ETHICS FOR IT

WORKERS AND IT
USERS
Group 1
INTRODUCTION
◦The CityTime project was meant to replace a largely manual,
paper-based payroll system for the city of New York (NYC). The
goal was to provide a tool that would help city administrators
manage a workforce of over 100,000 employees spread across
63 departments.
◦The project was initiated in 1998 when the city awarded the
contract to a subsidiary of MCI, a telecommunications
company that later ran into financial scandals and, ultimately,
filed for bankruptcy_x0000_
◦In 2001, the CityTime contract was reassigned to Science
International Applications Incorporated (SAIC), a defense
company.
◦ The city’s contract with Spherion was eventually revised 11
times, with a resulting cost of $48 million.
◦ Richard Valcich, the NYC payroll office executive director during
the initial years of the project, accused SAIC of dragging its feet
on the project and was skeptical of the company’s ability to
deliver a quality product.
◦In May 2011, federal investigators arrested Gerald Denault,
the senior project manager at SAIC, for allegedly receiving
over $5 million in kickbacks and for committing wire fraud and
money laundering.
◦In March 2012, SAIC agreed to pay $500 million to avoid
prosecution for its role in the CityTime scandal; most of that
money was to go back to the city of New York.
IT PROFESSIONALS
◦A profession is a calling that requires
specialized knowledge and often long and
intensive academic preparation. Over the
years, the United States government adopted
labor laws and regulations that required a
more precise definition of what is meant by a
professional employee.
◦The United States Code of federal regulations defines a
“professional employee” as one who is engaged in the
performance of work:_x0000_
◦Requiring knowledge of an advanced type in a field of
science or learning customarily acquired by a prolonged
course of specialized intellectual instruction and study in
an institution of higher learning or a hospital.
◦Requiring the consistent exercise of discretion and
judgment in its performance;
◦Which is predominantly intellectual and varied in character
(as distinguished from routine mental, manual,
mechanical, or physical work); and
◦Which is of such character that the output produced or the
result accomplished by such work cannot be standardized
in relation to a given period of time._x0000_
◦In other words, professionals such as doctors, lawyers, and
accountants require advanced training and experience;
Professional Relationships That
Must Be Managed
Relationship between IT workers
and Employers
IT workers and employers have a critical,
multifaceted relationship that requires ongoing
effort by both parties to keep it strong. An IT
workers and employer typically agree on
fundamental aspects of this relationship before
the worker accepts an employers offer.
◦ These issues may include job title, general
performance expectation, specific work,
responsibilities, drug-testing requirements
dress code, location of employment, salary,
work hours and company benefits.
Business Software Alliance (BSA)
◦
is a trade group that represent the world’s
largest software and hardware manufacturers.
BSA is funded both through dues based on
member companies’ software revenues and
through settlements from companies that
commit piracy.
Trade secret

◦ is information, generally unknown to

the public, that a company has taken
strong measures to keep confidential.
Whistle-blowing
◦ is an effort by an employee to attract attention to a
negligent, illegal, unethical, abusive, or dangerous act
by a company that threatens the public interest.
Often have special information based on their
expertise or position within the offending
organization.
Relationship between IT workers
and Clients
◦ IT workers provide services to client;
sometimes those “client” are co-workers who
are part of the same organization as the IT
workers. Each party agrees to provide
something of value to the other.
Fraud
◦ is the crime of obtaining goods, services or
property through deception or trickery.
Fraudulent misrepresentation occurs when a
person consciously decides to include another
person to rely and act on a misrepresentation.
Misrepresentation
◦ misstatement or incomplete statement of a
material fact. If misrepresentation causes the
other party to enter into a contact, that party
may have the legal right to cancel the contract
or seek reimbursement for damages.
Relationships Between IT Workers
and IT Users
◦The term IT user refers to a person who uses a hardware or
software product; the term distinguishes end users from the IT
workers who develop, install, service, and support the product.
◦IT workers have a duty to understand a user’s needs and
capabilities and to deliver
◦products and services that best meet those needs.subject, of
course, to budget and time
◦constraints.
Relationships Between IT Workers
and Society
◦Regulatory laws establish safety standards for
products and services to protect the public.
However, these laws are less than perfect, and
they cannot safeguard against all negative
side effects of a product or process.
Professional Codes of Ethics
◦A professional code of ethics states the
principles and core values that are essential to
the work of a particular occupational group.
Practitioners in many professions subscribe to
a code of ethics that governs their behavior.
Ethical decision making -Adherence to a professional code of
ethics means that practitioners use a common set of core
values and beliefs as a guideline for ethical decision making.
• High standards of practice and ethical behaviour -
Adherence to a code of
◦ethics reminds professionals of the responsibilities and duties
that they may be tempted to compromise to meet the
pressures of day-to-day business. The code also defines
acceptable and unacceptable behaviours to guide
professionals in their interactions with others.
◦Trust and respect from the general public -
Public trust is built on the expectation that a
professional will behave ethically.
◦Evaluation benchmark - A code of ethics provides
an evaluation benchmark
◦that a professional can use as a means of self-
assessment. Peers of the professional can also use
the code for recognition or censure.
Professional Organizations

