In a situation where a software engineer is asked to design a system with inherent security vulnerabilities, many ethical issues involving several stakeholders are encountered. Diane Jones is the owner of a software development company that has been contracted to engineer a database management system for the personnel office of a medium-sized toy manufacturing company. Management members of the toy manufacturer involved with Diane in the design of the system include the CEO, the director of computing, and the director of personnel. The database system will contain sensitive information pertaining to the employees of the toy manufacturer.
Weak security for personal data concerning employees of the toy manufacturing company creates an alarm for the software development team. This information includes medical records for insurance claims, performance evaluations, and salary information. Therefore, an ethical dilemma occurs when the toy manufacturing company is persistent in constructing an ineffectual security system in order to provide short-term financial reprieve.
The software development company and the individuals involved on this project risk a negative impact upon their reputation if the system requested from the client is fundamentally flawed, thus creating a public image relaying their inability to produce quality software that is of the highest security standards. Ms. Jones has the right to express her concern to her employer and thereby a responsibility as an ethical software engineer to attempt to convince the personnel office for the toy manufacturer to adopt a more secure system despite the increased expenditure. The previously mentioned upper management members of the toy manufacturing company involved i...
... middle of paper ...
...in order to properly secure the restricted data contained within the system. The software development team carefully explains the danger of compromised data both in the form of a technologically proficient employee along with the potentially greater and more damaging theft of data perpetrated by online hackers. Financial loss due to inadequate data storage and security is also explained to the client. The goal of this explanation is the realization that an increased preliminary investment may ultimately be significantly less expensive than a breach of an insecure system. In the event the client is unable or unwilling to modify the structure of the system, the recommended course of action is for the software development team to decline implementation of the system with consideration to the consequent damage to the repute of the software development organization.
“Engineering has a direct and vital impact on the quality of life for all people.” 1 It is by this premise that engineering codes of ethics have been written to outline professional standards for both managers and engineers. Exhibiting the highest standards of honesty and integrity are imperative for the protection of public health, safety, and welfare.2 When ethical principles are compromised, the risk of endangering others greatly increases, especially with mission and safety critical systems. Extreme consequences include not only complete mission failures and great financial loss, but also fatalities. Though most engineering accidents are associated with aerospace, mechanical, civil, or even electrical engineering (due to the nature of these disciplines such that the end products are actually tangible objects), an increasing number of accidents in software engineering have brought attention to the importance of ethics in information technology.
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
We all love computers; people store important information on their computers whether it is a business or one’s home. Businesses have confidential information stored on their computers.
In this case, a large health services organization (HSO) in Florida, that has a world-renowned AIDS treatment center had information breach of 4,000 HIV+ patient records, and the list was sent to newspapers, magazines, and the internet. Consequently, this issue was featured in every media vehicle in the world and as CEO, you are requested by the board of trustees to come up a better management information system (MIS) to resolve all information security issues or you will face termination. After hiring an undercover computer security consultant to help determine where the security leak came from, she quickly identifies numerous breaches in computer security and provides a report with the issues identified. The report furnished by the consultant revealed that facility had major problems with the MIS and the staff. In order to determine how to address the issues, the CEO must first answer the following questions: what law is being violated by the employees, why was this law enacted, what are the penalties for such violations, what are the penalties for sharing celebrity information, and should he be updating his resume and looking for another job (Buchbinder, 378).
The background of the project is that Flayton Electronics faced an eminent problem when it is discovered that there might be a possible breach in their security and the privileged customer information has been compromised. A bank informed the firm that credit card information of the several customers had been leaked and there have been possible fraudulent transactions taken place. The CEO of the firm, Bret Flayton is faced with the challenge of making a tough decision and deciding what to do next. The firm is exposed to various risks and needs to develop a risk management plan in order to manage and mitigate the potential risks that threaten the firm.
Source code is the lifeblood of all high tech software organizations. If it falls into the wrong hands, a company will very likely experience damagingly costly repercussions. As a result, most tech companies invest a relatively large chunk of their revenues into network security.
