Ethics Unit-I-An Overview of Ethics

1.1 WHAT IS ETHICS? Each Society forms a set of rules that establishes the boundaries of generally accepted behavior These rules are often expressed in statements about how people should behave and they fit together to form the moral code by which a society lives. Definition of Ethics: Ethics is a set of beliefs about right and wrong behavior. Ethical behavior conforms to generally accept social norms, many of which are almost universal. A persons opinion of what representing ethical behavior is strongly influenced by a combination of family influences, life experiences, education, religious beliefs, personal values and peer influences. The Importance of Integrity (Honesty): As a child we may have been taught not to lie, cheat or steal or have anything to do with those who do. As an adult who makes more complex decisions, we often reflect on our principles when we consider what to do in different situations. Is it ok to lie to protect some ones feelings? Can we keep the extra change we received from a cashier who mistook our 100Rs with 200Rs? A person who acts with integrity (Honesty) acts in accordance with a personal code of principals- integrity is one of the cornerstones of ethical behavior. Example: we might believe it is important to do as our employer requests and it is fairly compensated for our work. However, if our employer insists that we should not report any overtime hours due to budget constraint a moral conflict arises. We can do as our employer requests or we can insist on being fairly compensated. Another form of inconsistency emerges if we apply moral standards differently according to situations. Example: we might consider it morally acceptable to tell a little white lie to spare a friend some pain or embracement. But would we lie to a colleague or customer about a business issue to avoid unpleasantness. Note: Many Ethical dilemmas are not about right verses wrong but involves choices between right verses right. Example: it is right to protect the Alaskan wildlife from being spoiled, and it is right to find new sources of oil to maintain U.S reserves, but how do we balance these two concerns? 1.2 ETHICS IN THE BUSINESS WORLD: Ethics has risen to the top of business agendas because the risks associated with inappropriate behavior have increased, both in their likelihood and their potential negative impact. Several corporate trends have increased the likelihood of unethical behavior. Employees, shareholders and regulatory agencies are increasingly sensitive to violations of accounting standards, failures to disclose continuous changes in business conditions to their investors and doing production of unsafe products. Such heightened vigilance raises the risk and financial loss to the companies who do not promote ethical practices.

1.2.1 Why Fostering Good Business Ethics is Important: Corporate have at least five reasons for promoting a work environment in which they encourage employees to act ethically when making business decisions: 1. To gain the Goodwill of the Community 2. To create an organization that operates consistently 3. To produce good business 4. To protect the organization and its employees from legal action
Page 1 of 18

5. To avoid unfavorable publicity. To gain the Goodwill of the Community o Although organization gives importance to earn profit or to provide services to customers they also have some basic responsibility in the society. o Their social responsibility includes making contribution to charitable organizations and non profit organizations. o The goodwill (Kindly Feeling) that socially responsible activities create will help the organizations to grow in their business. o Ex: a company known for treating its employees well will find it easier to compete for the best job candidates. o On the other hand companies viewed as harmful to their community may suffer a disadvantage. Creating Organization that operates consistently: Although each companys value system is different, many share the following values: o Operate with honesty and integrity, staying true to corporate principles o Operate according to standards of ethical conduct, in words and actions. o Treat colleagues, customers and consumers with respect o Accept personal responsibility for actions. o Value diversity. o Make decisions based on facts and principles. Good Ethics can mean Good Business: o In many cases, good ethics can mean good business and improved profits. o Companies that operate excellent services maintain their customers instead of losing them to the competitors. o Companies that develop and maintain strong employee relations suffer feour turnovers and enjoy better employee morality. Protecting the corporate and its employees from legal actions: o Identify its core beliefs. o Understand the strength and weakness, its culture and organizational capacities. o Scan its business environment, and find what pressure the organization faces. o Determine its goals and objectives and what outcome should be expected of the program. o Design, implement, and enforce a program that will exercise to prevent, detect and report criminal conduct in accordance with the law. o Regularly evaluate its programs to determine if it is effective or not. Avoiding unfavorable publicity: o The Public reputation of a company strongly depends on its stocks, customer feedback, the companys product and service, and the amount of support it receives from government corporate business partners. o Thus some companies are motivated to build strong ethical programs to avoid negative publicity. o If an organization is perceived as operating ethically, customers, consumers, business partners, shareholders, consumers advocates, financial institutions, and regulatory bodies will regard it more favorably. o Companies that operate unethically often suffer from negative consequences, and bad publicity. 1.2.2 Improving Corporate Ethics: The risk of unethical behavior is increasing, so the improvement of business ethics is becoming more important. The following are some of the actions corporate can take to improve business ethics. Appointing Corporate Ethics Officer: o Corporate ethics mainly include ethical conduct, legal compliance, and corporate social responsibility. o The primary function of a corporate ethics includes setting standards, building awareness, and handling internal reports. o The corporate officer is a senior-level manager who provides vision and direction in the area of business conduct. o Ethics officers come from diverse backgrounds such as legal staff, human resource, finance, auditing, security etc. o Their role includes integrating their organizations ethics and values, business conduct practices o Typically the ethical officer tries to establish an environment that encounters ethical decision making.
Page 2 of 18

