Questions, Quandaries, and Random Thoughts Laura E. Hunter .
-
Upload
katherine-daniel -
Category
Documents
-
view
242 -
download
0
Transcript of Questions, Quandaries, and Random Thoughts Laura E. Hunter .
Agenda“IT Ethics” What is this thing of which you
speak?The Internet Changes Everything?Ethics as Information Security? Ethics as Compliance?How do you teach Ethical Behavior?How do you Mandate Ethical Behavior?Resources
What’s in a word?What does “ethics” mean to you?
“What my feelings tell me is right and wrong”?“Ethics has to do with my religious beliefs”?“Doing what the law requires”?“Behaving according to societal norms”?
What about “business ethics”?If a company’s goal is to seek profit, is it
“unethical” of them to do otherwise?Corporate Social Responsibility (CSR) –
ongoing debates about the relationship between companies and society
Why “IT” Ethics?Do computers create new problems?
Or just new vehicles for old problems?Stealing is still stealingStalking is still stalkingPlagiarism is still…
Does the Internet change everything, or just increase the speed at which things happen?Can you think of “IT-specific” ethical issues?
I.e., is the Internet too open?Does the response to perceived IT ethics issues
create issues in and of themselves?Or does IT just provide a different vehicle?
What do we mean by “IT Ethics”?US DoJ: “Cyberethics” refers to a code of safe and
responsible behavior for the Internet communityWikipedia: “Computer ethics” is a branch of
practical philosophy which deals with how computing professionals should make decisions regarding professional and social conduct.
James H. Moor: “Computer ethics” is the analysis of the nature and social impact of computer technology and the corresponding formulation and justification of policies for the ethical use of such technology.
“Don't be mean. We don't have to be mean because, remember, no matter where you go, there you are.”
- ????????
IT Ethics Can Span a Broad Range of ConcernsInformation Security
“Ethical hacking”?Assumptions of Information Privacy
Regulatory complianceEthics as Information Security
When do you say “No” to a customer?Admin Rights as Ethical Quandary
“Just because you can do a thing…”
The Challenge for IT ProfessionalsIT Professionals are largely unregulated
No licensingNo professional certifying boardAmerican Medical Association (AMA)
How effective is self-regulation?The Internet rears its ugly head again – the
challenge of anonymity
Sample IT Ethics Issues - IA software company introduces a
tracing mechanism into its software.What if it’s spyware?
(Even spyware can have a EULA!)What if it’s a corporation monitoring
corporate-owned computers?(What if the corporation didn’t tell its
employees?)
Sample IT Ethics Issues - IIUsing a company computer to send personal
emailWhat about using a company computer to run a
personal business?Is Internet censorship a matter of “IT
Ethics”?Equal access to information?
Network sniffing/traffic analysisWho owns the data? Who owns the network?
Live in such a way that you would not be ashamed to sell your parrot to the town gossip.
-- Will Rogers
Let’s Have a Show of HandsDoes your organization currently have a code
of ethics?YesNoBeats the heck out of me
What was the biggest barrier you faced in creating/evangelizing a code of ethics?ApathyLack of know-howLegal worries
Drafting a Code of Ethics for Your OrganizationStart with a question: “Why have a code of
ethics?”Defining acceptable behaviorsPromote high professional standardsEstablish a framework for professional behavior
Tailor the Code to meet the needs of your organization
Consider the process of creating the codeWho will create the code? Who will ratify the code?
How will you implement/enforce the code?
http://www.ethicsweb.ca/codes/
A Sample Code of IT EthicsI will strive to know myself and be honest
about my capability.I will conduct my business in a manner that
assures the IT profession is considered one of integrity and professionalism
I respect privacy and confidentialitySANS Code of IT Ethics, drafted April 24 2004
Related DocumentsCode of Conduct
Your “Code of Ethics in action”How you deal with vendorsHow you deal with customersHow you deal with competitors
Acceptable Computer Use PolicyWhere ethics and Information Security
intersect?“Use implies consent to monitoring”
Privacy Policy
Computer Ethics TrainingCan IT Ethics (or any kind of ethics, really) be
taught?
What mechanisms can be used?What is your goal in providing Ethics training?
Why is this harder for IT people?
Can Ethics be Enforced?I would argue “no” – you can enforce
behavior, you can’t enforce ideas
“There are seldom good technological solutions to behavioral problems”
-- Ed Crowley (Philosopher, Microsoft Exchange Genius)
ResourcesCase Studies in Information Technology Ethics (2nd
Edition), Richard A. Spinello (pub. 2002)Ethics for the Information Age (3rd Edition), Mike
Quinn (pub. 2008)International Review of Information Ethics
(http://www.i-r-i-e.net)SANS/GIAC IT in Ethics Courseware:
http://www.sans.org/training/description.php?mid=14Department of Justice Cyberethics site:
http://www.usdoj.gov/criminal/cybercrime/cyberethics.htm
http://www.ethicsweb.caInstitute of Business Ethics:
http://www.ibe.org.uk/codesofconduct.html
“But we must remember that good laws, if they are not obeyed, do not constitute good government. Hence there are two parts of good government; one is the actual obedience of citizens to the laws, the other part is the goodness of the laws which they obey.”
--Aristotle