What Is Business Ethics?

Business ethics studies appropriate business policies and practices regarding potentially
controversial subjects, including corporate governance, insider trading, bribery, discrimination,
corporate social responsibility, fiduciary responsibilities, and much more. The law often guides
business ethics, but at other times business ethics provide a basic guideline that businesses
can follow to gain public approval.

 Business ethics refers to implementing appropriate business policies and practices with
regard to arguably controversial subjects.
 Some issues that come up in a discussion of ethics include corporate governance,
insider trading, bribery, discrimination, social responsibility, and fiduciary
responsibilities.
 The law usually sets the tone for business ethics, providing a basic guideline that
businesses can choose to follow to gain public approval.

Understanding Business Ethics

Business ethics ensure that a certain basic level of trust exists between consumers and
various forms of market participants with businesses. For example, a portfolio manager must
give the same consideration to the portfolios of family members and small individual investors
as they do to wealthier clients. These kinds of practices ensure the public receives fair
treatment.

The concept of business ethics began in the 1960s as corporations became more aware of a
rising consumer-based society that showed concerns regarding the environment, social
causes, and corporate responsibility. The increased focus on "social issues" was a hallmark of
the decade.

Since that time, the concept of business ethics has evolved. Business ethics goes beyond just
a moral code of right and wrong; it attempts to reconcile what companies must do legally vs.
maintaining a competitive advantage over other businesses. Firms display business ethics in
several ways.

Business ethics ensure a certain level of trust between consumers and corporations,
guaranteeing the public fair and equal treatment.

Principles of Business Ethics

It's essential to understand the underlying principles that drive desired ethical behavior and
how a lack of these moral principles contributes to the downfall of many otherwise intelligent,
talented people and the businesses they represent.

There are generally 12 business ethics principles:

 Leadership: The conscious effort to adopt, integrate, and emulate the other 11
principles to guide decisions and behavior in all aspects of professional and personal
life.
 Accountability: Holding yourself and others responsible for their actions. Commitment
to following ethical practices and ensuring others follow ethics guidelines.
 Integrity: Incorporates other principles—honesty, trustworthiness, and reliability.
Someone with integrity consistently does the right thing and strives to hold themselves
to a higher standard.
 Respect for others: To foster ethical behavior and environments in the workplace,
respecting others is a critical component. Everyone deserves dignity, privacy, equality,
opportunity, compassion, and empathy.
 Honesty: Truth in all matters is key to fostering an ethical climate. Partial truths,
omissions, and under or overstating don't help a business improve its performance. Bad
news should be communicated and received in the same manner as good news so that
solutions can be developed.
 Respect for laws: Ethical leadership should include enforcing all local, state, and
federal laws. If there is a legal grey area, leaders should err on the side of legality
rather than exploiting a gap.
 Responsibility: Promote ownership within an organization, allow employees to be
responsible for their work, and be accountable for yours.
 Transparency: Stakeholders are people with an interest in a business, such as
shareholders, employees, the community a firm operates in, and the family members of
the employees. Without divulging trade secrets, companies should ensure information
about their financials, price changes, hiring and firing practices, wages and salaries,
and promotions are available to those interested in the business's success.
 Compassion: Employees, the community surrounding a business, business partners,
and customers should all be treated with concern for their well-being.
 Fairness: Everyone should have the same opportunities and be treated the same. If a
practice or behavior would make you feel uncomfortable or place personal or corporate
benefit in front of equality, common courtesy, and respect, it is likely not fair.
 Loyalty: Leadership should demonstrate confidentially and commitment to their
employees and the company. Inspiring loyalty in employees and management ensures
that they are committed to best practices.
 Environmental concern: In a world where resources are limited, ecosystems have
been damaged by past practices, and the climate is changing, it is of utmost importance
to be aware of and concerned about the environmental impacts a business has. All
employees should be encouraged to discover and report solutions for practices that can
add to damages already done.

Why Is Business Ethics Important?

There are several reasons business ethics are essential for success in modern business. Most
importantly, defined ethics programs establish a code of conduct that drives employee
behavior—from executives to middle management to the newest and youngest employees.
When all employees make ethical decisions, the company establishes a reputation for ethical
behavior. Its reputation grows, and it begins to experience the benefits a moral establishment
reaps:

 Brand recognition and growth

 Increased ability to negotiate
 Increased trust in products and services
 Customer retention and growth
 Attracts talent
 Attracts investors

When combined, all these factors affect a business' revenues. Those that fail set ethical
standards and enforce them are doomed to eventually find themselves alongside Enron, Arthur
Andersen, Wells Fargo, Lehman Brothers, Bernie Madoff, and many others.

Types of Business Ethics

There are several theories regarding business ethics, and many different types can be
found, but what makes a business stand out are its corporate social
responsibility practices, transparency and trustworthiness, fairne irness, and technological
practices.

Corporate Social Responsibility

Corporate social responsibility (CSR) is the concept of meeting the needs of stakeholders while
accounting for the impact meeting those needs has on employees, the environment, society,
and the community in which the business operates. Of course, finances and profits are
important, but they should be secondary to the welfare of society, customers, and employees—
because studies have concluded that corporate governance and ethical practices increase
financial performance.1

Businesses should hold themselves accountable and responsible for their environmental,
philanthropic, ethical, and economic impacts.

Transparency and Trustworthiness

It's essential for companies to ensure they are reporting their financial performance in a way
that is transparent. This not only applies to required financial reports but all reports in general.
For example, many corporations publish annual reports to their shareholders.

Most of these reports outline not only the submitted reports to regulators, but how and why
decisions were made, if goals were met, and factors that influenced performance. CEOs write
summaries of the company's annual performance and give their outlooks.

Press releases are another way companies can be transparent. Events important to investors
and customers should be published, regardless of whether it is good or bad news.
Technological Practices and Ethics
The growing use of technology of all forms in business operations inherently comes with a
need for a business to ensure the technology and information it gathers is being used ethically.
Additionally, it should ensure that the technology is secured to the utmost of its ability,
especially as many businesses store customer information and collect data that those with
nefarious intentions can use.

Fairness
A workplace should be inclusive, diverse, and fair for all employees regardless of race, religion,
beliefs, age, or identity. A fair work environment is where everyone can grow, be promoted,
and become successful in their own way.

How to Implement Good Business Ethics

Fostering an environment of ethical behavior and decision-making takes time and effort—it
always starts at the top. Most companies need to create a code of conduct/ethics, guiding
principles, reporting procedures, and training programs to enforce ethical behavior.

Once conduct is defined and programs implemented, continuous communication with

employees becomes vital. Leaders should constantly encourage employees to report concern
behavior—additionally, there should be assurances that if whistle-blowers will not face
adversarial actions.

A pipeline for anonymous reporting can help businesses identify questionable practices and
reassure employees that they will not face any consequences for reporting an issue.

Monitoring and Reporting Unethical Behavior

When preventing unethical behavior and repairing its adverse side effects, companies often
look to managers and employees to report any incidences they observe or experience.
However, barriers within the company culture (such as fear of retaliation for reporting
misconduct) can prevent this from happening.

Published by the Ethics & Compliance Initiative (ECI), the Global Business Ethics Survey of
2021 surveyed over 14,000 employees in 10 countries about different types of misconduct they
observed in the workplace. 49% of the employees surveyed said they had observed
misconduct and 22% said they had observed behavior they would categorize as abusive. 86%
of employees said they reported the misconduct they observed. When questioned if they had
experienced retaliation for reporting, 79% said they had been retaliated against.23

Indeed, fear of retaliation is one of the primary reasons employees cite for not reporting
unethical behavior in the workplace. ECI says companies should work toward improving
their corporate culture by reinforcing the idea that reporting suspected misconduct is beneficial
to the company. Additionally, they should acknowledge and reward the employee's courage in
making the report.
What Is Business Ethics?
Business ethics concerns ethical dilemmas or controversial issues faced by a company. Often,
business ethics involve a system of practices and procedures that help build trust with the
consumer. On one level, some business ethics are embedded in the law, such as minimum
wages, insider trading restrictions, and environmental regulations. On another, business ethics
can be influenced by management behavior, with wide-ranging effects across the company.

What Are Business Ethics and Example?

Business ethics guide executives, managers, and employees in their daily actions and
decision-making. For example, consider a company that has decided to dump chemical waste
that it cannot afford to dispose of properly on a vacant lot it has purchased in the local
community. This action has legal, environmental, and social repercussions that can damage a
company beyond repair.

What Are the 12 Ethical Principles?

Business ethics is an evolving topic. Generally, there are about 12 ethical principles: honesty,
fairness, leadership, integrity, compassion, respect, responsibility, loyalty, law-abiding,
transparency, and environmental concerns.

The Bottom Line

Business ethics concerns employees, customers, society, the environment, shareholders, and
stakeholders. Therefore, every business should develop ethical models and practices that
guide employees in their actions and ensure they prioritize the interests and welfare of those
the company serves.

Doing so not only increases revenues and profits, it creates a positive work environment and
builds trust with consumers and business partners.

SPONSORED
Trade on the Go. Anywhere, Anytime
One of the world's largest crypto-asset exchanges is ready for you. Enjoy competitive fees and
dedicated customer support while trading securely. You'll also have access to Binance tools
that make it easier than ever to view your trade history, manage auto-investments, view price
charts, and make conversions with zero fees. Make an account for free and join millions of
traders and investors on the global crypto market.
ARTICLE SOURCES
Compare Accounts
Advertiser Disclosure
PROVIDER
NAME
DESCRIPTION
Code of Ethics: Understanding Its Types, Uses Through Examples

What Is a Code of Ethics?

A code of ethics is a guide of principles designed to help professionals conduct business
honestly and with integrity. A code of ethics document may outline the mission and values of
the business or organization, how professionals are supposed to approach problems, the
ethical principles based on the organization's core values, and the standards to which the
professional is held.

A code of ethics, also referred to as an "ethical code," may encompass areas such as business
ethics, a code of professional practice, and an employee code of conduct.

KEY TAKEAWAYS

 A code of ethics sets out an organization's ethical guidelines and best practices to
follow for honesty, integrity, and professionalism.
 For members of an organization, violating the code of ethics can result in sanctions
including termination.
 In some industries, including banking and finance, specific laws govern business
conduct. In others, a code of ethics may be voluntarily adopted.
 The main types of codes of ethics include a compliance-based code of ethics, a value-
based code of ethics, and a code of ethics among professionals.
 A focus on climate change has become an integral part of companies' codes of ethics,
detailing their commitment to sustainability.

Understanding Codes of Ethics

Business ethics refers to how ethical principles guide a business's operations. Common issues
that fall under the umbrella of business ethics include employer-employee relations,
discrimination, environmental issues, bribery, insider trading, and social responsibility.

While many laws exist to set basic ethical standards within the business community, it is
largely dependent upon a business's leadership to develop a code of ethics.
Both businesses and trade organizations typically have some sort of code of ethics that their
employees or members are supposed to follow. Breaking the code of ethics can result in
termination or dismissal from the organization. A code of ethics is important because it clearly
lays out the rules for behavior and provides the groundwork for a preemptive warning.

While a code of ethics is often not required, many firms and organizations choose to adopt
one, which helps to identify and characterize a business to stakeholders.

Given the importance of climate change and how human behavior has led to severely
impacting the climate, many companies have taken to include climate factors in their code of
ethics. These principles include manners in which the company is dedicated to operating
sustainably or how they will shift to doing so.

In many cases, this commitment to sustainability adds to the costs of a company, but because
consumers are becoming more focused on the types of businesses they choose to engage
with, it is often worth the cost to maintain a good public image.

Regardless of size, businesses count on their management staff to set a standard of ethical
conduct for other employees to follow. When administrators adhere to the code of ethics, it
sends a message that universal compliance is expected of every employee.

Types of Codes of Ethics

A code of ethics can take a variety of forms, but the general goal is to ensure that a business
and its employees are following state and federal laws, conducting themselves with an ideal
that can be exemplary, and ensuring that the business being conducted is beneficial for all
stakeholders. The following are three types of codes of ethics found in business.

Compliance-Based Code of Ethics

For all businesses, laws regulate issues such as hiring and safety standards. Compliance-
based codes of ethics not only set guidelines for conduct but also determine penalties for
violations.

In some industries, including banking, specific laws govern business conduct. These industries
formulate compliance-based codes of ethics to enforce laws and regulations. Employees
usually undergo formal training to learn the rules of conduct. Because noncompliance can
create legal issues for the company as a whole, individual workers within a firm may face
penalties for failing to follow guidelines.

To ensure that the aims and principles of the code of ethics are followed, some companies
appoint a compliance officer. This individual is tasked with keeping up to date on changes in
regulation codes and monitoring employee conduct to encourage conformity.

This type of code of ethics is based on clear-cut rules and well-defined consequences rather
than individual monitoring of personal behavior. Despite strict adherence to the law, some
compliance-based codes of conduct do not thus promote a climate of moral responsibility
within the company.
Value-Based Code of Ethics
A value-based code of ethics addresses a company's core value system. It may
outline standards of responsible conduct as they relate to the larger public good and the
environment. Value-based ethical codes may require a greater degree of self-regulation than
compliance-based codes.

Some codes of conduct contain language that addresses both compliance and values. For
example, a grocery store chain might create a code of conduct that espouses the company's
commitment to health and safety regulations above financial gain. That grocery chain might
also include a statement about refusing to contract with suppliers that feed hormones to
livestock or raise animals in inhumane living conditions.

Code of Ethics in Different Professions

Certain professions, such as those in the finance or health fields, have specific laws that
mandate codes of ethics and conduct.

Accountants
Certified public accountants, who are not typically considered fiduciaries to their clients, still are
expected to follow similar ethical standards, such as integrity, objectivity, truthfulness, and
avoidance of conflicts of interest, according to the American Institute of Certified Public
Accountants (AICPA).1

Financial Advisers
Financial advisers registered with the Securities and Exchange Commission (SEC) or a state
regulator are bound by a code of ethics known as a fiduciary duty. This is a legal requirement
and also a code of loyalty that requires them to act in the best interest of their clients.2

Code of Ethics vs. Code of Conduct

A code of ethics is similar to a code of conduct. Both are sets of professional standards to
guide the behavior of an organization's members.

However, there are some subtle differences: A code of ethics is used to ensure that members
have sound and unclouded judgment. Examples include the legal codes that prohibit lawyers
from accepting cases where they have a conflict of interest or those that prevent brokers from
trading against their clients.

A code of conduct, on the other hand, guides the specific actions of a company's employees. It
may contain certain norms of professional responsibility, such as punctuality and accuracy.
Most companies have an employee code of conduct, both to maintain professionalism and to
prevent friction among their employees.

How to Create a Code of Ethics

Organizations create codes of ethics in order to eliminate unacceptable or immoral behavior
from their members. These are typically structured around existing ethical issues within their
industry.

The first step is for the organization to identify its priorities, as well as any ethical issues that it
wishes to avoid. For example, an organization may want to avoid having conflicts of interest,
because of previous scandals in which employees acted against the interests of the company
or clients. As a result, their code of ethics might prohibit certain inappropriate relationships, or
prohibit employees from any appearance of a conflict of interests.

Example of Code of Ethics

Many firms and organizations have adopted a Code of Ethics. One good example comes from
the CFA Institute (CFAI), the grantor of the Chartered Financial Analyst (CFA) designation and
creator of the CFA exams. CFA Charterholders are among the most respected and globally
recognized financial professionals. According to the CFAI's website, members of the CFA
Institute, including CFA Charterholders, and candidates for the CFA designation must adhere
to the following Code of Ethics:3

 Act with integrity, competence, diligence, respect, and in an ethical manner with the
public, clients, prospective clients, employers, employees, colleagues in the investment
profession, and other participants in the global capital markets.
 Place the integrity of the investment profession and the interests of clients above their
own personal interests.
 Use reasonable care and exercise independent professional judgment when conducting
investment analysis, making investment recommendations, taking investment actions,
and engaging in other professional activities.
 Practice and encourage others to practice professionally and ethically that will reflect
credit on themselves and the profession.
 Promote the integrity and viability of the global capital markets for the ultimate benefit of
society.
 Maintain and improve their professional competence and strive to maintain and improve
the competence of other investment professionals.

What Are the 5 Ehical Principles?

All companies will have a different code of ethics with different areas of interest, based on the
industry they are involved in, but the five areas that companies typically focus on include
integrity, objectivity, professional competence, confidentiality, and professional behavior.4

What Is a Code of Ethics in Business?

A code of ethics in business is a set of guiding principles intended to ensure a business and its
employees act with honesty and integrity in all facets of its day-to-day operations and to only
engage in acts that promote a benefit to society.

What Is a Code of Ethics for Teachers?

A code of ethics for teachers defines the primary responsibilities of a teacher to their students
and the role of the teacher in the student's life. Teachers are required to show impartiality,
integrity, and ethical behavior in the classroom.5

What Is an Example of a Code of Ethics?

An example of a code of ethics would be a business that drafts a code outlining all the ways
the business should act with honesty and integrity in its day-to-day operations, from how its
employees behave and interact with clients, to the types of individuals it does business with,
including suppliers and advertising agencies.

What Is the Difference Between a Code of Ethics and a

Code of Conduct?
A code of ethics is broader in its nature, outlining what is acceptable for the company in terms
of integrity and how it operates.6 A code of conduct is more focused in nature and instructs
how a business' employees should act daily and in specific situations.7

The Bottom Line

A code of ethics is a guiding set of principles intended to instruct professionals to act in a
manner that is honest and that is beneficial to all stakeholders involved. A code of ethics is
drafted by a business and tailored to the specific industry at hand, requiring all employees of
that business to adhere to the code.

The moral choices of businesses have evolved, from the industrial age to the modern era. In
the world we live in today, working conditions, how a business impacts the environment, and
how it deals with inequality are all areas that society deems important that perhaps two
centuries ago it did not as much. A code of ethics helps ensure that businesses will always act
with integrity.

Social Responsibility in Business: Meaning, Types, Examples, and

Criticism

What Is Social Responsibility?

Social responsibility means that businesses, in addition to maximizing shareholder value, must
act in a manner benefiting society, not just the bottom line. Social responsibility has become
increasingly important to investors and consumers who seek investments that not only are
profitable but also contribute to the welfare of society and the environment. While critics have
traditionally argued that the basic nature of business does not consider society as
a stakeholder, younger generations are embracing social responsibility and driving change.

KEY TAKEAWAYS

 Social responsibility means that besides maximizing shareholder value, businesses

should operate in a way that benefits society.
 Socially responsible companies should adopt policies that promote the well-being of
society and the environment while lessening negative impacts on them.
 Companies can act responsibly in many ways, such as by promoting volunteering,
making changes that benefit the environment, engaging in ethical labor practices, and
engaging in charitable giving.
 Consumers are more actively looking to buy goods and services from socially
responsible companies, hence impacting their profitability.
 Critics assert that practicing social responsibility is the opposite of why businesses
exist.
0 seconds of 2 minutes, 1 secondVolume 75%

What is Corporate Social Responsibility?

