Cyber Law & Professional

Ethics

bcanepaltu.com
1
bcanepaltu.com
2
bcanepaltu.com
3
• Course Objectives: The primary objective of this course is to provide
knowledge of cyber law, cybersecurity, privacy protection, intellectual
property protection, and ethics for IT professionals and IT
organizations.
• Student Evaluation:
• Class Performance (5)
• Attendance (5)
• Class Test & Terminal Exams (10)
• Assignments (5)
• Presentation (15)

bcanepaltu.com 4
Unit 1: An Overview of Ethics,
Ethics for IT Workers and IT
Users

bcanepaltu.com
5
What is Ethics?
• Ethics is a code of behavior that is defined by the group to which an
individual belongs.
• Ethical behavior conforms to generally accepted norms, which may
change over time to meet the evolving needs of the society or a group
of people who share similar laws, traditions, and values that provide
structure to enable them to live in an organized manner.
• Ethics help members of a group understand their roles and
responsibilities so they can work together to achieve mutual benefits
such as security, access to resources, and the pursuit of life goals.

bcanepaltu.com 6
• Morals are the personal principles upon which an individual bases his
or her decisions about what is right and what is wrong.
• They are core beliefs formed and adhered to by an individual.
• For example, many of us have a core belief that all people should be
treated with respect and this belief governs our actions toward others.
• Your moral principles are statements of what you believe to be rules of
right conduct.
• As a child, you may have been taught not to lie, cheat, or steal.

bcanepaltu.com 7
• As an adult facing more complex decisions, you often reflect on your
moral principles when you consider what to do in different situations:
• Is it okay to lie to protect someone’s feelings?
• Should you intervene with a coworker who seems to have a chemical
dependency problem?
• Is it acceptable to exaggerate your work experience on a résumé?
• Can you cut corners on a project to meet a tight deadline?
• As children grow, they learn complicated tasks—such as walking,
talking, swimming, riding a bike, and writing the alphabet—that they
perform out of habit for the rest of their lives.

bcanepaltu.com 8
• People also develop habits that make it easier for them to choose
between good and bad.
• A virtue is a habit that inclines people to do what is acceptable, and a
vice is a habit of unacceptable behavior.
• Fairness, generosity, and loyalty are examples of virtues, while vanity,
greed, envy, and anger are considered vices.
• People’s virtues and vices help define their personal value system—
the complex scheme of moral values by which they live.

bcanepaltu.com 9
• Life is complex, and on occasion, you will encounter a situation in
which the ethics of the group to which you belong are in conflict with
your morals, as highlighted in the following two examples:
• The ethics of the law profession demand that defense attorneys defend an
accused client to the best of their ability, even if they know that the client is
guilty of the most heinous and morally objectionable crime one could imagine.
• The ethical standards of the medical profession do not allow a doctor to
euthanize a patient, even at the patient’s request. However, the doctor may
personally believe that the patient has a right, based on the doctor’s own
morals

bcanepaltu.com 10
bcanepaltu.com
11
 The major differences between Morals and
Ethics are:
• 1. Morals deal with what is ‘right or wrong’. Ethics deals with what is ‘good or evil’.
• 2. The term morals is derived from a Greek word ‘mos’ which refers to custom and the customs are
determined by group of individuals or some authority. On the other hand, ethics is originated from
Greek word ‘ethikos’ which refers to character and character is an attribute.
• 3. Morals are dictated by society, culture or religion while Ethics are chosen by the person
himself which governs his life.
• 4. Morals are concerned with principles of right and wrong. On the contrary, ethics stresses on right
and wrong conduct.
• 5. As morals are framed and designed by the group, there is no option to think and choose; the
individual can either accept or reject. Conversely, the people are free to think and choose the
principles of his life in ethics.
• 6. Morals may vary from society to society and culture to culture. As opposed to Ethics, which
remains same regardless of any culture, religion or society.
• 7. Morals do not have any applicability to business, whereas Ethics is widely applicable in the
business known as business ethics.
• 8. Morals are expressed in the form of statements, but Ethics are not expressed in the form of
statements.
bcanepaltu.com 12
Examples:
• 1. If the son of a big politician has committed a crime and he uses
his powers to free his son from legal consequences. Then this act is
immoral because the politician is trying to save a culprit.
• 2. A very close friend or relative of an interviewer comes for an
interview and without asking a single question, he selects him. This act
is unethical because the selection process must be transparent and
unbiased.
• 3. A grocer sells contaminated products to his customers to earn more
profit. This act is neither moral nor ethical because he is cheating his
customers and profession at the same time.
bcanepaltu.com 13
The Importance of Integrity
• A person who acts with integrity acts in accordance with a personal
code of principles.
• One approach to acting with integrity is to extend to all people the
same respect and consideration that you expect to receive from them.
• Unfortunately, consistency can be difficult to achieve, particularly
when you are in a situation that conflicts with your moral standards.

bcanepaltu.com 14
• For example, you might believe it is important to do as your employer
requests while also believing that you should be fairly compensated
for your work.
• Thus, if your employer insists that, due to budget constraints, you do
not report the overtime hours that you have worked, a moral conflict
arises.
• You can do as your employer requests or you can insist on being fairly
compensated, but you cannot do both. In this situation, you may be
forced to compromise one of your principles and act with an apparent
lack of integrity.
bcanepaltu.com 15
• Another form of inconsistency emerges if you apply moral standards
differently according to the situation or people involved. If you are
consistent and act with integrity, you apply the same moral standards
in all situations. For example, you might consider it morally
acceptable to tell a little white lie to spare a friend some pain or
embarrassment, but would you lie to a work colleague or customer
about a business issue to avoid unpleasantness? Clearly, many ethical
dilemmas are not as simple as right versus wrong but involve choices
between right versus right. As an example, for some people it is
“right” to protect the Alaskan wildlife from being spoiled and also
“right” to find new sources of oil to maintain U.S. oil reserves, but
how do they balance these two concerns?
bcanepaltu.com 16
The Difference Between Morals, Ethics, and
Laws
• Law is a system of rules that tells us what we can and cannot do.
• Laws are enforced by a set of institutions (the police, courts, law-
making bodies).
• Violation of a law can result in censure (strong disapproval), fines,
and/or imprisonment.
• Laws in the United States are made by the various local, state, and
federal legislatures.
• Sometimes the laws of these various jurisdictions are in conflict,
creating confusion and uncertainty.

bcanepaltu.com 17
• In addition, laws are not static; new laws are constantly being
introduced and existing laws repealed or modified.
• As a result, the precise meaning of a particular law may be different in
the future from what it is today.
• Legal acts are acts that conform to the law.
• Moral acts conform to what an individual believes to be the right thing
to do.

bcanepaltu.com 18
• Laws can proclaim an act as legal, although many people may
consider the act immoral—for example, abortion.
• Laws may also proclaim an act as illegal, although many people may
consider the act moral—for example, using marijuana to relieve stress
and nausea for people undergoing chemotherapy treatment for cancer.
• Laws raise important and complex issues concerning equality, fairness
and justice, but do not provide a complete guide to ethical behavior.
Just because an activity is defined as legal doesn’t mean that it is
ethical.

bcanepaltu.com 19
bcanepaltu.com
20
• Ethical but illegal
• 1) When a child is hungry and he stole a loaf of bread from a shop to feed.
• 2) A person violates the traffic rule to rush to the hospital in case of medical emergency.
• 3) It can be illegal not to fulfill a contract, but it might be ethical for any number of logical
reasons.
• 4) It is illegal to lease a car or an apartment in your name for someone else who otherwise
would not qualify, but it is an ethical thing to do if it is going to help them succeed in life.
• Unethical but legal
• 1) Keeping money that someone dropped is legal, but again, many would find it unethical.
• 2) The death penalty is legal in many countries, but large number of individuals consider it
unethical.
• 3) Smoking cigarettes in public is legal in some places, but some may find it unethical.
• 4) Abortion is legal in some places, but many consider it as unethical.

bcanepaltu.com 21
Law vs Ethics

bcanepaltu.com
22
Summary
• Ethics is a code of behavior or professional principals that is defined by the
group to which an individual belongs.
• Morals are the personal principles upon which an individual bases his or
her decisions about what is right and what is wrong.
• A person who acts with integrity acts in accordance with a personal code of
principles.
• Law is a system of rules that tells us what we can and cannot do. Laws are
enforced by a set of institutions (the police, courts, and law-making
bodies).
• A code of ethics states the principles and core values that are essential to
one’s work.
• Just because an activity is defined as legal does not mean that it is ethical.
bcanepaltu.com 23
 ETHICS IN THE BUSINESS WORLD
• The system of ethical beliefs that guides the values, behaviors, and
decisions of a business organization and the individuals within that
organization is known as business ethics.
• Some ethical requirements for businesses are codified into law;
environmental regulations, the minimum wage, and restrictions
against insider trading.
• Ethics has risen to the top of the business agenda because the risks
associated with appropriate behavior have increased, both in their
likelihood and in their potential negative impact.

bcanepaltu.com 24
• For example:
• 1. The collapse and/or bailout of financial institutions such as Bank of
America, CitiGroup, Yes Bank of India due to unwise and/or unethical
decision making regarding mortgages, loans, and credit to unqualified
individuals and organizations.
• 2. Numerous corporate officers and senior managers sentenced to prison terms
for their unethical behavior. Stewart Parnell, former CEO of Peanut
Corporation of America, was sentenced to 28 years in prison for knowingly
shipping contaminated food product, resulting nine dead and more than 700
sick.

bcanepaltu.com 25
• Unethical behavior in the business world can lead to serious
negative consequences for both organizations and individuals.
• Ethics and moral principles are vital attributes for any business to earn
and sustain the trust of customers for longevity, sustain undisputed and
unquestioned business for ever, and enjoy long term success in terms
of revenue and reputation.
• Many companies having firm ethical and fair trade/business practices
are surviving and thriving for centuries, overcoming all upheavals
through ages.

