In a situation where a software engineer is asked to design a system with inherent security vulnerabilities, many ethical issues involving several stakeholders are encountered. Diane Jones is the owner of a software development company that has been contracted to engineer a database management system for the personnel office of a medium-sized toy manufacturing company. Management members of the toy manufacturer involved with Diane in the design of the system include the CEO, the director of computing, and the director of personnel. The database system will contain sensitive information pertaining to the employees of the toy manufacturer.
Weak security for personal data concerning employees of the toy manufacturing company creates an alarm for the software development team. This information includes medical records for insurance claims, performance evaluations, and salary information. Therefore, an ethical dilemma occurs when the toy manufacturing company is persistent in constructing an ineffectual security system in order to provide short-term financial reprieve.
The software development company and the individuals involved on this project risk a negative impact upon their reputation if the system requested from the client is fundamentally flawed, thus creating a public image relaying their inability to produce quality software that is of the highest security standards. Ms. Jones has the right to express her concern to her employer and thereby a responsibility as an ethical software engineer to attempt to convince the personnel office for the toy manufacturer to adopt a more secure system despite the increased expenditure. The previously mentioned upper management members of the toy manufacturing company involved i...
... middle of paper ...
...in order to properly secure the restricted data contained within the system. The software development team carefully explains the danger of compromised data both in the form of a technologically proficient employee along with the potentially greater and more damaging theft of data perpetrated by online hackers. Financial loss due to inadequate data storage and security is also explained to the client. The goal of this explanation is the realization that an increased preliminary investment may ultimately be significantly less expensive than a breach of an insecure system. In the event the client is unable or unwilling to modify the structure of the system, the recommended course of action is for the software development team to decline implementation of the system with consideration to the consequent damage to the repute of the software development organization.
In this case, a large health services organization (HSO) in Florida, that has a world-renowned AIDS treatment center had information breach of 4,000 HIV+ patient records, and the list was sent to newspapers, magazines, and the internet. Consequently, this issue was featured in every media vehicle in the world and as CEO, you are requested by the board of trustees to come up a better management information system (MIS) to resolve all information security issues or you will face termination. After hiring an undercover computer security consultant to help determine where the security leak came from, she quickly identifies numerous breaches in computer security and provides a report with the issues identified. The report furnished by the consultant revealed that facility had major problems with the MIS and the staff. In order to determine how to address the issues, the CEO must first answer the following questions: what law is being violated by the employees, why was this law enacted, what are the penalties for such violations, what are the penalties for sharing celebrity information, and should he be updating his resume and looking for another job (Buchbinder, 378).
The ACME Company manufactures various electronic devices for a variety of well-known brands. Many of these products are fully assembled and stored at the plant awaiting shipment to the vendors, including the expensive components used to manufacture these devices. There has been an alarming problem that significant inventory shortages have been occurring for the assembled devices as well as the stock components used to manufacture the devices resulting in substantial company losses as a result of extensive employee theft. Through discussions with private security leaders from other organizations, about the effectiveness of an administrative search program as an option to address internal theft, a meeting is called by the security team and other company directorate heads, to include the organization’s legal counsel, to discuss possible security options to thwart the reported losses. This meeting centers on the fact that in private industry/business, some employers need to institute an administrative, non-coercive, care taking search programs to address real or perceived property losses at the hands of their employees. While there are issues that must be considered beyond the impact it might have
Software application development at my company was initiated first out of security concerns. There were increasing numbers of security breaches reported in hospitals, banks, Yahoo, and other places that paused potential hazards (Snyder, 2014). We are in the financial Industry with huge volumes of sensitive data. Our Information Technology department expressed concerns that our SQL server was an easy target to those that may want to hack the system. Existing security measures and periodic training were very strict but they were not enough to protect customers from hackers.
