0 оценок0% нашли этот документ полезным (0 голосов)
21 просмотров30 страниц
The document discusses professional practices in the IT and software industries, focusing on ethics, legal compliance, standardization, and certification. It provides an overview of each topic and gives examples. For legal compliance, it examines sections from Thailand's Computer Crime Act, outlining various offenses and corresponding penalties relating to illegally accessing or damaging computer systems and data. The document aims to explain why these professional practices are important for those working in IT fields.
The document discusses professional practices in the IT and software industries, focusing on ethics, legal compliance, standardization, and certification. It provides an overview of each topic and gives examples. For legal compliance, it examines sections from Thailand's Computer Crime Act, outlining various offenses and corresponding penalties relating to illegally accessing or damaging computer systems and data. The document aims to explain why these professional practices are important for those working in IT fields.
The document discusses professional practices in the IT and software industries, focusing on ethics, legal compliance, standardization, and certification. It provides an overview of each topic and gives examples. For legal compliance, it examines sections from Thailand's Computer Crime Act, outlining various offenses and corresponding penalties relating to illegally accessing or damaging computer systems and data. The document aims to explain why these professional practices are important for those working in IT fields.
Professional Practices in the IT and Software Industries
Matthew Dailey Computer Science and Information Management Asian Institute of Technology Matthew Dailey (CSIM-AIT) IT PP 1 / 30 Outline 1 Introduction 2 Ethics 3 Legal compliance 4 Standardization 5 Certication Matthew Dailey (CSIM-AIT) IT PP 2 / 30 Introduction Goals Today we discuss professional practices in the IT and software industries. Why should I care (even if Im not an IT guy/gal)? Matthew Dailey (CSIM-AIT) IT PP 3 / 30 Outline 1 Introduction 2 Ethics 3 Legal compliance 4 Standardization 5 Certication Matthew Dailey (CSIM-AIT) IT PP 4 / 30 Ethics Codes of conduct Your own conduct on the job will depend Your personal code Workplace codes (prescribed or otherwise) Societal/cultural codes Example: being instructed by the boss to lie to a customer. Do you do it, shirk, or go to the bosss boss? How does the organizational context inuence you? Matthew Dailey (CSIM-AIT) IT PP 5 / 30 Ethics Impact of technology It is relatively easy to gague the short term economic benets of a piece of technology. But we must understand the eects of our technology on society, the environment, social justice. Says Freeman Dyson: Technology guided by ethics has the power to help the billions of poor people all over the earth. My purpose is to help push technology in a new direction, away from toys for the rich and towards necessities for the poor. Discuss Los Alamos. Discuss intelligent video surveillance. Matthew Dailey (CSIM-AIT) IT PP 6 / 30 Ethics Software freedom Exercise: read through the GNU Manifesto by Richard Stallman at https://www.gnu.org/gnu/manifesto.html. Copying all or parts of a program is as natural to a programmer as breathing, and as productive. It ought to be as free. Free as in freedom and free as in no money. Whats is Stallmans ethical proposition? Give 5 reasons computer systems software should be free. Give 5 reasons computer systems software would benet from proprietary status. Matthew Dailey (CSIM-AIT) IT PP 7 / 30 Outline 1 Introduction 2 Ethics 3 Legal compliance 4 Standardization 5 Certication Matthew Dailey (CSIM-AIT) IT PP 8 / 30 Legal compliance Background Legal compliance is a big issue in any industry. Who is responsible when a computer systems failure leads to loss of life? Better be aware of your local and national laws! Besides these common issues, in IT and software, the biggest area of concerns are privacy, reporting, and responsibility for users behavior. Matthew Dailey (CSIM-AIT) IT PP 9 / 30 Legal compliance Example Lets take a close look at Chapter 1 (Computer Related Oenses) of the Thailand Computer Crime Act, unocial translation found at http://http: //www.samuiforsale.com/law-texts/computer-crime-act.html. Section 5. Any person illegally accessing a computer system for which a specic access prevention measure that is not intended for their own use is available shall be subject to imprisonment for no longer than six months or a ne of not more than ten thousand baht or both. Section 6. If any person knowing of a measure to prevent access to a computer system specically created by a third party illegally discloses that measure in a manner that is likely to cause damage to the third party, then they