Chapter 1
An Overview of Ethics
Chapter 1 - Objectives
• To understand ethics and why its important in ways that are consistent with a code of principles.
• Understand why business ethics are becoming increasingly important.
• Identify what actions corporations are taking to reduce business ethics risks.
• Understand why corporations are interested in fostering good business ethics.
• Identify different approaches to ethical decision making.
• Discuss the risk of negative impact due to the unethical use of information technology.
Ethics Defined
Moral codes are the rules that establish the boundaries of generally accepted behavior.
Morality refers to social conventions about right and wrong human conduct.
Ethics are beliefs regarding right and wrong behavior.
Ethics Defined
Virtues are habits that incline us to do what is acceptable.
Vices are habits that incline us to do what is unacceptable.
Value System is the complex scheme of moral values that we choose to live by.
The Importance of Integrity
Integrity is used to refer to people who act in ways that are consistent with their own code of principles.
You often reflect on your principles when you consider what you “ought” to do in different situations.
Ethics in the Business World
Globalization of organizations have created a complex business world.
Risk is the likelihood of a negative event times the impact of the event.
Why Business Ethics are Important
• Protect the organization and its employees from legal action.
• Create an organization that operates consistently.
• Produce good business.
• Avoid unfavorable publicity.
• Gain the goodwill of the community.
• Legal Overview
• Bribes involve providing money, property, favors, or anything else of value to someone in business or government in order to obtain a business advantage.
• Gifts are made openly and publicly as a gesture of friendship or goodwill with no expectation of a future favor for the donor.
Improving Corporate Ethics
• Appoint a corporate ethics officer.
• Ethical standards should be set by a board of directors.
• Establish a corporate code of conduct.
• Conduct social audits.
• Require employees to take ethics training.
• Include ethical criteria in employee appraisal/reward systems.
Code of Conduct
A guide that highlights an organization’s key ethical issues and identifies the overarching values and principles that are important to the organization and that can help in decision making.
The code of conduct helps ensure that employees:
• Abide by the law.
• Follow necessary regulations.
• Behave in an ethical manner.
• Ethical Decision Making
• Get the facts.
• Identify the stakeholders and their positions.
• Consider the consequences of your decision.
• Weigh various guidelines and principles (Virtue, Utilitarian, Fairness, Common Good).
• Develop and evaluate options.
• Review your decision.
• Evaluate the results of your decision.
Four Common Approaches Used in Ethical Decision-Making
• Ethics in Information Technology
• The increased use of information technology has raised many ethical issues for today’s IT professional.
• Licensing of IT professionals
• Internet communication
• Intellectual property
• Employee/employer issues
Summary
• Ethics are beliefs regarding right and wrong behavior.
• Business ethics are becoming increasingly important because the risks associated with inappropriate behavior have grown.
• Corporations are interested in fostering good business ethics:
• Protect the company and employees from legal action.
• Create an organization that operates consistently.
• To produce good business.
• To avoid negative publicity.
• To gain the good will of the community.
Summary
• Ethical decision making process:
• Get the facts
• Identify shareholders and their positions
• Consider the consequences
• Weigh guidelines and principles
• Develop and evaluate options
• Review your decision
• Evaluate the results of your decision
• The growth of use in IT has also increased the risk of unethical uses of IT.
Case 1
Missing White House E-mail
E-mail problems in the Clinton White House became public in February 2000 through a $90 million class-action suite filed by Judicial Watch, a conservative group that had dogged the Clinton administration with a number of lawsuits since 1994.
Case 2
McKesson HBOC Accused of Accounting Improprieties
HBOC delivered cost effective patient information and hospital data collection systems. Accounting irregularities and questionable business practices resulted in a loss in stock prices and many other legal problems.
Chapter 2
Ethics for IT Professionals and IT Users
Chapter 2 - Objectives
• Identify the key characteristics that distinguish a professional from other kinds of workers.
• Understand various professional relationships and associated key ethical issues.
• Discuss how codes of ethics, professional organizations, and certifications and licensing affect the ethical behavior of IT professionals.
• Identify the key tenets of 4 different codes of ethics that provide guidance for IT professionals.
• Identify the common ethical issues that face IT users.
• Discuss approaches for supporting the ethical practices of IT users.
• IT Professionals
• Profession is a calling requiring specialized knowledge and often long intensive academic preparation.
• US Code of Federal Regulations defines a professional as someone who meets one of these criteria:
• Duties require advanced studies in a recognized field.
• One’s instruction, study, or work is original and creative.
• Job requires consistent exercise of discretion and judgment.
• Job is predominately intellectual and varied in character.
Information Technology Professionals
Many workers in the IT industry are considered to be professionals. A partial list includes:
• Programmers/Analysts
• Software engineers
• Database administrators
• Network administrators
• Chief information officers
Professional Relationships
IT professionals become involved in many different types of relationships.
