ethics in information technology - chapter 2 (instructors manual) 3rd edition

Ethics in Information Technology, Third Edition 2-1

Chapter 2

Ethics for IT Workers and IT Users

At a Glance

Instructor’s Manual Table of Contents Overview

Objectives

Teaching Tips

Quick Quizzes

Discussion Questions

Additional Projects

Additional Resources

Key Terms


Lecture Notes

Overview

Chapter 2 begins with a discussion of whether IT workers are professionals under the legal definition of professional workers. It gives an overview of professional relationships between IT workers and clients, suppliers, other IT professionals, and users and ethical issues relevant to these relationships. The chapter introduces various professional organizations. It concludes with a discussion of ethical issues unique to IT professionals, such as access to information, use of computing resources, and software piracy.

Objectives

As you read this chapter, consider the following questions: What key characteristics distinguish a professional from other kinds of workers, and is an

IT worker considered a professional? What factors are transforming the professional services industry? What relationships must an IT worker manage, and what key ethical issues can arise in

each? How do codes of ethics, professional organizations, certification, and licensing affect the

ethical behavior of IT professionals? What are the key tenets of five different codes of ethics that provide guidance for IT

professionals?

Teaching Tips

Vignette

IT Technicians Fired After Reporting Child Porn

1. Discuss the actions of New York Law School and Collegis, what message was sent to IT workers, and whether or not the firing of Gross and Perry was justified for other reasons.

2. Discuss the fact that a number of states have enacted laws that require workers to immediately report any child pornography found while servicing equipment. Point out that most of the laws state that a worker who reports such a discovery is immune from any criminal, civil, or administrative liability and that failure to report the discovery can result in a fine, imprisonment, or both. Discuss whether such laws will encourage the reporting of child pornography.


IT Professionals

1. Explain that a profession is work that requires specialized knowledge and often long and intensive academic preparation.

2. Walk through the four criteria that define a professional employee, and point out that professionals are expected to contribute to society, to keep abreast of developments in their field, and to help develop other professionals.

Are IT Workers Professionals?

1. Explain that IT specialists include programmers, systems analysts, software engineers, database administrators, local area network (LAN) administrators, and chief information officers (CIOs) and that this is not a comprehensive list.

2. Explain that not all IT specialists are recognized as professionals according to the definition in the U.S. Code of Federal Regulations, and IT workers are not professionals from a legal standpoint because they are not licensed; nor are they liable for malpractice.

The Changing Professional Services Industry

1. Explain that although not legally classified as professionals, IT workers are considered part of the professional services industry.

2. Walk through the seven forces that are changing professional services.

Professional Relationships That Must Be Managed

1. Point out that IT workers have many different relationships, including those with employers, clients, suppliers, other professionals, IT users, and the society at large, and that in each relationship, an ethical IT worker acts honestly and appropriately.

Relationships Between IT Workers and Employers

1. Explain the issues that an IT worker discusses with an employer before accepting a job.

2. Explain that IT workers must set an example and enforce policies regarding the ethical use of IT.

3. Explain that IT workers are in a unique position because they have the skills and knowledge to abuse systems and data or to allow others to do so.

4. Explain that 38 percent of the world’s software was illegally copied in 2007, and this represents losses of $48 billion.

Teaching Discuss the role that IT workers play in software piracy, and emphasize that


Tippiracy includes seemingly innocent use of software such as allowing an employee to copy software from their office computer to their home computer to work at home.

5. Explain that the Business Software Alliance (BSA) is a trade group that represents the world’s largest software and hardware manufacturers, whose mission is to stop software piracy. Refer to Table 2-1, which shows members of the BSA.

6. Explain that the BSA investigations are usually triggered by calls to its hotline, referrals from member companies, and reports sent to the BSA Web site.

Teaching Tip

Point out that the BSA mentions that disgruntled employees are often the source of referrals.

7. Explain that the monetary penalties assessed by the BSA far exceed the cost of acquiring the proper licenses for software.

8. Explain that trade secrecy is another area that causes problems between employers and IT workers, and give examples of trade secrets.

