Analysis By

Slide 2

Slide 3

Filter Analysis

Chapter 6

Nonconsequentialist Theories: Do Your Duty

Copyright © 2019 W. W. Norton & Company

Kant’s Ethics

• Reason alone, according to Kant, can inform us of the moral law, the source of our moral duties.

• Right actions have moral value only if they are done with a “good will”—a will to do your duty for duty’s sake.

• To do right, therefore, we must do it for duty’s sake, motivated by respect for the moral law.

Imperatives

• A hypothetical imperative tells us what we should do if we have certain desires. For example, “If you need money, work for it.”

• A categorical imperative tells us that we should do something in all situations regardless of our wants and needs. One example is “Do not steal.”

Kant says that the moral law consists entirely of categorical imperatives.

The Categorical Imperative – 1

All categorical imperatives, according to Kant, can be derived from the categorical imperative.

Its first formulation states: “Act only on that maxim through which you can at the same time will that it should become universal law.”

The Categorical Imperative – 2

According to the first formulation of the categorical imperative, an action is permissible if

(1) its maxim can be universalized (if everyone can consistently act on the maxim in similar situations) and

(2) you would be willing to let that happen.

The Categorical Imperative and Moral Duties

• Perfect duties are those that must be followed without exception. According to Kant, such duties include the duty not to lie, not to break a promise, and not to commit suicide.

• Imperfect duties are those that can have exceptions or that are not always to be followed. These include duties to develop your talents and to help others in need.

The Means-Ends Principle

Kant’s second formulation of the Categorical Imperative states: “So act as to treat humanity, whether in thine own person or in that of any other, in every case as an end withal, never as a means only.”

Evaluating Kant’s Ethics – 1

Minimum requirement of consistency? yes Criterion 1: consistency with considered moral judgments uncertain Criterion 2: consistency with our moral experiences seems generally consistent with our moral experience Criterion 3: usefulness in moral problem solving uncertain

Evaluating Kant’s Ethics – 2

Criterion 1: consistency with our considered moral judgments

• Are there such things as “absolute, exceptionless moral duties”?

• Can you imagine scenarios in which Kant’s perfect duties should be violated in order to do the “right thing”?

Evaluating Kant’s Ethics – 3

Criterion 1: consistency with our considered moral judgments

• It seems we can imagine situations in which we must choose between two allegedly perfect duties that directly contradict each other.

• Such conflicts provide plausible evidence against the notion that there are exceptionless moral duties.

Evaluating Kant’s Ethics – 4

Criterion 3: usefulness in moral problem solving

The conflicts between perfect duties raise questions about the usefulness of Kant’s moral theory in solving specific moral dilemmas.

Evaluating Kant’s Ethics – 5

The first formulation of the categorical imperative seems to allow a rule to be moral insofar as you personally are willing to live in a world that conforms to that rule, thus sanctioning some clearly immoral actions.

Evaluating Kant’s Ethics – 6

Criterion 3: usefulness in moral problem solving

Some critics also claim that if a maxim is stated in enough detail, we could use the categorical imperative to sanction all sorts of immoral acts.

For example: "Lie only to avoid injury, death, or embarrassment to anyone who has green eyes and red hair."

Evaluating Kant’s Ethics – 7

Criterion 3: usefulness in moral problem solving

Another criticism of Kant’s theory is that the means-ends principle is sometimes impossible to implement. It seems that in some situations, in order to treat some persons as ends rather than means, it is necessary to treat other persons as means.

Learning from Kant’s Ethics

Despite its shortcomings, Kant’s theory has been among the most influential of moral theories, mainly because it embodies a good part of what our considered judgments lead us to embrace:

• universality • impartiality • respect for persons

Natural Law Theory

As expressed by Thomas Aquinas, at the heart of natural law theory is the notion that right actions are those that accord with the moral principles that we can “read” clearly in the very structure of nature itself.

