Ethics in Information Technology

Chapter 1
An Overview of Ethics
Learning Objectives
 What is ethics, and why is it important to act
according to a code of ethics?
 Why is business ethics becoming increasingly
important?
 What are organizations doing to improve their
business ethics?

2
Learning Objectives
 Why are organizations interested in fostering good
business ethics?
 What approach can you take to ensure ethical
decision making?
 What trends have increased the risk of using
information technology in an unethical manner?

3
Ethics
Set of beliefs about right and wrong behavior within a
society
• Moral code: Statements about how people should behave within a society

Morality: Shared social conventions about right and

wrong that become the basis for an established consensus
• Vary by age, culture, ethnicity, religion, life-experiences, education, and
gender

Virtues and vices define an individual’s moral values

• Virtue: Habit that inclines people to do what is acceptable(highly moral)

• Vice: Habit of unacceptable behavior(Wicked behavior)

4
Integrity
 Acting in accordance with a personal code of
principles
 Extending same respect and consideration to all
that one expects to receive from others
 Applying the same moral standards in all
situations
 Inconsistency emerges:
 In a situation that conflicts with one’s moral standards
 If one applies moral standards differently according to
the situation or people involved
5
Difference Between Morals, Ethics,
and Laws
Morals Ethics Law

• Personal beliefs • Standards or • System of rules,

about right and codes of enforced by a set
wrong behavior of institutions,
• Moral acts expected of an that tells us what
conform to what individual by a we can and
an individual group to which cannot do
believes to be the individual • Legal acts are
the right thing to belongs acts that
do conform to the
law

6
Ethics in the Business World
 Following increases likelihood of unethical
behavior
 Highly complex work environments make it difficult to
apply principles and codes of ethics consistently
 Pressure to maintain revenue and profits
 Risk of financial loss and criminal or civil lawsuits
is more prevalent for businesses that act
unethically
 Result of heightened vigilance by employees,
shareholders, and regulatory agencies

7
Bathsheba Syndrome:

 published in a business journal in 1993, asserts

that the ethical failure of powerful leaders is often
not the result of an individual’s low morals, but the
byproduct of success
 Reference to the biblical story of King David, who
became corrupted by his power and success
 Moral corruption of those in power is facilitated
when people choose to ignore their leaders
inappropriate behavior
8
Corporate Social Responsibility (CSR)
 Organization taking responsibility for the impact of
its actions on the:
 Environment
 Community
 Welfare of its employees
 Supply chain sustainability: Developing and
maintaining a supply chain that meets the needs of
the present without compromising the ability of
future generations to meet their needs

9
Why Fostering Good Business Ethics Is Important?

To gain the good will of the community

To create an organization that operates consistently

To foster good business practices

To protect organization/employees from legal action

To avoid unfavorable publicity

10
Gaining the Good Will of the Community

 Although organizations exist primarily to earn

profits or provide services to customers, they also
have some fundamental responsibilities to society.
 often they declare these responsibilities in a formal
statement of their company’s principles or beliefs .
Creating an Organization That Operates Consistently
 Organizations develop and abide by values to create an organizational
culture and to define a consistent approach for dealing with the needs
of their stakeholders—shareholders, employees, customers, suppliers,
and the community.
 each company’s value system is different, many share the following
values:
 • Operate with honesty and integrity, staying true to organizational
principles
 • Operate according to standards of ethical conduct, in words and action
 • Treat colleagues, customers, and consumers with respect
 • Strive to be the best at what matters most to the organization
 • Value diversity
 • Make decisions based on facts and principles
Fostering Good Business Practices
 good ethics can mean good business and improved
profits. Companies that produce safe and effective
products avoid costly recalls and lawsuits.
 Companies that provide excellent service retain
their customers instead of losing them to
competitors.
 Companies that develop and maintain strong
employee relations suffer lower turnover rates and
enjoy better employee morale.
 Suppliers and other business partners often place
a priority on working with companies that operate
in a fair and ethical manner.
Protecting the Organization and Its Employees
from Legal Action
 In a 1909 ruling (United States v. New York Central & Hudson River
Railroad Co.), the U.S. Supreme Court established that an employer can be
held responsible for the acts of its employees even if the employees act in a
manner contrary to corporate policy and their employer’s directions.
 The principle established is called respondeat superior,or “let the master
answer.”
 An example of the application of this principle can be found in the collapse
in 2002 of Arthur Andersen, one of the “Big Five” international accounting
firms.
 Andersen was indicted by the Department of Justice for obstruction of
justice for the shredding of documents associated with the auditing work
that a few of its partners performed for Enron.
 Andersen was forced to relinquish its auditing license. It closed its U.S.
offices due to lack of clients, and some 26,000 employees lost their jobs.
Avoiding Unfavorable Publicity

