Professional Documents
Culture Documents
Unit 1 of Industrial Ethics and Legal Issues 3
Unit 1 of Industrial Ethics and Legal Issues 3
Unit 1 of Industrial Ethics and Legal Issues 3
Business ethics studies appropriate business policies and practices regarding potentially
controversial subjects, including corporate governance, insider trading, bribery, discrimination,
corporate social responsibility, fiduciary responsibilities, and much more. The law often guides
business ethics, but at other times business ethics provide a basic guideline that businesses
can follow to gain public approval.
Business ethics refers to implementing appropriate business policies and practices with
regard to arguably controversial subjects.
Some issues that come up in a discussion of ethics include corporate governance,
insider trading, bribery, discrimination, social responsibility, and fiduciary
responsibilities.
The law usually sets the tone for business ethics, providing a basic guideline that
businesses can choose to follow to gain public approval.
The concept of business ethics began in the 1960s as corporations became more aware of a
rising consumer-based society that showed concerns regarding the environment, social
causes, and corporate responsibility. The increased focus on "social issues" was a hallmark of
the decade.
Since that time, the concept of business ethics has evolved. Business ethics goes beyond just
a moral code of right and wrong; it attempts to reconcile what companies must do legally vs.
maintaining a competitive advantage over other businesses. Firms display business ethics in
several ways.
Business ethics ensure a certain level of trust between consumers and corporations,
guaranteeing the public fair and equal treatment.
Leadership: The conscious effort to adopt, integrate, and emulate the other 11
principles to guide decisions and behavior in all aspects of professional and personal
life.
Accountability: Holding yourself and others responsible for their actions. Commitment
to following ethical practices and ensuring others follow ethics guidelines.
Integrity: Incorporates other principles—honesty, trustworthiness, and reliability.
Someone with integrity consistently does the right thing and strives to hold themselves
to a higher standard.
Respect for others: To foster ethical behavior and environments in the workplace,
respecting others is a critical component. Everyone deserves dignity, privacy, equality,
opportunity, compassion, and empathy.
Honesty: Truth in all matters is key to fostering an ethical climate. Partial truths,
omissions, and under or overstating don't help a business improve its performance. Bad
news should be communicated and received in the same manner as good news so that
solutions can be developed.
Respect for laws: Ethical leadership should include enforcing all local, state, and
federal laws. If there is a legal grey area, leaders should err on the side of legality
rather than exploiting a gap.
Responsibility: Promote ownership within an organization, allow employees to be
responsible for their work, and be accountable for yours.
Transparency: Stakeholders are people with an interest in a business, such as
shareholders, employees, the community a firm operates in, and the family members of
the employees. Without divulging trade secrets, companies should ensure information
about their financials, price changes, hiring and firing practices, wages and salaries,
and promotions are available to those interested in the business's success.
Compassion: Employees, the community surrounding a business, business partners,
and customers should all be treated with concern for their well-being.
Fairness: Everyone should have the same opportunities and be treated the same. If a
practice or behavior would make you feel uncomfortable or place personal or corporate
benefit in front of equality, common courtesy, and respect, it is likely not fair.
Loyalty: Leadership should demonstrate confidentially and commitment to their
employees and the company. Inspiring loyalty in employees and management ensures
that they are committed to best practices.
Environmental concern: In a world where resources are limited, ecosystems have
been damaged by past practices, and the climate is changing, it is of utmost importance
to be aware of and concerned about the environmental impacts a business has. All
employees should be encouraged to discover and report solutions for practices that can
add to damages already done.
When combined, all these factors affect a business' revenues. Those that fail set ethical
standards and enforce them are doomed to eventually find themselves alongside Enron, Arthur
Andersen, Wells Fargo, Lehman Brothers, Bernie Madoff, and many others.
Businesses should hold themselves accountable and responsible for their environmental,
philanthropic, ethical, and economic impacts.
Most of these reports outline not only the submitted reports to regulators, but how and why
decisions were made, if goals were met, and factors that influenced performance. CEOs write
summaries of the company's annual performance and give their outlooks.
Press releases are another way companies can be transparent. Events important to investors
and customers should be published, regardless of whether it is good or bad news.
Technological Practices and Ethics
The growing use of technology of all forms in business operations inherently comes with a
need for a business to ensure the technology and information it gathers is being used ethically.
Additionally, it should ensure that the technology is secured to the utmost of its ability,
especially as many businesses store customer information and collect data that those with
nefarious intentions can use.
Fairness
A workplace should be inclusive, diverse, and fair for all employees regardless of race, religion,
beliefs, age, or identity. A fair work environment is where everyone can grow, be promoted,
and become successful in their own way.
A pipeline for anonymous reporting can help businesses identify questionable practices and
reassure employees that they will not face any consequences for reporting an issue.
Published by the Ethics & Compliance Initiative (ECI), the Global Business Ethics Survey of
2021 surveyed over 14,000 employees in 10 countries about different types of misconduct they
observed in the workplace. 49% of the employees surveyed said they had observed
misconduct and 22% said they had observed behavior they would categorize as abusive. 86%
of employees said they reported the misconduct they observed. When questioned if they had
experienced retaliation for reporting, 79% said they had been retaliated against.23
Indeed, fear of retaliation is one of the primary reasons employees cite for not reporting
unethical behavior in the workplace. ECI says companies should work toward improving
their corporate culture by reinforcing the idea that reporting suspected misconduct is beneficial
to the company. Additionally, they should acknowledge and reward the employee's courage in
making the report.
What Is Business Ethics?
Business ethics concerns ethical dilemmas or controversial issues faced by a company. Often,
business ethics involve a system of practices and procedures that help build trust with the
consumer. On one level, some business ethics are embedded in the law, such as minimum
wages, insider trading restrictions, and environmental regulations. On another, business ethics
can be influenced by management behavior, with wide-ranging effects across the company.
Doing so not only increases revenues and profits, it creates a positive work environment and
builds trust with consumers and business partners.
SPONSORED
Trade on the Go. Anywhere, Anytime
One of the world's largest crypto-asset exchanges is ready for you. Enjoy competitive fees and
dedicated customer support while trading securely. You'll also have access to Binance tools
that make it easier than ever to view your trade history, manage auto-investments, view price
charts, and make conversions with zero fees. Make an account for free and join millions of
traders and investors on the global crypto market.
ARTICLE SOURCES
Compare Accounts
Advertiser Disclosure
PROVIDER
NAME
DESCRIPTION
Code of Ethics: Understanding Its Types, Uses Through Examples
A code of ethics, also referred to as an "ethical code," may encompass areas such as business
ethics, a code of professional practice, and an employee code of conduct.
KEY TAKEAWAYS
A code of ethics sets out an organization's ethical guidelines and best practices to
follow for honesty, integrity, and professionalism.
For members of an organization, violating the code of ethics can result in sanctions
including termination.
In some industries, including banking and finance, specific laws govern business
conduct. In others, a code of ethics may be voluntarily adopted.
The main types of codes of ethics include a compliance-based code of ethics, a value-
based code of ethics, and a code of ethics among professionals.
A focus on climate change has become an integral part of companies' codes of ethics,
detailing their commitment to sustainability.
While many laws exist to set basic ethical standards within the business community, it is
largely dependent upon a business's leadership to develop a code of ethics.
Both businesses and trade organizations typically have some sort of code of ethics that their
employees or members are supposed to follow. Breaking the code of ethics can result in
termination or dismissal from the organization. A code of ethics is important because it clearly
lays out the rules for behavior and provides the groundwork for a preemptive warning.
While a code of ethics is often not required, many firms and organizations choose to adopt
one, which helps to identify and characterize a business to stakeholders.
Given the importance of climate change and how human behavior has led to severely
impacting the climate, many companies have taken to include climate factors in their code of
ethics. These principles include manners in which the company is dedicated to operating
sustainably or how they will shift to doing so.
In many cases, this commitment to sustainability adds to the costs of a company, but because
consumers are becoming more focused on the types of businesses they choose to engage
with, it is often worth the cost to maintain a good public image.
Regardless of size, businesses count on their management staff to set a standard of ethical
conduct for other employees to follow. When administrators adhere to the code of ethics, it
sends a message that universal compliance is expected of every employee.
In some industries, including banking, specific laws govern business conduct. These industries
formulate compliance-based codes of ethics to enforce laws and regulations. Employees
usually undergo formal training to learn the rules of conduct. Because noncompliance can
create legal issues for the company as a whole, individual workers within a firm may face
penalties for failing to follow guidelines.
To ensure that the aims and principles of the code of ethics are followed, some companies
appoint a compliance officer. This individual is tasked with keeping up to date on changes in
regulation codes and monitoring employee conduct to encourage conformity.
This type of code of ethics is based on clear-cut rules and well-defined consequences rather
than individual monitoring of personal behavior. Despite strict adherence to the law, some
compliance-based codes of conduct do not thus promote a climate of moral responsibility
within the company.
Value-Based Code of Ethics
A value-based code of ethics addresses a company's core value system. It may
outline standards of responsible conduct as they relate to the larger public good and the
environment. Value-based ethical codes may require a greater degree of self-regulation than
compliance-based codes.
Some codes of conduct contain language that addresses both compliance and values. For
example, a grocery store chain might create a code of conduct that espouses the company's
commitment to health and safety regulations above financial gain. That grocery chain might
also include a statement about refusing to contract with suppliers that feed hormones to
livestock or raise animals in inhumane living conditions.
