PCIT - 05

z
SOCIAL AND
PROFEESIONA
L ISSUES
 z
Improving Corporate Ethics

 A well-implemented ethics and compliance program

and a strong ethical culture can, in turn, lead to less
pressure on employees to misbehave and a
decrease in observed misconduct. It also creates an
environment in which employees are more
comfortable reporting instances of misconduct, partly
because there is less fear of potential retaliation by
management against reporters
 Improving Corporate Ethics
 Appointing a Corporate Ethics Officer - (also called a corporate
compliance officer) This individual “aligns the practices of a workplace with
the stated ethics and beliefs of that workplace, holding people accountable
to ethical standards.”

 Ethical Standards Set by Board of Directors - Board members are

expected to conduct themselves according to the highest standards for
personal and professional integrity, while setting the standard for company-
wide ethical conduct and ensuring compliance with laws and regulations.

 Establishing a Corporate Code of Ethics - A code of ethics is a

statement that highlights an organization’s key ethical issues and identifies
the values and principles that are important to the organization and its
decision making.
Intel Corporation, the world’s largest chip maker, is recognized as one
of the most ethical companies in the IT industry. It has been ranked in the
top 25 every year since the list began in 2000, and was ranked third in
2012.
 Conducting Social Audits - an organization reviews how well it is
meeting its ethical and social responsibility goals, and communicates
its new goals for the upcoming year.

 Requiring Employees to Take Ethics Training - Other

researchers have repeatedly supported the idea that people can
continue their moral development through further education.

 Including Ethical Criteria in Employee Appraisals - managers

are including ethical conduct as part of an employee’s performance
appraisal. Such as an employee’s overall contribution to moving the
business ahead, successful completion of projects and tasks, and
maintenance of good customer relations
 INCLUDING
z ETHICAL
CONSIDERATION
S IN DECISION
MAKING
Develop a Problem Statement
- You must gather and analyze facts to develop a good
problem statement. Seek information and opinions from a
variety of people to broaden your frame of reference. During
this process, you must be extremely careful not to make
assumptions about the situation. Simple situations can
sometimes turn into complex controversies because no one
takes the time to gather the facts.

Identify Alternatives
- During this stage of decision making, it is ideal to enlist the
help of others, including stakeholders, to identify several
alternative solutions to the problem. Brainstorming with others
will increase your chances of identifying a broad range of
alternatives and determining the best solution
Evaluate and Choose an Alternative
- Once a set of alternatives has been identified, the group
must evaluate them based on numerous criteria, such as
effectiveness at addressing the issue, the extent of risk
associated with each alternative, cost, and time to implement.
Philosophers have developed many approaches to ethical
decision making. Four common philosophies are:
Implement the Decision
- Once an alternative is selected, it should be implemented in
an efficient, effective, and timely manner. This is often much
easier said than done, because people tend to resist change.
In fact, the bigger the change, the greater the resistance to it.
Communication is the key to helping people accept a change.

Evaluate the Results

- After the solution to the problem has been implemented,
monitor the results to see if the desired effect was achieved,
and observe its impact on the organization and the various
stakeholders.
 You can incorporate ethical considerations into
decision making by identifying and involving the
stakeholders; weighing various laws, guidelines, and
principles—including the organization’s code of ethics
—that may apply; and considering the impact of the
decision on you, your organization, your stakeholders,
your customers and suppliers, and the environment.
z
ETHICS FOR IT
WORKERS AND
IT USERS
A profession is a calling that requires specialized
knowledge and often long and intensive academic
preparation.

The United States Code of federal regulations defines a

“professional employee” as one who is engaged in the
performance of work:

(1)They require advanced training and experience;

(2)They must exercise discretion and judgment in the course
of their work; and
(3)Their work cannot be standardized.
• •A professional is expected to contribute to society, to
participate in a lifelong training program, to keep abreast
of developments in the field, and to help develop other
professionals.
Doctors, for example, prescribe drugs, perform surgery, and
request confidential patient information while maintaining
doctor–patient confidentiality.
• From a legal standpoint, a professional has passed the
state licensing requirements and earned the right to
practice there.
• Many business workers have duties, backgrounds, and
trainings that qualify them to be classified as
professionals, including marketing analysts, financial
consultants, and IT specialists such as mobile application
developers, software engineers, systems analysts, and
network administrators.

