Socissues Prelim
Socissues Prelim
Socissues Prelim
As part of the evaluation process, weigh various laws, However, the decisions made with this approach can be
guidelines, and principles that may apply. Also consider influenced by personal bias toward a particular group,
the likely consequences of each alternative from several and the decision makers may not even realize their bias.
perspectives – What is the impact on you, your
organization, other stakeholders and the environment? Common Good Approach
The Common Good approach to decision making is
Philosophers have developed many approaches to based on a vision of society as a community whose
ethical decision making. Four common philosophies members work together to achieve a common set of
are the following: values and goals. Decisions and policies that use this
approach attempt to implement social systems,
institutions, and environments that everyone depends
on and that benefit all people.
Implement Decision
Once the alternative is selected, it should be
Virtue Ethics Approach implemented in an efficient, effective, and timely
The Virtue Ethics Approach to decision making focuses manner. This is much easier said than done, since
on how you should behave and think about people tend to resist change.
relationships if you are concerned with your daily life in
a community. Communication is the key to helping people accept a
change. It is imperative that someone whom the
stakeholders trust and respect answer the following
questions: Why are we doing this? What is wrong with The U.S. Code of Federal Regulations defines a person
the current way we do things? What are the benefits of “employed in a professional capacity” as one who meets
the new way for you? these four criteria:
A transition plan must be defined to explain to people 1. One’s primary duties consist of the performance of
how they will move from old way of doing things to the work requiring knowledge of advanced type in a
new way. field of science or learning customarily acquired
by a prolonged course of specialized intellectual
Evaluate the Results instruction and study or work.
After the solution to the problem has been 2. One’s instruction, study, or work is original and
implemented, monitor the results to see if the desired creative in character in a recognized field of
effect was achieved, and observe its impact on the artistic endeavor, the result of which depends
organization and the various stakeholders. Were the primarily on the invention, imagination, or talent
success fully met? Were there any unintended of the employee.
consequences? 3. One’s work requires the consistent exercise of
This evaluation may indicate that further refinements discretion and judgment in its performance.
are needed. If so, return to the problem development 4. One’s work is predominantly and varied in
step, refine the problem of statement as necessary, and character, and the output or result cannot be
work through the process again. standardized in relation to a given period of time.
a. Example: doctors, lawyers, accountants
MODULE 2 -ETHICS FOR IT PROFESSIONALS AND IT
USERS ● A professional is expected to contribute to society,
to participate in a life long training program, to
A professional code of ethics states the principles and keep abreast of developments in the field, and to
core values that are essential to the work of an help develop others professionals
occupational group.
● From a legal standpoint, a professional has passed
A code of ethics serves as a guideline for ethical decision the state licensing requirements and earned the
making, promotes high standards of practice and ethical right to practice here
behavior, enhances trust and respect from the general
public, and provides an evaluation benchmark. ● many professional roles carry special right and
responsibilities
A profession is a calling that requires specialized
knowledge and often long and intensive academic ARE IT WORKERS PROFESSIONALS?
preparation.
Many business workers have duties, background and
● Partial list of IT specialists training that qualify them to be classified as
○ Programmers professionals, including Marketing analyst, financial
○ Systems analysts consultants, and IT specialists.
○ Software engineers
○ Database administrators Its specialists include programmers, system analysts,
○ Local area network (LAN) administrators software engineers, database administrators, Local area
○ Chief information officers (CIOs) network (LAN) administrators, and chief information
officers (CIOs).
● Legal perspective
○ IT workers are not recognized as professionals From a legal perspective, IT workers are not recognized
○ Not licensed as professionals because they are not licensed by the
○ IT workers are not liable for malpractice state or federal government.
Example: malpractice lawsuits – IT workers are not ● "IT users" are practically everyone.
liable for malpractice because they do not meet the ● Alternatively referred to as an end user, a user
legal definition of professional. is any individual who is not involved with
supporting or developing a computer or
Client Sophistication service.
Clients are more aware of what they need from service
providers, more willing to look outside their own Generic types of users
organization to get the best possible services, and Computer users can be broken up into the following
better able to drive a hard bargain to get the best groups based on how experienced the computer user is
possible service at the lowest possible cost. with a computer.
