An

Overview of Ethics 7 forces that are changing the nature of

professional services:
What is Ethics?
1. Client Sophistication

2. Governance
Moral Code:
3. Connectivity
- Formed rules that are often
expressed in statements about how 4. Transparency
people should behave and would fit
them together by which their society 5. Modularization
lives.
6. Globalization

7. Commodization
Morality:

- Social conventions about right
Trade Secret
and wrong that are so widely shared
that they become the basis for an
- Is information, generally
established consensus.
unknown to the public, that a company
has taken strong measures to keep
Ethics:
confidential.
- Set of beliefs about right and
- It represents something
wrong behavior within a society.
economic value that has required effort
Ethical behavior conforms to generally or cost to develop and that has some
accepted norms – many of which are degree of uniqueness or novelty .
almost universal.
- Trade secret can include the
design of new software code, HW
designs, business plans, the design of a
Profession user interface to a computer program,
and manufacturing processes.
-A calling that requires
specialized knowledge and often long Example: the Colonel’s secret recipe of
and intensive academic preparation. 11 herbs and spices, the formula for
Coke, and Intel’s manufacturing process
for the i7 quad core processing chip

By: Ms. Sharene T. Labung, MIT, CDP

Are IT Workers Professional? 7. Commoditization

7 forces that are changing the nature of Clients look at the delivery of low-end
professional services: services (e.g. staff augmentation to
complete project) as a commodity
1. Client Sophistication service for which prices is the primary
criterion for choosing a service provider.
Clients are aware of what they need
from service providers

2. Governance Trade Secret

Relates to consistent management, - Is information, generally

cohesive policies, guidance, processes unknown to the public, that a company
and decision-rights for a given area of has taken strong measures to keep
responsibility confidential.

3. Connectivity - It represents something

economic value that has required effort
Clients and service industry have built or cost to develop and that has some
their working relationship degree of uniqueness or novelty .

4. Transparency - Trade secret can include the

design of new software code, HW
Clients expect to be able to see work-in- designs, business plans, the design of a
progress user interface to a computer program,
and manufacturing processes.
5. Modularization
Example: the Colonel’s secret recipe of
Clients are able to break their down 11 herbs and spices, the formula for
their business processes into Coke, and Intel’s manufacturing process
fundamental steps for the i7 quad core-processing chip

6. Globalization

Clients are evaluate and choose among

service providers around the globe,
making the service industry extremely
competitive




By: Ms. Sharene T. Labung, MIT, CDP
Fraud – Is the crime of obtaining goods, Relationships Between IT Workers and
services, or property through deception Other Professionals
or trickery
• Resume Inflation – Involves lying
Misrepresentation – Is the on a resume and claiming competence
misstatement or incomplete statement in an IT skill that is in high demand.
of a material fact.
Professional Code of Ethics
Breach of Contract – Occurs when one
party fails to meet the terms of a • States the principles and core
contract values that are essential to the work of
a particular occupational group.
Material Breach of Contract – Occurs
when a party fails to perform certain • Practitioners in many profession
express or implied obligations, which subscribe to a code of ethics that
impairs or destroys the essence of the governs their behavior
contract


Professional Organization
Elements of Fraud
– ACM
1. The wrongdoer made a false
representation of material fact – AITP

2. The wrongdoer intended to – IEEE-CS

deceive the innocent party
– PMI
3. The innocent party justifiably
relied on the misrepresentation – SANS Institute

4. The innocent party was injured

Relationship between IT workers and

Suppliers

• Bribery – Involves providing
money, property, or favors to someone
in business or government to obtain a
business advantage.

Distinguishing between bribes and gifts By: Ms. Sharene T. Labung, MIT, CDP
Certification IT Professional Malpractice

• Certification – Indicates that a • Negligence – Not doing

professional possesses a particular set something that a reasonable person
of skills, knowledge, or abilities, in the would do, or doing something that a
opinion of the certifying organization. reasonable person would not do.