Accountants
Certified public accountants, who are not typically considered fiduciaries to their clients, still are
expected to follow similar ethical standards, such as integrity, objectivity, truthfulness, and
avoidance of conflicts of interest, according to the American Institute of Certified Public
Accountants (AICPA).1
Financial Advisers
Financial advisers registered with the Securities and Exchange Commission (SEC) or a state
regulator are bound by a code of ethics known as a fiduciary duty. This is a legal requirement
and also a code of loyalty that requires them to act in the best interest of their clients.2
However, there are some subtle differences: A code of ethics is used to ensure that members
have sound and unclouded judgment. Examples include the legal codes that prohibit lawyers
from accepting cases where they have a conflict of interest or those that prevent brokers from
trading against their clients.
A code of conduct, on the other hand, guides the specific actions of a company's employees. It
may contain certain norms of professional responsibility, such as punctuality and accuracy.
Most companies have an employee code of conduct, both to maintain professionalism and to
prevent friction among their employees.
The first step is for the organization to identify its priorities, as well as any ethical issues that it
wishes to avoid. For example, an organization may want to avoid having conflicts of interest,
because of previous scandals in which employees acted against the interests of the company
or clients. As a result, their code of ethics might prohibit certain inappropriate relationships, or
prohibit employees from any appearance of a conflict of interests.
Act with integrity, competence, diligence, respect, and in an ethical manner with the
public, clients, prospective clients, employers, employees, colleagues in the investment
profession, and other participants in the global capital markets.
Place the integrity of the investment profession and the interests of clients above their
own personal interests.
Use reasonable care and exercise independent professional judgment when conducting
investment analysis, making investment recommendations, taking investment actions,
and engaging in other professional activities.
Practice and encourage others to practice professionally and ethically that will reflect
credit on themselves and the profession.
Promote the integrity and viability of the global capital markets for the ultimate benefit of
society.
Maintain and improve their professional competence and strive to maintain and improve
the competence of other investment professionals.
The moral choices of businesses have evolved, from the industrial age to the modern era. In
the world we live in today, working conditions, how a business impacts the environment, and
how it deals with inequality are all areas that society deems important that perhaps two
centuries ago it did not as much. A code of ethics helps ensure that businesses will always act
with integrity.
KEY TAKEAWAYS
The crux of this theory is to enact policies that promote an ethical balance between the dual
mandates of striving for profitability and benefiting society as a whole. These policies can be
either commission (philanthropy: donations of money, time, or resources) or omission (e.g., “go
green” initiatives such as reducing greenhouse gases or abiding by U.S. Environmental
Protection Agency regulations to limit pollution).12
Many companies, such as those with “green” policies, have made social responsibility an
integral part of their business models, and they have done so without compromising
profitability.
There is a moral imperative as well. Actions—or the lack thereof—will affect future generations.
Put simply, social responsibility is just good business practice, and a failure to do so can have
a deleterious effect on the balance sheet.
Social responsibility can also boost company morale, especially when a company can engage
employees with its social causes.
The key ways that a company embraces social responsibility include philanthropy, promoting
volunteering, ethical labor practices, and environmental changes.
For example, companies managing their environmental impact might look to reduce their
carbon footprint and limit waste. There’s also the social responsibility of ethical practices for
employees, which can mean offering a fair wage, which arises when there are limited
employee protection laws.
Starbucks Corp. (SBUX) committed to social responsibility from the start, including
sustainability and community welfare. It purchases Fair Trade Certified ingredients to
manufacture products and actively supports sustainable farming in the regions where
ingredients are sourced.45
Ben & Jerry’s Homemade Holdings Inc. has integrated social responsibility into the core
of its operations. Like Starbucks, the company purchases Fair Trade Certified
ingredients.67
The Lego Group, manufacturer of Lego toys, has committed to reducing its carbon
impact. It was named a World Wildlife Fund Climate Savers Partner in 2014.8
Salesforce.com Inc. (CRM) developed what it calls the 1-1-1 model. The company
dedicates 1% of its equity, 1% of its product, and 1% of employees’ time back to the
community.9
Big-box retailer Target Corp. (TGT), also well known for its social responsibility
programs, has donated money to communities in which the stores operate, including
education grants.10
However, social responsibility has become more mainstream and is now practiced among a
wide range of companies. Younger generations, such as millennials and Gen Z, are embracing
social responsibility and driving change in the workplace and as consumers.12
For instance, informing a cashier that they gave you too much change or going back
to the store to pay for something you forgot to pay for are two examples of showing
integrity in everyday circumstances.
Here are the 7 most common traits that a person with integrity shows:
People with integrity recognize that their friends, coworkers, and community make
their lives better. They show gratitude by always remembering to say a simple
“thank you” when someone helps them out. They might also take the time to write a
thoughtful note to a coworker who helped them complete an important project. Or,
they may go the extra mile to give their friend a gift when they’ve supported them
through a difficult time.
A person with integrity doesn’t run away from difficult conversations or situations. If
they have a conflict with another person, they’re open about it — they don’t hide
their feelings only to become resentful later on. They are also honest about their
time, abilities, and preferences. No matter the situation, integrity ultimately means
your moral principles are more important than your personal comfort — and honesty
can be uncomfortable sometimes.
3. Takes responsibility for your actions, good and bad
If you have integrity, it means you’re accountable for your actions — even when you
miss the mark. It’s easy to take ownership when you do something well. However,
integrity really comes into play when you face failure. If you want to live with
integrity and grow personally, you must learn to admit when you make a
mistake and then choose to learn from it.
4. Respects yourself and those around you, no matter where you are
You might not think of boundaries when you think of integrity. However, living in
integrity means living at peace with yourself and your values — and relationship
boundaries, whether it’s with your coworkers or your family, help you do that. For
example, if your friend wants to call you during work, but you need to finish a
project, you need to set a boundary and call them later.
Integrity also means respecting others’ boundaries. Let’s say your coworker doesn’t
want to talk about their dating life. So as a person with integrity, you don’t ask them
certain questions. You also need to respect their time, personal values, and their
identity — for example, using correct gender pronouns.
This trait goes hand in hand with respecting yourself and others. People with
integrity naturally want to help others — but what separates them from most people
is their ability to know their own limits. A person with integrity will help others with
their time, abilities, and even finances. But they’ll always also prioritize self-care,
fueling themselves so that they can stay resilient for years to come.
Knowing how to build trust is important in all of life, especially when it comes to
integrity at work. If you’re a member of a team or organization, people count on you
to do what you say you will. If you don’t, there will be consequences for not just you,
but everyone around you. Being a reliable and trustworthy person is crucial to living
with integrity.
People with integrity overcome life’s obstacles with resilience. For example, let’s
say they lost their job. They may feel hopeless or frustrated at first. However, a
person with integrity would eventually see that this challenge is just another
opportunity for growth. With a bit of patience and flexible expectations, they can
take positive action.
What is integrity at work?
Now that you have a clear idea of what integrity is in general, let’s go a little deeper by
answering the question, “what is integrity at work?”
Integrity at work supports a company and a leader's set of moral and ethical standards.
This will result in both happier employers and employees.
For instance, reviewing policies and procedures before starting a complex task or being
honest about forgetting to do an important task are two examples of showing integrity at
work.
Integrity at work is also about committing with integrity. For example, if a team leader
shares a new project, employees with integrity need to be honest about their ti me and
abilities before agreeing to take on more work. They also need to make sure they have an
understanding of what’s needed and the scope of the project.
If there’s a lack of integrity on the team, members will halfheartedly accept new
assignments, even if they are not able to accomplish them on time. They might also walk
out of the meeting still wondering what their role in the project actually is.
At its core, integrity at work is about taking the initiative, negotiating your time honestly,
and staying aligned with your personal and work values. That also means delivering on
your commitments when you make them, and saying no when you can’t take on anything
new. Finally, it’s about knowing how to communicate — so if you do get out of integrity, you
can admit your mistakes honestly and share how you will fix the situation.
Having integrity at work means you:
In any genre of business, there’s often a great deal of competition from our peers. So what sets
your business apart from others is becoming incredibly important, particularly when it comes to
how ethical and honest you are.
Having strong work ethics makes good business sense because employees want to work for a
company which they are proud of and with colleagues they know act with integrity. Potential
clients or customer are also more likely to choose a company which can showcase how they
behave ethically because it provides the added ‘feel-good’ factor to any business transaction.
Here are our Top Tips for raising the bar and creating a more ethical workplace:
1. Create a code
Many professions require us to work to a consistent Code of Practice or Ethical Code and it is
common for organisations to identify a set of values to guide how employees work together and
engage with customers or society. Strong company values can be really inspiring. For example,
clothing company H&M believe in boosting ‘entrepreneurial spirit,’ while Ikea values
‘togetherness and enthusiasm.’ Instead of concentrating on what is prohibited, think about the
kind of behaviours you want to promote instead. But remember; one size doesn’t fit all and your
code needs to be unique to you.
Close
We are using cookies to give you the best experience on our site. Find out more.
For a workplace culture to be considered ‘ethical’, it would require the following essential traits:
Moral conflicts raised by unethical behaviour of colleagues and managers can cause intense stress in many
individuals. When they try to raise the issue, these employees become the target of retribution. Ethical
organisations are more likely to encourage and protect such ‘whistle-blowers’.
For instance, gender gap in pay structures persist in India. After decades of steady decline, the gender pay
gap rose again in India, from 28% in 2018-19 to 35% in 2020-21. Only through renewed commitment to
workplace ethics we can hope to counter such trends.
If they get caught, employees are at risk of facing a wide range of consequences, ranging from minor
reprimands to suspension, docked pay, or dismissal. And if it involves accounting fraud or other similar crimes,
they could end up in prison. Naturally, there is less risk of this happening in organisations that strongly
discourage and penalise unethical workplace behaviour.
