Ethics in Information Technology, Fourth Edition PDF

Ethics in Information Technology, Fourth Edition Chapter 2 Ethics for IT Workers and IT Users 1 Objectives As you read this chapter, consider the following questions: ◦ What key characteristics distinguish a professional from other kinds of workers, and is an IT worker considered a professional? ◦ What factors are transforming the professional services industry? ◦ What relationships must an IT worker manage, and what key ethical issues can arise in each? ETHICS IN INFORMATION 2 TECHNOLOGY, FOURTH EDITION Objectives (cont’d.) ◦ How do codes of ethics, professional organizations, certification, and licensing affect the ethical behavior of IT professionals? ◦ What is meant by compliance, and how does it help promote the right behaviors and discourage undesirable ones? ETHICS IN INFORMATION 3 TECHNOLOGY, FOURTH EDITION IT Professionals Profession is a calling that requires: ◦ Specialized knowledge ◦ Long and intensive academic preparation “professional employee”:such as doctors, lawyers, and accountants ◦ Require advanced training and experience ◦ Must exercise discretion and judgment in their work ◦ Their work cannot be standardized. (varied in character) ◦ Contribute to society, participate in lifelong training, assist other professionals ◦ Carry special rights and responsibilities ETHICS IN INFORMATION 4 TECHNOLOGY, FOURTH EDITION Are IT Workers Professionals? Partial list of IT specialists ◦ Programmers ◦ Systems analysts ◦ Software engineers ◦ Database administrators ◦ Local area network (LAN) administrators ◦ Chief information officers (CIOs) ETHICS IN INFORMATION 5 TECHNOLOGY, FOURTH EDITION Are IT Workers Professionals? (cont’d.) Legal perspective ◦IT workers do not meet legal definition of professional ◦ Not licensed by state or federal government ◦ Not liable for malpractice ETHICS IN INFORMATION 6 TECHNOLOGY, FOURTH EDITION Professional Relationships That Must Be Managed IT workers involved in relationships 7 Relationships Between IT Workers and Employers  Relationship is critical, multifaceted relationship that requires ongoing effort by both parties to keep it strong.  IT workers and employer agree on many aspects of work relationship before workers accept job offer such as (may include job title, general performance expectations, specific work responsibilities, drug-testing requirements, dress code, location of employment, salary, work hours, and company benefits).  Other aspects of work relationship defined in company’s policy and procedure manual or code of conduct, including (include protection of company secrets; vacation policy; time off for a funeral or an illness in the family; tuition reimbursement; and use of company resources, including computers and networks.) 8 Relationships Between IT Workers and Employers  Some aspects develop over time: For example, whether the employee can leave early one day if the time is made up another day)  Some aspects are addressed by law—for example, an employee cannot be required to do anything illegal, such as falsify the results of a quality assurance test.  Some aspects are specific to the role of the IT worker and are established based on the nature of the work or project— for example, the programming language to be used, the type and amount of documentation to be produced 9 Relationships Between IT Workers and Employers Software piracy ‫قرصنة البرامج‬ – Make illegal copies of commercial software or enabling access to software to which they are not entitled – Area in which IT workers can be tempted to violate laws and policies – The Business Software Alliance (BSA) ‫تحالف برمجيات االعمال‬ is a trade group representing the world’s largest software and hardware manufacturers; mission is to stop the unauthorized copying of software – Thousands of cases prosecuted each year ETHICS IN INFORMATION 10 TECHNOLOGY, FOURTH EDITION Relationships Between IT Workers and Employers (cont’d.) ETHICS IN INFORMATION 11 TECHNOLOGY, FOURTH EDITION IT Workers and Employers (cont’d.) IT workers must set an example and enforce policies regarding the ethical use of IT in: (cont’d.)  Trade secrets  Business information generally unknown to public  Company takes actions to keep confidential  Require cost or effort to develop  Have some degree of uniqueness or novelty  can include the design of new software code, hardware designs, business plans, the design of a user interface to a computer program, and manufacturing processes.  