Teaching Tip

Discuss situations in which an IT worker might unknowingly give away trade secrets.

9. Explain that employees are often required to sign confidentiality agreements but that the IT industry is known for high employee turnover, and this is a complicating factor.

10. Explain that whistle-blowing is another area that causes problems between employers and IT workers because whistle-blowers frequently have special information related to their position.

Teaching Tip

Note that whistle-blowing is discussed in more detail in Chapter 8.

Relationships Between IT Workers and Clients

1. Explain that an IT worker agrees to provide hardware, software, or services, and in exchange, the client provides compensation, access to key contacts, and perhaps work space. Note that the relationships is usually documented with a contract.

2. Explain that the client typically makes decisions about a project based on information provided by the IT professional.

3. Explain that decision making is shared by the IT worker and the client because the client is expected to provide relevant information and ask questions to understand the impact of key decisions.


4. Explain that one ethical problem between IT workers and clients arises when IT consultants recommend their own products or services to remedy a problem that they have detected, and this raises questions about the vendor’s objectivity.

5. Explain that other problems arise when IT professionals are unable to provide full and accurate reporting of a project’s status, and the project manager may be reluctant to share project information because of contractual penalties.

Teaching Tip

Take time to discuss the interactions and mechanisms that lead to this type of problem and how they can be avoided.

6. Discuss fraud, misrepresentation, breach of contract, and material breach of contract, as presented in this section.

7. Explain that IT projects are joint efforts in which vendors and customers work together and that it is difficult to assign blame.

Relationships Between IT Workers and Suppliers

1. Explain that having a good relationship with a supplier encourages the flow of useful communication, and a good relationship is developed by treating suppliers fairly and not making unreasonable demands.

2. Explain that suppliers also have an interest in maintaining a good relationship to make and increase their sales.

3. Explain that gifts present an ethical question because the difference between a gift and a bribe is not always clear.

Teaching Tip

Take time to discuss the difference between gifts and bribes and cultural or context factors that might affect whether a gift is considered a bribe.

4. Explain what a bribe is and that the U.S. Foreign Corrupt Practices Act (FCPA) makes it a crime to bribe a foreign official unless the payment was lawful under the laws of the foreign country in which it was paid.

5. Explain that the FCPA requires corporations to have an adequate internal auditing and accounting system and permits facilitating payments made for routine government actions such as obtaining permits or processing visas.

6. Explain that in some cultures, it is normal to give gifts, and discuss the boundary between gifts and bribes, as outlined in Table 2-2.

Relationships Between IT Workers and Other Professionals


1. Explain that professionals owe each other adherence to a professional code of conduct.

2. Explain that ethical problems arise between members of the IT profession, and a common one is résumé inflation, which involves lying on a résumé to claim competence in an IT skill that is in high demand.

Teaching Tip

Emphasize the difference between presenting yourself in the most positive light and overstating your skills.

3. Explain that another ethical issue between IT professionals is inappropriate sharing of corporate information.

Relationships Between IT Workers and IT Users

1. Explain that an IT user is the person for whom a hardware or software product is designed and that it is the IT professional’s duty to understand the user’s needs and to deliver products and services that best meet those needs.

2. Explain that the IT professional has a responsibility to establish an environment that supports ethical behavior by users.

Teaching Tip

Note that establishing an effective IT usage policy is discussed later in the chapter.

Relationships Between IT Workers and Society

1. Explain that society expects members of a profession not only to provide significant benefits, but also to not cause harm through their actions.

2. Point out that professional organizations provide codes of ethics to guide IT workers’ actions.

Quick Quiz 1

1. True or False. IT workers are not liable for malpractice because they do not meet the legal definition of a professional.Answer: True


2. What is software piracy?Answer: Software piracy is the act of illegally making copies of software or enabling others to access software to which they are not entitled.

3. True or False. Under U.S. law, a bribe is not a crime if it was paid as part of doing business in a foreign country.Answer: False. Under U.S. law, a bribe is not a crime if it was lawful in the country in which it was paid.

4. List three characteristics that distinguish a gift from a bribe.Answer: Gifts are made openly and publicly, gifts are made directly from the donor to the recipient, and gifts come with no expectation of favor for the donor.

