SOCIAL AND PROFESSIONAL ISSUES 93% - Armenia

92% - Bangladesh, Azerbaijan, and Moldova

MODULE 1: OVERVIEW OF ETHICS
Lowest piracy rate
WHAT IS ETHICS? 22% - New Zealand
21% - Luxembourg
Each society forms a set of rules that establishes the 20% - United States
boundaries of generally accepted behavior. These rules
are often expressed in statements about how people Virtues - Vices
should behave, and they fit together to form the moral ● Virtues are habits that incline people to do
code by which the society lives. Unfortunately, the what is acceptable.
different rules often have contradictions, and people are ● Ex. Fairness, generosity, loyalty
sometimes uncertain about which rule to follow.
● Vices are habits of unacceptable behavior.
For instance, if you witness a friend copy someone ● Ex. Vanity, greed, envy and angry
else’s answers while taking the exam, you might be
caught in a conflict between loyalty to your friend and People’s virtues and vices help define their personal
the value of telling the truth. value system - the complex scheme or moral value by
which they live.
The term morality refers to social conventions about
right and wrong that are so widely shared that they Importance of Integrity
become the basis for an established consensus.
Your moral principles are statements of what you
Individual views of what is moral may vary by age, believe to be rules of right conduct.
culture group, ethnic background, religion, life
experiences, education, and gender. A person who acts with integrity acts in accordance
with a personal code of principles. One approach to
In the United States, for example, issues such as acting with integrity-one of the cornerstone of ethical
abortion, the death penalty, and gun control are behavior-is to extend all people the same respect and
continuously debated, and both sides feel that their consideration that you expect to receive from others.
arguments are on solid moral ground.
For example, you might believe it is important to do as
Definition of Ethics your employer requests while also believing that you
should be fairly compensated for your work. Thus, if
Ethics is a set of beliefs about right and wrong behavior your employer insists that you do not report the
within a society. Ethical behavior conforms to generally overtime hours that you have worked due to budget
accepted norms-many of which are almost universal. constraints, a moral conflicts arises. You can do as your
employer requests, or you can insists of being fairly
However, although nearly everyone would agree that compensated, but you cannot do both. In this situation,
lying and cheating are unethical, opinions about what you may be forced to compromise one of your
constitutes ethical behavior often vary dramatically. principles and act with an apparent lack of integrity.
Ex. attitudes towards software piracy – that is, the
practice of illegally making copies of software or Another form of inconsistency emerges if you apply
enabling others to access software to which they are not moral standards differently according to the situation
entitled-range from strong opposition to acceptance of or people involved.
practice as a standard approach to conducting business.
For example, you might consider it morally acceptable
In 2007, 38% of all software in circulation worldwide to tell a little white lie to spare a friend some pain or
was pirated- at a cost of nearly $48 billion USD. embarrassment, but would you lie to work colleague or
customer about a business issue to avoid
Highest piracy rate unpleasantness?
 Why Fostering Good Business Ethics Is Important
Many ethical dilemmas are not as simple as right versus
wrong but involve choices between right versus right. Organizations have at least 5 good reasons for
promoting a work environment in which employees are
As an example, for some people it is “right” to protect encouraged to act ethically when making business
the Alaskan wildlife from being spoiled and also “right” decisions:
to find new sources of oil to maintain U.S. reserves, but ● Gaining the good will of the community
how do they balance these two concerns? ● Creating an organization that operates
consistently
The difference between Morals, Ethics and Laws ● Fostering good business practices
● Protecting the organization and its employees
Morals are one’s personal beliefs about right and from legal action
wrong. ● Avoiding unfavorable publicity
● Gaining the Good Will of the Community
Ethics describes standards or codes of behavior ● Although organizations exist primarily to earn
expected of an individual by a group to which an profit and provide service to customers, they
individual belongs. also have some fundamental responsibilities to
For example, the ethics of the law profession demand society
that defense attorneys defend an accused client to the
best of their ability, even if they know that the client is Microsoft ‘s statement of values
guilty.
Our Values
Laws is a system of ruled that tells us what we can and As a company, and as individuals, we value integrity,
cannot do. Laws are enforced by a set of institutions. honesty, openness, personal excellence, constructive
Legal acts are acts that conform to the law. self-criticism, continual self-improvement, and mutual
respect. We are committed to our customers and
Moral acts conform with what an individual believes to partners and have a passion for technology. We take on
be the right thing to do. Laws can proclaim an acts as big challenges, and pride ourselves on seeing them
legal, although many people may consider the act through. We hold ourselves accountable to our
immoral – for example, abortion. customers, shareholders, partners, and employees by
honoring our commitments, providing results, and
Ethics in Business World striving for the highest quality.
Ethics has risen to the top of the business agenda
because the risks associated with inappropriate Examples of IT organizations’ socially responsible
behavior have increased, both in their likelihood and in activities
their potential negative impact.
The good will that socially responsible activities create
Collapsed of financial institutions due to unwise and can make it easier for corporations to conduct their
unethical decision making over the approval of business.
mortgages and lines of credit to unqualified individuals For example, a company known for treating its
and organizations. employee well will find it easier to compete for the best
job candidates.
Numerous US companies moving operations to 3rd
world countries, where employees work in conditions On the other hand, companies viewed as harmful to
that would not be acceptable in most developed parts of their community may suffer a disadvantage.
the world. For example, a corporation that pollutes the air and
water may find that adverse publicity reduces sales,
In today’s recessionary economic climate, organizations impedes relationships with some business partners,
are extremely challenged to maintain revenue and and attracts unwanted government attention.
profits.
Creating an Organization That Operates contrary to corporate policy and their employer’s
Consistently - Organizations develop and abide by directions. The principle established is called
values to create an organizational culture and to define respondeat superior, or “let the master answer”.
a consistent approach for dealing with the need of their
stakeholders-shareholders, employees, customers, Example The collapse in 2002 of Arthur Andersen , one
