Computer Science Homework Help
ISM 644 Ashford University Codes of Conducts for IS Professionals Discussion
Please provide a response to each discussion question
For #1 and #2 here are the requirements:
There are several professional codes of conducts for IS professionals which are designed to guide their professional behaviors. For this discussion forum, select two Information Systems codes of conduct and address the elements below. Your initial post should be a minimum of 300 words.
- Describe each conduct code, explaining the emphasis of each.
- Compare and contrast the conduct codes for similarities and differences.
- Explain which code you would choose to follow and provide a rationale for your choice.
Evaluate your peer’s description of each code of conduct and comparison of the similarities and differences. Do you agree with your peer’s response? Why or why not? Determine if your peer has sufficiently supported their position and provided a valid argument. Offer at least one aspect that your peer could address in order to improve their argument. Your response should be a minimum of 200 words.
#1. O.O
According to Reynolds (2015), Electronic Industry Citizenship Coalition (EICC) was established by ICT industry to promote a common code of conduct that focuses on workers safety and fairness, environment responsibility, and business efficiency. The code of conduct was established to define performance, compliance, auditing, and reporting guidelines across five areas of social responsibility: labor, health and safety, environment, management system, and ethics (Reynolds, 2015). For the purpose of this assignment, I will choose Health and safety and ethics as my choice for comparison and discussion.
Health and safety as defined by Reynolds (2015) is the ability of an IS employee to minimize work-related injuries or illness as well as creating a safe and health work environment that enhances the quality of products and services, consistent productivity and worker retention and high morale.
Ethics- employees are required to uphold the highest standard of ethical conduct to achieve social responsibility and success such as business integrity, fair business, proper disclosure of information, intellectual property, privacy, and many others (Reynolds, 2015).
The similarity in relation to the two codes of conduct include doing the job morally right alongside ensuring the work environment is conducive to work physically. The ability of an employee to ensure the work environment is safe physically is relative to health and safety while ethically, it deals with the mental aspect of ensuring decisions are taken ethically and morally.
The difference is also quite close to the similarities where one has to deal with the physical environment and risk to physical health (health and safety), the other (ethics) focuses on getting the mental behavior to act in a morally accepted way.
I chose ethics over health and safety not to displace or disregard its importance, but I find ethics to be very essential to any business especially when it poses several risks and damage to the firm. Health and safety issues can be controlled and contained if the rules and policies are followed while ethics deals with a lot of uncertainties and mental decisions of what is ethically right or wrong.
#2. Zach
The SANS IT code of ethics, developed in 2004, emphasizes honesty, integrity, and professionalism. Their core values consist of striving for excellence by seeking out new information, maintaining professionalism by adhering to industry best practices, and ensuring privacy through the secure and permissible use of information (SANS, 2004). One part in particular from this code of ethics that I found inspiring was the importance of sharing knowledge to “so everyone gains the benefit of each other’s knowledge” (SANS). The other is the focus on anti-discrimination, which is important in the IT field, which has traditionally been predominantly white and male.
The ACM/IEEE-CS Software Engineering Code, published in 1997, puts a focus on software development being a “beneficial and respected profession” (Software Engineering Code, 1999). This code of ethics attempts to achieve this through a focus on ethic responsibility to the public. Some principles that I found particularly poignant were the ones that focus on management practices and improvement of self.
The main difference between the two codes is the main focus of each. For the SANS IT code of ethics the focus is on self-honesty, integrity, and confidentiality. For the ACM/IEEE-CS Software Engineering Code they focus more on maintaining business professionalism.
If I were to choose one code to follow it would be the SANS IT code. I value its more modern approach to software development in regards to anti-discrimination and privacy. I especially like the part that says, “I respect human dignity.” It also promotes more of a self-learning environment where developers should not be afraid to ask questions and seek out knowledge of things that they might not know. This is the type of work environment that is open to everyone, where collaboration can come easily.