Professional Codes of Ethics

1. Explain that a professional code of ethics states the principles and core values that are essential to the work of a particular occupational group.

2. Explain that most codes of ethics are created by professional organizations and have two parts: the first outlines what the organization aspires to become, and the second typically lists rules and principles by which members of the organization are expected to abide.

3. Explain that many codes of ethics also include a commitment to continuing education for those who practice the profession.

Teaching Tip

Note that example professional codes of ethics are in Appendices B through E.

4. Explain that professional codes of ethics benefit individuals, professions, and society as a whole with ethical decision making, high standards of practice and ethical behavior, trust and respect from general public, and evaluation benchmarks for self-assessment.

Professional Organizations

1. Explain that no IT professional organization is preeminent, so there is no universal code of ethics. But four of the most prominent organizations are described in this section.

Association for Computing Machinery (ACM)

1. Explain that the ACM was founded in 1947 and has more than 24,000 student members and 68,000 professional members in more than 100 countries.

2. Explain that the ACM publishes a number of periodicals for IT professionals and maintains an extensive digital library.


3. Explain that the ACM sponsors special-interest groups that focus on a variety of IT issues, and each group provides publications, workshops, and conferences.

Teaching Tip

Note that the ACM code of ethics is in Appendix B.

Teaching Tip

Emphasize that the ACM is a large organization that offers services to a wide variety of IT professionals, from programmers to researchers to managers.

Association of Information Technology Professionals (AITP)

1. Explain that the AITP was started in Chicago in 1951 by a group of machine accountants under the name Machine Accountants Associations (MAA).

2. Explain that the MAA evolved into the Data Processing Management Association in 1962, which became the AITP in 1996.

3. Explain that the AITP provides IT-related education, information on relevant IT issues, and forums for networking with other IT professionals and has nearly 6,000 members.

4. Explain that the mission of the AITP is to provide leadership and education in information technology and to help make members more marketable.

Teaching Tip

Note that the AITP code of ethics is in Appendix C.

Teaching Tip

Point out that the mission of the AITP differs from that of the ACM, as the AITP puts more emphasis on leadership and education.

Institute of Electrical and Electronics Engineers Computer Society (IEEE-CS)

1. Explain that the IEEE covers broad fields of electrical, electronic, and information technologies and sciences and is one of the oldest and largest IT associations.

2. Explain that in 1993, the IEEE-CS and the ACM formed the Joint Steering Committee for the Establishment of Software Engineering as a Profession.

3. Explain that the initial recommendations of the committee were to define ethical standards, to define the required body of knowledge and recommended practices, and to define appropriate curricula to acquire knowledge.

Teaching Tip

Note that the Software Engineering Code of Ethics and Professional Practice is in Appendix D.


Teaching Tip

Compare the ACM and the AITP to the IEEE, noting that IEEE includes a wide number of professions and provides a variety of services to each.

Project Management Institute (PMI)

1. Explain that the PMI was established in 1969 and has more than 420,000 members in 170 countries.

2. Explain that members of PMI include project managers from such disparate fields as construction, sales, finance, and production, as well as information systems.

3. Explain that the PMI has a project management professional certification program.

Teaching Tip

Note that the PMI Member Code of Ethics is in Appendix E.

Teaching Tip

Compare the mission of the PMI to the ACM, AITP, and IEEE, noting that the PMI incorporates widely disparate fields and is primarily concerned with issues common to project managers.

SysAdmin, Audit, Network, Security (SANS) Institute

1. Explain that (SANS) Institute provides information security training and certification for a wide range of individuals, such as auditors, network administrators, and security managers.

2. Explain that SANS has trained more than 165,000 professionals around the world and trains some 12,000 people each year.

Teaching Tip

Note that the SANS IT Code of Ethics is in Appendix F.

Certification

1. Explain that certification indicates that a professional possesses a particular set of skills, knowledge, or ability in the opinion of the certifying organization.

2. Explain that licensing applies only to people and is required by law, and certification is generally voluntary and can apply to products as well as people.

