Ethical Issues in Systems Analysis & Software Engineering PDF

# Ethical Issues in Systems Analysis & Software Engineering ## Chapter 4 - Topic 1 ### Course Learning Outcomes - **CLO 2:** Recognize different professional codes of ethics to address the social, moral and ethical, legal, security and social issues in computing technology. (Values, autonomy, and responsibility - **CLO 4:** Analyze the ethical, social and security implications of the design, deployment and application stages of technological artifacts ## Systems Analysis & Design Information technology has made a huge transformation in life. It isn't the technology itself that increases productivity and profits; however, it is the people who develop information/software systems solutions that make these benefits possible. The key to successful development is thorough systems analysis and design to understand what the business requires from the information systems. ## Who is Systems Analyst? An IT professional who uses analysis and design techniques to solve business problems by using information technology. A systems analyst needs broad knowledge and a variety of: - Technical Knowledge and Skills - Business Knowledge and Skills - People Knowledge and Skills to develop information systems. Systems analysis and design work is done by people with a variety of job titles—not only systems analyst but programmer analyst, systems consultant, systems engineer, and Web developer, among others. ### Key Responsibilities - Identify and analyze business requirements. - Design and propose technical solutions to address business needs. - Act as a liaison between business stakeholders and the technical team. - Conduct feasibility studies to evaluate system requirements. - Ensure the system design aligns with organizational objectives. ## Who is Business Analyst? ### Key Responsibilities: - Gather and document business requirements from stakeholders. - Develop functional specifications for the technical team. - Evaluate the impact of proposed changes on business processes. - Facilitate communication between business users and developers. - Assess the value and feasibility of proposed solutions. ## Who is Software Engineer? A software engineer is a person who applies the principles of software engineering to the design, development, testing, maintenance, and evaluation of the software that make computers or other devices containing software work. Both professions are heavy technological positions, they are quite different and require different skill sets. If both were to work together, the software engineer would design and code an application while the system analyst would design and build the entire system to run the application. ### Key Responsibilities: - Design, develop, and maintain software systems. - Write efficient and scalable code to meet functional and non-functional requirements. - Apply principles of software engineering to solve technical challenges. - Ensure system security, performance, and reliability. - Collaborate with testers and analysts to refine designs. ## Who is Software Tester? ### Key Responsibilities: - Validate that the software meets specified requirements. - Design and execute test plans, cases, and scripts. - Identify, document, and track software defects. - Perform different types of testing (e.g., functional, performance, security). - Collaborate with developers to ensure defects are resolved. ## Ethical Issues in Systems Analysis /Software Engineering With the influence of computers on our life and the role of software in all the systems, software professionals have the power to do good or bad to the society. The ethical problems faced by the system analyst or software engineer involve: the end product, the process of developing that product, and the human interactions in the development of the product. A diagram shows a Software Professional in the middle. Surrounding them are boxes with: - Society / Public - Colleagues - Self - Client - Profession - Employer - Product **Fig. 1 Obligations of a Software Professional** ## Ethical Behaviour in a Professional Setting The term ethical behaviour refers to how an individual or an organization ensures that all its decisions, actions, and stakeholder interactions conform to the individual's or organization's moral and professional principles. These principles should support all applicable laws and regulations and are the foundation for the individual's or organization's culture and values. They define right from wrong. ## Technical & Ethical Issues in Systems Analysis /Software Engineering For example, if a project is running late, the project manager might be tempted to cut short the requirements definition phase, hoping to make up for some lost time. In order to get the product out the door, developers base their testing not on the requirements, but on developer descriptions of how their code will work. The team then delivers the result to the customer with possibly catastrophic consequences, such as an unusable product, contract cancellation, or lawsuits. If a person who should know better makes wrong decisions, and if personal interests motivated those decisions, the behaviour becomes unethical. ## Technical & Ethical Issues with System Analyst/ Software Engineer ### Misrepresentation of Requirements in Software Specification: Failing to fully capture or accurately represent user requirements to meet deadlines or reduce costs. Leads to systems that fail to meet user needs, causing dissatisfaction and potential financial loss. ### Software Design: When