bcanepaltu.com 26
• Presence of strong ethical business structure facilitates companies to
clearly establish and follow good corporate governance procedures
and to foresee and elude any bad business practices.
• Prior to venturing into any line of business or territory, a company
must develop a strong business ethical protocol to write off any ethical
dilemmas and to handle with any controversial and unprecedented
events.
• Trust, transparency, considerate and reverence are major traits of
the business ethics.

bcanepaltu.com 27
• Company have to design their work culture and functionality to
develop a trustworthy business and work environment. This is critical
to earn the trust of customers, employees, business partners, agents
and any third party suppliers.
• Fair, just and equal treatment to all people involved in the business
is critical to maintain transparency in:
• a) Business transaction with customers and external stakeholders;
and
• b) Appraisal system and grievance redress system of the
employees.
bcanepaltu.com 28
• Timely consideration and resolution of the customers concerns and real time
issues of the employees will be a critical connection in serving customer
satisfaction and boosting the morals of the employees.
• Respect towards customers and employees is one of the prime facets in
maintaining long term relationship with customers and retaining the
qualified and talented employees for long period of time.
• Every business should have a unique and dedicated business ethical
protocol and a training system in place to educate the people (internal and
external) associated with the business about the criticality of observing the
business ethical protocol to conduct the business in ethical and transparent
manner.
bcanepaltu.com 29
Features of Business ethics
• Business ethics of a company will reflect in its moral, ethical and
social values. Such moral, ethical and social values of a company shall
comprise of:
• i. Honest service to customers.
• ii. Following statutory approved protocols for customer protection and
safety.
• iii. Equal and fair treatment to all the people connected to the business.
• iv. No mental, physical and economic exploitation of any group or person
who are serving the business.
• v. Business ethics is a moral responsibility of a company to thrive the
business on certain set of moral and ethical values.

bcanepaltu.com 30
• vi. Integration of right set of moral and social values into business
structure will protect the business and economic interests of all business
stakeholders.
• vii. A standard business ethics protocol will clearly establish business
limitations in terms of legal, social, economic, cultural and other limits.
• viii. Educating the business stakeholders about the benefits of observing
business ethics protocol and preserving moral and ethical values will
define the course of the business in terms of reputation, revenue and
durability.
• ix. Despite of size and magnitude of business it is moral responsibility
of every company to establish business ethics protocol and to ensure all
stakeholders are observing the business ethics protocol without fail.

bcanepaltu.com 31
Some unethical practices devastating the business ethics
Economic and Financial Scandals
 i. Manipulation of financial and business data
 ii. Illegal usage of price sensitive information of business
 iii. Bribery to certain internal and external stakeholders
 iv. Unauthorized related party transactions
 v. Insider trading acts

Intellectual Property Rights (IPR)

 i. Unauthorized usage of IPR of another person/company by a company for its benefit or
any third party benefit
 ii. Usage of a product or service in violation or violation of third party IPR
 iii. Exploiting the IPR of a person with unfair terms and conditions in a contract

bcanepaltu.com
Some unethical practices devastating the business ethics - Contd…
Professional and Behavioral Matters
 i. Sexual harassment
 ii. Discrimination in job/work allocation to employees
 iii. Negligence in handling the safety and health of the professionals
 iv. Exploiting the talent of professionals with payment of unfair compensation
 v. Events impacting privacy of the professionals and business stakeholders
 vi. Unfair terms and conditions of the employment agreement
 vii. Efforts to dismantle the union of the professionals
Marketing Aspects
 i. Circulation of marketing content which is against public policy and moral values of the society
 ii. Misleading advertisements
 iii. Circulation of marketing content with prime focus on business and revenue generation by any means
rather than serving the requirements and interests of the clients
 iv. Usage of unethical methods in marketing to target specific category of consumers
 v. Deceptive marketing strategies.

bcanepaltu.com
Some unethical practices devastating the business ethics - Contd…
History has proven from time to time that companies which craved for short term success by
resorting to unethical and unfair trade practices have crumbled to ground from top position
following the unveiling of the fraud which was basis for such short term success.
To avoid the aforesaid fate, establishing and observing standard business ethics is moral
responsibility of every company and is also only way out for companies to sustain long term
success, to retain the customer base for longevity and to reign as market leaders in their line
of business.

bcanepaltu.com
Examples of lapses in business ethics by employees in IT organization

1. Volkswagen has admitted that 11 million of its vehicles were equipped with
software that was used to cheat on emissions test. The company is now
contending with the consequence.
2. Toshiba, the Japanese industrial giant whose diversified products and
services include IT and communication equipment and systems, disclosed that it
overstated its earnings over a seven-year period by more than $1.2 billion.
3. Amazon has the second highest employee turnover rate of companies in the
Fortune 500 and has been criticized by some for creating a high pressure work
environment in which bosses’ expectations were almost impossible to satisfy
and jobs were threatened if illness or other personal issues influenced on work.

bcanepaltu.com
 Contd…
Suppose, you are hired at a large software company and have been working
overtime for the last two months trying to complete the final testing of a new
software release for the company’s flagship product, which is used by thousands
of organizations worldwide.
Unfortunately, the software has many bugs and testing has taken weeks longer
than expected. This afternoon your boss asked you to sign off on the completion
of your portion of testing.
He explains that the project has gone over budget and is in danger of missing
the committed release date for customers.
When you object because you feel the software is still buggy, he says not to
worry, whatever bugs remain will be fixed in the next release of the software.
What do you do?
bcanepaltu.com
Summary: What trends have increased the likelihood of an unethical behavior?

Globalization has created a much more complex work environment, making it more difficult
to apply principles and codes of ethics consistently.
Organizations may be tempted to resort to unethical behavior to maintain profits in today’s
more challenging and uncertain economic climate.
It is not unusual for powerful, highly successful individuals to fail to act in morally
appropriate ways as such people are often aggressive in striving for what they want and are
used to having privileged access to information, people, and other resources. Furthermore,
their success often inflates their belief that they have the ability and the right to manipulate
the outcome of any situation.

bcanepaltu.com
CORPORATE SOCIAL RESPONSIBILITY
• Corporate social responsibility
(CSR) is the concept that an
organization should act ethically
by taking responsibility for the
impact of its actions on its
shareholders, consumers,
employees, community,
environment, and suppliers.

bcanepaltu.com
38
• An organization’s approach to CSR can encompass a wide variety of
tactics—from donating a portion of net profit to charity to
implementing more sustainable business operations or encouraging
employee education through tuition reimbursement.
• Setting CSR goals encourages an organization to achieve higher moral
and ethical standards.
• Supply chain sustainability is a component of CSR that focuses on
developing and maintaining a supply chain that meets the needs of the
present without compromising the ability of future generations to meet
their needs.
bcanepaltu.com 39
• Supply chain sustainability takes into account issues such as fair labor
practices, energy and resource conservation, human rights, and
community responsibility.
• Many IT equipment manufacturers have made supply chain
sustainability a priority, in part, because they must adhere to various
European Union directives and regulations—including the Restriction
of Hazardous Substances Directive, the Waste Electrical and
Electronic Equipment Directive, etc.

bcanepaltu.com 40
• In many cases, meeting supply chain sustainability goals can also lead
to lower costs.
• For example, in fiscal year 2015, Dell launched its closed-loop plastics
supply chain and by year end had recycled 2.2 million pounds of those
plastics back into new Dell products.
• In addition, its global takeback program has made Dell the world’s
largest technology recycler, collecting more than 1.4 billion pounds of
e-waste since 2007.

bcanepaltu.com 41
• Each organization must decide if CSR is a priority and, if so, what its
specific CSR goals are.
• The pursuit of some CSR goals can lead to increased profits, making it
easy for senior company management and stakeholders to support the
organization’s goals in this arena.
• However, if striving to meet a specific CSR goal leads to a decrease in
profits, senior management may be challenged to modify or drop that
CSR goal entirely.

bcanepaltu.com 42
• For example, most U.S. auto manufacturers have introduced models
that run on clean, renewable electric power as part of a corporate
responsibility goal of helping to end U.S. dependence on oil. However,
Americans have been slow to embrace electric cars, and many
manufacturers have had to offer low-interest financing, cash discounts,
sales bonuses, and subsidized leases to get the autos off the sales floor.
Manufacturers and dealers are struggling to increase profits on the sale
of these electric cars, and senior management at the automakers must
consider how long they can continue with their current strategies

bcanepaltu.com 43
• Many organizations define a wide range of corporate responsibility
areas that are important to them, their customers, and their community.
• In order for a CSR program to be effective, a senior executive should
be placed in charge of corporate responsibility results for each area,
with strategic initiatives defined, staffed, and well-funded.
• Key indicators of progress in these areas should be defined and the
results tracked and reported to measure progress.

bcanepaltu.com 44
Business Benefits of CSR
• In a way, CSR can be seen as a public relations effort. However, it goes beyond
that, as CSR can also boost a firm’s competitiveness. The business benefits of CSR
include the following:
• i. Stronger brand image, recognition, and reputation: CSR adds value to firms by
establishing and maintaining a good corporate reputation and/or brand equity.
• ii. Increased customer loyalty and sales: Customers of a firm that practices CSR feel that they
are helping the firm support good causes.
• iii. Operational cost savings: Investing in operational efficiencies results in operational cost
savings as well as reduced environmental impact.
• iv. Retaining key and talented employees: Employees often stay longer and are more
committed to their firm knowing that they are working for a business that practices CSR.
• v. Easier access to funding: Many investors are more willing to support a business that
practices CSR.
• vi. Reduced regulatory burden: Strong relationships with regulatory bodies can help to
reduce a firm’s regulatory burden.

bcanepaltu.com 45
WHY FOSTERING CORPORATE SOCIAL RESPONSIBILITY AND
GOOD BUSINESS ETHICS IS IMPORTANT?