4. A better standard of career education
The workplace is also a place of experiential learning, particularly for young employees in the early stages of
their career. Human beings are not born as strictly ethical or unethical – based on our experiences and life
lessons, we can become more (or less) ethical over time.
If an organisation rewards or condones unethical behaviour, an employee can become habituated to make the
same decisions in future situations, or at different companies. It can have a lasting impact on employees’
professional and even personal lives.
More than 53% reported that it is easier for managers to by-pass standard business rules in their organisations.
Another 59% reported that there were individuals in key positions in their companies who are willing to sacrifice
integrity for short-term gains.
By most accounts, Indians are the most overworked, and the least well-paid employees in the world. But
this kind of unethical organisational culture is not sustainable. In recent years, we have seen the rise of
employee activism with a focus on employee welfare, gender justice, and sustainability.
The new generation of employees are very conscious about employer branding – they are less willing to
work at companies with a reputation for unethical workplace culture. If you want to attract and retain young
talent for the long term, and reduce the risk of scandals and regulatory penalties, you have to start paying more
attention to ethical culture in your organisation.
Making ethical decisions is easier said than done. Maybe your coworker lied to a client about a
deal, but you personally like this colleague and want to give him the benefit of the doubt. Or,
perhaps you're tempted to lie to your boss to avoid admitting your team missed a deadline.
Whatever the case, it's critical you have a tangible set of steps to follow the next time you need
to apply your ethical decision making skills at work. Let's take a look at those steps now.
The PLUS model is especially objective because it doesn't focus on revenue or profit, but rather
urges leaders to take a legal and fair approach to a problem.
PLUS Model:
P = Policies and Procedures (Does this decision align with company policies?)
L = Legal (Does this decision violate any laws or regulations?)
U = Universal (Is this decision in line with core values and company culture? How does it relate to
our organizational values?)
S = Self (Does it meet my standards of fairness and honesty?)
Once you've considered potential solutions using these questions as a guide, you're ready to
implement the six necessary steps to make your decision.
Use PLUS filters to define your problem, and how it might affect one of the PLUS acronyms. Is it
illegal, or does it violate your company's values? Make sure you've outlined the full scope of the
problem -- be honest with yourself about it, even if you're partially at fault.
It can be difficult, if not impossible, to reach an objective solution on your own. To fairly evaluate
your problem, you'll want to seek out all available resources. These resources might be
mentors, coworkers, or even friends and family, but they could also be professional guidelines
and organizational policies. Make sure you've armed yourself with knowledge to understand the
extent of the damage.
When you're brainstorming a list of potential solutions to your problem, you don't want to only
consider what's been done before. Stay open to new and different ideas, and urge other people
to share their advice. Consider outside resources, including what other companies have done.
Ultimately you'll want a list of at least three to five potential solutions. This way, you avoid
feeling like it's an either/or situation.
Dive into your list of potential solutions, and consider all positive and negative consequences of
taking each action. It's important you consider how likely those consequences are to occur, as
well. You'll again want to refer to resources, guidelines, and standards. For instance, you might
decide one solution has only one negative consequence, but that negative consequence has a
high likelihood of happening. Another solution has two negative consequences, but both are
extremely unlikely. These are important factors to weigh when making your decision.
At this stage, you've got all the information you need to make a fair and ethical decision. If
you've made the decision alone but need to share it with your team, create a proposal outlining
why you chose this route, and what alternatives you considered, so they can understand your
steps. Transparency is key. Your team needs to understand you used appropriate and objective
measures to find a solution.
Now that you've implemented your solution, decide whether your problem was fixed or not. If
there are unforeseen consequences, perhaps you want to consider alternative measures to
combat the problem, or refer to outside guidance.
1. Your team misses an important deadline, and you're tempted to tell your boss you reached it
anyway.
It might seem like a good idea to tell your boss your team is on-track, and then work quietly to
make sure that becomes a reality, but in the long-run this will only hurt you and your team. First,
if you don't examine why your team missed the deadline, you won't know how to fix the problem
moving forward. Additionally, your boss is meant to be a helpful resource for you, and could
help you combat the issue. Lying could destroy your reputation as a leader and employee if your
team or boss finds out, and it will be difficult to then prove your integrity. Figure out the
guidelines or steps you need to take, and follow those.
It makes sense -- family is important, after all. But it's not fair or ethical if some of your
customers are receiving discounts simply because of who they are, and can even be seen as a
form of discrimination. If the public finds out you don't follow fair rules when it comes to pricing
and discounts, your entire company's integrity is at risk. Either mention to your coworker that
you don't feel it's fair, or report the issue to your team leader.
3. You're close to finalizing a deal when you find out some of the information you've provided
the client isn't true.
You've worked so hard to form a relationship with your client and provide them with persuasive
and helpful information, and you've finally reached the end. Just when they're ready to sign the
deal, though, your coworker takes a look at your slides and lets you know some of the
information is outdated and is no longer applicable to the deal. It's especially difficult because
your job relies on you hitting quotas, and you know your boss and team will be incredibly
impressed with this deal when you close it.
Unfortunately, you could get into legal trouble for lying in a contract, and you don't want to set a
precedent of lying and essentially stealing from clients to close deals. Be upfront and own up to
the misinformation, and then work with the client to create a new deal. Ideally, the client will
appreciate your honesty. If not, at least you didn't win a deal through false measures, which
might've gotten you into bigger trouble down the road.
Using the PLUS model and these six steps, as well as your own judgment and the opinions of
your team, should arm you with all the information you need to make ethical decisions at work
even when they're difficult. For more decision making advice, check out The Ultimate Guide to
Decision Making.
Information technology ethics is the study of the ethical issues arising out of the use and development of
electronic technologies. Its goal is to identify and formulate answers to questions about the moral basis of
individual responsibilities and actions, as well as the moral underpinnings of public policy.
Information technology ethics raises new and unique moral problems because information technology itself has
brought about dramatic social, political, and conceptual change. Because information technology affects not
only how we do things but how we think about them, it challenges some of the basic organizing concepts of
moral and political philosophy such as property, privacy, the distribution of power, basic liberties and moral
responsibility.
Specific questions include the following. What are the moral responsibilities of computer professionals? Who is
to blame when computer software failure causes harm? Is computer hacking immoral? Is it immoral to make
unauthorized copies of software? Questions related to public policy include: what constitutes just policy with
respect to freedom of speech, association, and the exercise of other civil liberties over computer networks?
What determines the extent and limits of property rights over computer software and electronic information?
What policies adequately protect a right to privacy?
The list of questions shifts in response to developments in information technology. One noteworthy example is
the rise in prominence of questions about communication and information in response to the explosive growth
of high-speed digital networks. This shift has subsumed the field commonly called ‘computer ethics’ under the
broader rubric of ‘information technology ethics’.
What Is Ethics
What is Ethics, Morals and Laws[edit | edit source]
For the ill-advised reader, ethics are the moral principles woven into a person’s or multiple individuals’
behavior. Ethics are what help an individual make decisions based on the conformity of society. An individual
whom might be regarded to have ethical behavior might be considerate of those within a society and follow the
norms of that society as well. An individual of whom might be deemed to have unethical traits is not usually
seen as a “good” person within a society that sees behavior of that nature as “bad”. The terms “good” and “bad”
are within quotation marks as these terms are mostly subjective, in the sense that they only have a meaning
when it comes to the ethical code of the society. For example, if a neighborhood prides itself on having the
residents keep their front yards looking nice with fresh green grass and clear of debris and one resident has
dried up grass and garbage scattered across their lawn, the neighborhood may find the owner of the unkempt
lawn as an unethical individual.
According to Dickson (2014, Rundu Campus), ethics are a set of moral principles that govern a persons' or
groups' behavior. Someone is considered to be behaving ethically if they conform to generally accepted
practices of the society or group making that consideration. Most ethically acceptable practices are almost
universal across human cultures, and are increasingly so due to globalization and cultural hegemony. For
example, using animals in research, abortion, or using cookies to track software, where organizations are able
to gather users information to track their search behavior and their buying patterns on the Internet are all found
with similar ethical and moral debates in various states. Furthermore, while these topics remain open to debate
in their nuances, they are intrinsically seen as amoral and ultimately unnecessary and avoidable. Each society
retains a set of rules that sets the boundaries for accepted behavior, these rules often expressed in statements
about how one ought to behave. These statements come together to form a moral code by which a member of
a society lives by. Morals are those ideas defining what is right, and wrong, and these ideas can sometimes
come into conflict.
With a basic understanding of ethics out of the way, morality is next up on the table. Morality is difference
between right and wrong or good and bad behavior. Morality is usually associated with the concept of moral
dilemmas and moral issues. A moral dilemma involves a tough decision between two unwelcome choices, the
lesser of two evils. A moral issue is a concern that has the potential to help or cause pain and suffering to
someone, including oneself. The most common example of a moral dilemma is the runaway trolley scenario, in
which a runaway trolley is barrelling down a track and is not able to brake. On one track are five workers and
the other track has one worker. The difficult decision to be made is whether or not to pull the lever and let one
worker die to save the five other workers from horror. Often times the decision is made more difficult when the
one person on the other track is a close friend or loved one. An example of a moral issue would be related to
topics such as the morality of experiments on animals, the sensitive subject of abortion, etc.
