Ethical Issues for IT and
Information Security Professionals
Sandra J. Crossin
Information Security Management- MGMT 394
Embry Riddle Aeronautical University
This paper summarizes and evaluates an article addressing the ethical issues involved with being information security personnel. It will attempt to show several areas where ethics can become an issue and stimulate questions regarding activities that are not illegal, but in most cases are not ethical either. The Information Security industry does not have a specific and regulate “code of ethics” to the extent which physicians, attorneys, accountants or other professionals who have access to personal information do. This paper will attempt to evaluate whether or not such a code and its ensuing regulations should be developed.
Keyword: Information Security Personnel
Professionals such as doctors, lawyers, accountants and so forth, have jobs which allows them to have access to other ...view middle of the document...
This power can be abused either deliberately or inadvertently. With all this power there are still no standardized training requirements for “hanging out your shingle” as an IT security consultant or as an information security specialist within an organization. There are IT professional associations that address the ethical side of the industry; however, there are no requirements for IT security personnel to belong [ (Schinder, 2005) ].
The focus on education and training for an Information Security Specialist, as with most IT positions, focuses on the technical aspect of knowledge and skills. After the skills are learned there is very little light shed on how these abilities can be misused [ (Schinder, 2005) ].
Not only are the ethical aspects of personnel behavior an issue, the actions of the organization towards the information personnel’s privacy sometimes in question. It is not just about legal questions. An organization may have the legal right to monitor everything an employee does with its computer equipment, but what are the ethical aspects of having that capability?
Sometimes the “slippery slope” theory comes into play. It may be part of your job description to monitor other employee’s email, but what are your ethics in regards to the information you might find? Going through another employee’s email beyond what the job description requires is paramount to going through the individual’s desk or purses without their knowledge [ (Schinder, 2005) ].
Although this article raises some provocative questions regarding InfoSec personnel ethics, at this point in time, each individual information security professional must answer the question, “is what I am doing ethical?” However, until federal or state codes are developed and regulated, organizations can implement and perform strict screening guidelines at the time of employing InfoSec personnel in order to build their team with the candidates that appear to be the most grounded with personnel ethics. Organizations can also encourage their InfoSec employees to join professional organizations or associations that promote ethical work place behavior.
Schinder, D. (2005, July 19). Ethical Issues for IT Professionals. Retrieved from Security.Com Articles: http://www.windowsecurity.com/articles/Ethical-Issues-IT-Security-Professionals.html