Final Sheet

Topic 1:What is a Profession:What is a Profession?‘A disciplined group of individuals who adhere to ethical standards and who hold themselves out as, and are accepted by the public as, possessing special knowledge and skills in a widely recognised body of learning derived from research, education and training at a high level, and who are prepared to apply this knowledge and exercise these skills in the interest ofothers.’Characteristics of a Profession:Good Knowledge & Skills (Current & high-quality expertise),Good work ethic (goal focused);Good judgement/decision making (willingness & capability);Positive behaviours (e.g. interactions with others – leadership/support); andHonest (Moral) & Ethical.What is Ethics:Ethics is about actions and not just moral issues. In other words, defining – what action is right and why?Utilitarianism:This is focussed on the best outcome for the majority (the greater good for the greater number). Within this philosophy, an action is ethically correct if the consequences lead to happiness and avoid pain. Additionally, the end justifies the means. Voting is an example, and this approach is popular, common, easily understood and easy to implement. However, it can lead to abuse(particularly of minorities) and it can be morally ambiguous (e.g. what is   ‘best’?).Deontology:This philosophy is focussed on duty and equality.   The underlying logic is that happiness should not be the test of correctness, and the majority is not always right. The intent is that our primary duty is to each other as human beings. Therefore, people are not a means to an end – they are the end. The driving strategy is that every action must be universal and impartial (e.g. it is applied equally to everyone). However, this can be challenging and therefore the micro-macro test is applied. This looks at the extent of the ramifications will this affect just a few people (i.e. micro), or will it affect lots of people (I.e. macro). This approach can be universal and fair because it is not necessarily based on simple pleasure. That being said, it can create conflicts in terms of the micro-macro test.Contracts:These are legal and social agreements based on rights, freedoms and obligations. They can be written (e.g. laws) or unwritten (e.g. social understanding) and once known they can provide clarity, surety and a common basis for trust. There is some ambiguity in some contracts, because they may be legal, but not ethical, or vice versa. One of there greatest limitations is that they tend to be minimalist (e.g. simply avoiding harm) and this can create situations in which abuses are implemented within the contractual frameworks .Character:Character-based philosophies are defined by the application of moral virtues and range from the application of selfishness to selflessness. Generally, as the philosophy moves more towards the selfless end of the continuum, individuals believe that they are conforming with a higher standard. Consequently, they may not conform to norms, duties, or contracts, but will focus on their ‘higher’ objectives. Although the focus for character-based philosophy can lead people to do good, negative outcomes can also be experienced because there is often conflicting virtues and individual perspectives can add ambiguity to what is right and wrong (e.g. what is a good andselfless act for one person, may not be seen that way bsomeone else).The modern approach is that no single philosophy is applicable to every situation. The intent should, therefore, be focussed on using each appropriately and having a caring nature, being consistent and considering the consequences. Topic 2 – Ethical Conduct of the Organisation:Relationships:People working in ICT have a moral obligation as professionals, and this is particularly important because of the importance of ICT in everyone’s lives. It  is  therefore important   to  act  ethically.    This includes being ethical in relationships with employers, other employees, clients, users, suppliers, other professionals and the broader society.Ethical problems can disrupt all of these different types of relationship. Consequently, ethical frameworks are necessary, and these should focus both internally and externally.Stages of Ethical Growth in an Organisation:Survivalist: This type of organisation is focussed purely on its own survival and because of the ‘win at all costs’ mentality that this can engender, this can create a significant avoidance of ethical behaviour.Paternal/Machiavellian:This type of organisation is focussed on profit and relies on alliances (us and them) and may treat both allies and competitors badly. Typically, these organisations are hierarchical and paternal, and laws and regulations are often treated with expediency.Orderly/Bureaucratic:These organisations are based on orderly and often traditional structures. Team members are loyal, and the ethics are based on established rules. Laws and regulations are often treated literally, and not applied in line with the spirit of the regulations.Participative/Creative:This approach recognises individual differences and encourages innovation. There is often some support for internal debate and the ethical controls are based on core values and goals that honour the spirit of the principles of law .Collaborative/Excellence:Organisations at this stage of ethical