suppliers and the community. of the “Big Five” international accounting firms.
Andersen was indicted for obstruction of justice for
Consistency means that employees know what is shredding of documents associated with the auditing
expected of them and can employ the organization’s work that a few of its partners performed for Enron.
values to help them in their decision making. Andersen was forced to relinquish its auditing license.
It closed its US offices due to lack of clients and some
Consistency means that stakeholders, customers, 26,000 employees lost their jobs.
suppliers and community know what they can expect of
the organization A coalition of several legal organizations argues that
organizations should “be able to escape criminal
Although each company’s value system is different, liability if they have acted as responsible corporate
many share the following values: citizens, making strong efforts to prevent and detect
● misconduct in the workplace.” One way to do this is to
● Operate with honesty and integrity, staying established ethics and compliance programs.
true to organizational principles
● Operate according to standards of ethical Indeed, in 1991, Department of Justice established
conduct, in words and in action sentencing guidelines that suggest more lenient
● Treat colleagues, customers, and consumers treatment for convicted executives if their companies
with respect have ethics programs. Fines for criminal violations can
● Strive to be the best at what matters most to be lowered by up to 80% if the organization has
the organization implemented an ethics management program and
● Value diversity cooperates with authorities.
● Make decisions based on facts and principles
Avoiding Unfavorable Publicity
Fostering Good Business Practices The public reputation of a company strongly influences
In many cases, good ethics can mean good business and the value of its stock, how consumers regard its
improved profits. products and services, the degree of oversight it
receives from government agencies, and the amount of
Companies that produce safe and effective products support and cooperation it receives from business
avoid costly recalls and lawsuits. partners. Thus, many organizations are motivated to
Companies that provide excellent service retain their build a strong ethic program to avoid negative publicity.
customers instead of losing them to competitors. If an organization is perceived as operating ethically,
customers, business partners, shareholders, consumer
Companies that develop and maintain strong employee advocates, financial institutions and regulatory bodies
relations suffer lower turnover rates and enjoy better will usually regard it more favorably.
employee morale.
Improving Corporate Ethics
Suppliers and other business partners often place The Ethics Research Center has defined the following
priority on working with companies that operate in a characteristics of a successful ethics program:
fair and ethical manner. ● Employees are willing to seek advice about
Protecting the Organization and Its Employees from ethics issues
Legal Action ● Employees feel prepared to handle situations
that could lead to misconduct
In a 1909 ruling, the US Supreme Court established that ● Employees are rewarded for ethical behavior
an employer can be held responsible for the acts of its ● The organization does not reward success
employees even if the employees act in a manner obtained through questionable means
 ● Employees feel positively about their company It includes a set of formal, written statements about the
purpose of the organization, its values, and the
principles that should guide its employees’ actions.
Appointing a Corporate Ethics Officer
A corporate ethics officer also called a corporate An organization’s code of ethics applies to its directors,
compliance officer provides an organization with officers, and employees.
vision and leadership in the area of business conduct.
● he/she should be a well-respected, senior-level The code of ethics focuses employees on areas of ethical
manager who reports directly to the CEO issues, and provides mechanisms for reporting
● Comes from diverse backgrounds, such as legal unethical conduct and fostering a culture of honesty
staff, human resource, finance, auditing, and accountability within the organization.
security or line operations
The code of ethics helps ensure that employees abide
Typically the ethics officer tries to established an by the law, follow necessary regulations and behave in
environment that encourages ethical decision making an ethical manner.
through the actions. Specific responsibilities include:
● Responsibility for compliance – that is, It must be easily accessible by employees, shareholders,
ensuring that ethical procedures are put into business partners and the public. It must be continually
place and consistently adhered to throughout be applied to a company’s decision making and
the organization emphasized as an important part of its culture.
● Responsibility for creating and maintaining the Breaches in the code of ethics must be identified and
ethics culture that the highest level of dealt with appropriately so that the code’s relevance is
corporate authority wishes to have not undermined.
● Responsibility for being a key knowledge and
contact person on issues relating to corporate Intel’s Code of Conduct, May 2007, found at
ethics and principles www.intel.com/intel/finance/docs/code-of-conduct.pd
f, which offers employees guidelines designed to deter
Ethical Standards Set by the Board of Directors wrong doing, promote honest and ethical conduct, and
The board of directors is responsible for the careful and comply with applicable laws and regulations. It also
responsible management of an organization. expresses its policies regarding the environment, health
and safety, intellectual property, diversity,
In a for-profit organization, the board’s primary nondiscrimination, supplier expectations, privacy, and
objective is to oversee the organization’s business business continuity.
activities and management for the benefit of all
stakeholders, including shareholders, employees, Intel’s five principles of conduct
customers, suppliers and community. 1. Intel conducts business with honesty and
integrity
In a nonprofit organization, the board reports to a 2. Intel follows the letter and spirit of the law
different set of stakeholders, particularly the local 3. Intel employees treat each other fairly
community that the nonprofit serves. 4. Intel employees act in the best interests of Intel
and avoid conflict of interest
5. Intel employees protect the company’s assets
and reputation
Establishing a Corporate Code of Ethics
A code of ethics is a statement that highlights an Conducting Social Audits
organization’s key ethical issues and identifies the In a social audit, an organization reviews how well it is
overarching values and principles that are important to meeting its ethical and social responsibility goals, and
the organization and its decision making. communicates its new goals for the upcoming year.
This information is shared with employees,
shareholders, investors, market analysts, customers,
suppliers, government agencies and the communities in
which the organization operates. Creating Ethical Work Environment
How management can affect employees’ ethical
For example, each year Intel prepares its Corporate behavior
Responsibility Report, which summarizes the firm’s
progress towards meeting its ethical and social
responsibility goals.