Ethical Standards Set by Board of Directors: o The board of directors is responsible for the careful and responsible management of an organization. o In a for-profit corporation, the boards primary objective is to manage business activities which benefit all the stakeholders, shareholders, customers, consumers and social society. o In a nonprofit organization the board reports to a different set of stakeholders, particularly the local community that the nonprofit serves. o Board is not responsible for day to day management. o Board is responsible for supervising the management team. Establishing a Corporate Code of Ethics: o A code of ethics highlights organizations key ethical issues, values and principles that are important to the organization and its decision making o The code frequently includes a set of formal, written statement about the purpose, organization, its values and the principles. o An organizations code of ethics applies to its directors, officers, and employees. o The code of ethics should focus employees on areas of ethics n fostering cultural honesty, and accountability in an organization. o The code of ethics helps employees behave in an ethical manner. Conducting Social Audits: o An increasing number of companies conduct social audits of their policies and practices. o In social audit, companies identify ethical mistakes what they had done in the past to avoid future. o Example: each year Intel sets social responsibility goals and tracks results against those goals. o Intels annual report on its social responsibility will be shared with employees, shareholders, investors, customer, suppliers, and government officials. Requiring Employees to Take Ethics Training: o The ancient Philosophers believed that personal belief about right and wrong behavior could be improved through education. o People can continue their moral development through Education that involves critical thinking and complex issues. o Organizations should show employees examples of how to apply the code of ethics in real life. o Giving Ethical education programs will encourage the employees to act ethically

Including Ethical Criteria in Employees Appraisals: o Employees are increasingly evaluated on their demonstration of qualities and characteristics. o Example: In many companies employee appraisal will be evaluated on employees treating with others fairly and operating effectively, working good in multicultural environment, meets the business needs, continually developing themselves and helping others to develop etc. o These factors are considered along with more traditional criteria used in performance appraisals like successful completion of project contribution to business aheads, maintenance of good customer relationships etc. 1.2.3 When Good Ethics Result in Short Term Losses: Operating ethically does not always guarantee business success. Many organizations have found that the business as usual climate in some foreign countries can place them at a significant competitive disadvantage. 1.2.4 Creating an Ethical work Environment: Most Employees want to perform their job successfully and ethically, but good employees make sometimes bad ethical choices, Employees in highly competitive workplace often feel pressure from aggressive competitors, unrealistic budgets, tight deadlines, bonus for meeting performance goals. Employees may also be encouraged to do whatever it takes to get the job done.
Page 3 of 18

Such environment can make some employees feel pressure to engage in unethical conduct to meet management expectations. 1.2.5 Ethical Decision Making: Often in business the ethically correct course of action is clear and easy to follow. Exceptions occur however when ethical facts come into conflict with practical demands business. Dealing with these situations is challenging and can even be risky to ones career. Seven steps are summarized below which explains how decisions to be taken: i) Get the facts. ii) Identify stakeholders and their positions. iii) Consider the consequences of our decisions. iv) Weigh various guidelines and principles v) Develop and evaluate options vi) Review our decision. vii) Evaluate the results of our decision. Getting the Facts: o Innocent situations can often become unnecessary controversies because no one bothers to check the facts. o Example: we might see our boss receive an application form from an applicant and he throws that in the dustbin ones the applicant leaves, actually our boss has to keep the report for at least a period of one year according to rules. We could report to our boss to failure in policies. We could be surprised to find actually the situation is different it is not applicant it is a salesman who approached our boss in promoting a product for which the company had no use, and the application was marketing literature. Identify the stakeholders and their positions: o A stakeholder is someone stands to gain or lose from how a situation is resolved. o Stakeholders are the people who are going to get affected with the decisions made by the employees. o Identifying the stakeholder helps we better understand the impact of decision and could help we make better decisions. o We need to find the details about stakeholders like, what is at stake for each stakeholder? what does each stakeholder value, and what outcomes does the stakeholder want? Etc.

Considering the consequences (results) of our decision: o Often our decision directly affects we, although we must guard thinking too narrowly and focusing on what is best for we. o Another perspective is considering the harmful and beneficial effects our decision might have on the stakeholders. o A third perspective is to ask whether our decision will help the organization meet its goals and objectives. o Finally we should consider our decisions effect on broader community of other organizations and institutions, the public and the environment. Weighting various Guidelines and Principles: o Do any laws apply to our decision? o We certainly dont want to violate a law that can lead to a fine or imprisonment for ourself or others. o If the decision does not have legal implication, what corporate policies or guidelines apply? o What guidelines does the corporate code of ethics offer? o Below are philosophers approach to deal with moral issues: Philosophers theory for ethical decision making: Virtue ethics approach Utilitarian approach Fairness approach Common good approach
Page 4 of 18