Understanding Social Responsibility

Social responsibility means that individuals and companies must act in the best interests of
their environment and society as a whole. As it applies to business, social responsibility is
known as corporate social responsibility (CSR) and is becoming a more prominent area of
focus within businesses due to shifting social norms.

The crux of this theory is to enact policies that promote an ethical balance between the dual
mandates of striving for profitability and benefiting society as a whole. These policies can be
either commission (philanthropy: donations of money, time, or resources) or omission (e.g., “go
green” initiatives such as reducing greenhouse gases or abiding by U.S. Environmental
Protection Agency regulations to limit pollution).12

Many companies, such as those with “green” policies, have made social responsibility an
integral part of their business models, and they have done so without compromising
profitability.

Additionally, more consciously capitalistic investors and consumers are factoring in a

company’s commitment to socially responsible practices before making an investment or
purchase.3 As such, embracing social responsibility can benefit the prime directive:
maximization of shareholder value.

There is a moral imperative as well. Actions—or the lack thereof—will affect future generations.
Put simply, social responsibility is just good business practice, and a failure to do so can have
a deleterious effect on the balance sheet.
Social responsibility can also boost company morale, especially when a company can engage
employees with its social causes.

In general, social responsibility is more effective when a company takes it on voluntarily

instead of waiting for the government to require them to do so through regulation.

What Are the 4 Types of Social Responsibility?

The International Organization for Standardization (ISO) emphasizes that a business’s ability to
maintain a balance between pursuing economic performance and adhering to societal and
environmental issues is a critical factor in operating efficiently and effectively.

The key ways that a company embraces social responsibility include philanthropy, promoting
volunteering, ethical labor practices, and environmental changes.

For example, companies managing their environmental impact might look to reduce their
carbon footprint and limit waste. There’s also the social responsibility of ethical practices for
employees, which can mean offering a fair wage, which arises when there are limited
employee protection laws.

Examples of Socially Responsible Corporations

Social responsibility takes on different meanings within industries and companies. For
example:

 Starbucks Corp. (SBUX) committed to social responsibility from the start, including
sustainability and community welfare. It purchases Fair Trade Certified ingredients to
manufacture products and actively supports sustainable farming in the regions where
ingredients are sourced.45
 Ben & Jerry’s Homemade Holdings Inc. has integrated social responsibility into the core
of its operations. Like Starbucks, the company purchases Fair Trade Certified
ingredients.67
 The Lego Group, manufacturer of Lego toys, has committed to reducing its carbon
impact. It was named a World Wildlife Fund Climate Savers Partner in 2014.8
 Salesforce.com Inc. (CRM) developed what it calls the 1-1-1 model. The company
dedicates 1% of its equity, 1% of its product, and 1% of employees’ time back to the
community.9
 Big-box retailer Target Corp. (TGT), also well known for its social responsibility
programs, has donated money to communities in which the stores operate, including
education grants.10

Criticism of Corporate Social Responsibility

Not everyone believes that businesses should have a social conscience. Economist Milton
Friedman stated that “‘social responsibilities of business’ are notable for their analytical
looseness and lack of rigor.” Friedman believed that only individuals can have a sense of social
responsibility. Businesses, by their very nature, cannot. Some experts believe that social
responsibility defies the very point of being in business: profit above all else.11

However, social responsibility has become more mainstream and is now practiced among a
wide range of companies. Younger generations, such as millennials and Gen Z, are embracing
social responsibility and driving change in the workplace and as consumers.12

What are examples of social responsibility?

Social responsibility includes companies engaging in environmental preservation efforts,
ethical labor practices, philanthropy, and promoting volunteering. For example, a company may
change its manufacturing process to reduce carbon emissions.

What are the main benefits of social responsibility?

Benefiting society and lessening the negative impacts on the environment are among the main
benefits of social responsibility. Consumers are increasingly looking to buy goods and services
from socially responsible companies, which can have a positive impact on their bottom line.

How does social responsibility benefit companies?

In addition to potentially increasing the bottom line, companies that implement social
responsibility programs can also boost their brand image. Social responsibility programs can
also have a positive impact on morale among employees.

The Bottom Line

Social responsibility benefits society and the environment while lessening negative impacts on
them. Companies engaging in social responsibility can do so in a number of ways, including
making changes that benefit the environment, engaging in ethical labor practices, and
promoting volunteering, and philanthropy. Consumers are more actively looking to do business
with socially responsible companies, which can also benefit bottom lines.

What's integrity in the workplace and why is it important? (with

examples)

What is integrity? Definition and meaning

Integrity means being honest and having strong moral principles. A person with
integrity behaves ethically and does the right thing, even behind closed doors.

For instance, informing a cashier that they gave you too much change or going back
to the store to pay for something you forgot to pay for are two examples of showing
integrity in everyday circumstances.

7 traits associated with integrity

Integrity may seem like a vague concept. If you want to encourage integrity at your
workplace and live it out for yourself, you might need a more concrete definition.
One of the best ways to understand this concept is to look at the traits associated
with integrity.

Here are the 7 most common traits that a person with integrity shows:

1. Expressing gratitude for others

2. Valuing honesty and openness
3. Taking responsibility and accountability for your actions, good and bad
4. Respecting yourself and others around you no matter where you are
5. Helping those in need without sacrificing your own health
6. Demonstrating reliability and trustworthiness
7. Showing patience and flexibility, even when unexpected obstacles show up

1. Expresses gratitude for others

People with integrity recognize that their friends, coworkers, and community make
their lives better. They show gratitude by always remembering to say a simple
“thank you” when someone helps them out. They might also take the time to write a
thoughtful note to a coworker who helped them complete an important project. Or,
they may go the extra mile to give their friend a gift when they’ve supported them
through a difficult time.

2. Communicates honestly and openly

A person with integrity doesn’t run away from difficult conversations or situations. If
they have a conflict with another person, they’re open about it — they don’t hide
their feelings only to become resentful later on. They are also honest about their
time, abilities, and preferences. No matter the situation, integrity ultimately means
your moral principles are more important than your personal comfort — and honesty
can be uncomfortable sometimes.
3. Takes responsibility for your actions, good and bad

If you have integrity, it means you’re accountable for your actions — even when you
miss the mark. It’s easy to take ownership when you do something well. However,
integrity really comes into play when you face failure. If you want to live with
integrity and grow personally, you must learn to admit when you make a
mistake and then choose to learn from it.

4. Respects yourself and those around you, no matter where you are

You might not think of boundaries when you think of integrity. However, living in
integrity means living at peace with yourself and your values — and relationship
boundaries, whether it’s with your coworkers or your family, help you do that. For
example, if your friend wants to call you during work, but you need to finish a
project, you need to set a boundary and call them later.

Integrity also means respecting others’ boundaries. Let’s say your coworker doesn’t
want to talk about their dating life. So as a person with integrity, you don’t ask them
certain questions. You also need to respect their time, personal values, and their
identity — for example, using correct gender pronouns.

5. Helps those in need without sacrificing your own health

This trait goes hand in hand with respecting yourself and others. People with
integrity naturally want to help others — but what separates them from most people
is their ability to know their own limits. A person with integrity will help others with
their time, abilities, and even finances. But they’ll always also prioritize self-care,
fueling themselves so that they can stay resilient for years to come.

6. Demonstrates reliability and trustworthiness

Knowing how to build trust is important in all of life, especially when it comes to
integrity at work. If you’re a member of a team or organization, people count on you
to do what you say you will. If you don’t, there will be consequences for not just you,
but everyone around you. Being a reliable and trustworthy person is crucial to living
with integrity.

7. Shows patience and flexibility, even when unexpected obstacles show up

People with integrity overcome life’s obstacles with resilience. For example, let’s
say they lost their job. They may feel hopeless or frustrated at first. However, a
person with integrity would eventually see that this challenge is just another
opportunity for growth. With a bit of patience and flexible expectations, they can
take positive action.
What is integrity at work?
Now that you have a clear idea of what integrity is in general, let’s go a little deeper by
answering the question, “what is integrity at work?”

Integrity at work supports a company and a leader's set of moral and ethical standards.
This will result in both happier employers and employees.

What is integrity in the workplace?

Workplace integrity can be exemplified by many traits, including honesty, loyalty, respect, and
responsibility, and it is vital to decision-making, serving customers, and managing employees.
It’s also crucial to reducing costly errors, avoiding illegal activity, and keeping
the organization’s core values top of mind.

For instance, reviewing policies and procedures before starting a complex task or being
honest about forgetting to do an important task are two examples of showing integrity at
work.

Integrity at work is also about committing with integrity. For example, if a team leader
shares a new project, employees with integrity need to be honest about their ti me and
abilities before agreeing to take on more work. They also need to make sure they have an
understanding of what’s needed and the scope of the project.

If there’s a lack of integrity on the team, members will halfheartedly accept new
assignments, even if they are not able to accomplish them on time. They might also walk
out of the meeting still wondering what their role in the project actually is.

At its core, integrity at work is about taking the initiative, negotiating your time honestly,
and staying aligned with your personal and work values. That also means delivering on
your commitments when you make them, and saying no when you can’t take on anything
new. Finally, it’s about knowing how to communicate — so if you do get out of integrity, you
can admit your mistakes honestly and share how you will fix the situation.
Having integrity at work means you:

1. Are reliable and dependable (i.e., you show up to work on time)

2. Are trustworthy, especially with classified information and high -risk tasks
3. Practice and encourage open communication with your colleagues and managers
4. Are respectful, honest, and patient with your colleagues, managers, and customers
5. Have a strong work ethic and strive to produce high-quality work consistently
6. Are responsible for your actions, especially when you make a mistake
7. Make sound decisions, even under high-stress situations
8. Are equipped to provide high-quality service to your customers
What Is Business Ethics? Business ethics studies appropriate business policies and practices
regarding potentially controversial subjects, including corporate governance, insider trading,
bribery, discrimination, corporate social responsibility, fiduciary responsibilities, and much more.

Top 10 Tips for... Improving Ethics in the Workplace

In any genre of business, there’s often a great deal of competition from our peers. So what sets
your business apart from others is becoming incredibly important, particularly when it comes to
how ethical and honest you are.

Having strong work ethics makes good business sense because employees want to work for a
company which they are proud of and with colleagues they know act with integrity. Potential
clients or customer are also more likely to choose a company which can showcase how they
behave ethically because it provides the added ‘feel-good’ factor to any business transaction.

Here are our Top Tips for raising the bar and creating a more ethical workplace:

1. Create a code
Many professions require us to work to a consistent Code of Practice or Ethical Code and it is
common for organisations to identify a set of values to guide how employees work together and
engage with customers or society. Strong company values can be really inspiring. For example,
clothing company H&M believe in boosting ‘entrepreneurial spirit,’ while Ikea values
‘togetherness and enthusiasm.’ Instead of concentrating on what is prohibited, think about the
kind of behaviours you want to promote instead. But remember; one size doesn’t fit all and your
code needs to be unique to you.

2. Engage with your employees and customers

Your colleagues are more likely to be invested in any Code of Practice or Ethics Code if they
have been involved in developing it. Why not carry out some engagement sessions with your
colleagues when creating or updating your policies so everyone can feel a part of the company’s
vision and values? This goes for your customers or clients too. Why not ask them how they
would like to see you working more ethically? You may find you’re already doing so – you’re
just not promoting it widely enough.
3. Reinforce the benefits of the code
Having a strong Code of Practice or Ethical Code is really important. But it needs to be
consistent to work well. They need to be something which is achievable, desirable and which
complement the kind of business you do. But there’s no point encouraging your workforce to
reach tough targets if it involves compromising their integrity in any way.

4. Be a good role model

A survey carried out by the Chartered Management Institute showed that two-thirds of UK
managers want to be seen as ethical but over 80 percent of workers don’t think their manager
sets a good moral example. Sound ethical behaviour starts at the top with the leaders in your
business – whether they are directors, governors, associates or the Chief Executive. You need to
lead by example. It can’t be one rule for those in senior positions and another for the rest of your
workforce.

5. Train your employees

There’s no point having an ethical code of conduct for your workforce if they don’t know what it
is or why it’s important. You need to emphasise what’s at risk and what
the potential consequences of breaching it could be. It also needs to be really clear how your
colleagues can adhere to the code. It’s wise to include training on your company’s values and
ethics in any induction workshops or by holding regular training sessions. These need to include
examples and advice about how to uphold the integrity of the firm in certain situations.

6. Promote your ethical behaviour

Having a reputation as an ethical employer or supplier can be a great marketing tool when it
comes to being an employer of choice or when trying to attract customers who want to deal with
companies who have values they admire. You shouldn’t be shy about promoting how your
company behaves in an ethical way. You may for example, help ensure any waste from your
business is recycled appropriately. You might source your resources or ingredients from
sustainable sources. Or you might have robust HR policies which protect your employees. Use
your website, marketing materials, social media and PR to tell people how you’re making a
difference.

7. Reward ethical behaviour

Your employees are more likely to act with integrity and value honesty in others if their actions
are held in high esteem. A good way of promoting the value of following your company’s Code
of Practice or Ethics Code is to reward those who do it well. You could have a monthly
governance award, you could send ‘star cards’ to individuals or simply raise the best example of
how someone has behaved with integrity at your team meetings.

8. Learn from your mistakes

Unfortunately, the value of ethics is often not realised or understood until something goes wrong,
often resulting in reputational damage which can take years to repair and overcome. If something
does go wrong, then the only saving grace is that it is an opportunity to change the way you work
to prevent it happening again. This is a good time to amend your Code of Practice or Ethics
Policy and ensure everyone is on board with any new ways of working.

9. Report unethical behaviour

An honest culture in any organisation will be difficult to manage if your employees don’t have
an easy and private way to report any unethical behaviour. While it may feel uncomfortable to
think that your employees may become whistle-blowers on their peers, the consequences of
unethical behaviour could be more damaging. There should be an easy way for people to report
their concerns, in confidence, without the fear of retaliation. You should also ensure there are
people within your workforce who are trained to investigate any complaints.

10. Move with the times

Our customers, clients and society as a whole will often guide how we run our businesses. They
tell us what they want; whether it’s more ethically sourced produce, fairer wages for suppliers
across the globe or more environmentally friendly policies. There will also be shifting
themes which organisations concentrate on when it comes to improving their ethical standards -
from environmentalism, working with sustainable resources, corporate social responsibility
to battling cybercrimes and protecting privacy in the digital world we live in now. Your ethics
policies or Code of Conduct needs to reflect the ever-changing world we live in. It should feel
inspiring, rather than a hindrance, because ultimately it’s about making your workplace and
brand better.

Close

We are using cookies to give you the best experience on our site. Find out more.

How Does Being An Ethical

Organisation Benefit Your Employees

What is ethical culture in an organisation?

Workplace culture, also known as ‘company culture’, is a fascinating amalgam of various things that evolve
over years at an organisation. It is basically made up of employer expectations, shared attitudes and beliefs,
normalised/tolerated social interactions between management and employees, and the overall ‘character’ of
the workplace.

For a workplace culture to be considered ‘ethical’, it would require the following essential traits:

 Promotes honesty and integrity in business

 Does not tolerate toxic or abusive behaviour in the workplace
 Gives priority to employee welfare
 Ensures fairness and equity in pay and promotion
 Encourages employees to speak up when they see unethical activities
 Promotes sustainable business practices

Employee benefits of ethics in the workplace

You can guess some of the benefits of good business ethics to employees from the points listed above. Let’s
now take a closer look at some of these obvious benefits, and some others that are not so clear-cut, yet still
have massive implications for employees.

1. A safe and healthy workplace

Ethical organisations usually have effective safeguards in place to protect employees from sexual harassment,
abuse, and other types of toxic behaviours. This is a particularly significant aspect in India. Workplace toxicity
was a leading cause of stress, depression, and burnout among more than 90% of Indian employees surveyed
by the McKinsey Health Institute between 2017 and 2022.

Moral conflicts raised by unethical behaviour of colleagues and managers can cause intense stress in many
individuals. When they try to raise the issue, these employees become the target of retribution. Ethical
organisations are more likely to encourage and protect such ‘whistle-blowers’.

2. Fair remuneration and rewards

One aspect of employee welfare is fair remuneration and promotions based on your contribution to the
company. In unethical organisations, this principle is often not followed. Leaders give preferential treatment to
sycophants, or individuals of the same ethnicity or gender.

For instance, gender gap in pay structures persist in India. After decades of steady decline, the gender pay
gap rose again in India, from 28% in 2018-19 to 35% in 2020-21. Only through renewed commitment to
workplace ethics we can hope to counter such trends.

3. Lower risk of termination and other legal complications

Employees at organisations with compromised ethical standards are more likely to indulge in activities that
violate legal statutes and compliance regulations. According to an Institute of Business Access survey from
2018, peer pressure and boss’s orders were among the reasons why 12% of UK employees violated their own
organisation’s standards of ethical behaviour.

If they get caught, employees are at risk of facing a wide range of consequences, ranging from minor
reprimands to suspension, docked pay, or dismissal. And if it involves accounting fraud or other similar crimes,
they could end up in prison. Naturally, there is less risk of this happening in organisations that strongly
discourage and penalise unethical workplace behaviour.
4. A better standard of career education
The workplace is also a place of experiential learning, particularly for young employees in the early stages of
their career. Human beings are not born as strictly ethical or unethical – based on our experiences and life
lessons, we can become more (or less) ethical over time.

If an organisation rewards or condones unethical behaviour, an employee can become habituated to make the
same decisions in future situations, or at different companies. It can have a lasting impact on employees’
professional and even personal lives.

Why ethical culture in organisation is important in India

According to the 2022 EY Global Integrity Report on India, many companies have an ‘integrity crisis’ on their
hands. A worrying 63% of senior management professionals who were surveyed indicated their readiness to
indulge in unethical conduct for career progression.

More than 53% reported that it is easier for managers to by-pass standard business rules in their organisations.
Another 59% reported that there were individuals in key positions in their companies who are willing to sacrifice
integrity for short-term gains.

By most accounts, Indians are the most overworked, and the least well-paid employees in the world. But
this kind of unethical organisational culture is not sustainable. In recent years, we have seen the rise of
employee activism with a focus on employee welfare, gender justice, and sustainability.

The new generation of employees are very conscious about employer branding – they are less willing to
work at companies with a reputation for unethical workplace culture. If you want to attract and retain young
talent for the long term, and reduce the risk of scandals and regulatory penalties, you have to start paying more
attention to ethical culture in your organisation.

How to Practice Ethical Decision Making at Work

Ethical Decision Making

Ethical decision making is the process in which you aim to make your decisions in line with a code of
ethics. To do so, you must seek out resources such as professional guidelines and organizational policies,
and rule out any unethical solutions to your problem.

Making ethical decisions is easier said than done. Maybe your coworker lied to a client about a
deal, but you personally like this colleague and want to give him the benefit of the doubt. Or,
perhaps you're tempted to lie to your boss to avoid admitting your team missed a deadline.
Whatever the case, it's critical you have a tangible set of steps to follow the next time you need
to apply your ethical decision making skills at work. Let's take a look at those steps now.