designing software, the actual knowledge of how something works often comes from domain experts (e.g., a car -brakes engineer who knows how brakes should function). However, these experts usually don't create the software themselves. Instead, they pass their knowledge and requirements to a software engineer, who is skilled in programming but may lack a deep understanding of the specific domain. If the software engineer misunderstands or misinterprets the domain expert's requirements, the system may not function as intended. ### Extreme Pressure to Skip Critical Steps(Cutting corners): Extreme pressure that software companies feel to reduce the time to market for their products while compromising on the known bugs which are not being addressed at the right time. - Skipping essential SDLC steps e.g., detailed requirements gathering or validation/proper testing or documentation to meet tight deadlines. - Writing substandard code to save time or meet deadlines. Poor-quality code compromises system quality, leads to unreliable or unsafe software and increases maintenance costs. It can lead to system failures, security vulnerabilities, or harm to users. - Resources and time needed to ensure quality are often cut under the pressure to ship a new product. ## Changes in software: With changing software, it is not meant replacing a failed component by another working component. Software maintenance refers to changes in the software design that are either intended to correct a fault or are in response to a change in the specification because the software does not perform as the user wishes. This is entirely different from the replacement of an item of failed hardware, which merely recovers the original system functionality. ## The Cost of Removing Software Defects A graph shows the cost of removing software defects increasing exponentially from the investigation phase to the operation phase. The removal of a software fault represents a change to the design of the system. There are many recorded examples of so-called small changes, that supposedly just fixing defects, but caused serious reductions in reliability. ## Scenario No.1 : System Modification A computer company wrote a very complex system for an anti-ballistic missile. The system is being used successfully to shoot down incoming missiles in a current military action. The military determines that the anti-ballistic missile would protect them more effectively if it shot down incoming missiles while they were further away. They ask the computer company to make immediate modifications to the system and deliver it within a week. The software engineering department decides to do the work. **Do you think the it is a realistic approach to make changes in a short period of time?** ## Technical & Ethical Issues with System Analyst/ Software Engineer ## Insufficient and Incompetent Staff - Inadequate or no project management methodology - Bad planning and estimating - Insufficient senior staff on the team The software defects in certain systems can have deadly consequences. The stakes involved in creating quality software are raised to the highest possible level. The ethical decisions involving a trade off between quality and such factors as cost, ease of use and time to market require extremely serious examination. ## Use of unauthorized software - Using open-source code in their own code without properly crediting the source - Using illegal software to perform their tasks. - Difficult to maintain the software because of the use of illegal software - Violates intellectual property laws and undermines professional ethics. ## Conflicts of Interest: Recommending solutions that benefit personal interests or a third party, rather than the organization. Undermines the integrity of the systems analyst and the decision-making process. ## Handling User Data: Collecting, storing, or using user data without consent or for unintended purposes. Violates privacy rights and legal regulations. ## Confidentiality Breaches: Handling sensitive organizational data, such as trade secrets, customer information, or employee details, without adequate safeguards. Unauthorized disclosure can compromise the public welfare, lead to privacy violations, legal penalties, and reputational damage. ## Security and Privacy: Failing to implement adequate security measures to protect user data. - Leads to data breaches, unauthorized access, and loss of sensitive information. ## Bias in Decision-Making: Prioritizing certain stakeholders' needs over others due to personal biases or external pressures. - Results in biased solutions and weakens trust in the system's fairness. ## Red Lies/Over-Promising and Under-Delivering: Overpromising/Red Lies to stakeholders or committing to unrealistic project goals or deadlines under pressure from management or clients. Red Lies occur during meetings with clients or management, when representatives make statements about a product or project that are known to be untrue—such as stating that a project's delivery is on schedule to our customers, when the team already knows they cannot deliver on time. Creates mistrust among stakeholders, damages professional credibility and lead to financial ... ## Inadequate Risk Management: Ignoring or underestimating potential risks (e.g., data breaches, system downtime, or compliance violations). Exposes organizations and users to significant harm, financial loss, or legal consequences. ## Sweep it under the rug: "Sweep it under the rug" syndrome occurs when unforeseen issues arise that could potentially damage a