Natural Law and Human Nature – 1

According to Aquinas, human nature aims to achieve a number of good things:

• preservation of human life • avoidance of harm • reproduction and care of kind • the search for truth • the nurturing of social ties • benign and reasonable behavior

Natural Law and Human Nature – 2

• Our duty is to achieve the good—to fully realize the goals toward which our nature is already inclined.

• Reason, which allows us to discern the natural laws that can be derived from our nature, is the foundation of morality.

• Judging the rightness or wrongness of an action is a matter of consulting reason.

Natural Laws

• Like Kant’s perfect duties, the laws of natural law theory are both objective and universal.

• Like Kant’s categorical imperative, traditional natural law theory is strongly absolutist.

The Doctrine of Double Effect

The doctrine of double effect pertains to situations in which an action has both good and bad effects. According to the doctrine of double effect, an action is permissible if four conditions are met:

1. The action is inherently (without reference to consequences) either morally good or morally neutral.

2. The bad effect is not used to produce the good effect (though the bad may be a side effect of the good).

3. The intention must always be to bring about the good effect.

4. The good effect must be at least as important as the bad effect.

Evaluating Natural Law Theory – 1

Criterion 1: consistency with considered moral judgments

• Natural law theory, like Kant’s moral theory, contains absolute moral laws that admit no exceptions.

• These absolutes can result in specific moral judgments that diverge from common moral sense.

Evaluating Natural Law Theory – 2

Criterion 3: usefulness in moral problem solving

• Natural law theory’s usefulness is undermined by the conflict between its assumptions about the teleological character of nature and the scientific sense of nature as nonteleological.

• It is problematic to try to find your way from what is in nature to what should be.

Learning from Natural Law Theory

Natural law theory emphasizes intention in moral deliberation, such that an action can be right or wrong depending on one’s intention.

Credits

This concludes the PowerPoint slide set for Chapter 6

Doing Ethics: Moral Reasoning and Contemporary Issues

Fifth Edition (2019) by Lewis Vaughn.

Copyright © 2019 W. W. Norton & Company

Professional Memo 1

IFSM 201 Professional Memo

Before you begin this assignment, be sure you have read the Small Merchant Guide to Safe

Payments documentation from the Payment Card Industry Data Security Standards (PCI DSS)

organization. PCI Data Security Standards are established to protect payment account data

throughout the payment lifecycle, and to protect individuals and entities from the criminals who

attempt to steal sensitive data. The PCI Data Security Standard (PCI DSS) applies to all entities

that store, process, and/or transmit cardholder data, including merchants, service providers, and

financial institutions.

Purpose of this Assignment

You work as an Information Technology Consultant for the Greater Washington Risk Associates

(GWRA) and have been asked to write a professional memo to one of your clients as a follow-up

to their recent risk assessment (RA). GWRA specializes in enterprise risk management for state

agencies and municipalities. The county of Anne Arundel, Maryland (the client) hired GWRA to

conduct a risk assessment of Odenton, Maryland (a community within the Anne Arundel

County), with a focus on business operations within the municipality.

This assignment specifically addresses the following course outcome to enable you to:

• Identify ethical, security, and privacy considerations in conducting data and information analysis and selecting and using information technology.

Assignment

Your supervisor has asked that the memo focus on Odenton’s information systems, and

specifically, securing the processes for payments of services. Currently, the Odenton Township

offices accept cash or credit card payment for the services of sanitation (sewer and refuse),

water, and property taxes. Residents can pay either in-person at township offices or over the

phone with a major credit card (American Express, Discover, MasterCard and Visa). Over the

phone payment involves with speaking to an employee and giving the credit card information.

Once payment is received, the Accounting Department is responsible for manually entering it

into the township database system and making daily deposits to the bank.

