Security StrategiesThis newsletter is sponsored by Fluke NetworksNetwork World's Security Strategies Newsletter, 08/30/07Ethical decision-making: Identifying the ethical issueBy Mark GibbsIn my last column, I began discussing the July 30 column by Vauhini Vara of the _Wall Street Journal_ entitled, “Ten Things Your IT Department Won’t Tell You.” The author provides detailed information on how to violate acceptable-use policies for corporate computer systems. In this column and two more to follow, I want to apply the ethical decision-making methodology I have been teaching students for many years (see for example “Making Ethical Decisions” and “Ethics, Spyware & Steganography.” This particular approach was brilliantly described by Professors Kallman and Grillo in their 1996 text, _Ethical Decision Making and Information Technology: An Introduction with Cases_, Second Edition. [McGraw-Hill (ISBN 0-070-34090-0)] The essential points of the method are as follows: 1. Identify the ethical problem in operational terms.
Today I’ll start with the first step above and examine Vara’s suggestion that workers conceal their use of corporate systems to visit “certain sites - ranging from the really nefarious (porn) to probably bad (gambling) to mostly innocuous (Web-based e-mail services).” Let’s assume for the sake of this discussion that an employee, Bob, has signed an appropriate-use agreement with his employer and that he’s not supposed to use his company computer for non-work-related Web surfing. Charles Cresson Wood offers a sample policy for this purpose (see “Chapter 11 - Sample Internet Security Policy For Users” in _Information Security Policies Made Easy_, 10th Edition). I have modified the policy for use in this discussion as follows: "Personal Use - Workers who have been granted Internet access who wish to explore the Internet for personal purposes must do so on personal rather than company time. Games, news groups, and other non-business activities must not be performed on company computers… Workers must not employ the Internet or other internal information systems in such a way that the productivity of other workers is eroded. Examples of this include chain letters and broadcast charitable solicitations. Company X computing resources must not be resold to other parties or used for any personal business purposes such as running a consulting business on off-hours." In identifying the ethical question, Bob should ask himself: * “What are the actions in question?” The actions are surfing to forbidden sites using company equipment and then concealing his actions. * “Who gains from the proposed actions?” Bob gains in the short term by avoiding work and having fun while being paid for nothing. * “Who suffers?” The stakeholders in the company lose by paying for nothing; coworkers pay by doing extra work to compensate for Bob the slacker. * “Are those who lose out willing participants?” Generally, no: few employees would willingly sacrifice their time to cover for Bob; and corporate management certainly don’t want their employees flouting their policies in secret and then lying about the violations. As for Vauhini Vara, I think her decision (and that of her editors) should have been framed as “Should I publish this article telling people how to evade personal responsibility for violating corporate appropriate-use policies?” The people gaining are the lazy, irresponsible and dishonest workers who choose to cheat their employers by breaching their employment contracts; the people losing are the same ones Bob is cheating in our example above, and the same considerations apply to the question of willing participation in the behavior being condoned and encouraged in Vara’s article. More next time.
|
Contact the author: Mark Gibbs is a consultant, author, journalist, and columnist and now blogger: Check out Gibbsblog. Gibbs not only pens (well, keyboards) this newsletter he also writes the weekly Backspin and Gearhead columns in Network World. We’ll spare you the rest of the bio but if you want to know more, go here This newsletter is sponsored by Fluke NetworksARCHIVEArchive of the Security Strategies Newsletter. BONUS FEATUREIT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE International subscribers, click here. SUBSCRIPTION SERVICESTo subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007 |
No comments:
Post a Comment