Ethical decision-making: Identifying the ethical issue

Security Strategies This newsletter is sponsored by Fluke Networks Network Analyzer FREE Trial Use OptiView Analyzer on your network free for five days. Generate network discovery reports, perform security audits and see protocol distribution. Click here to request a free trial now! Network World's Security Strategies Newsletter, 08/30/07 Ethical decision-making: Identifying the ethical issue By Mark Gibbs In my last column, I began discussing the July 30 column by Vauhini Vara of the _Wall Street Journal_ entitled, “Ten Things Your IT Department Won’t Tell You.” The author provides detailed information on how to violate acceptable-use policies for corporate computer systems. In this column and two more to follow, I want to apply the ethical decision-making methodology I have been teaching students for many years (see for example “Making Ethical Decisions” and “Ethics, Spyware & Steganography.” This particular approach was brilliantly described by Professors Kallman and Grillo in their 1996 text, _Ethical Decision Making and Information Technology: An Introduction with Cases_, Second Edition. [McGraw-Hill (ISBN 0-070-34090-0)] The essential points of the method are as follows: 1. Identify the ethical problem in operational terms. 2. Look for explicit and implicit guidelines relevant to the situation. 3. Identify and apply underlying principles affecting the decision. 4. Explore rights and duties of participants and stakeholders. 5. Respond to intuitive cues. New Executive Guide Network World has recently published an executive guide entitled "Virtualization Meets Reality". Find out the 8 key challenges of virtualizing your data center. Download it now! Today I’ll start with the first step above and examine Vara’s suggestion that workers conceal their use of corporate systems to visit “certain sites - ranging from the really nefarious (porn) to probably bad (gambling) to mostly innocuous (Web-based e-mail services).” Let’s assume for the sake of this discussion that an employee, Bob, has signed an appropriate-use agreement with his employer and that he’s not supposed to use his company computer for non-work-related Web surfing. Charles Cresson Wood offers a sample policy for this purpose (see “Chapter 11 - Sample Internet Security Policy For Users” in _Information Security Policies Made Easy_, 10th Edition). I have modified the policy for use in this discussion as follows: "Personal Use - Workers who have been granted Internet access who wish to explore the Internet for personal purposes must do so on personal rather than company time. Games, news groups, and other non-business activities must not be performed on company computers… Workers must not employ the Internet or other internal information systems in such a way that the productivity of other workers is eroded. Examples of this include chain letters and broadcast charitable solicitations. Company X computing resources must not be resold to other parties or used for any personal business purposes such as running a consulting business on off-hours." In identifying the ethical question, Bob should ask himself: * “What are the actions in question?” The actions are surfing to forbidden sites using company equipment and then concealing his actions. * “Who gains from the proposed actions?” Bob gains in the short term by avoiding work and having fun while being paid for nothing. * “Who suffers?” The stakeholders in the company lose by paying for nothing; coworkers pay by doing extra work to compensate for Bob the slacker. * “Are those who lose out willing participants?” Generally, no: few employees would willingly sacrifice their time to cover for Bob; and corporate management certainly don’t want their employees flouting their policies in secret and then lying about the violations. As for Vauhini Vara, I think her decision (and that of her editors) should have been framed as “Should I publish this article telling people how to evade personal responsibility for violating corporate appropriate-use policies?” The people gaining are the lazy, irresponsible and dishonest workers who choose to cheat their employers by breaching their employment contracts; the people losing are the same ones Bob is cheating in our example above, and the same considerations apply to the question of willing participation in the behavior being condoned and encouraged in Vara’s article. More next time.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. Airline puts Linux PC in every seat 2. iPhone unlocking video hits Web 3. iPhone unlocker trades phone for 'sweet' car 4. Deja vu: Sony uses rootkits, F-Secure says 5. The metal-whisker menace 6. How close is World War 3.0? 7. Cisco VoIP engineers on the hunt for new jobs 8. Metal whiskers: a visual tour 9. Is the bloom off municipal Wi-Fi? 10. Meltdown raises doubts about Microsoft reliability MOST E-MAILED ARTICLE: Airline puts Linux PC in every seat

Contact the author: Mark Gibbs is a consultant, author, journalist, and columnist and now blogger: Check out Gibbsblog. Gibbs not only pens (well, keyboards) this newsletter he also writes the weekly Backspin and Gearhead columns in Network World. We’ll spare you the rest of the bio but if you want to know more, go here This newsletter is sponsored by Fluke Networks Network Analyzer FREE Trial Use OptiView Analyzer on your network free for five days. Generate network discovery reports, perform security audits and see protocol distribution. Click here to request a free trial now! ARCHIVE Archive of the Security Strategies Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007