No one IT professional organization has

emerged as preeminent, so there is no
universal code of ethics for IT workers.
However, the existence of such organizations is
useful in a field that is rapidly growing and
changing.
The four of the most prominent IT-related
professional
organizations are highlighted in the following
sections.
◦Association for Computing Machinery (ACM)
◦Institute of Electrical and Electronics Engineers
Computer Society (IEEE-CS)
◦Association of Information Technology Professionals
(AITP)
◦SysAdmin, Audit, Network, Security (SANS) Institute
Association for Computing Machinery (ACM)
◦ The Association for Computing Machinery (ACM) is a computing society
founded in 1947 with over 97,000 student and professional members in
more than 100 countries.
◦ It is international in scope—with an

ACM ACM ACM

EUROPE INDIA CHINA
◦ACM currently publishes over 50 journals and magazines and
30 newsletters—including
◦Communications of the ACM (ACM’s primary publication),
◦ACM Tech News (coverage of timely topics for IT
professionals),
◦XRDS (for both graduate and undergraduate students
considering computing careers),
◦RISKS Forum (a moderated dialogue on risks to the public
from computers and related systems),
◦eLearn (an online magazine about online education and
training).
Institute of Electrical and Electronics
Engineers Computer Society (IEEE-
CS)
◦The Institute of Electrical and Electronics Engineers
(IEEE) covers the broad fields of electrical, electronic,
and information technologies and sciences. The IEEE-
CS is one of the oldest and largest IT professional
associations, with about 85,000 members. Founded in
1946, the IEEE-CS is the largest of the 38 societies of
the IEEE.
◦The IEEE-CS helps meet the information and career
development needs of computing researchers and
practitioners with technical journals, magazines,
books, conferences, conference publications, and
online courses.
◦Certified Software Development Professional (CSDP)
◦In 1993, the ACM and IEEE-CS formed a Joint
Steering Committee for the Establishment of
Software Engineering as a Profession.
◦The “Software Engineering Code of Ethics and
Professional Practice” documents the ethical and
professional responsibilities and obligations of
software engineers. After a thorough review process,
version 5.2 of the Software Engineering Code of
Ethics was adopted by both the ACM and IEEE-CS in
1999
Association of Information
Technology Professionals (AITP)
◦The Association of Information Technology
Professionals (AITP) started in Chicago in 1951,
when a group of machine accountants got together
and decided that the future was bright for the IBM
punched-card tabulating machines they were
operating—a precursor of the modern electronic
computer.
◦They were members of a local group called the
Machine Accountants Association (MAA), which
first evolved into the Data Processing
Management Association in 1962 and finally the
AITP in 1996
◦The AITP also has a code of ethics and standards of
conduct. The standards of conduct are considered to
be rules that no true IT professional should
violate.
SysAdmin, Audit, Network,
Security (SANS) Institute
◦The SysAdmin, Audit, Network, Security (SANS)
Institute provides information security training and
certification for a wide range of individuals, such as
auditors, network administrators, and security
managers.
◦SANS publishes a semiweekly news digest (NewsBites),
a weekly security vulnerability digest (@Risk), and
flash security alerts.
◦SANS also operates Internet Storm Center—a program that
monitors malicious Internet activity and provides a free early
warning service to Internet users—and works with Internet
service providers to thwart malicious attackers.
◦Code of ethics for popular IT professional organizations
CERTIFICATION
◦Certification indicates that a professional possesses a particular
set of skills, knowledge, or abilities, in the opinion of the
certifying organization.
◦Vendor Certifications
◦Many IT vendors—such as Cisco, IBM, Microsoft, SAP, and
Oracle—offer certification programs for those who use their
products. Workers who successfully complete a program can
represent themselves as certified users of a manufacturer’s
product.
Industry Association Certifications
◦There are many available industry certifications
in a variety of IT-related subject areas. Their value
varies greatly depending on where people are in their
career path, what other certifications they possess, and
the nature of the IT job market. Table 2-4 lists several
of the certifications most in demand by employers.
“GOVERNMENT LICENSING”
The case for licensing IT workers
◦ Highly integrated enterprise resource planning
(ERP) system help multibillion-dollar companies
control all of their business functions, including