DWP is resolved to shield the classification, respectability and accessibility of all physical and electronic data resources of the establishment to guarantee that administrative, operational and contractual prerequisites are satisfied. The general objectives for data security at ABC Corporation
The ITGC regularly handle program changes, development, and access as well as basic computer operations. A poorly designed IT framework and accessibility protocols increase the company’s susceptibility to internal and external attacks, which result in the loss valuable financial information or its utilization to commit and conceal fraud. In asset misappropriation for example, an individual with access to the company’s accounting software has the opportunity to commit and conceal fraud. For example, Wayland Manufacturing Company’s accounting department oversees the maintenance of the Accounts Payable and Purchases general ledgers. Therefore, Newbaker is responsible for recording invoices and cash disbursements. Therefore, he has the accessibility to modify the company’s vendor list to include fictitious vendors that increase the likelihood of payment for fictitious invoices (Fraud Risk Assessment n.d.) (Eikel 2008) (Arens, Elder, & Borsum
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
“Engineering has a direct and vital impact on the quality of life for all people.” 1 It is by this premise that engineering codes of ethics have been written to outline professional standards for both managers and engineers. Exhibiting the highest standards of honesty and integrity are imperative for the protection of public health, safety, and welfare.2 When ethical principles are compromised, the risk of endangering others greatly increases, especially with mission and safety critical systems. Extreme consequences include not only complete mission failures and great financial loss, but also fatalities. Though most engineering accidents are associated with aerospace, mechanical, civil, or even electrical engineering (due to the nature of these disciplines such that the end products are actually tangible objects), an increasing number of accidents in software engineering have brought attention to the importance of ethics in information technology.
We all love computers; people store important information on their computers whether it is a business or one’s home. Businesses have confidential information stored on their computers.
The practitioners are encouraged to provide full disclosure of all system 's limitations and problems (ACM). In our case, we can see that Diane has advised the company all the options available to build a good secure system. She is also honest in the sense that she told the company about the insufficiency of the security system and did not follow their requests right away just to get the contract for herself. We can conclude that Diane has followed this principle and this shows Diane has good professional ethics with respect to this
The background of the project is that Flayton Electronics faced an eminent problem when it is discovered that there might be a possible breach in their security and the privileged customer information has been compromised. A bank informed the firm that credit card information of the several customers had been leaked and there have been possible fraudulent transactions taken place. The CEO of the firm, Bret Flayton is faced with the challenge of making a tough decision and deciding what to do next. The firm is exposed to various risks and needs to develop a risk management plan in order to manage and mitigate the potential risks that threaten the firm.
Engineers are expected to constitute their professional decisions through the engineering code of ethics. But what is the right decision when their judgment is overruled by securing their employer’s profit under circumstances that endanger their customer’s property? This was Shane’s dilemma when 1 out of 150 chips were found defective in his chip production line. Discarding the defective chips was generating an $8,671.00 loss to the company; thus Rob, his manager, proposed to release all chips to the market without previous quality control. As an engineer, Shane must protect his employer’s reputation, his customer’s welfare, and ultimately, the safety and public health. He must not follow Rob’s recommendation of ceasing quality control in his production line because this would threaten the three entities that the engineering code of ethics requires him to protect.
Principle of Security Management by Brian R. Johnson, Published by Prentice-Hall copyright 2005 by Pearson Education, Inc.
[7] Garret, R.o.n. & Lewis, J.e.n.n.i.f.i.e.r. (n.d.). Ethical issues in Software development. Retrieved from http://www.scribd.com/doc/10880744/Ethical-Issues-in-Software-Development
For every technological introduction or advancement, there are consequences which come with it. This excludes not those that come with introduction of management information systems in companies. The modern society is entirely depended on information systems. Failure of these systems, today, can be declared as end of humanity. Worse enough is that there is a generational shift whereby future generations will not live without information systems that manage information. However, latest evaluations of the impact of management information systems have proven that there are chances, which are very high, of ethics being abused at the work place. Both the employees and the employers, are guarded by certain cord of ethics which aim at regulating the dignity of everybody at working place; and how far one party can be influential on the other especially on matters pertaining privacy. Profit making goals should not, by any means, overlook the importance of working ethics. This paper endeavors to explore areas of major concern where working ethics are likely to be compromised or have already been compromised at the working place due to institution of management information systems. Nevertheless, this research does not underscore the importance of these systems at the working place. The aim is to expose the negative impacts that might result from misuse of management information systems. These impacts can emanate from either party that forms part of the organization. In this case, mostly, it is either from the employee or the employer.
This report aim to explain how is achieved risk control through strategies and through security management of information.