Partial Intel 2007 Corporate Responsibility Report

Including Ethical Considerations in Decision Making

The decision making process further and point out
where and how ethical considerations need to be
brought into the process.
1. Develop a Problem Statement
2. Identify alternatives
Requiring Employees to Take Ethics Training 3. Evaluate and Choose an Alternative
An organization’s code of ethics must be promoted and 4. Implement Decision
continually communicated within the organization, 5. Evaluate Results
from top to bottom. Organizations can do this by
showing employees examples of how to apply the code Develop a Problem Statement
of ethics in real life. A problem statement is a clear, concise description of
the issue that needs to be addressed. A good problem
Example Comprehensive ethics education program – statement answers the following questions:
presented in small workshop formats in which ● What do people observe that causes them to
employees apply the organization’s code of ethics to think there is a problem?
hypothetical but realistic case studies. Employees may ● Who is directly affected by the problem?
also be given examples of recent company decisions ● Is there anyone else affected?
based on principles from the code of ethics. ● How often does it occur?
● What is the impact of the problem?
Ethics training not only makes employees more aware ● How serious is the problem?
of the company’s code of ethics and how to apply it, but
also demonstrates that the company intends to operate It is the most critical step, without a clear and correct
in an ethical manner. It can also reduce a company’s statement of the problem, the decision will not solve the
liability in the event of legal action. problem.
● gather and analyze facts
Including Ethical Criteria in Employee Appraisals ● make no assumptions
● 43% of organizations include ethical conduct ● identify stakeholders affected by the decision
as part of an employee’s performance
appraisal. Good and poor problem of statement
● Treating others fairly and with respect ● Our product supply organization is continually
● Operating effectively in a multicultural running our of stock of finished products,
environment creating an out-of-stock situation over 15% of
● Accepting personal accountability for meeting our customer orders, resulting to over
business needs $300,000 in lost sales per month.
● Continually developing others and themselves ● We need to implement a new inventory control
● Operating openly and honestly with suppliers, system. (possible solution)
customers and other employees
 ● We have a problem with finished product The assumption is that people are guided by their
inventory. (not specific enough) virtues to reach the “right” decision. A proponent of
virtue ethics believes that a disposition to do right is
Identify Alternatives more effective than following set of principles and rules,
During this stage of decision making, it is ideal to enlist and that people should perform moral acts out of habit,
the help of others, including stakeholders, to identify not introspection.
several alternative solutions to a problem. In providing
participants information about the problem to be Utilitarian Approach
solved, offer just the facts, without your opinion, so you The Utilitarian approach to ethical decision making
don’t influence others to accept your solution. states that you should choose the action or policy that
has the best overall consequences for all people who
During the brainstorming process, try not to be critical are directly or indirectly affected. The goal is to find the
of ideas, as any negative criticism will tend to “shut single greatest good by balancing the interest of all
down” the group, and the flow of ideas will dry up. affected parties.
Simply write down the ideas as they are suggested.
Utilitarian fits easily with the concept of value in
Evaluate and Choose an Alternative economics and the use of cost-benefit analysis in
Once a set of alternatives has been identified, the group business.
attempts to evaluate them based on numerous criteria.
Fairness Approach
● Effectiveness at addressing the issue The Fairness Approach focuses on how fairly actions
● The extent of risk associated with each and policies distribute benefits and burdens among
alternatives people affected by decision. The guiding principle of
● Cost and time to implement this approach is to treat all people the same.

As part of the evaluation process, weigh various laws, However, the decisions made with this approach can be
guidelines, and principles that may apply. Also consider influenced by personal bias toward a particular group,
the likely consequences of each alternative from several and the decision makers may not even realize their bias.
perspectives – What is the impact on you, your
organization, other stakeholders and the environment? Common Good Approach
The Common Good approach to decision making is
Philosophers have developed many approaches to based on a vision of society as a community whose
ethical decision making. Four common philosophies members work together to achieve a common set of
are the following: values and goals. Decisions and policies that use this
approach attempt to implement social systems,
institutions, and environments that everyone depends
on and that benefit all people.

Examples effective educational system, safe and

efficient transportation system, accessible and
affordable health care.