project or company but, to keep things running smoothly, management and/or staff ignore the issues in the hope they will vanish. ## Cancelled Vacation Syndrome: Cancelled vacation syndrome arises when managers pressure staff members at the last minute to cancel planned trips or otherwise sacrifice their personal time and possibly money through, for example, non refundable trip reservations to meet a short-term deadline ## Accessibility and Inclusivity: Designing systems that are not accessible to people with disabilities or diverse needs. - Excludes certain user groups and fails to promote equal access to technology. ## Environmental Impact: Ignoring the environmental consequences of software decisions, such as energy-intensive algorithms or inefficient resource usage. - Contributes to unsustainable practices and environmental harm. ## Whistleblower Situations: Discovering unethical practices in the development (biased algorithms) or testing process but fearing retaliation for reporting them. - Leads to unfair outcomes, discrimination, or harm to certain user groups. - Creates a conflict between professional ethics and job security. ## Reporting Bugs: Failing to report all identified defects, especially critical ones, due to time constraints or pressure to meet deadlines. - Failure to report all bugs can lead to unreliable systems, risking user safety and satisfaction. ## Biased Testing: Conducting selective testing or manipulating test outcomes to favour specific stakeholders or meet expectations. - Leads to incomplete testing and a false sense of system reliability. ## Security and Privacy Concerns: Ignoring or inadequately testing for security vulnerabilities or mishandling sensitive user data during testing. - Exposes users and organizations to potential cyberattacks, data breaches, or financial loss. ## Misrepresentating or Falsifying Test Results: Altering or fabricating test reports to show that the system meets requirements when it does not. - Misleads stakeholders and damages trust, potentially leading to severe consequences. ## Inadequate Test Coverage: Skipping essential testing phases or scenarios due to lack of resources, time, or managerial pressure. - Results in systems being released without thorough validation, increasing the risk of failure. ## Automation Limitations: Over-relying on automated testing tools without considering their limitations or biases. - Can lead to missed defects or overlooked issues that manual testing might have detected. ## How to avoid such problems? ### Using Software Development Methodology Standard work process enables controlled progress while developing high-quality software. Use of an effective methodology protects software manufacturers from legal liability - Reduces the number of software errors. - If an organization follows widely accepted development methods, negligence on its part is harder to prove. ### Quality assurance (QA): QA Methods within the development cycle are designed to guarantee reliable operation of a product. ## Development of Safety-Critical Systems Systems whose failure may cause injury or death are called Safety Critical systems. Safe operation relies on the flawless performance of software. Examples: control automobiles' antilock brakes, nuclear power plant reactors, airplane navigation, elevators, and numerous medical devices (MRI, CT Scan etc). While developing a safety critical system, Software Development Process is strongly adhered to tasks which require: 1. Rigorous and time-consuming development process 2. More thorough documentation 3. Vigilant checking and rechecking Software developers must work closely with safety and systems engineer to ensure safety of the entire system. - **System safety engineer:** Uses a logging and monitoring system to track hazards from a project's start to its finish. - **Hazard log:** Used to assess how detected hazards have been accounted for. - **Testing:** To decide the level of sufficient testing i.e. to decide how much testing is required when a product is built whose failure could cause loss of human life. ## Risk Analysis: When designing, building, and operating a safety-critical system a formal risk analysis is to be conducted. The quality control should conduct a formal risk analysis to consider what can go wrong, the likelihood and consequences of such occurrences and how risk can be averted, mitigated or detected so that the users are warned. ## Scenario No.2: Professional Judgement A computer company is working on an experimental fighter. A quality control software engineer suspects that the flight control software is not sufficiently tested, although it has (finally) passed all its contracted test suites. She is being pressured by her employers to sign off on the software. Her employers say they will go out of business if they do not deliver the software on time. She signs off. **How will you judge her action?