 The public reputation of a company strongly

influences the value of its stock, how consumers
regard its products and services, the degree of
oversight it receives from government agencies,
and the amount of support and cooperation it
receives from its business partners.
 Thus, many organizations are motivated to build a
strong ethics program to avoid negative publicity.
Improving Corporate Ethics
 Research by the Ethics Resource Center found that only one in four
organizations has a well-implemented ethics and compliance program.
 The Ethics Resource Center has defined the following characteristics of
a successful ethics program:
 • Employees are willing to seek advice about ethics issues.
 • Employees feel prepared to handle situations that could lead to
misconduct.
 • Employees are rewarded for ethical behavior.
 • The organization does not reward success obtained through
questionable means.
 • Employees feel positively about their company
Some of the actions, corporations can take to
improve business ethics.

 Appointing a Corporate Ethics Officer

 Ethical Standards Set by Board of Directors
 Establishing a Corporate Code of Ethics
 Conducting Social Audits
 Requiring Employees to Take Ethics Training
 Including Ethical Criteria in Employee
Appraisals
Corporate Ethics Officer
 Provides an organization with vision and
leadership in the area of business conduct
 Ideally a senior-level manager who reports directly
to the CEO
 Known as corporate compliance officer
 Responsibilities
 Ensuring compliance of ethical procedures
 Creating and maintaining the ethics culture that the
highest level of corporate authority wishes to have
 Being the key contact person for ethics issues
19
Ethical Standards Set by Board of
Directors
 Conducting themselves according to the highest
standards of personal and professional integrity
 Setting the standard for company-wide ethical
conduct
 Ensuring compliance with laws and regulations
 Creating an environment in which employees can:
 Seek advice about business conduct
 Raise issues
 Report misconduct

20
Establishing a Corporate Code of
Ethics
 Code of ethics: Statement that:
 Highlights an organization’s key ethical issues
 Identifies the overarching values and principles
important to the organization and its decision making
 Organizational code of ethics should:
 Apply to its directors, officers, and employees
 Focus on employees in work-roles susceptible to ethical
risk
 Provide mechanisms for reporting unethical conduct
 Fostering a culture of honesty and accountability
21
Sarbanes-Oxley Act of 2002
 Enacted in response to public outrage over several
major accounting scandals
 Section 404
 Annual reports must be signed by the CEO and CFO
attesting that the information in the firm’s SEC filings is
accurate
 Section 406
 Public companies must disclose whether they have a code
of ethics and any waiver of the code for certain members
of management

22
Sarbanes-Oxley Act of 2002
 Requires listed companies to have code applicable
to all employees, senior management, and
directors
 Code of ethics
 Company-wide acceptance requires employee
participation and endorsement by the leadership
 Must be easily accessible by employees, shareholders,
business partners, and the public
 Must continually be applied to a company’s decision
making and be an important part of its culture

23
Social Audit
 Organization reviews its ethical and social
responsibility goals, and communicates its goals
for the upcoming year
 Information is shared with the:
 Stakeholders
 Market analysts
 Government agencies
 Communities in which the organization operates