Implement Decision
Once the alternative is selected, it should be
Virtue Ethics Approach implemented in an efficient, effective, and timely
The Virtue Ethics Approach to decision making focuses manner. This is much easier said than done, since
on how you should behave and think about people tend to resist change.
relationships if you are concerned with your daily life in
a community. Communication is the key to helping people accept a
change. It is imperative that someone whom the
stakeholders trust and respect answer the following
 questions: Why are we doing this? What is wrong with The U.S. Code of Federal Regulations defines a person
the current way we do things? What are the benefits of “employed in a professional capacity” as one who meets
the new way for you? these four criteria:

A transition plan must be defined to explain to people 1. One’s primary duties consist of the performance of
how they will move from old way of doing things to the work requiring knowledge of advanced type in a
new way. field of science or learning customarily acquired
by a prolonged course of specialized intellectual
Evaluate the Results instruction and study or work.
After the solution to the problem has been 2. One’s instruction, study, or work is original and
implemented, monitor the results to see if the desired creative in character in a recognized field of
effect was achieved, and observe its impact on the artistic endeavor, the result of which depends
organization and the various stakeholders. Were the primarily on the invention, imagination, or talent
success fully met? Were there any unintended of the employee.
consequences? 3. One’s work requires the consistent exercise of
This evaluation may indicate that further refinements discretion and judgment in its performance.
are needed. If so, return to the problem development 4. One’s work is predominantly and varied in
step, refine the problem of statement as necessary, and character, and the output or result cannot be
work through the process again. standardized in relation to a given period of time.
a. Example: doctors, lawyers, accountants
MODULE 2 -ETHICS FOR IT PROFESSIONALS AND IT
USERS ● A professional is expected to contribute to society,
to participate in a life long training program, to
A professional code of ethics states the principles and keep abreast of developments in the field, and to
core values that are essential to the work of an help develop others professionals
occupational group.
● From a legal standpoint, a professional has passed
A code of ethics serves as a guideline for ethical decision the state licensing requirements and earned the
making, promotes high standards of practice and ethical right to practice here
behavior, enhances trust and respect from the general
public, and provides an evaluation benchmark. ● many professional roles carry special right and
responsibilities
A profession is a calling that requires specialized
knowledge and often long and intensive academic ARE IT WORKERS PROFESSIONALS?
preparation.
Many business workers have duties, background and
● Partial list of IT specialists training that qualify them to be classified as
○ Programmers professionals, including Marketing analyst, financial
○ Systems analysts consultants, and IT specialists.
○ Software engineers
○ Database administrators Its specialists include programmers, system analysts,
○ Local area network (LAN) administrators software engineers, database administrators, Local area
○ Chief information officers (CIOs) network (LAN) administrators, and chief information
officers (CIOs).
● Legal perspective
○ IT workers are not recognized as professionals From a legal perspective, IT workers are not recognized
○ Not licensed as professionals because they are not licensed by the
○ IT workers are not liable for malpractice state or federal government.
Example: malpractice lawsuits – IT workers are not ● "IT users" are practically everyone.
liable for malpractice because they do not meet the ● Alternatively referred to as an end user, a user
legal definition of professional. is any individual who is not involved with
supporting or developing a computer or
Client Sophistication service.
Clients are more aware of what they need from service
providers, more willing to look outside their own Generic types of users
organization to get the best possible services, and Computer users can be broken up into the following
better able to drive a hard bargain to get the best groups based on how experienced the computer user is
possible service at the lowest possible cost. with a computer.

Governance ● Advanced user, hardcore user or power user

More scandals and tougher laws enacted to avoid future - A user with advanced knowledge about
scandals have created an environment in which there is computers software and hardware that require
less trust and more oversight in client-service provider no assistance.
relationships. ● Casual user or regular user - A user who has
some computer experience and can navigate
Connectivity and use the computer without much assistance.
Clients and service providers have built their working ● Basic user, beginner, novice, or newbie - A
relationships on the expectation that they can user who started using a computer and
communicate easily and instantly around the globe requires lots of assistance.
through electronic teleconferences, audio conferences,
e-mail, and wireless devices. Specific types of computer users
A computer user can also be broken up into any of the
Transparency following more specific types of computer users based
- Clients expect to be able to see work-in-progress in on how they use the computer.
real time, and they expect to be able to influence that
work. No longer are clients willing to wait until end
● Administrator ● Newbie
product is complete before they weigh in with
comments and feedback. ● Pirate ● Power User

Modularization ● Programmer ● Script Kiddie

Clients are able to break down their business processes ● Superuser ● Tweaker
into the fundamental steps and decide which they will
perform themselves and which they will outsource to ● Web designer ● Web surfer
service providers.
● Animator ● Blogger
Globalization ● Cracker ● Developer
Clients are able to evaluate and choose among service
providers around the globe, making the service ● End user ● Gamer
provider industry extremely competitive.
● Graphic Artist ● Hacker ; Leecher
Commoditization
Clients look at the delivery of low-end services as a PROFESSIONAL RELATIONSHIPS THAT MUST BE
commodity service for which price is the primary MANAGED
criteria for choosing a service provider. For the delivery
of high-end services, clients seek to form a partnership ● Relationship Between IT Workers and
with their service providers. Employers
● Relationship Between IT Workers and Clients
INFORMATION TECHNOLOGY USERS ● Relationship Between IT Workers and
Suppliers
 ● Relationship Between IT Workers and Other
Professionals Members of BSA
● Relationship Between IT Workers and IT Users
Adobe Apple Autodesk
● Relationship Between IT Workers and Society
Corel Intel HP
Relationship between IT Workers and Employers
Dell Microsoft SAP
IT workers and employers have a critical, multifaceted IBM Cisco Systems Symantec
relationship that requires ongoing effort by both parties
to keep it strong. McAfee