3. Explain that many employers view certification as a benchmark that indicates mastery of a defined set of basic knowledge, although opinions are divided on the value of certification.


4. Explain that certification is no substitute for experience and is not a guarantee of job performance.

Vendor Certifications

1. Explain that many vendors offer certification for their products and that depending on the job market, some certifications improve IT workers’ salaries and career prospects. But vendor certifications can be narrowly defined.

2. Explain that certifications require passing a written exam and that some certifications require a hands-on lab exam to demonstrate skills and knowledge.

3. Explain that some certifications take years to obtain the necessary experience, study materials can cost up to $1,000, and in-class training can cost more than $10,000.

Teaching Tip

Take time to discuss the role that certification plays in upholding standards in the IT industry, and discuss the trade-offs in terms of the time and expense of the certification process.

4. Explain that the most valuable certification today is SAP in terms of employment opportunities and higher salaries.

5. Explain that SAP has built alliances with some 900 universities around the globe.

6. Explain that because the field changes rapidly, workers are frequently recertified to keep pace with the technology.

Industry Association Certifications

1. Explain that certification from industry associations often requires a higher level of experience and a broader perspective than vendor certification, but they may lag in covering new technologies.

2. Explain that industry association certifications are moving from purely technical content to a broader mix of technical, business, and behavioral competencies.

Teaching Tip

Emphasize the difference between industry association certifications and vendor certifications, such as an emphasis on breadth over depth and fundamentals over system-specific knowledge.

3. Walk through Table 2-3 on IT subject area certifications and Table 2-4 on available PMI certifications on page 51.


Government Licensing

1. Explain that government licensing is usually handled by state governments in the U.S. and requires that the recipient pass a test.

Teaching Tip

Discuss the distinction between certification and licensing and that while certification is designed to uphold professional standards, licensing is designed to protect the public.

The Case for Licensing IT Workers

1. Explain that modern information systems are complex, interconnected, and critically dependent on each other, and they control vital organizations such as nuclear power plants, hospital records, and life support systems, as well as business functions.

2. Explain that because of the importance of IT systems in our daily life, effective information systems are a matter of public concern, which has lead to a debate about the licensing of IT professionals.

Issues Associated with Government Licensing of IT Workers

1. Explain to students that while other countries license software engineers, there are few licensing programs for IT professionals. Walk through the bullet points on page 53 to explain why this is the case.

IT Professional Malpractice

1. Explain the terms negligence and duty of care, and point out that the courts decide whether parties owe a duty of care by applying a reasonable person standard or a reasonable professional standard.

2. Explain that a reasonable professional standard is analogous to a reasonable person standard but applies to a person with a specific expertise.

3. Explain that a breach of the duty of care is the failure to act as a reasonable person would act.

4. Explain that professionals who breach a duty of care are liable for injuries caused by their negligence, and this liability is called professional malpractice.

5. Explain that professional malpractice can only occur when people fail to perform within the standards of their profession, and software engineers cannot be subject to malpractice suits because there is no uniform licensing for software engineers.

Quick Quiz 2


1. What is a professional code of ethics?Answer: A professional code of ethics states the principles and core values that are essential to the work of a particular occupational group.

2. ____________ indicates that a professional possesses a particular set of skills, knowledge, or abilities, and _____________ proves that a professional can do his or her work ethically and safely.Answer: Certification, licensing

3. Name three reasons for certification.Answer: To motivate employees to learn new skills, to provide a mechanism for career advancement, to keep abreast of current technology, and to ensure employees have a core level of competence in a particular area

4. Which of the following is NOT a reason that there is no licensing for IT professionals?a. There is no universally accepted body of core knowledge.b. It is unclear who should manage the content and administration of licensing

exams.c. There is no administrative body to accredit professional education programs.d. There is no funding at the federal level for the accreditation process.e. There is no administrative body to assess and ensure competence of individual

professionals.Answer: d

IT Users

1. Explain that improving employees’ ethical use of IT is an area of growing concern as more companies provide employees with PCs, access to corporate information systems and data, and the Internet.


