Security, Software, and Ethics
Introduction
Every day, we use computer software to perform everyday tasks. These can range from sending e-mail, balancing your checkbook, web browsing, shopping and much more. Most people don't stop to think about the security of the software that we use on a daily basis. Users are more concerned about getting their work done, and security is little more than an afterthought.
Security is a very important and often overlooked aspect of software development. Security is used to authenticate users, manage access to resources, and to ensure that data hasn't been compromised.
Recent events such as the Sasser, SQL Server, Blaster and Nimda worms have been devastating throughout the world. They've cost companies and everyday people billions of dollars worth of wasted time, money and productivity. In some cases, data gets corrupted, modified or deleted. Businesses are unable to function normally, which can result in heavy financial losses.
Some of these worms are still taking over computers to this day, long after patches have been readily available to fix the problem. Security professionals have been telling computer users to patch their systems and keep them up to date, but it their words aren't being listened to in spite of their warnings. Why is this scenario constantly being repeated? Who's responsible for ensuring that software we use is secure?
I feel that software companies and software engineers are ethically responsible for making sure that their software is secure. We're becoming more dependent on computer software, which makes us more vulnerable to virus attacks from a security bug in a widely used piece of software. They must be able to ensure that our software is more secu...
... middle of paper ...
...3] Peter Mell and Miles C. Tracy, "Procedures for Handling Security Patches", National Institute of Standards and Technology, August 2002
http://www.csrc.nist.gov/publications/nistpubs/800-40/sp800-40.pdf
Suggested resources
SANS Institute - Computer security web site, with information about computer security training
http://www.sans.org
SANS Institute Reading Room - Articles on a variety of security topics
http://www.sans.org/rr
Security Focus - Web site with news and analysis of security issues
http://www.securityfocus.com
The Register - Web site with IT-related news
http://www.theregister.co.uk
Software Engineering Institute, Carnegie Mellon University
http://www.sei.cmu.edu/
National Institute for Science and Technology
http://www.nist.gov
The CERT® Coordination Center - A reporting center for Internet security
http://www.cert.org
William C &, Dennis L &, Michael S (1996), Information Security Handbook, NY: MacMillian Press LTD
Hacking is the term used to describe the process of breaking into and obtaining access to a computer system or network. It’s essentially the modern successor of the age-old breaking-and-entering. In this information age, information is power. Those who obtain a person’s personal information can use it to for various crimes including identity theft. Companies and corporations are not exempt from this either. Nowadays, many companies store their customer’s personal data in their databases (a massive collection of data, similar to a giant, virtual phonebook). As a result, they become targets of hackers who, if successful,
Reflection is the process of reviewing an experience in order to describe analyse, evaluate and so inform learning about practice (Reid 1993). There are many reflective models that I could have used, including Johns (2004), Driscoll (2000), Atkins and Murphy (1994), Kolb’s (1984), and Gibbs (1988).
In a situation where a software engineer is asked to design a system with inherent security vulnerabilities, many ethical issues involving several stakeholders are encountered. Diane Jones is the owner of a software development company that has been contracted to engineer a database management system for the personnel office of a medium-sized toy manufacturing company. Management members of the toy manufacturer involved with Diane in the design of the system include the CEO, the director of computing, and the director of personnel. The database system will contain sensitive information pertaining to the employees of the toy manufacturer.
Reflection is turning experience into Learning. Reflection is a conscious, dynamic process of thinking about, analysing, and learning from an experience that gives insight into self and practice.