IT worker and an employer typically agree on A trade secrecy is information, generally unknown to
fundamental aspects of the relationship before the the public, that a company has taken strong measures
worker accepts an employment offer. to keep confidential. Trade secrets can include the
design of new software code, hardware designs,
Job title, general performance expectations, specific business plans, the design of a user interface to a
work responsibilities, drug-testing requirements, dress computer program, and manufacturing processes.
code, location of employment, salary, work hours, and
company benefits. Example Intel’s manufacturing process for i7 quad core
processing chip
Many other issues are addressed in the company’s
policy and procedure manual or in the company’s code Whistle-blowing is an effort by an employee to attract
of conduct if exists. Example: protection of company attention to a negligent, illegal, unethical, abusive, or
secrets, vacation policy, time off for a funeral, an illness dangerous act by a company that threatens the public
in the family, use of company resources interest.
Some aspects are addressed by law – for example, an Relationship between It Workers and Clients
employee cannot be required to do something illegal, An IT worker often provides services to clients who
such as falsify the results of a quality assurance test. either work outside the worker’s own organization or
are “internal”.
Some aspects are specific to the role of IT worker
and are established based on the nature of the work or IT worker provides hardware, software, or services at a
project – for example, the programming language to be certain cost and within a given time frame.
used, the type and amount of documentation to
produced, and the extent of testing to be conducted. Fraud is the crime of obtaining goods, services, or
property through deception or trickery. Fraudulent
IT workers must set an example and enforced policies misrepresentation occurs when a person consciously
regarding the ethical use of IT. IT workers have the decides to induce another person to rely and act on the
skills and knowledge to abuse systems and data or to misrepresentation.
allow others to do so. Example Software piracy – laws
and policies. Misrepresentation is the misstatement of incomplete
statement of a material fact. If the misrepresentation
The Business Software Alliance (BSA) is a trade causes the other party to enter into a contract, that
group that represents the world’s largest software and party may have the legal right to cancel the contract and
hardware manufacturers. It mission is to stop the seek reimbursement for damages.
unauthorized copying of software produce by its
members. Breach of contract occurs when one party fails to meet
the terms of a contract.
“Know It, Report It, Reward It” program, individuals
who report software piracy are eligible to receive up to
$1 million in cash rewards.
Material breach of contract occurs when a party fails Another ethical issue is the inappropriate sharing of
to perform certain express or implied obligations, corporate information. Because of their roles, IT
which impairs or destroys the essence of the contract. workers have access to corporate databases of private
and confidential information about employees,
Frequent causes of problems in IT projects: customers, suppliers, new product plans, promotions,
● The customer changes the scope of the project of budgets and so on. It might be sold to other
the system requirement organizations or shared informally during work
● Poor communication between customer and conversations with others who have no need to know.
vendor leads to performance that does not meet
expectations Relationship between IT Workers and IT Users
● The vendor delivers a system that meets
customer requirements, but a competitor comes ● IT users – the person who uses a hardware or
out with a system that offers more advanced and software product from the IT worker who develop,
useful features install, service, and support the product.
● The customer fails to reveal information about ● IT users need the product to deliver organizational
legacy systems or databases that make the new benefits or to increase their productivity.
system extremely difficult to implement. ● IT workers have a key responsibility to establish
an environment that supports ethical behavior by
Relationship between IT Workers and Suppliers users.
● Software piracy, minimizes the inappropriate use
Bribery involves providing money, property, or favors of corporate computing resources, and avoids the
to someone in business or government to obtain a inappropriate sharing of information.
business advantage.
Relationship between IT Workers and Society
Example A software supplier sales representative who
offer money to another company’s employee to get its Regulatory laws established safety standards for
business. This type of bribe is often referred to as a products and services to protect the public. The action
kickback or a payoff. of an IT worker can affect society.
IT SECURITY INCIDENTS: MAJOR CONCERN In addition, event though they have been warned
against doing so, some computer users share their login
The security of information technology used in business ID and password with other coworkers who have
is of utmost importance. Confidential business data and forgotten their passwords. This can enable workers to
private customer and employee information must be gain access to information systems and data for which
safeguarded, and systems must be protected against they are not authorized.
malicious acts of theft or disruption. Business
managers, IT professionals, and IT users all face a Expanding and Changing Systems Introduce New
number of ethical decisions regarding IT security. Risks
Business has moved from era of stand-alone computers,
WHY COMPUTER INCIDENTS ARE SO PREVALENT in which critical data are stores on an isolated
mainframe computer in a locked room, to an era in
In today’s computing environment of increasing which personal computers connect to networks with
complexity, higher user expectations, expanding and millions of other computers, all capable of sharing
changing systems, and increased reliance on software information.
with known vulnerabilities, it is no wonder that the
number, variety, and impact of security incidents are Businesses have moved quickly into e-commerce,
increasing dramatically. mobile computing, collaborative work group, global
business, and interorganizational information systems.