• Professional-employer
• Professional-client
• Professional-supplier
• Professional-professional
• Professional-IT user
• Professional-society
• Stewards of IT Resources
IT professionals must set the example and enforce the policies that promote ethical use of IT resources.
Software piracy is the act of illegally making copies of software.
Trade secret is a piece of information that is generally not known to the public that is held confidential.
Whistle-blowing
Whistle-blowing is an effort by an employee of a company to attract the attention of others to a negligent, illegal, unethical, abusive, or dangerous act by the company that threatens the public.
IT Professional-Employer
The relationship between a professional and an employer requires ongoing efforts by both parties to keep it strong.
Professionals and employers discuss many job aspects before employment begins.
IT Professional-Client
In this relationship, the professional and client each agree to provide something of value to each other.
The IT professional usually provides a hardware or software product and the client provides compensation.
IT Professional-Supplier
IT professionals may have many different relationships with many software, hardware, and service providers.
The IT professional must be on guard to keep the relationships honest and business related.
IT Professional-Professional
Professionals feel a degree of loyalty to other members in the profession.
Professionals help support each other publicly.
Professionals owe one another an adherence to the professions code of conduct.
IT Professional-IT User
An IT user is a person for whom the hardware or software is designed.
Professionals have a duty to understand the needs and capabilities of users.
Professionals have a responsibility to deliver their product or service on time and within budget.
IT Professional-Society
IT professionals develop and support systems that interact with the world around them.
The public expects that the members of the IT profession will practice the profession in a way that will not bring harm to society.
Codes of Ethics
A professional code of ethics state the principles and core values essential to the work of a particular occupational group.
Code of conduct has two main parts:
Aspirations of the organization
Rules and/or principles
Benefits of a Code of Ethics
• Improves ethical decision-making.
• Promotes high standards of practice and ethical behavior.
• Enhances trust and respect from the general public.
• Provides an evaluation benchmark.
• Codes of Conduct
• Association for Computing Machinery (ACM)
• Association of Information Technology Professionals (AITP)
• Computer Society of the Institute of Electrical and Electronics Engineers (IEEE-CS)
Certification & Licensing
Certification is a process administered by a profession or organization that one undertakes voluntarily to prove competency in a set of skills.
Licensing is a process generally administered by the state that professionals must undertake to prove that they can practice their profession in a way that is ethical and safe to the public.
Issues Associated with Licensing IT Professionals
• No universally accepted core body of knowledge.
• It is unclear who should manage the content and administration of licensing exams.
• No body to do accreditation of professional education programs.
• No body to assess and assure competence of individual professionals.
Current IT Certifications
• Institute for Certification of Computing Professionals (ICCP)
• Associate Computing Professional (ACP)
• Certified Computing Professional (CCP)
• American Society for Quality Control (ASQC)
Legal Overview
Negligence is the omission to do something which a reasonable person would do, or something which a prudent and reasonable person would not do.
Duty of care refers to the obligation that we not cause any unreasonable harm to others.
Professional malpractice is when a professional breaches duty of care - commonly referred to as liability.
IT Users
Common IT users ethical issues:
• Software piracy.
• Inappropriate use of computing resources.
• Inappropriate sharing of information.
Supporting Ethical Practices of IT Users
• Define and limit the appropriate use of IT resources.
• Establish guidelines for the use of company software.
• Structure information systems to protect data and information.
• Install and maintain a corporate firewall.
Summary
A professional is someone:
who requires advanced training and experience.
who exercises discretion and judgment during work.
whose work cannot be standardized.
IT professionals have many different relationships that have different ethical issues.
Summary
• A professional code of ethics states the principles and core values essential to the work of a particular occupational group.
• Licensing and certification of IT professionals would increase the reliability and effectiveness of information systems.
Summary
• IT users encounter many ethical issues, including:
• Software piracy.
• Inappropriate use of IT resources.
• Inappropriate sharing of private and secret data.
• An IT usage policy helps users understand how to appropriately use IT resources.
Case 1
Online Brokers
Experience Problems
The office of Compliance Inspections and Examinations of the Securities and Exchange Commission released a report calling for brokerage and security dealers to evaluate their online trading programs.
Case 2
General Policy on the Use of IT
An overview of the IT usage policy at the University of Cincinnati
Guiding principles
Applicable laws and regulations
Resource limits
Privacy
Access
Security
Plagiarism and copyright
Enforcement
Chapter 3
Computer and Internet Crime
Chapter 3 - Objectives
• Discuss key trade-offs and ethical issues associated with safeguarding of data and information systems.
• Identify reasons for the increase in the number of Internet-related security incidents.
• Describe the most common types of computer security attacks.
• Outline the characteristics of common perpetrators including their objectives, available resources, willingness to accept risk, and frequency of attack.
• Describe a multi-level process for managing Internet vulnerabilities based on the concept of reasonable assurance.
• Outline the actions that must be taken in response to a security incident.
• IT Security Incidents
• Increased Internet Security Incidents
• Increasing complexity increases vulnerability.