Ethical Decision Making Model

When you're making a major decision for your company, it can be tempting to choose the
easiest or most cost-effective course of action -- even if that option isn't the best from an ethical
standpoint. The PLUS model, a set of questions designed to help you make a decision from an
ethical point of view, can ensure you're doing the right thing.

The PLUS model is especially objective because it doesn't focus on revenue or profit, but rather
urges leaders to take a legal and fair approach to a problem.

PLUS Model:
P = Policies and Procedures (Does this decision align with company policies?)
L = Legal (Does this decision violate any laws or regulations?)
U = Universal (Is this decision in line with core values and company culture? How does it relate to
our organizational values?)
S = Self (Does it meet my standards of fairness and honesty?)

Once you've considered potential solutions using these questions as a guide, you're ready to
implement the six necessary steps to make your decision.

Ethical Decision Making Process

When you come across a difficult problem that threatens your company's integrity or beliefs (or
could be illegal), you'll want to employ these six steps to make an ethical decision.

Step One: Define the Problem

Use PLUS filters to define your problem, and how it might affect one of the PLUS acronyms. Is it
illegal, or does it violate your company's values? Make sure you've outlined the full scope of the
problem -- be honest with yourself about it, even if you're partially at fault.

Step Two: Seek Out Resources

It can be difficult, if not impossible, to reach an objective solution on your own. To fairly evaluate
your problem, you'll want to seek out all available resources. These resources might be
mentors, coworkers, or even friends and family, but they could also be professional guidelines
and organizational policies. Make sure you've armed yourself with knowledge to understand the
extent of the damage.

Step Three: Brainstorm a List of Potential Solutions

When you're brainstorming a list of potential solutions to your problem, you don't want to only
consider what's been done before. Stay open to new and different ideas, and urge other people
to share their advice. Consider outside resources, including what other companies have done.
Ultimately you'll want a list of at least three to five potential solutions. This way, you avoid
feeling like it's an either/or situation.

Step Four: Evaluate Those Alternatives

Dive into your list of potential solutions, and consider all positive and negative consequences of
taking each action. It's important you consider how likely those consequences are to occur, as
well. You'll again want to refer to resources, guidelines, and standards. For instance, you might
decide one solution has only one negative consequence, but that negative consequence has a
high likelihood of happening. Another solution has two negative consequences, but both are
extremely unlikely. These are important factors to weigh when making your decision.

Step Five: Make Your Decision, and Implement It

At this stage, you've got all the information you need to make a fair and ethical decision. If
you've made the decision alone but need to share it with your team, create a proposal outlining
why you chose this route, and what alternatives you considered, so they can understand your
steps. Transparency is key. Your team needs to understand you used appropriate and objective
measures to find a solution.

Step Six: Evaluate Your Decision

Now that you've implemented your solution, decide whether your problem was fixed or not. If
there are unforeseen consequences, perhaps you want to consider alternative measures to
combat the problem, or refer to outside guidance.

Ethical Decision Making Examples

Let's take a look at a few ethical decision making examples, to give you a better understanding
of how to act if anything like this happens to you.

1. Your team misses an important deadline, and you're tempted to tell your boss you reached it
anyway.

It might seem like a good idea to tell your boss your team is on-track, and then work quietly to
make sure that becomes a reality, but in the long-run this will only hurt you and your team. First,
if you don't examine why your team missed the deadline, you won't know how to fix the problem
moving forward. Additionally, your boss is meant to be a helpful resource for you, and could
help you combat the issue. Lying could destroy your reputation as a leader and employee if your
team or boss finds out, and it will be difficult to then prove your integrity. Figure out the
guidelines or steps you need to take, and follow those.

2. Your coworker is giving her sister a major discount on your product.

It makes sense -- family is important, after all. But it's not fair or ethical if some of your
customers are receiving discounts simply because of who they are, and can even be seen as a
form of discrimination. If the public finds out you don't follow fair rules when it comes to pricing
and discounts, your entire company's integrity is at risk. Either mention to your coworker that
you don't feel it's fair, or report the issue to your team leader.

3. You're close to finalizing a deal when you find out some of the information you've provided
the client isn't true.

You've worked so hard to form a relationship with your client and provide them with persuasive
and helpful information, and you've finally reached the end. Just when they're ready to sign the
deal, though, your coworker takes a look at your slides and lets you know some of the
information is outdated and is no longer applicable to the deal. It's especially difficult because
your job relies on you hitting quotas, and you know your boss and team will be incredibly
impressed with this deal when you close it.
Unfortunately, you could get into legal trouble for lying in a contract, and you don't want to set a
precedent of lying and essentially stealing from clients to close deals. Be upfront and own up to
the misinformation, and then work with the client to create a new deal. Ideally, the client will
appreciate your honesty. If not, at least you didn't win a deal through false measures, which
might've gotten you into bigger trouble down the road.

Using the PLUS model and these six steps, as well as your own judgment and the opinions of
your team, should arm you with all the information you need to make ethical decisions at work
even when they're difficult. For more decision making advice, check out The Ultimate Guide to
Decision Making.

Information technology and ethics

Information technology ethics is the study of the ethical issues arising out of the use and development of
electronic technologies. Its goal is to identify and formulate answers to questions about the moral basis of
individual responsibilities and actions, as well as the moral underpinnings of public policy.
Information technology ethics raises new and unique moral problems because information technology itself has
brought about dramatic social, political, and conceptual change. Because information technology affects not
only how we do things but how we think about them, it challenges some of the basic organizing concepts of
moral and political philosophy such as property, privacy, the distribution of power, basic liberties and moral
responsibility.
Specific questions include the following. What are the moral responsibilities of computer professionals? Who is
to blame when computer software failure causes harm? Is computer hacking immoral? Is it immoral to make
unauthorized copies of software? Questions related to public policy include: what constitutes just policy with
respect to freedom of speech, association, and the exercise of other civil liberties over computer networks?
What determines the extent and limits of property rights over computer software and electronic information?
What policies adequately protect a right to privacy?
The list of questions shifts in response to developments in information technology. One noteworthy example is
the rise in prominence of questions about communication and information in response to the explosive growth
of high-speed digital networks. This shift has subsumed the field commonly called ‘computer ethics’ under the
broader rubric of ‘information technology ethics’.

What Is Ethics
What is Ethics, Morals and Laws[edit | edit source]
For the ill-advised reader, ethics are the moral principles woven into a person’s or multiple individuals’
behavior. Ethics are what help an individual make decisions based on the conformity of society. An individual
whom might be regarded to have ethical behavior might be considerate of those within a society and follow the
norms of that society as well. An individual of whom might be deemed to have unethical traits is not usually
seen as a “good” person within a society that sees behavior of that nature as “bad”. The terms “good” and “bad”
are within quotation marks as these terms are mostly subjective, in the sense that they only have a meaning
when it comes to the ethical code of the society. For example, if a neighborhood prides itself on having the
residents keep their front yards looking nice with fresh green grass and clear of debris and one resident has
dried up grass and garbage scattered across their lawn, the neighborhood may find the owner of the unkempt
lawn as an unethical individual.
According to Dickson (2014, Rundu Campus), ethics are a set of moral principles that govern a persons' or
groups' behavior. Someone is considered to be behaving ethically if they conform to generally accepted
practices of the society or group making that consideration. Most ethically acceptable practices are almost
universal across human cultures, and are increasingly so due to globalization and cultural hegemony. For
example, using animals in research, abortion, or using cookies to track software, where organizations are able
to gather users information to track their search behavior and their buying patterns on the Internet are all found
with similar ethical and moral debates in various states. Furthermore, while these topics remain open to debate
in their nuances, they are intrinsically seen as amoral and ultimately unnecessary and avoidable. Each society
retains a set of rules that sets the boundaries for accepted behavior, these rules often expressed in statements
about how one ought to behave. These statements come together to form a moral code by which a member of
a society lives by. Morals are those ideas defining what is right, and wrong, and these ideas can sometimes
come into conflict.
With a basic understanding of ethics out of the way, morality is next up on the table. Morality is difference
between right and wrong or good and bad behavior. Morality is usually associated with the concept of moral
dilemmas and moral issues. A moral dilemma involves a tough decision between two unwelcome choices, the
lesser of two evils. A moral issue is a concern that has the potential to help or cause pain and suffering to
someone, including oneself. The most common example of a moral dilemma is the runaway trolley scenario, in
which a runaway trolley is barrelling down a track and is not able to brake. On one track are five workers and
the other track has one worker. The difficult decision to be made is whether or not to pull the lever and let one
worker die to save the five other workers from horror. Often times the decision is made more difficult when the
one person on the other track is a close friend or loved one. An example of a moral issue would be related to
topics such as the morality of experiments on animals, the sensitive subject of abortion, etc.
Dickson (October 19, 2013) also states that one's behavior (morals) follows a set of shared values (manners)
within a society, and contributes to the stability of that society. Everyone operates by their own individual moral
code, acting with integrity towards that code. Laws, on the other hand, are a system of rules that a society
strictly imposes, and enforces. Laws aim to be more well defined than morals, so as to be limited to
interpretation, and defendable in practice. States enforce their laws through institutions such as law
enforcement, whereas morals are enforced typically by passive interactions by an individual, or group. For
example, the moral code of a club may be enforced by excluding from participation those who do not abide the
code. While a society's moral code often forms the base for its legal systems, a given law may or may not
abide by an individual's moral code, or by the ethical considerations of a society. It is a process that is
dependent not only on the legislation itself, but also the legislator and the participation/representation of the
citizen's moral values.
Ethics is also most commonly defined as the norms of conduct that distinguish between acceptable and
unacceptable behavior [1]. Most individuals learn ethics through social activities and institutions, such as at
home, school and church. As children, we are taught by our parents/guardians what is 'right', and 'wrong'. We
gain a more finely tuned understanding as we age, as moral development further occurs as we mature.
Although morality is not to be confused with commonsense, ethical norms are often so ubiquitous that one is
tempted to assume they unanimous across cultures.
Ethical theory[edit | edit source]
Ethical Theory is defined as attempts to provide a clear, unified account of ethical obligations and practices.
Not only does Ethical Theory aim to generalize and unify ethical considerations, it also aims to be a recurrent
cycle of reflection. Through exposure to repetitive and new situations, ethical theory is iteratively developed and
improved for future considerations and precaution regarding ethics.
There are four categories of ethical theory: Consequence-based, duty-based, contract-based, and character-
based. These categories are more commonly referred to as: Utilitarianism, Deontology, Rights, and Virtues,
respectively.
Consequence-based[edit | edit source]
Consequence-based ethical theory, also known as, ‘Consequentialism’ is an ethical theory that judges the
morality of an action and decides whether it is right or wrong based on the consequences the action entails. For
example, most people would agree that lying is wrong, but if lying could help save a life, consequence-based
ethical theory would claim that it is the right thing to do. The most common example of a consequence-based
ethical theory is utilitarianism.
Criticisms[edit | edit source]
Critics of utilitarianism reject emphasis on the effects of individual acts. They point out that we tend not to
deliberate on every single action in our day-to-day activities as if that action were unique. Rather, they argue
that based on certain principles or general rules that guide our behavior, we are inclined to deliberate [2].
Consequence-based ethical theory is sometimes criticized because it can be very difficult and sometimes not
possible to know the result/consequence of an action ahead of time.
Duty-based[edit | edit source]
Duty-based ethical theory focuses on what people do, rather than the consequences of their deeds. Under this
form of ethics, you cannot justify an action was good if it produced good consequences, hence it is sometimes
called ‘non-Consequentialist’. The theory states that when engaged in decision-making, people should adhere
to their ethical obligations and duties. Deontology, a common name for duty-based ethical theory is derived
from the Greek root word, ‘Deon’ which means duty. People who support this theory over Consequence-based
claim that morality does not require reward.
Criticisms[edit | edit source]
Duty-based theory is criticized for a few reasons. Sometimes, a person’s duties may conflict internally. This
theory has no mechanism to address that. Because this theory does not care about positive consequences, it
can sometimes lead to negative effects. It also sets absolutist rules with exceptions being the only way to deal
with conflicting cases.
Contract-based[edit | edit source]
Contract-based theory focuses on moral systems created from contractual agreements.
A well-known early version of this is Thomas Hobbes Leviathan, which was his outline for a social-contract
doctrine. His idea was that this contract will give people motivation to be moral; the rights established are
considered ethically correct and valid since a lot of people endorse them.
Criticisms[edit | edit source]
This theory promotes a minimalist morality, meaning that you are not required to make any effort beyond what
the contract entails [2]. Another issue is deciphering what is seen as right in a society. The society needs to
determine their goals and priorities and the most logical way to do so is to use another ethical theory to
determine or base their goals.
Criticisms exist regarding the theory of Contract-based morality. One of the biggest criticisms is that the theory
serves as a very minimalist, rather ‘bare-minimum’ towards morality - where a person will not do anything
beyond their contractual agreements, even if ethical.
Character-based[edit | edit source]
Character-based ethics, also referred to as ‘Virtue Ethics’ focuses on determining what makes an individual
good instead of what makes an action good. This theory argues that good people consistently perform good
actions. The idea of Virtue Ethics was formulated first by Aristotle.
Criticisms[edit | edit source]
Character-based ethics is sometimes criticized as it does not accommodate for moral character changes within
an individual. At the same time, it also does not take into account the character of someone who has conflicting
values of ethics and can sometimes be good or bad.
Ethical Relativism[edit | edit source]
Another view of ethics that takes a different approach to what is right and wrong is Ethical Relativism. Ethical
Relativism is the doctrine that explains that there is no absolute truth in ethics and that the basis for deciding
what is right and wrong varies on the society or person. This argument stems from Herodotus’s 5th century
view that different societies have different customs. Each person in the society believes that their own society’s
customs are right (Rachels, 2009). Each society dictates what is right or wrong behavior based on standards
developed over many years. These standards help to shape the society’s belief and therefore it is difficult to
prove which society practices the most ethical decision making. There is no way of deciding that the values of
one society are better than another. One example that sheds light on this is a society where polygamy and
tatoos are allowed. Neighboring that society is a different society where polygamy and tatoos are forbidden and
each act is judged as right or wrong based on religious precepts. Each society thinks that their values are
acceptable and the morality of an act depends on values that differ society to society. In the realm of
cybersecurity, cultural relativism is seen with different prosecutions of illegally selling intellectual property.
intellectual property rights in some countries such as El Salvador do not prosecute retail sellers selling illegal
movies or cds since they are poor people and are trying to sustain. The distributors of these illegal copies in
many other countries are subject to prosecution and punishment regardless of economic class. This theory
holds that there are no universal moral standards that can be applied for each society since each society
judges in their own respective way.
Criticism[edit | edit source]
Most ethicists reject ethical relativism: some claim while moral practices of societies may differ, the
fundamentals of the moral principals underlying these practices do not. For instance, in some societies, killing
one's parents after they reach a certain age was common practice, stemming from the belief that they were
better off in the afterlife if they entered it still vigorous and able. While in modern societies this practice is
condemned, we would agree with this practice on the underlying moral principle--the duty to care for parents.
Therefore, while societies may not agree on their application of moral principles, they may agree on the
principles themselves. It is also argued that some moral beliefs are culturally relative while others are not.
Certain practices may be dependent on the local customs, such as the definitions of decency and proper attire.
Others may be governed by more universal standards, such as slavery and the defense of the innocent.
Ethics is an inquiry between right and wrong through a critical examination of the reasons underlying practices
and beliefs. As a theory for justifying moral practices and beliefs, ethical relativism fails to recognize some
societies have better reasons for holding their views than others. But, even if the theory is rejected, we must
acknowledge that the concept raised important issues, and encouraged us to take a look at the other societies
beliefs and cultures.[3]
Subjectivism[edit | edit source]
Subjectivism is an extension of relativism, as applied to individuals rather than societies. The moral
interpretation of a practice or event is based on the personal perspective of the individual analyzing it. In other
words, the judgment of an event is dependent on the individual doing the judging.
Objectivism[edit | edit source]
Something is objective when it is independent of any individual's personal beliefs. It is, in other words, a fact of
the universe, separate from human beliefs -- such as the weight of an object. This forms the basis for moral
realism: The idea that ethics and morals are not invented, but rather discovered over time. Ethicists typically try
to maintain objectivity in their analysis, stressing that it does not matter who the person is, or what they choose
to do; rather, they try to determine what the person should do, or what their decision ought to be.

Ethics Within Business[edit | edit source]

 Enron Complex

What is right or wrong conduct for a business is the standard called Business Ethics. Business Ethics are not
always aligned with laws and therefore “ethical” and “legal” behavior is not the same. Companies establish
business ethics to maintain trust between employees but also outwardly to other partners and investors.
Throughout the years there have been many business scandals that have occurred due to a lack of ethics
imposed on decision making and business conducts. The Enron scandal stemmed from a series of actions that
covered up any losses and would falsely label project profits. Enron did this by investing in a project or building
and immediately writing it off as a profit while in reality the project did not make a single penny for the company.
When expected revenue from a project would be a lot higher than the actual revenue, the company would
transfer the project to an off the record corporation and the loss would never be reported. These actions taken
by Enron, while not completely illegal, did falsify Enron’s image of extreme success and led it to being named
“America’s Most Innovative Company.”
Business Ethics have begun to become more of an importance to companies today as it creates a clear image
of the company, builds trust between employees, and protects the company from any legal issues. As whistle-
blowing has become more popular due to increased potential identity threats, companies have tightened up
their business policies and practices to prevent any ethical missteps.

Corporate Policies[edit | edit source]

Business Ethics have prompted many companies to adopt corporate policies that address specific areas of
company interactions. To make sure that employees understand what the rules are at a company and what
procedures they are allowed to work on they sign an ethics contract. However, to establish that business ethics
are properly followed, more must be done than just having an employee sign a contract. Companies must
maintain constant communication about their policy which can be done through campaigns that will engage
every member of the company or during an employee’s initial training. To ensure that these ethical policies are
respected and followed, companies must continue to develop strong communication with their employees and
partners and set up an open environment. In this environment, employees should be able to voice their
opinions and concerns without judgment and companies should be able to take action when necessary if any
instances of breaking the ethical code arise.

IT Ethics[edit | edit source]

The simplest definition of ethics within the world of information technology is the ethical issues that come out of
the usage and development of electronic technologies. IT Ethics have a goal and that goal is to find moral
solutions to the various problems that arise from online activity. The 10 Commandments of Internet Ethics
All jokes aside, this list of rules makes sense and somewhat works as a guideline for ethical internet use:

1. The Internet must not be used to harm others.

2. The interference of other Internet user’s work is prohibited.
3. Poking around in the personal files of another Internet user is bad.
4. The use of the Internet for stealing is not allowed.
5. The internet should not be used for deception or trickery.
6. The copying or pirating of unpaid software is illegal.
7. The use of other Internet sources without permission or compensation is wrong.
8. Do not take credit for other’s intellectual property.
9. Understand the social consequences that can occur when coding or designing.
 10. Always use the Internet in considerate ways and show respect to your fellow human.
Computer Ethics[edit | edit source]
Ethical problems in IT existed long before mankind learned how to conduct machine learning and build neural
networks. Asimov also deduced three laws of robotics in his works, but the modern idea of interaction with AI
remains approximately at the same level.
For those who suddenly do not remember Asimov's postulates, I quote them separately:

 A robot cannot harm a person or by its inaction allow a person to be harmed.

