Unique Ethical Issues
Marketing Ethics
Marketing professionals with a backbone reap great rewards, including a solid career with the potential for advancement. But the high road is not always the easiest path to take. Making moral decisions also requires intelligence and forethought. It’s easy to fudge the truth to make a sale and believe the bottom line will be the better for it. In fact, everyone in business is wise to develop moral fibers, because ethical problems often lead to legal problems, which bite into profits, not to mention your career ladder. The first step to confronting any dilemma is recognizing the moral dimension of it. Only then can you properly weigh the pros and cons of your options. National and international organizations have developed marketing codes of ethics to guide business practices. When a business commits to a marketing code of ethics, it commits to conducting its affairs with integrity and with the customer’s well-being in mind. The Business Marketing Association (BMA) list things such as branding, promotion, and community outreach as areas of marketing good conduct. Categories for marketing ethics may include ethical norms and values as defined by the American Marketing Association (AMA), along with means of implementation. Here are common ethical dilemmas you’re likely to face as a marketing professional and steps to keep your reputation intact (Boundless, 2017).
Marketing ethics addresses principles and standards that define acceptable conduct in the marketplace. Marketing usually occurs in the context of an organization, and unethical activities usually develops from the pressure to meet performance objectives. Some obvious ethical issues in marketing involve clear-cut attempts to deceive or take advantage of a situation. This is usually in the benefit of a company’s bottom line in profits. These companies play on the public morals and ethical standards even if that’s what they believe in as an organization. Other ethical marketing dilemmas include, but is not limited to, selling customer information, recalling of flawed products, hiring actors to praise the company (stealth marketing), and finally market comparison (Ferrell, 2017). All will be discussed using the following references:
References
Anastasia. (2015, February 6). Social Responsibility & Ethics in Marketing. Retrieved from Cleverism: https://www.cleverism.com/social-responsibility-ethics-marketing/
Ashe-Edmunds, S. (2017). Chron. Retrieved from Ethics in Marketing Communication: http://smallbusiness.chron.com/ethics-marketing-communication-40554.html
Boundless. (2017). Ethics in Marketing. Retrieved from LUMEN: https://courses.lumenlearning.com/boundless-marketing/chapter/ethics-in-marketing/
Ferrell, D. L. (2017). college cengage. Retrieved from Marketing Ethics: http://college.cengage.com/business/modules/marktngethics.pdf
Meglio, F. D. (2017). Ethics in Marketing. Retrieved from Monster: https://www.monster.com/career-advice/ ...
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Unique Ethical IssuesMarketing Ethics .docx
1. Unique Ethical Issues
Marketing Ethics
Marketing professionals with a backbone reap great rewards,
including a solid career with the potential for advancement. But
the high road is not always the easiest path to take. Making
moral decisions also requires intelligence and forethought. It’s
easy to fudge the truth to make a sale and believe the bottom
line will be the better for it. In fact, everyone in business is
wise to develop moral fibers, because ethical problems often
lead to legal problems, which bite into profits, not to mention
your career ladder. The first step to confronting any dilemma is
recognizing the moral dimension of it. Only then can you
properly weigh the pros and cons of your options. National and
international organizations have developed marketing codes of
ethics to guide business practices. When a business commits to
a marketing code of ethics, it commits to conducting its affairs
with integrity and with the customer’s well-being in mind. The
2. Business Marketing Association (BMA) list things such as
branding, promotion, and community outreach as areas of
marketing good conduct. Categories for marketing ethics may
include ethical norms and values as defined by the American
Marketing Association (AMA), along with means of
implementation. Here are common ethical dilemmas you’re
likely to face as a marketing professional and steps to keep your
reputation intact (Boundless, 2017).
Marketing ethics addresses principles and standards that define
acceptable conduct in the marketplace. Marketing usually
occurs in the context of an organization, and unethical activities
usually develops from the pressure to meet performance
objectives. Some obvious ethical issues in marketing involve
clear-cut attempts to deceive or take advantage of a situation.
This is usually in the benefit of a company’s bottom line in
profits. These companies play on the public morals and ethical
standards even if that’s what they believe in as an organization.