Dickson (October 19, 2013) also states that one's behavior (morals) follows a set of shared values (manners)
within a society, and contributes to the stability of that society. Everyone operates by their own individual moral
code, acting with integrity towards that code. Laws, on the other hand, are a system of rules that a society
strictly imposes, and enforces. Laws aim to be more well defined than morals, so as to be limited to
interpretation, and defendable in practice. States enforce their laws through institutions such as law
enforcement, whereas morals are enforced typically by passive interactions by an individual, or group. For
example, the moral code of a club may be enforced by excluding from participation those who do not abide the
code. While a society's moral code often forms the base for its legal systems, a given law may or may not
abide by an individual's moral code, or by the ethical considerations of a society. It is a process that is
dependent not only on the legislation itself, but also the legislator and the participation/representation of the
citizen's moral values.
Ethics is also most commonly defined as the norms of conduct that distinguish between acceptable and
unacceptable behavior [1]. Most individuals learn ethics through social activities and institutions, such as at
home, school and church. As children, we are taught by our parents/guardians what is 'right', and 'wrong'. We
gain a more finely tuned understanding as we age, as moral development further occurs as we mature.
Although morality is not to be confused with commonsense, ethical norms are often so ubiquitous that one is
tempted to assume they unanimous across cultures.
Ethical theory[edit | edit source]
Ethical Theory is defined as attempts to provide a clear, unified account of ethical obligations and practices.
Not only does Ethical Theory aim to generalize and unify ethical considerations, it also aims to be a recurrent
cycle of reflection. Through exposure to repetitive and new situations, ethical theory is iteratively developed and
improved for future considerations and precaution regarding ethics.
There are four categories of ethical theory: Consequence-based, duty-based, contract-based, and character-
based. These categories are more commonly referred to as: Utilitarianism, Deontology, Rights, and Virtues,
respectively.
Consequence-based[edit | edit source]
Consequence-based ethical theory, also known as, ‘Consequentialism’ is an ethical theory that judges the
morality of an action and decides whether it is right or wrong based on the consequences the action entails. For
example, most people would agree that lying is wrong, but if lying could help save a life, consequence-based
ethical theory would claim that it is the right thing to do. The most common example of a consequence-based
ethical theory is utilitarianism.
Criticisms[edit | edit source]
Critics of utilitarianism reject emphasis on the effects of individual acts. They point out that we tend not to
deliberate on every single action in our day-to-day activities as if that action were unique. Rather, they argue
that based on certain principles or general rules that guide our behavior, we are inclined to deliberate [2].
Consequence-based ethical theory is sometimes criticized because it can be very difficult and sometimes not
possible to know the result/consequence of an action ahead of time.
Duty-based[edit | edit source]
Duty-based ethical theory focuses on what people do, rather than the consequences of their deeds. Under this
form of ethics, you cannot justify an action was good if it produced good consequences, hence it is sometimes
called ‘non-Consequentialist’. The theory states that when engaged in decision-making, people should adhere
to their ethical obligations and duties. Deontology, a common name for duty-based ethical theory is derived
from the Greek root word, ‘Deon’ which means duty. People who support this theory over Consequence-based
claim that morality does not require reward.
Criticisms[edit | edit source]
Duty-based theory is criticized for a few reasons. Sometimes, a person’s duties may conflict internally. This
theory has no mechanism to address that. Because this theory does not care about positive consequences, it
can sometimes lead to negative effects. It also sets absolutist rules with exceptions being the only way to deal
with conflicting cases.
Contract-based[edit | edit source]
Contract-based theory focuses on moral systems created from contractual agreements.
A well-known early version of this is Thomas Hobbes Leviathan, which was his outline for a social-contract
doctrine. His idea was that this contract will give people motivation to be moral; the rights established are
considered ethically correct and valid since a lot of people endorse them.
Criticisms[edit | edit source]
This theory promotes a minimalist morality, meaning that you are not required to make any effort beyond what
the contract entails [2]. Another issue is deciphering what is seen as right in a society. The society needs to
determine their goals and priorities and the most logical way to do so is to use another ethical theory to
determine or base their goals.
Criticisms exist regarding the theory of Contract-based morality. One of the biggest criticisms is that the theory
serves as a very minimalist, rather ‘bare-minimum’ towards morality - where a person will not do anything
beyond their contractual agreements, even if ethical.
Character-based[edit | edit source]
Character-based ethics, also referred to as ‘Virtue Ethics’ focuses on determining what makes an individual
good instead of what makes an action good. This theory argues that good people consistently perform good
actions. The idea of Virtue Ethics was formulated first by Aristotle.
Criticisms[edit | edit source]
Character-based ethics is sometimes criticized as it does not accommodate for moral character changes within
an individual. At the same time, it also does not take into account the character of someone who has conflicting
values of ethics and can sometimes be good or bad.
Ethical Relativism[edit | edit source]
Another view of ethics that takes a different approach to what is right and wrong is Ethical Relativism. Ethical
Relativism is the doctrine that explains that there is no absolute truth in ethics and that the basis for deciding
what is right and wrong varies on the society or person. This argument stems from Herodotus’s 5th century
view that different societies have different customs. Each person in the society believes that their own society’s
customs are right (Rachels, 2009). Each society dictates what is right or wrong behavior based on standards
developed over many years. These standards help to shape the society’s belief and therefore it is difficult to
prove which society practices the most ethical decision making. There is no way of deciding that the values of
one society are better than another. One example that sheds light on this is a society where polygamy and
tatoos are allowed. Neighboring that society is a different society where polygamy and tatoos are forbidden and
each act is judged as right or wrong based on religious precepts. Each society thinks that their values are
acceptable and the morality of an act depends on values that differ society to society. In the realm of
cybersecurity, cultural relativism is seen with different prosecutions of illegally selling intellectual property.
intellectual property rights in some countries such as El Salvador do not prosecute retail sellers selling illegal
movies or cds since they are poor people and are trying to sustain. The distributors of these illegal copies in
many other countries are subject to prosecution and punishment regardless of economic class. This theory
holds that there are no universal moral standards that can be applied for each society since each society
judges in their own respective way.
Criticism[edit | edit source]
Most ethicists reject ethical relativism: some claim while moral practices of societies may differ, the
fundamentals of the moral principals underlying these practices do not. For instance, in some societies, killing
one's parents after they reach a certain age was common practice, stemming from the belief that they were
better off in the afterlife if they entered it still vigorous and able. While in modern societies this practice is
condemned, we would agree with this practice on the underlying moral principle--the duty to care for parents.
Therefore, while societies may not agree on their application of moral principles, they may agree on the
principles themselves. It is also argued that some moral beliefs are culturally relative while others are not.
Certain practices may be dependent on the local customs, such as the definitions of decency and proper attire.
Others may be governed by more universal standards, such as slavery and the defense of the innocent.
Ethics is an inquiry between right and wrong through a critical examination of the reasons underlying practices
and beliefs. As a theory for justifying moral practices and beliefs, ethical relativism fails to recognize some
societies have better reasons for holding their views than others. But, even if the theory is rejected, we must
acknowledge that the concept raised important issues, and encouraged us to take a look at the other societies
beliefs and cultures.[3]
Subjectivism[edit | edit source]
Subjectivism is an extension of relativism, as applied to individuals rather than societies. The moral
interpretation of a practice or event is based on the personal perspective of the individual analyzing it. In other
words, the judgment of an event is dependent on the individual doing the judging.
Objectivism[edit | edit source]
Something is objective when it is independent of any individual's personal beliefs. It is, in other words, a fact of
the universe, separate from human beliefs -- such as the weight of an object. This forms the basis for moral
realism: The idea that ethics and morals are not invented, but rather discovered over time. Ethicists typically try
to maintain objectivity in their analysis, stressing that it does not matter who the person is, or what they choose
to do; rather, they try to determine what the person should do, or what their decision ought to be.
What is right or wrong conduct for a business is the standard called Business Ethics. Business Ethics are not
always aligned with laws and therefore “ethical” and “legal” behavior is not the same. Companies establish
business ethics to maintain trust between employees but also outwardly to other partners and investors.
Throughout the years there have been many business scandals that have occurred due to a lack of ethics
imposed on decision making and business conducts. The Enron scandal stemmed from a series of actions that
covered up any losses and would falsely label project profits. Enron did this by investing in a project or building
and immediately writing it off as a profit while in reality the project did not make a single penny for the company.
When expected revenue from a project would be a lot higher than the actual revenue, the company would
transfer the project to an off the record corporation and the loss would never be reported. These actions taken
by Enron, while not completely illegal, did falsify Enron’s image of extreme success and led it to being named
“America’s Most Innovative Company.”
Business Ethics have begun to become more of an importance to companies today as it creates a clear image
of the company, builds trust between employees, and protects the company from any legal issues. As whistle-
blowing has become more popular due to increased potential identity threats, companies have tightened up
their business policies and practices to prevent any ethical missteps.
There are several companies in Japan and the US that create sex robots. And if AI robots get rights, can a
robot refuse to have sex with a human? And will it be considered rape if you do not pay attention to the
refusal?
How will the creation and operation of autonomous military robots be regulated? And what danger will be
borne by the changed laws of robotics, which in principle allow violence against humans?
How will the buying and selling of self-aware robots be regulated? There are many opinions here that this
can turn into a new wave of slavery and the liberation movement.
Now legislators consider the legal field of robots approximately similar to the legal field of animals. But even
here, there has not yet been a consensus on who will be responsible if the robot harms other people: the owner
or the manufacturer.
The point is that the topic of ethics in IT is very broad and requires deep study.
