The world has been experiencing developments in the field of information for many years and the trend is expected to continue in the future. Information services have developed technologically from paper to radio waves, TV and now to internet and computer. The world is currently experiencing rapid dynamics in the internet industry, with the internet being adopted by individual users, corporations, businesses, and even governments. The use of the internet as a source of information is an advancement in itself; however, there has been a setback regarding the issue of ethics and information security. Users have controlled and manipulated the internet, leading to unethical and illegal behavior that severely affects society. Moreover, the world has been driven to put serious consideration in ethics and information security.
The world is increasingly becoming technologically advanced, and alongside the developments are the challenges of security and unethical behaviors that have developed into issues of major concern in society. These issues are becoming increasingly complex as technology develops, thus necessitating the need for responses that seek to solve these challenges. Moreover, challenges of security and unethical behaviors have emerged rapidly in conjunction with the technological evolution of information management.
Information Security and Ethics undertake the use of models that are associated with safeguarding and ensuring effectiveness in information privacy. These processes help in guiding the developing world of dynamic technologies to meet the ethics and insecurity challenges that come along with the developments. Unethical behavior is a matter that arises from societal values and therefore it could be easily solved by members of the society using “peer pressure and chastising the offending users” (Quigley, 2005, p. 2). In addition, members of society need to exercise due care as they move with technological advancement in the field of information. Due care is a process of maintaining an ongoing work in good condition concerning expectations and desired standards especially in cases where regulations and guidelines of specific tasks exist. Therefore, organizations should make sure they exercise due care in their operations to ensure desired goals and objectives are met.
Due diligence is the process where reasonable examination and research are done before undertaking a course of action to avoid shortcomings and unexpected problems. This is unlike due care which is applied in ongoing work to avoid deviation from guidelines and desired goals. Concerning the field of law, companies or individuals are expected to perform due diligence by finding out the detailed terms of a contract before engaging in any sought of the agreement through signing. It is a matter of concern in any organization to avoid haphazard work by its members.
However, it may be difficult to keep up with all new advances on the web, as plans are underway in the internet community to adopt “internet protocol version which increases the size and availability of IP addresses and will allow more data and encryption in the packets transmitted on the web” (Quigley, 2005, p. 3). For society to be secure in the technology-driven environment, information security and ethics need to continuously innovate and develop new means to safeguard and ensure information privacy.
Research methods and approach
With the emergence of the internet and social networking, there has been a significant increase in issues of ethical dilemma taking new forms. Computer-based ethical issues have mainly been a result of availability, storage, and hacking of people’s personal information. Moreover, the amount of personal information that is exposed in social networking may give rise to unethical and illegal behavior when the information is used for monetary gain.
Ethics and information security apply a wide range of methodologies to guide and restrict users of information from causing harm in society. Moreover, the use of “ethics and human morality can serve as a means of protecting against information systems security” (Qing & Eloff, 2000, p.401). Causes of unethical and illegal behavior can be classified into three broad categories accident, ignorance, and intent.
An accident is a situation where individuals who manage information within institutions and corporation may cause damage given the fact that they have authority and privileges in all matters concerning information of the organization. On the other hand, ignorance in the field of information may give rise to unethical and illegal behavior. Breach of law with the reason of ignorance is liable to punishment in law. However, in organizations and corporations, ignorance may serve as an excuse for unethical and illegal behavior with respect to policies and procedures. Lastly, the intent is a situation where unethical or illegal behavior comes up because of an individual’s action with specific intentions. It often serves as a central point of legal defense by offenders when there is a need to determine whether the offender acted out of good or bad intentions. Cases may be declared illegal and punishable with consideration of the fact that offenders may act out of ignorance, accident, or with specific intentions (Whitman and Mattord, 2008, p.105).
Professional Codes of Conduct
To prevent increasing cases of unethical behavior, stakeholders in society have undertaken to come up with professional codes in the discipline of information management. Professional codes of conduct offer guidelines and restrictions to stakeholders of information in making ethical decisions and implementation of ethical solutions in matters concerned with information. Codes of conduct activities in line with normative ethics that make actions right or wrong, with consideration to descriptive ethics that offer guidelines in respect to past situations (Whitman and Mattord, 2008, pg 447; Freeman and Peace, 2005, p. 242).