24
Ethics Training for Employees
 Includes:
 Showing employees examples of how to apply the code of
ethics in real life
 Comprehensive ethics education program that
encourages employees to act ethically
 Goal
 Encourage employees to report any misconducts
 Show employees effective ways of reporting incidents
 Reassure employees that such feedback will be acted on
and that they will not be subjected to retaliation
25
Ethical Criteria in Employee
Appraisals
 Treating others fairly and with respect
 Operating effectively in a multicultural
environment
 Accepting personal accountability for meeting
business needs
 Continually developing others and themselves
 Operating openly and honestly with suppliers,
customers, and other employees

26
Creating an Ethical Work Environment
 Employees in highly competitive workplaces often
feel pressure from aggressive competitors,
cutthroat suppliers, unrealistic budgets,
unforgivingquotas, tight deadlines, and bonus
incentives. Employees may also be encouraged to
do “whatever it takes” to get the job done.
 Table 1-3 shows how management’s behavior can
result in unethical employee behavior;
 Table 1-4 provides a manager’s checklist for
establishing an ethical workplace
Table 1.4 - Manager’s Checklist for Establishing
an Ethical Work Environment

29
 Including Ethical Considerations in Decision
Making
 Most of us have developed a decision-making
process that we execute automatically, without
thinking about the steps we go through.
 For many of us, the process generally follows the
steps outlined in Figure 1-4.
Develop a Problem Statement
 A problem statement is a clear, concise description of the
issue that needs to be addressed.
 A good problem statement answers the following
questions:
 What do people observe that causes them to think there is
a problem?
 Who is directly affected by the problem?
 Is there anyone else affected?
 How often does it occur?
 What is the impact of the problem?
 How serious is the problem?
 Good problem statement: Our product supply
organization is continually running out of stock of
finished products, creating an out-of-stock situation
on over 15 percent of our customer orders, resulting
in over $300,000 in lost sales per month.
 Poor problem statement: We need to implement a
new inventory control system. ( This is a possible
solution, not a problem statement.)
 Poor problem statement: We have a problem with
finished product inventory.( This is not specific
enough.)
Evaluate and Choose an Alternative
 Once a set of alternatives has been identified, the
group attempts to evaluate them based on numerous
criteria, such as effectiveness at addressing the issue,
the extent of risk associated with each alternative,
cost, and time to implement.
 The alternative selected should be ethically and
legally defensible; be consistent with the
organization’s policies and code of ethics; take into
account the impact on others; and, of course, provide
a good solution to the problem.
 Philosophers have developed many approaches to aid
in ethical decision making. Four of the most common
approaches, which are summarized in Table 1-5
Virtue Ethics Approach
 The virtue ethics approach to decision making
focuses on how you should behave and think about
relationships if you are concerned with your daily
life in a community.
 A proponent of virtue ethics believes that a
disposition to do the right thing is more effective
than following a set of principles and rules, and that
people should perform moral acts out of habit, not
introspection.
 For example, honesty and openness when dealing
with others are generally considered virtuous;
however, a corporate purchasing manager who is
negotiating a multimillion dollar deal might need
to be vague in discussions with potential suppliers.
Utilitarian Approach
 The utilitarian approach to ethical decision making
states that you should choose the action or policy
that has the best overall consequences for all
people who are directly or indirectly affected. The
goal is to find the single greatest good by balancing
the interests of all affected parties
Fairness Approach
 The fairness approach focuses on how fairly
actions and policies distribute benefits and
burdens among people affected by the decision.
The guiding principle of this approach is to treat all
people the same.
 However, decisions made with this approach can
be influenced by personal bias toward a particular
group, and the decision makers may not even
realize their bias.
Common Good Approach
 he common good approach to decision making is
based on a vision of society as a community whose
members work together to achieve a common set of
values and goals.
 Decisions and policies that use this approach
attempt to implement social systems,institutions,
and environments that everyone depends on and
that benefit all people.
 Examples include an effective education system, a
safe and efficient transportation system, and
accessible and affordable health care.
Limitations of Various Approaches to
Ethical Decision Making
Value ethics approach
• Does not provide a guide for action
• Virtue cannot be worked out objectively, it depends on the circumstances
Utilitarian approach
• Measuring and comparing the values of certain benefits and costs is difficult
• Predict the full benefits and harm that result from a decision is difficult
Fairness approach
• Decisions can be influenced by personal bias
• Affected parties may consider the decision unfair
Common good approach
• Arriving at a consensus becomes difficult
• Some groups are required to bear greater costs than others