shall be subject to imprisonment for no longer than one year or a ne of not more than twenty thousand baht or both. Matthew Dailey (CSIM-AIT) IT PP 10 / 30 Legal compliance Example Section 7. If any person illegally accesses computer data, for which there is a specic access prevention measure not intended for their own use available, then he or she shall be subject to imprisonment for no longer than two years or a ne of not more than forty thousand baht or both. Section 8. Any person who illegally commits any act by electronic means to eavesdrop a third partys computer data in process of being sent in a computer system and not intended for the public interest or general peoples use shall be subject to imprisonment for no longer than three years or a ne of not more than sixty thousand baht or both. Section 9. Any person who illegally damages, destroys, corrects, changes or amends a third partys computer data, either in whole or in part, shall be subject to imprisonment for no longer than ve years or a ne of not more than one hundred thousand baht or both. Matthew Dailey (CSIM-AIT) IT PP 11 / 30 Legal compliance Example Section 10. Any person who illegally commits any act that causes the working of a third partys computer system to be suspended, delayed, hindered or disrupted to the extent that the computer system fails to operate normally shall be subject to imprisonment for no longer than ve years or a ne of not more than one hundred thousand baht or both. Section 11. Any person sending computer data or electronic mail to another person and covering up the source of such aforementioned data in a manner that disturbs the other persons normal operation of their computer system shall be subject to a ne of not more than one hundred thousand baht. Matthew Dailey (CSIM-AIT) IT PP 12 / 30 Legal compliance Example Section 12. The perpetration of an oence under Section 9 or Section 10 that: 1 causes damage, whether it be immediate or subsequent and whether it be synchronous to the public shall be subject to imprisonment for no longer than ten years or a ne of not more than two hundred thousand baht. 2 is an act that is likely to damage computer data or a computer system related to the countrys security, public security and economic security or public services or is an act against computer data or a computer system available for public use shall be subject to imprisonment from three years up to fteen years and a ne of sixty thousand baht up to three hundred thousand baht. The commission of an oence under (2) that causes death to another person shall be subject to imprisonment from ten years up to twenty years. Matthew Dailey (CSIM-AIT) IT PP 13 / 30 Legal compliance Example Section 13. Any person who sells or disseminates sets of instructions developed as a tool used in committing an oence under Section 5, Section 6, Section 7, Section 8, Section 9, Section 10 and Section 11 shall be subject to imprisonment for not more than one year or a ne of not more than twenty thousand baht, or both. Matthew Dailey (CSIM-AIT) IT PP 14 / 30 Legal compliance Example Section 14. If any person commits any oence of the following acts shall be subject to imprisonment for not more than ve years or a ne of not more than one hundred thousand baht or both: 1 that involves import to a computer system of forged computer data, either in whole or in part, or false computer data, in a manner that is likely to cause damage to that third party or the public; 2 that involves import to a computer system of false computer data in a manner that is likely to damage the countrys security or cause a public panic; 3 that involves import to a computer system of any computer data related with an oence against the Kingdoms security under the Criminal Code; 4 that involves import to a computer system of any computer data of a pornographic nature that is publicly accessible; 5 that involves the dissemination or forwarding of computer data already known to be computer data under (1) (2) (3) or (4). Matthew Dailey (CSIM-AIT) IT PP 15 / 30 Legal compliance Example Section 15. Any service provider intentionally supporting or consenting to an oence under Section 14 within a computer system under their control shall be subject to the same penalty as that imposed upon a person committing an oence under Section 14. Matthew Dailey (CSIM-AIT) IT PP 16 / 30 Legal compliance Example Section 16. Any person, who imports to a computer system that is publicly accessible, computer data where a third partys picture appears either created, edited, added or adapted by electronic means or otherwise in a manner that is likely to impair that third partys reputation or cause that third party to be isolated, disgusted or embarrassed, shall be subject to imprisonment for not longer than three years or a ne of not more than sixty thousand baht, or both.If the commission under