Common Ethical Issues for IT Users

Software Piracy

1. Explain that software piracy can sometimes be traced directly to IT professionals, and a common violation is for an employee to copy software from his or her work computer to use at home. Emphasize that this is piracy unless someone has paid for an additional license.

Inappropriate Use of Computing Resources

1. Explain that activities such as surfing the Web, playing video games, and participating in chat rooms erode worker productivity and waste time.

Teaching Tip

Emphasize that in addition to wasting time, sexually explicit material, lewd jokes, and hate e-mail create a hostile working environment and can lead to lawsuits.

Teaching Tip

Remind students that inappropriate use of the computing resources can also negatively affect professional credibility and peer relationships in the working environment.

Inappropriate Sharing of Information

1. Explain that private information describes individual employees, such as salary, health records, and performance ratings.

2. Explain that confidential information describes a company and its operations, such as sales and promotion plans, staffing projections, and product formulas.

3. Explain that an IT user who shares this information, even inadvertently, has violated someone’s privacy or compromised the company’s information.

Supporting the Ethical Practices of IT Users

1. Explain that an ethics policy can establish boundaries of acceptable and unacceptable behavior and enable management to punish violators.

Establishing Guidelines for the Use of Company Software

1. Explain that IT managers must provide clear rules about the use of home computers and associated software and ensure that employees have legal copies of all of the software they need, regardless of the location of their work.

Teaching Tip

Emphasize that the penalty for software piracy far exceeds the cost of additional licenses.


Defining and Limiting the Appropriate Use of IT Resources

1. Explain that companies must develop effective guidelines that allow some level of personal use while prohibiting employees from misusing computing resources.

Structuring Information Systems to Protect Data and Information

1. Explain that organizations must implement systems and procedures that limit data access to employees who need it.

Installing and Maintaining a Corporate Firewall

1. Explain that a firewall is a hardware or software device that provides a barrier between a company and the outside world and limits access to the company’s network.

2. Explain that the firewall can be configured to serve as an effective deterrent to unauthorized Web surfing by blocking access to objectionable sites.

3. Explain that the firewall can be configured to block access to e-mail from certain Web sites or to block e-mails with certain kinds of attachments to reduce the risk of computer viruses.

Teaching Tip

Discuss alternative strategies to manage misuse of computing resources in the workplace, such as software that allows a manager to monitor employee desktops or creating an environment where peer pressure makes it undesirable to misuse corporate resources.

4. Walk through the manager’s checklist for establishing an IT usage policy in Table 2-5 on page 56, noting that the appropriate answer for each question is “yes.”

Quick Quiz 3

1. True or False. IT workers can be held liable for negligence.Answer: False. Negligence can only occur when people fail to perform within the standards of their profession, and there are no standards against which to compare an IT worker’s professional behavior.


2. What is a firewall?Answer: A firewall is a hardware or software device that serves as a barrier between a company and the outside world and limits access to the company’s network based on the organization’s Internet usage policy.

3. Information that describes individual employees is ___________, and information that describes a company and its operations is _______________.Answer: private, confidential

Summary

1. Walk through the overview of the chapter presented in the bullet points on page 58.

Discussion Questions

1. Is it better to control employee access to the Internet by blocking certain sites and monitoring employee usage of computing resources or to measure an employee’s performance in terms of productivity? What are possible repercussions, in terms of morale, of allowing or restricting employee access to the Web?

2. What strategies can a company employ to maintain trade secrecy, given the high turnover among IT workers?

3. Based on the discussion of the distinction between gifts and bribes in this chapter, would perks that politicians receive from lobbyists, such as golf vacations and hunting excursions, be considered gifts or bribes? Does the value of the gift influence whether a gift is a bribe?

Additional Projects

1. Write a paper researching various ways that companies monitor employee use of computing resources, including access to the Internet and e-mail.

2. Design an IT use policy for a software company that develops banner ads for a search engine, tailored to the subject for which the user is searching. Keep in mind that the employees of such a company would need unlimited access to the Web.

3. Write a paper surveying vendor certifications, and discuss the trade-off between the usefulness and cost of each certificate.


