Personal vs Professional Ethics in Information Security

Assignment Instructions

Write a paper of approximately 750 words on Information security addressing both personal and professional ethical issues. Include the following in your paper:

  • Ethical issues evident in the topic chosen
  • Effects on one’s personal and professional ethics
  • Evident resolution strategies that address the ethical dilemma(s)
  • Recommendations on changes that you would propose in order to minimize the identified ethical dilemmas

Include a minimum of 2–3 sources within your paper.

Sample Solution – Personal vs. Professional Ethics in Information Security

As a field of computer science, Information Security is concerned with the implementation and application of security features to provide protection against authorized manipulation, deletion, or disclosure of information or against denial of service to computer systems. Information security professionals attempt to attain this protection through various ways, many of which raise various ethical issues. This paper seeks to outline the effects of these issues on one’s professional ethics, evident resolution strategies that are used to address ethical dilemmas, as well as personal recommendations to minimize the pinpointed dilemmas. The author finds that many ethical issues in the field of Information Security are related to the aspects of access rights and privacy of information. He also finds that ignorance, accident, and intent are the leading causes of deterring unethical and illegal behavior.

Information Security (IS) professionals have a collective moral responsibility as part of their profession to protect information. Specific responsibilities are often outlined in the various codes of ethics that are used by different organizations. However, some of these codes rarely go into detail on the moral responsibilities of IS professionals. For instance, Information Systems Security Association (ISSA) code of ethics vaguely states that members should “perform all professional activities and duties in accordance with all applicable laws and the highest ethical principles”(Brey, 2007). As a result, many experts in such an organization and as well asthose in the IS field have to counter innumerable ethical issues and dilemmas regularly.

The first evident ethical issue is the use of data for morally “right” reasons but for ramifications that are legally “wrong.”The case of abduction is a common illustration. When a subject has been abducted, there is often a growing grassroots movement to attempt to publicize the event in order to intensify the efforts of finding the victim. A member of the organization at the IS company, probably from the board, may, in turn, send a request to a data handler asking them to publicize the information to every contact in the in-house CRM system. The message that should be publicized contains pictures and information that requests the receivers to contact the law enforcement department if they know the whereabouts of the victim. In this case, it might be a good action to send the message as instructed, however, the list of available contacts has not consented to receive such a message. Data protection laws may also prove the act to be illegal.

The second case involves disruption or removal of a valid right to protest. An electronic protest does not disrupt any information processing facilities in an organization. Moreover, employees have a free right to protest the perceived lack of accountability in any of the organization’s operations. Leaders may, however, attempt to request or command an IS professional to try and limit the exposure of such a protest in order to avoid the involvement of the press. This poses an ethical dilemma for the IS professional and a common ethical issue in many companies.

The last ethical issue in IS involves the infringement of people’s expected freedoms and privacy. There are many demonstrations of this ethical concern. Cases in point include being asked to check an email, web, or system activity for a specific user, being asked to implement a content filter to prevent certain activities, or being requested to limit theavailability of particular resources in order to prevent individual activities. These examples point to the fair usage of documents, employment contracts, and quality management systems, and might pose various ethical dilemmas for S professionals.

Some of the evident resolution strategies that are employed to tackle such ethical dilemmas involve the definition and application of the fundamental principles of the professional code of ethics as specified by organizations. A distinguished mark of IS profession is to act in accordance with the public interest to achieve universal objectives of the firm, organization, and the community in general. This includes all employees of the organization counting members of the managerial team. Since deterring unethical and illegal behavior is mainly caused by ignorance, accident, and intent(Warren et al., 2005), there are three major recommendations that this paper defends. First, IS organizations or departments should endorse reminders, awareness, and training programs on a regular basis to retain policy compliance. Second, careful planning and control arenecessary for the prevention of accidental modifications of data and systems. Lastly, the use of technical controls coupled with vigorous litigation are the best ways of tackling the problem of intent to cause harm.

Scroll to Top