 A robot must obey all orders given by a human, unless those orders are contrary to the first law.
 The robot must take care of its safety to the extent that this does not contradict the first or second law.
Many AI developers consider them to be the ideal principles by which robots should operate. Their main
advantage is simplicity. After all, the more complex the algorithms of actions, the easier it is to break them.
Using these postulates as an example, one can try to uncover the complexities of ethics in robotics, thereby
characterizing ethics in IT.
When creating true AI, there will be another problem that is paradoxically stupid today, but quite possible in the
future. After all, if a robot thinks like a person, then there will definitely be a movement for the rights of robots.
Moreover, there are already precedents. In 2017, the sensational robot Sophia received honorary citizenship of
Saudi Arabia. And, although it is very far from true AI, there is a legislative precedent, and it is quite possible to
use it to give other androids rights comparable to human ones.
The more specialists work on robotics, the more questions arise. And they don't have a solution. For example:

 There are several companies in Japan and the US that create sex robots. And if AI robots get rights, can a
robot refuse to have sex with a human? And will it be considered rape if you do not pay attention to the
refusal?
 How will the creation and operation of autonomous military robots be regulated? And what danger will be
borne by the changed laws of robotics, which in principle allow violence against humans?
 How will the buying and selling of self-aware robots be regulated? There are many opinions here that this
can turn into a new wave of slavery and the liberation movement.
Now legislators consider the legal field of robots approximately similar to the legal field of animals. But even
here, there has not yet been a consensus on who will be responsible if the robot harms other people: the owner
or the manufacturer.
The point is that the topic of ethics in IT is very broad and requires deep study.
Cyberethics[edit | edit source]
Cybertechnology refers to any computing or communication technologies. This is arguably a more accurate
term than computer ethics because it encompasses all technologies rather than just computers. There is a
debate on whether or not cybertechnology brings in new or unique ethical issues, which would call for a new
perspective or special consideration. There are two main views on this issue: traditionalist and uniqueness
proponent. Traditionalists argue that nothing in this field is new in the sense that crime is still considered crime
and fraud is still considered fraud, even in the cyber realm. The uniqueness proponents argue that there are
new unique ethical issues that did not exist before cybertechnology. A common confusion in this thought is
mixing up unique features of cybertechnology with unique ethical issues. The term unique, per Merriam-
Webster, is defined as the only one or being without a like or equal [4]. The issues surrounding cybertechnology,
such as privacy, property, and others are not new concerns. However, cybertechnology does have unique
features that muddle the solutions for these types of issues.
Ethics for IT Professionals[edit | edit source]
Like any other profession, there are standards of ethical guidance used to help people when facing uncertain
circumstances. It’s important for individuals to understand that what is legal may not always be ethical. Not
behaving in an ethical manner can disturb the trust between employees, clients, staff, and the general public.
Ethical Code[edit | edit source]
Ethical code consists of principals and behavioral expectations established by organizations for their
employees and third parties. The core values of a company are also implemented
The code of ethics also outlines core company values that workers are expected to uphold during business
operations. Code of ethics is actually very similar to code of conduct. However, code of ethics focuses more on
a company's morals and values at a high-level while code of conduct focuses more on specific situations.
Having an ethical code is important as it serves as a permanent reminder of the principals every employee is
expected to uphold everyday.

IT Code of Ethics[edit | edit source]

There are many resources for IT professionals to refer to when searching for ethical guidance. A few examples
of these resources include:

 “The Code of Ethics” in section seven of IEEE.

 “The Code of Ethics and Standards of Conduct” from the Association of Information Technology
Professionals (AITP)
 “IT Code of Ethics” from SAN
One of the main sections that are highlighted in the code of ethics are the ethical behaviors that are expected
of each individual. Employees are often expected to uphold integrity, responsibility, and professionalism during
work. This includes properly handling confidential information, maintaining a safe working environment, and
avoiding unlawful conduct such as accepting brides. Code of ethics also highlights ethical behaviors towards
others. Workers are often expected to treat others fairly without engaging in discriminatory and harmful
behavior.

References[edit | edit source]

1. ↑ Resnick; D.B. "What is Ethics in Research & Why is it Important?". National Institute of Environmental Health
Sciences. {{cite journal}}: Unknown parameter |access date= ignored (|access-
date= suggested) (help)
2. ↑ Jump up to:a b Tavani, H. (2016). Ethics and technology: controversies, questions, and strategies for ethical computing. Place of
publication not identified: Wiley.
3. ↑ Velasquez, etc. (1992). "Ethical Relativism". Markkula Center for Applied Ethics. Retrieved April 25, 2016.
4. ↑ Unique. (2018). In Merriam-Webster.com. Retrieved April 27, 2019.

Bibliography[edit | edit source]

 An Overview of Ethics. (n.d.).
 Resnick, D. B. (n.d). What is Ethics in Research & Why is it Important? Retrieved April 25, 2016,
from http://www.niehs.nih.gov/research/resources/bioethics/whatis/
 Valesquez, M. (n.d.). Ethical Relativism. Retrieved April 25, 2016, from https://www.scu.edu/ethics/ethics-
resources/ethical-decision-making/ethical-relativism/
 Graham, G. (2004). Eight theories of ethics. London: Routledge/Taylor and Francis Group.
 OBJECTIVITY, SUBJECTIVITY AND MORAL VIEWS. (n.d.). Retrieved April 19, 2016
 ETHICS FOR I.T. PROFESSIONALS WITH ASPECTS IN COMPUTING by Charlemagne G. Lavina,
Melchor G. Erise, Corazon B. Rebong, Susan S. Caluya (MINDSHAPERS CO.,INC. 61 Muralla St.,
Intramuros, Manila, Philippines)
 Securities and Exchange Commission (SEC), 1933
 Computer Fraud and Abuse Act (CFAA), 1984 & 1994
 Computer Security Act, 1987
 Privacy Act, 1974
 Electronic Communications Privacy Act
 Communications Decency Act, 1995
 Health Insurance Portability & Accountability Act, (HIPAA) 1996
 Sarbanes-Oxley Act of 2002
 Homeland Security Act of 2002 with the Cyber Security Enhancement Act
 Moor, James H. "WHAT IS COMPUTER ETHICS?*."
 Barman, T., & White, S. (2014, June 13). Implementing an effective corporate ethics policy. Retrieved April
26, 2016,
from http://www.cgma.org/magazine/features/pages/20149701.aspx?TestCookiesEnabled=redirect
 Reynolds, George Walter. Ethics in Information Technology. Boston, MA: Course Technology, 2003. Print.
 “Ethics for IT Professionals/What Is Ethics.” Wikibooks, Open Books for an Open World,
https://en.wikibooks.org/wiki/Ethics_for_IT_Professionals/What_Is_Ethics.
 LLP, Foley & Lardner. “The 10 Commandment of Internet Ethics: Blogs: Internet, It & E-Discovery Blog:
Foley & Lardner LLP.” Blogs | Internet, IT & e-Discovery Blog | Foley & Lardner LLP, Foley & Lardner LLP,
4 Aug. 2016, https://www.foley.com/en/insights/publications/2016/08/the-10-commandment-of-internet-
ethics.
 Rachels, J. (2015, August 24). ethical relativism. Encyclopedia Britannica.
https://www.britannica.com/topic/ethical-relativism
 Woo, M. (2017, March 27). Ethics and the IT professional. EDUCAUSE Review. Retrieved April 25, 2022,
from https://er.educause.edu/articles/2017/3/ethics-and-the-it-professional
 IEEE code of Ethics. IEEE. (n.d.). Retrieved April 22, 2022, from
https://www.ieee.org/about/corporate/governance/p7-8.html

Professional Code of Ethics

AMA Code of Medical Ethics

Ethical Code[edit | edit source]

Ethical code consists of principals and behavioral expectations established by organizations for their
employees and third parties. The core values of a company are also implemented
The code of ethics also outlines core company values that workers are expected to uphold during business
operations. Code of ethics is actually very similar to code of conduct. However, code of ethics focuses more on
a company's morals and values at a high-level while code of conduct focuses more on specific situations.
Having an ethical code is important as it serves as a permanent reminder of the principals every employee is
expected to uphold everyday.
Most IT Professionals, unlike doctors and other professionals, do not have a general rule making body, they
may have many professional organizations specialized to specific groups.

 Association of Information Technology Professionals(AITP)

 CyberSecurity Institute (CSI)
 Independent Computer Consultants (ICCA)
 Information Systems Security Association (ISSA)
 Association for Computer Operations Management(AFCOM)
 Computing Technology Industry Association(CompTIA)
The existence of these bodies is made necessary due to the lack of respect for ethics in society in general,
requiring not only the validation of this types of bodies but also their power to enforce sanctions when ethical
violations are made evident. Something that could be well covered by the state and the academia.
It can be argued that these ruling bodies should be in fact unnecessary, since ethical considerations do not
depend on ones profession, even if very specific considerations can seem restricted in the function they will be
shared by another profession. It could also be stated that this is a function of the state and the legal system,
that delegating these functions in non-governmental, even if public organizations, is detrimental to the public
good, and overall block to transparency of procedures. These bodies will also promote the exertion of corporate
influence toward their specific groups interests, one such interest is reducing competition by limiting or
increasing the difficulty of access to functions and a general increase in prices since they permit a coordinated
fixing of payments in a monopolistic way and promote the practice of obtaining special treatment and
recognition for those that depend on their specific activities.
IT Code of Ethics[edit | edit source]
There are many resources for IT professionals to refer to when searching for ethical guidance. A few examples
of these resources include:

 “The Code of Ethics” in section seven of IEEE.

 “The Code of Ethics and Standards of Conduct” from the Association of Information Technology
Professionals (AITP)
 “IT Code of Ethics” from SAN
One of the main sections that are highlighted in the code of ethics are the ethical behaviors that are expected
of each individual. Employees are often expected to uphold integrity, responsibility, and professionalism during
work. This includes properly handling confidential information, maintaining a safe working environment, and
avoiding unlawful conduct such as accepting bribes. Code of ethics also highlights ethical behaviors towards
others. Workers are often expected to treat others fairly without engaging in discriminatory and harmful
behavior.

References[edit | edit source]

IT Specialist
What is an IT Professional?[edit | edit source]
IT Professional Defined[edit | edit source]
Information technology (IT) is defined as “the use of any computers, storage, networking, infrastructure and
processes to create, process, store, secure and exchange all forms of electronic data.” [1] Hence, an IT
professional is a person who works in the information technology field. The term can refer to the engineering of
software products, implementation, and maintenance control of the user's network and server systems after it
has gone to use. IT professionals can also include people who received education in a computer-related
institution and people who possess vast knowledge in information technology.
Qualities of an IT Professional[edit | edit source]
1. Diligence. Professionals in the IT field, such as developers, analysts, and system administrators, are
associated with adhering to the ethical standards of their profession. Their work should be done with diligence
and accuracy, free from assumptions and standardization.
2. Updated. They are needed to keep up their knowledge and technical expertise in their field with the
changing IT environments to satisfy users' needs.
3. Skills and expertise. IT professionals have the skills to perform appropriate tasks or perform tasks that
can cause damage to weak software systems, for example, a payroll system; these systems are at high risk of
economic crisis where IT professionals are required to either correct the vulnerabilities or leave them exposed
to cause harm.
Responsibilities of an IT Professional[edit | edit source]
The responsibilities of an IT professional include both job duties and moral and ethical obligations. Job duties
vary from one professional to another, but typically they are centered around the management of computer-
based information systems.

Differences from other Professionals[edit | edit source]

There exists a clear divide between professionals and pioneers of the IT industry and specialists from other
fields. Information technology is a part of every aspect of human life. Hence, the development and
improvement of this industry significantly affects the human race. These obligations put significant responsibility
on IT professionals for their actions. These must be aimed at bettering human lives.

Moral Distinction[edit | edit source]

As a part of being a professional, IT specialists must have codes of ethical standards. These include the
Association for Computing Machinery (ACM)[2], the Electrical and Electronics Engineers Computer Society
(IEEE-CS)[3], and others.
IT professionals have some universal moral obligations as part of their jobs. Commitments include integrity,
competence, professionalism, work, and societal responsibilities. An established and updated set of
professional ethics will help all IT professionals. It will guide them through intricate interactions and
relationships in their workspace. Since IT professions impact the broad society, it is crucial to hold professional
ethics for all IT specialists.[4]
Legal Distinction[edit | edit source]
One distinction between doctors, lawyers, and IT professionals is that while the state must license doctors and
lawyers, no such requirement exists for IT professionals.[5][6] Since a government authority does not license
them, many courts have said that IT workers do not meet the legal definition and are thus not liable for
malpractice.[7] It can also be argued that not every IT occupation requires advanced knowledge, and thus not
every IT worker can be considered an IT professional.[7]
However, there are numerous legal regulations that IT professionals have to abide by. Some of these laws in
the United States include HIPAA, Gramm-Leach-Bliley Act, FISMA, CISA, and National Cybersecurity
Protection Advancement Act.[8]

Roles of the IT Professional[edit | edit source]

Job Titles of an IT Professional[edit | edit source]
There are an array of jobs under the IT professional umbrella. A few, but not all IT job titles include: [9]

 Support Specialists
o Support professionals are in charge of analyzing and resolving a company's computer network and
hardware issues. They can work in various businesses, providing general support to employees, or in
a technology or software as a service (SaaS) organization, providing technical support on user
experience issues that require technical assistance.
 Computer Programmers
o A computer programmer uses coding languages such as HTML, JavaScript, and CSS to create new
computer software. Computer game software can indeed be modified to improve online gameplay,
allowing programmers to address issues after the game is published to the general audience.
 Technicians
 o A technician works with support specialists to investigate and fix computer problems. They also
monitor processing functions, install essential software, and test computer hardware and software as
needed. Technicians may also teach a new software or functionality to a company's employees,
clients, or other consumers.
 Systems Analysts
o A systems analyst examines design elements and applies information technology skills to solve
business problems. They identify infrastructure changes that are required to streamline business and
IT operations. They can also help technologists teach workers to put the improvements they propose
into action.
 Network Engineers
o Network engineers are responsible for the day-to-day maintenance and development of a company's
computer network, leveraging their expertise to ensure that it is accessible and valuable to all
employees.
Where the IT Professional fits in the Organization[edit | edit source]
So, as simple as it sounds, an IT professional fits or belongs in the IT department. Now, within the IT
department, you have branches needed. There's no right or wrong answer because people have different
strengths. For example, if you need a programmer, you wouldn't put a support specialist in the programmer
department of your IT staff because it won't be feasible to do. People with well diverse backgrounds that
pivoted within the company can move around if appropriately trained, but it is entirely up to the department they
think is the best fit for you. The IT department inside a firm involved in designing, managing, and maintaining
information technology systems and services is an IT organization (information technology organization). In a
large corporation, the IT department may also be in charge of strategic planning to ensure that all IT projects
are aligned with its objectives. Depending on the company's demands, IT organizational structures might be
centralized or decentralized. The IT department is usually led by a Chief Information Officer (CIO) in a major
corporation. An IT director or operations manager may be in charge of smaller IT enterprises.[10]
Contractor from an Outsourced service provider [edit | edit source]
IT professionals, just like other industries, there are all different types of outsourcing services, such as
Structured cabling systems to application development. Due to the essential nature of, the IT industry’s
complicated architecture, there are different IT professionals, networks, support desks, hardware, system
services, security, infrastructure, internet, and so on. All need to work together just like an
orchestra.[11] Enterprises owners are more likely to hire contractors from service providers to save money.
However, Contractors are not the employee of the Enterprises, due to different company cultures or working
habits, there are a lot of ethical problems would arise:
SLA[edit | edit source]
A lot of service providers just provide on-site professional services. However, there is no detailed SLA or
service level agreement. For example, the typical on-site service will charge clients per man day. A project
should be finished in 100 Man Day. But the service provider may charge the client 200 Man-Day or even more.
At the same time, the client may always adjust their project expectation to deny paying the service fee. One
example would be if a service provider performed work that was not supported by the vendor. All these
contradictions were caused by no clear SLA. both client and vendor, or service provider, may lose a lot of
profits. Some clients want to terminate the SLA or the contract but have no appropriate execution, so the client
will give a lot of difficult tasks to the contractors to finish, or refuse the contractor to use the Internet connection,
which is very important to their jobs. Some client even asks the contractor to log what he did every minute
Service Termination[edit | edit source]
Service Termination is caused by the project being finished, which is expected. Another is caused by a client's
financial problem. If the contractor from the service provider has no other client, the contractor may lose his job.
Big IT service providers such as TATA, HP, or IBM, have a lot of projects, and this kind of problem does not
exist. Small businesses may be closed due to service Termination. On the side of the client, no need to pay a
compensative salary to the contractor, it is not good, ethically. But transfer the cost to the service provider.
Security[edit | edit source]
Every company has its security policy, such as access card, server account, and database access. I remember
many years ago, I went to a client’s server room to install the software. The client’s boss asked a staff member
to open the door and let me in. Then he left. I found the door in the server room can not open inside. I refused
to work and asked whether the client provides me with a temporary visitor access card or a staff member
accompanied me. It is very dangerous to be locked in the server room. Once on fire, all the doors will be locked
and the automatic fire extinguishing device will release a kind of toxic gas. Meanwhile, some contractors
changed jobs whereas not return the access card or the client did not lock the contractor’s account timely,
which will lead to information security problems.

Internal cross-department[edit | edit source]

IT professionals also work with colleagues from other departments. Different business units have different
KPIs, the same project may have different expectations. Here are some decennia for cross-department

 CASE 1. As a support engineer, my job is to install software for clients and provide a platinum service for
clients for free. Another team from my company, the sales team, committed to the client that the platinum
service will be handed over to the client. So the sales asked me to provide the password to the client for
the platinum service. I denied the request. Very simply, I can not violate the company’s security policy.
 CASE 2. The software we installed has a bug that leads to the server rebooting again and again. The
sales consultant noticed the bug will be released next week from the internal website. The sales manager
asked me to apply the patch for the client. How can I apply a patch which is not been released? I also
denied the request.
 CASE 3: There is a project manager who will manage the project and may be involved with different teams
or business units. Another IT engineer just finished the software installation. The PM asked me to take
over his job and it is a priority. After talking to the department manager, I denied the PM’s request. The PM
is not my boss.
To sum up, every IT professional should not violate the policy and let his direct boss coordinate with others in
the project.[2]
Change job to competitions[edit | edit source]
Due to financial problems, an employee may experience no salary increase. He may change his job for a better
salary. It is a very common thing to switch jobs to a competitor’s company for IT professions. For a freshman,
just graduating from college without any experience, his buddy or senior staff or his boss may teach him a lot of
things. The company may demand him a high expectations. Unfortunately, he changed his job and the new
employer is the competition of the old employer, even though it is legal does not mean it is ethical. For
example, if the employee masters the core technology, the old company may fail in the market.[12]
Xiaolang Zhang who worked for Apple, was arrested by the FBI in 2019, when he was ready to board the flight
to China, got the offer of Xiao Peng Car, Xiaolang had the key hardware and software of auto-piloting core
technology.[13]
To sum up, this kind of situation should find a solution from a legal perspective. Ethically we can not stop it.