The purpose of the professional memo is to identify a minimum of three current controls

(e.g., tools, practices, policies) in Odenton Township (either a control specific to Odenton

Township or a control provided by Anne Arundel county) that can be considered best

practices in safe payment/data protection. Furthermore, beyond what measures are

currently in place, you should highlight the need to focus on insider threats and provide a

minimum of three additional recommendations. Below are the findings from the Risk

Assessment:

• The IT department for Anne Arundel County requires strong passwords for users to access and use information systems.

Professional Memo 2

• The IT department for Anne Arundel County is meticulous about keeping payment terminal software, operating systems and other software (including anti-virus software)

updated.

• Assessment of protection from remote access and breaches to the Anne Arundel network: Odenton Township accesses the database system for the County when updating resident’s

accounts for services. It is not clear whether a secure remote connection (VPN) is

standard policy.

• Assessment of physical security at the Odenton Township hall: the only current form of physical security are locks on the two outer doors; however, the facility is unlocked

Monday-Friday, 8am-5pm (EST), excluding federal holidays.

• Employee awareness training on data security and secure practices for handling sensitive

data (e.g., credit card information) are not in place.

• The overarching conclusion of the risk assessment was that Odenton Township is not

fully compliant with the PCI Data Security Standards (v3.2).

Note: The Chief Executive for Anne Arundel County has asked for specific attention be paid

to insider threats, citing a recent article about an administrator from San Francisco (see

Resources). Anne Arundel County wants to understand insider threats and ways to mitigate

so that they protect their resident’s personal data as well as the County’s sensitive

information. These are threats to information systems, including malware and insider threats

(negligent or inadvertent users, criminal or malicious insiders, and user credential theft).

Expectations and Format

Using the resources listed below, you are to write a 2-page Professional Informational Memo to

the Chief Executive for Anne Arundel County that addresses the following:

• Risk Assessment Summary: Provide an overview of your concerns from the risk

assessment report. Include broad ‘goal’ of the memo, as a result of the risk assessment,

the broad recommendations. Specific Action Steps will come later. The summary should

be no more than one paragraph.

• Background: Provide a background for your concerns. Briefly highlight why the

concerns are critical to the County of Anne Arundel and Odenton Township. Clearly

state the importance of data security and insider threats when dealing with personal credit

cards. Be sure to establish the magnitude of the problem of insider threats.

• Concerns, Standards, Best Practices: The body of the memo needs to justify your

concerns and clarify standards, based on the resources listed below, at minimum. The

PCI DSS standards are well respected and used globally to protect entities and

individual’s sensitive data. The body of the memo should also highlight three current

controls that are considered best practice; that is, you should highlight the positive,

what is currently in place, based on the risk assessment.

• Action Steps: Provide a conclusion establishing why it is important for Anne Arundel

County to take steps to protect residents and county infrastructure from insider threats

based on your concerns. Recommend a minimum of three (3) practical action steps,

including new security controls, best practices and/or user policies that will mitigate the

concerns in this memo. Be sure to include cost considerations so that the County is

Professional Memo 3

getting the biggest bang for the buck. The expectations are not for you to research and

quote actual costs, but to generalize potential costs. For instance, under the category of

physical security, door locks are typically less expensive than CCTV cameras.

• Be sure to review the PowerPoint presentation (in pdf format) Effective Professional

Memo Writing that accompanies these instructions.

• Use the Professional Memo template that accompanies these instructions.

o Use four section subtitles, in bold.

▪ Risk Assessment Summary

▪ Background

▪ Concerns, Standards, Best Practices

▪ Action Steps

o Do not change the font size or type or page margins.

o Do not include any graphics, images or ‘snips’ of any content from copyrighted

sources. The PCI Standards (PCI DSS) document is copyrighted material.

o Paragraph text should be single spaced with ONE ‘hard return’ (Enter) after each

paragraph and after each section subtitle. Note: Do not create a new ‘paragraph’

after each sentence. A single sentence is not a paragraph.

o ‘Subject’ is the subject of your memo, not the course name or number.

o Be sure to remove any remaining ‘placeholder’ text in the template file before

submitting.

o The length of the template when you download it is NOT the intended length of

the entire memo. Your completed memo should be between 1.5 pages and 2

pages (total document, including the To:/From:/Re:/Subject header).