Whistle-blowing:‫االبالغ عن المخالفات‬  Employee attracts attention to a negligent, illegal, unethical, abusive, or dangerous act that threatens the public interest 12 Relationships Between IT Workers and Clients In relationships between IT workers and clients, each party agrees to provide something of value to the other. IT worker provides: ◦ Hardware, software, or services at a certain cost and within a given time frame Client provides: ◦ Compensation ◦ Access to key contacts ◦ Work space  Relationship is usually documented in contractual terms )includes who does what, when the work begins, how long it will take, how much the client pays, and so on. ) 13 Relationships Between IT Workers and Clients (cont’d.) Ethical problems arise if a company recommends its own products and services to remedy problems they have detected  Creates a conflict of interest Problems arise during a project if IT workers are unable to provide full and accurate reporting of a project’s status  Finger pointing and heated discussions can ensue ETHICS IN INFORMATION 14 TECHNOLOGY, FOURTH EDITION Relationships Between IT Workers and Clients (cont’d.) Fraud ‫الخداع او الزييف او االحتيال‬ Crime of obtaining goods, services, or property through deception or trickery Misrepresentation ‫التحريف‬ Misstatement or incomplete statement of material fact If misrepresentation causes a party to enter into a contract, that party may have the right to cancel contract or seek reimbursement for damages ETHICS IN INFORMATION 15 TECHNOLOGY, FOURTH EDITION Relationships Between IT Workers and Clients (cont’d.) Breach of contract ◦ One party fails to meet the terms of a contract ◦ When there is material breach of contract: ◦ The non-breaching party may rescind the contract, seek restitution of any compensation paid to the breaching party, and be discharged from any further performance under the contract IT projects are joint efforts in which vendors and customers work together ◦ When there are problems, it is difficult to assign who is at fault ETHICS IN INFORMATION 16 TECHNOLOGY, FOURTH EDITION Relationships Between IT Workers and Suppliers IT workers deal with many different hardware, software, and service providers Develop good working relationships with suppliers: ◦ To encourage flow of useful information and ideas to develop innovative and cost-effective ways of using the supplier in ways that the IT worker may not have considered ◦ By dealing fairly with them ◦ By not making unreasonable demands ETHICS IN INFORMATION 17 TECHNOLOGY, FOURTH EDITION Relationships Between IT Workers and Suppliers (cont’d.) Bribery ‫الرشوة‬ ◦ Providing money, property, or favors to obtain a business advantage ◦ U.S. Foreign Corrupt Practices Act (FCPA): crime to bribe a foreign official, a foreign political party official, or a candidate for foreign political office ◦ At what point does a gift become a bribe? ◦ No gift should be hidden ◦ Perceptions of donor and recipient can differ ◦ United Nations Convention Against Corruption is a global treaty to fight bribery and corruption ETHICS IN INFORMATION 18 TECHNOLOGY, FOURTH EDITION Relationships Between IT Workers and Suppliers (cont’d.) ETHICS IN INFORMATION 19 TECHNOLOGY, FOURTH EDITION Relationships Between IT Workers and Other Professionals Professionals feel a degree of loyalty to other members of their profession Experienced professionals can also serve as mentors and help develop new members of the profession. Professionals owe each other adherence to their profession’s code of conduct Ethical problems among the IT profession ◦ Résumé inflation on 30% of U.S. job applications ◦ Inappropriate sharing of corporate information ◦ Information might be sold intentionally or shared informally with those who have no need to know 20 Relationships Between IT Workers and IT Users IT user: person using a hardware or software product IT worker who develop, install, service, and support the product. IT workers’ duties ◦ Understand users’ needs and capabilities ◦ Deliver products and services that meet those needs ◦ Establish environment that supports ethical behavior: ◦ To discourages software piracy ◦ To minimize inappropriate use of corporate computing resources ◦ To avoid inappropriate sharing of information ETHICS IN INFORMATION 21 TECHNOLOGY, FOURTH EDITION Relationships Between IT Workers and Society Society expects members of a profession: ◦ To provide significant benefits ◦ To not cause harm through their actions Actions of an IT worker can affect society Professional organizations provide codes of ethics to guide IT workers’ actions ETHICS IN INFORMATION 22 TECHNOLOGY, FOURTH EDITION Professional Codes of Ethics State the principles and core values that are essential to the work of an occupational group Most codes of ethics include: ◦ What the organization aspires to become ◦ Rules and principles by which members of the organization are expected to abide Many codes also include commitment to continuing education for those who practice the profession ETHICS IN INFORMATION 23 TECHNOLOGY, FOURTH EDITION Professional Codes of Ethics (cont’d.) Following a professional code of ethics can produce benefits for the individual, the profession, and society as a whole ◦ Ethical decision making: practitioners use a common set of core values and beliefs as a guideline for ethical decision making. ◦ High standards of practice and ethical behavior:  reminds professionals of the responsibilities and duties that they may be tempted to compromise to meet the pressures of day-to-day business  code also defines acceptable and unacceptable behaviors to guide professionals in their interactions with others.  