Virtue ethics approach: Virtue ethics focuses on how we should behave and think about relationship if we are concerned with our daily life in a community. Utilitarian Approach: This approach to ethics decision making states that we should choose the action or policy that has best overall result for all people who are directly or indirectly affected. Fairness Approach: This approach focuses on how fairly actions and policies distribute benefits and burden of people affected by the decision. Common good approach: This approach to decision making is based on a vision of society as a community whose members work together to achieve a common set of values and goals. Developing and evaluating Options: o In many cases we can identify several answers to a complex ethical question. o By listing the key principals that need to be applied for decision making, this helps we to select two to three best options. o Options we select must be ethically defensible. Reviewing our Decision: o Is the decision consistent with our personal values as well as those of organization? o How would coworker, stakeholder, business partners, friends and family regard our decision? o Would we see our decision is right, good and fair? Evaluating the Result of our Decision: After the organization implements the decision, monitor the result to see if it achieves the desired result and observer its impact on employees and other affected parties. 1.3 ETHICS IN INFORMATION TECHNOLOGY: The growth of the Internet, the ability to capture and store vast amount of personal data online and greater trust on information system in all aspects of life have increased the risk if using information technology unethically. Example: that raises public concern about the ethical use of information technology. o Millions of people have use peer to peer network download music and movies at no charge and in apparent violation of copyright laws. o Organizations contact millions of people worldwide through unsolicited e-mails (spam) at an extremely low cost. o Hackers break into database of financial institutions and steal customer information, then, then use it to commit identity theft, opening new account and charging purchases to unsuspecting victims. o Student around the world have been caught downloading material from the internet and cheating in downloading the content of question papers. o Website plant cookies or spyware on visitors hard drives to track their internet activities. o The general public has not realized the critical importance of ethics as they apply to IT. o In the corporate world, important technical decisions are often left to the technical experts. o General business manager must assume greater responsibility for these decisions, but to do so they must be able to make broad minded objective, ethical decisions based on technical knowledge and business knowledge. o They must also try to create a work environment in which ethical dilemma can be discussed openly, objectively and constructively.

Notes Helpful for Exams (points to be remembered)

1) WHAT IS ETHICS? 2) The Importance of Integrity (Honesty): 3) ETHICS IN THE BUSINESS WORLD: I. Why Fostering Good Business Ethics is Important: 1. To gain the Goodwill of the Community 2. To create an organization that operates consistently 3. To produce good business
Page 5 of 18

4. To protect the organization and its employees from legal action 5. To avoid unfavorable publicity. II. Improving Corporate Ethics: 1 Appointing Corporate Ethics Officer: 2 Ethical Standards Set by Board of Directors: 3 Establishing a Corporate Code of Ethics: 4 Conducting Social Audits: 5 Requiring Employees to Take Ethics Training: 6 Including Ethical Criteria in Employees Appraisals III. When Good Ethics Result in Short Term Losses IV. Creating an Ethical work Environment: V. Ethical Decision Making a) Get the facts. b) Identify stakeholders and their positions. c) Consider the consequences of our decisions. d) Weigh various guidelines and principles e) Develop and evaluate options f) Review our decision. g) Evaluate the results of our decision. ******************************************************************************* Unit-II ETHICS IN IT-PROFESSIONALS AND IT-USERS

Ethics for IT Professionals and IT Users

OBJECTIVES: What key characteristics distinguish a professional from other kinds of workers, and what is the role of an IT professional? What relationships must an IT professional manage, and what key ethical issues can arise in each? How do codes of ethics, professional organizations, certification, and licensing affect the ethical behaviour of IT professionals? What are the key tenets of four different codes of ethics that provide guidance for IT professionals? What are the common ethical issues that face IT users? What approaches can support the ethical practices of IT users? 1.1 IT PROFESSIONALS A Professional is a calling that requires specialized knowledge and often long and complete academic preparation. The U.S Code of Federal Regulations defines a person Employed in a professional capacity as one who meets these four criteria. 1) Ones primary duty consist of Performance of work requiring knowledge of an advanced type in a field of science or learning 2) Ones instruction, study, or work should be original. 3) Ones work is strongly knowledgeable and that exercises discretion and judgm ent. Example Accountants, Doctors, Lawyers 4) Ones work is predominantly intellectual and varied in character, which cannot be generalized. 1) Are IT Workers Professionals? IT PROFESSIONALS: Many Business workers have duties, backgrounds, and training that qualifies them to be classified as Professionals. o One could argue however, that not every IT role requires knowledge of an advanced type in a field of science. o According to U.S Code of definition, IT professionals are not recognized as professionals because they are not licensed. Partial list of IT specialists Programmers Systems analysts
Page 6 of 18