*Note: the Professional Memo is to be in a MS Word file and all work is to be in the

student’s own words (no direct quotes from external sources or the instructions) *

APA documentation requirements:

• As this is a professional memo, as long as you use resources provided with or linked

from these instructions, APA documentation is NOT required.

• Citing material or resources beyond what is provided here is NOT required.

• However, you should use basic attribution and mention the source of any data, ideas

or policies that you mention, which will help establish the credibility and authority of

the memo.

o For example, mentioning that the Payment Card Industry Data Security

Standards (PCI DSS) identify a certain control as best practice holds more

weight than simply stating the control is a best practice without basic

attribution.

o Mentioning that Wired Magazine reported that a City of San Francisco IT

technician effectively hijacked and locked 60% of the city’s network capacity,

is more effective than saying “I read somewhere that…”

Professional Memo 4

Resources

1. Examples of Security Breaches Due to Insider Threats

San Francisco Admin Charged With Hijacking City's Network Microsoft database leaked because of employee negligence

General Electric employees stole trade secrets to gain a business advantage

Former Cisco employee purposely damaged cloud infrastructure

Twitter users scammed because of phished employees

2. PCI DSS Goals:

(source: https://www.pcisecuritystandards.org/merchants/process)

Professional Memo 5

3. References

FBI. (2021). The Insider Threat: An Introduction to Detecting and Deterring an Insider Spy.

https://www.fbi.gov/file-repository/insider_threat_brochure.pdf/view

PCI DSS. (2021, Feb. 12). Payment Card Industry Security Standards.

https://www.pcisecuritystandards.org/

Jingguo Wang, Gupta, M., & Rao, H. R. (2015). Insider threats in a financial institution: Analysis

of attack-proneness of information systems applications. MIS Quarterly, 39(1), 91-A7.

https://search-ebscohost-

com.ezproxy.umgc.edu/login.aspx?direct=true&db=bth&AN=100717560&site=ehost-

live&scope=site

Professor Messer. (2014). Authorization and access control [Video file]. YouTube.

https://www.youtube.com/watch?v=6aXMuJPkuiU

U.S. DHS. (2021). Insider Threat. https://www.dhs.gov/science-and-technology/cybersecurity-

insider-threat

Wizuda. (2017). Data anonymisation simplified [Video file]. YouTube.

https://www.youtube.com/watch?v=m9UxV4XaXwg

Yuan, S., & Wu, X. (2021). Deep learning for insider threat detection: Review, challenges and

opportunities. Computers & Security. https://doi-

org.ezproxy.umgc.edu/10.1016/j.cose.2021.102221

Keywords: risk assessment, insider threats, data security

Submitting Your Assignment

Submit your document via your Assignment Folder as Microsoft Word document, or a document that can

be ready using MS Word, with your last name included in the filename. Use the Grading Rubric below to be sure you have covered all aspects of the assignment.

Professional Memo 6

GRADING RUBRIC:

Criteria

Far Above

Standards

Above Standards

Meets Standards

Below Standards

Well Below

Standards

Possible

Points

Summary of

Risk

Assessment

15 Points

Summary is highly

effective, thorough and professional.

12.75 Points

Summary is

effective, thorough and professional.

10.5 Points

Summary is

somewhat effective, thorough

and professional.

9 Points

Summary is

lacking.

0-8 Points

Stated

requirements

for this section

are severely

lacking or

absent.

15

Background

and

Importance

(to the Client)

of Data

Security and

Insider

Threats

10 Points

Discussion of

ba5ckground, data

security and insider threats is

highly effective, thorough, and

professional.

8.5 Points

Discussion of

background, data

security and insider threats is effective,

thorough, and professional.