growthtend to utilise explicit values to encourage growth. Therefore, leaders encourage collaboration, networking and client service focus. There is an integrated ethical focus that leverages laws and regulations to form a foundation for behaviours.Social Wellbeing:This moves the focus of the business from a predominantly inward to include a more defined outward focus. These types of organisation typically see the importance of supporting the local area and the broader community as well as their own staff. Organisations with this approach therefore typically have a strong internal and external ethical focus.Global Harmony:This last stage of ethical growth is demonstrated by the broadening of the focus of the organisation from supporting both local and global causes. Such organisations are highly idealistic, and laws and ethical standards are treated in compliance with global intent.A Code of Ethics or a Code of Conduct:As organisations move through the stages of ethical growth, they typically develop codes to provide guidance and regulation for the members of the team. These can be categorised as:· a ‘Code of Ethics’, which is a set of guidelines that should influence decision making by giving advice to individuals on how they should handle different situations; and;;a ‘Code of Conduct’, which provides guidelines and associated rules that can be used for disciplinary purposes as necessary..ICT professionals should apply these codes appropriately, and use them to build a strong reputation for themselves and their organisation.Topic 3 – Quality of Life : What is Quality of Life (QoL)?QoL refers to the standard of health, comfort and happiness experienced by an individual or group. In some contexts, this can also be used to refer to things that are needed to achieve good Quality of Life.QoL factors include:material living conditions (e.g. income, consumption and other material states);;productivity and productiveness of a person’s main activity (which has social and psychological implications);;leisure and social interactions;;governance and basic rights;;economic and physical safety;; health (physical and mental health and the ability to maintain it);;and education (providing the skills to cope with the world and changing situations).Topic 4 – Communications & Networking:What is Communication?Communication refers to ‘the imparting or interchange of thoughts opinions or information by speech, writing or signs’. The effectiveness of communication is an important element in defining relationships (Topic 2) and Quality of Life (Topic 3). Poor communication is unfortunately very common and can create misunderstanding that leads to significant problems, which affect so many aspects of what we do.Each stage in this process is important, as failure to implement the steps appropriately can lead to the failure of the communication. The key steps are:Develop the Message. The first step requires individuals to define their message first. In practical terms, if you do not understand your own message, it becomes impossible to communicate effectively. Consequently, this is a very important step;;Encode the Message. Encoding refers to the process by which our brains develop the message, so it will be understandable by the receivers. This is where an understanding of the audience becomes so important and why the utilisation of the Profiling Pyramid shown to the right is so critical. The Profiling Pyramid is explained in the Topic 5 – Pre-Reading 1 file provided in the LMS;;·Transmit the Message.  The third step is totransmit the message in a format that can be received effectively by the audience for your content. In practical terms, this means providing the message through a ‘Channel’ that aligns to one or two senses (e.g. sight, hearing, touch, taste, smell) at a time. When transmitting the message, great care should be taken to manage external interference. Although referred to under the concept of ‘noise’ it can include any form of interference in the environment (e.g. distracting noise/visual information, etc.). Additionally, noise can refer to the creation of incongruence between the channels. For example, showing one thing on a screen and discussing something different, or your body language and voice not being aligned with the message that is being transmitted by your words, can all create incongruence;;Receive the Message. The step of receiving the information is outside the direct control of the sender. However, it is directly influenced by the preceding steps. The key is to utilise the channels of communication (e.g. sight, hearing, touch, taste smell) effectively. If two channels are being used the information is provided in each of the channels must be related (e.g. showing a picture of a cat and discussing a cat) and not fully redundant (not listing all of the words being spoken and then reading them off a slide). See http://www.seahorses-consulting.com/ DownloadableFiles /HowMuchTextPerSlide.pdf for more details;;Decode the Message. The receiver attaches meaning to each part of the message. We need to understand that this can include situations where the decoding is affected by internal interference. Internal interference refers to situations where people misunderstand or misconstrue (e.g. where they intentionally/unintentionally mistake the intent of the message). These issues are