Technology Department

Technology Department

Technology is in many ways very beneficial to our society, but in what ways can and/or will this fast growing business be unethical. This article explains the power and information that an IT personnel has in the business world. Most people think of the IT person as someone who comes to fix their computer when they can't figure out their e-mail. But what does an IT person have access to. Every business is different and has different responsibilities required for the IT personnel. This article explains how most companies use the IT department for monitoring their employees on the computer. The article raises many questions on the ethical behaviors of IT personnel, but it doesn't give many answers. That's because the question of "Is it ethical?" must be answered by each individual IT professional. In other professional careers such as Medicine or Law that have been around for a long time have a set of laws or code of ethics that goes along with the job. This field has yet to establish such rules. The article states that most ethical issues such as: reading the employee e-mails and changing words, using key loggers to obtain everything a specific person has typed, or screen capture programs to monitor everything they have looked at, have not even been confronted by law, nor is there a standard that any IT professional has to follow.

It's scary to think how much power and information that an IT professional have access to, and the fact that there are no laws that prohibit some of the procedures they is also a frightening thought. Even at Southwestern Assemblies of God University the IT people have access to our social security number, web pages we visit, and even our internet passwords like e-mail or student login. If the IT professional are hired and have no prior discretion of ethical issues how can we trust what they will do with the information they have about us. I trust that the employers at Southwestern have chosen the right people for the job, but what the everyday office of America. The article states that some of the IT professionals even help employees to get others fired. An example of this would be: At this particular business the IT department receives all the e-mails to be screened before they leave to the recipient. If employee wanted someone else fired they could pay the IT professional to change words or even send whole e-mails that do not represent what the sender wants.

It's time for the government to take a step forward on this issue. Identity fraud is one of the major criminal charges today. If the IT professionals are not bound by a law they have the free will to decide what is ethical or not on the job. This article is not to condemn all IT professional. There are many IT employees that are ethical and make just decisions on the job. It was mainly written to make people aware of the possibilities of the unjust to happen to them.

Ethical Issues for IT Security Professionals

July 19, 2005

Physicians, attorneys and other professionals whose job duties affect others' lives usually receive, as part of their formal training, courses that address ethical issues common to their professions. IT security personnel often have access to much confidential data and knowledge about individuals' and companies' networks and systems that give them a great deal of power. That power can be abused, either deliberately or inadvertently. But there are no standardized training requirements for hanging out your shingle as an IT security consultant or in-house security specialist. Associations and organizations for IT pros are beginning to address the ethical side of the job, but again, there is no requirement for IT security personnel to belong to those organizations.

Why are ethical guidelines needed?

The education and training of IT professionals, including security specialists, usually focuses on technical knowledge and skills. You learn how to perform tasks, but with little consideration of how those abilities can be misused. In fact, many IT professionals approach their work with a hacker's perspective: whatever you can do, you're entitled to do.

Note:

Note that in this article, we're using the word "hacker" in the current common meaning, pertaining to "black hat" hackers who use their skills to break into systems and access data and programs without the permission of the owners. We're well aware that the term originally referred to anyone with advanced programming skills, and that there are "white hat hackers" who use their skills to help companies and individuals protect against the black hats.

In fact, many IT pros don't even realize that their jobs involve ethical issues. Yet we make decisions on a daily basis that raise ethical questions.

What are the ethical issues?

Many of the ethical issues that face IT professionals involve privacy. For example:

* Should you read the private e-mail of your network users just "because you can?" Is it okay to read employees' e-mail as a security measure, to ensure that sensitive company information isn't being disclosed? Is it okay to read employees' e-mail to ensure that company rules (for instance, against personal use of the e-mail system) aren't being violated? If you do read employees' e-mail, should you disclose that policy to them? Before or after the fact?

* Is it okay to monitor the Web sites visited by your network users? Should you routinely keep logs of visited sites? Is it negligent to not monitor such Internet usage, to prevent the possibility of pornography in the workplace that could create a hostile work environment?

* Is it okay to place key loggers on machines on the network to capture everything the user types? Screen capture programs so you can see everything that's displayed? Should users be informed that they're being watched in this way?

* Is it okay to read the documents and look at the graphics files that are stored on users' computers or in their directories on the file server?

Remember that we're not talking about legal questions here. A company may very well have the legal right to monitor everything an employee does with its computer equipment. We're talking about the ethical aspects of having the ability to do so.

As a network administrator or security professional, you have rights and privileges