IT Ethics Handbook: Right and Wrong for IT Professionals by Stephen Northcutt, Cynthia Madden. Syngress Publishing Inc.
IT professionals, be they employees, consultants or management, face ethical dilemmas all the time. Every IT professional will recognize situations in this book that they have found themselves in.
The IT Ethics Handbook: Right and Wrong for IT Professionals, is broken down into chapters such as Systems Administration and Operations, Audit, Vulnerability Disclosure, Information Security Officers, Ethics and Contractors/ Consultants, Management/ Employer Ethics. Within each chapter are several ethical dilemmas, with liberal and conservatives solutions, as well as summaries that detail the best solution.
Here are examples of some of the dilemmas.
From the Audit chapter, “Following the Chain of Command – What do You do with Contradicting Orders?”
The Chief Information Officer (CIO) of an insurance company hires you to perform an audit on their network information systems infrastructure. He provides detailed procedures for you to perform this internal audit. Once you begin the audit, the President of the company gives you contradictory instructions. The President asks you to address the business processes from the point of view of data flow rather than the technical infrastructure procedures the CIO requires of you. Will you follow the instruction of the CIO or the President of the company?
From the chapter on Information Service Providers, “Should an ISP Block Microsoft Ports.”
A small number of ports commonly used for Microsoft file sharing and related services are some of the the most common ports for worms to enter. Should your ISP block traffic to them to further protect service to your network?
The topic of music downloads at work is discussed. Some of your co-workers are downloading huge amounts of MP3 files from legal and illegal sites. You have some MP3s from these sites on your home computer. Would you feel like a hyprocrite turning people in at work?
This book is very up to date, with discussions about growing technologies that pose the potential for ethical concerns. Some examples include “Radio Frequency IDs for Marketing – Is it Okay to Track a Consumer?”,
Managers should add this excellent book to their library and suggest that employees read through the chapters that are applicable to them and then ask questions relating to company policy for some of the more complicated dilemmas.
Author Stephen Northcutt is the Director of Training and Certification for the SANS Institute, has authored several books and had a career in the Navy which culminated in him becoming the Chief for Information Warfare at the Ballistic Missile Defense Organization.