Cyberethics[edit | edit source]
Cybertechnology refers to any computing or communication technologies. This is arguably a more accurate
term than computer ethics because it encompasses all technologies rather than just computers. There is a
debate on whether or not cybertechnology brings in new or unique ethical issues, which would call for a new
perspective or special consideration. There are two main views on this issue: traditionalist and uniqueness
proponent. Traditionalists argue that nothing in this field is new in the sense that crime is still considered crime
and fraud is still considered fraud, even in the cyber realm. The uniqueness proponents argue that there are
new unique ethical issues that did not exist before cybertechnology. A common confusion in this thought is
mixing up unique features of cybertechnology with unique ethical issues. The term unique, per Merriam-
Webster, is defined as the only one or being without a like or equal [4]. The issues surrounding cybertechnology,
such as privacy, property, and others are not new concerns. However, cybertechnology does have unique
features that muddle the solutions for these types of issues.
Ethics for IT Professionals[edit | edit source]
Like any other profession, there are standards of ethical guidance used to help people when facing uncertain
circumstances. It’s important for individuals to understand that what is legal may not always be ethical. Not
behaving in an ethical manner can disturb the trust between employees, clients, staff, and the general public.
Ethical Code[edit | edit source]
Ethical code consists of principals and behavioral expectations established by organizations for their
employees and third parties. The core values of a company are also implemented
The code of ethics also outlines core company values that workers are expected to uphold during business
operations. Code of ethics is actually very similar to code of conduct. However, code of ethics focuses more on
a company's morals and values at a high-level while code of conduct focuses more on specific situations.
Having an ethical code is important as it serves as a permanent reminder of the principals every employee is
expected to uphold everyday.
IT Specialist
What is an IT Professional?[edit | edit source]
IT Professional Defined[edit | edit source]
Information technology (IT) is defined as “the use of any computers, storage, networking, infrastructure and
processes to create, process, store, secure and exchange all forms of electronic data.” [1] Hence, an IT
professional is a person who works in the information technology field. The term can refer to the engineering of
software products, implementation, and maintenance control of the user's network and server systems after it
has gone to use. IT professionals can also include people who received education in a computer-related
institution and people who possess vast knowledge in information technology.
Qualities of an IT Professional[edit | edit source]
1. Diligence. Professionals in the IT field, such as developers, analysts, and system administrators, are
associated with adhering to the ethical standards of their profession. Their work should be done with diligence
and accuracy, free from assumptions and standardization.
2. Updated. They are needed to keep up their knowledge and technical expertise in their field with the
changing IT environments to satisfy users' needs.
3. Skills and expertise. IT professionals have the skills to perform appropriate tasks or perform tasks that
can cause damage to weak software systems, for example, a payroll system; these systems are at high risk of
economic crisis where IT professionals are required to either correct the vulnerabilities or leave them exposed
to cause harm.
Responsibilities of an IT Professional[edit | edit source]
The responsibilities of an IT professional include both job duties and moral and ethical obligations. Job duties
vary from one professional to another, but typically they are centered around the management of computer-
based information systems.
Support Specialists
o Support professionals are in charge of analyzing and resolving a company's computer network and
hardware issues. They can work in various businesses, providing general support to employees, or in
a technology or software as a service (SaaS) organization, providing technical support on user
experience issues that require technical assistance.
Computer Programmers
o A computer programmer uses coding languages such as HTML, JavaScript, and CSS to create new
computer software. Computer game software can indeed be modified to improve online gameplay,
allowing programmers to address issues after the game is published to the general audience.
Technicians
o A technician works with support specialists to investigate and fix computer problems. They also
monitor processing functions, install essential software, and test computer hardware and software as
needed. Technicians may also teach a new software or functionality to a company's employees,
clients, or other consumers.
Systems Analysts
o A systems analyst examines design elements and applies information technology skills to solve
business problems. They identify infrastructure changes that are required to streamline business and
IT operations. They can also help technologists teach workers to put the improvements they propose
into action.
Network Engineers
o Network engineers are responsible for the day-to-day maintenance and development of a company's
computer network, leveraging their expertise to ensure that it is accessible and valuable to all
employees.
Where the IT Professional fits in the Organization[edit | edit source]
So, as simple as it sounds, an IT professional fits or belongs in the IT department. Now, within the IT
department, you have branches needed. There's no right or wrong answer because people have different
strengths. For example, if you need a programmer, you wouldn't put a support specialist in the programmer
department of your IT staff because it won't be feasible to do. People with well diverse backgrounds that
pivoted within the company can move around if appropriately trained, but it is entirely up to the department they
think is the best fit for you. The IT department inside a firm involved in designing, managing, and maintaining
information technology systems and services is an IT organization (information technology organization). In a
large corporation, the IT department may also be in charge of strategic planning to ensure that all IT projects
are aligned with its objectives. Depending on the company's demands, IT organizational structures might be
centralized or decentralized. The IT department is usually led by a Chief Information Officer (CIO) in a major
corporation. An IT director or operations manager may be in charge of smaller IT enterprises.[10]
Contractor from an Outsourced service provider [edit | edit source]
IT professionals, just like other industries, there are all different types of outsourcing services, such as
Structured cabling systems to application development. Due to the essential nature of, the IT industry’s
complicated architecture, there are different IT professionals, networks, support desks, hardware, system
services, security, infrastructure, internet, and so on. All need to work together just like an
orchestra.[11] Enterprises owners are more likely to hire contractors from service providers to save money.
However, Contractors are not the employee of the Enterprises, due to different company cultures or working
habits, there are a lot of ethical problems would arise:
SLA[edit | edit source]
A lot of service providers just provide on-site professional services. However, there is no detailed SLA or
service level agreement. For example, the typical on-site service will charge clients per man day. A project
should be finished in 100 Man Day. But the service provider may charge the client 200 Man-Day or even more.
At the same time, the client may always adjust their project expectation to deny paying the service fee. One
example would be if a service provider performed work that was not supported by the vendor. All these
contradictions were caused by no clear SLA. both client and vendor, or service provider, may lose a lot of
profits. Some clients want to terminate the SLA or the contract but have no appropriate execution, so the client
will give a lot of difficult tasks to the contractors to finish, or refuse the contractor to use the Internet connection,
which is very important to their jobs. Some client even asks the contractor to log what he did every minute
Service Termination[edit | edit source]
Service Termination is caused by the project being finished, which is expected. Another is caused by a client's
financial problem. If the contractor from the service provider has no other client, the contractor may lose his job.
Big IT service providers such as TATA, HP, or IBM, have a lot of projects, and this kind of problem does not
exist. Small businesses may be closed due to service Termination. On the side of the client, no need to pay a
compensative salary to the contractor, it is not good, ethically. But transfer the cost to the service provider.
Security[edit | edit source]
Every company has its security policy, such as access card, server account, and database access. I remember
many years ago, I went to a client’s server room to install the software. The client’s boss asked a staff member
to open the door and let me in. Then he left. I found the door in the server room can not open inside. I refused
to work and asked whether the client provides me with a temporary visitor access card or a staff member
accompanied me. It is very dangerous to be locked in the server room. Once on fire, all the doors will be locked
and the automatic fire extinguishing device will release a kind of toxic gas. Meanwhile, some contractors
changed jobs whereas not return the access card or the client did not lock the contractor’s account timely,
which will lead to information security problems.
CASE 1. As a support engineer, my job is to install software for clients and provide a platinum service for
clients for free. Another team from my company, the sales team, committed to the client that the platinum
service will be handed over to the client. So the sales asked me to provide the password to the client for
the platinum service. I denied the request. Very simply, I can not violate the company’s security policy.
CASE 2. The software we installed has a bug that leads to the server rebooting again and again. The
sales consultant noticed the bug will be released next week from the internal website. The sales manager
asked me to apply the patch for the client. How can I apply a patch which is not been released? I also
denied the request.
CASE 3: There is a project manager who will manage the project and may be involved with different teams
or business units. Another IT engineer just finished the software installation. The PM asked me to take
over his job and it is a priority. After talking to the department manager, I denied the PM’s request. The PM
is not my boss.
To sum up, every IT professional should not violate the policy and let his direct boss coordinate with others in
the project.[2]
Change job to competitions[edit | edit source]
Due to financial problems, an employee may experience no salary increase. He may change his job for a better
salary. It is a very common thing to switch jobs to a competitor’s company for IT professions. For a freshman,
just graduating from college without any experience, his buddy or senior staff or his boss may teach him a lot of
things. The company may demand him a high expectations. Unfortunately, he changed his job and the new
employer is the competition of the old employer, even though it is legal does not mean it is ethical. For
example, if the employee masters the core technology, the old company may fail in the market.[12]
Xiaolang Zhang who worked for Apple, was arrested by the FBI in 2019, when he was ready to board the flight
to China, got the offer of Xiao Peng Car, Xiaolang had the key hardware and software of auto-piloting core
technology.[13]
To sum up, this kind of situation should find a solution from a legal perspective. Ethically we can not stop it.
A Certified Person shall offer and provide professional services with integrity.
A Certified Person shall perform professional services in a manner that is fair and reasonable to clients,
principals, partners and employers, and shall disclose conflict(s) of interest in providing such services.
A Certified Person shall provide services to clients competently and maintain the necessary knowledge
and skill to continue to do so in those areas in which they are certified.[16]
The above is an excerpt from CompTIA’s Candidate Code of Ethics, a code that it asserts all CompTIA
certificate holders must abide by.