• However, that not every IT role requires knowledge of an

advanced type in a field of science or learning usually
acquired by a prolonged course of specialized intellectual
instruction and study.
• From a legal perspective, IT workers are not recognized
as professionals because they are not licensed by the
state or federal government. As a result, IT workers are
not liable for malpractice because they do not meet the
legal definition of a professional.
Computer malpractice involves professional negligence
when providing computer-related services.
Professional relationships IT workers must manage
I. IT PROFESSIONALS AND EMPLOYERS

A trade secret is information, generally unknown to the

public, that a company has taken strong measures to keep
confidential.

Examples include the Colonel’s secret recipe of 11 herbs

and spices used to make the original KFC chicken, the
formula for Coke, and Intel’s manufacturing process for the
i7 quad core processing chip.
Whistle-blowing is an effort by an employee to attract
attention to a negligent, illegal, unethical, abusive, or
dangerous act by a company that threatens the public
interest.
 For example, an employee of a chip manufacturing
company may know that the chemical process used to make
the chips is dangerous to employees and the general public.
A conscientious employee would call the problem to
management’s attention and try to correct it by working with
appropriate resources within the company.
But what if the employee’s attempt to correct the
problem through internal channels was thwarted or ignored?
The employee might then consider becoming a
whistleblower and reporting the problem to people outside
the company, including state or federal agencies that have
jurisdiction.
II. IT PROFESSIONALS AND CLIENTS
Fraud is the crime of obtaining goods, services, or
property through deception or trickery.

To prove fraud in a court of law, prosecutors must

demonstrate the following elements:
• The wrongdoer made a false representation of material
fact.
•The wrongdoer intended to deceive the innocent party.
• The innocent party justifiably relied on the
misrepresentation.
• The innocent party was injured
 As an example of alleged fraud, consider the case
of Paul Ceglia, who in 2010 sued Facebook claiming to
own a majority of the company. Ceglia claimed that he
signed a contract with Mark Zuckerberg in 2003 to
design and develop the Web site that eventually
became Facebook.
Ceglia manufactured evidence, including purported
emails with Zuckerberg, to support his false claim to an
interest in Facebook and that Ceglia destroyed evidence
that was inconsistent with his false claim. They further
alleged that Ceglia’s emails to Zuckerberg were
manufactured to support his claims. Eventually,
Ceglia was arrested on federal mail and wire fraud
Assignment:

Search for the different types of fraud with definition.

Write it on ½ cw. Deadline will be on the next meeting.

Misrepresentation is the misstatement or incomplete

statement of a material fact. If the misrepresentation
causes the other party to enter into a contract, that party
may have the legal right to cancel the contract or seek
reimbursement for damages.

For example, if a person is selling a car and knows there

is a problem with the transmission, yet advertises it in a
perfect mechanical condition, they have committed
fraudulent misrepresentation.

Breach of contract occurs when one party fails to meet

the terms of a contract.

When IT projects go wrong because of cost overruns,

schedule slippage, lack of system functionality, and so
on, aggrieved parties might charge fraud, fraudulent
misrepresentation, and/or breach of contract.
III. IT WORKERS AND SUPPLIERS

Bribery is the act of providing money, property, or favors

to someone in business or government in order to obtain
a business advantage.
An obvious example is a software supplier sales
representative who offers money to another company’s
employee to get its business.
This type of bribe is often referred to as a kickback
or a payoff. The person who offers a bribe commits a
crime when the offer is made, and the recipient is guilty
of a crime if he or she accepts the bribe.
A former midlevel supply chain manager at Apple pled
guilty in 2011 to taking over $1 million in payments from
certain iPhone, iPad, and iPod suppliers in China,
Singapore, South Korea, and Taiwan.

The kickbacks took place over several years and were

in exchange for the employer providing confidential
information about Apple’s production plans, enabling the
suppliers to negotiate more favorable deals with Apple.