• Organizations have at least five good reasons to pursue CSR goals and
to promote a work environment in which employees are encouraged to
act ethically when making business decisions:

• Gaining the goodwill of the community

• Creating an organization that operates consistently
• Fostering good business practices
• Protecting the organization and its employees from legal action
• Avoiding unfavorable publicity

bcanepaltu.com
46
Gaining the Goodwill of the Community
• Although organizations exist primarily to earn profits or provide
services to customers, they also have some fundamental
responsibilities to society.
• As discussed in the previous section, companies often declare these
responsibilities in specific CSR goals.
• All successful organizations, including technology firms, recognize
that they must attract and maintain loyal customers.
• Philanthropy is one way in which an organization can demonstrate its
values in action and make a positive connection with its stakeholders.

bcanepaltu.com 47
• As a result, many organizations initiate or support socially responsible
activities, which may include making contributions to charitable
organizations and nonprofit institutions, providing benefits for
employees in excess of any legal requirements, and devoting
organizational resources to initiatives that are more socially desirable
than profitable.

bcanepaltu.com 48
• Here are a few examples of some of the CSR activities supported by
major IT organizations:
• Dell Inc. has several initiatives aimed at reducing the amount of natural
resources it takes to create and ship its products, cutting the amount of energy
it takes its customers to use its products, and curbing the effects its products
have on people and the planet.
• Google agreed to invest more than $1.5 billion in renewable energy projects,
such as large-scale wind farms and rooftop solar panels.
• Oracle delivered nearly $5 billion in resources (with a focus on computer
science education) to help 2.2 million students in 100 countries become
college-and-career ready.

bcanepaltu.com 49
• The goodwill that CSR activities generate can make it easier for
corporations to conduct their business.
• For example, a company known for treating its employees well will
find it easier to compete for the top job candidates.
• On the other hand, businesses that are not socially responsible run the
risk of alienating their customer base.

bcanepaltu.com 50
Creating an Organization That Operates
Consistently
• Organizations develop and abide (accept or act in accordance with) by
values to create an organizational culture and to define a consistent
approach for dealing with the needs of their stakeholders—
shareholders, employees, customers, suppliers, and the community.
• Such a consistency ensures that employees know what is expected of
them and can employ the organization’s values to help them in their
decision making.

bcanepaltu.com 51
• Consistency also means that shareholders, customers, suppliers, and
the community know what they can expect of the organization—that it
will behave in the future much as it has in the past.
• It is especially important for multinational or global organizations to
present a consistent face to their shareholders, customers, and
suppliers, no matter where those stakeholders live or operate their
business.

bcanepaltu.com 52
• Although each company’s value system is different, many share the
following values:

• Operate with honesty and integrity, staying true to organizational principles

• Operate according to standards of ethical conduct, in words and action
• Treat colleagues, customers, and consumers with respect
• Strive (try hard to achieve) to be the best at what matters most to the
organization
• Value diversity
• Make decisions based on facts and principles

bcanepaltu.com 53
Fostering Good Business Practices
• In many cases, good ethics can mean good business and improved
profits.
• Companies that produce safe and effective products avoid costly
recalls and lawsuits.
• Companies that provide excellent service retain their customers
instead of losing them to competitors.

bcanepaltu.com 54
• Companies that develop and maintain strong employee relations enjoy
lower turnover rates and better employee morale.
• Suppliers and other business partners often place a priority on working
with companies that operate in a fair and ethical manner.
• All these factors tend to increase revenue and profits while decreasing
expenses.
• As a result, ethical companies tend to be more profitable over the long
term than unethical companies.

bcanepaltu.com 55
• On the other hand, bad ethics can lead to bad business results.
• Bad ethics can have a negative impact on employees, many of whom
may develop negative attitudes if they perceive a difference between
their own values and those stated or implied by an organization’s
actions.
• In such an environment, employees may suppress their tendency to act
in a manner that seems ethical to them and instead act in a manner that
will protect them against anticipated punishment.

bcanepaltu.com 56
• When such a discrepancy (difference) between employee and
organizational ethics occurs, it destroys employee commitment to
organizational goals and objectives, creates low morale, fosters poor
performance, erodes employee involvement in organizational
improvement initiatives, and builds indifference to the organization’s
needs.

bcanepaltu.com 57
Protecting the Organization and Its
Employees from Legal Action
• In a 1909 ruling, the U.S. Supreme Court established that an employer
can be held responsible for the acts of its employees even if the
employees act in a manner contrary to corporate policy and their
employer’s directions.
• The principle established is called respondeat superior, or “let the
master answer.”
• When it was uncovered that employees of Wells Fargo Bank opened
over 2 million bogus credit card accounts not authorized by its
customers, the bank was fined over $185 million and ordered to pay
customers full restitution for any fees or charges they may have
incurred.

bcanepaltu.com 58
• The practice began at least as early as 2011 and was an attempt by
thousands of bank employees to achieve their sales targets for cross-
selling and be rewarded with higher sales bonuses.
• Cross-selling is the practice of selling multiple products to the existing
customers—savings account, checking account, auto loan, mortgage,
credit card, etc.
• Cross-selling to existing customers is cheaper than locating and selling
to brand new customers. It also tends to lock existing customers into
your bank.

bcanepaltu.com 59
• A coalition of several legal organizations, including the Association of
Corporate Counsel, the U.S. Chamber of Commerce, the National
Association of Manufacturers, the National Association of Criminal
Defense Lawyers, and the New York State Association of Criminal
Defense Lawyers, argues that organizations should “be able to escape
criminal liability if they have acted as responsible corporate citizens,
making strong efforts to prevent and detect misconduct in the
workplace.
• One way to do this is to establish effective ethics and compliance
programs. However, some people argue that officers of companies
should not be given light sentences if their ethics programs fail to deter
criminal activity within their firms.
bcanepaltu.com 60
Avoiding Unfavorable Publicity
• The public reputation of a company strongly influences the value of its
stock, how consumers regard its products and services, the degree of
oversight it receives from government agencies, and the amount of
support and cooperation it receives from its business partners.
• Thus, many organizations are motivated to build a strong ethics
program to avoid negative publicity.
• If an organization is perceived as operating ethically, customers,
business partners, shareholders, consumer advocates, financial
institutions, and regulatory bodies will usually regard it more
favorably.
bcanepaltu.com 61
• Prominent ad buyers and marketers are angry with Facebook after
finding out that the world’s largest online social network service
greatly exaggerated the average viewing time of video ads on its
platform.
• This is a key metric used by advertisers in deciding how much to
spend on Facebook video versus other video services such as
YouTube, Twitter, and TV networks.

bcanepaltu.com 62
• It turns out that Facebook was not including views of three seconds or
less in calculating its average view time, resulting in overestimating
viewing time by 60 to 80 percent.
• Some advertising industry analysts believe that the new viewing time
results and bad publicity associated with the incident will be impactful
in the future placement of tens of billions of advertising dollars.

bcanepaltu.com 63
HOW ORGANIZATIONS CAN IMPROVE
THEIR ETHICS?
• Research by the Ethics Resource Center (ERC) found that 86 percent of the
employees in companies with a well-implemented ethics and compliance
program are likely to perceive a strong ethical culture within the company.
• A well-implemented ethics and compliance program and a strong ethical
culture can, in turn, lead to less pressure on employees to misbehave and a
decrease in observed misconduct.
• It also creates an environment in which employees are more comfortable
reporting instances of misconduct, partly because there is less fear of
potential retaliation by management against reporters (for example, reduced
hours, transfer to less desirable jobs, and delays in promotions).

bcanepaltu.com 64
bcanepaltu.com
65
• The Ethics Resource Center has defined the following characteristics
of a successful ethics program:

• Employees are willing to seek advice about ethics-related issues.

• Employees feel prepared to handle situations that could lead to misconduct.
• Employees are rewarded for ethical behavior.
• The organization does not reward success obtained through questionable
means.
• Employees feel positively about their company.

bcanepaltu.com 66
• The risk of unethical behavior is increasing, so improving business
ethics is becoming more important for all companies.
• The following sections explain some of the actions corporations can
take to improve business ethics.
• Appoint a Corporate Ethics Officer
• Require the Board of Directors to Set and Model High Ethical Standards
• Establish a Corporate Code of Ethics
• Conduct Social Audits
• Require Employees to Take Ethics Training
• Include Ethical Criteria in Employee Appraisals
• Create an Ethical Work Environment

bcanepaltu.com 67
Assignment
• Explain the following points

• Appoint a Corporate Ethics Officer

• Require the Board of Directors to Set and Model High Ethical Standards
• Establish a Corporate Code of Ethics
• Conduct Social Audits
• Require Employees to Take Ethics Training
• Include Ethical Criteria in Employee Appraisals
• Create an Ethical Work Environment

bcanepaltu.com 68
Examples of ethical behavior in the
workplace
• Obey The Company’s Rules & Regulation
• Communicate Effectively
• Develop Professional Relationships
• Take Responsibility
• Be Accountable
• Uphold Trust
• Show Initiative without being told
• Respect Your Colleagues
• Work Smarter
bcanepaltu.com
69
Unethical Workplace Behaviors
• Lies
• Taking Credit for Others Hard Work
• Verbal Harassment/Abuse
• Violence
• Non-Office Related Work
• Extended Breaks
• Theft
• Sexual Harassment
• Corrupt Practices
bcanepaltu.com
70
INCLUDING ETHICAL CONSIDERATIONS IN
DECISION MAKING
• We are all faced with difficult decisions in our work and in our personal life.
• Most of us have developed a decision-making process that we execute
automatically, without thinking about the steps we go through.
• The following sections discuss this decision-making process further and
point out where and how ethical considerations need to be brought into the
process.
• Develop Problem Statement
• Identify Alternatives
• Choose Alternative
• Implement the Decision
• Evaluate the Results
bcanepaltu.com 71
bcanepaltu.com
72
Develop Problem Statement
• A problem statement is a clear, concise description of the issue that
needs to be addressed.
• A good problem statement answers the following questions:
• What do people observe that causes them to think there is a problem?
• Who is directly affected by the problem?
• Is anyone else affected?
• How often does the problem occur?
• What is the impact of the problem?
• How serious is the problem?