41
Implement Decision

 Once the alternative is selected, it should be

implemented in an efficient, effective, and timely
manner. This is much easier said than done, since
people tend to resist change.
 Communication is the key to helping people accept a
change.
 Why are we doing this? What is wrong with the
current way we do things? What are the benefits of
the new way for you? A transition plan must be
defined to explain to people how they will move
from the old way of doing things to the new way.
Evaluate the Results

 After the solution to the problem has been

implemented, monitor the results to see if the
desired effect was achieved, and observe its impact
on the organization and the various stakeholders.
ETHICS IN INFORMATION TECHNOLOGY
 The growth of the Internet, the ability to capture
and store vast amounts of personal data, and
greater reliance on information systems in all
aspects of life have increased the risk that
information technology will be used unethically.
Ethics in Information Technology
 Concerns about the ethical use of information
technology
 E-mail and Internet access monitoring at work
 Downloading in violation of copyright laws
 Unsolicited e-mail
 Identify theft by hackers
 Plagiarism by students
 Cookies and spyware to track a site’s visitors’ hard drives

45
Ethics in Information Technology
 Requires managers to assume greater
responsibility for ethical decisions by:
 Making broad-minded, objective decisions based on
technical savvy, business know-how, and a sense of ethics
 Creating a working environment in which ethical
dilemmas can be discussed openly, objectively, and
constructively

46
ETHICS FOR IT WORKERS AND IT USERS
-IT PROFESSIONALS

 A profession is a calling that requires specialized

knowledge and often long and intensive academic
preparation.
 United States government adopted labor laws and
regulations that required a more precise definition
of what is meant by a professional employee.
 The U.S. Code of Federal Regulations defines a
person “employed in a professional capacity” as
one who meets these four criteria:
1. One’s primary duties consist of the performance of work requiring
knowledge of an advanced type in a field of science or learning
customarily acquired by a prolonged course of specialized
intellectual instruction and study or work.
2. One’s instruction, study, or work is original and creative in
character in a recognized field of artistic endeavor, the result of
which depends primarily on the invention, imagination, or talent of
the employee.
3. One’s work requires the consistent exercise of discretion and
judgment in its performance.
4. One’s work is predominantly intellectual and varied in character,
and the output or result cannot be standardized in relation to a given
period of time.
Are IT Workers Professionals?

 Many business workers have duties, backgrounds, and training that

qualify them to be classified as professionals, including marketing
analysts, financial consultants, and IT specialists. A partial list of IT
specialists includes programmers, systems analysts, software
engineers, database administrators, local area network (LAN)
administrators, and chief information officers (CIOs).
 Legally: U.S. Code of Federal Regulations. From a legal perspective, IT
workers are not recognized as professionals because they are not
licensed by the state or federal government.
The Changing Professional Services Industry