 Software engineers Database administrators Local area network (LAN) administrators Chief information officers (CIOs) Legal perspective IT workers are not recognized as professionals Not licensed IT workers are not liable for malpractice 2) Professional Relationships that must be managed: IT Professionals typically become involved in many different relationships, In each relationship an IT Professional should act honestly and appropriately. Ethics has to be maintained in these relationships. IT professionals have many different relationships with: Employers Clients Suppliers Other professionals IT users Society at large Relationship between IT Professional and Employers: IT Professional and employers have a critical, strong relationship. An IT professional and employer discuss and agree upon fundamental aspects of this relationship before the professional accepts an employment offer. These issues include job title, general performance expectations, specific work -responsibility, dress code, location of employment, salary, working hours, etc. Example: whether an employee can leave early one day if the time is made up on another day. Some aspects are addressed to law, for example: an employee cannot be required to do anything illegal, such as falsify the result of a quality assurance test. IT professionals must set an example and enforce policies regarding the ethical use of IT Software piracy is the act of illegally making copies of software or enabling others to access software to which they are not entitled Software piracy is an area in which IT professionals can be tempted to violate laws and policies The Business Software Alliance (BSA) is a trade group that represents the worlds largest software and hardware manufacturers Its mission is to stop the unauthorized copying of software produced by its members Trade secret Information used in business Generally unknown to the public Company has taken strong measures to keep confidential Whistle-blowing Attracts attention to a negligent, illegal, unethical, abusive, or dangerous act that threatens the public interest Relationship between IT Professional and clients: In relationship between IT professional and clients, each party agrees to provide something of value to the other. Generally speaking the IT professional provides hardware, software or service at a certain cost, within a given time. IT professional provides Hardware, software, or services at a certain cost and within a given time frame Client provides Compensation Access to key contacts Work space
Page 7 of 18

Relationship is usually documented in contractual terms, This relationship is usually documented in a contractual terms, who does what, when the work begins how long it will take, how much client pays and so on. Ethical problems arise if a company recommends its own products and services to remedy problems they have detected A company is unable to provide full and accurate reporting of a projects status

Legal Overview: Fraud, Misrepresentation, and Breach of Contract Fraud -Crime of obtaining goods, services, or property through deception or trickery Fraud is proven in court Breach of contract -One party fails to meet the terms of a contract IT projects are joint efforts in which vendors and customers work together Difficult to assign blame Relationship between IT Professionals and Suppliers: Develop good relationships with suppliers Deal fairly with them Do not make unreasonable demands Bribery -Providing money, property, or favors to someone in business or government to obtain a business advantage U.S. Foreign Corrupt Practices Act (FCPA) makes it a crime to bribe a foreign official, a foreign political party official, or a candidate for foreign political office At what point does a gift become a bribe? No gift should be hidden as Perceptions of donor and recipient can differ IT Professionals deal with many hardware, software, and service providers. IT professionals must keep good relationship with supplier, by dealing very fairly and not making unreasonable demands. Threatening to replace a supplier, who cant deliver needed equipment tomorrow, when the normal industry lead time is one week, is aggressive behavior that does not help a working relationship. Supplier also tries hard to maintain positive relationships with their customers to make and increase sales. Sometimes their actions to achieve their goals might be unethical. Example: They could offer an IT professional a gift that is actually intended as a bribe. Clearly, IT Professional should not accept a bribe from a vendor. Relationship between IT Professional and Other Professionals: Professionals owe each other adherence to a professions code of conduct Ethical problems between members of the IT profession Rsum inflation Inappropriate sharing of corporate information Professionals feel a degree of loyalty to the other members of their profession. As a result they always help each other and slow to criticize each other in public. Professionals have interest in their own profession as a whole A number of Ethical Problems can arise between members of the IT profession One of the most common is resume inflation, which includes lying on a resume and claiming competence in an IT skill that is in high demand. Relationship Between IT Professional and IT Users: IT user is a person for whom a hardware or software product is designed IT professionals duty Understand users needs and capabilities Deliver products and services that best meet those needs Establish an environment that supports ethical behaviour by users Actions of an IT professional can affect society
Page 8 of 18

