect the autonomy of other people, treating them as ends in themselves and never as a means to an end.” By delaying the announcement of the breach, the CEO is using the time to enhance the company’s strategy. This delay in the announcement is denying the company’s customers the right to protect their personal information from bad actors. The CEO is treating this situation as a means, to get more time to strategize to the public’s end of their right to protect their information. In both scenarios,
IS350 sample Final paper – DO not copy
making an announcement earlier or later, the company will still incur financial losses. Informing the public could go a long way in how the public views and trusts the company in the future. Under this theory, the right course of action for the company is to inform the public as early as possible.
Social Contract Theory/ Rawls’ Principles of Justice
To analyze this scenario using the Social Contract Theory we must think of the rights of the corporations and the rights of the people. The corporations have the moral right to protect their interest. By delaying the announcement to the public concerning the breach, the company could use the time to create a brain storming team. The team would focus on analyzing the problem and formulating a course of action to handle the company’s public announcement. The company would hope to mitigate the downward pressure on the stock price and minimize the customer turnover effect.
On the other hand, the customers have a reasonable expectation that their data will be protected and if their data is compromised they will expect to be informed in a timely manner.
The company will incur some financial losses and their stock price will falter with either course of action it decides to take. As a society, the public has a reasonable expectation that they will be informed in a timely manner if a situation arises that affects their family. For example, if someone in your family is hurt, you would expect that someone will contact you as soon as possible. This is a reasonable expectation. So, if the company loses your data, there is a reasonable expectation that they will contact you posthaste. Society’s need to protect their financial data seems to me a rational rule that people would accept. The society’s concerns supersede the company’s stance on protecting their self-interest. According to John Rawls’ Principles of Justice first rule, the company has the right to claim any reasonable rights as long as
IS350 sample Final paper – DO not copy
everyone else can claim the same right. The company withholding information from the public breaks that rule because people could withhold information from the company but doing so would greatly affect their relationship with the business. The second rule is about social inequalities, everyone should have equal opportunity and the situation should provide “the greatest benefits to the least-advantaged in society”, withholding information from the public violates this rule also because the customers in this case are the least-advantaged.
Virtue Theory
A good company-customer relationship is based on trust, honesty and respect for each other. One way to apply this theory is to look at the CEO who has to make the decision about how to handle the breach. A good CEO takes care of the company and its stockholder’s needs emphatically. He could interpret the breach as a possible threat to the company’s ability to increase revenues and profits. Being a good manager, he decides to delay informing the public. Looking at the situation from a different perspective, you could say that not informing the public is a form of hiding something from the customer which could be construed as being untruthful. Withholding information that will cause harm is a form of deceit. If your action creates an atmosphere of mistrust then the situation fails the Virtue Theory. The company could negate its possible bad press, by treating its customers and the public with respect and honesty. Therefore being truthful and informing the public about the breach is the best course of action for the firm to take.
7) Identify and apply any clauses in the two codes of ethics & software Engineering Code of Ethics
IS350 sample Final paper – DO not copy
ACM Code of Ethics
How and why each would apply
1.1
Contribute to society and human well-being.
Withholding information regarding a breach could be detrimental to society and human well-being.
1.2
Avoid harm to others.
A corporate breach can result in undesirable loss of information and therefore cause harm to others.
1.3
Be honest and trustworthy.
Delaying notification of a breach to the public is a form of dishonesty and may result in loss of trust by the public.
1.7
Respect the privacy of others.
Withholding breach information from the public is not respecting the privacy of others.
1.8
Honor confidentiality.
The company did not have the proper measures in place to secure the customers’ confidential information.
3.1
Articulate social responsibilities of members of an organizational unit and encourage full acceptance of those responsibilities.
A company who does not notify its customers of a breach to their confidential information could be construed as not accepting their responsibility to society.
Software Engineering Code of Ethics
Clause #
Clause
How and why each would apply
1.02.
Moderate the interests of the software engineer, the employer, the client and the users with the public good.
The public good is jeopardized when they are not informed about a breach in a timely manner.
1.04.
Disclose to appropriate persons or authorities any actual or potential danger to the user, the public, or the environment, that they reasonably believe to be associated with software or related documents.
Non-disclosure of critical information could potentially put the publics’ financial information in danger.
1.05.
Cooperate in efforts to address matters of grave public concern caused by software, its installation, maintenance, support or documentation.
The fact that a breach occurred is somewhat an indication that some process or some type of maintenance did not take place which becomes a matter of grave public concern when confidential information is lost.
1.06.
Be fair and avoid deception in all statements, particularly public ones, concerning software or related documents, methods and tools.
Not informing the public about a breach is deceptive.
2.07.
Identify, document, and report significant issues of social concern, of which they are aware, in software or related documents, to the employer or the client.
The software developer’s responsibility involves informing management that a breach has taken place. It’s up to management to decide how to handle the situation.
6.08.
Take responsibility for detecting, correcting, and reporting errors in software and associated documents on which they work.
Not taking responsibility for detecting a data breach and reporting it to the proper personnel could have serious consequences on consumers.
8) Which concrete action do you recommend (supported by your analysis). Why – Note it must be one of the actions you described in section 4
IS350 sample Final paper – DO not copy
The recommended course of action is for the company to immediately inform the authorities and the public that they have identified a potential breach. The company should keep all interested parties informed as to the severity of the breach and inform consumers on steps to take to protect their data. It is recommended that the firm follow up with letters to all individuals who were affected by the breach without undo delay.
In addition to the immediate notification of the breach to the public, I think that the United States should look into what Europe is doing. They’re introducing new General Data Privacy Regulations (GDPR) which seem comprehensive enough to include how firms should handle a corporate breach. These regulations specify a specific process and amount of time to inform the public. To some extent, many American companies operating in Europe will have to adhere to these new Laws. Up until now we have experimented with allowing the tech and mega firms to self-govern. It seems to me that the human desire for more wealth, power, and prestige has stymied rational moral decisions. For the most part, corporations are just like people, they strive to make more money and acquire a bigger market share and sometimes they use any means necessary to achieve these goals.
Another area to explore would be the prosecution of cybercriminals. I think the problem of breaches affects companies from all countries. An international treaty should be created and bad actors should be found and prosecuted no matter where they reside. The trading agreement should include language stating how these cybercriminals will be prosecuted. The world is becoming smaller due to technology, we will not be able to combat these crimes unless all countries abide by the same rules, a universal rule.
IS350 sample Final paper – DO not copy
9)
Bibliography
[1]
CBS News, "Equifax Data Breach put more info at risk that consumers knew," 10 February 2018. [Online]. Available: https://www.cbsnews.com/news/equifax-data-breach-put-more-info-at-risk-than-consumers-knew/.
[2]
B. Fung, "Equifax's massive 2017 data breach keeps getting worse," 1 March 2018. [Online]. Available: https://www.washingtonpost.com/news/the-switch/wp/2018/03/01/equifax-keeps-finding-millions-more-people-who-were-affected-by-its-massive-data-breach/?noredirect=on&utm_term=.4b98467a1a22.
[3]
IBM and the Ponemon Institue, "2017 Ponemon Cost of Data Breach Study," 2017. [Online]. Available: https://www.ibm.com/security/data-breach.
[4]
IIdentity Theft Resource Center, "2017 Annual Data Breach Year End Review," 2017. [Online]. Available: https://www.idtheftcenter.org/2017-data-breaches
Previous
Next
grading rubric provided ppt provided before start the assignment must read ppt also video provide that what kind formet you need to write in docs with labeled each topics
use some web websites not all books as references