IT worker and an employer typically agree on A trade secrecy is information, generally unknown to
fundamental aspects of the relationship before the the public, that a company has taken strong measures
worker accepts an employment offer. to keep confidential. Trade secrets can include the
design of new software code, hardware designs,
Job title, general performance expectations, specific business plans, the design of a user interface to a
work responsibilities, drug-testing requirements, dress computer program, and manufacturing processes.
code, location of employment, salary, work hours, and
company benefits. Example Intel’s manufacturing process for i7 quad core
processing chip
Many other issues are addressed in the company’s
policy and procedure manual or in the company’s code Whistle-blowing is an effort by an employee to attract
of conduct if exists. Example: protection of company attention to a negligent, illegal, unethical, abusive, or
secrets, vacation policy, time off for a funeral, an illness dangerous act by a company that threatens the public
in the family, use of company resources interest.

Some aspects are addressed by law – for example, an Relationship between It Workers and Clients
employee cannot be required to do something illegal, An IT worker often provides services to clients who
such as falsify the results of a quality assurance test. either work outside the worker’s own organization or
are “internal”.
Some aspects are specific to the role of IT worker
and are established based on the nature of the work or IT worker provides hardware, software, or services at a
project – for example, the programming language to be certain cost and within a given time frame.
used, the type and amount of documentation to
produced, and the extent of testing to be conducted. Fraud is the crime of obtaining goods, services, or
property through deception or trickery. Fraudulent
IT workers must set an example and enforced policies misrepresentation occurs when a person consciously
regarding the ethical use of IT. IT workers have the decides to induce another person to rely and act on the
skills and knowledge to abuse systems and data or to misrepresentation.
allow others to do so. Example Software piracy – laws
and policies. Misrepresentation is the misstatement of incomplete
statement of a material fact. If the misrepresentation
The Business Software Alliance (BSA) is a trade causes the other party to enter into a contract, that
group that represents the world’s largest software and party may have the legal right to cancel the contract and
hardware manufacturers. It mission is to stop the seek reimbursement for damages.
unauthorized copying of software produce by its
members. Breach of contract occurs when one party fails to meet
the terms of a contract.
“Know It, Report It, Reward It” program, individuals
who report software piracy are eligible to receive up to
$1 million in cash rewards.
Material breach of contract occurs when a party fails Another ethical issue is the inappropriate sharing of
to perform certain express or implied obligations, corporate information. Because of their roles, IT
which impairs or destroys the essence of the contract. workers have access to corporate databases of private
and confidential information about employees,
Frequent causes of problems in IT projects: customers, suppliers, new product plans, promotions,
● The customer changes the scope of the project of budgets and so on. It might be sold to other
the system requirement organizations or shared informally during work
● Poor communication between customer and conversations with others who have no need to know.
vendor leads to performance that does not meet
expectations Relationship between IT Workers and IT Users
● The vendor delivers a system that meets
customer requirements, but a competitor comes ● IT users – the person who uses a hardware or
out with a system that offers more advanced and software product from the IT worker who develop,
useful features install, service, and support the product.
● The customer fails to reveal information about ● IT users need the product to deliver organizational
legacy systems or databases that make the new benefits or to increase their productivity.
system extremely difficult to implement. ● IT workers have a key responsibility to establish
an environment that supports ethical behavior by
Relationship between IT Workers and Suppliers users.
● Software piracy, minimizes the inappropriate use
Bribery involves providing money, property, or favors of corporate computing resources, and avoids the
to someone in business or government to obtain a inappropriate sharing of information.
business advantage.
Relationship between IT Workers and Society
Example A software supplier sales representative who
offer money to another company’s employee to get its Regulatory laws established safety standards for
business. This type of bribe is often referred to as a products and services to protect the public. The action
kickback or a payoff. of an IT worker can affect society.

Example a system analyst may design a computer-based

BRIBES GIFTS
control system to monitor a chemical manufacturing
Are made in secret, as Are made openly and process. An error or failure in the system may put
they are neither legally publicly, as a gesture of workers or residents near the plant at risk. As a result,
nor morally acceptable. friendship or goodwill. IT workers have a relationship with society members
who may be affected by their actions.
Are often made indirectly Are made directly from
through a third party. donor to recipient.
IT PROFESSIONAL MALPRACTICE
Encourage an obligation Come with no expectation
for the recipient to act of a future favor for the ● Negligence is not doing something that a
favorably toward the donor. reasonable person would do, or doing something
donor. that a reasonable person would not do.

