Ethical Issues For IT Security Professionals

An article I read was about an IT company that is setting up different guide principles to assist in making decisions in the best interests of their clients, even if they might contradict what they might do in their personal lives. The decisions making was not made easily especially when two guiding principles come into conflict. This occurs when a certain situation calls for the worker to organize one ethical principle over the next and if one’s personal values come into conflict with the best practices outlined by their profession. Professionals whose job duties affect other lives usually receive, as part of their formal training, which addresses ethical issues that is common to their professions. This IT Company often has access to confidential data and knowledge about individuals and different company’s networks and systems that give them a great deal of power. That type of power can be abused in the workplace, either intentionally or accidental. But there are no specific training requirements for hanging out your brand as an IT security consultant. This article states that different associations and/or organizations for IT pros are beginning to address this ethical side of the IT job.

One of the main issues its okay to monitor the web sites visited by your network users. Do they considered that being negligent to not monitor? Such as internet usage to prevent the possibility of unacceptable sites used in the work place. The generation of network hackers, viruses and other threats to their IT infrastructures have caused many companies to be afraid about this matter. As a security and IT consultant, they at times have to play in that on that fear to convince companies to spend far more money than they really need to get that type of software that will certain virus and hackers. The common concept in any ethics discussion is the cause and effect. This pertains to the effort with which a person can go from doing something that does not really seem unethical, as far as scanning employees e-mail just for the fun of it or doing things that are extremely unethical, such as making little changes in their mail messages or reroute messages to the wrong recipient. When they were observing the list of the privacy issues, it was easier to justify each of the actions described. For example, the information you gained from reading someone's e-mail could be used to embarrass that person, or to gain a political advantage within the company, to get him/her disciplined or fired, or even for blackmail.

The concept can also go beyond using your IT skills. If it's Okay to read other employees' e-mail, you have to ask yourself is it also okay to go through their desk drawers when they aren't there? It just certain common courtesy you have to know about these different ethical situation in a workplace. Another example is, is it wrong for you to mark up the equipment and software that you get for the customer when you pass the cost through? Is it wrong to accept commissions from them for persuading your clients to go with their products etc.? All of these questions we have to ask ourselves if it’s okay to do all this disadvantages to get ahead the wrong way.

Another ethical issue involves promising more than you can deliver, or manipulating data to obtain higher fees. There are a lot of technologies/software’s that are free or even possibly cheap that people can utilize. You can install software’s and arrange the settings to make a client's network more secure and safer to utilize. However, people in IT can never make it completely secure nothing is 100% safe, but it’s a less chance to get your computer hacked. Another question you have to ask is it wrong to talk a client or a potential client into replacing their current firewalls with those of a different manufacturer, or switching to an open source operating system. Which changes, coincidentally will result in many more billable hours for you on the premise that this is the answer to their security problems in the near future.

By reading this article has it definitely had raised a lot of questions in the air, but has not attempted to provide set answers. I think management should develop, or adapt to, standards when developing software products. This means that every software product should be developed on time, and tested properly before it goes live, I know this happens every day in today’s word.