MOST COMMON SECURITY INCIDENTS Information technology has become a necessary tool for
organizations to achieve their goals.
Rootkits
● A rootkit is a set of programs that enables its
user to gain administrator level access to a
Trojan Horses computer without the end user’s consent or
● A Trojan horse is a program in which malicious knowledge.
code is hidden inside a seemingly harmless ● Attackers can use the rootkits to execute files,
program. The program’s harmful payload can access logs, monitor users activity, and change
the computer’s configuration. Rootkits are one IMPLEMENTING TRUSTWORTHY COMPUTING
part of a blended threat, consisting of the Trustworthy computing is a method of computing that
dropper, loader and rootkit. delivers secure, private, and reliable computing
● The dropper code gets the rootkit installation experience based on sound business practices.
started and can be activated by clicking on a
link to malicious Website in an e-mail or Ex. Microsoft has pledged to deliver on a trustworthy
opening an infected .pdf fi computing initiative designed to improve trust in its
● The dropper launches the loader program and software products
then deletes itself.
● Rootkits are designed so cleverly that it is MICROSOFT’S FOUR PILLARS OF TRUSTWORTHY
difficult to even discover if they are installed on COMPUTING
a computer.
● Here are some of the rootkit infections:
● Security ● Reliability
● The computer locks up or fails to respond to
input from the keyboard or mouse. ● Privacy ● Business Integrity
● The screen saver changes without any action
on the part of the user. RISK ASSESSMENT
● The taskbar disappears.
● Network activities function extremely slowly. Risk Assessment is the process of assessing
security-related risks to an organization’s computers
● *Reformat the disk, reinstall the OS and and networks from both internal and external threats.
applications, reconfigure the user’s settings –
but all locally held data and settings may be The goal of risk assessment is to identify which
lost. investments of time and resources will best protect the
organization from its likely and serious threats.
Spam
● E-mail spam is the abuse of e-mail systems to An asset is any hardware, software, information system,
send unsolicited e-mail to large numbers of network or database that is used by the organization to
people. achieve its business objectives.
● Most are in a form of low-cost commercial
advertising A loss event is any occurrence that has a negative
● It is also an extremely inexpensive method of impact on an asset (computer contracting a virus or
marketing used by many legitimate Web sites undergoing a distributed denial of service
organizations. attack)
● It may also be used to deliver harmful worms
or other malware. ESTABLISHING A SECURITY POLICY
● A partial solution is the use of CAPTCHA to
ensure that only humans obtain free accounts. A security policy defines an organization’s
Completely Automated Public Turing Test to requirements, as well as the control and sanctions
Tell Computers and Humans Apart software needed to meet those requirements. A security policy
generates and grades test that human can pass outlines what needs to be done but not how to do it.
but all but the most sophisticated computer
programs cannot. Ex. The National Institute of Standards and Technology
(NIST) is a nonregulatory federal agency within the US
Department of Commerce. Its Computer Security
Division develops security standards and technology
against threats to the confidentiality, integrity and
availability of information and services.
NIST SP 800 – series of documents which provides Implementing Safeguards Against Attacks by
useful definitions, policies and guidelines related to IT Malicious Insiders
security. Deletes employees account, password and login IDs
Ex. if a written policy states that password must be Conducting Periodic IT Security Audits
changed every 30 days, the use of e-mail attachments,
the use of wireless devices Security Audit is an important tool that evaluates
whether an organization has a well-considered security
A virtual private network (VPN) works by using the policy in place and if it is being followed
Internet to relay communications, it maintains privacy ● Detection - Intrusion detection system
through security procedures and tunneling protocols, ● Response
which encrypt data at the sending end and decrypt it at ● Incident Notification
the receiving end. ● Protection of Evidence and Activity Logs
● Incident Containment
EDUCATING EMPLOYEES, CONTRACTORS, AND ● Eradication
PART-TIME WORKERS ● Incident Follow-up
PREVENTIONS