 Although not legally classified as professionals, IT workers

are considered part of the professional services industry,
which is experiencing immense changes that impact how
members of this industry must think and behave to be
successful.
 Ross Dawson, author and CEO of the consulting firm
Advanced Human Technology, identifies seven forces that
are changing the nature of professional services:
 client sophistication, governance, connectivity,
transparency, modularization, globalization, and
commoditization.
seven forces that are changing the nature of professional
services:
 Client Sophistication: Clients are more aware of what they need from service
providers, more willing to look outside their own organization to get the best
possible services, and better able to drive a hard bargain to get the best possible
services at the lowest possible cost.
Governance :Major scandals and tougher laws enacted to avoid future scandals
(e.g., Sarbanes-Oxley) have created an environment in which there is less trust
and more oversight in client–service provider relationships.
Connectivity : Clients and service providers have built their working
relationships on the expectation that they can communicate easily and instantly
around the globe through electronic teleconferences, audio conferences, e-mail,
and wireless devices.
Transparency: Clients expect to be able to see work-in-progress in real time,
and they expect to be able to influence that work. No longer are clients willing to
wait until the end product is complete before they weigh in with comments and
feedback.
seven forces that are changing the nature of professional services:

Modularization : Clients are able to break down their business processes into
the fundamental steps and decide which they will perform themselves and which
they will outsource to service providers.

Globalization: Clients are able to evaluate and choose among service providers
around the globe, making the service provider industry extremely competitive.
Commoditization :Clients look at the delivery of low-end services (e.g., staff
augmentation to complete a project) as a commodity service for which price is the
primary criterion for choosing a service provider. For the delivery of high-end
services (e.g., development of an IT strategic plan), clients seek to form a
partnership with their service providers.
Professional Relationships That Must Be Managed

 IT workers typically become involved in many

different relationships, including those with
employers, clients, suppliers, other professionals,
IT users, and the society at large.
 In each relationship, an ethical IT worker acts
honestly and appropriately. These various
relationships are discussed in the following
sections.
Relationships
 Relationships Between IT Workers and Employers
 Relationships Between IT Workers and Clients
 Relationships Between IT Workers and Suppliers
 Relationships Between IT Workers and Other
Professionals
 Relationships Between IT Workers and IT Users
 Relationships Between IT Workers and Society
Relationships Between IT Workers and Employers

IT workers and employers have a critical, multifaceted relationship that

requires ongoing effort by both parties to keep it strong.
An IT worker and an employer typically agree on fundamental aspects of
this relationship before the worker accepts an employment offer.
These issues can include job title, general performance expectations,
specific work responsibilities, drug-testing requirements, dress code,
location of employment, salary, work hours, and company benefits.
Many other issues are addressed in the company’s policy and procedures
manual or in the company’s code of conduct, if one exists.
These issues include protection of company secrets; vacation policy; time
off for a funeral or an illness in the family; tuition reimbursement; and
use of company resources, including computers and networks.
Relationships Between IT Workers and Clients
 An IT worker often provides services to clients who either work outside
the worker’s own organization or are “internal.” In relationships
between IT workers and clients, each party agrees to provide
something of value to the other.
 Generally speaking, the IT worker provides hardware, software, or
services at a certain cost and within a given time frame.
 Problems can also arise during a project if IT workers find themselves
unable to provide full and accurate reporting of the project’s status due
to a lack of information, tools, or experience needed to perform an
accurate assessment.
 Problems can also arise during a project if IT workers find
themselves unable to provide full and accurate reporting of
the project’s status due to a lack of information, tools, or
experience needed to perform an accurate assessment.
 The project manager may want to keep resources flowing
into the project and hope that problems can be corrected
before anyone notices.
 After the truth comes out, finger-pointing and heated discussions about
cost overruns, missed schedules, and technical incompetence can lead
to charges of fraud, misrepresentation, and breach of contract
 Fraud is the crime of obtaining goods, services, or property through
deception or trickery.
 Fraudulent misrepresentation occurs when a person consciously
decides to induce another person to rely and act on the
misrepresentation.
 To prove fraud in a court of law, prosecutors must demonstrate the
following elements:
 • The wrongdoer made a false representation of material fact.
 • The wrongdoer intended to deceive the innocent party.
 • The innocent party justifiably relied on the misrepresentation.
 • The innocent party was injured.
 Misrepresentation is the misstatement or incomplete statement of a
material fact. If the misrepresentation causes the other party to enter into a
contract, that party may have the legal right to cancel the contract or seek
reimbursement for damages.

