Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social.

Published byGalilea Tilley Modified over 9 years ago

Similar presentations

Presentation on theme: "Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social."— Presentation transcript:

1 Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social group.

2 SA Ethics The SA may have access to all –Files –Backups –E-mail –Internet usage –Corporate secrets –Private employee information

3 SA is in a position of trust The SA may be subject to –Polygraph tests –Personal back ground checks –Credit reports –Drug testing

4 Computer Resource Usage Employers are concerned about how computing resources are used. Do Employers have a right to monitor usage of computing resources by their employees? Employers have an ethical responsibility to notify employees of system monitoring.

5 User Code of Conduct All companies using computers should have a written code of conduct for general users and privileged users. –Government –Private sector –Academics –Home?

6 Computer Usage Policy If there is no written usage policy at your work place, make an effort to create one. All employees should sign a usage policy. The policy should be signed and kept on file, a copy kept for the employee. Read the course syllabus for CS3353.

7 Usage Policy Do not use agency resources for personal use: –Starting a new business –Hosting a personal web site –Downloading copyrighted materials –Downloading illegal materials. –Pirating software –There may be legitimate exceptions.

8 SA Ethics Treat all files not belonging to you as sensitive. Computing systems do not exist for the amusement of the SA. (SA Mantra) Accessing sensitive files should always be on a need to know basis only. This will require coordinating such access with management and security personnel. This applies to e-mail.

9 Ethics The computing system does not exist solely for the SA’s personal amusement. The SA is providing a service to users. The system-users will ultimately determine an SAs future based upon satisfaction. An SA must be objective in dealing with colleagues and customers.

10 Ethics Separate personal and professional views.

11 Ethics: Informed Consent Informing your customers of events that will impact their system usage.

12 Informed Consent: SLA SLA – service level agreement informs customers of –Maintenance scheduling –Limited Liability due to down time or catastrophic events. –Warnings for interruption of service.

13 SAGE Code of Ethics Integrity of SA is beyond reproach. No infringement on the rights of users. High standard of professional conduct. Continuing education Exemplary work ethic Professionalism in the performance of their duties.

14 Privileged Access Conduct Privileged usage requires responsibility Privileged usage is solely for necessary work- related uses. Procedures should be developed to minimize errors. (example: Backups of critical data should be made before system changes are implemented.) Procedure for addressing accidental access to information not otherwise available. Warnings explaining what to expect when policies are violated.

15 Privileged Access Conduct All policies should be in writing and made available to privileged users. Privileged users should sign the document to acknowledge they understand their responsibilities.

16 Privileged Access Conduct A list of privileged users should be kept up to date. When someone is terminated or leaves voluntarily, appropriate measures must be taken: –Change passwords –Close accounts –Exit interview

17 Privileged Access Conduct Passwords to privileged accounts should be changed regularly, at least twice a year. Privileged users may have their access restricted on a regular basis for auditing purposes.

18 Copyright Adherence Organizations should have policies stating that their members abide by copyright laws. Software piracy is pervasive and is actually stealing. Companies are concerned about the liability of using pirated software.

19 Examples Individually licensed PC software packages should be purchased for individual PCs Single-user installation disk should not be used on multiple machines. Manuals and media for software for a single machine should be stored in the room where the machine is located.

20 Piracy Software piracy is not an acceptable cost cutting measure. Companies faced with copyright litigation will attempt to implicate whoever let the violation happen and relay damages to those responsible.

21 Make Compliance Easy Use Open Source software when practical. When open source is not available, buy additional licenses at a bulk rate.

22 Working With Law Enforcement Organizations should have a policy outlining how to work with law enforcement agencies. Verify the identities of LEA people requesting information. Beware of Social Engineering!

23 Social Engineering Start with a small piece of information. Contact employees within a company claiming to be a LEA official, new employee, executive, etc. Leverage a piece of information into more useful information. Repeat until sufficient information is gathered to wreak havoc.

24 Privacy Expectations Many organizations consider the computer and all related data and resources to be property of the organization. Your files and e-mail may be owned by your employer. In the financial community, e-mail is monitored. (Informed Consent) Internet usage may be monitored.

25 Privacy Expectations Privacy laws may be different in another country where you are doing business. A policy on privacy and monitoring should be in writing and provided to all employees.

26 E-mail E-mail has a life of its own. It is difficult to permanently dispose of e-mail. Not private. Not secure. Should be treated as public information. There are special security software packages for managing e-mail.

27 Unethical/Illegal Requests Document any and all requests made by colleagues to do any illegal or unethical activity. Resist. Coercion may be used. Check the employee’s guidelines for what to do. If the request seems dubious, verify by checking company policies and laws.

28 Unethical/Illegal Requests If given a dubious request, ask for the request in writing. If your request is denied, refuse to do the request. Be careful about making accusations without evidence.

Download ppt "Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social."

Similar presentations

Privacy & Other Issues. Acceptable Use Policies When you sign up for an account at school or from an Internet Service Provider, you agree to their rules.

Privacy & Other Issues. Acceptable Use Policies When you sign up for an account at school or from an Internet Service Provider, you agree to their rules.
IT Security Policy Framework

IT Security Policy Framework
Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.
Expectations, Procedures, Policies Developed by Technology Services 1:1 Laptop Initiative.

Expectations, Procedures, Policies Developed by Technology Services 1:1 Laptop Initiative.
BUSINESS B2 Ethics.

BUSINESS B2 Ethics.
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Confidentiality & Records Management. What is Information Governance? What is Records Management?

Confidentiality & Records Management. What is Information Governance? What is Records Management?
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Research Development for Android Coopman Tom. What is Android?  Smartphone operating system  Google  Popular  ‘Easy to develop’  Open-Source  Linux.

Research Development for Android Coopman Tom. What is Android?  Smartphone operating system  Google  Popular  ‘Easy to develop’  Open-Source  Linux.
Uintah School District Acceptable Use for Computer and Network Access.

Uintah School District Acceptable Use for Computer and Network Access.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Riverside Community School District

Riverside Community School District
IST346: Information Ethics. Ethics  Ethics are the principles of conduct that govern a group of people.  Ethics are not morals.  Morals are the proclamation.

IST346: Information Ethics. Ethics  Ethics are the principles of conduct that govern a group of people.  Ethics are not morals.  Morals are the proclamation.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Acceptable Use Policy (AUP) What does it actually say? Why is it necessary?

Acceptable Use Policy (AUP) What does it actually say? Why is it necessary?
INTERNET and CODE OF CONDUCT

INTERNET and CODE OF CONDUCT
Network security policy: best practices

Network security policy: best practices
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
BUS1MIS Management Information Systems Semester 1, 2012 Week 7 Lecture 1.

BUS1MIS Management Information Systems Semester 1, 2012 Week 7 Lecture 1.

Similar presentations

Ads by Google