SNHU Ethical Decisions in Information Security Discussion & Responses

1-1 Discussion: What Would You Do?Discussion Topic

Task: Reply to this topic

Select one of the scenarios below, which involve making ethical decisions in IT.

In your initial post for this week, answer the following questions:

  • State which scenario you have selected
  • Describe the legal and ethical considerations in the scenario
  • Explain what you would do, given the scenario

In your responses to your peers:

  • Explain whether you agree or disagree with the decision that your peer has made, and provide a rationale

Scenario 1: You are a new employee in the role of senior solutions architect. You have over 10 years of experience as a solutions architect in a large company known for its cutting-edge technology. Your new company asks you about the tools and content that were in the information technology infrastructure library (ITIL) at your previous company. Your new company’s leadership is wondering if you can embed some of your previous company’s best practices into the ITIL to ensure that IT practices are up to date. After all, you were hired to help your current employer stand out among its competitors.

Scenario 2: You work in the IT department for an institution of higher education. You complete a routine security audit for one of its systems that contains confidential student information. During the audit, you notice several areas of vulnerability, such as a lack of encryption on certain files and no password protections for searching student information. You bring these concerns up to your supervisor, who says that the department’s budget is too tight right now and they don’t have enough personnel to update the system. There are also a lot of staffing switches taking place across departments, and there is a concern that job responsibilities will quickly change among leadership positions. 

Post 1:

Christine Dickinson posted Jun 28, 2021 3:26 PM

Subscribe

Hi Class!

For my discussion, I chose Scenario 2.

There are many legal and ethical considerations when dealing with personal information. From ACM’s code of ethics, computing professionals should avoid harm, respect privacy, honor confidentiality, strive to achieve high quality in both processes and products of professional work, design and implement systems that are robustly and usably secure, and recognize and take special care of systems that become integrated into the infrastructure of society. All these principles are at risk of being violated in this scenario.

If a student’s financial information is available through the system and passwords aren’t required for accessing this information, students could have their identities stolen, causing harm. The student’s privacy and confidentiality are not being respected as they are not a priority for the supervisor. Missing encryptions and not requiring passwords for access is forcing the employee to produce low quality processes and products. The employee is not being allowed to develop a system that is robustly and usably secure, even though it has been integrated into the infrastructure of society through education.

Depending on where the institution is located, there are federal and potentially state laws that would need to be considered. The Federal Information Security Management Act (FISMA) requires universities to implement security programs and policies, assess risk, and test controls (Higher Education Compliance Alliance, 2019). There are also state laws like Kentucky’s HB 5 law which mandates that higher education institutions have data security and breach procedures in place (Vance, 2018).

Per the ACM code of ethics, when you notice a breach of the Code, action should be taken to resolve the ethical issue. After my supervisor dismissed my initial concerns, I would draft a document that included the noted the potential legal ramifications and different breaches that could occur. I would bring this to my supervisor and highlight the risks. If they were still unwilling to make changes, I would bring it to their supervisor and file a formal complaint.

References

The Code affirms an obligation of computing professionals to use their skills for the benefit of society. Code of Ethics. (n.d.). https://www.acm.org/code-of-ethics.

Higher Education Compliance Alliance. (2019, July 24). Compliance Matrix. Higher Education Compliance Alliance. https://www.higheredcompliance.org/compliance-matrix/.

Vance, A. (2018). Privacy Laws Protecting Student Data. EDUCAUSE Review. https://er.educause.edu/blogs/2018/1/privacy-laws-protecting-student-data

Post 2:

1-1 Discussion: What Would You Do?

Contains unread posts

Filippo Lussana posted Jun 28, 2021 6:14 PM

Subscribe

Hi everyone!

For my discussion post, I chose Scenario 1.

In this scenario, I’m a new employee in the role of senior solutions architect. My new company asked me about tools and content in the information technology infrastructure library at my previous company and if I could embed some of those best practices into the current company ITIL.

Most likely, the contract in the previous company contained some copyright laws and confidentiality agreements that are legally enforceable. Therefore, violating them by sharing best practices and private information with another company would constitute a crime. There will also be ethical considerations as sharing that information would be against the ACM Code of Ethics and Professional Conduct for points 1.5 and 1.7. Point 1.5 states that “computing professionals should credit the creators of ideas, inventions, work, and artifacts, and respect copyrights, patents, trade secrets, license agreements, and other methods of protecting authors’ works” (ACM Code of Ethics and Professional Conduct 2018). At the same time, point 1.7 Honor confidentiality states that “Computing professionals should protect confidentiality except in cases where it is evidence of the violation of law, of organizational regulations, or of the Code” ( ACM Code of Ethics and Professional Conduct 2018). Each point provides a great overview regarding the ethical implications when it is about respecting copyrights and confidentiality.

Given the scenario, I would immediately let the company’s leadership know that sharing the best practices and tools I used in the previous company is unethical and could also escalate to legal problems both for the company and for me. For example, it might be against copyright laws and the contract rules I signed with the previous company. I would share that information only if I’m sure they are public domain or allowed from the prior company regulations.

References

ACM Code of Ethics and Professional Conduct. Association for Computing Machinery. (2018, June 22). https://www.acm.org/code-of-ethics. 

Don't hesitate - Save time and Excel

Are you overwhelmed by an intense schedule and facing difficulties completing this assignment? We at GrandHomework know how to assist students in the most effective and cheap way possible. To be sure of this, place an order and enjoy the best grades that you deserve!

Post Homework
Top