ETHICS IN INFORMATION TECHNOLOGY,

INTERNET CRIME
 IT Professionals
Profession 🡪 A job that needs a high level of
training and/or education
Ex: Doctors, Lawyers
The United States Code of federal regulations
defines a “professional employee” as one who is
engaged in the performance of work
Require scientific knowledge
Requiring decision making skill
Many people would also expect professionals
to contribute to society
to participate in a lifelong training program
to keep developments in their field
to assist other professionals in their
development.
Are IT Workers Professionals?
Professional Relationships That Must Be Managed
Relationships Between IT Workers and
Employers
IT workers and employers multifaceted relationship
Both agree on fundamental aspects of this relationship
before the worker accepts an employment offer.
These issues may include
job title
general performance expectations
specific work responsibilities
dress code
location of employment
salary
work hours
Some aspects develop later ( using of programming
language)
Software piracy is an area in which IT workers may be
tempted to violate laws and policies (end user may
affect)
Business Software Alliance (BSA) 🡪 Group of software
and hardware manufacture.
mission is to stop the unauthorized copying of software
produced by its members

• the programmithe programming

• The programming language to be used,
the type and amount of documentation to
be produced, and the extent of testing to
be conducted.
 Trade secrecy is another area that can present
challenges for IT workers and their employers.
A trade secret is information, generally
unknown to the public, that a company has
taken strong measures to keep confidential
Ex: KFC chicken, Intel i7 processor chip
• Whistle-blowing is an effort by an employee to
attract attention to a negligent, illegal, unethical,
abusive, or dangerous act by a company that
threatens the public interest.
Ex: chemical used to generate chip is
dangerous
Relationships Between IT Workers and Clients
IT workers provide services to clients
“clients” are
coworkers
Part of other organization
IT worker provides
Hardware
software
services at a certain cost and within a given time frame
Ethical Issues
conflict of interest 🡪 conflict between IT worker and Client
interest
Fraud 🡪 Fraud is the crime of obtaining goods, services, or
property through deception
Misrepresentation 🡪 Misrepresentation is the misstatement
or incomplete statement of a material fact
Breach of contract🡪 occurs when one party fails to meet
the terms of a contract.
• material breach of contract occurs when a party fails to perform
certain express or implied obligations, which impairs or
destroys the essence of the contract
 Consider the following frequent causes of
problems in IT projects:
The customer changes the scope of the project or the
system requirements.
Poor communication between customer and vendor
The vendor delivers a system that meets customer
requirements, but a competitor comes out with a system
that offers more advanced and useful features.
The customer fails to reveal information about legacy
systems or databases that make the new system extremely
difficult to implement.
Relationships Between IT Workers and
Suppliers
IT workers can develop good relationships with suppliers
by dealing fairly with them and not making unreasonable
demands.
Bribery is the act of providing money, property, or favors
to someone in business or government in order to obtain
a business advantage.
Relationships Between IT Workers and
Other Professionals

Professionals must have an interest in their

profession
Experienced professionals can also serve as
mentors and help develop new members of the
profession.
resume inflation 🡪 Resume inflation is to
include false or misleading information on one's
resume to make oneself a more attractive
candidate for a job.
• resume inflation, which involves lying on a resume
and claiming competence in an IT skill that is in
high demand. C
Inappropriate sharing of corporate information.
•
• IT workers have access to corporate databases
of private and confidential information about
employees, customers, suppliers, new product
plans, promotions, budgets,and so on.
Relationships Between IT Workers and IT
Users
The term IT user refers to a person who uses a hardware
or software product;
IT workers who develop, install, service, and support the
product.
IT users need the product to deliver organizational
benefits or to increase their productivity.
IT workers have a duty to understand a user’s needs and
capabilities and to deliver products and services that
best meet those needs—subject, of course, to budget
and time constraints.
IT workers also have a key responsibility to establish an
environment that supports ethical behavior by users.
Such an environment discourages software piracy,
minimizes the inappropriate use of corporate computing
resources, and avoids the inappropriate sharing of
information
Relationships Between IT Workers and
Society
Regulatory laws establish safety standards for products
and services to protect the public.
These laws are less than perfect, and they cannot
safeguard against all negative side effects of a product
or process.
professionals can clearly see the effect their work will
have and can take action to eliminate potential public
risks.
society expects members of a profession to provide
significant benefits and to not cause harm through their
actions.
One approach to meeting this expectation is to establish
and maintain professional standards that protect the
public.
 Professional Codes of Ethics
A professional code of ethics states the principles and
core values that are essential to the work of a particular
occupational group.
Following a professional code of ethics can produce
many benefits for the individual, the profession, and
society as a whole:
Ethical decision making—common set of core values and
beliefs as a guideline for ethical decision making.
High standards of practice and ethical behavior—defines
acceptable and unacceptable behaviors to guide
professionals in their interactions with others.
Trust and respect from the general public
Evaluation benchmark – Self Assessment
 Professional Organizations