caused by the way our brains assess information in relation to what we already know. Therefore, good communicators take these issues into account;;Understand the Message. If the sender has done everything correctly, and the receiver is not actively using their previous knowledge to interfere with the communications, a common understanding of the message can be created. It is important that the sender take every step possible to try to ensure that this is achieved when aiming to persuade others or communicate information successfully. The techniques discussed in Topics 5 and 6 provide insights into how this can be achieved;;;Good communication is also best served through two-way transmissions. This can include formal interchanges (e.g. letting an audience ask a question, or enter a discussion), or informal feedback analysis (e.g. where the presenter reads the body language of an audience to gain insights into their understanding of the message).Topic 7 – Privacy:What do we mean by the term Privacy?This refers to a person’s right to control access to their personal information.The Elements of Privacy:The model shown to the right refers to a range of different types of privacy that need to be controlled. These include having control of personal space, and information on psychological state, behaviours and social interactions. These last three aspects related to the control of Personal Information are directly affected by many aspects of ICT and in particular the management of access to personal data and communications.In accordance with the Privacy Act (1988) Personal Information ‘means information or an opinion about an identified individual, or an individual who is reasonably identifiable.(a)whether the information or opinion is true or not; and;;whether the information or opinion is recorded in a material form or not.’;;;Within the concept of Personal Information, there is a more specific category known as ‘Sensitive Information’. This category includes:(a)‘Information or an opinion about an individual’s racial or ethnic origins, political opinions, political associations, religious beliefs or affiliations, philosophical beliefs, memberships for professional/trade organisations, membership of trade unions, sexual orientation or practices, criminal record;(b)Health information about an individual;(c)Genetic information about an individual that is not otherwise health information;(d)Biometric information (e.g. biometric authentication/verification attributes); and (e)Biometric templates’ (a digital reference of distinct characteristics extracted from biometric samples – e.g. fingerprint scans).Topic 8 – Cybercrime and Cybersecurity:What is Cybercrime?Cybercrime refers to criminal activities in which ICT systems and/or data/applications stored on computer-related media is the object of the crime (e.g. hacking, phishing, etc.), or is used as a tool to commit an offence (child pornography, hate crimes, etc.). For this unit, the focus is on the first definition.What is Cybersecurity?Cybersecurity can be considered the state of being protected against criminal or unauthorised use of electronic data or systems, and the measures taken to achieve this. In other words, it refers to delivering effective security measures that protect ICT data and systems from cybercrime.What are the threats?Cybersecurity threats can be broadly categorised as:Cyber-trespass. This is where unauthorised people or systems gain access to ICT systems, applications, or data;;Cyber-piracy. This type of cybercrime refers to situations where people or systems take, reproduce or distribute data or information in a manner that is not authorised;; Cyber-vandalism. This refers to attacks that disrupt or destroy data, systems, applications or other ICT resources.Mixed. In many situations, cybercrime involves more than one of these preceding types of attack.There are a range of methods utilised to facilitate these attacks. These include:Malware. Malware is short for Malicious Software and it includes the following types:Viruses. These are code elements capable of copying themselves and typically having a detrimental effect on ICT. They most commonly need some form of host program to operate.Worms. This is a type of malware with the primary function of self-replicating to other computers, while remaining on an infected system. Worms are typically stand-alone programs or services.Spyware. These can be worms or viruses that collect personal information and/or keystrokes (e.g. the typing in of passwords) and make them available to others, so they can use this information to launch other forms of attack. In some cases, spyware can also change computer settings directly.Trojans. This form of malware can be a virus or worm, and it typically infects a computer because the user is tricked into downloading or activating the code (e.g. you are sent an email with an attached file that looks like a video to watch, but when you click on it the worm or virus is activated).Rootkits. These are very specific types of virus or worm that aim to access low-level information on the computer (e.g. registry or password files) and make changes to these, which compromise the security of the computer.Ransomware. These can be viruses or worms that hold the computer and its data to ransom. In other words, ransomware typically stops user/system access and