He now faces 20 years in prison on charges of money

laundering, receiving kickbacks, and wire fraud.
When it comes to distinguishing between bribes and
gifts, the perceptions of the donor and the recipient can
differ.
IV. IT Workers and Other Professionals

In relationships between IT workers, the priority is to

improve the profession through activities such as
mentoring inexperienced colleagues and
demonstrating professional loyalty.

Résumé Inflation it involves lying on a résumé by, for

example, claiming competence in an IT skill that is in
high demand or exaggerating his or her qualifications.
Yahoo! hired Scott Thompson, the president of eBay’s
PayPal electronic payments unit, as its new CEO in
January 2012.Just four months later, Thompson left the
company, due to revelations that his résumé falsely
claimed that he had earned a bachelor’s degree in
computer science.
Inappropriate sharing of corporate information IT
workers may have access to corporate databases of
private and confidential information about employees,
customers, suppliers, new product plans, promotions,
budgets, and so on. It might be sold to other
organizations or shared informally during work
conversations with others who have no need to know.
V. Relationships Between IT Workers and IT Users

Software Piracy - is the unauthorized use, copying or

distribution of copyrighted software.
Inappropriate Use of Computing Resources - the
misuse of devices that negatively impacts other people
or defames their reputation.
Inappropriate Sharing of Information – sharing of
information that can be classified as either private or
confidential to other people.
V. Relationships Between IT Workers and Society

The main challenge for IT workers is to practice the

profession in ways that cause no harm to society and
provide significant benefits.
PROFESSIONAL ORGANIZATIONS
In order to stay on top of the many new developments in
their field, IT workers need to network with others, seek out
new ideas, and continually build on their personal skills and
expertise. These organizations disseminate information
through email, periodicals, Web sites, meetings, and
conferences.
1.Association for Computing Machinery (ACM) )
2.Institute of Electrical and Electronics Engineers Computer
Society (IEEE-CS)
3.Association of Information Technology Professionals
(AITP)
4.SysAdmin, Audit, Network, Security (SANS) Institute
1. Association for Computing Machinery (ACM) ) - is a computing
society founded in 1947 with over 97,000 student and professional
members in more than 100 countries. ACM currently publishes over
50 journals and magazines and 30 newsletters.

2. Institute of Electrical and Electronics Engineers Computer Society

(IEEE-CS) – is one of the oldest and largest IT professional
associations and was founded in 1946. It helps meet the information
and career development needs of computing researchers and
practitioners with technical journals, magazines, books,
conferences, conference publications, and online courses.

3. Association of Information Technology Professionals (AITP) - started

in Chicago in 1951, with a group of machine accountants who got
together. It provides IT-related seminars and conferences,
information on IT issues, and forums for networking with other IT
workers.
IT PROFESSIONAL MALPRACTICE
Negligence has been defined as not doing something
that a reasonable person would do, or doing something
that a reasonable person would not do.
Duty of care refers to the obligation to protect people
against any unreasonable harm or risk.
A breach of the duty of care is the failure to act as a
reasonable person would act. Professionals who
breach the duty of care are liable for injuries that their
negligence causes. This liability is commonly referred to
as professional malpractice.
4. SysAdmin, Audit, Network, Security (SANS) Institute - provides
information security training and certification for a wide range of
individuals, such as auditors, network administrators, and
security managers.

CERTIFICATION

Certification indicates that a professional possesses a

particular set of skills, knowledge, or abilities, in the opinion
of the certifying organization.

Numerous companies and professional organizations offer

certifications, Many employers view them as a benchmark
that indicates mastery of a defined set of basic knowledge.
 For example, a CPA who fails to use reasonable
care, knowledge, skill, and judgment when auditing a
client’s books is liable for accounting malpractice.

There are no uniform standards against which to

compare a software engineer’s professional behavior, he
or she cannot be subject to malpractice lawsuits
Supporting the Ethical Practices of IT Users

it can set forth the general rights and responsibilities of all IT users, establish
boundaries of acceptable and unacceptable behavior, and enable management to
punish violators.