The term IT User distinguishes the person from whom a hardware or software product is designed from the IT Professional who develop, install, service, and support the product. IT Professionals have to understand a users need and capabilities and to deliver products and services that best meet the needs of users. Relationships between IT Professionals and Society: Regulatory laws establish safety standards for products and services to protect the public. However these laws are less than perfect and they fail to safeguard against all negative side effects of product or process. The society not only expects members of a profession not to cause harm, but to provide significant benefits. Example: a system analyst may design a computer based control system to monitor a chemical manufacturing process. A failure or error occurs in the system may put workers or residents near the plant at risk. 1.2 THE ETHICAL BEHAVIOR OF IT PROFESSIONALS Corporations are taking actions to ensure good business ethics among employees 1.2.1 Professional Codes of Ethics: A professional code of ethics states the principles and core values that are essential to the work of a particular occupational group. Example: Doctors stick to varying versions of the 2000-year-old Hippocratic Oath, with medical schools offer an affirmation to their graduating classes. Most codes of ethics created by professional organizations have two main parts. The first outlines what the professional organization aspires to become, and the second typically lists the rules and principles by which members of the organization expected to follow. i )Main parts: Outlines what the professional organization aspires to become Lists rules and principles by which members of the organization are expected to abide ii) Benefits for individual, profession, and society Improves ethical decision making Promotes high standards of practice and ethical behaviour Enhances trust and respect from the general public Provides an evaluation benchmark Promotes high standard of practice and ethical behavior Note: laws do not provide a complete guide to ethical behavior. Just because an activity is not defined as illegal does not mean it is ethical. One cannot expect professional ethical code to provide answer to every thing However practicing according to a professional code of ethics can produce many benefits for the individuals, professionals and society as whole. 1.2.2) Professional Organizations a) Professional Organizations: No IT Professional organization has emerged to excelling others, so there is no universal code of ethics for IT professionals. No single, formal organization of IT professionals has emerged as preeminent However the existence of such organizations useful in a field that is rapidly growing and changing. IT Professionals need to know about new development in the field, which require networking with others, finding new ideas, and building personal skills and expertise. In recognition for the need for professional standards of competence and conduct. Many organizations have developed a code of ethics. Four most prominent IT professional organizations are 1. Association of Computing Machinery (ACM) 2. Association of Information Technology Professionals (AITP) 3. Computer Society of the institute of Electrical and Electronics Engineers (IEEE-CS) 4. Project Management Institute (PMI)

Page 9 of 18

b) Certification: Indicates a professional possesses a particular set of skills, knowledge, or abilities in the opinion of a certifying organization Can also apply to products Generally voluntary IT related certifications typically carry no equipment to stick to a code of ethics. Carries no requirement to adhere to a code of ethics Vendor certifications a. Some certifications substantially improve IT workers salaries and career prospects b. Relevant for narrowly defined roles i. Or certain aspects of broader roles c. Require passing a written exam d. Workers are commonly recertified as newer technologies become available c) Industry association certifications a. Require a certain level of experience and a broader perspective than vendor certifications b. Lag in developing tests that cover new technologies Numerous companies and professional organizations offer certifications, and opinions are divided on their values. Many employers view them as benchmarks that indicate mastery of defined set of basic knowledge. On the other hand some may disagree because the candidate may not have experience of it. Certifications are again divided in to two types: Vendor Certifications: Many IT Vendors such as CISCO, IBM, Microsoft, Sun, and Oracle offer certification programs for their products. Workers who successfully complete a program can represent themselves as certified users of manufacturers products. Industry Associated Certifications: Certifications from industry associations generally require a certain level of experience and a broader thinking than vendor certifications; however they often lag in developing tests that cover new technology. The trend in IT certification is to move from purely technical content to a broader mix of technology, business and behavioral competence, which are required in todays competence. 4) Government Licensing: Some Professionals must be licensed to prove that they can do their work ethically and safely, including certified public accountants, Lawyers, Doctors, various types of medical and day care providers, and some engineers. People cannot call them as professionals unless they are licensed. Most countries have similar laws. Generally administered at the state level in the United States Case for licensing IT professionals Encourage IT professionals to follow the highest standards of the profession Practice a code of ethics Violators would be punished Generally administered at the state level in the United States Case for licensing IT professionals Encourage IT professionals to follow the highest standards of the profession Practice a code of ethics Violators would be punished The case for licensing IT Professionals The days of simple, stand-alone information system are over. Modern systems are highly complex. Enterprise resource planning Systems (ERPs) help multimillion-dollar companies control all their business functions. Complex computers and information systems manage and control the nuclear reactors of power plants that generate electricity for cities.
Page 10 of 18

As a result of the increasing importance of IT in our everyday lives, the development of reliable, effective information systems had become an area of mounting public concern. This concern had led to a debate whether the licensing if IT professionals would improve information system. Proponents argue that licensing would strongly encouraged IT professionals to follow the highest standards of the profession and practice a code of ethics, and that licensing would allow violators to be punished. Issues Associated with Governing Licensing of IT Professionals There are very few international or national licensing programs for IT professionals, for many reasons. 1) There is no universally accepted core body of knowledge. 2) It is unclear who should manage the content and administration of licensing exams. 3) There is no administrative body to accredit professional education programs. 4) There is no administrative body to assess and ensure competence of individual professionals. 1.3 Common Ethical Issues for IT Users: IT Professional Malpractice: Negligence has been defined as not doing something that a reasonable man would do, or doing something that a reasonable man would not do Duty of care refers to the obligation to protect people against any unreasonable harm or risk Courts consistently reject attempts to sue individual parties for computer-related malpractice Employees ethical use of IT is an area of growing concern Common Ethical Issues for IT Users: Software piracy Inappropriate use of computing resources Inappropriate sharing of information Private data Confidential information Software Piracy: IT Users are the ones who committed software piracy. A common violation occurs when employees copy software from their work computers for use at home. It is still called as piracy if they had not paid for it. Inappropriate Use of Computing Resources: Some employees use their computers to brows some of the popular websites that have nothing to do with their jobs. These activities eat away at worker productivity and waste time. Inappropriate Sharing of Information: Every organization stores vast amount of information that can be classified as either private or confidential. An IT User, who shares this information with unauthorized party, has violated someones privacy. Example: if an IT users saws his coworkers salary records and shares it with another then it would be a clear violation of the workers privacy. 2. Supporting the Ethical practices of IT Users: Policies that protect against abuses: Establish boundaries of acceptable and unacceptable behaviour Enable management to punish violators Policy components include: Defining and limiting the appropriate use of IT resources Establishing guidelines for use of company software Structuring information systems to protect data and information Installing and maintaining a corporate firewall The growing use of IT has increased Ethical problems; so many organizations are planning to develop certain policies that protect against these problems. Although no policy can stop wrongdoers, it can set responsibilities on IT users, and enable management to punish violators. The following actions when creating an IT usage policy: Page 11 of 18