 Breach of contract occurs when one party fails to meet the terms of a
contract. Further, a material breach of contract occurs when a party fails to
perform certain express or implied obligations, which impairs or destroys the
essence of the contract. Because there is no clear line between a minor breach
and a material breach, determination is made on a case-by-case basis.
 “When there has been a material breach of contract, the non-breaching party
can either: (1) rescind the contract, seek restitution of any compensation paid
under the contract to the breaching party, and be discharged from any further
performance under the contract; or (2) treat the contract as being in effect and
sue the breaching party to recover damages.
Relationships Between IT Workers and Suppliers

 IT workers deal with many different hardware, software, and service

providers. Most IT workers understand that building a good working
relationship with suppliers encourages the flow of useful
communication as well as the sharing of ideas.
 Such information can lead to innovative and cost-effective ways of
using the supplier’s products and services that the IT worker may never
have considered.
 IT workers should develop good relationships with suppliers by dealing
fairly with them and not making unreasonable demands.
 Threatening to replace a supplier who can’t deliver needed equipment
tomorrow, when the normal industry lead time is one week, is
aggressive behavior that does not help a working relationship.
Relationships Between IT Workers and Other Professionals
 Professionals feel a degree of loyalty to the other members of their profession.
As a result, they are quick to help each other obtain new positions but slow to
criticize each other in public.
 Professionals also have an interest in their profession as a whole, because how
it is perceived affects how individual members are seen and treated.
 A number of ethical problems can arise among members of the IT profession.
 One of the most common is résumé inflation, which involves lying on a résumé
and claiming competence in an IT skill that is in high demand.
Relationships Between IT Workers and IT Users

 The term IT user distinguishes the person who uses a hardware or

software product from the IT workers who develop, install, service, and
support the product.
 IT users need the product to deliver organizational benefits or to
increase their productivity.
 IT workers also have a key responsibility to establish an environment
that supports ethical behavior by users.
 Such an environment discourages software piracy, minimizes the
inappropriate use of corporate computing resources, and avoids the
inappropriate sharing of information.
Relationships Between IT Workers and Society

 The actions of an IT worker can affect society.

 For example, a systems analyst may design a computer-based control
system to monitor a chemical manufacturing process.
 A failure or an error in the system may put workers or residents near
the plant at risk.
 As a result, IT workers have a relationship with society members who
may be affected by their actions.
Professional Codes of Ethics
 A professional code of ethics states the principles and core values that
are essential to the work of a particular occupational group.

 Practitioners in many professions subscribe to a code of ethics that

governs their behaviour.