paragraph one is a trustworthy action the perpetrator is not guilty. An oence under paragraph one shall be a compoundable oence. If a party injured by an oence under paragraph one has died before ling a complaint, then their parents, spouse or children may le a complaint and shall be deemed to be the injured party. Matthew Dailey (CSIM-AIT) IT PP 17 / 30 Legal compliance Example Section 17. Any person committing an oence against this Act outside the Kingdom and; 1 the oender is Thai and the government of the country where the oence has occurred or the injured party is required to be punished or; 2 the oender is a non-citizen and the Thai government or Thai person who is an injured party or the injured party is required to be punished;shall be penalized within the Kingdom. Matthew Dailey (CSIM-AIT) IT PP 18 / 30 Legal compliance Exercise Lets try an exercise. Suppose you are tasked with designing a new online discussion board service for people in Thailand interested in IT security. Go through the Computer Crime Act and make a list of issues that need to be considered in the design of the system. Matthew Dailey (CSIM-AIT) IT PP 19 / 30 Legal compliance Conclusion Be aware of such laws that apply in the locations you do business in, and take steps to comply and protect your organization. Matthew Dailey (CSIM-AIT) IT PP 20 / 30 Outline 1 Introduction 2 Ethics 3 Legal compliance 4 Standardization 5 Certication Matthew Dailey (CSIM-AIT) IT PP 21 / 30 Standardization Introduction Standards prescribe norms or levels of quality. Every industry has a wide array of standards. Compliance and certication of compliance can be resource intensive. So why do it? Why not just do things as we see t? Matthew Dailey (CSIM-AIT) IT PP 22 / 30 Standardization IT and software industry standards The important standards in IT and the software industry revolve around quality assurance in IT management and software engineering. Example: the IT Infrastructure Library (ITIL) is a set of practices for IT service management. If your IT department is not ITIL compliant you might ask why not. If you, as a member of IT engineering are not familiar with ITIL, you arent doing your job. By following an IT standard such as ITIL, you will be better able to prevent security incidents, data loss incidents, decrease downtime due to unmanaged conguration information, etc. Matthew Dailey (CSIM-AIT) IT PP 23 / 30 Standardization IT and software industry standards Software engineering is full of standards. The IEEE maintains a giant library of software engineering standards. The Carnegie Mellon University Software Engineering Institute (SEI) developed the Capability Maturity Model Integration (CMMI): Evaluates organizations abilities in terms of product and service development, implementation and management, and acquisition into levels. Required by many department of defense contractors. Required of oshore development teams by many U.S. clients. Enormous impact on the software industry. Matthew Dailey (CSIM-AIT) IT PP 24 / 30 Standardization Conclusion Whatever your industry focus, you need to identify the standards that your customers want to see and the standards that will help solidify the maturity of your organization. Matthew Dailey (CSIM-AIT) IT PP 25 / 30 Outline 1 Introduction 2 Ethics 3 Legal compliance 4 Standardization 5 Certication Matthew Dailey (CSIM-AIT) IT PP 26 / 30 Certication Introduction Some standards come with certication programs. At worst, certication is just a money making scheme, and potential employers and clientss will laugh at your bogus certications. At best, certication gives potential employers and customers condence in your capabilities. Matthew Dailey (CSIM-AIT) IT PP 27 / 30 Certication Examples Example: the Personal Software Process is an application of CMMI to the practices of an individual software developer. The focus is on being able to estimate eort accurately, manage quality, and eliminate defects at a personal level. SEI oers certication in PSP. Matthew Dailey (CSIM-AIT) IT PP 28 / 30 Certication Examples Another example: Oracle certication examinations in Java technologies. Certication may not necessarily mean you are highly productive! However, it does give condence that you know the platform well, assuming you studied the language rather than how to pass the test. Most engineers who take such exams report a positive experience. Matthew Dailey (CSIM-AIT) IT PP 29 / 30 Certication Summary Overall, get a certication if required by your employer or customer. you are intersted in the technology/process and want to push yourself to learn it well. But be careful not to overemphasize the importance of certications. In the end, a reference from a respected colleague or people who can attest to your abilities are much more eective than a list of professional certications. Matthew Dailey (CSIM-AIT) IT PP 30 / 30