Additional Resources

1. An article from BusinessWeek Online about companies monitoring abuse of the Internet: www.businessweek.com/2000/00_24/b3685257.htm

2. An article from Ziff Davis CIO Insight giving another perspective on Web searching at work: www.cioinsight.com/article2/0,1540,1960947,00.asp

3. A Wikipedia article on software engineering, including a discussion of who is a software engineer, and certification: http://en.wikipedia.org/wiki/Software_engineering

4. The ACM Web site: www.acm.org

5. The AITP Web site: www.aitp.org/index.jsp

6. The IEEE-CS Web site: www.computer.org/portal/site/ieeecs/index.jsp

7. The PMI Web site: www.pmi.org

8. The SANS Institute Web site: www.sans.org/

Key Terms

Association for Computing Machinery (ACM) – a computing society founded in 1947 that offers many publications and an extensive digital library and sponsors various special-interest groups focusing on a variety of IT issues.

Association of Information Technology Professionals (AITP) – provides IT-related education, information on relevant IT issues, and forums for networking with other IT professionals.

body of knowledge – outlines the agreed-upon sets of skills and abilities that all licensed professionals must possess.

breach of contract – when one party fails to meet the terms of a contract. breach of the duty of care – failure to act as a reasonable person would act. bribery – providing money, property, or favors to someone in business or government to

obtain a business advantage. Business Software Alliance (BSA) – a trade group that represents the world’s largest

software and hardware manufacturers, whose mission is to stop unauthorized copying of software produced by its members.

duty of care – an obligation to protect people against any unreasonable harm or risk. enterprise resource planning system (ERP) – an information system that helps an

organization control business functions, including forecasting, production planning, purchasing, inventory control, manufacturing, and distribution.

firewall – a hardware or software device that serves as a barrier between a company and the outside world and limits access to the company’s network.

fraud – the crime of obtaining goods, services, or property through deception or trickery.

http://www.sans.org/

http://www.pmi.org/

http://www.computer.org/portal/site/ieeecs/index.jsp

http://www.aitp.org/index.jsp

http://www.acm.org/

http://en.wikipedia.org/wiki/Software_engineering

http://www.cioinsight.com/article2/0,1540,1960947,00.asp

http://www.businessweek.com/2000/00_24/b3685257.htm


government license – a government-issued permission to engage in an activity or to operate a business.

Institute of Electrical and Electronics Engineers Computer Society (IEEE-CS) – one of the oldest and largest IT professional associations, with more than 100,000 members founded in 1946.

IT user – the person who uses a hardware or software product. material breach of contract – when a party fails to perform certain express or implied

obligations that impair or destroy the essence of the contract. misrepresentation – misstatement or incomplete statement of a material fact. negligence – not doing something that a reasonable person would do or doing something

that a reasonable person would not do. profession – a calling that requires specialized knowledge and often long and intensive

academic preparation. professional code of ethics – states the principles and core values that are essential to the

work of a particular occupational group. professional employee – a person whose work requires advanced training and

experience, who exercises discretion and judgment in their work, and whose work cannot be standardized.

professional malpractice – liability for injuries caused by breaches of the duty of care. Project Management Institute (PMI) – established in 1969 and has more than 150,000

members who are project managers from fields such as construction and finance, as well as information systems.

reasonable person standard – a standard by which the courts decide whether a party owes a duty of care by determining how an objective careful and conscientious person would have acted in the same circumstances.

reasonable professional standard – analogous to a reasonable personal standard but applied to defendants who have particular expertise.

résumé inflation – lying on a résumé and claiming competence in an IT skill that is in high demand.

software piracy – the act of illegally making copies of software or enabling others to access software to which they are not entitled.

trade secret – information used in a business, generally unknown to the public and representing something of economic value that the company has taken strong measures to keep confidential.

U.S. Foreign Corrupt Practices Act (FCPA) – a set of laws that make it a crime to bribe a foreign official, a foreign political party official, or a candidate for political office, unless the payment was legal in the country in which it was paid.

whistle-blowing – an effort by an employee to attract attention to a negligent, illegal, unethical, abusive, or dangerous act by a company that threatens the public interest.

ethics in information technology - chapter 2 (instructors manual) 3rd edition

Documents