Strong codes of ethics have procedures for censuring professionals for serious violations, with penalties that can include the loss of the right to practice. ◦ Trust and respect from general public ◦ Evaluation benchmark for self-assessment ‫التقييم الذاتى‬ ETHICS IN INFORMATION 24 TECHNOLOGY, FOURTH EDITION Professional Organizations ‫المنظمات‬ ‫المهنية‬  No universal code of ethics for IT workers  No single, formal organization of IT professionals has emerged as preeminent There is a need for professional standards of competency and conduct  Four of the most prominent organizations have developed codes of ethics include: ◦ Association for Computing Machinery (ACM) ◦ Institute of Electrical and Electronics Engineers Computer Society (IEEE-CS) ◦ Association of IT Professionals (AITP) ◦ SysAdmin, Audit, Network, Security (SANS) Institute ETHICS IN INFORMATION 25 TECHNOLOGY, FOURTH EDITION Certification  Indicates that a professional possesses a particular set of skills, knowledge, or abilities in the opinion of the certifying organization  Can also apply to products: e.g., the Wi-Fi CERTIFIED logo assures that the product has met rigorous interoperability testing to ensure that it will work with other Wi-Fi-certified products)  Generally voluntary.  certification is no substitute for experience and doesn’t guarantee that a person will perform well on the job.  IT-related certifications may or may not require adherence to a code of ethics  Most IT employees are motivated to learn new skills, and certification provides a structured way of doing so.  Employers view as benchmark of knowledge  Opinions are divided on value of certification ETHICS IN INFORMATION 26 TECHNOLOGY, FOURTH EDITION Certification (cont’d.) Vendor certifications: such as Cisco, IBM, Microsoft, SAP, and Oracle—offer certification programs for those who use their products. ◦ Some certifications substantially improve IT workers’ salaries and career prospects ◦ Relevant for narrowly defined roles or certain aspects of broader roles ◦ Require passing a written exam, most exams are presented in a multiple-choice format. ◦ A few certifications, such as the Cisco certified Internetwork Expert (CCIE) certification, also require a hands-on lab exam that demonstrates skills and knowledge. ◦ It can take years to obtain necessary experience for some certifications ◦ Training can be expensive: Courses and training material are available, but such support can be expensive. can cost $1,000 or more, and in- class formal training courses often cost more than $10,000. ETHICS IN INFORMATION 27 TECHNOLOGY, FOURTH EDITION Certification (cont’d.) Industry association certifications ◦ Require a higher level of experience and a broader perspective than vendor certifications ◦ Must sit for and pass written exam ◦ May need to pay annual renewal fee ‫دفع رسوم سنوية لضمان‬ ‫فعالية شهاداتهم‬, earn continuing education credits, and/or pass renewal test ◦ Lag in developing tests that cover new technologies ‫اعادة‬ ‫االختيار‬ ◦ Are moving from purely technical content to a broader mix of technical, business, and behavioral competencies ETHICS IN INFORMATION 28 TECHNOLOGY, FOURTH EDITION Government Licensing  License is a government-issued permission to engage in an activity or operate a business  Generally administered at the state level in the United States  Often requires that recipient pass a test  Some professionals must be licensed – doctors, lawyers, CPAs, medical and day care providers, engineers  One goal: protect public safety ‫حمايه االمن العام‬ ETHICS IN INFORMATION 29 TECHNOLOGY, FOURTH EDITION Government Licensing (cont’d.)  Case for licensing IT workers ◦ Encourages following highest standards of profession ◦ Encourages practicing a code of ethics ◦ Violators would be punished ‫يتم معاقبه المخالفين‬  Without licensing, there are no requirements for heightened care and no concept of professional malpractice ETHICS IN INFORMATION 30 TECHNOLOGY, FOURTH EDITION Government Licensing (cont’d.)  Issues associated with government licensing of IT workers ◦ There are few licensing programs for IT professionals ◦ No universally accepted core body of knowledge for any profession: outlines agreed-upon sets of skills and abilities that all licensed professionals must possess. ◦ Unclear who should manage content and administration of licensing exams ◦ No administrative body to accredit professional education programs ‫ال توجد هيئة إدارية العتماد برامج التعليم المهني‬ ◦ No administrative body to assess and ensure competence of individual workers ETHICS IN INFORMATION 31 TECHNOLOGY, FOURTH EDITION IT Professional Malpractice ‫الممارسات‬ ‫المهنية الخاطئة‬ Negligence ‫االهمال‬: not doing something that a reasonable person would do, or doing something that a reasonable person would not do Duty of care ‫ واجب الرعاية‬: obligation to protect people against any unreasonable harm or risk ◦ Reasonable person standard ◦ Reasonable professional standard A breach of the duty of care is the failure to act as a reasonable person would act. Professional malpractice: professionals who breach the duty