● Duty of care refers to the obligation to protect

Relationship between IT Workers and Other people against any unreasonable harm or risk.
Professionals
Professional Code of Ethics
Resume Inflation - it involves lying on a resume and A statement of the principles and core values that are
claiming competence in an IT skill that is in high essential to the work of a particular occupational group.
demand.
Most code of ethics have 2 parts: the first outlines
what the organization aspires to become, and the
second typically lists rules and principles by which the ● The ACM code consists of 8 general moral
members of the organization are expected to abide. imperatives, 8 specific professional
responsibilities, 6 organizational leadership
Many codes also include a commitment to continuing imperatives and 2 elements of compliance.
education for those who practice profession.
Association for Information Technology
Following a professional code of ethics can produce Professionals (AITP)
many benefits for the individual, the profession, and ● AITP started in Chicago in 1951 by a group of
society as a whole: machine accountants. They were members of a
local group called the Machine Accountants
● Ethical decision making – practitioners use a Association, which 1st evolved into the Data
common set of core values and beliefs as a Processing Management Association in 1962 and
guideline for ethical decision making. finally AITP in 1996.
● High standards of practice and ethical ● AITP provides IT-related seminars and
behavior – reminds professionals of the conferences, information on IT issues, and forums
responsibilities and duties that they may be for networking.
tempted to compromise to meet the pressures of ● It has been a leader in the development of model
day-to-day business. curricula for four-year institutions. Its mission is
● Trust and respect from the general public – to provide superior leadership and education in
enhances trust and respect for professionals and information technology, and one of its goals is to
their profession. help members make themselves more remarkable
● Evaluation benchmark – provides an evaluation within the industry.
benchmark that a professional can use as a ● The standards of conduct are considered to be
means of self-assessment. Peers of the rules that no true IT professional should violate.
professional code also use the code for
recognition or censure. Institute of Electrical and Electronics Engineers
Computer Society (IEEE-CS)
● IEEE-CS covers the fields of electrical,
PROFESSIONAL ORGANIZATIONS electronic, and information technologies and
5 of the most prominent IT- related organizations sciences. It is one of the oldest and largest IT
professional associations, founded in 1946.
1. Association for Computing Machinery (ACM) ● The IEEE-CS helps meet the information and
2. Association for Information Technology Professionals career development needs of computing
(AITP) researches and practitioners with technical
3. Institute of Electrical and Electronics Engineers journals, magazines, conferences, books and
Computer Society (IEEE-CS) online courses.
4. Project Management Institute (PMI) ● It also offers Certified Software Development
5. SysAdmin, Audit, Network, Security (SANS) Institute (CSDP) Professional program and Certified
Software Development Associate (CSDA)
Association for Computing Machinery (ACM) ● In 1993, the IEEE-CS and the ACM formed a
● Is a computing society founded in 1947 with Joint Steering Committee for the Establishment
24,000 students members and 68,000 of Software Engineering as a Profession. The
professional members n more than 100 countries. initial recommendations of the committee were
● It offers many publications and electronic forums ○ to define ethical standards
for technology workers, ○ to define the required body of knowledge
● Tech News – a comprehensive news-gathering and recommend practices in soft eng’g
service ○ to define appropriate curricula to acquire
● Queuecasts – a set of podcasts with IT experts knowledge
● eLearn – an online magazine about online
education and training ● The software engineering code of ethics
documents the ethical and professional
 responsibilities and obligations of software Vendor and Industry Association Certification
engineers.
Vendor Certifications
Project Management Institute (PMI) Cisco, IBM, Microsoft, Sun, SAP and Oracle – certified
● The Project Management Institute was established users of a manufacturer’s product
1969. Its members include project managers
○ Construction To be certified one must pass a written exam, most
○ Sales exam are presented in a multiple-choice format
○ Finance
○ Production Cisco Certified Internetwork Expert (CCIE)
○ Information System certification, also require a hands-on lab exam that
demonstrate skills and knowledge.
SysAdmin, Audit, Network, Security (SANS) Insitute
● SANS Institute provides information security Industry Association Certification
training and certification for a wide range of
individuals, such as auditors, network IT Subject-area certifications
administrators, and security managers. Subject Area Org. providing certs. Primary cert.
● SANS publishes
○ a weekly new digest (NewsBites) Auditing Information Systems Certified
Audit & Control Information
○ a weekly vulnerability digest (@Risk) Association (ISACA) Systems Auditor
○ flash security alerts (CISA)
● SANS makes available a collection of 1,200
General Institute for Certified
research documents about various topics of Certification of Computing
information security. Computing Professional (CCP)
Professionals (ICCP)
● SANS operates Internet Storm Center - a
program that monitors malicious Internet activity Security International Global Information
and provides a free early warning service to Inter Information Systems Assurance Security
Security Certification Professional
users, and work with Internet Service providers to Consortium, Inc. (ISC), Certification
thwart the malicious attackers. SANS Certified
Information System