1. Establishing Guidelines for Use of Company Software

2. Defining the Appropriate Use of IT Resources
3. Structuring Information Systems to Protect Data and Information
4. Installing and Maintaining a Corporate Firewall

Compliance
Compliance means to be in accordance with established policies, guidelines,
specifications, or legislation. In the legal system, compliance usually refers to behavior
in accordance with legislation—such as the Sarbanes–Oxley Act of 2002, which
established requirements for internal controls to govern the creation and
documentation of accurate and complete financial statements , or the U.S. Health
Insurance Portability and Accountability Act of 1996 (HIPAA), which requires employers
to ensure the security and privacy of employee healthcare data.

Failure to be in compliance to specific pieces of legislation can lead to criminal or civil

penalties specified in that legislation.
z
Computer and
Internet Crime
Ransomware is malware that disables a computer or
smartphone until the victim pays a fee, or ransom.
Ransomware attacks first broke out in Russia in 2009.

The Reveton Ransomware Attacks

In August 2012, Victims across the United States reported that

while searching the Internet, their computers locked up, and
they received the following message, purportedly from the FBI:

“This operating system is locked due to the violation of the

federal laws of the United States of America! (Article 1,
Section 8, Clause 8; Article 202; Article 210 of the Criminal
Code of U.S.A. provides for a deprivation of liberty for four to
twelve years.)”
The message then accused the victim either of visiting pornography
Web sites or of distributing copyrighted content. Victims were told
they could unlock their computers and avoid prosecution by paying
a fine of $200 within 72 hours of receiving the message. The
message came replete with the official FBI logo.

Why Computer Incidents Are So Prevalent

• Increasing complexity
• higher computer user expectations
• expanding and changing systems
• increased reliance on software with known vulnerabilities
Increasing Complexity Increases Vulnerability

A cloud computing environment in which software and

data storage are services provided via the Internet (“the
cloud”); the services are run on another organization’s
computer hardware and are accessed via a Web
browser. This represents a significant change in how
data is stored, accessed, and transferred, and it raises
many security concerns.

Higher Computer User Expectations

Today, time means money, and the faster computer users can
solve a problem, the sooner they can be productive.
Expanding and Changing Systems Introduce New Risks

It is increasingly difficult to keep up with the pace of

technological change, successfully perform an ongoing
assessment of new security risks, and implement approaches
for dealing with them.

Bring Your Own Device

Bring your own device (BYOD) is a business policy that

permits, and encourages, employees to use their own mobile
devices to access company computing resources and
applications, including email, corporate databases, the
corporate intranet, and the Internet.
Increased Reliance on Commercial Software with Known Vulnerabilities

In computing, an exploit is an attack on an information system that takes advantage of a particular

system vulnerability.

Types of Exploits

Viruses - virus is a piece of programming code, usually disguised as something else, that causes a
computer to behave in an unexpected and usually undesirable manner.
Worms - Unlike a computer virus, which requires users to spread infected files to other users, a
worm is a harmful program that resides in the active memory of the computer and duplicates itself.
Trojan Horses - is a program in which malicious code is hidden inside a seemingly harmless
program. The program’s harmful payload might be designed to enable the hacker to destroy hard
drives, corrupt files, control the computer remotely, launch attacks against other computers, steal
passwords or Social Security numbers, or spy on users by recording keystrokes and transmitting
them to a server operated by a third party.
Spam - is the abuse of email systems to send unsolicited email to large numbers of people.
Distributed Denial-of-Service (DDoS) Attacks - is one in which a malicious hacker takes over
computers via the Internet and causes them to flood a target site with demands for data and other
small tasks.
Rootkits - is a set of programs that enables its user to gain administrator-level access to a computer
without the end user’s consent or knowledge.
Phishing - is the act of fraudulently using email to try to get the recipient to reveal personal data.
Spear-phishing - is a variation of phishing in which the phisher sends fraudulent emails to
a certain organization’s employees.
Smishing - is another variation of phishing that involves the use of Short Message Service
(SMS) texting.
Vishing - s similar to smishing except that the victims receive a voice mail telling them to
call a phone number or access a Web site.