For #3 and #4 here are the requirements:
You are the CIO of a developing American technology company with over 500,000 customers. The federal government has contacted the Board of Directors of your company seeking the company’s participation in allowing the federal government backdoor access to your company’s technology for the reasons stated above. The Board seeks your professional advice and opinion on whether the company should freely give the federal government this type of access to your company’s technology. You need to provide guidance to the Board.
In a minimum of 300 words, explain whether technology companies should voluntarily grant the federal government backdoor access to a company’s technology (specifically their encrypted technology), providing legal and ethical rationale(s) for your determination. Support your position with evidence from your readings.
Analyze at least two of your peer’s responses. Whether or not you agree with your peer’s response, determine if they have sufficiently supported their position and have a valid argument. Offer at least one aspect that they could address in order to improve their argument. Your response should be a minimum of 200 words.
#3, Matthew
This is an interesting question because on one hand providing specific branches of the government access to the tools they need to protect the United States from acts of terrorism is doing your country a service. On the other hand, intentionally implementing vulnerabilities within your secure data system seems asinine. The F.B.I. and Department of Justice seem to think that a decryption device can be engineered that will not create vulnerabilities in security systems that hackers can take advantage of. “Proposals that involve giving the keys to customers’ device data to anyone but the customer inject new and dangerous weaknesses into product security” (Federighi, 2018 as cited in Savage, 2018). The legal side of this argument is that when someone commits a crime and law enforcement needs access to their device data or other personal data, they should have a safe method of retrieving it. However, they should not just be handed the keys to all of the data granting them access to every customer.
From an ethical stance, this becomes a breach of trust with customers and clients. The idea of knowing that the U.S. government can access anyone’s personal data. If customers begin to lose trust in companies, they will eventually pull their business from that company. Whittaker believes that tech companies have every legal and moral right to provide data protection, from every adversary, to their customers by any legal means possible (Whittaker & Crichton, 2020). The idea of eliminating or reducing encryption so the government can access what they want is ludicrous. What the government desires are the equivalent of putting a normal backdoor with a deadbolt on it at Fort Knox. I believe the government should have access to the information they need if it is being used for a legitimate legal process. However, they should only be granted access to that specific access and not handed keys that can allow them access everything whenever they decide they need access.
My answer to the board would be absolutely not. Implementing an intentional security vulnerability and allowing the government access as they see fit is a breach of trust with company customers. If the government were to provide legal documentation explaining exactly what they need access to, I would recommend cooperating and providing only that information without providing access to company servers.
#4. O.O
As the CIO of a technology company, I would advice the company does not voluntarily grant the federal government backdoor access to the company’s technology (specifically the encrypted technology). Backdoor access to a company’s technology means the federal government want to be able to access encrypted information without customer or even company’s authorization once granted (which means they would be able to access information at anytime) (Hall, 2016). Although there are good and reasonable grounds for wanting access, but the risk to the business and also clients can be to risky to give such access.
Risk include authorized access to the federal government that also cause other hackers, cybercriminals and malicious attackers ability to gain access through the backdoor platform under the disguise of the government trying the access information. Hall (2016) calls it user security undermined where the company may not be able to control who is trying to exploit the backdoor security. When an organization is limited in its ability to control its security system and who accesses it, it is exposed to security vulnerabilities and could have serious devastating negative effects to both the company and its customers.
Risk of losing client’s trust and loyalty when they find out that the company they entrust their information with is sharing that information with the federal government without their consent. Current clients could end business relationship and switch over to another competitor that secures their data while clients may not be inclined to buy such products. This in turn could cause the company to go out of business or bankrupt.
Risk of legal lawsuit from exposed client information that lead to physical, mental, material or non-material damage to the client. This poses a huge financial responsibility depending on how many client’s data was impacted.
I think the federal government needs to find other ways to access information that they need without putting businesses and client’s information at risk for performing their duties to the country and its citizens.