Defining and limiting the appropriate use of IT Resources: Companies must develop, communicate, and enforce written guidelines that encourage employees to respect corporate IT resources and use them to enhance their job performance. Effective guidelines prohibit employees from visiting objectionable internet sites or using company e-mail to send offensive or harassing messages. Establishing guidelines for use of company software: Company IT managers must provide clear rules that govern the use of home computers and associated software. Some companies negotiate contracts with software manufacturers and provide PCs and software so that IT users can work at home. Other companies help employees bye hardware and software at corporate discount rates. The goal should be to ensure that employees have legal copies of all the software they need. Structuring Information systems to protect Data and Information: Organizations must implement system and procedures that limit data access to employee who need it. Example: in Banks a teller should be able to see the account details of customers, but a payroll employee doesnt have any need to see the customer details as he is dealing with bank employee details. Installing and maintaining a corporate firewall: A firewall is a hardware or software device that serves as a barrier between a company and outside world and limits access to unwanted sites from internet. The firewall can be configured to serve as an effective factor to unauthorized web surfing. CONCLUSION: A professional from a legal standpoint Has passed the state licensing requirements Has earned the right to practice there IT professionals have many different relationships Each with its own set of ethical issues and potential problems Professional code of ethics States the principles and core values essential to the work of an occupational group Licensing and certification of IT professionals Many people feel that certification will increase the reliability and effectiveness of information systems Raises many issues IT-related professional organizations have developed a code of ethics Notes helpful in examination point of view

Unit III PRIVACY Introduction: The use of Information technology in business has made information about people to be gathered, stored, analysed and reported just by one swipe of a credit or debit card. This information is used to know the consumers purchasing habits and financial conditions. Organizations make use of various marketing strategies to target the potential buyers. This is against the privacy of an individual, But on the other hand organizations need the information about their customers to serve them better, so there should be a balance between those who gather and use the information against the rights of privacy. What is Privacy? Privacy words come from latin word 12rivates(separated from the rest), it can be broadly defined as the right to be left alone. Privacy may be defined as the claim of individuals, groups or institutions to determine when, how and to what extent information about them is communicated to others. Legal concept of privacy/Right of privacy: Privacy is the right of any individual to control the collection and use of information about themselves. Privacy has the following four aspects. Protection from unreasonable intrusion upon ones isolation, such as gathering of details about their web surfing habits etc.
Page 12 of 18

Protection from identity theft by inappropriate use of name or likeness. Example like stealing of credit cards, Social Security Number. Protection from unreasonable publicity of ones private life, such as revealing condition of health. Protection from unreasonable false information, such as giving false information about a person in the internet, media etc. What is Anonymity? Anonymity means that the real author of a message is not shown or his identity is hidden. Anonymity can be implemented to make it impossible or very difficult to find out the real author of a message. Key Privacy and anonymity issues: Government electronic surveillance Observing or listening to persons, places, or activitiesusually in a secretive or unobtrusive mannerwith the aid of electronic devices such as cameras, microphones, tape recorders, or wire taps. Four types of electronic surveillance are most prevalent: Wire Tapping Wire Tapping intercepts telephone calls and telegraph messages by physically penetrating the wire circuitry. Someone must actually tap into telephone or telegraph wires to accomplish this type of surveillance. Bugging Bugging is accomplished without the aid of telephone wires, usually by placing a small microphone or other listening device in one location to transmit conversations to a nearby receiver and recorder. Video Tapping: Video surveillance is performed by conspicuous or hidden cameras that transmit and record visual images that may be watched simultaneously or reviewed later on tape. Web Tapping Logging the IP addresses of users that access certain websites is commonly called web tapping. Data Encryption Cryptography : o Science of encoding messages o Only sender and intended receiver can understand the messages o Key tool for ensuring confidentiality, integrity, authenticity of electronic messages and online business transactions Encryption : o Process of converting electronic messages into a form understood only by the intended recipients. Encryption key: It is the Variable value applied using an algorithm to encrypt or decrypt text There are two types of Encryption keys used i) public Key ii) Private Key Public Key encryption: Public key encryption system uses two keys: to encode and decode messages. Message receivers public key readily available to all and anyone can use it to send a person encrypted messages. Message receivers private key kept secret, only the receiver will know and the owner of the message will use it to decode it to the original message. RSA a public key encryption algorithm Private key encryption system This system uses Single key to encode and decode messages Identity Theft: Identity theft occurs when someone steals key pieces of personal information to gain access to a persons financial accounts. Information includes: Name Address
Page 13 of 18

