IT security personnel have extended capabilities when it comes to network access, as a matter of fact, they are capable of accessing confidential data transmitted by their network users for instance when using emails or any other communication medium. To an extent, it is justifiable to monitor the e-mails sent or received to ensure the company’s rules and regulations are met. However, there should be an extent to which this right is practised. Moreover, the users must be notified of the existing management policies before embarking on their duties.
A company may have the legal mandate to monitor its employee’s communication channels more so, e-mails due to the sensitivity and confidentiality of the data sent. However, regardless of the legal obligations, two issues will always arise: one, identifying who owns and to an extent stores the emails; two, employee’s expectations i.e. do they expect their communications to stay private or not.
Legally speaking, companies who own and store their employee’s emails can read them willingly, however, ethically there should be a limit to this access [2]. Moreover, employees should be notified of this access regularly to invoke their awareness especially when personal emails are in consideration. Furthermore, with the advancement in technology better management tools can be used to filter transmitted data to maintain a little form of confidentiality. Nevertheless, despite the rules and regulation, the overall access will depend on the IT experts whose moral and ethical values should be upright when managing their networks.
In conclusion, from an ethical standpoint companies should have zero access to employee’s personal emails and if they hold any reservations should block all access to them while employees are in the workplace environment. This outcome can prevent many issues and maintain the company’s integrity.
When a company led by its IT security expert’s monitors its employee’s browser activities they invoke a serious ethical dilemma. On one hand, the company is trying to protect its integrity by ensuring users access the rightful sites however, they also deliberately invade the user’s privacy. Nevertheless, it is acceptable to monitor web activities particularly, when you consider the current trends in cyber systems that may use employee’s naivety to access a company’s confidential information [3].
However, in an endeavour to maintain a company’s integrity and security measures organisations stand to raise some serious trust issues with their employees. Therefore, employees will inherently develop trust issues with their company and in the process will exhibit privacy concerns about the access procedures used by the organisation [4].
Now, countless studies have shown the importance of employee engagement in improving their performance and the productivity of a company as a whole. The relationship developed between employees and the company determines the level of engagement which can be seriously affected if trust issues are observed. Therefore, monitoring a network and it website usage will affect the relationship developed causing the employees to be more reserved and private with their activities. However, failing to enforce these assessment procedures may lead to serious consequences such as access to pornographic material or even security breaches. Furthermore, personal privacy is at stake where users will assume total control of what they browse, however, clear guidelines should be set before employees develop these assumptions [5].
IT professionals should set a good example to employees by enforcing the company’s access policies across all levels of an organisation. As experts, they should not seem to have a higher privilege (although they do) than normal users. This outlook can improve the relationships developed and minimise the privacy and trust issues in a workplace environment.
Key loggers are a strong security measure that records every key pressed by a user, therefore, when installed in an employee’s workstation the company deliberately infringes all the privacy laws/policies. Similar outcomes are also seen when screen capture programs are employed. However, in some facilities, especially financial institutions, workers such as tellers may have these security measures but with their conceit where they are informed prior to their implementation [1].
Employing key loggers and screen capture programs expose any company to the following issues: one, privacy infringement and two, usage/security concerns. This outcome is owed to the extended access that is given to the management on behalf of the employee’s activities. Unlike any other management tools that assess specific data, these tools monitor each and every content accessed by a user [7].
Let’s take an example of an employee who tries to access their own bank accounts or any other confidential details. While accessing a private account, the employee will key in authentication parameters such as usernames and passwords. Moreover, they might have to use other confidential details such as social security numbers or other identification details. In the process, all their details are captured by the said access programs in order to protect the company’s interests. This means the IT expert or management can access this information and do whatever they desire with it. Therefore, by informing the employees of the management tools (key loggers and such) they can avoid using their own personal and confidential information, thus protect their confidential systems.
Users should be informed of any assessment tools used a given company to allow them to make the appropriate decisions when dealing with their own confidential/private systems. Furthermore, this outlook stands as a legal and ethical obligation as it directly affects the security of the users.
For security reasons and resource accountability, IT professionals usually have extended access to users resources such as the files they save be it on their computers or file servers. This accessibility protects a company’s integrity and also manages the authorization activities. However, where does one draw the line so as to maintain the user’s privacy?
