Engineering Professional Practice

Professional Practices in the IT and Software Industries

Matthew Dailey
Computer Science and Information Management
Asian Institute of Technology
Matthew Dailey (CSIM-AIT) IT PP 1 / 30
Outline
1
Introduction
2
Ethics
3
Legal compliance
4
Standardization
5
Certication
Matthew Dailey (CSIM-AIT) IT PP 2 / 30
Introduction
Goals
Today we discuss professional practices in the IT and software industries.
Why should I care (even if Im not an IT guy/gal)?
Matthew Dailey (CSIM-AIT) IT PP 3 / 30
Outline
1
Introduction
2
Ethics
3
Legal compliance
4
Standardization
5
Certication
Matthew Dailey (CSIM-AIT) IT PP 4 / 30
Ethics
Codes of conduct
Your own conduct on the job will depend
Your personal code
Workplace codes (prescribed or otherwise)
Societal/cultural codes
Example: being instructed by the boss to lie to a customer.
Do you do it, shirk, or go to the bosss boss?
How does the organizational context inuence you?
Matthew Dailey (CSIM-AIT) IT PP 5 / 30
Ethics
Impact of technology
It is relatively easy to gague the short term economic benets of a piece of
technology.
But we must understand the eects of our technology on society, the
environment, social justice.
Says Freeman Dyson: Technology guided by ethics has the power to help
the billions of poor people all over the earth. My purpose is to help push
technology in a new direction, away from toys for the rich and towards
necessities for the poor.
Discuss Los Alamos.
Discuss intelligent video surveillance.
Matthew Dailey (CSIM-AIT) IT PP 6 / 30
Ethics
Software freedom
Exercise: read through the GNU Manifesto by Richard Stallman at
https://www.gnu.org/gnu/manifesto.html.
Copying all or parts of a program is as natural to a programmer as
breathing, and as productive. It ought to be as free.
Free as in freedom and free as in no money.
Whats is Stallmans ethical proposition?
Give 5 reasons computer systems software should be free.
Give 5 reasons computer systems software would benet from proprietary
status.
Matthew Dailey (CSIM-AIT) IT PP 7 / 30
Outline
1
Introduction
2
Ethics
3
Legal compliance
4
Standardization
5
Certication
Matthew Dailey (CSIM-AIT) IT PP 8 / 30
Legal compliance
Background
Legal compliance is a big issue in any industry.
Who is responsible when a computer systems failure leads to loss of life?
Better be aware of your local and national laws!
Besides these common issues, in IT and software, the biggest area of
concerns are privacy, reporting, and responsibility for users behavior.
Matthew Dailey (CSIM-AIT) IT PP 9 / 30
Legal compliance
Example
Lets take a close look at Chapter 1 (Computer Related Oenses) of the
Thailand Computer Crime Act, unocial translation found at
http://http:
//www.samuiforsale.com/law-texts/computer-crime-act.html.
Section 5. Any person illegally accessing a computer system for which a
specic access prevention measure that is not intended for their own use is
available shall be subject to imprisonment for no longer than six months or
a ne of not more than ten thousand baht or both.
Section 6. If any person knowing of a measure to prevent access to a
computer system specically created by a third party illegally discloses that
measure in a manner that is likely to cause damage to the third party, then
they shall be subject to imprisonment for no longer than one year or a ne
of not more than twenty thousand baht or both.
Matthew Dailey (CSIM-AIT) IT PP 10 / 30
Legal compliance
Example
Section 7. If any person illegally accesses computer data, for which there
is a specic access prevention measure not intended for their own use
available, then he or she shall be subject to imprisonment for no longer
than two years or a ne of not more than forty thousand baht or both.
Section 8. Any person who illegally commits any act by electronic means
to eavesdrop a third partys computer data in process of being sent in a
computer system and not intended for the public interest or general
peoples use shall be subject to imprisonment for no longer than three
years or a ne of not more than sixty thousand baht or both.
