The Contemporary Legal Landscape in the IT Industry - Essay Example

The contemporary Legal landscape in the IT industry al Affiliation) Most important parts of the law that an IT professional needs to know about In international legislation, there are several jurisdictions relating to outsourcing and market contracts. They need to know laws of contract. These are legislations governing the contractual agreements within the profession of IT. They should know professional codes of conduct. These are laws that stipulate the manner in which professional carries themselves. They should know patenting laws. These are laws that bind use of software. They should know ethical laws. These are legislations spelling out ethical values a professional should observe. Information technology officer should know third party laws. These are laws that govern third party policies and contracts. They should know the Sale of Goods Act, Supply of Goods and Services Act.These laws guides on transfer of assets, staff and commercialization of IT products. practise this profession with violating the law(Aura, 2012) Professional requirements for knowledge of the Law The responsibilities of a professional with respect to the law – using the BCS code of practice as a guide. What a professional should do, what mustn’t they do how can they ensure they act professionally in meeting their responsibilities with respect to the law. Professionals are required to practice their fields of profession in compliance with the legislations governing the practice. According to Breaches of the Code of Conduct, a professional is required to only undertake a responsibility within his/her professional competence. Professionals are expected to conduct professional activities without any form discrimination. They are required to promote equity in access of IT benefits on any ground. (Slade, 2006). However, professionals:- Professionals are also expected to act with respect and integrity in their professional co-existence with any members of BCS or any other profession. They are further required to support and encourage their fellow members in development based professional endeavours . Are not expected to injure others, reputation or their property by propagating falsehood. They are not expected to make any kind of bribery offer in any circumstance. They are not expected to make unethical inducement while offering services. Contemporary challenges for legislators How recent developments in IT creating challenges that the law needs to respond to if possible give some specific real-world examples taken from the guest speakers or your reading. However, the emerging trends and issues in the field of information technology present a lot of challenges to the legislators as some are not covered by existing laws Technologies change from every time thus legislators must be up to date . Emergence of new technological paradigms has resulted in development of personal applications that may be difficult to thus hard to classify under the law. For example, use of home made applications mobile applications is not clearly defined thus it’s a challenge. A lot of information can be concealed by experts thus denying legislators access to them. The contemporary ethical environment in the IT industry The main normative approaches to ethics – compare and contrast the main approaches that we have looked at virtue, consequentialist and deontological Virtue ethics is a behavioural code of conduct that majorly focuses on character of an individual Consequential is the code of conduct that focuses on the result of an action where end justifies the means. Here the character of an individual is determined by the consequences of their actions. On the other hand, deontological ethics mostly base its assertions on the character of behaviour of an individual. In comparison they both address the logical aspect of the actions of man. Professional requirements for ethical behaviour What a professional must do to ensure they are acting ethically. Use the BCS code of conduct as a guide. Does this suggest a virtue, consequentialist, deontological or mixed approach? Professionals must not contravene laws. The consequences of this may be disastrous. This is consequential ethics. Professionals must observe ethical issues in their endeavours. This will ensure they don’t act unethically. This is virtue ethics . According to the BCS code of conduct, a professional should be conversant with the ethical issues and the legislations governing their profession. They must observe ethical the codes of conduct to be able to remain morally right. This is deontological ethics. Contemporary ethical dilemmas – how are recent developments in IT creating challenges for ethical behaviour? Can IT be used to make people and or organisation behaviour more ethical? If possible give some specific real-world examples taken from the guest speakers or your reading. The growth of IT has posed serious challenges to the ethical values in the society. The development in IT has brought about several lee ways for breaching ethical codes of conduct. Through development of software with unethical contents. For instance, the development of YouTube made it easy to access pornographic videos. YouTube does not as for age or require any authorization before you are allowed to watch a video(Gattiker, 2004). This makes it easy for even people below adulthood to view the contents that are not in compliance with ethical issues. Creation of hacking software can lead to breach of ethical codes of conduct since one can be able to access another’s information without permission. However, IT can also be used to enhance ethics in our society. This is possible through creation of software that requires authentication and authorisation before someone is allowed to access an application. These applications can be embedded in both commercial and open source applications so that whenever someone uses, the ethical codes are taken into account. Ensuring systemic systems security in the contemporary IT environment The technical, operational and social aspects of IT security – explain the technical aspects of security, the operational