7 Points

Discussion of

background, data

security and insider threats is

somewhat effective,

thorough, and

professional.

6 Points

Discussion of

background, data

security and insider threats is

lacking.

0-5 Points

Stated

requirements

for this section are severely

lacking or absent.

10

Concerns,

Standards,

Best Practices:

Justify

Concerns and

Clarify

Standards

15 Points

Discussion of concerns and

standards is highly effective,

thorough, and professional.

12.75 Points

Discussion of concerns and

standards is effective, thorough,

and professional.

10.5 Points

Discussion of concerns and

standards is somewhat

effective, thorough, and

professional.

9 Points

Discussion of concerns or

standards is lacking.

0-8 Points

Stated requirements

for this section are severely

lacking or absent.

15

Concerns,

Standards,

Best Practices:

Three current

practices

identified and

justified as

best practice

15 Points

Three highly

relevant current practices are

offered and justified as best

practices. Overall

presentation is clear, concise, and

professional.

12.75 Points

Section may be

lacking in number of

recommendations or relevancy or

justification or

overall presentation.

10.5 Points

Section is lacking

in number of recommendations

or relevancy or justification or

overall

presentation.

9 Points

Section is lacking

in two or more of the following:

number of recommendations

or relevancy or

justification or overall

presentation.

0-8 Points

Stated

requirements for this section

are severely lacking or

absent.

15

Professional Memo 7

Action Steps:

Three

recommendati

ons minimum

identified and

justified

including

some

discussion of

cost

considerations

20 Points

Three highly

relevant recommendations

are offered and justified, with

effective

discussion of cost considerations.

Overall presentation is

clear, concise, and

professional.

17 Points

Section may be

lacking in number of

recommendations or relevancy or

justification or a

discussion of cost considerations or

overall presentation.

14 Points

Section is lacking

in number of recommendations

or relevancy or justification or a

discussion of cost

considerations or overall

presentation.

12 Points

Section is lacking

in two or more of the following:

number of recommendations

or relevancy or

justification or a discussion of cost

considerations or overall

presentation.

0-11 Points

Stated

requirements for this section

are severely lacking or

absent.

20

Basic

Attribution

(overall)

10 Points

Overall use of basic attribution is

highly effective in establishing

credibility and authority.

8.5 Points

Overall use of basic attribution is

effective in establishing

credibility and authority.

7 Points

Overall use of basic attribution is

partially effective in establishing

credibility and authority.

6 Points

Overall use of basic attribution

is partially effective in

establishing credibility and

authority.

Additional basic attribution may

have been needed.

0-5 Points

Overall use of basic

attribution was minimally

effective or not used.

10

Overall

Format:

APA

documentatio

n needed only

if sources

external to the

assignment

are introduced

15 Points

Submission

reflects effective

organization and sophisticated

writing; follows instructions

provided; uses

correct structure, grammar, and

spelling; presented in a professional

format; any references used

are appropriately

incorporated and cited using APA

style.

12.75 Points

Submission reflects

effective

organization and clear writing;

follows instructions provided; uses

correct structure,

grammar, and spelling; presented

in a professional format; any

references used are appropriately

incorporated and

cited using APA style.

10.5 Points

Submission is

adequate, is

somewhat organized, follows

instructions provided; contains

minimal grammar

and/or spelling errors; and follows

APA style for any references and citations.

9 Points

Submission is not

well organized,

and/or does not follow

instructions provided; and/or

contains

grammar and/or spelling errors;

and/or does not follow APA style

for any references and

citations. May

demonstrate inadequate level

of writing.

0-8 Points

Document is

poorly written

and does not convey the

necessary information.