forecasting, production planning, purchasing
inventory control, manufacturing and distribution.
Issues Associated with
Government Licensing of IT
Workers
◦There is no universally accepted core
body of knowledge for any profession outlines
agreed-upon sets of skills and abilities that all
licensed professionals must possess
◦It is unclear who should manage the
content and administration of licensing
exams.
Workers must commit to ongoing, continuously
education.
◦There is no administrative body to accredit
professionals education programs. There is no
well-defined, step-by-step process o train IT workers,
even for specific jobs such as programming.
◦There is no administrative body to assess
and ensure competence of individual
workers. The AIPT standard of conduct state
that professionals should “take appropriate
action in regard to any illegal or unethical
practices that come to attention”
“IT USERS”
“Common Ethical Issues for IT Users”
Software Piracy
◦Corporate IT usage policies and management should
encourage users to report instances of piracy and to
challenge its practice. For example, the software
piracy rate in China exceeds 80 percent, so it is clear
that the business managers and IT professionals in
that country do not take a strong stand against the
practice.
◦The increasing popularity of the Android smartphone
operating system has created a serious software
piracy problem. Some IT end users have figured out
how to download applications from the Android
Market Web site without paying for them, and then
use the software or sell it to others.
◦Sometimes IT users are the ones who commit
software piracy. A common violation occurs
when employees copy software from their work
computers for use at home.
Inappropriate Use of Computing
Resources
◦Some employees use their computers to surf
popular Web sites that have nothing to do with
their jobs, participate in chat rooms, view
pornographic sites, and play computer games.
These activities eat away at worker
productivity and waste time.
◦One concern of government officials is that many
pornography sites are infected with computer viruses
and other malware; criminals and foreign intelligence
agencies often use such sites as a means to gain
access to government and corporate computer
networks.
Inappropriate Sharing of
Information
◦Every organization stores vast amounts of
information that can be classified as either
private or confidential.
◦Private data describes individual employees—
for example, their salary information,
attendance data, health records, and
performance ratings.
◦Private data also includes information about
customers—credit card information, telephone
number, home address, and so on. Confidential
information describes a company and its operations,
including sales and promotion plans, staffing
projections, manufacturing processes, product
formulas, tactical and strategic plans, and research
and development.
An IT user who shares this information with an
unauthorized party, even inadvertently, has violated
someone’s privacy or created the potential that
company information could fall into the hands of
competitors.
For example
if an employee accessed a coworker’s payroll records
via a human resources computer system and then
discussed them with a friend, it would be a clear
violation of the coworker’s privacy.
Supporting the Ethical Practices
of IT Users
Establishing Guidelines for Use of
Company Software
◦Company IT managers must provide clear rules that
govern the use of home computers and associated
software. Some companies negotiate contracts with
software manufacturers and provide PCs and software
so that IT users can work at home. Other companies
help employees buy hardware and software at
corporate discount rates.
Defining the Appropriate Use of IT
Resources
◦Companies must develop, communicate, and enforce
written guidelines that encourage employees to
respect corporate IT resources and use them to
enhance their job performance. Effective guidelines
allow some level of personal use while prohibiting
employees from visiting objectionable Internet sites
or using company email to send offensive or
harassing messages.
Structuring Information Systems to Protect Data
and Information
◦Organizations must implement systems and procedures
that limit data access to just those employees who need
it.
◦Installing and Maintaining a Corporate Firewall
◦A firewall is hardware or software that serves as a barrier
between an organization’s network and the Internet; a
firewall also limits access to the company’s network
based on the organization’s Internet-usage policy.
Compliance
◦Compliance means to be in accordance with
established policies, guidelines, specifications, or
legislation. Records management software.