Social, Professional and Ethical Issues in Information Systems - Essay Example

INFORMATION SECURITY: ETHICAL, SOCIAL AND LEGAL ISSUES al Affiliation INFORMATION SECURITY: ETHICAL, SOCIAL AND LEGAL ISSUES Introduction In the profession and practice if information technology, there is usually the need to understand the scope of an organization’s legal, social and ethical responsibilities in relation to the security of information .This is because of the important role that information security professionals play in the organizations that they work for or the entities that they work in. In the modern practice the information security professionals are not only involved with the privacy of the information but also ensure that the security of the information in question is guaranteed. Numerous laws are normally enforced in various civil courts in various regions in the world. Most of these cases are normally brought against the organizations by the clients. At times the damages that are awarded against these organizations in the civil courts are very punitive. This is the reason why it is important for the security of information to be maintained by the involved professionals. Ensuring the security of information in an organization involves ensuring that the information is protected from electronic as well as physical threats. In the process however it is very important for the practitioners to ensure that they help reduce the losses that result from the legal actions (Duquenoy, Jones and Blundell, 2008). This requires the understanding of the legal environments as well as the social responsibilities. In addition it is very important to understand the emerging social and ethical issues that are related to information security. This paper explores the various issues that are related to the security of information in organizations. This entails looking at the various legal, social as well as the ethical issues which affect information security and the various avenues through which the IT practitioners can handle these issues to help in ensuring information security. Legal Issues in Information Security This section explores the various legal related issues that are encountered in information security practice. In various organizations, the security of information is normally ensured through the establishment of the necessary enforceable polices. Such policies are guidelines which are basically intended to describe and lay out the acceptable and the unacceptable employee behavior when it comes to information and the security of information in that particular organization (Yeh and Doyle, 2005). These policies are the ones that functions as laws in that particular organization. Laws are rules that are intended to be followed in order to ensure that the information security in these organizations is ensured. Those people who do not follow these laws are bound to compromise the security of information and in most cases they find themselves in legal problems with the organizations or the clients. Organizational laws that are intended to ensure information security are normally complete with their own judicial practice, the associated penalties and the suctions that are meant to ensure compliance. Since these policies function as laws, they are normally implemented the same way the laws of the state regarding information security are implemented (Bott, 2005). In addition, they have associated legal implication if they are not complied with. To ensure that polices that are meant to ensure information security to be enforceable, five criteria must be followed. These include dissemination, review, comprehension, compliance and uniform enforcement. When these five criteria are followed and fulfilled, the involved organizations can go ahead to penalize and suction those employees who do not fully comply with the policies to ensure that security of information is ensured. This can be done without the organization fearing any kind of legal retribution in any state or country that they are operating in as long as the policies are in line with the laws of the sate or nation. According to Baase (2009), there exist several vital laws in the filed of information security. In the USA for example, the Computer Fraud and Abuse Act of 1986 remains the foundation and the cornerstone of the other laws related to information security. This law was amended in the year 1996 resulting in the modification of several aspects of the law. The laws stipulate the penalties that are associated with the breach of the laws and the information protection policies. In the field and practice of IT, it is very vital for the professionals to understand the various laws that are intended to help in ensuring that security of information is guaranteed. This may involve the understanding the federal as well as the state laws in countries that have two government systems. Due to the difference in the laws of the various states, it may be very hard for the professionals to be able to grasp and understand all the laws. However, most of the laws are normally in line with the federal laws. When the rules and laws of land that are related to the security of information are breached, the penalty that is given is determined by various factors. In most countries, it is usually based on the purpose of the practical business or commercial advantage, the financial gain of those involved and furthering of the criminal act. For the IT practitioners, it is important to ensure compliance with these laws in order to avoid any legal implications that may be associated with security of information (Yeh and Doyle, 2005). This is even in the cases when the policies of the organization on information security are conflicting with the federal or state laws. In such cases, it is important to ensure that the state or the federal laws prevail over the organization policies due to the fact that it is the federal or state laws which are normally used in the courts when it comes to cases that are related to information security. When it comes to information security, it is imperative that the practitioners understand that the involved parties have a right to information. Other legal issues that are commonly encountered by the practitioners when it comes to ensuring the security of information include property rights and accountability. In the process of ensuring that the security of information is ensured, every IT professional and any other information security profession is important to remember that other people involved and those who use the information may have the right to their properties, access to information and also the obligation to accountability (Whitman, Townsend and Hendrickson, 2009). Quality of life as well as the quality of the system being used is also some of the other legal concerns and issues that are handled and experienced in the course of ensuring information security. When handling these issues, the organizational policies, the federal laws and the state laws on information security should be used in order to ensure that there are no legal implications that result that may bring problems to the said organization that these professionals are working for. Ethical and Social Issues in Information Security This section explores the various social as well as ethical issues that are encountered in the practice of information security by the It professionals. In many countries, most of the professions and professional groups have very explicit rules that govern the practice of that particular profession and how the involved professionals should behave in their places of work. Ethics is basically related to what the society considers good or bad. This is based on the social needs and values of that particular society. The implication of this is that there are different ethical values in various regions and in various places of work. Among the doctor for example, those people who violate the canons of the medical profession are normally barred from practicing. This may occur through the withdrawal of practicing license. Unlike the medicine profession, the field of IT and information security does not have binding codes of ethics. Instead various associations such as the Association of Computing Machinery as well as the Information System Security Association strive to come up with ethical codes of conduct. However, they cannot banish the violator of the codes from practicing. Culture difference in various regions and areas has resulted in difference in what is considered ethical and what is unethical when it comes to information security. According to Duquenoy, Jones and Blundell (2008) various nationalities and societies have different perspectives when it comes to information. Due to this, it is common to find that a security practices or they way people use particular information in a region is ethical but becomes unethical when one considers another country or society. Cultural difference results in ethical conflicts when it comes to information security. This has been witnessed in the protection of intellectual property rights. A good example is in the United States of America where protection of intellectual property rights is a major concern. In some countries however, the issue of intellectual property rights is relaxed and this allows other to copy information that belongs to another party (Whitman, Townsend and Hendrickson, 2009). The illicit use of information the misuse of company information is among the ethical concerns that are normally experienced in the practice of information security. Due to culture deference, there are different degrees of tolerance for these issues. For example, people from Singapore and Hong Kong seem to be more tolerant to the illicit use of information than the Americans. This therefore means that the more tolerant people may consider illicit use not to be a matter that can be considered unethical. Despite the difference in ethical codes and practices in security of information, deterrence has been used to reduce unethical practices and activities in order to ensure that information security is ensured. References List Baase, S. 2009, A Gift of Fire: Social, Legal, and Ethical Issues for Computing and the Internet, 3rd edition, Pearson, New York. Bott, F. 2005, Professional Issues in Information Technology. British Computer Society, London. Duquenoy, P. Jones, S. and Blundell, B. 2008, Ethical, Legal and Professional Issues in Computing, Thompson, London. Johnson, D. 2009, Computer Ethics. Prentice Hall, London. Whitman, M., Townsend, A., and Hendrickson, A.2009, “Cross-national differences in computer-use ethics: a nine country study”, The Journal of International Business Studies, vol. 30, no. 4, pp. 673–687. Yeh, B., and Doyle, C.2005, “USA PATRIOT Improvement and Reauthorization Act of 2005: A Legal Analysis” CRS Report for Congress. [Online]Available at: . [Accessed 18 November 2014] Read More