Other ethical marketing dilemmas include, but is not limited to,
selling customer information, recalling of flawed products,
hiring actors to praise the company (stealth marketing), and
finally market comparison (Ferrell, 2017). All will be discussed
using the following references:
References
Anastasia. (2015, February 6). Social Responsibility & Ethics in
Marketing. Retrieved from Cleverism:
https://www.cleverism.com/social-responsibility-ethics-
marketing/
Ashe-Edmunds, S. (2017). Chron. Retrieved from Ethics in
Marketing Communication:
http://smallbusiness.chron.com/ethics-marketing-
communication-40554.html
Boundless. (2017). Ethics in Marketing. Retrieved from
LUMEN: https://courses.lumenlearning.com/boundless-
marketing/chapter/ethics-in-marketing/
Ferrell, D. L. (2017). college cengage. Retrieved from
Marketing Ethics:
3. http://college.cengage.com/business/modules/marktngethics.pdf
Meglio, F. D. (2017). Ethics in Marketing. Retrieved from
Monster: https://www.monster.com/career-advice/article/ethics-
in-marketing
Publishing, A. (2016). Statement of Ethics. Retrieved from
American Marketing Association :
https://archive.ama.org/Archive/AboutAMA/Pages/Statement%2
0of%20Ethics.aspx
Saylor. (2014). Common Ethical Workplace Dilemmas. In T. S.
Foundation. The Saylor Foundation.
Saylor. (2014). Marketing Ethics. In Business Ethics. The
Saylor(1)Foundation. Retrieved from Introduction to Tort Law:
http://www.saylor.org/books
Sojka, J. (1994). Ethical Concerns in Marketing Research .
Retrieved from Association for Consumer Research:
http://www.acrwebsite.org/volumes/7623/volumes/v21/NA-21
unknown. (2012). Ethical marketing . Retrieved from Marketing
School: http://www.marketing-schools.org/types-of-
marketing/ethical-marketing.html
I did run “JDRF” Advanced Networking Scan
I have following these steps:
To run the Advanced Network Scan
1. Click New Scan
2. Choose advanced scan from the available templates
3. In the name field, type the full name of the client
4. In the targets field, type the domain name of the client's
website (without http(s)://www.)
5. Click the down arrow next to save
6. Press Launch
“This is the information about the running Advanced
Networking Scan of “JDRF”.
Name: Juvenile Diabetes Research Foundation
Status: Running
4. Policy: Web App Scan
Scanner: US Cloud
Scanner Start: Today at 9:59 AM Friday 12/08/2017
The Scanning task was auto-aborted due to some errors.
1-Network Timeout Encountered.
2-Web Application Sitemap.
3-Scan Information.
https://trello.com/c/pvHWwwJB
https://trello.com/c/pvHWwwJB
I have learned from CFC those things:
Phase 1 - Pre-Assessment
Pre-assessment is the first part of a penetration test and consists
of Information Gathering and Threat Modeling. The goal is to
lay the foundation for the exploitation phase of the penetration
test.
Information Gathering
In the context of pre-assessment, information gathering consists
of two things: performing reconnaissance and footprinting and
scanning and enumeration. These two tasks can be roughly
divided up into the following two tasks.Passive Information
Gathering
Passive information gathering involves tasks that does not
affect the target network in a noticeable way (like a port scan
would), but still produces valuable information.
Here are some passive information gathering tasks:
5. · Check Job Postings
· Employee Footprinting
· “Google Hacking”
· Whois Query
· ShodanShodan
Shodan is a search engine for computers. By using keywords,
you can find computers on the web. Shodan is used as part of
the pre-assessment process. There is both a web application and
terminal application. The web application can be found at
shodan.io. The login information is as follows:Username:
Password:
Some useful filters include:
Command
Example
Org
org:Microsoft
Net
net:192.168.1.10
Hostname
hostname:microsoft.com
port
port:445
Title
title:"server room"
Html
html:phpinfo.php
Os
os:Linux
Product
product:Apache
Version
version:1.6.2
These filters can be combined for more refined searches.
The Shodan website is easier to use and more functional then
the terminal version.
6. The terminal version can be used through Kali Linux, however
it is not installed by default. You can test to see if it is already
installed by typing shodan -h in a terminal. If all of the options
and switches show up, you are good to go (if not, instructions
are on shodan.io). Refer to these options and switches for usage.