then demands payments to be made, or the data will be destroyed completely.Logic Bomb. A logic bomb is a piece of code that implements a malicious activity after a certain amount of time, or where specific conditions are met.Phishing. This type of cybercrime refers to situations where fake websites or emails collect personal data or other information, so these can be used to initiate other cybercrimes (e.g. getting people to fill in their bank details on a fake website, so this information can then be used by the criminals to steal money from online accounts).Denial of Service (DoS), or Distributed Denial of Service (DDoS) attacks. A DoS attack involves the targeting of services such as web portals, by tying up system resources. For example, DoS attacks create continuous pings of a firewall, so it cannot process other transactions. A DDoS attack is similar, but it uses numerous (in some case millions) of individual computers to launch simultaneous DoS attacks.Unauthorised Access/System Misuse. The preceding types of attack are typically implemented by external sources and they can get inside an organisation’s firewall because security protocols or individual actions are lax. There is also another level of risk, which relates to authorised personnel misusing their access to commit cybercrime. For instance, downloading sensitive information to which the person is not authorised, damaging data repositories, or sharing confidential materials with unauthorised people or organisations, are relatively common examples of unauthorised access or system misuse.Implementing Cybersecurity:The intent of cybersecurity is to protect against these various threats. In particular, cybersecurity aims to protect four key system factors, which are:Accessibility. This refers to protecting accessibility to the appropriate and authorised users, so they can retrieve, utilise and act on data and applications in/through ICT systems;;Availability. A prime objective of cybersecurity is to ensure the availability of data and systems at the mandated level of performance;;Confidentiality. These types of cybersecurity control are designed to allow authorised users to access sensitive  or  protected data/systems, while excluding unauthorised agents (e.g. people, bots, etc.);;Integrity The last key factor refers to ensuring the maintenance an assurance of the accuracy and consistency of data, applications and systems, over their entire lifecycle.To achieve these objectives, an integrated approach should be utilised that applies technical, procedural, physical and personal controls. Best practice for cybersecurity mandates that these controls should be applied through a Defence in Depth approach, such as the one illustrated in the following graphic:Australian Legislation (NDB):In addition to implementing this type of Defence in Depth, eligible organisations have a responsibility to report notifiable breaches to the Australian Government in accordance with the Notifiable Data Breaches (NDB) scheme. This scheme is managed under the Office of the Australian Information Commissioner in accordance with the Privacy Amendment (Notifiable Data Breaches) Act 2017. This act requires organisations that experience a notifiable breach to conduct rapid investigations on all eligible breaches and then provide formal notifications both to the government and individuals whose data may have been compromised. Key terms related to this legislation are:Unauthorised Access. This occurs when personal information is accessed by someone who is not permitted to have access and includes unauthorised access by an employee/contractor or 3rd Party (e.g. hacking);Unauthorised Disclosure. Unauthorised disclosure occurs when an entity, whether intentionally or unintentionally, makes personal information accessible or visible to others outside the entity, and releases that information from its effective control in a way that is not permitted by the Privacy Act. This includes an unauthorised disclosure of data/information by an employee of the entity;Loss. Loss refers to the accidental or inadvertent loss of personal information held by an entity, in circumstances where is it is likely to result in unauthorised access or disclosure;Eligible Data Breach. This occurs when:there is unauthorised access to, or unauthorised disclosure of, personal information, or a loss of personal information, that an entity holds;;this is likely to result in serious harm to one or more individuals, and;;the entity has not been able to prevent the likely risk of serious harm with remedial action;Serious Harm. This is determined based on criteria such as the nature, sensitivity and security of the information, circumstances of the breach and likelihood of compromise, the likely ramifications of the misuse of the material, likely intent of the person/s who created the breach and other relevant matters;Exceptions from Reporting under the NDB. There are very few exceptions to the requirement to report and they include::The data breach is not eligible (does not conform to requirements listed as an Eligible Data Breach).1.The breach relates to enforcement related activities (this only relates to enforcement bodies such as Customs, Police, etc.), but even in these circumstances, the breach must still be reported to the Information Commissioner.2.The notification would be