Running Head: Artificial Intelligence

Code of Ethics

[Students Name]

[Instructors Name]

_/06/2020.

1
Artificial Intelligence

Part A: Ethics

In the mentioned case study involving Alexa, an artificial intelligence technology, I

consider its application as unethical and not fully effective. My conclusion is derived on the

basis that the technology violates an individual’s ethical rights to preamble decision making

as well as their confidentiality. The general fact that Alexa is programmed to respond to a

person’s cry when feeling depressed illustrates that the parent company is also involved with

user data collection. The manufactures go on to state that they have been picking up on cases

of suicide threats and depression, further defending my stand on the ethical violation of user

confidentiality.

Additionally, the responses which are provided by Alexa cannot fully be expected or

recommended as suitable remedies for those feeling depressed or are a danger to themselves

and others around them (Albrechtslund, 2007). This becomes an issue as new areas of

technology and communication use are constantly and frequently being developed each

passing day. The human relation to these technologies then continues to get even more

important to consider from both an effective and ethical perspective. Hence, information

technology requires to be extended in order to explicitly include a communicative

perspective.

Therefore, the ethical issues which are identified to be related to the implementation,

adoption, and use of the information and communication technology, ICT, should be

considered as important since these issues furthermore constitute to the conditions in which

human attitudes and values are specifying human behavior and actions, and also implying the

conditions required for the maintenance and usefulness of such systems. With regards to

Alexa and all applicable artificial intelligence technologies, it is crucial that they are designed

and developed in support of individual well-being.

2
Artificial Intelligence

It is therefore of great importance that individuals are able to make the necessary,

appropriate and convenient decisions with the help of such technologies, which will produce

the most suitable and ethical outcomes, while in the long run creating trust amongst

themselves (Mallen, 2005). The decision-making process mostly involves and requires a

great degree of value clarity; however, the ethical decision-making process does involve

more and more often requires consultation from other colleagues and professionals.

Organizations should refer to the ethical implications of each of their activities and

technologies.

Part B: Penetration Testing

"Mamma's Don't Let Your Babies Grow Up to be Pen Testers."

Notes:

The conference is led by Dr. Josh Pauli and Dr. Patrick Engebretson, who are both

professionals in their field in cybersecurity. They open their talk targeting people who wish to

become penetration testers by first providing their personal background from a few years ago

when they themselves had attended DEFCON, and soon later, they began to earn their

paycheck as a penetration tester. Along the way, they faced a number of challenges and

difficulties in their field. One of the most common challenges which every beginner's face is

adapting to the various technologies which are made readily available for all penetration

testers.

In the beginning, there are a number of issues everyone should be aware of and expect

to encounter. The first issue is user expectations. People should remove the mentality that

3
Artificial Intelligence

upon finishing their studies, they should not expect that immediately upon displaying their

skills as penetration testers, that they will earn millions. Most of the obvious assumptions are

not generally true. The second issue is the budget. Penetration testing is not just about

working on a project and expecting your payments with the use of free and open-source

software. There are actual budgets and expenses that everyone should expect.

The third issue is understanding the application and importance of an authorization

form for penetration testers. Most clients are reluctant to share a vast range of their

confidential information, such as their source of IP address. The fourth issue is the

importance of information gathering. Information gathering is a huge and massive part of all

penetration testing. Therefore, penetration testers should always educate their clients on its

importance and set aside a few days or weeks for this sole purpose.

The fifth issue faced by penetration tester is the concept of testing scope. It is crucial

that the rules of engagement illustrated by the client to be strictly followed. Issue number 6 is

"Fat fingers." Misconfigurations, specifically related to IP addressing, is a common issue

which brings a lot of tension between clients and testers, which often results in the

penetrations tester being blacklisted. Thus, IP addresses should only be provided by the

clients. Issue 7 and 8 is about unrealistic internal and client expectations. Taking on clients

with higher expectations than what you can deliver is yet another common challenge.

Therefore, when discussing or making any promises to a client, it is a best practice that one

does not make unrealistic promises.

The 9th and 10th issue is relying on other peoples and your personal work to conduct

your exploits. Most people nowadays do not create their own custom exploits and shellcodes

in their work (Faily, 2015). This becomes a challenge when the exploit or shellcode used

melts down and results in a lot of inconveniences. If the exploit was not created by the tester,

4
Artificial Intelligence

solving the complications may become a challenge. The 11th issue involves not changing the

default configurations.