aspects of security and the social aspects of security. Technical aspects of security entail the security management. These are the parties that stand for the daily operation of IT security. They include information technology the security handlers like security managers, system administrators and system support staff (Osborne, 2006). The operational aspects of security include the functionality of the security systems. These are issues pertaining to the purposes of security system. This includes what the security system should do, when it should do it and how it should do it. On the other hand, social aspects of security entail the behavioural nature of the security system users. This includes the ethical issues involved in the organization, how staff use exploit the security loopholes and how the observe ethical issues concerning security systems. Managing the development process with security in mind – how should security issues be addressed in the development process in order to ensure that technical, operational and social aspects of security are all addressed? Addressing security issues in software development is a very fundamental issue that must be treated with seriousness. Security issues should be handled with confidentiality. This is because they always carry secrets that are deemed private and confidential. Safety precautions should be observed while handling security issues. This is because careless handling may harm the system or the individual performing the action. Consultative approach should be taken when setting up security benchmark that is required to address the security issues. All parties should be involved and their interests well debated upon for a lasting security reasons to be found. This will help reaching the standard design principle that will govern the development process. Contemporary security challenges – how are recent development in IT creating new security challenges? If possible give some specific real-world examples taken from the guest speakers or your reading. The recent technological advancement has made it easy to develop system that bypass security checkpoint of a software. Things like phishing make it easy to bypass authentication and have direct access to secure information. This therefore compromises the security of the system as it leaves confidential information exposed and accessible to unauthorised persons. There are also emerging software that hack password encrypted applications and leave them open to access by unauthorised individuals. This there creates major security challenges that must be addressed. For example; Hack Me is a mobile application that is able to bypass WiFi security. This makes it easy to access confidential information. Measuring and management contemporary IT related risk What is risk and how can it be measured – discuss the different aspects of risk that need to be considered. You should organise risks thematically e.g. by types of activity, projects, operations etc. Risks are the threats that hamper the smooth functionality of a security system. These may include virus attacks, hacking e.t.c. There are different kinds of risks involved in security systems. Information security risks are categorised into two. Attacks involve intrusion of the security system by malicious programs like Trojan horse. Security threats are human activities that expose security systems to vulnerabilities (Zelkowiz, 2004). These include hacking and phishing. How should risk be managed – what is the professional’s responsibility for managing risk and what is recommended good practice? The professional has the responsibility of ensuring the security systems are safe from any kind of risk. Risks may include viral attacks, malwares and spamming of information system. They should ensure that only authorised persons have access to security systems. This is because they are entrusted by the responsibility of making sure the systems are operational free of threats and attacks. They should put in measures to prevent attacks and threats by put right security structures in the system. Contemporary risk challenges to measuring and managing risk – how are recent developments in IT creating new risk management challenges? If possible give some specific real-world examples taken from the guest speakers or your reading. Managing risks is an uphill but achievable task in information technology. However, the current information technology posses a greater challenge to managing risks as they model some security bypassing software that make it difficult to manage the risks. It is difficult to know the location of a threat. For instance, someone in US can easily hack a system in Iraq. This may make it difficult to handle a security system as that operating on a server can be accessed by anybody and anywhere. Work Cited Aura, T. 2012. Information security technology for applications 15th Nordic Conference on Secure IT Systems, NordSec 2010, Espoo, Finland, October 27-29 2010 : revised selected papers. Heidelberg: Springer. Gattiker, U. E. 2004. The information security dictionary defining the terms that define security for E-business, Internet, information, and wireless technology. Boston: Kluwer Academic Publishers. Grance, T. 2003. Guide to information technology security services. Gaithersburg, MD: National Institute of Standards and Technology, Technology Administration, U.S. Dept. of Commerce. Guide to NIST information security documents. 2009. Gaithersburg, Md.: U.S. Dept. of Commerce, Technology Administration, National Institute of Standards and Technology. Information technology security. 2010. Gaithersburg, Md.?: NIST. Information technology security planning. 2011. Washington, DC: National Aeronautics and Space Administration, Office of Inspector General. Marcinko, D. E., & Hetico, H. R. 2007. Dictionary of health information technology and security. New York: Springer Pub.. Osborne, M., & Summitt, P. M. 2006. How to cheat at managing information security. Rockland, MA: Syngress. Slade, R. 2006. Dictionary of information security. Rockland, MA: Syngress. Zelkowitz, M. V. (2004. Information security. Amsterdam: Elsevier Academic Press. Read More