Section 9. Any person who illegally damages, destroys, corrects, changes
or amends a third partys computer data, either in whole or in part, shall
be subject to imprisonment for no longer than ve years or a ne of not
more than one hundred thousand baht or both.
Matthew Dailey (CSIM-AIT) IT PP 11 / 30
Legal compliance
Example
Section 10. Any person who illegally commits any act that causes the
working of a third partys computer system to be suspended, delayed,
hindered or disrupted to the extent that the computer system fails to
operate normally shall be subject to imprisonment for no longer than ve
years or a ne of not more than one hundred thousand baht or both.
Section 11. Any person sending computer data or electronic mail to
another person and covering up the source of such aforementioned data in
a manner that disturbs the other persons normal operation of their
computer system shall be subject to a ne of not more than one hundred
thousand baht.
Matthew Dailey (CSIM-AIT) IT PP 12 / 30
Legal compliance
Example
Section 12. The perpetration of an oence under Section 9 or Section 10
that:
1
causes damage, whether it be immediate or subsequent and whether
it be synchronous to the public shall be subject to imprisonment for
no longer than ten years or a ne of not more than two hundred
thousand baht.
2
is an act that is likely to damage computer data or a computer
system related to the countrys security, public security and economic
security or public services or is an act against computer data or a
computer system available for public use shall be subject to
imprisonment from three years up to fteen years and a ne of sixty
thousand baht up to three hundred thousand baht.
The commission of an oence under (2) that causes death to another
person shall be subject to imprisonment from ten years up to twenty years.
Matthew Dailey (CSIM-AIT) IT PP 13 / 30
Legal compliance
Example
Section 13. Any person who sells or disseminates sets of instructions
developed as a tool used in committing an oence under Section 5,
Section 6, Section 7, Section 8, Section 9, Section 10 and Section 11 shall
be subject to imprisonment for not more than one year or a ne of not
more than twenty thousand baht, or both.
Matthew Dailey (CSIM-AIT) IT PP 14 / 30
Legal compliance
Example
Section 14. If any person commits any oence of the following acts shall
be subject to imprisonment for not more than ve years or a ne of not
more than one hundred thousand baht or both:
1
that involves import to a computer system of forged computer data,
either in whole or in part, or false computer data, in a manner that is
likely to cause damage to that third party or the public;
2
that involves import to a computer system of false computer data in a
manner that is likely to damage the countrys security or cause a
public panic;
3
that involves import to a computer system of any computer data
related with an oence against the Kingdoms security under the
Criminal Code;
4
that involves import to a computer system of any computer data of a
pornographic nature that is publicly accessible;
5
that involves the dissemination or forwarding of computer data
already known to be computer data under (1) (2) (3) or (4).
Matthew Dailey (CSIM-AIT) IT PP 15 / 30
Legal compliance
Example
Section 15. Any service provider intentionally supporting or consenting to
an oence under Section 14 within a computer system under their control
shall be subject to the same penalty as that imposed upon a person
committing an oence under Section 14.
Matthew Dailey (CSIM-AIT) IT PP 16 / 30
Legal compliance
Example
Section 16. Any person, who imports to a computer system that is
publicly accessible, computer data where a third partys picture appears
either created, edited, added or adapted by electronic means or otherwise
in a manner that is likely to impair that third partys reputation or cause
that third party to be isolated, disgusted or embarrassed, shall be subject
to imprisonment for not longer than three years or a ne of not more than
sixty thousand baht, or both.If the commission under paragraph one is a
trustworthy action the perpetrator is not guilty.
An oence under paragraph one shall be a compoundable oence.
If a party injured by an oence under paragraph one has died before ling
a complaint, then their parents, spouse or children may le a complaint
and shall be deemed to be the injured party.
Matthew Dailey (CSIM-AIT) IT PP 17 / 30
Legal compliance
Example
Section 17. Any person committing an oence against this Act outside the
Kingdom and;
1
the oender is Thai and the government of the country where the
oence has occurred or the injured party is required to be punished or;
2
the oender is a non-citizen and the Thai government or Thai person
who is an injured party or the injured party is required to be
punished;shall be penalized within the Kingdom.