** ## Development of Safety-Critical Systems ## Redundancy: The software should provide multiple interchangeable software components to perform a single function in order to cope with failures and errors. ## N-version programming: The approach to minimizing the impact of software errors by independently implementing the same set of user requirements N times. - The different versions of the software are run in parallel, and if the outputs of the different software vary, a "voting algorithm" is executed to determine which result to use. - Multiple software versions are unlikely to fail at the same time under the same conditions. Consequences of failure can be mitigated by devising emergency procedures and evacuation plans ## Following Integrity and Ethics Integrity and ethical behavior are crucial to the success of the analyst. Students in IT often underestimate the importance of personal integrity and ethics. A SA or SE is required to keep: - Confidentiality of the employees' data in an organization. - Confidentiality of corporate information. Analysts or Engineers are expected to uphold the highest ethical standards when it comes to private proprietary information - whether the analysts are employees or outside consultants. Ethics and integrity also include: - follow-through on commitments, - Dealing directly with mistakes and gaps in relevant knowledge and skills and practicing open and honest communication. - Because an analyst is a pivotal member of the development team, his or her lack of follow-through or task completion can cause problems that reverberate throughout the project. - An analyst must take honest stock of his strengths, weaknesses, and performance as well as ask for needed help and resources and be ready to provide the same to others. ## Sources of Ethical Guidance There are a few sources of ethical guidance available. Using deontological approach to professional ethics. The potential sources of rules to professional guidance are: - **Professional bodies:** which promotes codes of practice and conduct among its members. - **Information systems methodologies:** Can provide a framework for systems Analyst which can be used to ensure thoroughness and completeness of IT projects. The methodologies can be extended to analyze ethical issues of IT project. ## Chapter 4 - Topic 2 # Ethical Issues in Systems Analysis & Software Engineering ## Ethical and Security Issues with IT System Administrators ### Course Learning Outcomes - **CLO 2:** Recognize different professional codes of ethics to address the social, moral and ethical, legal, security and social issues in computing technology. (Values, autonomy, and responsibility - **CLO 4:** Analyze the ethical, social and security implications of the design, deployment and application stages of technological artifacts. ## Topics - Role of a System Administrator - Ethical Issues for a System Administrator - Code of Ethics by LOPSA ## IT System Administrator The person who is responsible for setting up and maintaining the system or server is called as the system administrator. The system administrator is responsible for following things: - User administration (setup and maintaining account) - Monitor system performance - Install software and update systems. - Monitor network communication - Setup and implement security policies including backup and recover policies for users. A sysadmin must have a strong grasp of computer security (e.g. firewalls and intrusion detection systems) - Responsible for Password and identity management. - Manage cloud infrastructure. ## What is so special about System Administrator's account? SA and other privileged user access to confidential information: - databases - usernames/passwords - e-mail They have an unrestricted access to the root account of the network system, so he can do anything with the system. For example, root can remove critical system files. ## IT System Administrator Network and system administrators are professionals who are actively involved in preventing cybercrimes and who are also rarely recognized as denizens and protectors of the digital world. These people are actively involved in: - Preventing information theft from their company databases and computers. - Trying to maintain their employers' digital reputation and prevent possible financial losses. ## Ethical Issues System/Network Administration has a great deal of responsibility, whether the company's management realizes it or not. They have access to nearly every piece of data on the company network, in the servers, Cloud, hosted, or physical. They have access to information about the usage patterns of every user on the network. They can see what information every user is gaining access to. The power can be abused either deliberately or inadvertently which can result in serious problems. **Ethics are one of the most essential issues for system and network administrators.** ## Ethical Issues with System Administrators ### Confidentiality Breaches: Handling sensitive organizational data, such as trade secrets, customer information, or employee details, without adequate safeguards. Unauthorized disclosure can compromise the public welfare, lead to privacy violations, legal penalties, and reputational damage. ### Security and Privacy: Failing to implement adequate security measures to protect user data. - Leads to data breaches, unauthorized access, and loss of sensitive information. ### Invasion of Privacy One of the tasks a company could assign a network administrator could be looking at the browser activities and emails of employees to enforce company Internet usage policies. In this case, the network administrator could feel that it is unethical to invade employees' privacy in this way. However, if the company's employment contract states that the company could review their Internet activities, then the employees were forewarned not to do anything private on their company computers or company email accounts. ### Equality in Reporting Another ethical issue a network administrator could encounter in the process of reviewing employee browsing and email usage involves deciding what infractions to report. In other words, should the administrator report every single