– Vendors that Provide Certifications • Duty of Care – The obligation to

protect people against any
• CISCO •IBM • Microsoft unreasonable harm or risk
• Sun •SAP • Oracle
• Reasonable Person Standard

• Reasonable Professional Standard
Example of Vendors Certifications
• Breach of the duty of care –
- CCNA- Certified Cisco Network Failure to act as a reasonable person
Associates would act.

- CCNP - Certified Cisco Network • Professional Malpractice – A

Professional liability where a professional who
breach the duty of care are liable for
- MCSE - Microsoft Certified System injuries that their negligence causes
Engineer
Common Ethical Issues for IT Users
- OCP - Oracle Certified Professional
• Software Piracy
- MCP - Microsoft Certified Professional
• Inappropriate Use of Computing
Resources

Non-vendor Specific Certifications • Inappropriate Sharing of

Information Supporting the Ethical
- CISA - Certified Information System Practices of IT Users
Auditor
• Establishing Guidelines for Use of
- CISP - Certified Information System Company Software
Professional




By: Ms. Sharene T. Labung, MIT, CDP

• Defining and Limiting the customers and employees, resulting in
Appropriate Use of IT Resources lost sales and increased costs? Most
Common Security Incidents
• Structuring IS to Protect Data and
Information

• Installing and Maintaining Why Computer Incidents Are So

Corporate Firewall – Firewall Prevalent

• A HW or SW device that serves as a 1. Increasing Complexity Increases

barrier between an organization’s Vulnerability
network and the Internet; it also limits
access to the company’s network based 2. Higher Computer User
on the organization’s Internet usage Expectations
policy.
3. Expanding and Changing Systems
Introduce New Risks

Computer and Internet crimes 4. Increased Reliance on Commercial

Software with Known Vulnerabilities
IT Professionals and IT Users all face a
number of ethical decisions regarding IT
security:
Types of Exploits
• If their firm is a victim of a
computer crime, should they pursue a 1. Computer Viruses – A piece
prosecution of the criminals at all costs, of programming code, usually disguised
maintain a low profile to avoid the as something else, that causes a
negative publicity, inform their affected computer to behave in an unexpected
customers, or take some other action? and usually undesirable manner.

• How much effort and money 2. Worms – A harmful program

should be spent to safeguard against that resides in the active memory of
computer crime? (In other words, how the computer and duplicates itself
safe is safe enough?)
3. Trojan Horse – A program in
• If their firm produces software which malicious code is hidden inside a
with defects that allow hackers to attack seemingly harmless program
customer data and computers, what
actions should they take? • Logic Bomb – executes when it is
triggered by a specific events
• What should be done if
recommended computer security By: Ms. Sharene T. Labung, MIT, CDP
standards make life more difficult for
4. Botnets – A large group of Cost of Impact of Worms
computers controlled from one or more
remote locations by hackers, without Type of Perpetrators
the knowledge or consent of their
owners 1. Hackers and Crackers

5. Distributed Denial-of –service 2. Malicious Insiders

attack (DDoS) – Malicious hacker
takes over computers on the Internet 3. Industrial Spies
and causes them to flood a target site
with demands for data and other small 4. Cybercriminals
taks. It keeps the target so busy
responding to a stream of automated 5. Hacktivists and Cyberterrorists
requests that legitimate users cannot
get in 6. Laws Regarding Cybercrime

6. Rootkits – Set program that • In the Other Countries – US

enables its user to gain administrator
level access to a computer without the 9. USA Patriot Act – defining
end user’s consent knowledge. cyberterrorism and penalties

7. Spam – Email spam – the 10. Computer Fraud and Abuse Act
abuse of email system to send
unsolicited email to large number of 11. ID Theft and Assumption
people Deterrence Act

– CAPTCHA 12. US Code Title 18, Part I, Chapter 17,

Section 1030
• Completely Automated Public
Turing Test to Tell Computers and 13. US Code Title 18, Part I, Chapter
Humans Apart 8. Phishing – Act 121, Section 2701
of using email fraudulently to try to get
the recipient to reveal personal data