Rolfe (2001) claims that reflection- in-action is more advanced form of thinking and leads to more advanced practice. He further describes that is it is a process of what the nurse is always testing theories and hypothesis in a cyclical process while simultaneously engaged in practice (Rolfe, 1993). It means examining behaviour and that of others while in a situation (Schon, 1995; Schon, 1987). “To be able to reflect one must step outside the experience in order to make the observance comprehendible” Gray (1998). “Aziza highlighted (Forum 2; Challenges and debates about reflective practice, Reflection-in-action/practice and Reflection-on-action/practice) that competent nurses encounter an unusual event or “wicked problem”. Rolfe (2014), calls it, the nurse automatically analyse, problem solve and reflects in that instant without even realising it.” Hence, it brings about confidence, skills and knowledge and anticipation in professionals in nursing. Professionals are accountable for their actions and in this case students, and new nurses would have an opportunity to think what could have been better to improve the
The lower scoring from these teens indicates the prominent negative impact ADHD can have on many parts of their lives. Not only does the disorder effect the victim – ADHD can influence family life as well. According to child/teen psychiatric health experts Pelham WE Jr, Faraone SV, and Podoloski CL; "...the presence of a child with ADHD results in increased likelihood of disturbances to family and martial functioning, disrupted parent-child relationships, reduced parenting efficacy, and increased levels of parent stress, particularly when ADHD is comorbid with conduct problems. Furthermore, ADHD in children was reported to predict depression in mothers and is associated with increased parental alcohol consumption." (Harpin i3) This shows that the disorder isn't just influential on its victim, and can be really difficult to deal with for parents and siblings. Unfortunately, ADHD also effects not only the victims' social life, but society as well. According to a recent survey, almost 50% of young adults with ADHD did not complete high school, abused drugs or alcohol, attempted suicide, transmitted an STD, got fired from a job, got their license suspended, and are 65% more likely to be incarcerated. These events prevalent in the affected person's life affect themselves just as much as it affects the people around them. This shows how ADHD affects all aspects of life for the victim, the victim's family, and society as a
Reflection involves stages of critically analysing experiences of practice in order to elucidate, examine, assess, and so inform learning about practice (Reid, 1993). Boyd and Fayles (1983) conceptualised reflective learning as the skills acquired by an individual to internally inspect and investigate an area of concern that is most likely provoked by an experience to generate and explain its meaning in relations of self, which may lead to an outcome of an improved theoretical perception. Both of the definitions give a clear definition to view reflection both as an approach to gain knowledge and as an approach to improve practice (Schutz, 2007). Moreover, Boyd and Fayles (1983) stressed that this improvement may be entirely established on an individual’s personal level of involvement. The evolution of Western philosophy involves the reflection as a notion (Schutz, 2007). In addition, Scutz (2007) suggested that the practice of reflection approaches plays a significant role in educating nursing undergraduates and health care experts to incorporate the skills of reflection in their practice communities as part of their daily practice at work.
In my opinion, ethics give people free will to make right choices. People have free will to make choices that are governed with responsibility, accountability, and liability. We have a responsibility to perform in an ethical manner and be accountable for our choices or actions. Regardless of the circumstances and choices we make, there are consequences if we make the wrong choice. The question of whether an action or choice is ethical or not is fundamentally based on whether something is right or wrong. From an ethical standpoint, unethical choices and risky behavior can lead to increased liabilities. The liabilities result in the loss or damage sustained by a company or other party as result of an unethical and sometimes illegal decision. Although we exercise free will on a continuous basis, we are governed by the decisions we make and my belief is that the decisions we make daily do not just affect us. These decisions affect other people, such as family, friends, coworkers, instructors, neighbors, etc. The most prominent example of ethics can be recognized in the field of technology based on the growing amount of rapidly changing legislation and acts that under consideration in order to protect people from unethical practices.
This unethical behaviour related to Information System (IS) have caused significant losses to businesses and the society at large. Professional IT bodies are concerned about these ethical problems because of their potential harm to the society and to the integrity of the IT profession. The Association Computing Machinery (ACM), Institute of Electrical and Electronics Engineers (IEEE), the British Computer Society and International Federation for Information Processing (IFP) came together to formulate codes of ethics and professional conduct for IT professionals, as a way to check or reduce unethical conduct in the IT profession. The 1991 report of the ACM/IEEE-CS Curriculum Task Force recommended the introduction of computer ethics into Computer Science Curriculum at University level (Martin & Yale-Weltz, 1999). The report stressed the importance to expose students to ethical and societal issues that are associated with the co...
The focus of this research paper will be on computer and web ethics. How computers have impacted us in the last few years and how our web ethics should be. We will be breaking down computer ethics and web ethics. Although many people think that the computer is a very recent development, it actually has a long history that demonstrates how quickly the computer industry changes. History provides a context for how far we have come with computers in a relatively short period of time.
Tavani, Herman T. "Chapter 4 :Professional Codes of Ethics and Codes of Conduct." Ethics and Technology: Controversies, Questions, and Strategies for Ethical Computing. Hoboken, NJ: Wiley, 2010. Print.
Duquenoy, P., Jones, S., & Blundell, B. (2008). Ethical, legal and professional issues in computing. London: Thomson.
The operating security protects the system from threats, viruses, worms, malware, and hackers. An ounce of preventative is better than a pound of cure, as the old saying goes. The same is true for operating systems. The security preventative keeps the computer assets safe from being stolen, compromised, or deleted. The operating system’s security allows applications that have been scanned for viruses and deemed clean to run smoothly. It allows the system to perform required tasks and prevent unauthorized programs from
Abstract: The difficulty of having one global ethical Standard of Conduct for computer professionals is due to the fact that there are conflicting legitimate loyalties and interests. This paper examines an ethical issue in the professional computer world through use of a case study. The example given is that of a programmer who is asked to install new software on his computer. He notices that the software may have been illegally obtained, and investigates. After no one can prove to him that the software has a legitimate or illegitimate origin, he is faced with the dilemma of overlooking the problem or blowing the whistle and bringing it into the public sphere. The Code of Ethics of a typical computer company is examined for clues as to what ethical action the worker should take next.