CERTIFICATION Computer Computing Technology Certified

● Certification indicates that a professional Service Industry Association Information
technician (CompTIA) Systems CompTIA
possesses a particular set of skills, knowledge, or a
abilities in the opinion of the certifying
organization. COMMON ETHICAL ISSUES FOR IT USERS
○ can also be apply to products ● Software Piracy - Ex. When an employee copy
○ It is generally voluntary software from their work computers for use at
● Licensing applies only to people and required by home; If no one has paid for a additional license to
law use the software on the home computer, this is still
● many employers view them as a benchmark that piracy.
indicates mastery of a define set of basic ● Inappropriate Use of Computing Resources the
knowledge. use of their computer to surf the net that have
● certification is no substitute for experience doesn’t nothing to do with their job, participate in chat
guarantee that a person will perform well on the rooms, view pornographic sites, and play computer
job games.
● most IT employees are motivated to learn new ● Inappropriate Sharing of Information - an IT user
skills and provide clear recognition with a plan to who shares information with an unauthorized party;
help them continue to grow and advance in their Ex. if an IT worker saw a coworker’s payroll records
careers and then discussed them with a friend – violation of
● is another means of product vendor to generate coworkers privacy
additional revenue with little merit attached.
SUPPORTING THE ETHICAL PRACTICES OF IT USERS possible entry points to a network expands continually
● Establishing Guidelines for Use of Company as more devices are added, increasing the possibility of
Software security breaches.
● Defining and Limiting the Appropriate Use of IT
Resources Higher Computer User Expectations
● Structuring Information Systems to Protect Data
and Information Today, time means money, and the faster computer user
● Installing and Maintaining a Corporate Firewall can solve a problem, the sooner they can be productive.
As a result, computer help desks are under intense
MODULE 3 & 4 : COMPUTER AND INTERNET CRIMES pressure to respond very quickly to users’ questions.

IT SECURITY INCIDENTS: MAJOR CONCERN In addition, event though they have been warned
against doing so, some computer users share their login
The security of information technology used in business ID and password with other coworkers who have
is of utmost importance. Confidential business data and forgotten their passwords. This can enable workers to
private customer and employee information must be gain access to information systems and data for which
safeguarded, and systems must be protected against they are not authorized.
malicious acts of theft or disruption. Business
managers, IT professionals, and IT users all face a Expanding and Changing Systems Introduce New
number of ethical decisions regarding IT security. Risks
Business has moved from era of stand-alone computers,
WHY COMPUTER INCIDENTS ARE SO PREVALENT in which critical data are stores on an isolated
mainframe computer in a locked room, to an era in
In today’s computing environment of increasing which personal computers connect to networks with
complexity, higher user expectations, expanding and millions of other computers, all capable of sharing
changing systems, and increased reliance on software information.
with known vulnerabilities, it is no wonder that the
number, variety, and impact of security incidents are Businesses have moved quickly into e-commerce,
increasing dramatically. mobile computing, collaborative work group, global
business, and interorganizational information systems.
MOST COMMON SECURITY INCIDENTS Information technology has become a necessary tool for
organizations to achieve their goals.

Increased Reliance on Commercial Software with

Known Vulnerabilities

In computing, an exploit is an attack on an information

system that takes advantage of a particular system
vulnerability. Once the vulnerability is discovered,
software developers quickly create and issue a “fix”, or
patch, to eliminate the problem. Users of the system or
“2008 CSI Computer Crime and Security Survey.” application are responsible for obtaining and installing
patches, which they can usually download from the
Increasing Complexity Increases Vulnerability Web. Any delay in installing a patch exposes the user to
a security breach.
The computing environment has become enormously
complex. Networks, computers, operating systems, TYPES OF EXPLOITS
applications, Web sites, switches, routers, and gateways
are interconnected and driven by hundreds of millions Viruses
of lines of code. This environment continues to ● Computer virus has become an umbrella term
increase in complexity every day. The number of to many types of malicious code.
 ● A virus is a piece of programming code, usually enable the hacker to destroy hard drives,
disguised as something else, that causes a corrupt files, control the computer remotely,
computer to behave in an unexpected and launch attacks against other computers, steal
usually undesirable manner. passwords or Social Security numbers, and spy
● is attached to a file, so that when the infected on users by recording keystrokes and
file is opened, the virus executes transmitting them to a server operated by a
● others sit in a computer’s memory and infect third party.
files as the computer opens, modifies, or ● It can be delivered as an e-mail atachment,
creates them. downloaded from a Web site, or contracted via
● a virus is spread to other machines when a a removable media device such as a CD/DVD or
computer user opens an infected e-mail USB memory stick. (screen savers, greeting and
attachment, downloads an infected program, or card systems, and games)
visits infected Web sites. ● Another type of Trojan horse is a logic bomb,
● Macro virus have become a common and easily which executes when it is triggered by a
created form of virus. Attackers use an specific event.
application macro language to create programs ● For example, logic bombs can be triggered by a
that infect documents and templates. After an change in a particular life, by typing a specific
infected document is opened, the virus is series of keystrokes, or by a specific time or
executed and infects the user’s application date.
templates. Macros can insert unwanted words,
numbers, or phrases into documents or alter Botnets
command functions. ● A botnets is a large group of computer
controlled from one or more remote locations
Worms by hackers, without the knowledge or consent
● A worm is a harmful program that resides in of their owners.
the active memory of the computer and ● Are frequently used to distribute spam and
duplicates itself. It can propagate without malicious code.
human intervention, sending copies of ● Cutwail, a large botnet, controlled
themselves to other computers by e-mail or approximately one million active bots at a time.
Internet Relay Chat (IRC) ● In 2008, about 90 percent of spam was
● Negative impact: lost of data and programs, lost distributed by botnets, including the notorious
productivity due to workers being unable to Storm, Srizbi, and Cutwail botnets. Dealing
use their computers, additional lost with “bot” computers within an organization’s
productivity as workers attempt to recover network can be quite expensive. Average cost
data and programs, and lots of effort for IT to repair the damage is $350,000.
workers to clean up the mess and restore
everything. Distributed Denial-of-Service (DDoS) Attacks
● COST OF IMPACT OF WORMS ● A distributed denial-of-service attack (DDoS) is
one in which a malicious hacker takes over
computers on the Internet and causes them to
flood a target site with demands for data and
other small tasks. It does not involve
infiltration of the targeted system.