Just because they can, IT professionals should not access all the files such as graphics stored by a user in a given network. In fact, their access should be limited to promote a sense of accountability on behalf of both the IT experts and the employees. However, this scenario does raise several serious ethical/legal issues, for instance, resource ownership (who owns the files or graphics) and two, system integrity [2].
Users should respect a company’s integrity by following the rules and guidelines set by an organisation. However, this outcome is rarely the case with most users always attempting to ‘test the system’ by installing unacceptable programs and files. Moreover, some files such as graphics may hold malware meant to infringe computers system. Therefore, an access policy should be put in place to facilitate access to these resources, however, it should be based on the resources owned by the organisation and not the individual in question. Yes, we must maintain the integrity of an organisation but in case a user uses his own device (BYOD) he should be permitted to have his/her own privacy despite being able to access to the device while it’s connected to the network.
An IT expert may have all the legal justifications to access his user’s information, from documents to pictures, however, his moral code should drive him when performing his duties. Nevertheless, he should enforce strict access guideline for company’s resources such as file server but maintain a watchful eye for resources owned by individuals.
It’s always said that the customer is always right, however, this mantra should be guided with the proper technical and ethical know how. A client may desire to lower the implementation cost of a given IT system that later will affect its security. In such a situation, the duty falls on the security professional to guide the client on the consequences of his/her actions.
Let’s take a scenario where as a professional I agree to enact the minimal security procedures the client proposes. While pleasing the client, I expose the user to many security violations while at the same time indirectly affect my own personal integrity. There may be an off chance the implemented system works but too many outcomes stand to go wrong [8].
Two issues are highlighted in this case, security violations and personal integrity, consider a client who proposes minimal security procedures because he anticipates fewer security violations. In the process, he fails to enact security technologies such as firewalls and other access control procedures and in their place uses a common anti-virus application. Later on, the said system fails after an intrusion in the disguise of a promotional email sent to the said client. As a consequence the client losses data, time and monetary resource in order to reactivate the system. Moreover, he/she loses confidence with the expert who set it up. Therefore, although it’s difficult to go against customer wishes, an IT expert should have a clear mental picture of the future more so, when performing their professional duties [4].
A serious personal and ethical dilemma is exhibited by this scenario, on one hand, an expert may stand to lose a client if he/she appears to go against the wishes of the client. However, at the same time, the expert may lower his credibility in case he implements a weak security system which later fails. Therefore, as an IT professional I would prefer to look at the bigger picture and stand my ground on the appropriate security measures.
References
[1] D. Shinder. (2005). Ethical Issues for IT Security Professionals. [Online]. Available FTP: https://techgenix.com/ethical-issues-it-security-professionals/
[2] S. Nasiri. (2012). Can company read personal e-mail sent at work? IT manager daily. [Online]. Available FTP: https://www.itmanagerdaily.com/can-company-read-personal-e-mail-sent-from-work/
[3] C. Laine. (2016). Computer Security Ethics. [Online]. Available FTP: https://chrislaineblog.wordpress.com/2016/03/25/computer-security-ethics/
[4] D. Shinder. (2005). Ethical issues for IT security professionals. Computer World IDG. Available FTP: https://www.computerworld.com/article/2557944/security0/ethical-issues-for-it-security-professionals.html
[5] G. Reynolds. (2014). Ethics professionals. Ethics for IT Professionals and IT Users. [Online]. Available FTP: https://mykacabalse.blogspot.co.ke/2014/01/ethics-in-information.html
[6] S. Ehigie. (2015). Ethical issues that IT professionals face. Loughborough University. Available FTP: https://www.linkedin.com/pulse/ethical-issues-professionals-face-smiles-ehigie
[7] W. Lopez, H. Guerra, E. Pena, E. Barrera & J. Sayol. (2012). Key loggers. [Online]. Available FTP: https://web.eng.fiu.edu/~aperezpo/DHS/Std_Research/Keylogging%20final%20edited%202.0%20.pdf
[8] H. Tavani. (2013). Ethics and technology, controversies, questions, and strategies for ethical computing. Wiley, 4th. [Online]. Available FTP: https://www.just.edu.jo/~mqais/CIS200/Ethics_and_%20Technology.pdf
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download