 Date of birth Social Security number Passport number Drivers license number Mothers maiden name Fastest growing form of fraud in the United States Lack of initiative in informing people whose data was stolen Phishing o Attempt to steal personal identity data o By tricking users into entering information on a counterfeit Web site o phishing a variation in which employees are sent phony e-mails that look like they came from high-level executives within their organization Spyware o Keystroke-logging software o Gets automatically downloaded to users computer without his/hers knowledge. o Creates a record of keystrokes entered in the system. o Enables the capture of: Account usernames Passwords Credit card numbers Other sensitive information o Operates even if an infected computer is not connected to the Internet Consumer Profiling Companies openly collect personal information about internet users when they register at Web sites, complete surveys, fill out forms, or enter contests online. Many companies also obtain information about Web surfers through the use of cookies. Cookies are the text files that a website puts on a users hard drive so that it can remember the information later. Companies also use tracking software to allow their Web sites to analyze browsing habits and deduce personal interests and preferences. Databases contain huge amount of consumer behavioral data. Types of data collected while surfing the web, surfing details etc.. and send it to advertising companies. Three Types of data is collected using Cookies, a method used to collect information from the user. i) Get data: sites visited by customer. Example: That the consumer visited an affiliated book site and requested information about the latest Dean Koontz book. ii) Post data: Data given entered by customer. Example: POST data is entered into blank fields on an affiliated Web page when a consumer signs up for a service, such as the Travelocity service that sends an e-mail when airplane fares change for flights to favorite destinations. iii) Click-stream data: Keeping track of all what the user viewed and sought. Four ways to limit or even stop the deposit of cookies on hard drives Set the browser to limit or stop cookies Manually delete them from the hard drive Download and install a cookie-management program. Use anonymous browsing programs that dont accept cookies. Treating consumer Data Responsibly When dealing with consumer data, it is required to avoid problems by taking consent from the consumer, before using details for marketing or for research.
Page 14 of 18

It can be done by appointing a Chief Privacy Officer(CPO) who has the power to stop illegal use of consumer data. Work Place Monitoring The employers have the right to monitor your activities in many situations at work place major. Monitoring includes: Recording CCTV cameras Opening mail or e-mail Check phone logs or recording of phone calls Videoing outside the workplace Checking the logs of website visited Some companies even do random drug test on their employees. Spamming Transmission of the same e-mail message to a large number of people Extremely inexpensive method of marketing Used by many legitimate organizations Can contain unwanted and objectionable materials Example: Some companies might send e-mail to customers to announce the release of their new product in an attempt to increase initial sales. Advanced surveillance technology: Camera surveillance: cameras fixed to stop illegal activities, by finding people who act suspiciously. i) Facial recognition software can be used to identify criminals and terrorists. ii) GPS(Global Positioning chips) can be placed in devices like cell phones to locate Users. ******************************************************************************************* Unit IV -SOFTWARE DEVELOPMENT
Objectives Why do companies require high-quality software in business systems, industrial process control systems, and consumer products? What ethical issues do software manufacturers face in making tradeoffs between project schedules, project costs, and software quality? Need for high quality software systems High quality s/w systems are easy to learn and easy to use. They efficiently meet the users needs. They are dependable. It is highly ethical for Software engineers to develop quality softwares. Impact of Quality Software A software defect is an error, which can cause software systems to halt without meeting the users need. Software error has to be detected and removed. Software errors can have minor or major consequences Software in dryer may cause clothes not being dried enough- Minor can be tolerated. Software in X-ray scanner may overexpose patient to powerful X-rays major cannot accept, as it is deadly. High-quality software systems operate safely and dependably have a high degree of availability required to support the fields of - air traffic control - nuclear power - automobile safety - health care - military and defense - space exploration Key Issues in Software Development Ethical decisions involve: Page 15 of 18

 Quality Management which defines the measure of quality in the development process. tradeoff between quality and other factors, such as ease of use, time to market, and development costs. some managers may have a short-term profit-oriented view others may prefer the more ethical view of delivering high-quality software need to also review legal implications of software errors Liability/Responsibility Software product liability accidents due to software errors may result in lawsuits and punitive damages liability is commonly referred to as product liability there is no federal liability law, software liability falls under common law strict liabilty means manufacturer is responsible for regardless of negligence or intent but there are lines of defense against this responsibilty may be limited to harmful defects that could have been detected through reasonable software practices there is also the concept of contributory negligence (e.g., accidentally cut finger using nail clippers) warranty also protects consumer, but may be hard to read