bcanepaltu.com 73
• Development of a problem statement is the most critical step in the
decision-making process.
• Without a clear statement of the problem or the decision to be made, it
is useless to proceed.
• If the problem is stated incorrectly, the chances of solving the real
problem are greatly diminished.

bcanepaltu.com 74
• The following list includes one example of a good problem statement
as well as two examples of poor problem statements:
• Good problem statement: Our product supply organization is
continually running out of stock of finished products, creating an out-
of-stock situation on over 15 percent of our customer orders, resulting
in over $300,000 in lost sales per month.
• Poor problem statement: We need to implement a new inventory
control system. (This is a possible solution, not a problem statement.
Pursuing this course of action will surely be expensive and time
consuming and, may or may not, solve the underlying problem.)
bcanepaltu.com 75
• Poor problem statement: We need to install cameras and monitoring
equipment to put an end to theft of finished product in the warehouse.
(Again, this is a possible solution, not a problem statement. And are
there sufficient facts to support the hypothesis of theft in the
warehouse?)
• You must gather and analyze facts to develop a good problem
statement.
• Seek information and opinions from a variety of people to broaden
your frame of reference.

bcanepaltu.com 76
• During this process, you must be extremely careful not to make
assumptions about the situation and carefully check key facts for
validity.
• Simple situations can sometimes turn into complex controversies
because no one takes the time to gather and analyze the real facts.

bcanepaltu.com 77
Identify Alternatives
• During this stage of decision making, it is ideal to enlist the help of
others, including stakeholders, to identify several alternative solutions
to the problem.
• Brainstorming with others will increase your chances of identifying a
broad range of alternatives and determining the best solution.
• On the other hand, there may be times when it is inappropriate to
involve others in solving a problem that you are not at liberty to
discuss.
• In providing participants information about the problem to be solved,
offer just the facts, without your opinion, so you don’t influence others
to accept your solution.
bcanepaltu.com 78
• During any brainstorming process, try not to be critical of ideas, as any
negative criticism will tend to shut down the discussion, and the flow
of ideas will dry up.
• Simply write down the ideas as they are suggested and ask questions
only to gain a clearer understanding of the proposed solution.

bcanepaltu.com 79
Choose Alternative
• Once a set of alternatives has been identified, the group must evaluate
them based on numerous criteria, such as effectiveness of addressing
the issue, the extent of risk associated with each alternative, cost, and
time to implement.
• An alternative that sounds attractive but that is not feasible will not
help solve the problem.
• As part of the evaluation process, weigh various laws, guidelines, and
principles that may apply.

bcanepaltu.com 80
• You certainly do not want to violate a law that can lead to a fine or
imprisonment for yourself or others.
• Do any corporate policies or guidelines apply?
• Does the organizational code of ethics offer guidance?
• Do any of your own morals apply?
• Consider the likely consequences of each alternative from several
perspectives:
• What is the impact on you, your organization, other stakeholders (including
your suppliers and customers), and the environment?
• Does this alternative do less harm than other alternatives?

bcanepaltu.com 81
• The alternative selected should be
• ethically and legally defensible to a collection of your coworkers, peers, and
your profession’s governing body of ethics;
• be consistent with the organization’s policies and code of ethics;
• take into account the impact on others;
• and, of course, provide a good solution to the problem.

bcanepaltu.com 82
Implement the Decision
• Once an alternative is selected, it should be implemented in an
efficient, effective, and timely manner.
• This is often much easier said than done, because people tend to resist
change.
• In fact, the bigger the change, the greater is the resistance to it.
Communication is the key to helping people accept a change.

bcanepaltu.com 83
• It is imperative (crucial) that someone whom the stakeholders trust and
respect answer the following questions:
• Why are we doing this?
• What is wrong with the current way we do things?
• What are the benefits of the new way for you?
• A transition plan must be defined to explain to people how they will move
from the old way of doing things to the new way.
• It is essential that the transition be seen as relatively easy and pain free.
• It may be necessary to train the people affected, provide incentives for
making the change in a successful fashion, and modify the reward system to
encourage new behaviors consistent with the change.

bcanepaltu.com 84
Evaluate the Results
• After the solution to the problem has been implemented, monitor the
results to see if the desired effect was achieved and observe its impact
on the organization and the various stakeholders.
• Were the success criteria fully met?
• Were there any unintended consequences?
• This evaluation may indicate that further refinements are needed.
• If so, return to the problem development step, refine the problem
statement as necessary, and work through the process again.
• On the other hand, the proper alternative may have been selected, but
it was implemented in a poor fashion so the desired results were not
achieved. This may require redoing some of the implementation steps.
bcanepaltu.com 85
ETHICS IN INFORMATION
TECHNOLOGY
• The growth of the Internet and social networks;
• the ability to capture, store, and analyze vast amounts of personal data;
• and a greater reliance on information systems in all aspects of life have
increased the risk that information technology will be used unethically.
• In the midst of the many IT breakthroughs in recent years, the
importance of ethics and human values has been underemphasized—
with a range of consequences.

bcanepaltu.com 86
• Here are some examples that raise public concern about the ethical use of
information technology:
• Governments around the world have implemented various systems that enable the
surveillance of their citizens and are struggling to achieve the proper balance between
privacy and security.
• Many employees have their email and Internet access monitored while at work, as
employers struggle to balance their need to manage important company assets and
work time with employees’ desire for privacy and self-direction.
• Millions of people have downloaded music and movies at no charge and in apparent
violation of copyright laws at tremendous expense to the owners of those copyrights.
• Organizations contact millions of people worldwide through unsolicited email and
text messages in an extremely low cost, but intrusive marketing approach.

bcanepaltu.com 87
• Hackers break into databases of financial and retail institutions to steal
customer information and then use it to commit identity theft—opening new
accounts and charging purchases to unsuspecting victims.
• Students around the world have been caught downloading material from the
web and plagiarizing content for their term papers.
• Websites plant cookies or spyware on visitors’ hard drives to track their online
purchases and activities.

bcanepaltu.com 88
Ethics in IT has two aspects
• First, the general public needs to develop a better understanding of the
critical importance of ethics as it applies to IT; currently, too much
emphasis is placed on technical issues.
• IT has a profound effect on society, and IT professionals and end users need
to recognize this fact when they implement technology and formulate
policies that will have legal ramifications (a complex or unwelcome
consequence of an action or event) and affect the wellbeing of millions of
consumers.
• The second tenet that important business-technology decisions with strong
ethical implications are too often left to the technical experts to decide (for
example, what data to gather about customers, where to store it, how to use
it, and what level of security to employ to protect it).

bcanepaltu.com 89
• General business managers must assume greater responsibility for
such decisions, but to do so they must be able to make broad-minded,
objective decisions based on technical savvy (the ability to make good
judgements), business know-how, and high ethical standards.
• They must also try to create a working environment in which ethical
dilemmas can be discussed openly, objectively, and constructively.

bcanepaltu.com 90
• Thus, the goals of this text are
• to educate people about the tremendous impact of ethical issues in the
successful and secure use of information technology;
• to motivate people to recognize these issues when making business decisions;
and to provide tools, approaches, and useful insights for making ethical
decisions.

bcanepaltu.com 91
CRITICAL THINKING EXERCISE: CIO
SURPRISES CFO (General Discussion)
• You are the Chief Financial Officer (CFO) of a midsized manufacturing
firm with annual revenue exceeding $100 million. You have heard nothing
but positive comments about the new Chief Information Officer (CIO) you
hired three months ago. As you listen to her outline what needs to be done
to improve the firm’s computer security, you are impressed with her energy,
enthusiasm, and presentation skills. However, your jaw drops when she
states that the total cost of the proposed computer security improvements
will be $250,000. This seems like a lot of money for security, given that your
firm has had no major incident. Several other items in the budget will either
have to be dropped or trimmed back to accommodate such an expenditure.
In addition, the $250,000 is above your spending authorization and will
require approval by the CEO. This will require you to defend the
expenditure, and you are not sure how to do this. As you look around the
conference room, you can see that other members of your staff are just as
surprised as you. What serious mistake has the CIO made and how could
this have been avoided?
bcanepaltu.com 92
IT WORKER RELATIONSHIPS THAT
MUST BE MANAGED
• IT workers typically become involved in many different work relationships,
including those with employers, clients, suppliers, other professionals, IT
users, and society at large.
• In each relationship, an ethical IT worker acts honestly and appropriately.
• These various relationships are discussed in the following sections.
• Relationships Between IT Workers and Employers
• Relationships Between IT Workers and Clients
• Relationships Between IT Workers and Suppliers
• Relationships Between IT Workers and Other Professionals
• Relationships Between IT Workers and IT Users
• Relationships Between IT Workers and Society
bcanepaltu.com
93
Relationships Between IT Workers and
Employers
• IT workers and employers have a critical, multifaceted relationship
that requires ongoing effort by both parties to keep it strong.
• An IT worker and an employer typically agree on the fundamental
aspects of this relationship before the worker accepts an employment
offer.
• These issues may include job title, general performance expectations,
specific work responsibilities, drug-testing requirements, dress code,
location of employment, salary, work hours, and company benefits.
• Many other aspects of this relationship may be addressed in a
company’s policy and procedures manual or in the company’s code of
conduct, if one exists.
bcanepaltu.com 94
• Topics addressed in such a manual or code of conduct might include
• protection of company secrets;
• vacation policy;
• time off allowed for a funeral or an illness in the family;
• tuition reimbursement;
• and use of company resources, including computers and networks.

