IT Security: Ethical Issues and Considerations for IT Professionals

Verified

Added on 2020/02/24

AI Summary

This essay delves into the ethical considerations surrounding IT security personnel, emphasizing the critical importance of data confidentiality in the context of consulting for IT firms. It highlights the potential for ethical breaches, such as the leakage of security strategies to competitors, and explores the power IT security professionals wield through access to confidential organizational data. The essay examines the ethical obligations of IT security professionals, including the implications of non-disclosure agreements and the demarcation between legal and ethical boundaries. It discusses scenarios involving conflicts of interest, such as working for competing firms and the potential for misuse of confidential information. The essay concludes by advocating for proactive measures to safeguard company information from unethical breaches, such as data encryption and monitoring of security instruments.

Running Head: ETHICAL ISSUES 1
Ethical issues for IT security personnel
<Student ID>
<Student Name>
<University Name>

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

ETHICAL ISSUES 2
Introduction:
Security consulting for IT firms can be associated with the paramount significance of
data confidentiality. It has been observed that multiple companies and even competing ones
are hiring similar IT companies and security consultants for their data encryption and system
security needs. However, the instances of leaks of security strategies to competitors leading
to breaches have created potential questions regarding the ethical concerns of IT security
consultants. IT security professionals are generally liable to access confidential data
pertaining to the networks and systems of the organization thereby anointing substantial
power in their hands (D.Shinder, 2005). The access to confidential data can be misused by the
person either inadvertently or knowingly on purpose. Thereby contemporary precedents for
associations between IT security consultants and firms have been largely aligned with the
preservation of ethical concerns of IT security.
Access to confidential information of an organization could lead IT security personnel
to leak it to another organization that may benefit from the data thereby leading to losses for
the former. The ethical aspect of the IT security process must be largely inclined towards
safeguarding the confidentiality of client’s network and system data. The prominent
references to training of IT security personnel in the comprehensive technical information
and skills also indicate the lack of information regarding the ways in which technology can
be misused. Majority of IT security personnel are not aware of the presence of ethical issues
and therefore they tend to oversee the crucial nature of ethical aspects in terms of job
performance (Johansen, 2015). Ethical concerns related to privacy have become more
prominent in the recent times especially with the notable examples observed in the feasibility
of reading private e-mail of network users, employee email and disclosure of vital company
information. It is also necessary to understand the demarcation between the legal implications
and ethical aspects of IT security since legal implications are realized through certain
precedents that dictate the approach for the organization to monitor every activity of the
employee with the computer equipment (McCrie, 2015).
While it is not ethically incorrect for an IT security professional to work for two
competing firms, there are no legal barriers for an individual to be employed as IT security
professional by two competing firms. It is also imperative to consider that the basic ethical
consideration for IT security personnel is to refrain from revealing information of one client
to other clients without specific permission. The implications of non-disclosure agreements

ETHICAL ISSUES 3
involved in contracts for IT security consultants are necessary for validating the mandate for
security. The personnel have to realize that despite the lack of formal requirement of legal
protection instrument, they are obliged to the ethical obligation of sustaining the privacy of
company information (Pollock, 2014). The plausible course of action in case of learning
about the things from one of the clients and communicating it to the other clients would be to
skip any ambiguities pertaining to loyalty and underlying factors that could draw towards
unethical behaviour. The utilization of information gained from client A to accomplish
benefits for the other client B could not be validated on the grounds of professional ethics.
Generally, such scenarios create potential indications towards proliferation of a real world
ethical dilemma and also have long term consequences (McCrie, 2015). For instance, the
transfer of confidential information to other company could lead to exposure of the valuable
trade secrets of an enterprise as well as the limitations on employment opportunities for
security personnel in the future. On the other hand, it can also be observed from a critical
perspective that confidential information of an enterprise indicating any violation of
government regulations or laws could be transferred to concerned government agencies
which would not be accounted as ethical violation (Pollock, 2014).
Conclusion:
Therefore, consultants as well as firms must undertake proactive approaches to
safeguard the company information from unethical breaches. Some of the essential measures
which could be initiated for ensuring compliance of IT security professionals with the ethical
obligations of data security include encryption of electronic copies of data, monitoring of
security instruments in industrial intelligence frameworks and refraining from
communication of physical copies of information.
References
D.Shinder (2005), ‘Ethical Issues for IT security professionals’. [Online]. Available
http://www.computerworld.com/article/2557944/security0/ethical‐issues‐for‐it‐
security‐professionals.html [Accessed 28‐July‐2017]
Johansen, R. (2015). Ethical Hacking Code of Ethics: Security, Risk & Issues. Viitattu
maaliskuu.
McCrie, R. (2015). Security operations management. Butterworth-Heinemann.