Where do Ethics Come From?[edit | edit source]

Codes of Ethics[edit | edit source]
Ethics and law, although often related, are not the same. Some laws reflect ethics and morality, but some
things are perfectly legal that are not necessarily ethical. So where do ethics come from?
In a general context, ethics come from society and what people have decided is right and wrong. Ethics could
stem from religion or simply strong values that are passed from parents to children. Often, especially in
professional fields, ethics codes will be assembled to provide a guideline for how professionals should conduct
themselves. There are many sources from which IT professionals can learn codes of ethics for implementation
in their careers.
Codes of Conduct[edit | edit source]
Often, businesses or employers will devise a code of conduct for their employees, so they have documented
guidelines regarding behavior in the work environment. They outline “what the organization aspires to become”
and “rules and principles by which members of the organization are expected to abide. [14]
Certifications[edit | edit source]
Certifications are another way for IT professionals to learn about ethics, as many organizations that offer
certifications include ethics as part of the covered material. Certifications are defined as “the action or process
of providing someone or something with an official document attesting to a status or level of achievement”.[15]
Some common certifications are the CompTIA A+, Network+, or Security+ certifications, Cisco’s CCNA, Red
Hat’s RHCE, or ISACA’s CISA. Often these certifications make certificate holders promise to uphold the
standards as given in the certification materials. For example:
All persons having obtained any CompTIA certification or certificate program ("Certified Person") and taking
part in CompTIA's Continuing Education Program ("CCEP") must agree that they have read and will abide by
the terms and conditions of this CompTIA Candidate Code of Ethics Policy ("Ethics Policy")

 A Certified Person shall offer and provide professional services with integrity.
 A Certified Person shall perform professional services in a manner that is fair and reasonable to clients,
principals, partners and employers, and shall disclose conflict(s) of interest in providing such services.
 A Certified Person shall provide services to clients competently and maintain the necessary knowledge
and skill to continue to do so in those areas in which they are certified.[16]
The above is an excerpt from CompTIA’s Candidate Code of Ethics, a code that it asserts all CompTIA
certificate holders must abide by.

Organizations[edit | edit source]

There exist some organizations whose purpose is to establish ethical codes for professionals. Often these
organizations are specific to specific fields/professions. These organizations typically release their codes of
ethics alongside certifications. Essentially, members of the organization are admitted either by simply applying
or completing certifications and joining. By joining, members attest they understand and promise to abide by
these ethical rules while practicing their profession.
Some organizations for IT ethics include IEEE, ISACA, and ACM. These organizations have their own ethics
codes for members. For example:
1.1 Contribute to society and to human well-being, acknowledging that all people are stakeholders in
computing.
1.2 Avoid harm
1.3 Be honest and trustworthy.
1.4 Be fair and take action not to discriminate.
1.5 Respect the work required to produce new ideas, inventions, creative works, and computing artifacts.
1.6 Respect privacy.
This is an excerpt from the “General Ethical Principles” section of the ACM Code of Ethics and Professional
Conduct.[17]

How Certifications Affect The Ethical Behavior of IT

Professionals[edit | edit source]
Ethics is a very important concept to IT professionals as well as IT workers. There are many different ways to
push proper ethical behavior and propel unethical ones. One example is certification in IT.
What Is a Certification[edit | edit source]

 Certifications are defined as “the action or process of providing someone or something with an official
document attesting to a status or level of achievement,”.[18] Examples of certifications include:
 CompTIA’s A+, Network+, Security+ [19]
 CISCO’s CCNA, CCNP, CCIE [20]
 Red Hat’s RHCE[21]
Certifications are also typically given out by non-governmental organizations (IEEE, ACM, CompTIA, CISCO,
and Red Hat).[22]
Ethical Code Of Conduct Example[edit | edit source]
Below are examples from the IEEE code of ethics/conduct. Excerpts from their code of ethics state:

 To uphold the highest standards of integrity, responsible behavior, and ethical conduct in professional
activities.
o Unethical practices such as bribery and illegality
 To treat all persons fairly and with respect, to not engage in harassment or discrimination and to avoid
injuring others.
o Unethical practices such as discrimination and defamation
 To strive to ensure this code is upheld by colleagues and co-workers.
o Adhering to code of conduct and ethical standards[3]
Standardization And Measurable Metrics[edit | edit source]
Certifications tend to have definitive as well as non-definitive codes of conduct and ethics. As such it makes
sense to argue that since the more people who have these certifications should at the very least know of more
ethical behavior than those who haven’t gotten any. If you were to take two IT workers with the only difference
being the certifications they have, you could assume that the worker with certifications from the likes of IEEE
and ACM[23] has knowledge of and partakes in their ethical practices. For instance, after taking an IEEE
administered exam you must agree to the IEEE Code of Ethics.
Many of the ethics and code of conduct feels fairly standard and self-explanatory. However, if it must be stated
chances are that it isn’t common knowledge. As well as having a standard and measurable metric of ethics
should prove useful. Violation of these ethical concepts results in actions that are not limited to rejection of
certification, revocation of certification, losing the ability to apply for certification, and other legal actions and
other remedies. Yet, it is important to remember IEEE isn’t the only association that pushes ethics for their
certifications as CISCO[24] and Red Hat[25] are just a few of the names that do it as well. The code of ethics and
code of conduct in modern certificate-granting organizations are written differently but contain the same content
and context. Essentially fair competition, integrity, compliance, and conflicts of interest are written between all
conducts and are pretty comparable. As well as many accredited technical certifications were written with
ethics in mind to not only protect the business but also the workers inside and out of that workplace.

Compliance and its Importance[edit | edit source]

What is Compliance?[edit | edit source]
Compliance is defined by Gartner as “The process of adhering to policies and decisions.” [26]
Compliance is a cornerstone of IT ethics, ensuring that the ethical standards that have been set are upheld.
Without compliance, no policy, regulation, standard, or law matters.
Compliance and the Technology Industry[edit | edit source]
Compliance is a must for any information technology professional. As an industry, compliance ensures that all
parties involved are working towards a common goal about the policies, laws, and regulations that are in place.
Compliance is also the way that organizations and individuals can measure others against the established
standards.
This aspect of compliance plays a significant role in promoting correct ethical behaviors for IT Professionals.
When IT Professionals adhere to respect and confidentiality, maintain professional competence, respect
property rights, and embrace integrity, honesty, and fairness, this goes a long way toward creating a conducive
working environment. Additionally, compliance promotes desirable ethical behaviors by uniting all parties
involved by subjecting them to similar guidelines.[27] Compliance promotes fair play and competition in the IT
sector. Trust and integrity among the parties involved are established through compliance with a code of ethics.
When ethical standards are adhered to, illegal conduct is minimized and positive behaviors are promoted.
Additionally, providing development opportunities for ethical behaviors and implementing best practices helps
minimize undesirable behaviors.[28]

Compliance and the Workplace/Individual[edit | edit source]

Compliance or lack thereof can have a significant impact on the workplace, the staff, and the company.
Compliance ensures that everyone in the workplace is on the same page regarding responsibilities, restrictions,
policies, and laws. Compliance also protects the company and staff, both in reducing the risk of adverse
situations and helping to mitigate any fallout should an incident occur. Compliance entails good communication
among the employees, the management, and the government. Workplace rules should be accurate, and
equitable, and assist in achieving your objectives by communicating them.[28]
Looking at the impact of compliance on the individuals and the workplace, studies have found that “the
existence of ethics and a culture of compliance in IT is positively correlated with the overall effectiveness of IT
governance” [29] Compliance helps the workplace maintain a secure, professional environment for all
employees.
Looking at the impact of compliance on the organization and the staff, compliance with policies, regulations,
and laws can both protect the organization from legal, financial, and reputational damage, as well as limit any
impacts of an incident. Policies, regulations, and laws are designed to protect the company and the public by
limiting risk and mitigating damage. By complying, the organization is showing its commitment to protecting
itself and everyone it comes into contact with.
Addressing the legal aspects to comply with the local, state, and federal business laws is key to effective,
ethical behavior promotion. Adhering to insurance policies that improve safety and reduce insurance claims is
another way of preventing undesirable ethical behaviors. Workplace rules and regulations governing all
employees such as dress code, attendance, theft, fraud, behavior, sick and personal day policies, record
keeping, when adequately implemented, work to discourage undesirable IT professional ethical behavior.
Failure to comply can lead to financial penalties, lost contracts, reputational harm, and in extreme cases,
criminal charges. These negative outcomes can cost employees jobs, hurt organizational consumers, and even
drive organizations out of business. There have even been cases of executives who have committed suicide to
escape the ramifications of non-compliance.[30]

Ethical Dilemmas faced by IT Professionals[edit | edit source]

Many business entities are encountering several ethical challenges. Controlled decisions protect users' rights
and data from unauthorized access. Some of the major information technology ethical issues potentially faced
include:
Personal Privacy[edit | edit source]
Personal privacy is a very crucial feature of information technology ethics. IT encourages users to have their
system hardware and software products retrieve data from the servers connected to them via a network. The
transfer of big data via the internet of computers increases the probability of exposing the information to
outsiders and therefore infringing the privacy of users and user groups. It is quite difficult for IT teams and firms
to ensure data privacy and correctness and accidentally expose information to unauthorized users.
Misuse of users' details provided as we use the internet, for instance, online transactions we provide credit
cards private information the companies store this information to be able to predict our interests but at the
same time impede our privacy rights. Business firms use this valuable information to make money and advance
their market niche.
Security[edit | edit source]
The second characteristic of computer systems ethics is security or access rights. It is a major priority for the IT
staff and cybersecurity in the changing world of information technology. Online transactions and e-business
enrollment raised the need for improved security measures by the corporate and government agencies.
Securing the internet from unauthorized users, which is quite impossible, can be reduced by intrusion detection
software to differentiate between an authorized and unauthorized user trying to access the system.IT security
professionals are also to be intimate with copyright law, an ethical aspect that functions to control and prevent
computer systems from bridging security before and after the breaches. [31]

Transparency & Honesty[edit | edit source]

Also termed liability, is another ethical aspect that software engineers give their word and declarations to the
users on the features and state of the software product they will provide as express warrants. Therefore they
should be realistic in making these promises about their ability to offer that quality and state of their software
and hardware systems capability. This should be enhanced by putting their words and agreements in writing for
protection against liability issues. A warning of guaranteed service provision can save a provider from the
responsibilities if it fails to achieve the predictions made during agreement formulation.
Artificial Intelligence (AI)[edit | edit source]
Use of AI: Artificial intelligence has greatly improved the business firm's ability to gain profits.
Facial recognition: using IT software to identify people is less of an ethical aspect. However, there are several
issues with this feature, for example, racial biases and invasion of personal free space. Tracking people's
activities invades their privacy, and the system can also be incorrect as it uses algorithms to make decisions.
Jobs replacements: the goal of AI is to automate low-level tasks in the organization so that individuals can be
used to perform more detailed and complex tasks. This will result in the large-scale elimination of job
opportunities; therefore, many individuals are concerned about their job security.
Biasness of the AI technology: the programs and algorithms used in the development of AI carries the biases of
their initial developers as all humans are prone to be biased. It only focused the low-level knowledge on the
developer's present environment.[32]
Conflicts with Company Policies[edit | edit source]
One example would be if a patent is used to store and protect private information about a software product
from outsiders. However, software needs disclosure of all its features to the outside world apart from that
provided in the copyright. This becomes difficult for the developers to expose their secret idea to programmers.
Maintaining and protecting valuable and vital information about a firm is also an important ethical issue in
information technology, for example, trading secrets. Exposure of this confidential information to the firm's
competitors can cause a lot of economic failures.
Harmful Actions[edit | edit source]
Harmful actions include damaging or inappropriate actions that lead to the loss of crucial data, resources, user
rights, or destroying vital user systems are considered harmful. It also includes sharing files containing viruses
via web pages that are deemed secure. This concept of ethics controls unauthorized users' use of information
systems, to prevent losses by the stakeholders. This includes changing or damaging data and software
programs critical to the firm's economic activities. Recovering from these harmful activities is time-consuming,
and a lot of energy is needed to clear viruses in the information system.

Copyright and Piracy[edit | edit source]

Piracy refers to the illegal access and attempts to copy and distribute software. Based on the United States
Copyright Act, illegal copying and reproduction of software are subject to attracting legal suits of up to a
hundred thousand dollars in fine. Apart from the legal consequences, it is ethically wrong to reproduce another
person’s work based on basic principles such as fairness and justice. Programmers and staff involved in the
creation of that software require fair compensation for their work, however, when it is reproduced and
distributed illegally, they stand to earn nothing to show for their efforts. [33]
Developer Liability[edit | edit source]
IT professionals need to be aware of the liability issues that can arise from making ethical decisions regarding
the programs they publish. Developers make promises to the user regarding the nature of their program and
what that program can deliver. Failing to deliver on these promises can not only harm their image and cause
nuisance to the user but opens them up to legal retaliation. They need to be practical and honest about the
assurances they make about their program and keep in mind the ethical considerations they need to make
while delivering the product to their clients. A well-worded and accurate disclaimer can free a developer from
being responsible for informal, speculative statements made by a user against their software.

Access Costs[edit | edit source]

With the increase in awareness about net neutrality, IT professionals have to keep in mind the access costs for
every service they publish online. The vast majority of people favor maintaining net neutrality, ensuring that
everyone gets fair access to every website and service. This raises the ethical question about whether internet
usage and access to the data on the internet are now a universal right that needs to be protected. IT
professionals will be the ones who pave the way in this discussion, setting a precedent for future generations
and deciding the path that internet usage takes. The access cost to a website will determine the traffic a
website gets and how widely it is used. This decision affects the users who may or may not be able to use the
website and the developers of the website since it affects how widely used their website or service is.

References[edit | edit source]

1. ↑ Rich Castagna (2021-08-05). "Definition of Information Technology (IT)". TechTarget. Retrieved 11
April 2022.
2. ↑ Jump up to:a b The Code affirms an obligation of computing professionals to use their skills for the benefit
of society. (n.d.). Https://Www.Acm.Org/Code-of-Ethics. https://www.acm.org/code-of-ethics
3. ↑ Jump up to:a b IEEE. (2020, June). IEEE Code of Ethics. Institute of Electrical and Electronics Engineers.
https://www.ieee.org/about/corporate/governance/p7-8.html
4. ↑ Melissa Woo (2017-03-27). "Ethics and the IT professional". EDUCASE Review. Retrieved 11
April 2022.
5. ↑ Kocher, Bob (2014, February 18). "Doctors Without State Borders: Practicing Across State Lines".
Health Affairs. Retrieved April 26, 2021. {{cite web}}: Check date values in: |date= (help)
6. ↑ CareerOneStop (2018, November 9). [Retrieved April 26, 2021,
from https://www.careeronestop.org/toolkit/training/find-licenses.aspx "License Finder"].
CareerOneStop. {{cite web}}: Check |url= value (help); Check date values in: |date= (help)
7. ↑ Jump up to:a b Reynolds, George (2015). Ethics in Information Technology (Fifth ed.). Cengage Learning.
p. 44. ISBN 978-1-285-19715-9.
8. ↑ Drexel University. (2022-04-25). "Federal laws". Drexel University Information Technology.
Retrieved 25 April 2022.
9. ↑ Indeed Editorial Team (2021-11-02). "21 different types of it jobs to explore". Career Guide. Indeed.
Retrieved 25-April 2022. {{cite web}}: Check date values in: |accessdate= (help)
10. ↑ TechTarget Contributor (2013-12). "IT organization". SearchCIO. TechTarget. Retrieved 25
April 2022. {{cite web}}: |author= has generic name (help); Check date values
in: |date= (help)
11. ↑ American Speech-Language-Hearing Association. (n.d.). Issues in Ethics: Competition in
Professional Practice. https://www.asha.org/practice/ethics/competition-in-professional-practice/
12. ↑ Gardner, T. M., Stansbury, J., & Hart, D. (2010). The Ethics of Lateral Hiring. Business Ethics
Quarterly, 20(3), 341–369. https://doi.org/10.5840/beq201020326
13. ↑ An ex-Apple employee has been charged with stealing autonomous vehicle secrets. (2018, July 10).
Business Insider. https://www.businessinsider.com/xiaolang-zhang-apple-autonomous-vehicle-
secrets-2018-7?international=true&r=US&IR=T
14. ↑ Reynolds, George (2019). Ethics in Information Technology (6th ed.). Cengage
Learning. ISBN 9781337405874.
15. ↑ Oxford Language (2018-06-22). "Certification". Definitions. Retrieved 11 April 2022.
 16. ↑ CompTIA (2022-04-25). "Candidate Code of Ethics". Continuing Education Policies. CompTIA.
Retrieved 11 April 2022.
17. ↑ Association for Computing Machinery (2018-06-22). "ACM Code of Ethics and Professional
Conduct". ACM Code of Ethics and Professional Conduct. Association for Computing Machinery.
Retrieved 11 April 2022.
18. ↑ Certification. (n.d.). In Oxford Language. Google. Retrieved April 28, 2021, from
https://www.google.com/search?q=define+certification&oq=define+certification&aqs=chrome..69i57.4
936j0j1&sourceid=chrome&ie=UTF-8
19. ↑ CompTIA (2022-04-25). "CompTIA Certifications". CompTia. Retrieved 25 April 2022.
20. ↑ Cisco Systems (2022-04-25). "Cisco Certifications". Cisco Systems. Retrieved 25 April 2022.
21. ↑ Red Hat (2022-04-25). "Training and Certification". Retrieved 11 April 2022.
22. ↑ Reynolds, G. W. (2014). Ethics in Information Technology (5th ed.) [E-book].54-60.
CengageLearning.https://repository.dinus.ac.id/docs/ajar/ethics_in_information_technology2c_5th_ed.
_0_.pdf
23. ↑ ACM. (2018). ACM Code of ethics. Association for Computing Machinery. https://www.acm.org/code-
of-ethics
24. ↑ Code of Certifications Ethics. (2013). CISCO. https://www.cisco.com/c/dam/en_us/training-
events/downloads/Cisco_Code_of_Certification_Ethics.pdf
25. ↑ Red Hat. (2019, November 22). Red Hat Partner Code of Conduct.
https://www.redhat.com/cms/managed-files/Red_Hat_Partner_Code_of_Conduct_(Final).pdf
26. ↑ Gartner (2022-04-20). "Compliance". Gartner Glossary. Retrieved 11 April 2022.
27. ↑ Stoodley, I., Bruce, C., & Edwards, S. (2013). Experiential ethics education for IT professionals.
Professionalism in the Information and Communication Technology Industry.
https://doi.org/10.22459/picti.10.2013.12
28. ↑ Jump up to:a b Gotterbarn, D. (2017). Computer Ethics, 249-258. https://doi.org/10.4324/9781315259697-
27
29. ↑ Ali, Syaiful; Green, Peter; Parent, Michael (2009). "The role of a culture of compliance in information
technology governance" (PDF). GRCIS’09: Governance, Risk and Compliance. 459.
30. ↑ Whitman, Michael E (2019). Management of Information Systems, 6th ed. Boston:
Cengage. ISBN 9781337405713. {{cite book}}: Unknown parameter |coauthors= ignored
(|author= suggested) (help)
31. ↑ GeeksforGeeks (2020-01-27). "Ethical Issues in Information Technology (IT)". GeeksforGeeks.
Retrieved 11 April 2022.
32. ↑ CompTIA (2021-07). "5 Ethical Issues in Technology to Watch for in 2021". CompTIA. Retrieved 11
April 2022. {{cite web}}: Check date values in: |date= (help)
33. ↑ Terry E. Shoup. "Software Pirating and Ethics". Frequently Asked Questions. Santa Clara University
Markkula Center for Applied Ethics. Retrieved 25 April 2022.

