Ethical Considerations for IT Security Personnel: An Analysis

Verified

Added on 2020/03/01

AI Summary

This essay delves into the ethical considerations that IT security personnel must navigate, emphasizing the importance of adhering to professional codes of conduct, such as the IEEE guidelines. It explores the complexities of managing multiple clients, highlighting the need to maintain integrity and service independence to avoid conflicts of interest and protect data privacy. The essay examines the ethical implications of sharing information or implementing solutions across different organizations, particularly concerning intellectual property rights and competitive advantages. It stresses the importance of understanding copyright laws and the potential consequences of inadvertently disclosing sensitive operational procedures. The analysis underscores the need for IT professionals to balance their responsibilities to multiple employers while upholding ethical standards and ensuring the confidentiality and security of client information. The essay concludes by reinforcing the significance of ethical conduct in delivering quality services and protecting the interests of all stakeholders involved.

Running head: ETHICAL ISSUES FOR IT SECURITY PERSONNEL 1
Ethical issues for IT security personnel
Name
Institution
Professor
Course
Date

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

ETHICAL ISSUES FOR IT SECURITY PERSONNEL 2
Introduction
IT professionals and consultants have to be guided by prescribed code of conduct in
their line of duty. According to Nemeth (2012), IEEE code of conduct for IT professionals
outlines various practices that has to be met by all IT consultants and professionals who work
for more than one client. All responsibilities to manage clients system and offer required
services are at hands of IT professionals but how they handle one client’s needs should differ
from the other. IEEE code of conduct that guides relationship between an IT consultant and its
clients stipulates that, all IT professionals should act in a manner that suites specific customer
and has to be consistent with public interests. In this regard, if an observation has been made
on client A during service delivery and can be useful in client B case, it would be best for the
consultant to use only when client B need arises. This would help in upholding integrity and
independence of the service delivery (Zafar & Clark, 2009). A requirement that works best in
scenario A may not work in scenario B because of the difference in nature of the business.
Identification
First, Greitzer & Frincke (2010) argues that, IT professionals has to maintain required
integrity and service independence when doing their personal judgment. This makes it clear
that, copying of ideas may work but in relation to IEEE standards, integrity and independence of
service delivery is very important when working for multiple clients. Similarly, privacy of
organization in regard to its operational procedures should not be exposed by IT professionals
owing to the facts that, they are solving problem by implementing technology from another
organization without approved copyrights (Davies, Hertig & Gilbride, 2015)
Analyze
Though working with multiple clients helps IT professionals coordinate their activities
well by learning from various environment, if it has to be done, it has to done when all
procedures and organizational system requirements are in place. The responsibility of keeping
what service provider has been implemented in other organization may not be ethical if it poses
great competition to latter organization. Professionally, it would be worthy to implement ideas
that have their origin from other organization because it infringes copyrights code of conduct

ETHICAL ISSUES FOR IT SECURITY PERSONNEL 3
(Siponen & Vance, 2010). Due to lack of knowledge and ignorance, some of IT consultants and
professionals have been copying what they learn from other clients without knowledge of the
first client Greitzer & Frincke (2010). It is important to understand rules that govern copyright
and innovation since innovation in one organization should not be implemented in another
organization without knowledge of the latter.
Additionally, it would not be professional to start implementing some ideas because it
may amount to loss of operational secrecy from one organization to the other. Mainly,
operational procedure of any business are determined by technology in place and duplicating
what has been learnt form one customer to the other may pose competitive problems in the
market (Dark, 2011). A good example is in manufacturing industry where several organization
produce almost related products are they severely compete in the market. As an IT consultant
to both organizations, borrowing of ideas related to technology and implementing them in
competitors system discloses ways of operation of one company (Davies, Hertig & Gilbride,
2015). In market environment, such an event may end up pushing one of the organizations out
of market without even the knowledge of IT personnel because the goal was to solve problem
but a lot of business secrets has been lost.
Evaluation/ Justification
As an employee of several organizations, determining what belongs to organization and
to individual as an employee is quite important because it helps in solving trades offs in service
delivery to specific client in relation to terms of agreement. As a system administrator in two
competing firms, knowing a secret on how company A secures its data is of important to me
and gives administrator more skills on how to handle data. If at the same time the same
administrator is working for company B and same methodology can applied to secure data, it
would be applicable to implement it in company B provided no technological infrastructure has
been imported from one firm to the other. In such a scenario, only technology can be employed
but not carrying physical assets such as software of company A for use in company B.
Technology transfer might be allowed but implementation capabilities be done in quite
different operational environment.

ETHICAL ISSUES FOR IT SECURITY PERSONNEL 4
Conclusion
IEEE principles of conduct has to be followed by all IT professionals irrespective of
number of employers being served. Where technology is being borrowed from one company to
the other, copyright rules should be followed. Best IT professional practices helps in delivering
quality services to all clients.
References
Dark, M. J. (2011). Information assurance and security ethics in complex systems:
Interdisciplinary perspectives. Hershey, PA: Information Science Reference.
Davies, S. J., Hertig, C. A., & Gilbride, B. P. (2015). Security supervision and management: The
theory and practice of asset protection.
Greitzer, F. L., & Frincke, D. A. (2010). Combining traditional cyber security audit data with
psychosocial data: towards predictive modeling for insider threat mitigation. Insider
Threats in Cyber Security, 85-113.
Nemeth, C. P. (2012). Private security and the law. Amsterdam: Elsevier Butterworth
Heinemann.
Siponen, M., & Vance, A. (2010). Neutralization: new insights into the problem of employee
information systems security policy violations. MIS quarterly, 487-502.
Zafar, H., & Clark, J. G. (2009). Current state of information security research in IS.
Communications of the Association for Information Systems, 24(1), 34.