Additional Resources:
· Basic Security Testing with Kali Linux 2 by Daniel Dieterle
active information Gathering
Active information gathering involves tasks that deliberately
probe the target's network, such as a port scan. Since they are
active, it is possible that the target will notice these activities.
Active tasks should be completed after passive ones.
Here are the active information gathering tasks:
· Ping
· Traceroute
· NmapPing
[Image: file:///-
/blob/BXfAAAGvhjq/SunoQXzzopf3cRWmPP4tVQ] The ping
command allows a user to send an ICMP echo packet to a
destination host. If the destination host is live and not blocked
by a firewall, it will respond to the packet. ping is part of the
Pre-Assessment process and provides documents a clients IP
address.
Here is what a ping scan's output might look like:
To run a ping command open up terminal. Enter a command
with the following format: ping example-domain.com -c 5 >
~/Desktop/OrganizationName_ping_$(date +%b%d_%Y).txt
Note: be sure to change “OrganizationName” to the actual name
7. of the organization!p
-c 5 indicates that we only want five ICMP echo messages to be
sent.
> ~/Desktop/OrganizationName_ping_$(date+%b%d_%Y).txt
indicates that we want to save the output to the desktop in a text
file called OrganizationName_ping_TodaysDate.
Note: $(date +%b%d_%Y ) is interpreted by the terminal and
translator to today's date.
If running a ping as part of a client's Pre-Assessment, make sure
to save the outputted text file or screenshot in the client's
iCloud folder.
Traceroute
Note: there are currently issues with traceroute when using Kali
Linux. It seems there is a firewall blocking outgoing packets
right away. For now, use the “Network Utility” or terminal on
the Mac computers to perform traceroutes.
Traceroute is a command that shows that path a packet takes as
it traverses to a target. Traceroute is part of the pre-assessment
process.
To run a traceroute command open up terminal and Enter a
command with the following format: traceroute example-
domain.com > ~/Desktop/OrganizationName_traceroute_$(date
+%b%d_%Y).txt
>~/Desktop/OrganizationName_traccceroute_$(date+%b%d_%Y
).txt indicates that we want to save the output to the desktop in
a text file called OrganizationName_traceroute_TodaysDate.
$(date +%b%d_%Y).txt indicates that we want todays date
inserted at the end of the file.
8. Here is what an output may look like:
[Image: file:///-
/blob/cYQAAA7ZU0S/b7kbkyTYhG2WjKXs6gap8w]
Note: the command for traceroute on a windows machine is
tracert.
If running traceroute for a clients pre-assessment > screenshot
and save to appropriate client's CSC 20 folder.
Nmap
nmap is a command-line tool that allows us to scan an IP
address for open ports. It also has a GUI version (Zenmap - the
SOP for which can be found at the bottom of this document).
Knowing which ports are open and what services are running on
those port allows us to pick compatible exploits. Running an
nmap scan is part of the Pre-Assessment process.
Zenmap
· Open VMWare Fusion -> log into Kali Linux (username: root /
password: toor) -> on left side, click on the 9 dot button
(equivalent of Windows Start Menu) -> Search for Zenmap ->
Open leftmost Zenmap application
· Type IP address or domain name from the IP Address Lookup
procedure into the Target box Select Intense Scan -> Scan
· Multiple screenshots will be required. Here is what’s needed:
· Save scan to Kali Linux Desktop by going to the Zenmap
Menu Bar à Scan à Save Scan (Ctrl+S).
· Move to the Ports / Hosts tab and take a screenshot. The name
of this procedure is PortsHosts.
· Move to the Topology tab. You should see a diagram called a
Fisheye. Click Save Graphic (R side of the window) à This
procedures name is Fisheye à Make sure to change Select File
Type at bottom is set to PNG à Save to Kali Linux Desktop
· Move to the Host Details tab à Take a screenshot (it’s ok if
some of the information is cut off) and the name of this
procedure is HostDetails
9. · By this point there should be two files on Kali Desktop. Right
click on each file and click copy within Kali Linux. Go into
OSX and then paste the file to iCloud à Company name à CSC
20: Penetration Testing.