15

TOTAL Points

Possible

100

Effective Professional Writing: The Memo

Adapted from a presentation by Xavier de Souza Briggs,

Department of Urban Studies and Planning, MIT

I F S M 2 01

Licensing Information This work “Effective Professional Writing: The Memo”, a derivative of Effective Professional Writing: The

Memo, by the Massachusetts Institute of Technology, is licensed under a Creative Commons Attribution-

NonCommercial-ShareAlike 4.0 International License. “Effective Professional Writing: The Memo” by

UMGC is licensed under a Creative Commons Attribution-NonCommercial-

ShareAlike 4.0 International License.

“To do our work, we all have to read a mass of papers. Nearly all of them are far too long. This wastes time, while energy has to be spent in looking for the essential points. I ask my colleagues and their staffs to see to

it that their Reports are shorter.”

- W I N STO N C H U R C H I L L , AU G U ST 9 , 19 4 0

- S O U RC E ( A O N E PAG E R E A D ) : C H U RC H I L L’ S “ B R E V I T Y ” M E M O

Writing Memos

The context of professional writing

Why write memos?

How to write them?

How to make them better?

3

The Context

The workplace or field:

◦ Time is precious.

◦ Information has substantive as well as political implications.

The decision-maker as reader:

◦ Busy and distracted (attention “spread thin”), not necessarily patient while you get to the point.

◦ Info needs are varied, unpredictable, fluid.

◦ Decision-maker sometimes offers vague instructions.

4

Academic vs. professional writing

Differences (when writing concisely)

◦ The academic reader often demands nuance and relevance to established lines of thinking, while the professional reader wants the “so what’s” for their decision making emphasized (relevance to their

actions).

◦ An academic assignment assumes a small and benevolent audience, but professional documents can be “leaked,” end up in the hands of unintended readers.

Similarities

◦ Strong essays and strong memos both start with your main ideas, but essays usually build toward conclusion and synthesis. The memo’s conclusions are usually right up top.

◦ In both, persuasive argument = clear viewpoint + evidence

◦ In both, addressing counter-arguments tends to strengthen your case.

5

Top mistakes in memos

Content: ◦ off point or off task (major substantive

omissions, given the request);

◦ impolitic (risks political costs if leaked);

◦ inappropriate assumptions as to background knowledge;

◦ no evidence.

Organization: ◦ important info “buried,”

◦ no summary up top, format confusing, not “skim-able.”

◦ Sentences long and dense,

◦ headings an after-thought.

Style: ◦ language too academic, too “preachy,”

or too casual;

◦ sentences long and/or dense.

6

Why write memos?

Professional communication

◦ Efficient

◦ Persuasive

◦ Focused

Two types of memos:

◦ Informational (provide analytic background)

◦ Decision or “action” (analyze issues and also recommend actions)

7

Consider Your Message in Context

Purpose Audience

Message

8

Use a Clear Structure

Summary:

◦ Summarize the entire memo

◦ Highlight major points to consider

Background:

◦ State the context

Body:

◦ Prove it, analyze it, address counter arguments (if any)

Conclusion:

◦ Outline Next Steps or Next Questions

9

Action Memos: Recommend Decisions

Summary:

◦ Summarize the entire memo, clearly, but more importantly, concisely

◦ State the broad recommendation(s)

◦ If the decision-maker reads only this section/paragraph, will he/she know what the situation is/recommendation(s) is/are (without necessarily knowing specific action steps)

Background:

◦ Provide the context

Body:

◦ Prove it/Analyze it, perhaps with pros/cons by option (if there are multiple options)

Conclusion:

◦ Outline next steps, don’t merely restate recommendation(s)

10

Tip: Construct a Clear, Concise, Coherent Argument

In your opening summary, you may use more than one sentence to describe overall goals or

recommendations, however, as an exercise it typically helps to try to state your argument in one

sentence. Expand on the sentence as needed as your construct your opening summary.

Examples:

◦ In order to recreate the organization’s image and reorganize our internal structure in the next 6 months, we should focus on X, Y and Z.

◦ While the company is in compliance with State of California Privacy laws with respect to X, Y and Z, there are two areas that still need to be addressed to reach our goal of 100% compliance: A and B.

11