 For example, doctors adhere to varying versions of the 2000-year-old

Hippocratic oath, which medical schools offer as an affirmation to their
graduating classes.
 Most codes of ethics created by professional organizations have two
main parts:
 first outlines what the organization aspires to become.
 second typically lists rules and principles by which members of the
organization are expected to abide.
professional code of ethics : benefits for the individual, the
profession, and society as a whole
 Ethical decision making—Adherence to a professional code of ethics
means that practitioners use a common set of core values and beliefs as a
guideline for ethical decision making.
 High standards of practice and ethical behaviour -Adherence to a code of
ethics reminds professionals of the responsibilities and duties that they
may be tempted to compromise to meet the pressures of day-to-day
business. The code also defines behaviors that are acceptable and
unacceptable to guide professionals in their interactions with others.
 Trust and respect from the general public—Public trust is built on the
expectation that a professional will behave ethically.
 Evaluation benchmark—A code of ethics provides an evaluation
benchmark that a professional can use as a means of self-assessment.
Professional Organizations
Five of the most prominent IT-related professional organizations are
1.The Association for Computing Machinery (ACM) is a computing society
founded in 1947 with 24,000 student members and 68,000 professional
members in more than 100 countries.
It offers many publications and electronic forums for technology workers,
including Tech News, a comprehensive news-gathering service. Career News,
a career news digest.
RISKS Forum, a moderated dialogue on risks to the public from computers
and related systems.
2. Association of Information Technology Professionals (AITP) The
Association of Information Technology Professionals (AITP) started in
Chicago in 1951, when a group of machine accountants got together and
decided that the future was bright for the IBM punched-card tabulating
machines they were operating—a precursor of the modern electronic
computer.
The AITP provides IT-related seminars and conferences, information on IT
issues, and forums for networking with other IT workers for about 6,000
members.
3. Institute of Electrical and Electronics Engineers -Computer Society
(IEEE-CS) The Institute of Electrical and Electronics Engineers (IEEE)
covers the broad fields of electrical, electronic, and information
technologies and sciences. The IEEE-CS is one of the oldest and largest IT
professional associations, with about 85,000 members.
 Founded in 1946, the IEEE-CS is one of the largest of the three dozen
societies of the IEEE. The IEEE-CS helps meet the information and career
development needs of computing researchers and practitioners with
technical journals, magazines, conferences, books, conference publications,
and online courses.
4. Project Management Institute (PMI) The Project Management Institute
(PMI) was established in 1969 and has more than 420,000 members and
people who have passed the PMI certification process in more than 170
countries. Its members include project managers from such diverse fields as
construction,sales, finance, and production, as well as information systems.
 5. SysAdmin, Audit, Network, Security (SANS) Institute The SysAdmin,
Audit, Network, Security (SANS) Institute provides information
security training and certification for a wide range of individuals, such
as auditors, network administrators, and security managers.
 Each year, its programs train some 12,000 people, and a total of more
than 165,000 security professionals around the world have taken one
or more of its courses. SANS publishes a weekly news digest
( NewsBites), a weekly security vulnerability digest (@Risk), and flash
security alerts.
 Certification
 Certification indicates that a professional possesses a particular set of
skills, knowledge, or abilities, in the opinion of the certifying
organization.
 certification can also apply to products (e.g., the Wi-Fi CERTIFIED
logo assures that the product has met rigorous interoperability testing
to ensure that it will work with other Wi-Fi-certified products)
 Numerous companies and professional organizations offer
certifications.
 Many employers view them as a benchmark that indicates mastery of a
defined set of basic knowledge.
 Vendor Certifications :Many IT vendors—such as Cisco, IBM,
Microsoft, Sun, SAP, and Oracle—offer certification programs for their
products. Workers who successfully complete a program can represent
themselves as certified users of a manufacturer’s product.
 Industry Association Certifications : There are many industry
certifications in a variety of IT-related subject areas (table 2.3)
 Due to the ongoing need for strong project managers, some of the most
widely recognized and most sought-after certifications come from the
Project Management Institute, which offers certification at several
different levels, as summarized in Table 2-4.
 Government Licensing: Some professionals must be licensed,
including certified public accountants (CPAs), lawyers, doctors, various
types of Medical and day-care providers, and some engineers.
 Issues Associated with Government Licensing of IT
Workers
 Reasons for, why there are few international or national
licensing programs for IT professionals:
§ There is no universally accepted core body of knowledge. The core body
of knowledge for any profession outlines agreed-upon sets of skills and abilities
that all licensed professionals must possess.
§ It is unclear who should manage the content and administration of
licensing exams. How would licensing exams be constructed, and who would
be responsible for designing and administering them? Would someone who
passes a license exam in one state or country be accepted in another state or
country?
§ There is no administrative body to accredit professional education
programs. Unlike the American Medical Association for medical schools or the
American Bar Association for law schools, no single body accredits professional
education programs for IT.
§ There is no administrative body to assess and ensure competence of
individual workers. Lawyers, doctors, and other licensed professionals are
held accountable to high ethical standards and can lose their license for failing to
meet those standards or for demonstrating incompetence.
 IT Professional Malpractice
 Negligence has been defined as not doing
something that a reasonable person would do, or
doing something that a reasonable person would not
do.
 Duty of care refers to the obligation to protect
people against any unreasonable harm or risk. For
example, people have a duty to keep their pets from
attacking others and to operate their cars safely.
 Similarly, businesses must keep dangerous
pollutants out of the air and water, make safe
products, and maintain safe operating conditions for
employees.
 The courts decide whether parties owe a duty of care by applying a
reasonable person standard to evaluate how an objective, careful, and
conscientious person would have acted in the same circumstances.