Company security professionals and systems administrators are not very fond or enjoy

their default configurations, which they are used to performing their jobs with changed. The

default changes to the configurations or tools should only be changed when necessary, and if

there is no need, and the penetration test will not be affected by the configurations, then they

should be avoided. The 12th issue revolves around corporate, personal information, and

keeping them secure. Information and data are the fundamental building for almost every

major business activity with an online presence; therefore, keeping the data secure should

always be a priority.

The 13th issue is about user relations, under the concept of “when your success means

the failure of some else.” This implies that almost every case of a successful penetration test

simultaneously indicates the failure of the organization's security team and systems

administrator, which may or may not cause negative feedback or reaction from them and may

take your success as a personal offense. The 14th issue is about to report documentation on the

findings. Report writing is a massive and crucial element of every penetration testing activity,

for it is used in providing the metrics of the findings and final outcomes to the client.

Penetration tester often is not aware of the importance of reports, which becomes a

challenge when in the field. The 15th issue discussed by the panel is about innovation. Despite

a penetration test proving that a certain system or security is secure, penetration testers are

obligated to illustrate that this might not be the case the following day. This is because

technology is innovative in nature and is in a constantly changing environment. Client

education is important to help them stay alert for any new potential threats and vulnerabilities

which may be developed in the future.

5
Artificial Intelligence

Part C: Government

The STOP. THINK. CONNECT initiative is a global online safety awareness and

education campaign which is specifically designed to help all individuals to ensure they stay

secure and much safer while online. Like the internet, its technologies, and growth in its

adoption rate into business practices increases, so does the threat vectors of cybersecurity.

Hence the reason for the introduction of the campaign-based message was created in 2009. In

recent years, the number of data breaches has significantly increased, influencing an

unprecedented coalition of non-profit, private, and federal organizations with leadership

support from the Anti-Phishing Working Group and the National Cyber Security Alliance to

introduce the campaign.

The campaign lists a number of recommended best practices that every individual

should consider adopting in order to improve their online security posture and presence. Most

of the guidelines provided, I ensure to comply with them, mainly because I have a huge

online presence that is compromised can be devastating (Savage, 2017). For instance, in

terms of my hardware, software, and machines, I always ensure to keep them out of reach

from prying eyes, conduct frequent malware and intrusion scans, and always ensure to

configure every software for automatic software updates. This is because most of the updates

which are provided by the manufacturers are usually improved security incentives.

Additionally, its not just the software updates which help in improving security, the

use of password protection and encryption protocols for my personal information are also

crucial. For the passwords, it is always recommended not to use a password related to any of

your public information, such as the common use of birthday dates, as your passwords. There

are a number of password generators which I use in creating strong, unpredictable passwords

that cannot be easily cracked and storing them in a secure place.

6
Artificial Intelligence

However, there are also several practices which I aim at improving on. One of the

most common mistakes for not just me but virtually every individual who is not tech-savvy

makes is connecting to public Wi-Fi hotspots without a second thought. The campaign

teaches and emphasizes on the need for individuals to deter from such places are they are

common grounds where malicious attackers pick their targets. In the case where I have but no

other option but to connect to such hotspots, I will ensure that my security settings and

firewall configuration will be carefully configured. Furthermore, I intend to keep myself

more updated with the field of cybersecurity and the various threats that continue to emerge.

References

Albrechtslund, A. (2007). Ethics and technology design. Ethics and information

technology, 9(1), 63-72.
7
Artificial Intelligence

Mallen, M. J., Vogel, D. L., & Rochlen, A. B. (2005). The practical aspects of online

counseling: Ethics, training, technology, and competency. The counseling

psychologist, 33(6), 776-818.

Faily, S., McAlaney, J., & Iacob, C. (2015, June). Ethical Dilemmas and Dimensions in

Penetration Testing. In HAISA (pp. 233-242).

Savage, M. W., Jones, S. E., Reno, J. E., & Veil, S. (2017). A Case Study: Targeting the

Stop. Think. Connect. Cybersecurity Campaign to University Campuses. In Oxford

Research Encyclopedia of Communication.