IT Professionals and Their Relationship

Contractor from Outsourcing service provider [edit | edit source]
IT Professional, just like other industries, there are all different types of outsourcing service, such as Structured
cabling system to application development. Due to the essential nature of, IT industry’s complicated
architecture, there are different IT professionals, networks, support desk, hardware, system services, security,
infrastructure, internet, and so on. All need to work together just like an orchestra. Enterprises owners are more
likely to hire contractors from service providers to save money. However, Contractors are not the employee of
the Enterprises, due to different company culture or working habit, there are a lot of ethical problems would
arise:

SLA[edit | edit source]

A lot of service providers just provide on-site professional services. However, there is no detailed SLA or
service level agreement. For example, the typical on-site service will charge clients per man day. A project
should be finished in 100 Man Day. But the service provider may charge the client 200 Man-Day or even more.
At the same time, the client may always adjust their project expectation so as to deny pay the service fee. One
of my company’s service providers did a project which is not supported by the vendor, Oracle 11g. All these
contradictions were caused by no clear SLA. both client and vendor, or service provider, may lose a lot of
profits. Some clients want to terminate the SLA or the contract but have no appropriate execution, so the client
will give a lot of difficult tasks to the contractors to finish, or refuse the contractor to use the Internet connection,
which is very important to their jobs. Some client even asks the contractor to log what he did every minute,
such as the following form :
Time Morning | What

9:00 to 9:15 | Job activity debrief

9:15 to 9:30 | Job activity debrief
9:30 to 9:45 | Job activity debrief

Just like a slave or labor.

Service Termination[edit | edit source]

Service Termination is caused by the project finished, which is expected. Another is caused by a client's
financial problem. If the contractor from the service provider has no other client, the contractor may lose his job.
Big IT service providers such as TATA, HP or IBM, have a lot of projects, this kind of problem does not exist.
Small businesses may be closed due to service Termination. To the side of the client,no need to pay a
compensative salary to the contractor, it is not good, ethically. But transfer the cost to the service provider.
Security[edit | edit source]
Every company has its security policy, such as access card, server account, database access. I remember
many years ago, I went to a client’s server room to install the software. The client’s boss asked a staff member
to open the door and let me in. Then he left. I found the door in the server room can not open inside. I refused
to work and asked whether the client provides me a temporary visitor access card or a staff member
accompanies me. It is very dangerous to be locked in the server room. Once on fire, all the doors will be locked
and the automatic fire extinguishing device will release a kind of toxic gas. Meanwhile, some contractors
changed jobs whereas not returning the access card or the client did not lock the contractor’s account timely,
which will lead to information security problems.

Internal cross-department[edit | edit source]

IT professions also work with colleagues from other departments. Different business units have different KPI,
the same project may have different expectations. Here are some decennia for cross-department CASE 1. As a
support engineer, my job is to install software for clients and provide a platinum service for clients for free.
Another team from my company, the sales team, committed to the client that the platinum service will be
handed over to the client. So the sales asked me to provide the password to the client for the platinum service.
I denied the request. Very simply, I can not violate the company’s security policy.
CASE 2. The software we installed has a bug which leads to the server rebooting again and again. The sales
consultant noticed the bug will be released next week from the internal website. The sales manager asked me
to apply the patch for the client. How can I apply a patch which is not released? I also denied the request.
CASE 3: There is a project manager who will manage the project which may be involved with different teams or
business units. Another IT engineer just finished the software installation. The PM asked me to take over his
job and it is first priority. After talking to the department manager, I denied the PM’s request. The PM is not my
boss.
To sum up, every IT professional should not violate the policy and let his direct boss coordinate with others in
the project.

Change job to competitions[edit | edit source]

Due to financial problems, an employee may experience no salary increase. He may change his job for a better
salary. It is a very common thing to switch jobs to a competitor’s company for IT professions. For a freshman,
just graduating from college without any experience, his buddy or senior staff or his boss may teach him a lot of
things. The company may demand him a high expectation. Unfortunately, he changed his job and the new
employer is the competition of the old employer, even though it is legal does not mean it is ethical. For
example, if the employee masters the core technology, the old company may fail in the market.
Xiaolang Zhang who worked for Apple, was arrested by the FBI in 2019, when he was ready to board the flight
to China, got the offer of Xiao Peng Car, Xiaolang had the key hardware and software of auto-piloting core
technology.
To sum up, this kind of situation should find a solution from a legal perspective. Ethically we can not stop it.

References[edit | edit source]

American Speech-Language-Hearing Association. (n.d.). Issues in Ethics: Competition in Professional

Practice. https://www.asha.org/practice/ethics/competition-in-professional-practice/
An ex-Apple employee has been charged with stealing autonomous vehicle secrets. (2018, July 10). Business
Insider. https://www.businessinsider.com/xiaolang-zhang-apple-autonomous-vehicle-secrets-2018-
7?international=true&r=US&IR=T
Gardner, T. M., Stansbury, J., & Hart, D. (2010). The Ethics of Lateral Hiring. Business Ethics Quarterly, 20(3),
341–369. https://doi.org/10.5840/beq201020326
The Code affirms an obligation of computing professionals to use their skills for the benefit of society.
(n.d.). Https://Www.Acm.Org/Code-of-Ethics. https://www.acm.org/code-of-ethics

Types of Computer Attacks

Types of Computer attacks[edit | edit source]
Viruses are pieces of computer programming code that causes a computer to behave in an undesirable way.
Viruses can be attached to files or stored in the computers memory. Viruses may be programmed to different
things such when they are downloaded or activated by a specific action for example viruses attached to file will
infect that computer and any file created or modified on that machine.Viruses may also programmed to display
a message when certain action are performed to execute the virus.Worms like viruses bury themselves in the
memory of a machine and then duplicates itself with help from any help. It can send itself through emails and
other connections. Phishing is when hackers try to obtain financial or other confidential information from
Internet users, typically by sending an e-mail that looks as if it is from a legitimate organization, usually a
financial institution, but contains a link to a fake Web site that replicates the real one. These con - artists urge
the recipient of such emails to take action for rewards or avoid consequences. Hackers may use a backdoor
within a computer system that is vulnerable, this allows them to remain undetected while they access important
information. Key-logger programs allow attackers to view information that has been logged into a particular
machine undetected. Botnets are a collection of computers that could bee spread around the world the are
connected to the internet, they are controlled by one single computer.
 PhishingTrustedBank

Malware[edit | edit source]

Malware is a term denoted for malicious software that spreads from computers and interferes with computer
operations. Malware may be destructive, for example, deleting files or causing system ‘crashes’, but may also
be used to steal personal data.
Forms of malware[edit | edit source]

 Viruses: are a standout amongst the most surely understood sorts of malware. They can bring about
gentle computer brokenness, however can likewise have more serious impacts regarding harming or
erasing equipment, programming or documents. They are self-repeating programs, which spread inside
and between computers. [1]They require a host, (for example, a document, circle or spreadsheet) in a
computer to go about as a 'carrier', yet they can't contaminate a computer without human activity to run or
open the tainted record.
 Worms: are likewise self-replicating programs, yet they can spread independently, inside and between
computers, without requiring a host or any human activity. The effect of worms can hence be more
extreme than viruses, creating destruction crosswise over entire networks. Worms can likewise be utilized
to drop trojans onto the network framework.[2]
 Trojans: are a type of malware that give off an impression of being genuine projects, yet encourage illicit
access to a computer. They can perform capacities, for example, taking information, without the client's
learning and may trap clients by undertaking a normal errand while really undertaking covered up,
unapproved activities.
 Spyware: is programming that attacks clients' security by get-together touchy or individual data from
tainted frameworks and observing the sites went by. This data may then be transmitted to outsiders.
Spyware can now and again be covered up inside adware (free and here and there undesirable
programming that obliges you to watch commercials keeping in mind the end goal to utilize it). One case of
spyware is key-logging programming, which catches and advances keystrokes made on a computer,
empowering gathering of touchy information, for example, passwords or ledger points of interest. Another
sort of spyware catches screenshots of the casualty's computer. Spyware is thought to be a standout
amongst the most perilous types of malware as its goal is simply to attack protection.
Phishing[edit | edit source]
There are various forms of phishing attacks on channels such as emails, social software, websites, portable
storage devices and cell phones. There are several different ways of trying to drive users to a fake website:
Types of Phishing attacks[edit | edit source]

 Spam e-mail, a spoof email which will distract customers to look similar to a bank email, or from any
financial institution.
 Hostile profiling, a targeted version of the above method: the cyber criminal exploits web sites that use e-
mail addresses for user registration or secret key reminders and directs the phishing trick at specific users
(requesting that they affirm passwords, etc.). Introduce a Trojan that edits the hosts file, so that when the
casualty tries to browse to their bank‟s web site, they are re-directed to the fake site.
 ‘Spear phishing’, an attack on a specific organization in which the phisher simply asks for one employee‟s
details and uses them to gain wider access to the rest of the network.[3]
 Traditional type of phishing attack is Not all phishing attacks work in the manner just described.
 The “rock-phish" gang3 has adapted its attack strategy to evade detection and maximize phishing site
accessibility. It has separated out the elements of the attack while including redundancy in the face of
take-down requests. The pack first purchases a number of area names with short, generally meaningless,
names, for example, lof80.info. The email spam then contains a long URL, for
example, http://www.bank.com.id123.lof80.info/vr where the main part of the URL is intended to make the
site appear genuine and a mechanism, for example, `wildcard DNS‟ can be used to resolve every single
such variation to a specific IP address. It then maps each of the space names to a dynamic pool of
compromised machines as per a pack controlled name server. Each compromised machine runs an
intermediary system that relays requests to a backend server system. This server is loaded with a large
number (up to 20 at a time) of fake bank websites, all of which are available from any of the stone phish
machines. However, which bank site is reached depends solely upon the URLpath, after the main „/‟.
(Because the group uses proxies, the real servers – that hold all the web pages and collate the stolen data
– can be located anywhere.)
 Whale Fishing is a type of spear phishing where the target of the attack is someone with a high profile
within a company or organization. These individuals are usually the CEO, CFO, COO, etc, because they
will have sensitive information that once stolen, will be used for a malicious reason such as ransom [4].
Password Attacks[edit | edit source]
Password attacks are as they sound an external entity trying to gain access to any particular systems by
cracking or guessing the user’s password. These attacks are very prominent in the current world scenario
since, weak and easily known terms can be guessed as well as methods such as brute force can be carried out
as raw processing power is readily available from high power computers available in the market. This type of
attack works without any type of malicious software or code to run on the user’s system. These attacks are run
on the hacker’s computers which use softwares and methodologies to crack the end user’s password thus
gaining access into their secure accounts.
Types of Password Attacks[edit | edit source]

 Guessing
Even though there may be numerous ways and means which may be used to crack passwords and get through
the loopholes that may exist in the system, the easiest and most non-technical but still the most effective way
proven to get through any access control mechanism is to guess the most commonly used passwords. For
many users passwords are more of a pain to remember rather than a security concern. Hence, most of such
users use easy to remember passwords such as their birthdate, wife’s/husband’s name, pet’s name, same as
the username or even the term ‘password’. All of such mentioned or related entries are easy prey to the
password guessing technique. Another point to be noted in this approach is that, this technique will only work
when the hacker is aware about certain things of its target or the target is very well known. This gives him/her
the leverage to hack into the target’s account with some commonly tried guesses. Another thing to be kept in
mind is that, when the hacker gets through a single account, there are many a times high chances that the
affected person has kept the same login credentials for multiple accounts for which the hacker may also get
access to.

 Dictionary Attacks
Dictionary attacks are based on the assumption that most of the passwords that are used in accounts are a
permutation and combination of a given set of numbers like birthdates, etc. and details like addresses, first and
last names, pet’s name, child’s name, etc. So how a Dictionary attack works is by choosing the word from the
given dictionary of characters and numbers and having a code manipulate them into various combinations
which are then tried to gain access to the corresponding account.[5] Here the problem lies in the fact that a
dictionary attack unlike other password attacks only has a given set of dictionary from which it can pick out
values and arrange/rearrange them in multiple ways to crack the password. The good thing is that even if one
character in the entire password lies outside the dictionary, this attack is bound to fail. But, since the dictionary
of words is limited the attack takes place at a rapid rate.
 Brute Force Attacks
Brute Force attacks are the least preferred type of password attacks for a simple reason that they are very
inefficient. A brute force attack basically checks all of the permutations and combinations from the very
beginning. Thus, these type of attacks require a lot of time as well as a lot of processing power. Plus, most of
the mechanisms that exist in the current times are smart enough to actually alert the user if a brute force attack
is in progress as it will have to check all of the wrong choices before reaching to the desired value. These
attacks are still much considerate when the length of the password is less than or equal to 4 characters. But,
things start going out of hand when the maximum length of the password increases. To put things into
perspective, assuming only alphabetical characters, all in capitals or all in lower-case, it would take 267
(8,031,810,176) guesses.[6] Also, in these cases there are many assumptions of whether the length of the
password is known. Also, other constraints that may cause alteration of result and increase of complexity would
be if there are numerical values allowed, are there lower and upper cases involved, are there special
characters involved, etc. On the brighter side of things, the way how a brute force attacks works it is assured
that it will find the password at the end of the attack, though the timeline it will get to it is very vague indeed.

 Eavesdropping Attacks
Eavesdropping attacks are when an attacker intercepts a victim’s network traffic as their sensitive data travels
from the victim’s device to their intended destination. This is usually done through software that monitors the
network traffic of the victim while they are connected to a weakly encrypted or unencrypted network like a
public Wi-Fi hotspot [7].

Web Attacks[edit | edit source]

Better known as Web application attacks in which an attacker exploits the vulnerabilities of a website’s code to
steal personal or sensitive information from the website’s own databases through various methods [8].
Types of Web Attacks[edit | edit source]

 SQL Injection
SQL or Structured Query Language is used in programming to allow the user to create, manipulate, and delete
databases. Attackers usually take try to take advantage of a website that has a data input field, web form, or
even a search bar. Normal users would generally input data like their name, phone, or identification number
while on the other hand, an attacker uses the the same input field and try to gain access to the website’s
database by entering SQL prompts or queries. If the input field is not tested properly, this allows an attacker to
execute specific SQL commands that can retrieve, change, or delete any information within the compromised
database [9].

 Cross-Site Scripting (XSS)

Cross-Site Scripting is another web attack in which a potential attacker exploits the vulnerabilities of the
website or web application. While SQL Injection is an attack that targets the website’s database, an XSS attack
targets the users who visits these websites directly. Attackers achieve this by embedding malicious code or
scripts on the website where a user will most likely interact with with; the most common choice would be an
input field. Once compromised, an attacker will have control over the victim’s browser. With it they can view the
browser history, cookies could be stolen, impart trojans, remote control the victim’s computer, etc [10].
Denial-of-Service(DOS) Attacks[edit | edit source]
A Denial-of-Service(DoS) attack inhibits the authorized users from accessing the system mostly by flooding the
existing system with huge amounts of gibberish data/requests resulting into a blockage in the system. This
attack basically overloads the system with an overwhelming quantity of data packets which is not anticipated by
the server which results into a slowdown or a block.[11] This may result into a slow internet connection which
may hamper the authorized user to access critical data like emails or files over FTP, etc. This may cause huge
losses in both time and money. Such attacks are rarely used to hack systems from the authorized users but
there have been cases where such DoS attacks were deployed to lock down the network and gain access to
the vulnerable firewalls. These attacks are not easy to identify as they may be easily be confused with slower
internet connection, etc. and may persist in an environment for as long as months.
Along with the regular DoS attacks, there is a different type of DoS attack called as a Distributed Denial-of-
Service(DDoS). This attack is very similar to a regular DoS attack in the sense that even they act as a
slowdown by throwing overwhelming amount of data packets at the target. But, the basic distinguish is that
DDoS are much more efficient and dangerous since they operate from an entire affected network rather than
from a single affected user. Hence, the DDoS is very difficult to dodge for any system since there is data
coming in from multiple sources at the same time.
Drive-by Downloads[edit | edit source]
The term drive-by download gives us all the insights as to how a malware can infect the whole system when a
user simply clicks on a website that runs the malicious code. There are various stages as to how this malware
infects the system. The first stage is called the entry point as explained above. The second stage is called the
distribution where some of the most trusted sites are compromised to redirect to the sites controlled by the
hackers. The third stage is called the exploit stage where the browser succumbs to the exploit kit which lets the
hackers know about the security vulnerability that it can easily attack. The following stage is the infection stage
where the hacker is well aware of the vulnerability point and it downloads the payload package which installs
itself into the computer. The final stage is the execution of the downloaded program which is designed to make
money for the masters.
Safeguards[edit | edit source]
We can defend ourselves from such exploitation and infection by doing three things. First of all is to set up the
accounts for users where there will outlines for limited access, no modification of applications or the Operating
System. In order to install, delete or update any software, there has to be separate account for the admin to
make changes and this account cannot be used for web or reading emails. Second of all, the updates for the
operating system should be automatically installed and there should be firewalls turned on every time. Lastly,
there should be installation for the robust anti-virus software product which can be updated timely and makes
proper scans.