Rootkits
● A rootkit is a set of programs that enables its
user to gain administrator level access to a
Trojan Horses computer without the end user’s consent or
● A Trojan horse is a program in which malicious knowledge.
code is hidden inside a seemingly harmless ● Attackers can use the rootkits to execute files,
program. The program’s harmful payload can access logs, monitor users activity, and change
 the computer’s configuration. Rootkits are one IMPLEMENTING TRUSTWORTHY COMPUTING
part of a blended threat, consisting of the Trustworthy computing is a method of computing that
dropper, loader and rootkit. delivers secure, private, and reliable computing
● The dropper code gets the rootkit installation experience based on sound business practices.
started and can be activated by clicking on a
link to malicious Website in an e-mail or Ex. Microsoft has pledged to deliver on a trustworthy
opening an infected .pdf fi computing initiative designed to improve trust in its
● The dropper launches the loader program and software products
then deletes itself.
● Rootkits are designed so cleverly that it is MICROSOFT’S FOUR PILLARS OF TRUSTWORTHY
difficult to even discover if they are installed on COMPUTING
a computer.
● Here are some of the rootkit infections:
● Security ● Reliability
● The computer locks up or fails to respond to
input from the keyboard or mouse. ● Privacy ● Business Integrity
● The screen saver changes without any action
on the part of the user. RISK ASSESSMENT
● The taskbar disappears.
● Network activities function extremely slowly. Risk Assessment is the process of assessing
security-related risks to an organization’s computers
● *Reformat the disk, reinstall the OS and and networks from both internal and external threats.
applications, reconfigure the user’s settings –
but all locally held data and settings may be The goal of risk assessment is to identify which
lost. investments of time and resources will best protect the
organization from its likely and serious threats.
Spam
● E-mail spam is the abuse of e-mail systems to An asset is any hardware, software, information system,
send unsolicited e-mail to large numbers of network or database that is used by the organization to
people. achieve its business objectives.
● Most are in a form of low-cost commercial
advertising A loss event is any occurrence that has a negative
● It is also an extremely inexpensive method of impact on an asset (computer contracting a virus or
marketing used by many legitimate Web sites undergoing a distributed denial of service
organizations. attack)
● It may also be used to deliver harmful worms
or other malware. ESTABLISHING A SECURITY POLICY
● A partial solution is the use of CAPTCHA to
ensure that only humans obtain free accounts. A security policy defines an organization’s
Completely Automated Public Turing Test to requirements, as well as the control and sanctions
Tell Computers and Humans Apart software needed to meet those requirements. A security policy
generates and grades test that human can pass outlines what needs to be done but not how to do it.
but all but the most sophisticated computer
programs cannot. Ex. The National Institute of Standards and Technology
(NIST) is a nonregulatory federal agency within the US
Department of Commerce. Its Computer Security
Division develops security standards and technology
against threats to the confidentiality, integrity and
availability of information and services.
NIST SP 800 – series of documents which provides Implementing Safeguards Against Attacks by
useful definitions, policies and guidelines related to IT Malicious Insiders
security. Deletes employees account, password and login IDs

Ex. if a written policy states that password must be Conducting Periodic IT Security Audits
changed every 30 days, the use of e-mail attachments,
the use of wireless devices Security Audit is an important tool that evaluates
whether an organization has a well-considered security
A virtual private network (VPN) works by using the policy in place and if it is being followed
Internet to relay communications, it maintains privacy ● Detection - Intrusion detection system
through security procedures and tunneling protocols, ● Response
which encrypt data at the sending end and decrypt it at ● Incident Notification
the receiving end. ● Protection of Evidence and Activity Logs
● Incident Containment
EDUCATING EMPLOYEES, CONTRACTORS, AND ● Eradication
PART-TIME WORKERS ● Incident Follow-up

Employees, contractors, and part-time workers must be

educated about the importance of security so that they
will be motivated to understand and follow the security
policies.

User must understand that they are a key part of the

security system and that they have certain
responsibilities.

PREVENTIONS

Installing a Corporate Firewall

A firewall stands guard between an organization’s
internal network and the Internet, and it limits network
access based on the organization’s access policy.

Installing Prevention Systems

Intrusion prevention systems (IPS) work to prevent an
attack by blocking viruses, malformed packets, and
other threats from getting into the protected network.
Its directly besides the firewall and examines all traffic
passing through it.

Installing Antivirus Software

Antivirus software is a software that regularly scans a
computer’s memory and disk drives for viruses.
Antivirus software scans for a specific sequence of
bytes, known as a virus signature, that indicates the
presence of a specific virus.
● Norton AntiVirus from Symantec & Personal
Firewall from McAfee