These guidelines and restrictions concerning the use and dissemination of information reflect the degree to which institutions are committed to matters of security and ethics of information. Dynamics and evolution in the area of information require proportional development and reconstruction of professional codes and ethical principles to cope up with global trends.
American sociologist association code of ethics has become a major advancement in the area of ethics and information security. The association codes emphasize that researchers must observe the principle of objectivity and integrity when performing information research by disclosing all findings. The codes of ethics also state that researchers must ensure participants of information research are protected from any harm concerning information research. Indeed, participants’ right to privacy and dignity must be upheld and respected while ensuring that their confidential information is safeguarded to remain confidential (Kendall, 2007, p. 66).
Innovations in Security Measures
Researchers can proactively utilize a combination of Ideas and experiences of information security to enhance innovation and development of research methods. With time, information security researchers’ efforts may collectively develop research methods into successful methods and data sets that can become a solution to unethical conduct and security issues affecting corporations and institutions in the field of information services (Quigley, 2005, p.381).
Ethics and information security have forced companies and corporations to invest in security devices and employee security policies to enable them to protect and guard valuable information about the entity. Employees comply with corporate policies when the desired practices are given high visibility with the creation of awareness of employees to the vulnerability of organizations to security threats. However, the security policies should be in harmony with the expectations of employees (Siponen, Mahmood, and Pahnila 2009, pg 147)
A good example is a device that detects unauthorized intrusion into the system of a company. The device monitors and analyzes the occurrence of events in a system to be able to provide real-time warnings of attempts to access the system illegally. Moreover, access to a system in an unauthorized manner is referred to as hacking that is motivated by individual desires. Generally, intrusion detection systems (IDS) enable organizations to counter the activities of hackers by the use of sensors, analyzers, and user interfaces. Intrusion detection systems may monitor single host or network traffic activities.
The above graph compares intruder behavior, which differs from authorized users, and indicates intruder activities in case of overlap or deviations from the past graphs. Intrusion detection system must be configured according to system security policies and changes in systems and users. The system should run continuously, resist subversion, and be set up to monitor a large number of information systems with minimal overheads.
Users of computer and internet information have become victims of unethical and illegal behavior through which they have gained firsthand experience in ethics and information security. Through such experiences, society, in general, has been able to focus on information security, specifically with respect to confidentiality applications, authentication technologies, forensic computing, and cyber-crime. Society has kept pace with technological advancement by innovating and developing means to safeguard and ensure information privacy in technology-driven environments.
There has been successful implementation of measures to ensure information security and ethically acceptable behavior, particularly in the field of business, e-commerce, and government ministries. Confidentiality applications and authentication technologies have particularly been successful in corporations and government ministries. However, cyber-crime is still a major issue of concern in society because, despite its illegality and law enforcement, it remains rampant.
Illegal behavior in Information technology is also characterized by the rise in copyright infringement of ownership rights to assets such as software, music, and movies in the business sector. Copyright infringement has become a critical issue in society mainly due to widespread freedom to download files and data over the internet, by internet users. Copyright acts have been violated as downloads are later pirated and exchanged by individuals who do not want to purchase them, in extreme cases, the pirated downloads are even sold for monetary gain.
Information users in the technological environment mainly apply the use of facilities and hardware that are considered to become obsolete over a period. Technological facilities that are continuously being phased out due to replacement by new technology lead to hardware obsolescence. Companies and individuals face a huge challenge in disposing of the obsolete hardware, which is continuously replaced, thus posing a threat to environmental degradation and pollution. Most of the obsolete hardware is non-biodegradable; therefore, ethical managers need to ensure they come up with a responsible way of disposing of the obsolete hardware (Schultz, 2006, P.191)
Laws and Policies
Policies are a set of rules and regulations that are created by individual agencies to enable them to achieve certain goals and objectives. Organizations should put into consideration laws that exist given the fact that, for policies to remain relevant and valid, they should comply with the law. Unlike policies, laws are enforceable by the judicial system where their main purpose is to ensure that justice and order prevail in the society. Indeed, every company and corporation has its policies.
Deterrence has so far been considered as the best way to prevent illegal or unethical activity. This is the application of laws, policies, and technical controls to present the following conditions: 1) Illegal and unethical individuals. 2) Fear of penalties such as imprisonment, which may prevent individuals from committing illegal and unethical activity. 3) Individuals believe that there are high chances of being caught while engaging in illegal and unethical activities. 4) Belief by individuals engaging in illegal and unethical activities that the consequential penalties will be administered when they are caught.