of care are liable for injuries that their negligence causes ETHICS IN INFORMATION 32 TECHNOLOGY, FOURTH EDITION IT Users Employees’ ethical use of IT is an area of growing concern because of increased access to: ◦ Personal computers ◦ Corporate information systems and data ◦ The Internet ETHICS IN INFORMATION 33 TECHNOLOGY, FOURTH EDITION Common Ethical Issues for IT Users Software piracy ‫قرصنه البرمجيات‬ Inappropriate use of computing resources ◦Erodes productivity and wastes time ◦Could lead to lawsuits  Inappropriate sharing of information, including: ◦Every organization stores vast amounts of private or confidential data ◦ Private data (employees and customers) ◦ Confidential information (company and operations) ETHICS IN INFORMATION 34 TECHNOLOGY, FOURTH EDITION Supporting the Ethical Practices of IT Users Policies that protect against abuses: ◦ Set forth general rights and responsibilities of users ◦ Create boundaries of acceptable behavior ◦ Enable management to punish violators Policy components include: ◦ Establishing guidelines for use of company software ◦ Defining appropriate use of IT resources ◦ Structuring information systems to protect data and information ◦ Installing and maintaining a corporate firewall:  serves as a barrier between an organization’s network and the Internet; a firewall also limits access to the company’s network based on the organization’s Internet-usage policy. an effective barrier to incoming email from certain Web sites, companies, or users educes the risk of harmful computer viruses. ETHICS IN INFORMATION 35 TECHNOLOGY, FOURTH EDITION Supporting the Ethical Practices of IT Users (cont’d.) ETHICS IN INFORMATION 36 TECHNOLOGY, FOURTH EDITION ETHICS IN INFORMATION 37 TECHNOLOGY, FOURTH EDITION Compliance ‫االمتثال‬ To be in accordance with established policies, guidelines, specifications, and legislation ◦ Sarbanes-Oxley – established requirements for internal controls ◦ HIPAA – ensures security and privacy of employee healthcare data ◦ Failure to be in conformance can lead to criminal or civil penalties and also lawsuits ETHICS IN INFORMATION 38 TECHNOLOGY, FOURTH EDITION Compliance (cont’d.) Major challenge to comply with multiple government and industry regulations that are sometimes in conflict To meet this challenge: ◦ Implement software to track and record compliance actions ◦ Hire management consultants for advice and training ◦ Create Chief Compliance Officer position ETHICS IN INFORMATION 39 TECHNOLOGY, FOURTH EDITION Compliance (cont’d.) Audit committee is subset of the board of directors, with oversight for the following activities: ◦ Quality and integrity of accounting and reporting practices and controls ◦ Compliance with legal and regulatory requirements ◦ Qualifications, independence, and performance of organization’s independent auditor ◦ Performance of company’s internal audit team ETHICS IN INFORMATION 40 TECHNOLOGY, FOURTH EDITION Compliance (cont’d.) Internal audit committee responsibilities: ◦ Determine that internal systems and controls are adequate and effective ◦ Verify existence of company assets and maintain proper safeguards over their protection ◦ Measure the organization’s compliance with its own policies and procedures ◦ Insure that institutional policies and procedures, appropriate laws, and good practices are followed ◦ Evaluate adequacy and reliability of information available for management decision making ETHICS IN INFORMATION 41 TECHNOLOGY, FOURTH EDITION Summary Professionals ◦ Require advanced training and experience ◦ Must exercise discretion and judgment in their work ◦ Their work cannot be standardized From a legal standpoint, a professional: ◦ Has passed the state licensing requirements ◦ Has earned the right to practice in a state(s) IT professionals have many different relationships ◦ Each with its own ethical issues and potential problems ETHICS IN INFORMATION 42 TECHNOLOGY, FOURTH EDITION Summary (cont’d.) Professional code of ethics ◦ States the principles and core values essential to the work of an occupational group ◦ Serves as a guideline for ethical decision making ◦ Promotes high standards of practice and behavior ◦ Enhances trust and respect from the general public ◦ Provides an evaluation benchmark Licensing and certification of IT professionals ◦ Would increase the reliability and effectiveness of information systems ◦ Raises many issues ETHICS IN INFORMATION 43 TECHNOLOGY, FOURTH EDITION Summary (cont’d.) IT-related professional organizations have developed their code of ethics that: ◦ Outlines what the organization aspires to become ◦ Lists rules and principles for members ◦ Includes a commitment to continuing education for those who practice the profession Audit committee and internal audit team have a major role in ensuring that both the IT organization and IT users are in compliance with guidelines and various legal and regulatory practices ETHICS IN INFORMATION 44 TECHNOLOGY, FOURTH EDITION

Ethics in Information Technology, Fourth Edition PDF

Document Details

Tags

Related

Summary

Full Transcript