bcanepaltu.com95
• Other aspects of this relationship develop over time, depending on
circumstances (for example, whether the employee can leave early one
day if the time is made up another day).
• Some aspects are addressed by law—for example, an employee cannot
be required to do anything illegal, such as falsify the results of a
quality assurance test.
• Some issues are specific to the role of the IT worker and are
established based on the nature of the work or project—for example,
the programming language to be used, the type and amount of
documentation to be produced, and the extent of testing to be
conducted.

bcanepaltu.com 96
• As the stewards (a person who manages another's property) of an
organization’s IT resources, IT workers must set an example and enforce
policies regarding the ethical use of IT.
• IT workers often have the skills and knowledge to abuse systems and data
or to enable others to do so.
• Software piracy is an area in which IT workers may be tempted to violate
laws and policies.
• Although end users often get the blame when it comes to using illegal
copies of commercial software, software piracy in a corporate setting is
sometimes directly traceable to IT staff members—either they allow it to
happen or they actively engage in it, often to reduce IT-related spending.

bcanepaltu.com 97
• The Software & Information Industry Association (SIIA) and the BSA
I The Software Alliance (BSA) are trade groups that represent the
world’s largest software and hardware manufacturers.
• Part of their mission is to stop the unauthorized copying of software
produced by its members.
• North America has the lowest regional rate of software piracy at 17
percent, which represents a commercial value of $10 billion in lost
revenue for software development companies.
• The global software theft rate for personal computer software is
around 43 percent, which equates to a commercial value of $62.7
billion.
bcanepaltu.com 98
• SIIA promotes the common interests of the software and digital content
industry.
• It protects the intellectual property of member companies and advocates a
legal and regulatory environment that benefits the entire industry.
• SIIA informs the industry and the broader public by serving as a resource on
trends, technologies, policies, and related issues that affect member firms
and demonstrate the contribution of the industry to the broader economy.
• It also provides global services in government relations, business
development, corporate education, and intellectual property protection.
Over 200 organizations are members of SIIA, including 21st Century Fox,
Accenture, Adobe Systems, Bank of America Merrill Lynch, Blackboard,
Cengage Learning, Fidelity Investments, Google, Scottrade, Thomson
Reuters, and Wells Fargo Bank.

bcanepaltu.com 99
• BSA is funded both through dues based on member companies’
software revenue and through settlements from companies that commit
piracy.
• BSA membership includes about two dozen global members such as
Adobe, Apple, Dell, IBM, Intuit, Microsoft, Oracle, and SAS Institute.
• Many of the cases are reported by disgruntled employees or former
employees who can receive a monetary reward of thousands of dollars.
• In 2012 alone, BSA investigated over 15,000 reports of unlicensed
software use around the globe.

bcanepaltu.com 100
• Trade secrecy is another area that can present challenges for IT
workers and their employers.
• A trade secret is information, generally unknown to the public, that a
company has taken strong measures to keep confidential.
• It represents something of economic value that has required effort or
cost to develop and that has some degree of uniqueness or novelty.
• Trade secrets can include the design of new software code, hardware
designs, business plans, the design of a user interface to a computer
program, and manufacturing processes.

bcanepaltu.com 101
• Examples include the Colonel’s secret recipe of 11 herbs and spices
used to make the original KFC chicken, the formula for Coke, and
Intel’s manufacturing process for the Core i7-6950K 10-core
processing chip.
• Employers worry that employees may reveal these secrets to
competitors, especially if they leave the company. As a result,
companies often require employees to sign confidentiality agreements
and promise not to reveal the company’s trade secrets.

bcanepaltu.com 102
• Another issue that can create friction between employers and IT
workers is whistleblowing.
• Whistle-blowing is an effort by an employee to attract attention to a
negligent, illegal, unethical, abusive, or dangerous act by a company
that threatens the public interest.
• Whistle-blowers often have special information based on their
expertise or position within the offending organization.
• For example, an employee of a computer chip manufacturing company
may know that the chemical process used to make the chips is
dangerous to employees and the general public.
bcanepaltu.com 103
• A conscientious employee would call the problem to management’s
attention and try to correct it by working with appropriate resources
within the company.
• But what if the employee’s attempt to correct the problem through
internal channels was thwarted or ignored?
• The employee might then consider becoming a whistle-blower and
reporting the problem to people outside the company, including state
or federal agencies that have jurisdiction.
• Obviously, such actions could have negative consequences on the
employee’s job, perhaps resulting in retaliation and firing.
bcanepaltu.com 104
• Amazon, IBM, Microsoft, Oracle, and SAP, along with many other
companies, are competing in the rapidly growing cloud services arena.
• Competition is fierce, and the companies all have an incentive to make
their cloud services appear financially successful.
• However, a whistle-blower lawsuit recently filed against Oracle
highlighted potential issues related to the way such companies account
for income from subscription-based software services that run in the
cloud.
• The whistle-blower, a former Oracle employee, accused management
of pressuring her to add millions of dollars in accruals to financial
reports for expected cloud-based software and services revenue.
bcanepaltu.com 105
• Accounting experts acknowledge that classifying software sales as
cloud or traditional is complex and requires determinations that might
subsequently be challenged by auditors.
• Nonetheless, Oracle shares dropped 4 percent the day following
announcement of the lawsuit.
• Although Oracle alleges the whistle-blower was fired for poor
performance, the employee maintains that she was let go just two
months after she received a positive job performance review and just
one month after the alleged incident began.
• Oracle strongly denies any allegations of wrongdoing and has vowed
to countersue the whistle-blower for malicious prosecution.
bcanepaltu.com 106
Relationships Between IT Workers and
Clients
• IT workers provide services to clients; sometimes those “clients” are
coworkers who are part of the same company as the IT worker.
• In other cases, the client is part of a different company.
• In relationships between IT workers and clients, each party agrees to
provide something of value to the other.
• Generally speaking, the IT worker provides hardware, software, or
services at a certain cost and within a given time frame.

bcanepaltu.com 107
• For example, an IT worker might agree to implement a new accounts
payable software package that meets a client’s requirements.
• The client provides compensation, access to key contacts, and perhaps
a work space.
• This relationship is usually documented in contractual terms—who
does what, when the work begins, how long it will take, how much the
client pays, and so on.
• Although there is often a vast disparity in technical expertise between
IT workers and their clients, the two parties must work together to be
successful.
bcanepaltu.com 108
• Typically, the client makes decisions about a project on the basis of
information, alternatives, and recommendations provided by the IT
worker.
• The client trusts the IT worker to use his or her expertise and to act in
the client’s best interests.
• The IT worker must trust that the client will provide relevant
information, listen to and understand what the IT worker says, ask
questions to understand the impact of key decisions, and use the
information to make wise choices among various alternatives.
• Thus, the responsibility for decision making is shared between the
client and the IT worker
bcanepaltu.com 109
• One potential ethical problem that can interfere with the relationship
between IT workers and their clients involves IT consultants or
auditors who recommend their own products and services or those of
an affiliated vendor to remedy a problem they have detected.
• Such a situation has the potential to undermine (erode) the objectivity
of an IT worker due to a conflict of interest—a conflict between the
IT worker’s (or the IT firm’s) self-interest and the client’s interests.

bcanepaltu.com 110
• For example, an IT consulting firm might be hired to assess a firm’s IT
strategic plan.
• After a few weeks of analysis, the consulting firm might provide a
poor rating for the existing strategy and insist that its proprietary
products and services are required to develop a new strategic plan.
• Such findings would raise questions about the vendor’s objectivity and
the trustworthiness of its recommendations

bcanepaltu.com 111
• Problems can also arise during a project if IT workers find themselves
unable to provide full and accurate reporting of the project’s status due to a
lack of information, tools, or experience needed to perform an accurate
assessment.
• The project manager may want to keep resources flowing into the project
and hope that problems can be corrected before anyone notices.
• The project manager may also be reluctant (unwilling) to share status
information because of contractual penalties for failure to meet the schedule
or to develop certain system functions.
• In such a situation, the client may not be informed about a problem until it
has become a crisis.
• After the truth comes out, finger-pointing and heated discussions about cost
overruns, missed schedules, and technical incompetence can lead to charges
of fraud, misrepresentation, and breach of contract described next.
bcanepaltu.com 112
• Fraud is the crime of obtaining goods, services, or property through
deception or trickery.
• Fraudulent misrepresentation occurs when a person consciously decides to
induce another person to rely and act on a misrepresentation.
• To prove fraud in a court of law, prosecutors must demonstrate the
following elements:
• The wrongdoer (a person who does something bad or illegal ) made a false
representation of material fact.
• The wrongdoer intended to deceive the innocent party.
• The innocent party justifiably relied on the misrepresentation.
• The innocent party was injured.