Categories of Law
Law is a wide area and can be broadly categorized into civil law, public, and private law. Civil laws are all those that govern a state as a whole while public law governs and regulates government agencies concerning employees, citizens, and other governments. On the other hand, private law regulates relationships between individuals and organizations. Civil law encompasses criminal and tort law that provides individuals with a mechanism to seek compensation against those who cause them personal, financial, and physical injury. Criminal law is effectively enforced by prosecuting individuals who violate the law, thus causing harm to the society and state in general.
Professionals involved in information security are required to possess tangible knowledge of the legal framework that their organizations are expected to operate within. In the US, professionals should be conversant with the following laws: 1) National Information Infrastructure Protection Act, which depends on offenders’ authority to access a protected computer. 2) Computer Security Act, which requires that all users of a computer system are trained and plans of its use put in place. 3) Economic Espionage Act, which was enacted to prevent former employees from using skills they gained in their past employment. 4) Electronic Communication Privacy Act also referred to as the Federal Wire Tapping Act that prevents disclosure and interception of wired information mainly by employees of telecommunication corporations. 5) Computer Fraud and Abuse Act that prevents and outlines punishment for fraud and related activity in connection with computers. 6) Financial Service Moderation act that brings banks, security, and insurance firms together for the purpose of privacy of information that is regarded as private to each firm and public company accounting reform; and 7) Investor Protection Act that seeks to streamline integrity and accountability of the management of publicly trading companies.
Ethics may not apply to professionals of different nationalities because nations have different views and opinions concerning the ethics of computer use. When the ethical behavior of one nation does not correspond with those of other nations, it poses a big challenge to ethics and information security given that internet use and social networks are global.
Ethical standards of researchers who are considered to adhere to professional codes of conduct are however limited to the prevailing situation and the kind of information that is being researched. Researchers’ information seeks to expose and stop industries from dumping toxins into the environment, which results in pollution of land, water, and air. Other research information that is considered to be exceptional in ethics and security codes are those that seek to expose corrupt officials and sources of unequal treatment under the law. This target population may not have rights to privacy and confidential information, given the fact that their actions subject others to more harm and loss of human rights. Nevertheless, human rights overrule professional codes and restrictions in the society due to the supremacy of constitutional law (Stoecker, 2005, p. 244)
All members of society should put into consideration issues revolving around ethics and information security. Computer and internet ethics should be learned and implemented by all users of information. Deriving from the above discussion, the following internet and computer ethics are recommended to all members of society. First, nobody should use a computer to harm other people; interfere with other people’s computer work; bear false witnesses using a computer, or snoop around in other people’s computer files. In addition, nobody should appropriate other people’s intellectual output; disrespect other computer users; use proprietary software for which one has not paid; fail to consider the effects of programs and systems on other people, and use other people’s computer resources without authorization or proper compensation. With all these factors are taken seriously by society, unethical and illegal behavior would be history in information technology.
Freeman, A. L. and Peace, G., 2005. Information ethics privacy and intellectual property. Idea Group Inc (IGI). Web.
Kendall, D., 2007. Sociology in our times. OH: Cengage Learning. Web.
Qing, S. & Eloff, J.H., 2000. Information security of global information infrastructures. London: Springer. Web.
Quigley, M., 2008. Encyclopedia of information ethics and security. London: Idea Group Inc (IGI). Web.
Quigley, M., 2005. Informational Security and ethics: Social and organizational issues. PA: Idea Group Inc (IGI). Web.
Schultz, R. A., 2006. Contemporary issues in ethics and information technology. PA: Idea Group Inc (IGI). Web.
Siponen, M., Mahmood, M. A. and Pahnila, S., 2009, Are Employees Putting Your Company At Risk By Not Following information security Policies? Communications of the ACM, Vol. 52 Issue 12, p145-147, 3p. Web.
Stoecker, R., 2005. Research method for community change: a project based approach. CA: SAGE. Web.
Whitman, M. and Mattord, H., 2008. Principles of information security. OH: Cengage Learning EMEA. Web.
Whitman, E. M. and Mattord, H., 2005. Management of information security. OH: Cengage Learning. Web.