 Likewise, defendants(sued by court) who have particular expertise

or competence are measured against a reasonable professional
standard.

 If a court finds that a defendant actually owed a duty of care, it must

determine whether the duty was breached. A breach of the duty of care
is the failure to act as a reasonable person would act.

 Professionals who breach the duty of care are liable for injuries that
their negligence causes. This liability is commonly referred to as
professional malpractice.
 IT USERS
 This section focuses on improving employees’
ethical use of IT, which is an area of growing
concern as more companies provide employees
with PCs, access to corporate information systems
and data, and the Internet.
Common Ethical Issues for IT Users

1. Software Piracy
2. Inappropriate Use of Computing Resources
3. Inappropriate Sharing of Information

Software Piracy
 software piracy in a corporate setting can sometimes be directly
traceable to IT professionals—they might allow it to happen, or they
might actively engage in it.
 Corporate IT usage policies and management should encourage
users to report instances of piracy and to challenge its practice.
 A common violation occurs when employees copy software from
their work computers for use at home.
Inappropriate Use of Computing Resources
Some employees use their computers to surf popular Web sites that have
nothing to do with their jobs, participate in chat rooms, view pornographic
sites, and play computer games.
These activities eat away at worker productivity and waste time.

Inappropriate Sharing of Information

Every organization stores vast amounts of information that can be
classified as either private or confidential. Private data describes individual
employees ( salary information, attendance data, health records, and
performance ratings.)
 Private data also includes information about customers—credit card
information, telephone number, home address, and so on.
Confidential information describes a company and its operations,
including sales and promotion plans, staffing projections, manufacturing
processes, product formulas, tactical and strategic plans, and research and
development.
Supporting the Ethical Practices of IT Users

 Organizations have recognized the need to develop policies

that protect against ethical issues.

 Adherence to a policy can improve services to users,

increase productivity, and reduce costs.

 Companies can take several of the following actions when

creating an IT usage policy.
Companies can take several of the following actions
when creating an IT usage policy.

 Establishing Guidelines for Use of Company Software

 Defining and Limiting the Appropriate Use of IT Resources
 Structuring Information Systems to Protect Data and
Information
 Installing and Maintaining a Corporate Firewall
Establishing Guidelines for Use of Company Software

 Company IT managers must provide clear rules that govern the use of
home computers and associated software.

 Some companies negotiate contracts with software manufacturers and

provide PCs and software so that IT users can work at home.

 The goal should be to ensure that employees have legal copies of all the
software they need to be effective, regardless of whether they work in
an office, on the road, or at home.
Defining and Limiting the Appropriate Use of IT
Resources

 Companies must develop, communicate, and enforce written guidelines

that encourage employees to respect corporate IT resources and use
them to enhance their job performance.

 Effective guidelines allow some level of personal use while prohibiting

employees from visiting objectionable Internet sites or using company
e-mail to send offensive or harassing messages.
Structuring Information Systems to Protect Data and
Information

 Organizations must implement systems and procedures that limit data

access to just those employees who need it.

 For example, sales managers may have total access to sales and
promotion databases through a company network, but their access
should be limited to products for which they are responsible.
Installing and Maintaining a Corporate Firewall

 A firewall is a hardware or software device that serves as a barrier

between an organization’s network and the Internet; a firewall also
limits access to the company’s network based on the organization’s
Internet usage policy.

 The firewall can be configured to serve as an effective deterrent to

unauthorized Web surfing by blocking access to specific objectionable
Web sites.
TABLE 2-5 Manager’s checklist of items to consider when
establishing an IT usage policy.