bcanepaltu.com 113
• Misrepresentation is the misstatement or incomplete statement of a
material fact.
• If the misrepresentation causes the other party to enter into a contract,
that party may have the legal right to cancel the contract or seek
reimbursement for damages.
• For example: Affinity Gaming, a Las Vegas-based casino with 11
properties located across four states, suffered a data breach in 2013
that enabled hackers to gain access to customers’ credit card data.
• Affinity hired Trustwave, an information security company that
provides on-demand threat, vulnerability, and compliance-
management services to investigate and contain the breach.
bcanepaltu.com 114
• Following its investigation, Trustwave claimed that it had identified
how the data breach had occurred and had contained the malware
responsible for it.
• However, a year later, Affinity was hit with a second customer data
breach.
• This time, Affinity hired Mandiant, a Trustwave competitor, to conduct
an investigation.
• Mandiant concluded that Trustwave’s original work was incomplete
and had failed to identify the means by which the attacker had
breached Affinity’s data security.
bcanepaltu.com 115
• Affinity sued Trustwave for conducting an allegedly “woefully
inadequate” investigation that missed key details of the network
breach and enabled subsequent attacks.
• Affinity alleged that Trustwave made misrepresentations when it
claimed that its examination would analyze and help remedy the data
breach, when it represented that the data breach was “contained, ” and
when it claimed that its recommendations would address the data
breach.

bcanepaltu.com 116
• Breach of contract occurs when one party fails to meet the terms of a
contract.
• Further, a material breach of contract occurs when a party fails to perform
certain express or implied obligations, which impairs or destroys the
essence of the contract.
• Because there is no clear line between a minor breach and a material breach,
determination is made on a case-by-case basis.
• “When there has been a material breach of contract, the non-breaching party
can either:
• (1) rescind (revoke or cancel) the contract, seek restitution of any compensation paid
under the contract to the breaching party, and be discharged from any further
performance under the contract; or
• (2) treat the contract as being in effect and sue the breaching party to recover
damages.”

bcanepaltu.com 117
Example
• In 2016, Hewlett-Packard Enterprise (HPE) was awarded $3 billion in
damages from Oracle after a court determined that Oracle had
breached its contract with HPE by dropping support for all Oracle
database software being run on HP systems using Intel’s Itanium
processor chip. HPE argued that Oracle’s actions dramatically reduced
the sale of HPE’s Itanium-based products. HPE also alleged that
Oracle’s actions were intended to boost sales of Oracle’s own Sun
hardware. The jury ultimately agreed with HPE and awarded it the full
amount it was seeking, compensating the company for both lost sales
and damages, as well as requiring Oracle to continue supporting
Itaniumbased systems.
bcanepaltu.com 118
• When IT projects go wrong because of cost overruns, schedule
slippage, lack of system functionality, and so on, aggrieved parties
might charge fraud, fraudulent misrepresentation, and/or breach of
contract.
• Trials can take years to settle, generate substantial legal fees, and
create bad publicity for both parties.
• As a result, the vast majority of such disputes are settled out of court,
and the proceedings and outcomes are concealed from the public.
• In addition, IT vendors have become more careful about protecting
themselves from major legal losses by requiring that contracts place a
limit on potential damages.
bcanepaltu.com 119
• Most IT projects are joint efforts in which vendors and customers
work together to develop a system.
• Assigning fault when such projects go wrong can be difficult; one side
might be partially at fault, while the other side is mostly at fault.
• Clients and vendors often disagree about who is to blame in such
circumstances.

bcanepaltu.com 120
• Frequent causes of problems in IT projects include the following :
• Scope creep—Changes to the scope of the project or the system requirements
can result in cost overruns, missed deadlines, and a project that fails to meet
end-user expectations.
• Poor communication—Miscommunication or a lack of communication
between customer and vendor can lead to a system whose performance does
not meet expectations.
• Delivery of an obsolete solution—The vendor delivers a system that meets
customer requirements, but a competitor comes out with a system that offers
more advanced and useful features.
• Legacy systems—If a customer fails to reveal information about legacy
systems or databases that must connect with the new hardware or software at
bcanepaltu.com
the start of a project, implementation can become extremely difficult.
121
bcanepaltu.com
122
Relationships Between IT Workers and
Suppliers
• IT workers deal with many different hardware, software, and service
providers.
• Most IT workers understand that building a good working relationship
with suppliers encourages the flow of useful communication as well as
the sharing of ideas.
• Such information can lead to innovative and cost-effective ways of
using the supplier’s products and services that the IT worker may
never have considered.
• IT workers can develop good relationships with suppliers by dealing
fairly with them and not making unreasonable demands.
bcanepaltu.com 123
• Threatening to replace a supplier who can’t deliver needed equipment
tomorrow, when the normal industry lead time is one week, is
aggressive behavior that does not help build a good working
relationship.
• Suppliers strive to maintain positive relationships with their customers
in order to make and increase sales.
• To achieve this goal, they may sometimes engage in unethical
actions—for example, offering an IT worker a gift that is actually
intended as a bribe.
• Clearly, IT workers should not accept a bribe from a vendor, and they
must be careful when considering what constitutes a bribe.
bcanepaltu.com 124
• For example, accepting invitations to expensive dinners or payment of
entry fees for a golf tournament may seem innocent to the recipient,
but it may be perceived as bribery by an auditor.
• Bribery is the act of providing money, property, or favors to someone
in business or government in order to obtain a business advantage.
• An obvious example is a software supplier sales representative who
offers money to another company’s employee to get its business
• This type of bribe is often referred to as a kickback or a payoff. The
person who offers a bribe commits a crime when the offer is made,
and the recipient is guilty of a crime if he or she accepts the bribe.
bcanepaltu.com 125
• Various states have enacted bribery laws, which have sometimes been
used to invalidate contracts involving bribes but have seldom been
used to make criminal convictions.
• Internal control is the process established by an organization’s board
of directors, managers, and IT systems people to provide reasonable
assurance for the effectiveness and efficiency of operations, the
reliability of financial reporting, and compliance with applicable laws
and regulations.
• An organization’s internal control resources include all the people,
policies, processes, procedures, and systems controlled by
management that enable it to meet these goals

bcanepaltu.com 126
bcanepaltu.com
127
• Policies are the guidelines and standards by which the organization
must abide.
• The guidelines and standards are often in response to some law.
Policies drive processes and procedures.
• Processes are a collection of tasks designed to accomplish a stated
objective.
• A procedure defines the exact instructions for completing each task in
a process.

bcanepaltu.com 128
• An organization might have a policy that defines the credit terms and
collection guidelines to be followed when handling a customer order.
• The processes associated with handling customer orders could include
creating a new customer account, accepting a new order from an
existing customer, and planning shipment of a customer order, among
others.
• Procedures for each process define how to complete each task in the
process.
• The process and procedures must be designed and executed to
conform to the credit terms and collection guidelines policy.
bcanepaltu.com 129
• Management is responsible for ensuring that an adequate system of internal
control is set up, documented with written procedures, and implemented.
• Management must also decide the proper level of control over various
aspects of the business so that the cost of implementing control does not
outweigh the benefits.
• Employees are responsible for following the documented procedures and
reporting to management if the controls are not effective in meeting the
needs of the organization.
• The internal audit organization is responsible for assessing whether the
internal controls have been implemented correctly and are functioning as
designed; the internal audit organization reports its findings to management.

bcanepaltu.com 130
• A fundamental concept of good internal controls is the careful
separation of duties associated with any process that involves the
handling of financial transactions so that different aspects of the
process are handled by different people.
• With proper separation of duties, fraud would require the collusion of
two or more parties.
• When designing an accounts receivable system, for instance, the
principal of separation of duties dictates that you separate
responsibility for the receipt of customer payments, approving write-
offs, depositing cash, and reconciling bank statements.
bcanepaltu.com 131
• Ideally, no one person should be allowed to perform more than one of
these tasks.
• Internal controls play a key role in preventing and detecting fraud and
protecting the organization’s resources.
• Proper separation of duties is frequently reviewed during the audit of a
business operation.
• In small organizations, it is common for employees to have multiple
responsibilities.
• Such a lack of separation of duties raises concerns that fraud could go
undetected.

bcanepaltu.com 132
• The Foreign Corrupt Practices Act (FCPA) makes it a crime to bribe
a foreign official, a foreign political party official, or a candidate for
foreign political office.
• In some countries, gifts are an essential part of doing business.
• In fact, in some countries, it would be considered rude not to bring a
present to an initial business meeting.
• In the United States, a gift might take the form of free tickets to a
sporting event from a personnel agency that wants to get on your
company’s list of preferred suppliers.
• But, at what point does a gift become a bribe, and who decides?

bcanepaltu.com 133
• The key distinguishing factor is that no gift should be hidden.
• A gift may be considered a bribe if it is not declared.
• As a result, most companies require that all gifts be declared and that
everything but token gifts be declined.
• Some companies have a policy of pooling the gifts received by their
employees, auctioning them off, and giving the proceeds to charity.

bcanepaltu.com 134
bcanepaltu.com
135
Relationships Between IT Workers and Other
Professionals
• Professionals often feel a degree of loyalty to the other members of
their profession.
• As a result, they are often quick to help each other obtain new
positions but slow to criticize each other in public.
• Professionals also have an interest in their profession as a whole,
because how it is perceived affects how individual members are
viewed and treated.
• (For example, politicians are not generally thought to be very
trustworthy, but teachers are.)

bcanepaltu.com 136
• Hence, professionals owe each other an adherence to the profession’s
code of conduct.
• Experienced professionals can also serve as mentors and help develop
new members of the profession.
• A number of ethical problems can arise among members of the IT
profession.
• One of the most common is résumé inflation, which involves lying
on a résumé by, for example, claiming competence in an IT skill that is
in high demand.

bcanepaltu.com 137
• Even though an IT worker might benefit in the short term from
exaggerating his or her qualifications, such an action can hurt the
profession and the individual in the long run.
• Many employers consider lying on a résumé as grounds for immediate
dismissal.
• For instance, Yahoo hired Scott Thompson, the president of eBay’s
PayPal electronic payments unit, as its new CEO in January 2012;
however, Thompson resigned less than a year later over discrepancies
in his academic record summarized on his résumé.