Types of Cyber Criminals[edit | edit source]

Script kiddies[edit | edit source]
These kinds of hackers can be anyone who is encouraged by the urge of immaturity to become a wannabe
hacker. They have less technical knowledge and urge to run the scripts which have been pre-compiled so that
there will be disturbances in the software. They lack the technical expertise to even understand what the
software was meant to work for which lets them hack the systems which are very weakly secured.
Scammers[edit | edit source]
These are the daily scamming emails that we come across. Whenever we have to login into our email inbox we
receive probably more emails from the scammers which offer different proposals for discounted trips or
medicines, timeshares or personal ads.
Spammers[edit | edit source]
They are not direct criminals but commit the crime of wasting one's time. Spammers flood the email inbox with
ads and everything gibberish possible. They are not dangerous in any particular way but they are always
considered to be annoying and time-consuming. Spammers are even responsible for bringing in a real financial
cost by bringing in the necessity to install expensive and unstable anti-spam technologies.
Hacker activist groups[edit | edit source]
They are often called as the 'Hacktivists'. They can be considered as petty criminals who always are on the try
to prove their destructive behavior wherein they steal confidential information and release it publicly. They
generally work anonymously and are responsible for creating tools that makes the hacking easier.
Phishers[edit | edit source]
The most prominent example of such activities are when we receive notification about our account expiring and
where we have to update our information. This is not really the case. It's all the activities of the phisher to
extract personal information or the identity. There has been survey about this which says that there are around
20,000 to 30,000 phishing websites found every month.
Political/Religious/Commercial groups[edit | edit source]
These groups can be categorized into the ones which do not aim at financial gain. They generally aim at
developing malware for political success. One of the finest examples of such a malware is Stuxnet! This
malware was found in Iran’s atomic program but it was believed to be originated from some foreign
government. These can not be thought as harmless as they can have losses on the political, religion or
commercial level.
Professional Cybercriminals[edit | edit source]
These kind of people are the most dangerous ones as they have proper technical expertise and know what
they want to harm and how to harm. These are a group which can consist of technologists who have turned
themselves into cybercriminals. They do the most damage to government, financial institutions or e-commerce
businesses. They can be responsible for the most number of crimes than the rest combined.

Reason for Attacks[edit | edit source]

The complexity of networks, computers, operating systems, applications and other technology are
interconnected and driven by many lines of code. This increases the number of back-doors with the more
equipment attached. Inability to keep up with the change in technology, leaves little room for IT Professional to
quickly find solutions for problems. A reliance on products with known vulnerabilities allows entrance into
networks and personal computers before programmers are able to create a patch.

Impact on Business[edit | edit source]

The downtime required to repair networks that have been attacked, may harm the business's productivity,
revenue, financial performance and damage the companies reputation. The impact on business may range
from low to extreme impact. For example downtime that has minor impact on business may mean that minimal
amount of systems are affected.While on the other side of the coin is the extreme impact on business,the
company's future is at stake and cost of recover is inconsequential. Here is a list of cost involved of downtime:

 Direct Losses
 Loss of future earnings
 Billing losses of revenue
 Cash flow
 Stock price
 Overtime costs
 Loss of reputation

Prevention and Detection[edit | edit source]

Prevention[edit | edit source]

Firewall

A firewall guards the companies network from outside intrusion and to prevent employees from accessing
prohibited sites. Intrusion prevention systems prevent attacks by blocking viruses and other threats from getting
into the network. Antivirus software prevents viruses from infecting a computer by scanning for virus signatures.
For antivirus to be effective it must be up-to-date and uniformly deployed across the enterprise.
Detection[edit | edit source]
Intrusion protection system is software or hardware that monitors system resources, it identifies possible
intrusions into the system from either within or outside of the organization.there are three types of intrusion
systems:

 NIDS (Network intrusion detection system) identifies intrusions through network traffic and monitors
multiple hosts.
 HIDS (Host based intrusion detection system) identifies intrusions by reviewing host activities.
 SIDS (Stack based intrusion system) examines packets as they pass through the TCP/IP stack.
Security Audit[edit | edit source]
A company's network is a means of communication and sharing of information. However it comes under attack
everyday by professional or novice hackers with intention to use company information or databases for their
own fortune. But it is not compromised only by external individuals but also sometimes by personnel present in
the company. When performing your audit you will use any security policy that your organization has as a basis
for the work you are undertaking. You need to treat the policy initially as a threat. The Security Audit is a policy
based monitoring of existing procedures and practices of sites and accessing the risk associated by these
actions. There are a number of steps that need to be performed in order to complete a security audit. For
example:

1. Preparation
2. Review policy and documents
3. Discussion (interviews)
4. Technical Investigation
5. Report Presentation
6. Post Audit actions
To address issues related to security of company's network auditing is one of the many steps need to be taken
by a company.
Types of Audits[edit | edit source]
Self Audit (Informal Audit): Every company has few servers providing services to the company. To monitor
these processes every company develops some type of self-audit process to follow on regular basis. Some
companies have software to monitor all the process and then register entire logs to be evaluated later by
professionals. Based on these audit results if a bad on incorrect event is detected, you can even have the
event undone and the initiator’s account event locked out. The collectors will send all the daily logs to a
consolidator once a day where you will be able to create numerous reports and graphs surrounding your
security events. You can also use this for Trends and Analysis.
Information technology Audits (Formal IT Audit; Formal Auditing is mostly done by companies like KPMG,
Deloitte and other auditing firms): The purpose of an internal audit is to provide operations management with
an independent review of the adequacy and effectiveness of the operations’ internal controls.[12] The IT audit is
basically external auditing in which external auditors will be hired to perform all the required auditing
operations. These auditors contact internal auditing department and make their auditing requirements known to
the company. At the conclusion of the audit, usually an oral report is conducted with the management,
accompanied by a written report. At this time the company must plan actions to take in response to the report
or decide whether they wish to assume the risks involved. Once auditing is done and the report is presented, all
the concerned individuals should meet to discuss that what actions issues will arise from it and what steps
need to be taken to take care of it.[13]
Who commits cyber crimes?
Cyber Criminals[edit | edit source]
There are criminals who commit cyber crimes for different reasons. Some of them steal from companies and
private citizens for financial gain, while others steal secrets from not only companies, but governments and
private citizens. Some of the perpetrators aim to disrupt the infrastructure of the government or company.
Hackers test the limits of information systems for the challenge of doing so. Some believe that hackers perform
a service by exposing security risks. "Crackers" break into networks and systems to deface websites, crash
computers or networks, or spread harmful programs and/or hateful messages.
Malicious insiders are employees or officers of a business, institution, or agency that carry out activities
intended to cause harm to the organization. Malicious insiders are not always employees. They can be
consultants and contractors that have special access to sensitive information. It is difficult to detect and/or stop
malicious insiders. They are authorized to access the systems they abuse. Most systems are vulnerable to
these malicious actors because they were designed to keep intruders out. Insiders know how the systems work
and how to circumvent them. The organization may be able to take steps to reduce these attacks. Industrial
spies steal trade secrets to gain competitive advantage. Hacktivists and cyber-terrorists attack systems in order
to promote their ideologies and intimidate governments in order to achieve their goals.

Internet Stalkers[edit | edit source]

Whereas stalking was once an act requiring the physical tracking of an individual's movements, it has since
transcended the boundaries of reality and entered into the virtual worlds we tend to think of as private. Internet
stalkers are similar to real-world stalkers; in simplest terms, their behavior can be considered harassment. An
online stalker's behavior can take on many forms, dependent on their motive to stalk their chosen victim. These
behaviors can include impersonating another individual to gain information or build a relationship with their
victims and bullying by posting content that the victim might consider embarrassing or private to express power.
Internet stalkers tend to blackmail their victims by threatening to release personal or intimate content or
information. This is especially true if the cyber stalkers' motive for targeting their victims is financial gain or
simply generalized anger towards the victim. Behaviors can also include harassment on social media platforms
and continuous messaging from anonymous accounts. Although internet stalkers target individual victims,
companies and large organizations can be a byproduct of risk for a stalker attempting to gain information about
the victim. Statistics show that a majority of cyberstalking victims actually know their stalkers and report being a
stalker for over a year.[1] What is most frightening, however, is that only 12% of cyberstalking incidents are
reported to law enforcement, making it harder to accurately deduce the true extent of the issue.
Social Engineers[edit | edit source]
One of the best methods cybercriminals use is social engineering, which includes using psychological
manipulation to trick individuals into revealing private information. Cybercriminals use social engineering
methods since they are frequently simpler and more compelling than conventional hacking techniques. As
opposed to attempting to find weaknesses in a computer system or organization, social engineering assaults
focus on the human shortcomings of the people in question. Social engineering methods can sidestep even the
most potent safety efforts, like firewalls or antivirus programming, by fooling clients into intentionally giving their
sensitive information. Moreover, social engineering assaults can be sent off for an enormous scope, making it
feasible for cybercriminals to focus on a considerable number.
Hacktivists[edit | edit source]
Hacktivism consists of a group using their computer hacking skills to create a political statement towards the
government, power institutions, and other targets as a form of political activism [2]. It's mainly done anonymously
to ensure the safety of the activists and make it harder for the government and institutions to retaliate against
the hacktivists[2]. Hacktivists are extremists who have a strong sense of justice. They transcend the line of
peaceful protest and being seen. Hacktivism is a theatrical statement, making the groups go to extreme
lengths. Hacktivists use many methods: data theft, distributed denial of service (DDoS) attacks, spreading
awareness via social media for doxing, website defacement, and more. Data theft and DDoS attacks are used
as ransom to get the victim's attention to comply or do as the hacktivists state. Spreading awareness via social
media can lead to helping people know the truth about the government or institution or dox the victims to
expose them in hopes of change[3]. Lastly, website defacement brings a message about the importance of
hacktivists' political activism by posting it in front of the site.
The Cult of the Dead Cow (cDc), started in 1984, is also known as one of the oldest computer hacking
organizations. They rose to fame for their hacktivist campaigns and for starting Hohocon, one of the first hacker
conventions. The cDc was involved in various causes, such as targeting the Church of Scientology in the mid-
1990s. Their goal was to promote human rights along with freedom of information to ensure not only could
Chinese citizen but anyone who has been silenced and lack information due to censorship. [3]
Anonymous started in 2003 on the online message board 4chan doing their best to keep the internet
transparent.[3] They're well known for concealing their face with Guy Fawkes masks and using voice changers
or text-to-speech programs. Anonymous has attacked multiple countries, most notably: the United States,
United Kingdom, Australia, India, and many others. They seemed to have diminished from the public in 2018;
however, they came back in 2020 to support the Black Lives Matter Movement.
DkD[|| also started in 2003 like Anonymous; however, they are a Frech hacktivist known for website defacing.
They are notorious for defacing the U.S. Navy site because they promote political views and specifically spread
messages against U.S. military policies.[3] Allegedly DkD[|| was a 17-year-old teen boy causing many to believe
he was trying to show off his skills and less express political viewpoints.[3]
Identity Thieves[edit | edit source]
Identity theft is one of the oldest cyber crimes in history.[4] Identity theft is when someone uses your personal or
financial information without your permission.[4] These identity thieves are a group of people or individuals who
try to gain access to other people's personal information, such as names, addresses, phone numbers, emails,
bank accounts, social security numbers, credit card information, and even bank information. Once identity
thieves get ahold of the victim's personal information, they can access anything with your information. They can
make new accounts under your name, make or commit fraudulent transactions, or cause damage to your bank
account. With the latest technology and techniques today, many identity thieves can hack into corporations'
databases and steal a high volume of personal information and identities.
Deep fake technology is the new technology that uses artificial intelligence (AI) to create realistic pictures or
videos of anything or anyone. Deep fakes have been well-known in the film industry to bring dead actors back
to life or make actors look younger. Impersonating someone's face for entertainment purposes. Deep fakes are
now being used to commit cybercrime - identity theft.
With the improved technology, committing identity theft is easier for criminals now. Apps and software have
been created so anyone can easily make deep fakes. They can impersonate another person's voice and face
and use it for videos, pictures, or even voice messages.
Types of frauds:[edit | edit source]

 Ghost fraud: Criminals can use deep fake technology to steal the data of a deceased person and
impersonate the person for their financial gain. They can access credit cards and loan accounts with their
stolen identity.
 New account fraud: This is also known as application fraud when criminals use stolen identities to open
new bank accounts. Severe financial damage can happen because criminals will max out their credit cards
and take out loans under your name without paying them back.
 Synthetic identity fraud: Criminals mine information from multiple people and combine the information to
make a fake person that doesn’t exist. They would create new credit card accounts and max out the
accounts.
 Hiring fraud: Also known as recruitment fraud, is when criminals offer a person a fake job with unsolicited
emails, text messages, and recruitment website links. They will try to gain your personal information
through these applications and possibly set you up for illegal jobs.
Signs of identity thieves:[edit | edit source]

 Suspicious transactions in bank statements

 Mail stops coming to your house
 Debt collection calls for accounts you didn’t open
How to prevent:[edit | edit source]

 Don’t answer phone calls, text messages, or emails from people or numbers you don’t recognize.
 Do not share personal information like your Social Security number, bank account, or date of birth.
 Review bank statements often and watch for suspicious transactions.
 Store personal information in a safe place.
Cyber Terrorists[edit | edit source]
Cyberterrorists are terrorists who primarily have their acts of terrorism done through some form of cyberspace.
Acts of cyberterrorism are politically inspired cyber attacks in which the cyber criminal attempts to steal data
and/or corrupt corporate or government computer systems and networks, harming countries, businesses,
organizations, and even individuals. Cyberterrorists have been a larger concern due to society's already
developed fear of random, violent victimization, combined with the distrust, anxiety, and unfamiliarity of
computer technology. This creates an amalgamation of two worries that concern the people and creates a
larger unknown threat.[5]
Cyberterrorists differentiate themselves from other cybercriminals as their actions are often politically motivated
rather than seeking financial gain. This usually allows cyberterrorists to be in the public eye more than just
cybercriminals, as cyberterrorists' actions are often used to disturb the peace and seek media attention to
spread awareness of the politics, which goes against the cyberterrorists' beliefs/standpoint.
Recent discussions have argued about what qualifies as "cyberspace" and what qualifies as "an act of
terrorism." This has caused debate over different events if, in certain instances, an event qualifies as
cyberterrorism. Dorothy Denning, a professor of computer science, made the adopted unambiguous definition
of cyberterrorism. From her numerous articles on the subject and in her testimony before the House Armed
Services Committee in May 2000, she defined cyberterrorism as: The convergence of cyberspace and
terrorism. This refers to unlawful attacks and threats against computers, networks, and information belonging to
such. These actions may be done to intimidate or coerce a government or its people in furtherance of political
or social objectives. And in order to qualify as cyberterrorism, an attack should result in violence against
persons or property, or at least cause enough harm to generate fear."[6]
By going off this definition, attacks that lead to death or bodily injury, explosions, or severe economic loss
would be examples of cyberterrorist attacks. Serious attacks against critical infrastructures could also be acts of
cyberterrorism, depending on their impact. However, attacks that disrupt nonessential services or are mainly a
costly nuisance would not.
Recently, there has been an enormous upward spike when it comes to terrorist groups committing acts of
terrorism through cyberspace. This has been thanks to the growing dependence of our societies on information
technology has created a new form of vulnerability, giving terrorists a chance to approach targets that would
otherwise be unassailable. This includes national defense systems, air traffic control systems, government data
centers, etc. This allows infrastructural damage to a business or society and has shown that the more
technologically developed a country is, the more vulnerable it becomes to cyberattacks. Terrorist groups have
also flocked towards cyberterrorism as many protective measures have not been put in place against
cyberterrorism as of this moment (due to its more recent development), as well as the many benefits that the
digital world brings for criminal activities. There have been five significant benefits for these terrorist groups to
switch their activities from physical terrorism to cyberterrorism. These include price, anonymity, ease of access
to targets, all the benefits of remote work, and the ability for the act of terrorism to be even bigger than
planned.[6]
Cyber Crime and the Healthcare System[edit | edit source]
In today’s “high-tech” world, both wireless and software-controlled technologies are commonplace throughout
the medical world. From the bustling cities of Washington D.C. and Chicago, Illinois to the various small town
“one-stoplight” places around this country, the advancement in medical technology has in some way shape or
fashion affected all of us in many different ways. Even the normal “checkup” visit to the doctor brings us face-
to-face with some form of software-controlled devices such as “surgical and anesthesia devices, ventilators,
drug infusion pumps, patient monitors and external defibrillators” [7]. Most devices used in hospitals today are
controlled via software and are either connected to the Internet via a hospital Intranet or have the capability to
be connected via wireless technology.
And that is where one of the many problems arises——on the Internet. Most, if not everything, can be found,
viewed, used, and exploited as long as it is connected to the Internet. As long as there is something of value
out there in cyberspace, there will always be someone who tries to “hack” it, manipulate it or take it. Whether
that is for the good of mankind or the selfishness of one, people will always try to use the internet to their
advantage.
The healthcare industry is no stranger to cyber-crime. For the last ten years or so, most cyber-crimes against
the healthcare system were for monetary reasons whether that be through extortion or by stealing someone’s
identity.
Within the last few years there have been numerous security studies, conferences and demonstrations on the
topic of cybersecurity vulnerabilities relating to “internet-connected implanted medical devices” [8], “hard-coded
password vulnerabilities” [9] or “by the introduction of malware into the medical equipment or unauthorized
access to configuration settings in medical devices and hospital networks.” [10]
Implanted devices have been around for decades, but only in the last few years have these devices become
virtually accessible. While they allow for doctors to collect valuable data, many of these devices were
distributed without any type of encryption or defensive mechanisms in place. Unlike a regular electronic device
that can be loaded with new firmware, medical devices are embedded inside the body and require surgery for
“full” updates. One of the greatest constraints to adding additional security features is the very limited amount
of battery power available.[8]
There have been some health-care security related events in the past few years.
Anthem Blue Cross[edit | edit source]
On February 4, 2015, Anthem, Inc. experienced a data breach where more than 37.5 million records were
stolen by hackers. Anthem, Inc, is a US health insurance giant. In December of 2014, Anthem employees
noticed suspicious database queries. At the end of January of 2015, investigators confirmed unauthorized data
queries on the company’s servers. In total, almost 80 million Americans have had their personal information
exposed to hackers. This information includes: full names, addresses, SSNs, birthdays, etc. The truth about the
Anthem hack is that they failed to encrypt their files. [11]
Advocate Health Care[edit | edit source]
In July of 2013, there was a burglary from an office of Advocate Medical Group in Illinois which involved the
theft of four unencrypted desktop computers. This burglary may have exposed information of about 4 million
patients. [12] The information that may have been stolen on the Advocate computers involve names, addresses,
date of births, SSN, etc. While the Advocate computers were password protected, they were not encrypted.
Community Health Systems[edit | edit source]
In July of 2014, Community Health Systems confirmed its computer network was the target of an external
criminal cyber-attack in April and June 2014. The data taken includes names, addresses, birthdates, SSNs, etc.
The intruder was able to bypass the company’s security measures and successfully copy and transfer some
data existing on the company’s systems. [13]
Steps for Software Development

The software
development life cycle is the process of developing, testing, implanting and maintenance of software.

Information Gathering and Planning [edit | edit source]

This is the first step in software development, in which teams gather the business requirements. At this phase,
the primary emphasis of the project team and project managers is to identify the specific features required from
any program under consideration. Clients give programmers an abstract view of what they need the program to
do, at this time IT Professionals communicate whether or not the client's specification are able to be reached.
Sometimes Clients have requirements that contradict one another and this may make it difficult for the
programmer to do their job. At this point, it may best for the programmer to provide the client a demonstration
of code to communicate better what the client wants or expects. Scope document states what the client
expects from the project, describes the objectives and costs. If the project is developed outside of the company
or organization the scope could be used as a legally binding document. The scope should contain the following:

 The Project Name

 The project definitions
 The project owner, sponsors, and stakeholder
 The problem statement
 The project goals and objectives
 The project requirements
 The project deliverable
 Milestones
 Cost Estimates
Programmers may also want to review current systems (if any) to identify any existing procedures that may
continue in the new system. During the planning process IT professionals may want to replace the hardware in
order to facilitate the new system.Finally, a requirement specification document is created to act as a guidance
for the next stage of the software development process.