Certifications are defined as “the action or process of providing someone or something with an official
document attesting to a status or level of achievement,”.[18] Examples of certifications include:
CompTIA’s A+, Network+, Security+ [19]
CISCO’s CCNA, CCNP, CCIE [20]
Red Hat’s RHCE[21]
Certifications are also typically given out by non-governmental organizations (IEEE, ACM, CompTIA, CISCO,
and Red Hat).[22]
Ethical Code Of Conduct Example[edit | edit source]
Below are examples from the IEEE code of ethics/conduct. Excerpts from their code of ethics state:
To uphold the highest standards of integrity, responsible behavior, and ethical conduct in professional
activities.
o Unethical practices such as bribery and illegality
To treat all persons fairly and with respect, to not engage in harassment or discrimination and to avoid
injuring others.
o Unethical practices such as discrimination and defamation
To strive to ensure this code is upheld by colleagues and co-workers.
o Adhering to code of conduct and ethical standards[3]
Standardization And Measurable Metrics[edit | edit source]
Certifications tend to have definitive as well as non-definitive codes of conduct and ethics. As such it makes
sense to argue that since the more people who have these certifications should at the very least know of more
ethical behavior than those who haven’t gotten any. If you were to take two IT workers with the only difference
being the certifications they have, you could assume that the worker with certifications from the likes of IEEE
and ACM[23] has knowledge of and partakes in their ethical practices. For instance, after taking an IEEE
administered exam you must agree to the IEEE Code of Ethics.
Many of the ethics and code of conduct feels fairly standard and self-explanatory. However, if it must be stated
chances are that it isn’t common knowledge. As well as having a standard and measurable metric of ethics
should prove useful. Violation of these ethical concepts results in actions that are not limited to rejection of
certification, revocation of certification, losing the ability to apply for certification, and other legal actions and
other remedies. Yet, it is important to remember IEEE isn’t the only association that pushes ethics for their
certifications as CISCO[24] and Red Hat[25] are just a few of the names that do it as well. The code of ethics and
code of conduct in modern certificate-granting organizations are written differently but contain the same content
and context. Essentially fair competition, integrity, compliance, and conflicts of interest are written between all
conducts and are pretty comparable. As well as many accredited technical certifications were written with
ethics in mind to not only protect the business but also the workers inside and out of that workplace.
Viruses: are a standout amongst the most surely understood sorts of malware. They can bring about
gentle computer brokenness, however can likewise have more serious impacts regarding harming or
erasing equipment, programming or documents. They are self-repeating programs, which spread inside
and between computers. [1]They require a host, (for example, a document, circle or spreadsheet) in a
computer to go about as a 'carrier', yet they can't contaminate a computer without human activity to run or
open the tainted record.
Worms: are likewise self-replicating programs, yet they can spread independently, inside and between
computers, without requiring a host or any human activity. The effect of worms can hence be more
extreme than viruses, creating destruction crosswise over entire networks. Worms can likewise be utilized
to drop trojans onto the network framework.[2]
Trojans: are a type of malware that give off an impression of being genuine projects, yet encourage illicit
access to a computer. They can perform capacities, for example, taking information, without the client's
learning and may trap clients by undertaking a normal errand while really undertaking covered up,
unapproved activities.
Spyware: is programming that attacks clients' security by get-together touchy or individual data from
tainted frameworks and observing the sites went by. This data may then be transmitted to outsiders.
Spyware can now and again be covered up inside adware (free and here and there undesirable
programming that obliges you to watch commercials keeping in mind the end goal to utilize it). One case of
spyware is key-logging programming, which catches and advances keystrokes made on a computer,
empowering gathering of touchy information, for example, passwords or ledger points of interest. Another
sort of spyware catches screenshots of the casualty's computer. Spyware is thought to be a standout
amongst the most perilous types of malware as its goal is simply to attack protection.
Phishing[edit | edit source]
There are various forms of phishing attacks on channels such as emails, social software, websites, portable
storage devices and cell phones. There are several different ways of trying to drive users to a fake website:
Types of Phishing attacks[edit | edit source]
Spam e-mail, a spoof email which will distract customers to look similar to a bank email, or from any
financial institution.
Hostile profiling, a targeted version of the above method: the cyber criminal exploits web sites that use e-
mail addresses for user registration or secret key reminders and directs the phishing trick at specific users
(requesting that they affirm passwords, etc.). Introduce a Trojan that edits the hosts file, so that when the
casualty tries to browse to their bank‟s web site, they are re-directed to the fake site.
‘Spear phishing’, an attack on a specific organization in which the phisher simply asks for one employee‟s
details and uses them to gain wider access to the rest of the network.[3]
Traditional type of phishing attack is Not all phishing attacks work in the manner just described.
The “rock-phish" gang3 has adapted its attack strategy to evade detection and maximize phishing site
accessibility. It has separated out the elements of the attack while including redundancy in the face of
take-down requests. The pack first purchases a number of area names with short, generally meaningless,
names, for example, lof80.info. The email spam then contains a long URL, for
example, http://www.bank.com.id123.lof80.info/vr where the main part of the URL is intended to make the
site appear genuine and a mechanism, for example, `wildcard DNS‟ can be used to resolve every single
such variation to a specific IP address. It then maps each of the space names to a dynamic pool of
compromised machines as per a pack controlled name server. Each compromised machine runs an
intermediary system that relays requests to a backend server system. This server is loaded with a large
number (up to 20 at a time) of fake bank websites, all of which are available from any of the stone phish
machines. However, which bank site is reached depends solely upon the URLpath, after the main „/‟.
(Because the group uses proxies, the real servers – that hold all the web pages and collate the stolen data
– can be located anywhere.)
Whale Fishing is a type of spear phishing where the target of the attack is someone with a high profile
within a company or organization. These individuals are usually the CEO, CFO, COO, etc, because they
will have sensitive information that once stolen, will be used for a malicious reason such as ransom [4].
Password Attacks[edit | edit source]
Password attacks are as they sound an external entity trying to gain access to any particular systems by
cracking or guessing the user’s password. These attacks are very prominent in the current world scenario
since, weak and easily known terms can be guessed as well as methods such as brute force can be carried out
as raw processing power is readily available from high power computers available in the market. This type of
attack works without any type of malicious software or code to run on the user’s system. These attacks are run
on the hacker’s computers which use softwares and methodologies to crack the end user’s password thus
gaining access into their secure accounts.
Types of Password Attacks[edit | edit source]
Guessing
Even though there may be numerous ways and means which may be used to crack passwords and get through
the loopholes that may exist in the system, the easiest and most non-technical but still the most effective way
proven to get through any access control mechanism is to guess the most commonly used passwords. For
many users passwords are more of a pain to remember rather than a security concern. Hence, most of such
users use easy to remember passwords such as their birthdate, wife’s/husband’s name, pet’s name, same as
the username or even the term ‘password’. All of such mentioned or related entries are easy prey to the
password guessing technique. Another point to be noted in this approach is that, this technique will only work
when the hacker is aware about certain things of its target or the target is very well known. This gives him/her
the leverage to hack into the target’s account with some commonly tried guesses. Another thing to be kept in
mind is that, when the hacker gets through a single account, there are many a times high chances that the
affected person has kept the same login credentials for multiple accounts for which the hacker may also get
access to.
Dictionary Attacks
Dictionary attacks are based on the assumption that most of the passwords that are used in accounts are a
permutation and combination of a given set of numbers like birthdates, etc. and details like addresses, first and
last names, pet’s name, child’s name, etc. So how a Dictionary attack works is by choosing the word from the
given dictionary of characters and numbers and having a code manipulate them into various combinations
which are then tried to gain access to the corresponding account.[5] Here the problem lies in the fact that a
dictionary attack unlike other password attacks only has a given set of dictionary from which it can pick out
values and arrange/rearrange them in multiple ways to crack the password. The good thing is that even if one
character in the entire password lies outside the dictionary, this attack is bound to fail. But, since the dictionary
of words is limited the attack takes place at a rapid rate.
Brute Force Attacks
Brute Force attacks are the least preferred type of password attacks for a simple reason that they are very
inefficient. A brute force attack basically checks all of the permutations and combinations from the very
beginning. Thus, these type of attacks require a lot of time as well as a lot of processing power. Plus, most of
the mechanisms that exist in the current times are smart enough to actually alert the user if a brute force attack
is in progress as it will have to check all of the wrong choices before reaching to the desired value. These
attacks are still much considerate when the length of the password is less than or equal to 4 characters. But,
things start going out of hand when the maximum length of the password increases. To put things into
perspective, assuming only alphabetical characters, all in capitals or all in lower-case, it would take 267
(8,031,810,176) guesses.[6] Also, in these cases there are many assumptions of whether the length of the
password is known. Also, other constraints that may cause alteration of result and increase of complexity would
be if there are numerical values allowed, are there lower and upper cases involved, are there special
characters involved, etc. On the brighter side of things, the way how a brute force attacks works it is assured
that it will find the password at the end of the attack, though the timeline it will get to it is very vague indeed.
Eavesdropping Attacks
Eavesdropping attacks are when an attacker intercepts a victim’s network traffic as their sensitive data travels
from the victim’s device to their intended destination. This is usually done through software that monitors the
network traffic of the victim while they are connected to a weakly encrypted or unencrypted network like a
public Wi-Fi hotspot [7].
SQL Injection
SQL or Structured Query Language is used in programming to allow the user to create, manipulate, and delete
databases. Attackers usually take try to take advantage of a website that has a data input field, web form, or
even a search bar. Normal users would generally input data like their name, phone, or identification number
while on the other hand, an attacker uses the the same input field and try to gain access to the website’s
database by entering SQL prompts or queries. If the input field is not tested properly, this allows an attacker to
execute specific SQL commands that can retrieve, change, or delete any information within the compromised
database [9].
Direct Losses
Loss of future earnings
Billing losses of revenue
Cash flow
Stock price
Overtime costs
Loss of reputation
Firewall
A firewall guards the companies network from outside intrusion and to prevent employees from accessing
prohibited sites. Intrusion prevention systems prevent attacks by blocking viruses and other threats from getting
into the network. Antivirus software prevents viruses from infecting a computer by scanning for virus signatures.