• Spear-phishing is a variation of
phishing in which the phisher sends

fraudulent emails to a certain
organization’s employees. – Phony

emails


By: Ms. Sharene T. Labung, MIT, CDP


Laws Regarding Cybercrime secure, private, and reliable computing
experience based on sound practices
In the Philippines
Risk Assessment
Applicable Philippine Laws that penalize
cybercrime • Is the process of assessing security-
related risks to an organization’s
1.1. Intellectual Property Right computers and networks from both
internal and external threats.
1.2. E-Commerce Law
• Such threats can prevent an
1.3. Optical Law organization from meeting its key
business objectives General Security
1.4. Civil Code Risk Assessment

1.5. Revised Penal Code • Identify the set of IT assets about

which the organization is most
1.6. Special Criminal Law concerned

1.7. Unfair Competition Act • Identify the loss events or the risks
or threats that could occur (DDoS,
Internet Pornography insider fraud, etc)

• Assess frequency of events or the

likelihood of each potential threats

• Determine the impact of each
Government Agencies Responsible in threat occurring.
the Implementation of the Philippine I.
T. Programs • Determine how each threat can be
mitigated so that it becomes much less
2.1. Commission on Information and likely to occur or, if it does occur, has
Communication Technology less of an impact on the organization.
Establishing a Security Policy
2.2. National Bureau of Investigation
• Security Policy – Defines an
2.3. Department of Justice organization’ security requirements, as
well as the controls and sanctions
needed to meet those requirements
Implementing Trustworthy Computing
• Trustworthy Computing – A By: Ms. Sharene T. Labung, MIT, CDP
methods of computing that delivers
– A good security policy delineates 5. MANAGEMENT - Software
responsibilities and the behavior engineering managers and leaders shall
expected of members of the subscribe to and promote an ethical
organization. approach to the management of
software development and
– It outlines WHAT needs to be done maintenance.
but not HOW to do it.


6. PROFESSION - Software engineers
shall advance the integrity and
reputation of the profession consistent
Software Engineering Code of with the public interest.
Ethics: Eight Principles


7. COLLEAGUES - Software engineers
1. PUBLIC - Software engineers shall act shall be fair to and supportive of their
consistently with the public interest. colleagues.

2. CLIENT AND EMPLOYER - Software 8. SELF - Software engineers shall

engineers shall act in a manner that is in participate in lifelong learning regarding
the best interests of their client and the practice of their profession and shall
employer consistent with the public promote an ethical approach to the
interest. practice of the profession.

3. PRODUCT - Software engineers shall
ensure that their products and related
modifications meet the highest
professional standards possible.

4. JUDGMENT - Software engineers shall

maintain integrity and independence in
their professional judgment.

By: Ms. Sharene T. Labung, MIT, CDP

CODE OF ETHICS FOR THE FILIPINO IT I will not disclose or use any
PROFESSIONALS confidential information obtained in
the course of professional duties
I will use my without the consent of the parties
special knowledge and skills for the concerned, except when required by
benefit of the public. law;

I will serve employers and clients with I will strive to attain the highest
integrity, subject to an overriding quality in both the products and
responsibility to the public interest. services that I offer;

And I will strive to enhance the I will not knowingly participate in

competence and the development of information
prestige profession. By these I mean: technology system that will promote
the commission of fraud and other
I will promote public, knowledge, unlawful acts;
understanding, and appreciation
of information technology; I will uphold and improve the IT
professional
I will consider the general standards through continuing
welfare and public good in performance professional development in order to
of my work; enhance the IT profession.

I will advertise goods and professional

services in a clear and truthful manner;

I will comply and strictly abide by
the intellectual property laws, patent
laws and other related laws in respect of
information technology;

I will accept full responsibility for the
work undertaken and will utilize my
skills with competence and
professionalism;

I will make truthful statements on my
areas of competence as well as the
capabilities and qualities of my product
or services;

By: Ms. Sharene T. Labung, MIT, CDP