bcanepaltu.com 138
• Another ethical issue that can arise in relationships between IT
workers and other professionals is the inappropriate sharing of
corporate information.
• Because of their roles, IT workers may have access to corporate
databases of private and confidential information about employees,
customers, suppliers, new product plans, promotions, budgets, and so
on.
• It might be sold to other organizations or shared informally during
work conversations with others who have no need to know.
• Revealing such private or confidential information is grounds for
termination in many organizations and could even lead to criminal
charges.
bcanepaltu.com 139
Relationships Between IT Workers and IT
Users
• The term IT user refers to a person who uses a hardware or software
product; the term distinguishes end users from the IT workers who
develop, install, service, and support the product.
• IT users need the product to deliver organizational benefits or to
increase their productivity.
• IT workers have a duty to understand a user’s needs and capabilities
and to deliver products and services that best meet those needs—
subject, of course, to budget and time constraints.

bcanepaltu.com 140
• They also have a key responsibility to establish an environment that
supports ethical behaviors by users.
• Such an environment discourages software piracy, minimizes the
inappropriate use of corporate computing resources, and avoids the
inappropriate sharing of information.

bcanepaltu.com 141
Relationships Between IT Workers and
Society
• Regulatory laws establish safety standards for products and services to
protect the public.
• However, these laws are less than perfect, and they cannot safeguard
against all negative side effects of a product or process.
• Often, professionals can clearly see the effect their work will have and
can take action to eliminate potential public risks.
• Thus, society expects members of a profession to provide significant
benefits and to not cause harm through their actions.
• One approach to meeting this expectation is to establish and maintain
professional standards that protect the public.
bcanepaltu.com 142
• Clearly, the actions of an IT worker can affect society.
• For example, a systems analyst may design a computer-based control
system to monitor a chemical manufacturing process.
• A failure or an error in the system may put workers or people who live
near the plant at risk.
• As a result, IT workers have a relationship with members of society
who may be affected by their actions.

bcanepaltu.com 143
• There is currently no single, formal organization of IT workers that
takes responsibility for establishing and maintaining standards that
protect the public.
• However, as discussed in the following sections, there are a number of
professional organizations that provide useful professional codes of
ethics to guide actions that support the ethical behavior of IT workers.

bcanepaltu.com 144
ENCOURAGING THE
PROFESSIONALISM OF IT WORKERS
• A professional is one who possesses the skill, good judgment, and work
habits expected from a person who has the training and experience to do a
job well.
• Organizations— including many IT organizations—are desperately seeking
workers who have the following characteristics of a professional:
• They are an expert in the tools and skills needed to do their job.
• They adhere to high ethical and moral standards.
• They produce high quality results.
• They meet their commitments.
• They communicate effectively.
• They train and develop others who are less skilled or experienced.

bcanepaltu.com
145
• IT workers of all types can improve their profession’s reputation for
professionalism by
• (1) subscribing to a professional code of ethics,
• (2) joining and participating in professional organizations,
• (3) obtaining appropriate certifications, and
• (4) supporting government licensing where available. Each of these topics is
discussed in the following sections.

bcanepaltu.com 146
Professional Codes of Ethics
• A professional code of ethics states the principles and core values that
are essential to the work of a particular occupational group.
Practitioners in many professions subscribe to a code of ethics that
governs their behavior.
• For example, doctors adhere to varying versions of the 2,000-year-old
Hippocratic oath, which medical schools offer as an affirmation to
their graduating classes.
• Most codes of ethics created by professional organizations have two
main parts:

bcanepaltu.com 147
• The first outlines what the organization aspires to become and the
second typically lists rules and principles by which members of the
organization are expected to abide.
• Many codes also include a commitment to continuing education for
those who practice the profession.
• Laws do not provide a complete guide to ethical behavior.
• Nor can a professional code of ethics be expected to provide an answer
to every ethical dilemma—no code can be a definitive collection of
behavioral standards.

bcanepaltu.com 148
• However, following a professional code of ethics can produce many
benefits for the individual, the profession, and society as a whole:
• Ethical decision making—Adherence to a professional code of ethics
means that practitioners use a common set of core values and beliefs
as a guideline for ethical decision making.
• High standards of practice and ethical behavior—Adherence to a
code of ethics reminds professionals of the responsibilities and duties
that they may be tempted to compromise to meet the pressures of day-
to-day business.

bcanepaltu.com 149
• The code also defines acceptable and unacceptable behaviors to guide
professionals in their interactions with others.
• Strong codes of ethics have procedures for censuring professionals for
serious violations, with penalties that can include the loss of the right to
practice.
• Such codes are the exception, however, and few exist in the IT arena.
• Trust and respect from the general public—Public trust is built on the
expectation that a professional will behave ethically.
• People must often depend on the integrity and good judgment of a
professional to tell the truth, abstain from giving self-serving advice, and
offer warnings about the potential negative side effects of their actions.

bcanepaltu.com 150
• Thus, adherence to a code of ethics enhances trust and respect for
professionals and their profession.
• Evaluation benchmark—A code of ethics provides an evaluation
benchmark that a professional can use as a means of self-assessment.
• Peers of the professional can also use the code for recognition or
censure.

bcanepaltu.com 151
Professional Organizations
• No one IT professional organization has emerged as preeminent
(Outstanding), so there is no universal code of ethics for IT workers.
• However, the existence of such organizations is useful in a field that is
rapidly growing and changing.
• In order to stay on the top of the many new developments in their
field, IT workers need to network with others, seek out new ideas, and
continually build on their personal skills and expertise.
• Whether you are a freelance programmer or the CIO of a Fortune 500
company, membership in an organization of IT workers enables you to
associate with others of similar work experience, develop working
relationships, and exchange ideas.
bcanepaltu.com 152
• These organizations disseminate information through email,
periodicals, websites, social media, meetings, and conferences.
• Furthermore, in recognition of the need for professional standards of
competency and conduct, many of these organizations have developed
codes of ethics.

bcanepaltu.com 153
• Four of the most prominent IT-related professional organizations are
highlighted in the following sections.

• Association for Computing Machinery (ACM):

• Institute of Electrical and Electronics Engineers Computer Society
(IEEE-CS)
• Association of Information Technology Professionals (AITP)
• SysAdmin, Audit, Network, Security (SANS) Institute

bcanepaltu.com 154
Certification
• Certification indicates that a professional possesses a particular set of
skills, knowledge, or abilities, in the opinion of the certifying
organization.
• Unlike licensing, which applies only to people and is required by law,
certification can also apply to products (for example, the Wi-Fi
CERTIFIED logo assures that the product has met rigorous
interoperability testing to ensure that it will work with other Wi-Fi-
certified products) and is generally voluntary.
• IT-related certifications may or may not include a requirement to
adhere to a code of ethics, whereas such a requirement is standard with
licensing.

bcanepaltu.com 155
• Numerous companies and professional organizations offer
certifications, and opinions are divided on their value.
• Many employers view them as a benchmark that indicates mastery of a
defined set of basic knowledge.
• On the other hand, because certification is no substitute for experience
and doesn’t guarantee that a person will perform well on the job, some
hiring managers are rather cynical about the value of certifications.
• Most IT employees are motivated to learn new skills, and certification
provides a structured way of doing so.

bcanepaltu.com 156
• For such people, completing a certification provides clear recognition
and correlates with a plan to help them continue to grow and advance
in their careers.
• Others view certification as just another means for product vendors to
generate additional revenue with little merit attached.
• Deciding on the best IT certification—and even whether to seek a
certification— depends on the individual’s career aspirations, existing
skill level, and accessibility to training

bcanepaltu.com 157
bcanepaltu.com
158
• Vendor Certifications
• Many IT vendors—such as Cisco, IBM, Microsoft, and Oracle—offer
certification programs for those who use their products.
• Workers who successfully complete a program can represent
themselves as certified users of a manufacturer’s product.
• Depending on the job market and the demand for skilled workers,
some certifications might substantially improve an IT worker’s salary
and career prospects.
• Certifications that are tied to a vendor’s product are relevant for job
roles with very specific requirements or certain aspects of broader
roles.
bcanepaltu.com 159
• Sometimes, however, vendor certifications are too narrowly focused
on the technical details of the vendor’s technology and do not address
more general concepts.
• To become certified, one must pass a written exam. Because of legal
concerns about whether other types of exams can be graded
objectively, most exams are presented in a multiple-choice format.
• A few certifications, such as the Cisco Certified Internetwork Expert
(CCIE) certification, also require a hands-on lab exam that
demonstrates skills and knowledge.
• It can take years to obtain the necessary experience required for some
certifications.
bcanepaltu.com 160
bcanepaltu.com
161
Licensing of IT Professionals
• In the United States, a government license is government-issued
permission to engage in an activity or to operate a business.
• Most states license activities that could result in damage to public
health, safety, or welfare—if practiced by an individual who has not
demonstrated minimal competence.
• Licensing is generally administered at the state level and often requires
that the recipient pass a test of some kind.
• Some professionals must be licensed, including certified public
accountants (CPAs), lawyers, doctors, various types of medical and
daycare providers, and some engineers.
bcanepaltu.com 162
• The Case for Licensing IT Workers
• As a result of the increasing importance of IT in our everyday lives, the
development of reliable, effective information systems has become an area
of mounting public concern.
• This concern has led to a debate about whether the licensing of IT workers
would improve information systems.
• Proponents argue that licensing would strongly encourage IT workers to
follow the highest standards of the profession and practice a code of ethics.
• Without licensing, there are no clear, well-defined requirements for
heightened care and no concept of professional malpractice.