· Be sure to remove the files from the Kali Linux Desktop once
you are finished
In the end we need information on, ports/hosts, topology, host
details, and the entire scan saved in the client's CSC 20 folder.
· Phase 2 - Vulnerability Scanning
· After information has been gathered during pre-assessment, it
is time to start enumerating vulnerabilities - both in the target
host and the web application that host is running. Luckily, we
have (heavy-duty, expensive) tools to help us find these
vulnerabilities which are Nessus and Acunetix.
We use Nessus to scan for external network vulnerabilities,
while Acunetix is used to scan for web applications
vulnerabilities. It is important to understand the distinction
between these two types of scans: Nessus is used to tell us if
target networks/hosts are adequately hardened; Acunetix is used
to tell us if the web application running on the target host is
adequately hardened.
Nessus scans should be run before Acunetix, because we want
to know that state of the target hosts before we know the state
of the software running on those hosts. In other words, what
good is a secure web application if an attacker can easily break
in and have complete control over the computer running that
10. software?Phase 4 - Reporting
After scans and exploitation are conducted, reports are created
to inform the client of vulnerabilities found. As of this writing
(Feb 16th), the CFC is issuing a report after external
vulnerability tests are conducted against the client's web
application and network vulnerabilities using Acunetix and
Nessus. A separate report will be created for exploitations later
on after the client has had time to remediate any issues.
Writing a Report
After running Acunetix and Nessus, reports are saved into the
client's iCloud folder. The items in these documents are what is
included in the report.What you need:
· The Acunetix and Nessus PDF report for the company, found
in their iCloud folder
· The External Penetration Testing Report Template found in
the CFC folder under Penetration Testing
· DO NOT save over the original template. Save it as a new
document with the client's name and “External Pen Test Report”
The Process
Not all items will be included in the report. Some items, such as
Low vulnerabilities, are not necessary to include in the report.
Remember that the purpose of conducting these assessments is
to find the client's current vital weaknesses and to inform them
of these vulnerabilities.
Important Note: actually, look into the links to each
vulnerability to see if you can find anything of interest. You
should not blindly copy of the results of Acunetix scans. As
cyber fusion analysts, it is our job to analyze!
It is important to dig deeper into the vulnerabilities Acunetix or
Nessus finds. Simply copying the vulnerability info is not
enough, we have found a lot of sensitive data by taking that
extra step!
11. Follow the template and refer to past reports if necessary. As
always, ask a peer for help! Sharing knowledge is caring!What
to include from acunetix scans:
· Include all HIGH ranked vulnerabilities in the report. These
are critical security vulnerabilities that the client should
address.
· Include only important Medium vulnerabilities if you deem
them important. Use your own discretion and refer to your peers
or the faculty member on duty for advice.
· Limit the number of vulnerabilities told the client to the most
critical items. If we flood the client with 10 vulnerabilities, they
are most likely to be overwhelmed. Limiting the report to a
handful of the most critical vulnerabilities will enable the client
to focus their remediation efforts on the most important items.
Recall that there's always a level of acceptable risk!
Finding an IP Address
· Finding the IP Address:
· Mac:
· Click on the search magnifying glass -> search “terminal” ->
Open Terminal -> type the following:
· ping www.whateverthewebsitenameis.com
· CTRL-C will stop the process
· Note the IP address listed
· Windows
· Start -> type “cmd” in the search bar” -> open cmd -> type the
following: ping www.websitenamehere.com
· CTRL-C will stop the process
· Note the IP address listed
· Linux
· Open the terminal -> type ping www.websiteaddresshere.com
· CTRL-C will stop the process
· Note the IP address listed
· Take a screenshot or equivalent and name the procedure Ping
(i.e. OrganizationName_Ping_Date)
12. · Important to Note!
Don't hit the same IP/domain name with both an Acunetix and
Tenable scan at the same time. It will slow the whole process
down and may appear as a DDOS attack.
Nessus
To run a Nessus scan, open up a web browser and go to
https://cloud.tenable.com
You will be prompted to login. The username is .and the
password is the standard CFC password
If you are running the scan on one of the PCs, the names of each
PC are below.
· Desk one log in as CyberFusion1
· Desk two log in as cyber
· Desk three log in as CyberFusion3
Password is the standard CFC password.
