ISM 6367 Strategic Information Systems Ethics in Information Management

1
ISM 6367Strategic Information SystemsEthics in
Information Management
2
Introduction

• What are some of the challenges of insuring the
  ethical use of IT?
• Mason identified four areas of information
  control. What are they and why are they
  important?
• What are normative theories of ethics concerned
  with?
• Why are most managers ill-equipped to handle
  ethical issues in organizations?
• What can managers do to insure that IT is handled
  ethically?

3
Key Areas of Managerial Concern
4
Privacy

• Those who possess the best information and know
  how to use it, win.
• However, keeping this information safe and secure
  is a high priority
• Privacy the right to be left alone.
• Managers must be aware of regulations that are in
  place regarding the authorized collection,
  disclosure and use of personal information.
• Safe harbor framework of 2000.

5
Accuracy

• Managers must establish controls to insure that
  information is accurate.
• Data entry errors must be controlled and managed
  carefully.
• Data must also be kept up to date.
• Keeping data as long as it is necessary or
  legally mandated is a challenge.

6
Property

• Mass quantities of data are now stored on
  clients.
• Who owns this data and has rights to it is are
  questions that a manager must answer.
• Who owns the images that are posted in
  cyberspace?
• Managers must understand the legal rights and
  duties accorded to proper ownership.

7
Accessibility

• Access to information systems and the data that
  they hold is paramount.
• Users must be able to access this data from any
  location (if it can be properly secured and does
  not violate any laws or regulations).
• Major issue facing managers is how to create and
  maintain access to information for society at
  large.
• This access needs to be controlled to those who
  have a right to see and use it (identity theft).
• Also, adequate security measures must be in place
  on their partners end.

8
Normative Theories of Business Ethics

• Managers must assess initiatives from an ethical
  view.
• Most managers are not trained in ethics,
  philosophy, and moral reasoning.
• Difficult to determine or discuss social norms.
• Three, often conflicting, perspectives
• Stockholder theory
• Stakeholder theory
• Social contract theory

9
Stockholder Theory

• Stockholders advance capital to corporate
  managers who act as agents in advancing their
  ends.
• Managers are bound to the interests of the
  shareholders (i.e., maximize shareholder value).
• Managers duties
• Bound to employ legal, non-fraudulent means.
• Must take a long view of shareholder interest,
  which my conflict with a short view.

10
Stakeholder Theory

• Managers are entrusted with a fiduciary
  responsibility to all those who hold a stake in
  or a claim on the firm.
• Stakeholders are
• Any group that vitally affects the corp. survival
  and success.
• Any group whose interests the corp. vitally
  affects.
• Management must enact and follow policies that
  balance the rights of all stakeholders without
  impinging upon the rights of any one particular
  stakeholder.

11
Social Contract Theory

• Consider the needs of a society with no
  corporations or other complex business
  arrangements.
• What conditions would have to be met for the
  members of a society to agree to allow a
  corporation to be formed?
• Corporations are expected to create more value to
  society that it consumes.
• Social contract
• 1. Social welfare corporations must produce
  greater benefits than their associated costs.
• 2. Justice corporations must pursue profits
  legally, without fraud or deception, and avoid
  actions that harm society.

12
Comparing the Theories
13
Emerging Issues

• Outward transactions with a focus on the customer
• Timely disclosure of harmful events
• Internal issues related to employees and
  information
• Exert a higher level of control over employees
  for ethics
• Email, instant messaging and blogging have
  replaced traditional communications and pose
  unique issues
• Many companies are turning to programs that
  monitor employees online activities
• Managers must be careful to create an atmosphere
  that is amenable to IS use
• Ethically, managers are obliged to consider the
  welfare of their workers

14
Ethics and the Internet

• The Internet crosses international boundaries
  posing challenges that are not readily resolved.
• Different cultures, laws, customs, and habits
  insure that different countries police the
  Internet in very different ways.
• Managers face challenges in navigating their
  organizations through the murky waters of ethical
  use of the Internet.
• Example Free speech and censorship.
• The U.S. provides for free speech protection, but
  other countries do not.
• An Internet code of ethics by the IFIP is being
  debated.

15
Security and Controls

• Ernst and Young survey suggests that most
  companies rely on luck rather than proven IS
  controls
• Companies turn to technical responses to deal
  with security threats (worms, viruses, etc.)
• Managers go to great lengths to make sure that
  their systems are secure
• Firewalls, IDS systems, password systems, and
  more.
• Future solutions will include hardware and
  software.
• Managers must be involved in the decisions about
  security and control

16
Sarbanes-Oxley Act

• The Sarbanes-Oxley Act of 2002 was enacted to
  increase regulatory visibility and accountability
  of public companies and their financial health
• All companies subject to the SEC are subject to
  the requirements of the act
• CEOs and CFOs must personally certify and be
  accountable for their firms financial records
  and accounting
• Firms must provide real-time disclosures of any
  events that may affect a firms stock price or
  financial performance
• IT departments realized that they played a major
  role in ensuring the accuracy of financial data

17
IT Control and Sarbanes-Oxley

• Five IT control weaknesses were uncovered by
  auditors
• Failure to segregate duties within applications,
  and failure to set up new accounts and terminate
  old ones in a timely manner
• Lack of proper oversight for making application
  changes, including appointing a person to make a
  change and another to perform quality assurance
  on it
• Inadequate review of audit logs to not only
  ensure that systems were running smoothly but
  that there also was an audit log of the audit log
• Failure to identify abnormal transactions in a
  timely manner
• Lack of understanding of key system configurations

18
Summary

• Ethics is important to the IS field particularly
  since new technologies and innovations are
  arriving at an untold pace
• IS professionals must seek to uphold the ethical
  handling and dissemination of information
  adhering to international, federal, state, and
  local laws concerning the ethical handling of
  data under their supervision.
• Improper handling and use of IS can lead not only
  to internal organization problems but to legal
  problems as well.
• Dont jeopardize your future by the mishandling
  of IS