Matthew Dailey (CSIM-AIT) IT PP 18 / 30
Legal compliance
Exercise
Lets try an exercise.
Suppose you are tasked with designing a new online discussion board
service for people in Thailand interested in IT security.
Go through the Computer Crime Act and make a list of issues that need to
be considered in the design of the system.
Matthew Dailey (CSIM-AIT) IT PP 19 / 30
Legal compliance
Conclusion
Be aware of such laws that apply in the locations you do business in, and
take steps to comply and protect your organization.
Matthew Dailey (CSIM-AIT) IT PP 20 / 30
Outline
1
Introduction
2
Ethics
3
Legal compliance
4
Standardization
5
Certication
Matthew Dailey (CSIM-AIT) IT PP 21 / 30
Standardization
Introduction
Standards prescribe norms or levels of quality.
Every industry has a wide array of standards.
Compliance and certication of compliance can be resource intensive.
So why do it? Why not just do things as we see t?
Matthew Dailey (CSIM-AIT) IT PP 22 / 30
Standardization
IT and software industry standards
The important standards in IT and the software industry revolve around
quality assurance in IT management and software engineering.
Example: the IT Infrastructure Library (ITIL) is a set of practices for IT
service management.
If your IT department is not ITIL compliant you might ask why not.
If you, as a member of IT engineering are not familiar with ITIL, you
arent doing your job.
By following an IT standard such as ITIL, you will be better able to
prevent security incidents, data loss incidents, decrease downtime due to
unmanaged conguration information, etc.
Matthew Dailey (CSIM-AIT) IT PP 23 / 30
Standardization
IT and software industry standards
Software engineering is full of standards.
The IEEE maintains a giant library of software engineering standards.
The Carnegie Mellon University Software Engineering Institute (SEI)
developed the Capability Maturity Model Integration (CMMI):
Evaluates organizations abilities in terms of product and service
development, implementation and management, and acquisition into
levels.
Required by many department of defense contractors.
Required of oshore development teams by many U.S. clients.
Enormous impact on the software industry.
Matthew Dailey (CSIM-AIT) IT PP 24 / 30
Standardization
Conclusion
Whatever your industry focus, you need to identify the standards that your
customers want to see and the standards that will help solidify the
maturity of your organization.
Matthew Dailey (CSIM-AIT) IT PP 25 / 30
Outline
1
Introduction
2
Ethics
3
Legal compliance
4
Standardization
5
Certication
Matthew Dailey (CSIM-AIT) IT PP 26 / 30
Certication
Introduction
Some standards come with certication programs.
At worst, certication is just a money making scheme, and potential
employers and clientss will laugh at your bogus certications.
At best, certication gives potential employers and customers condence
in your capabilities.
Matthew Dailey (CSIM-AIT) IT PP 27 / 30
Certication
Examples
Example: the Personal Software Process is an application of CMMI to the
practices of an individual software developer.
The focus is on being able to estimate eort accurately, manage quality,
and eliminate defects at a personal level.
SEI oers certication in PSP.
Matthew Dailey (CSIM-AIT) IT PP 28 / 30
Certication
Examples
Another example: Oracle certication examinations in Java technologies.
Certication may not necessarily mean you are highly productive!
However, it does give condence that you know the platform well,
assuming you studied the language rather than how to pass the test.
Most engineers who take such exams report a positive experience.
Matthew Dailey (CSIM-AIT) IT PP 29 / 30
Certication
Summary
Overall, get a certication if
required by your employer or customer.
you are intersted in the technology/process and want to push yourself
to learn it well.
But be careful not to overemphasize the importance of certications.
In the end, a reference from a respected colleague or people who can
attest to your abilities are much more eective than a list of professional
certications.
Matthew Dailey (CSIM-AIT) IT PP 30 / 30