Engineers are expected to constitute their professional decisions through the engineering code of ethics. But what is the right decision when their judgment is overruled by securing their employer’s profit under circumstances that endanger their customer’s property? This was Shane’s dilemma when 1 out of 150 chips were found defective in his chip production line. Discarding the defective chips was generating an $8,671.00 loss to the company; thus Rob, his manager, proposed to release all chips to the market without previous quality control. As an engineer, Shane must protect his employer’s reputation, his customer’s welfare, and ultimately, the safety and public health. He must not follow Rob’s recommendation of ceasing quality control in his production line because this would threaten the three entities that the engineering code of ethics requires him to protect.
In this case study, I aim to present the recent issue about Cyber security, protecting client’s private data and information through the controversial Apple and
Whitman, M., & Mattord, H. (2011). Reading & cases in information security: law & ethics. (2011 custom ed., p. 264). Boston, MA: Cengage Learning.
In my opinion, ethics give people free will to make right choices. People have free will to make choices that are governed with responsibility, accountability, and liability. We have a responsibility to perform in an ethical manner and be accountable for our choices or actions. Regardless of the circumstances and choices we make, there are consequences if we make the wrong choice. The question of whether an action or choice is ethical or not is fundamentally based on whether something is right or wrong. From an ethical standpoint, unethical choices and risky behavior can lead to increased liabilities. The liabilities result in the loss or damage sustained by a company or other party as result of an unethical and sometimes illegal decision. Although we exercise free will on a continuous basis, we are governed by the decisions we make and my belief is that the decisions we make daily do not just affect us. These decisions affect other people, such as family, friends, coworkers, instructors, neighbors, etc. The most prominent example of ethics can be recognized in the field of technology based on the growing amount of rapidly changing legislation and acts that under consideration in order to protect people from unethical practices.
The issue with tackling the ethical hacker scenario is that the event is almost entirely action based. There is no end to give meaning to the action and there is no finalized result or indication that it impacted happiness, which many ethical theories depend on. Namely consequentialism, utilitarianism and ethical egotism require an end result in one form or another. There is also no purpose in committing the hackings which makes applying moral theories that deal with motivation and intent, ethical egotism and aspects of virtue ethics, increasingly more difficult to do effectively. Therefore moral theories that apply almost exclusively to the action itself will be utilized in this argument.
When the internet was considered a global information system in 1995 millions of Americans participated in virtual communication. People began to communicate with each other and personal information began to be placed online by the stroke of the fingertips to their own computer. So the question is the privacy of individuals trusted online? Can people snoop around and see personal information? Of course people can if guidelines are not set in place to protect them. Public and private information can be complex when some individual(s) do not expect their communication to be read outside of their online community. What will be discussed are some ethical responsibilities that need to take place in the United States. Respecting the individual privacy and honor confidentiality is a must in this country.
[7] Garret, R.o.n. & Lewis, J.e.n.n.i.f.i.e.r. (n.d.). Ethical issues in Software development. Retrieved from http://www.scribd.com/doc/10880744/Ethical-Issues-in-Software-Development
Engineering ethics focuses on the behavior of the individual - the engineer, and the development of ethical standards governing their professional activities. Engineering ethics has always existed as a set of rules or a system that governs the behavior of an engineer. Among its main provisions, we can attribute such as the need to faithfully perform engineering work that would bring welfare and do not cause harm to people; be accountable for engineering professional activities; a good relationship ( customs and rules governing relations ) with other engineer, etc.
Ethics are the moral principles by which we govern our lives. Ethics are an important part society because without them the general population that we call society would behave no better than the general population in prison. With this said, Ethics in computing and information systems are the behaviors that are considered acceptable by users and the functionality of the system being used. The information that passes through an information system must be handled ethically to ensure the safety of the user and sensitive information. In addition to ethically handling, the information users must use the system ethically and the systems must be designed to protect against unethical usage.