Reasons For Software Defects 1) Inexperienced or quality-ignorant software coding quality software evolves right from the start but few have the conscience to do it 2) Human error programmers inject one defect for every 10 lines of code e.g., Windows XT, 400 M lines of code, even if 99.9% was clean there still would be 1 bug per 10,000 lines of code large software still contains thousands of bugs 3) Time pressure competition requires fast delivery of the product with more features A patch is a fix for an software error, Many think software errors can be patched. Consequences of a Software defect could cause a system to fail to meet users needs impact may be trivial or very serious even patches may contain (new) defects Software quality degree to which software meets the needs of users testing done by customers.. some avoid buying the first version Strtegies for developing Quality Software More and more users are demanding high-quality software Quality Management measures the quality of software in the development process. The objective is to deliver high quality software. Various strategies are adopted 1. Following a proper/accepted standard software development methodology. 2. Ensure Quality Assurance at each stage of software development. 3. Detecting an error early and fixing it early. 4. Testing the product before delivering it to the customer. 5. Document the various stages of software development to ensure quality. Quality Software Development Process i) Following a proper/accepted standard software development methodology: It is safe to follow a proper and accepted software development methodology where the software is developed in controlled and orderly way. These methods are proven where negligence can be avoided.

Page 16 of 18

ii)

Ensure software quality assurance: It refers to methods in development cycle that guarantee reliable operation of the product. Quality assurance is applied in each stage of the development cycle, where standard methods are applied to ensure software quality. iii) Detecting an error early and fixing it early: it is Safer and cheaper to avoid software problems at the beginning than to attempt to fix damages after the product is delivered. identify and remove errors early in the development process is a - cost-saving measure 100 times less cost when bug is detected early before product roll-out - most efficient way to improve software quality - bug effect (and its fix) may ripple through large pieces of the software iv) Testing : This is one of the proven methods for quality assurance. Types of Testing Dynamic testing: software is developed in units called subroutines or programs. These units are integrated to form a large system. Each unit of code is tested with actual test data and compare results with expected results. This is called dynamic testing. Black-box testing - want code to demonstrate expected output behaviour for all input data in test Suite. - tester has no knowledge and structure of code. White-box testing (tester has knowledge of code) - testing all possible logic paths through the software unit - with thorough knowledge of the codes logic paths - make each program statement execute at least once - for example, for program to calculate employee gross pay, The test case would be for less than 40 hours and test case for more than 40 hours. to check calculations for overtime pay

Other Types of Testing Static testing static analyzers are run against the new code - looks for suspicious patterns in programs that might indicate a defect Integration testing after successful unit testing, software units are combined into an integrated subsystem ensures that all linkages among various subsystems work Successfully System testing after successful integration testing various subsystems are combined tests the entire system as a complete entity User acceptance testing independent testing performed by trained end-users ensures that the system operates as they expect Safety-Critical Systems Consequences of software defects in certain systems can be deadly such systems are called Safety-critical systems. companies must take special precautions in developing Safety-critical system as failure may cause injury or death examples - automobiles antilock brakes - nuclear power plant reactors - airplane navigation - roller coasters - elevators - medical devices example: bug in Therac-25 radiation therapy machine 1985-87 - wrong sequence of menu selections caused large radiation dose to be delivered to the patient Key assumption safety will not automatically result from following the organizations standard development methodology Page 17 of 18

Software development measures for safety-critical systems: Safety-critical systems Must go through a more rigorous and time-consuming development process than other kinds of software All tasks require additional steps more thorough documentation more checking and rechecking Project safety engineer takes care of safety of the machines. explicit responsibility for the systems safety uses a logging and monitoring system to track hazards from the projects start to finish Hazard log used at each stage of the software development process assesses how it has accounted for detected hazards Safety reviews held throughout the development process Robust configuration management system tracks all safety-related documentation Formal documentation required including verification reviews and signatures Key issue deciding when Quality Assurance staff has performed enough testing Risk probability of an undesirable event occurring times the magnitude of the events consequences if it does happen consequences include - damage to property - loss of money - injury to people - death Quality Management Standards i) ISO 9000 standard guide to quality products, services, and management organization must submit to an examination by an external assessor requirements: - written procedures for everything it does - follow those procedures - prove to the auditor the organization fulfilled the first two requirements ii) Failure mode and effects analysis (FMEA) important technique to develop an ISO 9000 compliant system used to evaluate reliability determine the effect of system and equipment failures goal: identify potential design and process failures early in a project ii) Failure mode and effects analysis (FMEA) Failure mode: - describes how a product or process could fail Effect - adverse consequence that a customer might experience seldom is a one-to-one relationship between cause and effect Quality Management Standards DO-178B/EUROCCAE ED-128 evaluation standard for the international aviation community developed by Radio Technical Commission for Aeronautics (RTCA)

Page 18 of 18