inconsistent with secrecy provisions (e.g. s26WP(2)), such as those aligned to secret provisions for security Agencies and protection of confidentiality.3.As a result of declarations by the Privacy Commissioner, which only happens in very specialised cases. For breaches related to My Health Record data by certain specified organisations under the Act, who only need to report to the System Operator. Therefore, not reporting under the NDB in this circumstance simply avoids duplication of reporting.Topic 9 Intellectual Property:IP refers to ideas/thoughts (mental creativity) that is developed by individuals or groups. Although IP does not need to be directly tangible (e.g. you don’t have to be able to touch the finished invention), it must have reached the point of Tangible Expression for it to be accepted as valid intellectual property. This means that, at minimum, it must have been expressed in a form to ensure that the scope and content of the idea is clear.The control of IP is important because it can cost a great deal to develop, it can deliver competitive advantage, and it can be worth a great deal of money. Consequently, legal and procedural controls are important to organisations and individuals.Important Terms:Property. Property refers to anything that can be owned by an individual or group, who have the rights to possess, use or dispose of these tangible (e.g. things you can touch) or intangible (e.g. ideas)things..Black Box, Grey Box, White Box. These are terms typically applied to software and systems. Black box infers that anyone who is not the owner of the IP cannot gain access to the code/underlying system protocols in any way..Public Domain. This refers to IP for which there are no rights or controls applied. In other words, anyone can use these materials in any way that they wish, and do so at nocost..Fair Use. Fair Use applies to IP which can be used at no cost, as long as the utilisation conforms to specific caveats (e.g. for academic use, the source must beattributed).Intellectual Commons. This is a form of Fair Use that typically means that the IP can be used at no cost, as long as specific caveats are met. For example, Linux may be used for free, and it can be modified, but no charge can be levied for selling Linux and the name of the operating system may not bechanged..IP Controls:Copyright. Copyright is used to control the utilisation of documents, software, or media, so it cannot be reproduced, used to create derivatives, or sold by parties (except in terms of First-Sale Doctrine) who do not hold the copyright. In Australia,copyrightiscreatedsimplybydevelopingaTangible Expression, and the available protections last for 70 years from the death of a known author, or 70 years from the date of development/publication for an unknown author. When developingcontent,itcanhelp(butisnotessential)toinclude the name of the IP owner, the copyright symbol ©, and the date (e.g. year). Please note that in many other countries copyright must actually be registered. Additionally, in most caseswhereanindividualisworkingforanorganisationwhile producing the copyrightable materials, the IP is likely to belong to the employer’s organisation. Although copyright can be useful, it has some significant limitations. Firstly, it does not directly stop other individuals using the ideas within the copyrighted material, just the material itself. Additionally, the Copyright Act (1968) usedtomanagethislaw isnot acceptedinmanyothercountries,andeventhosecountriesthataresignatories to international copyright agreements may not provide adequate protection and copyrightcontrols..Patents.ApatentisaformofIPprotectionthatgivesitsownerstherighttoexcludeothersfrommaking,using, selling or importing inventions for a period of time. Inventions can be devices, methods, compositions, or processes that reflect significant engineering or product development..Trademarks. A trademark is a sign/symbol that is used, or intended to be used, to create a recognisable differentiation from products or services provided by other people or organisations. Trademarks may be Registered(e.g.registeredwithIPAustralia)orUnregistered(simplyusedbyaperson / organisation),andmay be used to identify individuals or entities, certifications/collective groups.Plagiarism:the practice of taking someone else’s work or ideas and passing them off as one’s own…….Australian Privacy Principles::(1)Open and transparent management of personal information:Ensures that APP entities manage personal information in an open and transparent way. This includes having a clearly expressed and up to date APP privacy policy.(2)Collection of solicited personal information:Outlines when an APP entity can collect personal information that is solicited. It applies higher standards to the collection of sensitive information.(3)Dealing with unsolicited personal information:Outlines how APP entities must deal with unsolicited personal information.(4)Notification of the collection of personal information. (5)Use or disclosure of personal information. (6)Direct marketing (7)Cross-border disclosure of personal information:Outlines the steps an APP entity must take to protect personal information before it is disclosed overseas. (8)Quality of personal information (9)Security of personal information(10)Access to personal information (11)Correction of personal information