infraction, no matter how small, or should he only report serious infractions? In this case, the administrator may use his own values to determine what constitutes a "serious" infraction, and these values would also decide which employees will be let off and which ones could face disciplinary action. ### Sensitive Information A network administrator must know everything about his employer's technology infrastructure. This can include proprietary technologies and business practices. If a network administrator begins a new job at a different company, he could find himself in a situation where he could use knowledge from his previous employment for gain at his new job. In this case, the network administrator has to look for ethical, as well as legal, guidance to any non-disclosure agreements he may have signed at his old company. ### Whistle Blower Situations In this course of a network administrator's job with unlimited access to any file on the company's servers, he may come across information that implicates his company in activities that are either unethical or strictly illegal. In this case, the network administrator may find himself torn between reporting his employer and his own job security. The employee needs to balance whether the activity is strictly illegal or simply unethical, with the constraints of any non-disclosure agreements he may have signed before going forward to report her employer. ### Compromising the Security If a client asks a SA to save money by cutting out some of the security measures that he has recommended, yet his analysis of the client's security needs show that sensitive information will be at risk if he do so? Should he go ahead and configure the network in a less secure manner even if he try to explain this risk factors to the client? ### Consultation fees The proliferation of network attacks, hacks, viruses, and other threats to their IT infrastructures have caused many companies to "be afraid." As a security consultant, it may be very easy to play on that fear to convince companies to spend far more money than they really need to. ### The slippery slope This pertains to the ease with which a person can go from doing something that doesn't really seem unethical, such as scanning employees' e-mail "just for fun," to doing things that are increasingly unethical, such as making little changes in their mail messages or diverting messages to the wrong recipient. For example, the information you gained from reading someone's e-mail could be used to embarrass that person, to gain a political advantage within the company, to get him disciplined or fired, or even for blackmail. ## Ethical Policies One basic widespread approach to making use of ethics policies is to utilize informed consent. When applied to system and network administration, informed consent implies: - People should know the rules under which they are living. - Users need to know how the system will operate in various situations. ## Code of Ethics by LOPSA In the early 2000s, an organization called "The League of Professional System Administrators" - LOPSA (www.lopsa.org) announced a Code of Ethics. It begins, "We as professional System Administrators do hereby commit ourselves to the highest standards of ethical and professional conduct and agree to be guided by this Code of Ethics and encourage every System Administrator to do the same." The Code deals with professionalism, personal integrity, privacy, laws and policies, communication, system integrity, education, responsibility to the computing community, social responsibility, and ethical responsibility. - Professionalism - Personal Integrity - Privacy - Laws and Policies - Communication - System Integrity - Education - Responsibility to Computing Community - Social Responsibility - Ethical Responsibility **https://lopsa.org/CodeofEthics** ## User Code of Conduct Each organization needs guidelines for the acceptable uses of the organization's computing systems. - Under what circumstances is personal use of the organization's equipment/software permitted? - What types of personal use are forbidden? - What websites are restricted from browsing? - How do the rules change if you are using the equipment from home? - What are defined as harassing communications? ## Privileged Access Code of Conduct Some users need privileged access to do their jobs. For example, some users may need to install their own software, access and update information in particular databases, and publish webpages. A code of conduct is very likely to need to address the following issues. - Require the user to acknowledge that their privileged access comes with a responsibility to use it properly. - Limitations about the type of work that can be done with these elevated privileges. The company should acknowledge that mistakes happen and addresses approaches to ensure that minimal damage results from mistakes. - Backups - Retain software sources ## Building a Security Culture Essentially, information security is not comprised only of technological superiority but should be treated as a culture within organizations and its employees. All employees should be security conscious at all times, and thus assist their security departments in preventing hacking attempts. System administrators have the knowledge and the authority to monitor any and every activity for any user in their domain, thus it becomes extremely important for them to adhere to a code of ethics.

Ethical Issues in Systems Analysis & Software Engineering PDF

Document Details

Tags

Related

Summary

Full Transcript