For antivirus to be effective it must be up-to-date and uniformly deployed across the enterprise.
Detection[edit | edit source]
Intrusion protection system is software or hardware that monitors system resources, it identifies possible
intrusions into the system from either within or outside of the organization.there are three types of intrusion
systems:
NIDS (Network intrusion detection system) identifies intrusions through network traffic and monitors
multiple hosts.
HIDS (Host based intrusion detection system) identifies intrusions by reviewing host activities.
SIDS (Stack based intrusion system) examines packets as they pass through the TCP/IP stack.
Security Audit[edit | edit source]
A company's network is a means of communication and sharing of information. However it comes under attack
everyday by professional or novice hackers with intention to use company information or databases for their
own fortune. But it is not compromised only by external individuals but also sometimes by personnel present in
the company. When performing your audit you will use any security policy that your organization has as a basis
for the work you are undertaking. You need to treat the policy initially as a threat. The Security Audit is a policy
based monitoring of existing procedures and practices of sites and accessing the risk associated by these
actions. There are a number of steps that need to be performed in order to complete a security audit. For
example:
1. Preparation
2. Review policy and documents
3. Discussion (interviews)
4. Technical Investigation
5. Report Presentation
6. Post Audit actions
To address issues related to security of company's network auditing is one of the many steps need to be taken
by a company.
Types of Audits[edit | edit source]
Self Audit (Informal Audit): Every company has few servers providing services to the company. To monitor
these processes every company develops some type of self-audit process to follow on regular basis. Some
companies have software to monitor all the process and then register entire logs to be evaluated later by
professionals. Based on these audit results if a bad on incorrect event is detected, you can even have the
event undone and the initiator’s account event locked out. The collectors will send all the daily logs to a
consolidator once a day where you will be able to create numerous reports and graphs surrounding your
security events. You can also use this for Trends and Analysis.
Information technology Audits (Formal IT Audit; Formal Auditing is mostly done by companies like KPMG,
Deloitte and other auditing firms): The purpose of an internal audit is to provide operations management with
an independent review of the adequacy and effectiveness of the operations’ internal controls.[12] The IT audit is
basically external auditing in which external auditors will be hired to perform all the required auditing
operations. These auditors contact internal auditing department and make their auditing requirements known to
the company. At the conclusion of the audit, usually an oral report is conducted with the management,
accompanied by a written report. At this time the company must plan actions to take in response to the report
or decide whether they wish to assume the risks involved. Once auditing is done and the report is presented, all
the concerned individuals should meet to discuss that what actions issues will arise from it and what steps
need to be taken to take care of it.[13]
Who commits cyber crimes?
Cyber Criminals[edit | edit source]
There are criminals who commit cyber crimes for different reasons. Some of them steal from companies and
private citizens for financial gain, while others steal secrets from not only companies, but governments and
private citizens. Some of the perpetrators aim to disrupt the infrastructure of the government or company.
Hackers test the limits of information systems for the challenge of doing so. Some believe that hackers perform
a service by exposing security risks. "Crackers" break into networks and systems to deface websites, crash
computers or networks, or spread harmful programs and/or hateful messages.
Malicious insiders are employees or officers of a business, institution, or agency that carry out activities
intended to cause harm to the organization. Malicious insiders are not always employees. They can be
consultants and contractors that have special access to sensitive information. It is difficult to detect and/or stop
malicious insiders. They are authorized to access the systems they abuse. Most systems are vulnerable to
these malicious actors because they were designed to keep intruders out. Insiders know how the systems work
and how to circumvent them. The organization may be able to take steps to reduce these attacks. Industrial
spies steal trade secrets to gain competitive advantage. Hacktivists and cyber-terrorists attack systems in order
to promote their ideologies and intimidate governments in order to achieve their goals.
Ghost fraud: Criminals can use deep fake technology to steal the data of a deceased person and
impersonate the person for their financial gain. They can access credit cards and loan accounts with their
stolen identity.
New account fraud: This is also known as application fraud when criminals use stolen identities to open
new bank accounts. Severe financial damage can happen because criminals will max out their credit cards
and take out loans under your name without paying them back.
Synthetic identity fraud: Criminals mine information from multiple people and combine the information to
make a fake person that doesn’t exist. They would create new credit card accounts and max out the
accounts.
Hiring fraud: Also known as recruitment fraud, is when criminals offer a person a fake job with unsolicited
emails, text messages, and recruitment website links. They will try to gain your personal information
through these applications and possibly set you up for illegal jobs.
Signs of identity thieves:[edit | edit source]
Don’t answer phone calls, text messages, or emails from people or numbers you don’t recognize.
Do not share personal information like your Social Security number, bank account, or date of birth.
Review bank statements often and watch for suspicious transactions.
Store personal information in a safe place.
Cyber Terrorists[edit | edit source]
Cyberterrorists are terrorists who primarily have their acts of terrorism done through some form of cyberspace.
Acts of cyberterrorism are politically inspired cyber attacks in which the cyber criminal attempts to steal data
and/or corrupt corporate or government computer systems and networks, harming countries, businesses,
organizations, and even individuals. Cyberterrorists have been a larger concern due to society's already
developed fear of random, violent victimization, combined with the distrust, anxiety, and unfamiliarity of
computer technology. This creates an amalgamation of two worries that concern the people and creates a
larger unknown threat.[5]
Cyberterrorists differentiate themselves from other cybercriminals as their actions are often politically motivated
rather than seeking financial gain. This usually allows cyberterrorists to be in the public eye more than just
cybercriminals, as cyberterrorists' actions are often used to disturb the peace and seek media attention to
spread awareness of the politics, which goes against the cyberterrorists' beliefs/standpoint.
Recent discussions have argued about what qualifies as "cyberspace" and what qualifies as "an act of
terrorism." This has caused debate over different events if, in certain instances, an event qualifies as
cyberterrorism. Dorothy Denning, a professor of computer science, made the adopted unambiguous definition
of cyberterrorism. From her numerous articles on the subject and in her testimony before the House Armed
Services Committee in May 2000, she defined cyberterrorism as: The convergence of cyberspace and
terrorism. This refers to unlawful attacks and threats against computers, networks, and information belonging to
such. These actions may be done to intimidate or coerce a government or its people in furtherance of political
or social objectives. And in order to qualify as cyberterrorism, an attack should result in violence against
persons or property, or at least cause enough harm to generate fear."[6]
By going off this definition, attacks that lead to death or bodily injury, explosions, or severe economic loss
would be examples of cyberterrorist attacks. Serious attacks against critical infrastructures could also be acts of
cyberterrorism, depending on their impact. However, attacks that disrupt nonessential services or are mainly a
costly nuisance would not.
Recently, there has been an enormous upward spike when it comes to terrorist groups committing acts of
terrorism through cyberspace. This has been thanks to the growing dependence of our societies on information
technology has created a new form of vulnerability, giving terrorists a chance to approach targets that would
otherwise be unassailable. This includes national defense systems, air traffic control systems, government data
centers, etc. This allows infrastructural damage to a business or society and has shown that the more
technologically developed a country is, the more vulnerable it becomes to cyberattacks. Terrorist groups have
also flocked towards cyberterrorism as many protective measures have not been put in place against
cyberterrorism as of this moment (due to its more recent development), as well as the many benefits that the
digital world brings for criminal activities. There have been five significant benefits for these terrorist groups to
switch their activities from physical terrorism to cyberterrorism. These include price, anonymity, ease of access
to targets, all the benefits of remote work, and the ability for the act of terrorism to be even bigger than
planned.[6]
Cyber Crime and the Healthcare System[edit | edit source]
In today’s “high-tech” world, both wireless and software-controlled technologies are commonplace throughout
the medical world. From the bustling cities of Washington D.C. and Chicago, Illinois to the various small town
“one-stoplight” places around this country, the advancement in medical technology has in some way shape or
fashion affected all of us in many different ways. Even the normal “checkup” visit to the doctor brings us face-
to-face with some form of software-controlled devices such as “surgical and anesthesia devices, ventilators,
drug infusion pumps, patient monitors and external defibrillators” [7]. Most devices used in hospitals today are
controlled via software and are either connected to the Internet via a hospital Intranet or have the capability to
be connected via wireless technology.
And that is where one of the many problems arises——on the Internet. Most, if not everything, can be found,
viewed, used, and exploited as long as it is connected to the Internet. As long as there is something of value
out there in cyberspace, there will always be someone who tries to “hack” it, manipulate it or take it. Whether
that is for the good of mankind or the selfishness of one, people will always try to use the internet to their
advantage.
The healthcare industry is no stranger to cyber-crime. For the last ten years or so, most cyber-crimes against
the healthcare system were for monetary reasons whether that be through extortion or by stealing someone’s
identity.
Within the last few years there have been numerous security studies, conferences and demonstrations on the
topic of cybersecurity vulnerabilities relating to “internet-connected implanted medical devices” [8], “hard-coded
password vulnerabilities” [9] or “by the introduction of malware into the medical equipment or unauthorized
access to configuration settings in medical devices and hospital networks.” [10]
Implanted devices have been around for decades, but only in the last few years have these devices become
virtually accessible. While they allow for doctors to collect valuable data, many of these devices were
distributed without any type of encryption or defensive mechanisms in place. Unlike a regular electronic device
that can be loaded with new firmware, medical devices are embedded inside the body and require surgery for
“full” updates. One of the greatest constraints to adding additional security features is the very limited amount
of battery power available.[8]
There have been some health-care security related events in the past few years.