Design[edit | edit source]

This is the next stage in the software development process. The prototype design for the application is created
in this stage using the requirement specification document. System designs aid in the specification of hardware
as well as system needs. In software architecture, it also aids in the definition of an entire system. The system
design specifications are used as input for the next step of the software development methodology. The testers
build test strategies during this phase by describing what to test and how to check it.

Development and Testing[edit | edit source]

During the development phase, IT workers develop system interfaces, screen layouts and how the system
would generate reports. Users would then review and approve these features. Software designers may decide
to input redundancy has to protect the system from failure if an error occurs. Programmers then complete the
program, writes the code and test the software with different testing techniques. The testing ensures the
software works as specified in the project scope. If the project fails to meet a milestone, the budget, or the
project requirements the clients may sue IT professionals for any of the following:

 Fraud
 Misrepresentation
 Breach of Contract

Implementation, Documentations and Testing [edit | edit source]

The implementation process begins with the client and IT workers coming together to create a strategy of
implementation. Following the receipt of the design documentation for the software to be built, the work is split
evenly into numerous parts and modules. This is where the actual code starts. The production of excellent
codes by the software developers is the major emphasis of this phase. This is the most time-consuming phase
of the entire process. This stage is important for the developers. If anything goes wrong during the testing step,
or if any errors are discovered in the codes, the coding process will have to be repeated, and the cycle will
continue until the project is completed. All types of functional testing, including integration testing, unit testing,
system testing, acceptance testing, and non-functional testing, are completed at this point. This strategy covers
the who, what, when, where and how. Then the process of correcting and converting data to the new system
begins. Procedures for both users and IT workers are created. Documentation should contain the following:

 procedures
 instructions to end-users
 flowcharts data flow diagrams
 Archive, purge, and retrieval
 Backup, storage, and recovery
The organization's IT workers and End-users should be trained in the use and maintenance of the new system.
The system is then retested to make sure the system works as expected and to discover any bugs.

Maintenance[edit | edit source]

During the maintenance phase, they correct bugs discovered either through the testing phase or through use
by end users. Maintenance may also happen when the companies have new requirements of the system. The
maintenance phase may be the most time consuming of all because you may need to add code that does not
fit the original design. If the maintenance cost becomes out of control it may be more prudent to rebuild the
system then continue with the one currently used.

Ethical Issues in software development process [edit | edit source]

The demand for morally good software is growing as our dependence on software-supported activities grows.
Software companies are finding themselves in a situation where they are being held liable for unfavorable
results and prejudices resulting from the usage of software or the development process. Software security is
inextricably linked to ethics and professionalism. To protect the public's safety, ethics, and obedience to the law
are essential. Any deviation from the principles of ethics and professionalism may jeopardize the system's and
hence the public's safety. Organizations that care about their employees' safety should demand and promote
adherence to a code of ethics. It should also create a climate where employees may easily utilize, promote,
and debate the code of ethics. Because of the gravity of the issue, Safety Critical development teams, more
than anybody else, should be aware of their legal obligations when designing software. A safety-critical system
is frequently accountable for the user's life or death, which is a huge responsibility.

Social Networking, Virtual reality and Crime

Cyber-bullying[edit | edit source]
Technology is an ever growing part of children's lives.they spend more and more time either text messaging or
on social networking sites.because of this trend bully's have moved from not only being in the classroom but
also in the home.Technology such as social networking sites, Instant Messaging(IM), and text messaging since
children tend use these devices extremely different from their parents. Cyber-bullying is the harassment of one
minor to another via technology.Cyberbullies torment their victims by using social devices in the following ways.

 They may create fake profiles of their victims and post false, inappropriate information.
 Sending threatening or hurtful to their victims
 Logging into their victims social networks and modifying them to include inappropriate content.
 Taking inappropriate pictures of their victims and then posting them on social websites and maybe the
bullies personal blog.
Cyber bullying has led to many cases to many cases of suicide the most notable cases
File:Cyberbully-gmail.JPG Cyberbully-gmail

Cyber-stalking[edit | edit source]

Cyber-stalking is similar to cyber

Ethical Issues in Information Technology (IT)

Information Technology specifies to the components that are used to store, fetch and manipulate the information at
the minimum level with the server having an operating system. Information Technology have a wide area of
applications in education, business, health, industries, banking sector and scientific research at a large level. With
the leading advancement in information technology, it is necessary to have the knowledge of security issues, privacy
issues and main negative impacts of IT. To deal with these issues in IT society it is important to find out the ethical
issues.
Some of the major ethical issues faced by Information Technology (IT) are:
1. Personal Privacy
2. Access Right
3. Harmful Actions
4. Patents
5. Copyright
6. Trade Secrets
7. Liability
8. Piracy
These are explained with their affects as following below:
1. Personal Privacy:
It is an important aspect of ethical issues in information technology. IT facilitates the users having their own
hardware, operating system and software tools to access the servers that are connected to each other and to the
users by a network. Due to the distribution of the network on a large scale, data or information transfer in a big
amount takes place which leads to the hidden chances of disclosing information and violating the privacy of any
individuals or a group. It is a major challenge for IT society and organizations to maintain the privacy and
integrity of data. Accidental disclosure to inappropriate individuals and provisions to protect the accuracy of data
also comes in the privacy issue.

2. Access Right:
The second aspect of ethical issues in information technology is access right. Access right becomes a high
priority issue for the IT and cyberspace with the great advancement in technology. E-commerce and Electronic
payment systems evolution on the internet heightened this issue for various corporate organizations and
government agencies. Network on the internet cannot be made secure from unauthorized access. Generally, the
intrusion detection system are used to determine whether the user is an intruder or an appropriate user.

3. Harmful Actions:
Harmful actions in the computer ethics refers to the damage or negative consequences to the IT such as loss of
important information, loss of property, loss of ownership, destruction of property and undesirable substantial
impacts. This principle of ethical conduct restricts any outsiders from the use of information technology in
manner which leads to any loss to any of the users, employees, employers and the general public. Typically,
these actions comprises of the intentional destruction or alteration of files and program which drives a serious
loss of resources. To recover from the harmful actions extra time and efforts are required to remove the viruses
from the computer systems.

4. Patents:
It is more difficult to deal with these types of ethical issues. A patent can preserve the unique and secret aspect of
an idea. Obtaining a patent is very difficult as compared with obtaining a copyright. A thorough disclosure is
required with the software. The patent holder has to reveal the full details of a program to a proficient
programmer for building a program.

5. Copyright:
The information security specialists are to be familiar with necessary concept of the copyright law. Copyright
law works as a very powerful legal tool in protecting computer software, both before a security breach and surely
after a security breach. This type of breach could be the mishandling and misuse of data, computer programs,
documentation and similar material. In many countries, copyright legislation is amended or revised to provide
explicit laws to protect computer programs.

6. Trade Secrets:
Trade secrets is also a significant ethical issue in information technology. A trade secret secures something of
value and usefulness. This law protects the private aspects of ideas which is known only to the discover or his
confidants. Once disclosed, trade secret is lost as such and is only protected by the law for trade secrets. The
application of trade secret law is very broad in the computer range, where even a slight head start in the
advancement of software or hardware can provide a significant competitive influence.

7. Liability:
One should be aware of the liability issue in making ethical decisions. Software developer makes promises and
assertions to the user about the nature and quality of the product that can be restricted as an express warranty.
Programmers or retailers possess the legitimate to determine the express warranties. Thus they have to be
practical when they define any claims and predictions about the capacities, quality and nature of their software or
 hardware. Every word they say about their product may be as legally valid as stated in written. All agreements
should be in writing to protect against liability. A disclaimer of express warranties can free a supplier from being
held responsible of informal, speculative statements or forecasting made during the agreement stages.

8. Piracy:
Piracy is an activity in which the creation of illegal copy of the software is made. It is entirely up to the owner of
the software as to whether or not users can make backup copies of their software. As laws made for copyright
protection are evolving, also legislation that would stop unauthorized duplication of software is in consideration.
The software industry is prepared to do encounter against software piracy. The courts are dealing with an
increasing number of actions concerning the protection of software.

Supporting the ethical practices of IT users:

1 COMP427 Ethics for IT Professionals and IT Users

2 Consider the following questions ?

What are the key characteristics that distinguish a professional from other kinds of workers and what is the role of an IT
professional?What are the various professional relationships that must be managed by the IT professional and what are the
key ethical issues that can arise in each?How do codes of ethics, professional organizations, certification, and licensing
affect the ethical behaviour of IT professionals?What are the common ethical issues that face IT users?What approaches
can be taken to support the ethical practices of IT users?

3 ObjectivesIdentify the key characteristics that distinguish a professional from other kinds of workers.Understand various
professional relationships and associated key ethical issues.Discuss how codes of ethics, professional organizations, and
certifications and licensing affect the ethical behavior of IT professionals.Identify the key tenets of 4 different codes of ethics
that provide guidance for IT professionals.Identify the common ethical issues that face IT users.Discuss approaches for
supporting the ethical practices of IT users.

4 What is a Professional?Profession is a calling requiring specialized knowledge and often long intensive academic
preparation.The United States Code of Federal Regulations defines a person “employed in a professional capacity” as one
who meets these four criteria:One’s primary duties consist of the performance of work requiring knowledge of an advanced
type in a field of science or learning customarily acquired by a prolonged course of specialized intellectual instruction and
study or work.One’s instruction, study, or work is original and creative in character in a recognized field of artistic endeavor
and the result of which depends primarily on the invention, imagination, or talent of the employee.

5 What is a Professional?One’s work requires the consistent exercise of discretion and judgment on its performance.One’s
work is predominately intellectual and varied in character and is of such character that the output produced or the result
accomplished cannot be standardized in relation to a given period of time.

6 Definition of an IT Professional
Given the definition of “professional”, there are many business workers whose duties, background and training, and work
could qualify them to be classified as professionals.These people include marketing analysis, financial consultants, and IT
specialists.A partial list of IT specialists includes programmers, systems analysts, software engineers, database
administrators, LAN administrators, and chief information officers (CIOs).It could be argued that not every IT role requires
“knowledge” of an advanced type in a field of science or learning customarily acquired by a prolonged course of specialized
intellectual instruction and study.

7 Definition of an IT Professional
Eg. Does someone who completes a two-year, part-time training program in LAN administration meet the criteria to be
classified as a professional?From a practical standpoint, the IT industry recognizes people from a wide set of backgrounds,
education, and personal experience in many different roles as IT professionals – provided they can do the job required by
such a role.

8 Information Technology Professionals

Many workers in the IT industry are considered to be professionals. A partial list includes:Programmers/AnalystsSoftware
engineersDatabase administratorsNetwork administratorsChief information officers

9 Professional Relationships
IT professionals become involved in many different types of relationships.Professional-employerProfessional-
clientProfessional-supplierProfessional-professionalProfessional-IT userProfessional-society
10 Stewards of IT Resources
IT professionals must set the example and enforce the policies that promote ethical use of IT resources.Software piracy is
the act of illegally making copies of software.Trade secret is a piece of information that is generally not known to the publ ic
that is held confidential.

11 Professional Codes of Ethics

A professional code of ethics states the principles and core values essential to the work of a particular occupational
group.Practitioners in many professions subscribe to a code of ethics that governs their behaviour.Most codes of ethics
created by professional organizations have two main parts.Outlines what the professional organization aspires to
becomeTypically lists rules and/or principles by which members of the organization are expected to abideMany codes also
include a commitment to continuing education as a fundamental tenet in recognition of need for life-long learning by those
who practice the profession.

12 Professional Codes of Ethics

Laws do not provide a complete guide to ethical behaviour.Just because an activity is not defined as illegal does not mean
that it is ethical.We cannot expect a professional code of ethics to provide the complete answer – no code can be the
definitive collection of behavioral standards.Only by understanding and adopting the principles behind the code and
interpreting what is really intended can one achieve the intent.If one fully embraces and practices according to a
professional code of ethics, there are many benefits – for the individual, for the profession, and for society as a whole.

13 Professional Codes of Ethics

The following are the benefits of a code of ethics :Improves ethical decision-makingPromotes high standards of practice and
ethical behaviourEnhances trust and respect from the general publicProvides an evaluation benchmark

14 Improves Ethical Decision-Making

Adherence to a professional code of ethics means that practitioners will use a common set of core values and beliefs to
serve as a guideline for ethical decision-making.

15 Promotes High Standards of Practice

Adherence to a professional code of ethics reminds professionals of the responsibilities and duties that they may be tempted
to compromise to meet the press of day-to-day business.The code also defines the behaviours that are acceptable and
unacceptable to guide professionals in their interactions with others.Strong codes of ethics actually have procedures for
censuring professionals for serious violations, with penalties up to and including the loss of the right to continue to practice.

16 Promotes High Standards of Practice

Such codes are the exception, and no such codes exist in the IT arena.Public trust is built on the expectation that a
professional will behave ethically.We often find ourselves placed in a position where we must depend on the integrity and
good judgment of a professional to tell the truth, abstain from giving self-serving advice, and offer warnings of the potential
negative side effects of our actions.Thus, adherence to a code of ethics enhances our trust and respect of the professional
and their profession.

17 Provides an Evaluation Benchmark

A code of ethics provides an evaluation benchmark that can be used by the professional as a means of self-
assessment.Peers of the professional can also use the code for purposes of recognition or censure of individuals.

18 IT Professional-Society
IT professionals develop and support systems that interact with the world around them.The public expects that the members
of the IT profession will practice the profession in a way that will not bring harm to society.

19 Association of Computing Machinery (ACM)

A computing society founded in 1947The ACM serves more than 80,000 professionals in over 100 countries and offers more
than 24 publications for technology professionals.The ACM has a code of ethics and professional conduct with supplemental
explanations and guidelines.The ACM code consists of 8 general moral imperatives, 8 specific professional responsibilities,
6 organizational leadership imperatives, and 2 elements of compliance.

20 Association of Information Technology Professionals (AITP)

The AITP was formed in the 1950s to enable its members to keep ahead of the rapid pace of change in information
technology.Its mission is to provide superior leadership and education in information technology.One of its goals is to help its
members become more marketable in the broad and rapidly changing career field of information technology.The AITP also
has a code of ethics and standards of conduct.
21 Computing Society of the Institute of Electrical and Electronics Engineers (IEEE-CS)
The Institute of Electrical and Electronics Engineers (IEEE) covers the very broad fields of electrical, electr onic, and
information technologies and sciences.The IEEE-CS is one of the oldest and largest IT professional associations with over
100,000 members.Nearly a third of its members live and work outside the United States.Founded in 1946, it is the largest of
the 36 societies of the IEEE.

22 Computing Society of the Institute of Electrical and Electronics Engineers (IEEE-CS)

The IEEE-CS’s vision is to be the leading provider of technical information and services to the world’s computing
professionals.The society promotes an active exchange of information, ideas, and technological innovation among its
members through its many conferences, applications-related and research-oriented journals, local and student chapters,
technical committees, and standards working group.

23 IT Professional Bodies in Hong Kong

Association for Computing Machinery (HK Chapter) ACM is the world's oldest and largest educational and scientific
computing society. Since 1947 ACM has provided a vital forum for the exchange of information, ideas, and discoveries.
Today, ACM serves a membership of more than 80,000 computing professionals in more than 100 countries in all areas of
industry, academia, and government.Hong Kong Computer Society The Hong Kong Computer Society (HKCS) was founded
in 1970 as a non-profit making professional body with the primary objective to promote the uses of information technology
(IT) in Hong Kong by providing a medium for disseminating knowledge and promoting the appreciation of IT and related
tools.

24 IT Professional Bodies in Hong Kong

Hong Kong Society of Medical Informatics Founded in April 1987 by a group of medical practitioners and informatics
professionals with special interests in medical informatives and computing and communications. The specific objectives of
the Society are to promote the establishment of Information Infrastructure, applications and information content of
Information technology in Medicine...Information Security and Forensics SocietyInformation System Audit and Control
Association (Hong Kong Chapter)

25 IT Professional Bodies in Hong Kong

Internet Professionals AssociationProfessional Information Security Association PISA is a not-for-profit organization for local
information security professionals. PISA focus on developing the local information security market with a global presence in
the industry. Its vision is to be the prominent body of professional information security practitioners, and utilize our expertise
and knowledge to help bring prosperity to the society in the Information Age..

26 Certification & Licensing

Certification is a process administered by a profession or organization that one undertakes voluntarily to prove competency
in a set of skills.Licensing is a process generally administered by the state that professionals must undertake to prove that
they can practice their profession in a way that is ethical and safe to the public.

27 Current IT Certifications
Institute for Certification of Computing Professionals (ICCP)Associate Computing Professional (ACP)Certified Computing
Professional (CCP)American Society for Quality Control (ASQC)

28 Issues Associated with Licensing IT Professionals

No universally accepted core body of knowledge.It is unclear who should manage the content and administration of licensing
exams.No body to do accreditation of professional education programs.No body to assess and assure competence of
individual professionals.

29 IT Professional-Employer
The relationship between a professional and an employer requires ongoing efforts by both parties to keep it
strong.Professionals and employers discuss many job aspects before employment begins.

30 IT Professional-Client
In this relationship, the professional and client each agree to provide something of value to each other.The IT professional
usually provides a hardware or software product and the client provides compensation.

31 IT Professional-Supplier
IT professionals may have many different relationships with many software, hardware, and service providers.The IT
professional must be on guard to keep the relationships honest and business related.
32 IT Professional-Professional
Professionals feel a degree of loyalty to other members in the profession.Professionals help support each other
publicly.Professionals owe one another an adherence to the profession’s code of conduct.

33 IT Users Common IT users ethical issues: Software piracy.

Inappropriate use of computing resources.Inappropriate sharing of information.

34 IT Professional-IT User
An IT user is a person for whom the hardware or software is designed.Professionals have a duty to understand the needs
and capabilities of users.Professionals have a responsibility to deliver their product or service on time and within budget.

35 Supporting Ethical Practices of IT Users

Define and limit the appropriate use of IT resources.Establish guidelines for the use of company software.Structure
information systems to protect data and information.Install and maintain a corporate firewall.

36 Summary A professional is someone:

who requires advanced training and experience.who exercises discretion and judgment during work.whose work cannot be
standardized.IT professionals have many different relationships that have different ethical issues.

37 SummaryA professional code of ethics states the principles and core values essential to the work of a particular
occupational group.Licensing and certification of IT professionals would increase the reliability and effectiveness of
information systems.

38 Summary IT users encounter many ethical issues, including:

Software piracy.Inappropriate use of IT resources.Inappropriate sharing of private and secret data.An IT usage policy helps
users understand how to appropriately use IT resources.