Performing the scan
To run the Advanced Network Scan
7. Click New Scan
8. Choose advanced scan from the available templates
9. In the name field, type the full name of the client
10. In the targets field, type the domain name of the client's
website (without http(s)://www.)
11. Click the down arrow next to save
12. Press Launch
To run the Web App Scan
1. Click New Scan
2. Choose Web App Scan from the available templates
3. IN the name field, type the full name of the client
4. In the targets field, type the domain name of the client's
website (with http (s)://www.)
5. Click the down arrow next to save
6. Press Launch
Storing the results of the scan
1. Click on the name of the scan you wish to view the results
13. 2. Click on export in the upper-right-hand side of the screen
3. Export to HTML
4. Change the report to custom
5. Click export
6. The scan results will be point in the Downloads folder in
Finder
7. Copy the results from Downloads into the appropriate clients
iCloud drive folder
Acunetix: We are not currently running anymore Acunetix scans
at this time.
To run an Acunetix scan, type in Acunetix in the search bar on
PC 2
Note: that the Acunetix service must be running on the
computer for the web interface to work. If having trouble, type
net start in a windows command prompt. This will produce a list
of currently running services. If Acunetix does not appear on
this list, then it must be started.
Performing the scan
1. The client's website must be added to targets; Click on
Targets on the left-hand side of the screen
2. Click add target
3. Enter the client's domain name into the address box
4. Click Scan
5. Change report to Affected Items
6. Click create Scan
7. The scan will begin and will take some time to complete
Storing the results of the scan
1. Go to the Reports tab
2. Click “New Report”
3. Click “Scan Report”
4. Click on the checkmark next to the client you want a report
for
5. Click “Generate Report”
6. Select “Affected Items” for the template
7. Click “Generate Report”
14. 8. After the report finished processing, click the bell icon in
upper-right
9. The latest report should be at the top of the list
10. Click “Download”
11. Store the report in the client's iCloud drive
Follow the template and refer to past reports if necessary. As
always, ask a peer for help! Sharing knowledge is caring!
What to include from acunetix scans:
* Include all **HIGH **ranked vulnerabilities in the report.
These are critical security vulnerabilities that the client should
address.
* Include only important **Medium** vulnerabilities if you
deem them important. Use your own discretion and refer to your
peers or the faculty member on duty for advice.
* Limit the number of vulnerabilities told the client to the most
critical items. If we flood the client with 10 vulnerabilities, they
are most likely to be overwhelmed. Limiting the report to a
handful of the most critical vulnerabilities will enable the client
to focus their remediation efforts on the most important items.
Recall that there's always a level of acceptable risk!
Note: You can write about:
1- “Trello” what is it and how to use it.
2- “Slack” what is it and how to use it.
I did
15. run “
JDRF
”
Advanced Networking Scan
I have
following
these
steps
:
To run the Advanced Network Scan
1.
Click New Scan
2.
Choose advanced scan from the available templates
3.
In the name field, type the full name of the client
4.
In the targets field, type the domain name of the client's website
(without
http(s)://www.
)
5.
Click the down arrow next to save
16. 6.
Press Launch
“This is the information about the running
Advanced Networking Scan of “JDRF”.
Name:
Juvenile
Diabetes
Research
Found
ation
Status:
Running
Policy:
Web
App
Scan
Scanner:
US
Cloud
18. 3
-
Scan Information.
https://trello.com/c/pvHWwwJB
https://trello.com/c/pvHWwwJB
I did run “JDRF” Advanced Networking Scan
I have following these steps:
To run the Advanced Network Scan
1. Click New Scan
2. Choose advanced scan from the available templates
3. In the name field, type the full name of the client
4. In the targets field, type the domain name of the client's
website (without http(s)://www.)
5. Click the down arrow next to save
6. Press Launch
“This is the information about the running Advanced
Networking Scan of “JDRF”.
Name: Juvenile Diabetes Research Foundation
Status: Running
Policy: Web App Scan
Scanner: US Cloud
Scanner Start: Today at 9:59 AM Friday 12/08/2017
The Scanning task was auto-aborted due to some errors.
1-Network Timeout Encountered.