Anthem Blue Cross[edit | edit source]
On February 4, 2015, Anthem, Inc. experienced a data breach where more than 37.5 million records were
stolen by hackers. Anthem, Inc, is a US health insurance giant. In December of 2014, Anthem employees
noticed suspicious database queries. At the end of January of 2015, investigators confirmed unauthorized data
queries on the company’s servers. In total, almost 80 million Americans have had their personal information
exposed to hackers. This information includes: full names, addresses, SSNs, birthdays, etc. The truth about the
Anthem hack is that they failed to encrypt their files. [11]
Advocate Health Care[edit | edit source]
In July of 2013, there was a burglary from an office of Advocate Medical Group in Illinois which involved the
theft of four unencrypted desktop computers. This burglary may have exposed information of about 4 million
patients. [12] The information that may have been stolen on the Advocate computers involve names, addresses,
date of births, SSN, etc. While the Advocate computers were password protected, they were not encrypted.
Community Health Systems[edit | edit source]
In July of 2014, Community Health Systems confirmed its computer network was the target of an external
criminal cyber-attack in April and June 2014. The data taken includes names, addresses, birthdates, SSNs, etc.
The intruder was able to bypass the company’s security measures and successfully copy and transfer some
data existing on the company’s systems. [13]
Steps for Software Development
The software
development life cycle is the process of developing, testing, implanting and maintenance of software.
Fraud
Misrepresentation
Breach of Contract
procedures
instructions to end-users
flowcharts data flow diagrams
Archive, purge, and retrieval
Backup, storage, and recovery
The organization's IT workers and End-users should be trained in the use and maintenance of the new system.
The system is then retested to make sure the system works as expected and to discover any bugs.
They may create fake profiles of their victims and post false, inappropriate information.
Sending threatening or hurtful to their victims
Logging into their victims social networks and modifying them to include inappropriate content.
Taking inappropriate pictures of their victims and then posting them on social websites and maybe the
bullies personal blog.
Cyber bullying has led to many cases to many cases of suicide the most notable cases
File:Cyberbully-gmail.JPG Cyberbully-gmail
Information Technology specifies to the components that are used to store, fetch and manipulate the information at
the minimum level with the server having an operating system. Information Technology have a wide area of
applications in education, business, health, industries, banking sector and scientific research at a large level. With
the leading advancement in information technology, it is necessary to have the knowledge of security issues, privacy
issues and main negative impacts of IT. To deal with these issues in IT society it is important to find out the ethical
issues.
Some of the major ethical issues faced by Information Technology (IT) are:
1. Personal Privacy
2. Access Right
3. Harmful Actions
4. Patents
5. Copyright
6. Trade Secrets
7. Liability
8. Piracy
These are explained with their affects as following below:
1. Personal Privacy:
It is an important aspect of ethical issues in information technology. IT facilitates the users having their own
hardware, operating system and software tools to access the servers that are connected to each other and to the
users by a network. Due to the distribution of the network on a large scale, data or information transfer in a big
amount takes place which leads to the hidden chances of disclosing information and violating the privacy of any
individuals or a group. It is a major challenge for IT society and organizations to maintain the privacy and
integrity of data. Accidental disclosure to inappropriate individuals and provisions to protect the accuracy of data
also comes in the privacy issue.
2. Access Right:
The second aspect of ethical issues in information technology is access right. Access right becomes a high
priority issue for the IT and cyberspace with the great advancement in technology. E-commerce and Electronic
payment systems evolution on the internet heightened this issue for various corporate organizations and
government agencies. Network on the internet cannot be made secure from unauthorized access. Generally, the
intrusion detection system are used to determine whether the user is an intruder or an appropriate user.
3. Harmful Actions:
Harmful actions in the computer ethics refers to the damage or negative consequences to the IT such as loss of
important information, loss of property, loss of ownership, destruction of property and undesirable substantial
impacts. This principle of ethical conduct restricts any outsiders from the use of information technology in
manner which leads to any loss to any of the users, employees, employers and the general public. Typically,
these actions comprises of the intentional destruction or alteration of files and program which drives a serious
loss of resources. To recover from the harmful actions extra time and efforts are required to remove the viruses
from the computer systems.
4. Patents:
It is more difficult to deal with these types of ethical issues. A patent can preserve the unique and secret aspect of
an idea. Obtaining a patent is very difficult as compared with obtaining a copyright. A thorough disclosure is
required with the software. The patent holder has to reveal the full details of a program to a proficient
programmer for building a program.
5. Copyright:
The information security specialists are to be familiar with necessary concept of the copyright law. Copyright
law works as a very powerful legal tool in protecting computer software, both before a security breach and surely
after a security breach. This type of breach could be the mishandling and misuse of data, computer programs,
documentation and similar material. In many countries, copyright legislation is amended or revised to provide
explicit laws to protect computer programs.
6. Trade Secrets:
Trade secrets is also a significant ethical issue in information technology. A trade secret secures something of
value and usefulness. This law protects the private aspects of ideas which is known only to the discover or his
confidants. Once disclosed, trade secret is lost as such and is only protected by the law for trade secrets. The
application of trade secret law is very broad in the computer range, where even a slight head start in the
advancement of software or hardware can provide a significant competitive influence.
7. Liability:
One should be aware of the liability issue in making ethical decisions. Software developer makes promises and
assertions to the user about the nature and quality of the product that can be restricted as an express warranty.
Programmers or retailers possess the legitimate to determine the express warranties. Thus they have to be
practical when they define any claims and predictions about the capacities, quality and nature of their software or
hardware. Every word they say about their product may be as legally valid as stated in written. All agreements
should be in writing to protect against liability. A disclaimer of express warranties can free a supplier from being
held responsible of informal, speculative statements or forecasting made during the agreement stages.
8. Piracy:
Piracy is an activity in which the creation of illegal copy of the software is made. It is entirely up to the owner of
the software as to whether or not users can make backup copies of their software. As laws made for copyright
protection are evolving, also legislation that would stop unauthorized duplication of software is in consideration.
The software industry is prepared to do encounter against software piracy. The courts are dealing with an
increasing number of actions concerning the protection of software.
3 ObjectivesIdentify the key characteristics that distinguish a professional from other kinds of workers.Understand various
professional relationships and associated key ethical issues.Discuss how codes of ethics, professional organizations, and
certifications and licensing affect the ethical behavior of IT professionals.Identify the key tenets of 4 different codes of ethics
that provide guidance for IT professionals.Identify the common ethical issues that face IT users.Discuss approaches for
supporting the ethical practices of IT users.
4 What is a Professional?Profession is a calling requiring specialized knowledge and often long intensive academic
preparation.The United States Code of Federal Regulations defines a person “employed in a professional capacity” as one
who meets these four criteria:One’s primary duties consist of the performance of work requiring knowledge of an advanced
type in a field of science or learning customarily acquired by a prolonged course of specialized intellectual instruction and
study or work.One’s instruction, study, or work is original and creative in character in a recognized field of artistic endeavor
and the result of which depends primarily on the invention, imagination, or talent of the employee.
5 What is a Professional?One’s work requires the consistent exercise of discretion and judgment on its performance.One’s
work is predominately intellectual and varied in character and is of such character that the output produced or the result
accomplished cannot be standardized in relation to a given period of time.
6 Definition of an IT Professional
Given the definition of “professional”, there are many business workers whose duties, background and training, and work
could qualify them to be classified as professionals.These people include marketing analysis, financial consultants, and IT
specialists.A partial list of IT specialists includes programmers, systems analysts, software engineers, database
administrators, LAN administrators, and chief information officers (CIOs).It could be argued that not every IT role requires
“knowledge” of an advanced type in a field of science or learning customarily acquired by a prolonged course of specialized
intellectual instruction and study.
7 Definition of an IT Professional
Eg. Does someone who completes a two-year, part-time training program in LAN administration meet the criteria to be
classified as a professional?From a practical standpoint, the IT industry recognizes people from a wide set of backgrounds,
education, and personal experience in many different roles as IT professionals – provided they can do the job required by
such a role.
9 Professional Relationships
IT professionals become involved in many different types of relationships.Professional-employerProfessional-
clientProfessional-supplierProfessional-professionalProfessional-IT userProfessional-society
10 Stewards of IT Resources
IT professionals must set the example and enforce the policies that promote ethical use of IT resources.Software piracy is
the act of illegally making copies of software.Trade secret is a piece of information that is generally not known to the publ ic
that is held confidential.
18 IT Professional-Society
IT professionals develop and support systems that interact with the world around them.The public expects that the members
of the IT profession will practice the profession in a way that will not bring harm to society.
27 Current IT Certifications
Institute for Certification of Computing Professionals (ICCP)Associate Computing Professional (ACP)Certified Computing
Professional (CCP)American Society for Quality Control (ASQC)
29 IT Professional-Employer
The relationship between a professional and an employer requires ongoing efforts by both parties to keep it
strong.Professionals and employers discuss many job aspects before employment begins.
30 IT Professional-Client
In this relationship, the professional and client each agree to provide something of value to each other.The IT professional
usually provides a hardware or software product and the client provides compensation.
31 IT Professional-Supplier
IT professionals may have many different relationships with many software, hardware, and service providers.The IT
professional must be on guard to keep the relationships honest and business related.
32 IT Professional-Professional
Professionals feel a degree of loyalty to other members in the profession.Professionals help support each other
publicly.Professionals owe one another an adherence to the profession’s code of conduct.
34 IT Professional-IT User
An IT user is a person for whom the hardware or software is designed.Professionals have a duty to understand the needs
and capabilities of users.Professionals have a responsibility to deliver their product or service on time and within budget.
37 SummaryA professional code of ethics states the principles and core values essential to the work of a particular
occupational group.Licensing and certification of IT professionals would increase the reliability and effectiveness of
information systems.