A professional organization, sometimes referred to as a

professional association or professional body, exists
to advance a particular profession,
support the interests of people working in that profession
serve the public good
Association for Computing Machinery (ACM)
computing society founded in 1947 with over 97,000
student and professional members in more than 100
countries.
The ACM sponsors 37 special-interest groups (SIGs)
representing major areas of computing.
Each group provides publications, workshops, and
conferences for information exchange
Institute of Electrical and Electronics Engineers
Computer Society (IEEE-CS)
covers the broad fields of electrical, electronic, and
information technologies and sciences.
Founded in 1946
offers a Certified Software Development Professional
(CSDP)program for experienced professionals
Certified Software Development Associate (CSDA)
credential for recent college graduates (Entry level
Association of Information Technology Professionals
(AITP)
Started in 1951
provides IT-related seminars and conferences, information
Its mission is to provide superior leadership and education
in information technology
one of its goals is to help members make themselves more
marketable within their industry
SysAdmin, Audit, Network, Security (SANS) Institute
Institute provides information security training and
certification for a wide range of individuals, such as
auditors, network administrators, and security managers.
At no cost, SANS makes available a collection of some
1,200 research documents about various topics of
information security.
SANS also operates Internet Storm Center—monitors the
malicious activity on the Internet
Standard Code of Ethics
In recognition of my obligation to management I shall:
• Keep my personal knowledge up-to-date and insure that
proper expertise is available when needed.
• Share my knowledge with others and present factual and
objective information to management to the best of my
ability.
• Accept full responsibility for work that I perform.
• Not misuse the authority entrusted to me.
• Not misrepresent or withhold information concerning the
capabilities of equipment, software or systems.
In recognition of my obligation to my fellow members and the
profession I shall:
• Be honest in all my professional relationships.
• Take appropriate action in regard to any illegal or unethical
practices that come to my attention. However, I will bring
charges against any person only when I have reasonable
basis for believing in the truth of the allegations and without
any regard to personal interest.
• Endeavor to share my special knowledge.
• Cooperate with others in achieving understanding and in
identifying problems.
• Not use or take credit for the work of others
without specific acknowledgement and
authorization.
• Not take advantage of the lack of knowledge or
inexperience on the part of others for personal
gain.
In recognition of my obligation to society I shall:
• Protect the privacy and confidentiality of all information
entrusted to me.
• Use my skill and knowledge to inform the public in all areas
of my expertise.
• To the best of my ability, insure that the products of my work
are used in a socially responsible way.
• Support, respect, and abide by the appropriate local, state,
provincial, and federal laws.
• Never misrepresent or withhold information that is germane
to a problem or situation of public concern nor will I allow
any such known information to remain unchallenged.
• Not use knowledge of a confidential or personal nature in any
unauthorized manner or to achieve personal gain
In recognition of my obligation to my employer I shall:
• Make every effort to ensure that I have the most current
knowledge and that the proper expertise is available when
needed.
• Avoid conflict of interest and insure that my employer is aware
of any potential conflicts.
• Present a fair, honest, and objective viewpoint.
• Protect the proper interests of my employer at all times.
• Protect the privacy and confidentiality of all information
entrusted to me.
• Not misrepresent or withhold information that
is germane to the situation.
• Not attempt to use the resources of my
employer for personal gain or for any
purpose without proper approval.
• Not exploit the weakness of a computer system
for personal gain or personal satisfaction.
 Certification
Certification indicates that a professional possesses a
particular set of skills, knowledge, or abilities, in the
opinion of the certifying organization
Vendor Certifications 🡪 IT vendors—such as Cisco, IBM,
Microsoft, SAP, and Oracle—offer certification programs
Industry Association Certifications 🡪 Based on
experience and qualification. (New technologies not
included)
Subject area Organization providing certification Primary certification
Auditing Information Systems Audit and Certified Information Systems
Control Association (ISACA) Auditor (CISA)

General Institute for Certification of Certified Computing

Computing Professionals (ICCP) Professional
(CCP)

Security International Information Certified Information Systems

Systems Security Certification Security Professional (CISSP)
Consortium, Inc. (ISC)2
SysAdmin, Audit, Network, Global Information Assurance
Security (SANS) Institute Certification (GIAC)

Computer Computing Technology Industry CompTIA

service Association (CompTIA)
technician
Certificates Intended for Primary eligibility requirements

Project Management Individuals who lead and direct 3–5 years of project management
Professional (PMP) projects experience, depending on level of
college education
Certified Associate of Individuals who contribute to 1,500 hours of experience or
Project Management project teams 23 hours of project management
(CAPM)
education

Program Individuals who achieve organizational 4–7 years of both project management
Management objectives through defining and program management
Professional (PgMP)
and overseeing projects and experience, depending on level of
resources college education

PMI Scheduling Individuals who develop and 3,500–5,000 hours of project scheduling
Professional maintain project schedules experience and 30–40 hours of
(PMI-SP)
project scheduling education,
depending on level of college
education

PMI Risk Individuals who assess and identify 3,000–4,500 hours of project risk
Management risks, mitigate threats, and identify management experience and 30–40
Professional
and take advantage of unique project hours of project risk management
(PMI-RMP)
opportunities education, depending on level of
college education