Research Paper on Ethics and Cybersecurity Awareness

Introduction

Information systems have become an integral part of society. Most businesses use information systems to increase their online visibility. These systems sometimes contain sensitive business and organizational information. As such, information system professionals need to know how to use ethical security principles and processes in their corporations. The application of proper policies and standards ensures that organizational data is secured from unauthorized access (Kostopoulos, 2017). Moreover, data protection ensures the effective running of activities in an organization. This paper will examine the Techfite case study to analyze the ethical and security issues, and they apply to information security.

Ethical Guidelines Relating to Information Security in Techfite Case Study

Techfite case study presents various important information system security ethical principles. Firstly, all professional duties need to be executed with the utmost integrity and diligence as stipulated in the work agreement laws. All workers need to perform their responsibilities with the highest level of transparency, attentiveness, and perfectly by following organizational values (North, M.M, Richardson, and North, S.M, 2017). Secondly, all sensitive information encountered on the job should be handled with respect and kept confidential. Private data from clients or companies should not be revealed to unauthorized people.

Additionally, the professional profiles of employees, clients, and employers should not be derided or intentionally revealed to people. Also, workers should not indulge in any form of activities that may create a conflict of interest. Moreover, all the tasks should be executed in a manner that promotes ethical information system practices.

Justification of Ethical Guidelines

Prominent organizations have a set of policies that govern the conduct of their staff regarding the use of information systems. For instance, the international information systems security certifications consortium defines professional responsibilities by asserting that people should "act honestly, respectfully, legally, truthfully, and responsibly" (Inc Bizmanualz, 2015). Also, the information systems security international association (ISSIA) asserts that data privacy should be maintained. ISSA code of ethics affirms the significance of best practices in professional performance and forbids interactions that could be developed to propagate conflicts of interest. Moreover, the American society for industrial security (ASIS) addresses professional reputations by pronouncing that individuals should not maliciously destroy the professional reputations of their coworkers, employers, or clients. Thus, Techfite can also apply such standards to reinforce ethical practices among its staff.

Description of Behaviors that Led to Unethical Practices

A significant number of people and groups of individuals demonstrated behaviors that led to unethical practices in Techfite Company. Firstly, Carl Jaspers, the head of the applications division did not protect sensitive data. This prompted unethical surveillance of data by unauthorized people within the organization. Moreover, Jaspers had an association with Nadia Johnson, the IT security analyst that clearly illustrated a conflict of interest. Jasper's relationship with Johnson was would easily raise suspicion to any person with a basic understanding of IT security. For instance, Jaspers always gave positive recommendations about Johnson during annual reviews. This enabled her boss the Chief information security officer to promptly raise Johnson's salaries and promotions. Additionally, Johnson was a prolific visitor of Jasper's social events as evidenced in her social media posts. One post showed Johnson thanking Jasper for buying her birthday present.

Factors that Led to Lax Ethical Behaviors at Techfite

Negligence and carelessness in job responsibilities was the primary cause of unethical practices at Techfite. Firstly, the company's information security officers neglected to monitor the internal network and activities. This led workers to access sensitive client information freely. Due to unauthorized access, orange leaf suffered due to the divulgence of their business plans. Also, the chief information security officer did not enforce a data loss prevention policy on sensitive information. The lack of standards to govern data loss prevention allowed unethical transactions to be conducted without worry because the perpetrators knew that no internal rule would be applied against them in case of an audit. The chief information security officer failed to develop a structure for the escalation of privileges. Lack of privilege escalation would create confusion during audits to ensure that the perpetrator of an illegal action is not easily identified. Moreover, information security officers failed to audit user accounts regularly. The absence of audit allowed users to access and conceal sensitive data about clients that they used for unethical practices.

Information Security Policies that may have prevented the Unethical Practices

IT policies govern staff uses of information system resources in an organization. In Techfite Company the security professionals would have implemented a passwords security policy in their operation. A password security policy allows workers to access information that they have been authorized. Password policy segments workers' access to information and creates accountability in case of a security breach (Inc. Bizmanualz, 2015). For example, a computer can be portioned to contain an administrator and a user account. If a breach occurs in the administrator account, then it would be easier to identify the specific person who caused the problem.

Additionally, the password policy allows the escalation of privileges. There are some actions that a user cannot perform in an information system. Such actions are only within the jurisdictions of an administrator. As such, the password policy reduced the risk of unauthorized activities in the system. If Techfite would have applied the password policy, then there would have been an escalation of privileges thus preventing authorized access of data.

Employees are expected to observe certain standards of job performance and appropriate conduct. Techfite Company ought to have adopted employee conduct as one of its policies. Employee conduct regulates employees' behavior and helps to install ethical practices during job performance (McIlwraith, 2016). Such a policy would have provided employees with acceptable conduct and performances. Employees' conduct policy would have enabled Jaspers and Johnson to behave ethically and carry out their responsibilities as expected. For example, if they would have been guided by employee conduct policies, they would not have engaged in a relationship that was aimed at perpetuating a conflict of interest.

How the SATE Program will be Communicated to Techfite Employees

Security awareness training and education can help reduce information system risks in organizations. It is crucial to ensure that the staff members get the right training in regards to information system use. One method that can be used to communicate on the right use of information systems in Techfite is by conducting regular training. User training should be undertaken in small bits to allow members to understand the different security mitigation concepts. Trainers can organize their programs such that they take short time. For instance, three training programs can be conducted in a day each lasting for fifteen minutes.

Moreover, security trainers can prioritize offering security tips every month. The tips should be objective on particular security concerns. For instance, the security team can prepare one-year monthly security alerts for different threats. Security personnel should provide comprehensive training on different kinds of threats in regards to how an individual can identify them and the control processes.

Justification for SATE Program's Relevance to Mitigating the Undesirable Behavior at Techfite

User training should be objective and easy to understand. Techfite Company should adopt regular user training because it is very effective. For instance, it is often much more effective to train a person for two minutes each day than to train an individual for two hours once a month. Users concentrate for short spans and tend to forget very quickly. As such, offering short training every day will ensure that users have enough time to digest the training each day. Objective learning is very useful in bringing out the required outcomes. SATE learning should be conducted objectively, for example by offering a security tip at the end of each month. This ensures that one securing threat is presented and explained to the users. Extensive training can ensure that users understand the security threats and vulnerabilities in their systems. This knowledge can help information system users in Techfite Company to look for better ways of mitigating threats.

Conclusion

Information systems contain important data about companies and organizations. Information security officers should look for ways of practicing ethical principles during their professional practice. Moral principles ensure that data is handled with the utmost integrity and does not land in unauthorized hands. Techfite Company suffers from unethical practices in information handling that have led to poor data integrity. The company needs to apply the password and employee conduct policies in their practice to ensure proper handling of information by users. Objective user training should be conducted frequently to ensure all staff members have the necessary knowledge of ethical principles required during information handling.

References

Coteanu, C. (2017). Cyber consumer law and unfair trading practices. Abingdon, Routledge.

Inc Bizmanualz (2015) Computer and IT policies and procedures manual. St. Louis, Missouri: MO, Bizmanualz Incorporated.

Kostopoulos, G. (2017). Cyberspace and cybersecurity. Boca Raton: FL, CRC Press.

McIlwraith, A. (2016). Information security and employee behavior: how to reduce risk through employee education, training, and awareness. Abingdon, Routledge.

North, M. M., Richardson, R., & North, S. M. (2017). Information Security and Ethics Awareness: A Concise Comparative Investigation. Quality-Access to Success, 18(160).