Ethical Issues in Information Systems Security Management - Essay Example

Ethical issues in information systems security management Introduction There are many ethical issues surrounding information security management, and this has been a major concern for most organizations. Ethics, by definition, refers to the general rationale used to identify what is morally right or wrong (Al-Omari, Deokar, El-Gayar, Walters, & Aleassa, 2013). Just to mention, some of the issues facing information security include computer hacking, cyber crimes, and information theft. The internet world provides the opportunity for some individuals to gain access, without the consent, to personal information which they might use for the wrong reasons and in most cases they seek financial gains. To curb the information security issues, various legislations have enacted to protect individuals and organizations. Therefore, the advent of technology led to the establishment of computer crime laws, intellectual property and privacy laws (Kshetri, 2013). The law enforcers are responsible for planning and setting security standards to protect against prevalence of data theft. However, enactment and compliance of these laws also face ethical challenge given the issues with confidentiality of user information and also the fundamental right the constitution gives to privacy and personal space. Professional Ethics also applies when it comes to enactment and implementation of information security laws (Al-Omari, Deokar, El-Gayar, Walters, & Aleassa, 2013). The implication is that security professionals should have knowledge of the relevant legislation since they have the responsibility to respect the regulations governing the use of information systems. Therefore, the professionals must uphold the codes of ethics where they must adhere to the standards of behaviors set forth by the codes of conduct. In this case, the professionals should have knowledge of ethical principles of honesty, responsibility, justice and protecting the interest of the society (Bélanger, & Crossler, 2011). The basic principles of ethics are crucial for the information security professionals since they come into play when implementing the laws and regulations pertaining to management of information. Disclosure of information One of the ethical concerns with management of information security is the disclosure of information especially the cases where individuals disclose crucial information they have about the previous company they are working (Al-Omari, Deokar, El-Gayar, Walters, & Aleassa, 2013). In such scenarios, enforcing information security law pertaining to the use of trade secrets is an ethical issue that requires proper handling. For instance, an employer may leave a company but carry with him or herself some of the trade secrets that were being used in the previous organization. In this case, it becomes difficult holding the individual for information security breach since it was a prior knowledge or information he or she was using to execute job tasks thus the knowledge becomes a skill acquired. When handling the situation, the law enforcers will experience difficulty in establishing the legal obligation to hold the individual accountable for stealing information. Conversely , it is questionable if individuals can use previously held trade secret in a new company and also if it is ethically right to carry print out of the information to help in with the new job tasks. Thus, holding individuals for stealing trade secrets or information has become an ethical dilemma that the law enforcers are yet to solve (Al-Omari, Deokar, El-Gayar, Walters, & Aleassa, 2013). Privacy Privacy is a significant ethical issue that inhibits the implementation of the information security laws (Kshetri, 2013). Many organizations have with them loads of customer information thus there is the need for governments to enact laws for safeguarding the confidentiality of the information. Ethical issues arise from the manner in which organizations use customer information since some have gone to the extent of using customer information for their gains especially in marketing and advertisement (Al-Omari, Deokar, El-Gayar, Walters, & Aleassa, 2013). However, it is has always been a challenge for the law enforcers to investigate possible information security breaches of privacy concerns. The customers must provide informed consent for the law enforcers to investigate them in case of any concern, and they also have the fundamental right to privacy as provided by the constitution. Therefore, law enforcement will face the deadlock of administering justice while at the same respecting privacy of individuals because it is their constitutional right (Bélanger, & Crossler, 2011). Confidentiality of personal details In some cases, individuals hire lawyers and other law firms to help them protect and safeguard their personal information in the computer systems. While doing so, ethical issues may arise where the client’s information may not be held with the required level of confidentiality (Al-Omari, Deokar, El-Gayar, Walters, & Aleassa, 2013). However, the law enforcers have the ethical obligation of not disclosing the client’s client’s private details, and failure to which the individual may exposed to information security breach (Kshetri, 2013). The implication is that even the law enforcers themselves sometimes end up disclosing client information especially where there is a court order compelling them to reveal the information. On the other hand, the customer is entitled to personal space and privacy thus the law must consult him or her before going through the personal data. In this case, the law sometimes compels organizations and other agencies holding client information to disclose them especially when they are suspected of committing crimes despite the ethical obligation of keeping the information confidential (Al-Omari, Deokar, El-Gayar, Walters, & Aleassa, 2013). The issue of confidentiality also bars the law enforcers from investigating individuals they suspect to be engaging in cybercrime. Ethical concerns during forensic investigations Ethical issues also influence the level of forensic investigation of the computer crime scenes (Al-Omari, Deokar, El-Gayar, Walters, & Aleassa, 2013). In most cases, companies hire specialized consultants to investigate the information security issues though the personnel rarely understand the ethical concerns that might prevent them from fully investigating the crime scenes. The implication is that most laws pertaining to information security do not rely on particular policies to detail how the professionals can unearth the evidence lest they risk tainting the evidence. On the other hand, principles of ethics dictate that a course of action should be a show of trustworthy and honesty thus failure to do so opens the door for questioning the ethics of using the particular techniques for unearthing evidence (Bélanger, & Crossler, 2011). If the investigation uses methods that might not be acceptable by the accused, then the victims can argue against the findings by citing the ethics behind the process of digging information. Therefore, ethical issues also bar law enforcers from implementing security laws since some of their methods might be deemed to passing the boundary of personal freedom. Besides, the investigation methods may taint the evidence thus bringing the question of honesty and trustworthiness as some of the ethical principles. Ethical duties and responsibilities are different professional duties since the former entails the moral codes that govern individual behaviors while the latter refers to the rules that govern a particular profession (Al-Omari, Deokar, El-Gayar, Walters, & Aleassa, 2013). Whistle blowing of security breaches, therefore, depends on the extent to which the interrogated are loyal to the accused especially in organizational contexts where loyalty to the leadership may prevent employees from revealing the particular information. On the other hand, the law enforcement process may face a challenge from conflicting interests especially when investigation of information security breach involves people with vested interests in the organization for financial gains or any other benefits. According to principles of ethics, a course of action should depict high levels of honesty and truthfulness though this is not the case with the management of information security systems (Al-Omari Deokar, El-Gayar, Walters, & Aleassa, 2013). However, enforcement of information security laws faces the challenge of upholding this ethical responsibility as most investigations reveal that security breaches involve individuals failing to reveal information because it is their duty to protect their organization. In summary, information security systems are vulnerable to potential attacks from individuals driven by the urge to steal information for personal gain. Though governments have responded by enacting laws to protect individuals from risks, ethical issues in handling personal data offer a significant challenge to enforcement and implementation of the laws. Privacy is the main ethical concern that law officers must take into considerations when conducting investigations because the Constitution provides for individual privacy and personal space. The law enforcers also face ethical dilemmas on issues concerning confidentiality, the balance between moral responsibility and professional duty because they are major hindrances to law compliance and enforcement. References Al-Omari, A., Deokar, A., El-Gayar, O., Walters, J., & Aleassa, H. (2013, January). Information Security Policy Compliance: An Empirical Study of Ethical Ideology. In System Sciences (HICSS), 2013 46th Hawaii International Conference on (pp. 3018-3027). IEEE. Bélanger, F., & Crossler, R. E. (2011). Privacy in the digital age: a review of information privacy research in information systems. MIS Quarterly, 35(4), 1017-1042. Kshetri, N. (2013). Privacy and security issues in cloud computing: The role of institutions and institutional evolution. Telecommunications Policy, 37(4), 372-386. . Read More