• Higher computer user error and access to information.
• Expanding and changing environment introduces new risks.
• Increased reliance on commercial software with known vulnerabilities.
Types of Internet Attacks
• Virus
• Worm
• Trojan Horse
• Denial-of-Service Attacks
Virus
The term computer virus is an umbrella term used for many types of malicious code.
A virus is usually a piece of programming code that causes some unexpected and usually undesirable event.
Most viruses deliver a payload or malicious act.
Viruses may execute and effect your computer in many different ways.
Replicate themselves
Reside in memory and infect other files
Modify and/or create new files
Most common viruses are macro viruses. These viruses use an application language such as VBScript to infect and replicate documents and templates.
Worm
A worm is a type of computer virus that adds its viral body to its target and requires that the user actively pass the infected file to another user.
Worms are also harmful and they differ from standard viruses in that they have the ability to self-propagate without human intervention.
Trojan Horse
A Trojan horse is a program that gets secretly installed on a computer, planting a harmful payload that can allow the hacker to do such things as steal passwords or spy on users by recording keystrokes and transmitting them to a third party.
Trojan Horse – Logic Bomb
A logic bomb is a type of Trojan horse that executes when a specific condition occurs.
Logic bombs can be triggered by a change in a particular file, typing a specific series of key strokes, or by a specific time or date.
Denial-of-Service Attack
A denial-of-service attack is one in which a malicious hacker takes over computers on the Internet and causes them to flood a target site with demands for data and other tasks.
Denial of service does not involve a computer break-in; it simply keeps the target machine so busy responding to the automated requests that legitimate users cannot get work done.
Denial-of-Service Attack
Zombies are computers that send these requests.
Spoofing is the practice of putting a false return address on a data packet.
Filtering is the process of preventing packets with false IP addresses from being passed on.
Classification of Perpetrators of Computer Crime
Hacker
A hacker is an individual who tests the limitations of systems out of intellectual curiosity.
Unfortunately, much of what hackers (and crackers) do is illegal.
Breaking into networks and systems.
Defacing web pages.
Crashing computers.
Spreading harmful programs or hate messages.
Hacker
Crackers are hackers who break code.
Malicious insiders are a security concern for companies. Insiders may be employees, consultants, or contractors. They have knowledge of internal systems and know where the weak points are.
Forms of Computer Criminals
Malicious insiders are the number one security concern for companies.
Industrial spies use illegal means to obtain trade secrets from the competitors of firms for which they are hired.
Cybercriminals are criminals who hack into computers and steal money.
Cyberterrorists are people who intimidate or coerce a government to advance their political or social objectives by launching attacks against computers and networks.
Legal Overview
Fraud is obtaining title to property through deception or trickery.
To prove fraud four elements must be shown:
The wrongdoer made a false representation of the material fact.
The wrongdoer intended to deceive the innocent party.
The innocent party justifiably relied on the misrepresentation.
The innocent party was injured.
Reducing Internet Vulnerabilities
Risk assessment is an organization’s review of the potential threats to its computer and network and the probability of those threats occurring.
Establish a security policy that defines the security requirements of an organization and describes the controls and sanctions to be used to meet those requirements.
Educate employees, contractors, and part-time workers in the importance of security so that they will be motivated to understand and follow security policy.
Prevention
Install a corporate firewall.
Install anti-virus software on personal computers.
Implement safeguards against attacks by malicious insiders.
Address the ten most critical Internet security threats.
Verify backup processes for critical software and databases.
Conduct periodic IT security audits.
Detection
Intrusion detection systems monitor system and network resources and activities and, using information gathered from theses sources, they notify authorities when they identify a possible intrusion.
Honeypot is a computer on your network that contains no data or applications critical to the company but has enough interesting data to lure intruders so that they can be observed in action.
Response
Incident notification is the plan and process used to notify company individuals when a computer attack has happened. In addition, your company should be prepared to:
Protect evidence and activity logs
Incident containment
Incident eradication
Incident follow-up
Summary
• Business managers, IT professionals, and IT users all face a number of ethical decisions regarding IT security.
• The increased complexity of the computing environment has led to an increase in the number of security related issues.
Summary
• Common computer attacks include viruses, worms, Trojan horses, and denial-of-service attacks.
• Computer hackers include general hackers, crackers, and malicious insiders.
Summary
• A strong security program is a safeguard for a company’s systems and data.
• An incident response plan includes:
• Protect evidence and activity logs.
• Incident containment.
• Incident eradication.
• Incident follow-up.
Case 1
Cybercrime: Even Microsoft is Vulnerable
On October 27, 2000, Microsoft acknowledges that its security had been breached and that outsiders using a Trojan house virus had been able to view source code for computer programs under development .
Case 2
Visa Combats Online Credit Card Fraud
Visa-branded credit cards generate almost $2 trillion in annual volume and are acceptable at over 22 million location around the world. Visa is reviewing new ways of authenticating user transactions.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment