Chapter 2ETHICS FOR IT WORKERS

AND IT USERS

A profession is a calling that requires specialized knowledge and often long and intensive academic preparation.

The U.S. Code of Federal Regulations defines a person “employed in a professional capacity” as one who meets these four criteria:

IT PROFESSIONALS

1. One’s primary duties consist of the performance of work requiring knowledge of advanced type in a field of science or learning customarily acquired by a prolonged course of specialized intellectual instruction and study or work.

2. One’s instruction, study, or work is original and creative in character in a recognized field of artistic endeavor, the result of which depends primarily on the invention, imagination, or talent of the employee.

3. One’s work requires the consistent exercise of discretion and judgment in its performance.

4. One’s work is predominantly and varied in character, and the output or result cannot be standardized in relation to a given period of time.

Example doctors, lawyers, accountants

- A professional is expected to contribute to society, to participate in a life long training program, to keep abreast of developments in the field, and to help develop others professionals

- From a legal standpoint, a professional has passed the state licensing requirements and earned the right to practice here

- many professional roles carry special right and responsibilities

Many business workers have duties, background and training that qualify them to be classified as professionals, including

Marketing analyst, financial consultants, and IT specialists.

It specialists includes programmers, system analysts, software engineers, database administrators, Local area network (LAN) administrators, and chief information officers (CIOs).

ARE IT WORKERS PROFESSIONALS?

From a legal perspective, IT workers are not recognized as professionals because they are not licensed by the state or federal government.

Example malpractice lawsuits – IT workers are not liable for malpractice because they do not meet the legal definition of professional

It workers are considered part of the professional services industry, which is experiencing immense changes that impact how members of this industry must think and behave to be successful.

Ross Dawson, author and CEO of the consulting firm Advanced Human Technology, identifies seven forces that are changing the nature of professional services.

THE CHANGING PROFESSIONAL SERVICES INDUSTRY

- Client Sophistication

- Governance

- Connectivity

- Transparency

- Modularization

- Globalization

- Commoditization

Client Sophistication- Clients are more aware of what they need

from service providers, more willing to look outside their own organization to get the best possible services, and better able to drive a hard bargain to get the best possible service at the lowest possible cost.

Governance- More scandals and tougher laws enacted to

avoid future scandals have created an environment in which there is less trust and more oversight in client-service provider reationships.

Connectivity- Clients and service providers have built their

working relationships on the expectation that they can communicate easily and instantly around the globe through electronic teleconferences, audio conferences, e-mail, and wireless devices.

Transparency- Clients expect to be able to see work-in-

progress in real time, and they expect to be able to influence that work. No longer are clients willing to wait until end product is complete before they weigh in with comments and feedback.

Modularization- Clients are able to break down their

business processes into the fundamental steps and decide which they will perform themselves and which they will outsource to service providers.

Globalization- Clients are able to evaluate and choose

among service providers around the globe, making the service provider industry extremely competitive.

Commoditization- Clients look at the delivery of low-end

services as a commodity service for which price is the primary criteria for choosing a service provider. For the delivery of high-end services, clients seek to form a partnership with their service providers.

Relationship Between IT Workers and Employers

Relationship Between IT Workers and Clients Relationship Between IT Workers and

Suppliers Relationship Between IT Workers and Other

Professionals Relationship Between IT Workers and IT

Users Relationship Between IT Workers and

Society

PROFESSIONAL RELATIONSHIPS THAT MUST BE MANAGED

IT workers and employers have a critical, multifaceted relationship that requires ongoing effort by both parties to keep it strong.

IT worker and an employer typically agree on fundamental aspects of the relationship before the worker accepts an employment offer.

Job title, general performance expectations, specific work responsibilities, drug-testing requirements, dress code, location of employment, salary, work hours, and company benefits.

Relationship between IT Workers and Employers

Many other issues are addressed in the company’s policy and procedure manual or in the company’s code of conduct if exists.

Example protection of company secrets, vacation policy, time off for a funeral, an illness in the family, use of company resources

Some aspects are addressed by law – for example, an employee cannot be required to do something illegal, such as falsify the results of a quality assurance test.

Relationship between IT Workers and Employers

Some aspects are specific to the role of IT worker and are established based on the nature of the work or project – for example, the programming language to be used, the type and amount of documentation to produced, and the extent of testing to be conducted.

IT workers must set an example and enforced policies regarding the ethical use of IT. IT workers have the skills and knowledge to abuse systems and data or to allow others to do so. Example Software piracy – laws and policies.

Relationship between IT Workers and Employers

The Business Software Alliance (BSA) is a trade group that represents the world’s largest software and hardware manufacturers. It mission is to stop the unauthorized copying of software produce by its members.

“Know It, Report It, Reward It” program, individuals who report software piracy are eligible to receive up to $1 million in cash rewards.

Relationship between IT Workers and Employers

Adobe◦ Corel◦ Dell◦ IBM◦ McAfee

Apple◦ Intel◦ Microsoft◦ Cisco Systems

Autodesk◦ HP◦ SAP◦ Symantec

Members of BSA as of January 2009

A trade secrecy is information, generally unknown to the public, that a company has taken strong measures to keep confidential. Trade secrets can include the design of new software code, hardware designs, business plans, the design of a user interface to a computer program, and manufacturing processes.

Example Intel’s manufacturing process for i7 quad core processing chip

Whistle-blowing is an effort by an employee to attract attention to a negligent, illegal, unethical, abusive, or dangerous act by a company that threatens the public interest.

An IT worker often provides services to clients who either work outside the worker’s own organization or are “internal”.

IT worker provides hardware, software, or services at a certain cost and within a given time frame.

Fraud is the crime of obtaining goods, services, or property through deception or trickery. Fraudulent misrepresentation occurs when a person consciously decides to induce another person to rely and act on the misrepresentation.

Relationship between It Workers and Clients

Misrepresentation is the misstatement of incomplete statement of a material fact. If the misrepresentation causes the other party to enter into a contract, that party may have the legal right to cancel the contract and seek reimbursement for damages.

Breach of contract occurs when one party fails to meet the terms of a contract.

Material breach of contract occurs when a party fails to perform certain express or implied obligations, which impairs or destroys the essence of the contract.

Frequent causes of problems in IT projects:- The customer changes the scope of the project

of the system requirement- Poor communication between customer and

vendor leads to performance that does not meet expectations

- The vendor delivers a system that meets customer requirements, but a competitor comes out with a system that offers more advanced and useful features

- The customer fails to reveal information about legacy systems or databases that make the new system extremely difficult to implement.

Bribery involves providing money, property, or favors to someone in business or government to obtain a business advantage.

Example A software supplier sales representative who offer money to another company’s employee to get its business. This type of bribe is often referred to as a kickback or a payoff.

Relationship between IT Workers and Suppliers

Bribes Gifts

Are made in secret, as they are neither legally nor morally acceptable

Are made openly and publicly, as a gesture of friendship or goodwill

Are often made indirectly through a third party

Are made directly from donor to recipient

Encourage an obligation for the recipient to act favorably toward the donor

Come with no expectation of a future favor for the donor

Resume Inflation it involves lying on a resume and claiming competence in an IT skill that is in high demand.

Another ethical issue is the inappropriate sharing of corporate information. Because of their roles, IT workers have access to corporate databases of private and confidential information about employees, customers, suppliers, new product plans, promotions, budgets and so on. It might be sold to other organizations or shared informally during work conversations with others who have no need to know.

Relationship between IT Workers and Other Professionals

IT users – the person who uses a hardware or software product from the IT worker who develop, install, service, and support the product.

IT users need the product to deliver organizational benefits or to increase their productivity.

IT workers have a key responsibility to establish an environment that supports ethical behavior by users.

- Software piracy, minimizes the inappropriate use of corporate computing resources, and avoids the inappropriate sharing of information.

Relationship between IT Workers and IT Users

Regulatory laws established safety standards for products and services to protect the public.

The action of an IT worker can affect society.Example a system analyst may design a

computer-based control system to monitor a chemical manufacturing process. An error or failure in the system may put workers or residents near the plant at risk. As a result, IT workers have a relationship with society members who may be affected by their actions.

Relationship between IT Workers and Society

Negligence is not doing something that a reasonable person would do, or doing something that a reasonable person would not do.

Duty of care refers to the obligation to protect people against any unreasonable harm or risk.

IT PROFESSIONAL MALPRACTICE

A statement of the principles and core values that are essential to the work of a particular occupational group.

Most code of ethics have 2 parts: the first outlines what the organization aspires to become, and the second typically lists rules and principles by which the members of the organization are expected to abide.

Many codes also include a commitment to continuing education for those who practice profession.

Professional Code of Ethics

Following a professional code of ethics can produce many benefits for the individual, the profession, and society as a whole:

• Ethical decision making – practitioners use a common set of core values and beliefs as a guideline for ethical decision making.

• High standards of practice and ethical behavior – reminds professionals of the responsibilities and duties that they may be tempted to compromise to meet the pressures of day-to-day business.

* Trust and respect from the general public – enhances trust and respect for professionals and their profession.

* Evaluation benchmark – provides an evaluation benchmark that a professional can use as a means of self-assessment. Peers of the professional code also use the code for recognition or censure.

5 of the most prominent IT- related organizations

Association for Computing Machinery (ACM) Association for Information Technology

Professionals (AITP) Institute of Electrical and Electronics

Engineers Computer Society (IEEE-CS) Project Management Institute (PMI) SysAdmin, Audit, Network, Security (SANS)

Insitute

PROFESSIONAL ORGANIZATIONS

Is a computing society founded in 1947 with 24,000 students members and 68,000 professional members n more than 100 countries.

It offers many publications and electronic forums for technology workers,

Tech News – a comprehensive news-gathering serviceQueuecasts – a set of podcasts with IT expertseLearn – an online magazine about online education and

trainingThe ACM code consists of 8 general moral imperatives,

8 specific professional responsibilities, 6 organizational leadership imperatives and 2 elements of compliance.

Association for Computing Machinery (ACM)

AITP started in Chicago in 1951 by a group of machine accountants. They were members of a local group called the Machine Accountants Association, which 1st evolved into the Data Processing Management Association in 1962 and finally AITP in 1996.

AITP provides IT-related seminars and conferences, information on IT issues, and forums for networking.

Association for Information Technology Professionals (AITP)

It has been a leader in the development of model curricula for four-year institutions. Its mission is to provide superior leadership and education in information technology, and one of its goals is to help members make themselves more remarkable within the industry.

The standards of conduct are considered to be rules that no true IT professional should violate.

IEEE-CS covers the fields of electrical, electronic, and information technologies and sciences. It is one of the oldest and largest IT professional associations, founded in 1946.

The IEEE-CS helps meet the information and career development needs of computing researches and practitioners with technical journals, magazines, conferences, books and online courses.

It also offers Certified Software Development (CSDP) Professional program and Certified Software Development Associate (CSDA)

Institute of Electrical and Electronics Engineers Computer Society (IEEE-CS)

In 1993, the IEEE-CS and the ACM formed a Joint Steering Committee for the Establishment of Software Engineering as a Profession. The initial recommendations of the committee were - to define ethical standards- to define the required body of knowledge and recommend practices in soft eng’g- to define appropriate curricula to acquire knowledge

The software engineering code of ethics documents the ethical and professional responsibilities and obligations of software engineers.

The Project Management Institute was established 1969. Its members include project managers

- Construction- Sales- Finance - Production- Information System

Project Management Institute (PMI)

SANS Institute provides information security training and certification for a wide range of individuals, such as auditors, network administrators, and security managers.

SANS publishes - a weekly new digest (NewsBites)- a weekly vulnerability digest (@Risk)- flash security alertsSANS makes available a collection of 1,200

research documents about various topics of information security.

SysAdmin, Audit, Network, Security (SANS) Insitute

SANS operates Internet Storm Centera program that monitors malicious Internet activity and provides a free early warning service to Inter users, and work with Internet Service providers to thwart the malicious attackers.

SysAdmin, Audit, Network, Security (SANS) Insitute

Certification indicates that a professional possesses a particular set of skills, knowledge, or a abilities in the opinion of the certifying organization.

- can also be apply to products- It is generally voluntary

Lisensing applies only to people and required by law

CERTIFICATION

- many employers view them as a benchmark that indicates mastery of a define set of basic knowledge.

- certification is no substitute for experience doesn’t guarantee that a person will perform well on the job

- most IT employees are motivated to learn new skills and provide clear recognition with a plan to help them continue to grow and advance in their careers

- is another means of product vendor to generate additional revenue with little merit attached.

Vendor Certifications Cisco, IBM, Microsoft, Sun, SAP and Oracle –

certified users of a manufacturer’s productTo be certified one must pass a written exam,

most exam are presented in a multiple-choice format

Cisco Certified Internetwork Expert (CCIE) certification, also require a hands-on lab exam that demonstrate skills and knowledge.

Vendor and Industry Association Certification

Industry Association CertificationIT Subject-area certifications

Subject area Organization providing certification

Primary certification

Auditing Information Systems Audit & Control Association (ISACA)

Certified Information Systems Auditor (CISA)

General Institute for Certification of Computing Professionals (ICCP)

Certified Computing Professional (CCP)

Security International Information Systems Security Certification Consortium, Inc. (ISC), SANS

Global Information Assurance Security Professional Certification Certified Information System

Computer Service technician

Computing Technology Industry Association (CompTIA)

Certified Information Systems CompTIA

COMMON ETHICAL ISSUES FOR IT USERS

Software Piracy

Ex. When an employee copy software from their work computers for use at home

If no one has paid for a additional license to use the software on the home computer, this is still piracy.

IT USERS

Inappropriate Use of Computing Resources- the use of their computer to surf the net that

have nothing to do with their job, participate in chat rooms, view pornographic sites, and play computer games.

Inappropriate Sharing of Information- an IT users who shares information with

unauthorized party

Ex. if an IT worker saw a coworker’s payroll records and then discussed them with a friend – violation of coworkers privacy

Establishing Guidelines for Use of Company Software

Defining and Limiting the Appropriate Use of IT Resources

Structuring Information Systems to Protect Data and Information

Installing and Maintaining a Corporate Firewall

SUPPORTING THE ETHICAL PRACTICES OF IT USERS

1. How do you distinguish between a gift and a bribe? Provide an example of a “gift’ that falls in the gray area between a gift and a bribe.

2. What must IT professionals do to ensure that the projects they lead meet the client’s expectations and do not lead to charges of fraud, fraudulent misrepresentation, or breach of contract?

3. Should all IT professionals be either licensed or certified? Why and why not?

Discussion Questions