bcanepaltu.com 163
• State licensing boards have ultimate authority over the specific
requirements for licensing in their jurisdiction, and also decide
whether or not to even offer a given exam.
• In 1993, the ACM and IEEE-CS formed a Joint Steering Committee
for the Establishment of Software Engineering as a Profession.
• The initial recommendations of the committee were to define ethical
standards, to define the required body of knowledge and recommended
practices in software engineering, and to define appropriate curricula
to acquire knowledge.
• The core body of knowledge for any profession outlines agreed-upon
sets of skills and abilities that all licensed professionals must possess
bcanepaltu.com 164
The “Software Engineering
Code of Ethics and
Professional Practice”
documents the ethical and
professional
responsibilities and
obligations of software
engineers.

bcanepaltu.com
165
IT Professional Malpractice
• For most IT workers, becoming licensed as a software engineer is
optional because they practice under the “industrial exemption” clause
of their state’s licensing laws that permits them to work internally for
an organization without licensure so long as they are not making final
decisions to release product to the public or offering engineering
services directly to the public.
• However, to open a software engineering consulting practice or to
claim that one is a software engineer in a formal context may now
require a license in some states. For an IT worker to become licensed
raises some potential legal issues, as discussed in the following
paragraphs.

bcanepaltu.com 166
• Negligence is defined as not doing something that a reasonable person
would do or doing something that a reasonable person would not do.
• Duty of care refers to the obligation to protect people against any
unreasonable harm or risk.
• For example, people have a duty to keep their pets from attacking
others and to operate their cars safely.
• Similarly, businesses must keep dangerous pollutants out of the air and
water, make safe products, and maintain safe operating conditions.

bcanepaltu.com 167
• The courts decide whether parties owe a duty of care by applying a
reasonable person standard to evaluate how an objective, careful,
and conscientious person would have acted in the same circumstances.
• Likewise, defendants who have particular expertise or competence are
measured against a reasonable professional standard.
• For example, in a medical malpractice suit based on improper
treatment of a broken bone, the standard of measure would be higher if
the defendant were an orthopedic surgeon rather than a general
practitioner.

bcanepaltu.com 168
• In the IT arena, consider a hypothetical negligence case in which an
employee inadvertently destroyed millions of customer records in an
Oracle database.
• The standard of measure would be higher if the defendant were a
licensed software engineer certified as an Oracle database
administrator (DBA) with 10 years of experience rather than an
unlicensed systems analyst with no DBA experience or specific
knowledge of the Oracle software.

bcanepaltu.com 169
• If a court finds that a defendant actually owed a duty of care, it must
then determine whether the duty was breached.
• A breach of the duty of care is the failure to act as a reasonable
person would act.
• A breach of duty might consist of an action, such as throwing a lit
cigarette into a fireworks factory and causing an explosion, or a failure
to act when there is a duty to do so—for example, a police officer not
protecting a citizen from an attacker.

bcanepaltu.com 170
• Professionals who breach the duty of care are liable for injuries that
their negligence causes.
• This liability is commonly referred to as professional malpractice.
• For example, a CPA who fails to use reasonable care, knowledge, skill,
and judgment when auditing a client’s books is liable for accounting
malpractice.
• Professionals who breach this duty are liable to their patients or clients
and possibly to some third parties.

bcanepaltu.com 171
WHAT CAN BE DONE TO ENCOURAGE THE ETHICAL
USE OF IT RESOURCES AMONG USERS?
• This section discusses some of the most common ethical issues that IT
users face, as well as ways that organizations can encourage the ethical
use of IT by their employees, an area of growing concern as more
companies provide employees with
• smartphones,
• tablets, and
• laptops—along with PCs, and
• other devices
• to access corporate information systems, data, and the Internet.

bcanepaltu.com 172
Common Ethical Issues for IT Users
• Software Piracy
• Software piracy in a corporate setting can sometimes be directly
traceable to IT professionals—they might allow it to happen, or they
might actively engage in it.
• Corporate IT usage policies and management should encourage users
to report instances of piracy and to challenge its practice.
• The software piracy rates in Albania, Kazakhstan, Libya, Panama, and
Zimbabwe exceed 70 percent, so it is clear that business managers and
IT professionals in those countries do not take a strong stand against
the practice.
bcanepaltu.com 173
• Sometimes IT users are the ones who commit software piracy. A
common violation occurs when employees copy software from their
work computers for use at home.
• When confronted, the IT user’s argument might be: “I bought a home
computer partly so I could take work home and be more productive;
therefore, I need the same software on my home computer as I have at
work.”
• However, if no one has paid for an additional license to use the
software on the home computer, this is still piracy.

bcanepaltu.com 174
• Inappropriate Use of Computing Resources
• Some employees use their computers to surf popular websites that
have nothing to do with their jobs, participate in chat rooms and play
computer games.
• These activities eat away at a worker’s productivity and waste time.
• Furthermore, activities such as viewing sexually explicit material,
sharing lewd jokes, and sending hate email could lead to lawsuits and
allegations that a company allowed a work environment conducive to
racial or sexual harassment.

bcanepaltu.com 175
Inappropriate Sharing of Information
• Every organization stores vast amounts of information that can be
classified as either private or confidential.
• Private data describe individual employees—for example, their salary
information, attendance data, health records, and performance ratings.
Private data also include information about customers—credit card
information, telephone number, home address, and so on.
• Confidential information describes a company and its operations,
including sales and promotion plans, staffing projections,
manufacturing processes, product formulas, tactical and strategic
plans, and research and development.
bcanepaltu.com 176
• An IT user who shares this information with an unauthorized party,
even inadvertently, has violated someone’s privacy or created the
potential that company information could fall into the hands of
competitors.
• For example, if an employee accessed a coworker’s payroll records via
a human resources computer system and then discussed them with a
friend, it would be a clear violation of the coworker’s privacy.

bcanepaltu.com 177
Supporting the Ethical Practices of IT Users
• The growing use of IT has increased the potential for new ethical
issues and problems; thus, many organizations have recognized the
need to develop policies that protect against abuses.
• Although no policy can stop wrongdoers, it can set forth the general
rights and responsibilities of all IT users, establish boundaries of
acceptable and unacceptable behavior, and enable management to
punish violators.
• Adherence to a policy can improve services to users, increase
productivity, and reduce costs.

bcanepaltu.com 178
• Companies can take several actions when creating an IT usage policy,
as discussed in the following sections.
• Establishing Guidelines for Use of Company Hardware and Software
• Defining an Acceptable Use Policy
• Installing and Maintaining a Corporate Firewall
• Compliance

bcanepaltu.com 179
Establishing Guidelines for Use of Company
Hardware and Software
• Company IT managers must provide clear rules that govern the use of
home computers and associated software.
• Some companies negotiate contracts with software manufacturers and
provide PCs and software so that IT users can work at home.
• Other companies help employees buy hardware and software at
corporate discount rates.
• The goal should be to ensure that employees have legal copies of all
the software they need to be effective, regardless of whether they work
in an office, on the road, or at home.

bcanepaltu.com 180
Defining an Acceptable Use Policy
• An acceptable use policy (AUP) is a document that stipulates
(demand or specify (a requirement)) restrictions and practices that a
user must agree to in order to use organizational computing and
network resources.
• It is an essential information security policy—so important that most
organizations require that employees sign an acceptable use policy
before being granted a user or network ID.

bcanepaltu.com 181
• An effective acceptable use policy is clear and concise and contains
the following five key elements:
• 1. Purpose of the AUP—Why is the policy needed and what are its goals?
• 2. Scope—Who and what is covered under the AUP?
• 3. Policy—How are both acceptable use and unacceptable use defined; what
are some examples of each?
• 4. Compliance—Who is responsible for monitoring compliance and how will
compliance will be measured?
• 5. Sanctions—What actions will be taken against an individual who violates
the policy?

bcanepaltu.com 182
• Members of the legal, human resources, and information security
groups are involved in creating the AUP.
• It is the organization’s information security group that is responsible
for monitoring compliance to the AUP.

bcanepaltu.com 183
Structuring Information Systems to Protect
Data and Information
• Organizations must implement systems and procedures that limit data
access to just those employees who need it.
• For example, sales managers may have total access to sales and
promotion databases through a company network, but their access
should be limited to products for which they are responsible.
• Furthermore, they should be prohibited from accessing data about
research and development results, product formulas, and staffing
projections if they don’t need it to do their jobs.

bcanepaltu.com 184
Installing and Maintaining a Corporate
Firewall
• A firewall is hardware or software (or a combination of both) that
serves as the first line of defense between an organization’s network
and the Internet; a firewall also limits access to the company’s network
based on the organization’s Internet-usage policy.
• A firewall can be configured to serve as an effective deterrent to
unauthorized web surfing by blocking access to specific objectionable
websites. (Unfortunately, the number of such sites is continually
growing, so it is difficult to block them all.)
• A firewall can also serve as an effective barrier to incoming email
from certain websites, companies, or users.
bcanepaltu.com 185
Compliance
• Compliance means to be in accordance with established policies,
guidelines, specifications, or legislation.
• Records management software, for example, may be developed in
compliance with the U.S. Department of Defense’s Design Criteria
Standard for Electronic Management Software applications that
defines mandatory functional requirements for records management
software used within the Department of Defense.
• Commercial software used within an organization should be
distributed in compliance with the vendor’s licensing agreement

bcanepaltu.com 186
• U.S. Health Insurance Portability and Accountability Act of 1996
(HIPAA), which requires employers to ensure the security and privacy
of employee healthcare data.
• Failure to be in compliance with specific pieces of legislation can lead
to criminal or civil penalties specified in that legislation.
• It is a major challenge for many organizations to maintain compliance
with multiple government and industry regulations, which are
frequently updated and modified so that regulations have similar but
sometimes conflicting requirements.

bcanepaltu.com 187
• As a result, many organizations have implemented specialized
software to track and record compliance actions, hired management
consultants to provide advice and training on compliance issues, and
even created a new position, the chief compliance officer (CCO), to
deal with compliance-related issues.

bcanepaltu.com 188
End of Chapter 1
Thank You

bcanepaltu.com
189