Embed Size (px)
Citation preview
EthicsUnit-I-An Overview of Ethics
11 WHAT IS ETHICS bull Each Society forms a set of rules that establishes the boundaries of generally accepted behavior bull These rules are often expressed in statements about how people should behave and they fit together to form the moral code by which a society lives Definition of Ethics Ethics is a set of beliefs about right and wrong behavior Ethical behavior conforms to generally accept social norms many of which are almost universal A personrsquos opinion of what representing ethical behavior is strongly influenced by a combination of family influences life experiences education religious beliefs personal values and peer influences The Importance of Integrity (Honesty) bull As a child we may have been taught not to lie cheat or steal or have anything to do with those who do bull As an adult who makes more complex decisions we often reflect on our principles when we consider what to do in different situations bull Is it ok to lie to protect some onersquos feelings Can we keep the extra change we received from a cashier who mistook our 100Rs with 200Rs bull A person who acts with integrity (Honesty) acts in accordance with a personal code of principals- integrity is one of the cornerstones of ethical behavior bull Example we might believe it is important to do as our employer requests and it is fairly compensated for our work However if our employer insists that we should not report any overtime hours due to budget constraint a moral conflict arises We can do as our employer requests or we can insist on being fairly compensated bull Another form of inconsistency emerges if we apply moral standards differently according to situations bull Example we might consider it morally acceptable to tell a little white lie to spare a friend some pain or embracement bull But would we lie to a colleague or customer about a business issue to avoid unpleasantness bull Note Many Ethical dilemmas are not about right verses wrong but involves choices between right verses right bull Example it is right to protect the Alaskan wildlife from being spoiled and it is right to find new sources of oil to maintain US reserves but how do we balance these two concerns
12 ETHICS IN THE BUSINESS WORLD
bull Ethics has risen to the top of business agendas because the risks associated with inappropriate behavior have increased both in their likelihood and their potential negative impact bull Several corporate trends have increased the likelihood of unethical behavior bull Employees shareholders and regulatory agencies are increasingly sensitive to violations of accounting standards failures to disclose continuous changes in business conditions to their investors and doing production of unsafe products bull Such heightened vigilance raises the risk and financial loss to the companies who do not promote ethical practices
121 Why Fostering Good Business Ethics is Important Corporate have at least five reasons for promoting a work environment in which they encourage employees to act ethically when making business decisions 1 To gain the Goodwill of the Community 2 To create an organization that operates consistently 3 To produce good business 4 To protect the organization and its employees from legal action
Page 1 of 18
5 To avoid unfavorable publicity To gain the Goodwill of the Community o Although organization gives importance to earn profit or to provide services to customers they also have some basic responsibility in the society o Their social responsibility includes making contribution to charitable organizations and non profit organizations o The goodwill (Kindly Feeling) that socially responsible activities create will help the organizations to grow in their business o Ex a company known for treating its employees well will find it easier to compete for the best job candidates o On the other hand companies viewed as harmful to their community may suffer a disadvantage Creating Organization that operates consistently Although each companyrsquos value system is different many share the following values o Operate with honesty and integrity staying true to corporate principles o Operate according to standards of ethical conduct in words and actions o Treat colleagues customers and consumers with respect o Accept personal responsibility for actions o Value diversity o Make decisions based on facts and principles Good Ethics can mean Good Business o In many cases good ethics can mean good business and improved profits o Companies that operate excellent services maintain their customers instead of losing them to the competitors o Companies that develop and maintain strong employee relations suffer feour turnovers and enjoy better employee morality Protecting the corporate and its employees from legal actions o Identify its core beliefs o Understand the strength and weakness its culture and organizational capacities o Scan its business environment and find what pressure the organization faces o Determine its goals and objectives and what outcome should be expected of the program o Design implement and enforce a program that will ldquoexercise to prevent detect and report criminal conduct in accordance with the lawrdquo o Regularly evaluate its programs to determine if it is effective or not Avoiding unfavorable publicity o The Public reputation of a company strongly depends on its stocks customer feedback the companyrsquos product and service and the amount of support it receives from government corporate business partners o Thus some companies are motivated to build strong ethical programs to avoid negative publicity o If an organization is perceived as operating ethically customers consumers business partners shareholders consumerrsquos advocates financial institutions and regulatory bodies will regard it more favorably o Companies that operate unethically often suffer from negative consequences and bad publicity
122 Improving Corporate Ethics The risk of unethical behavior is increasing so the improvement of business ethics is becoming more important The following are some of the actions corporate can take to improve business ethics Appointing Corporate Ethics Officer o Corporate ethics mainly include ethical conduct legal compliance and corporate social responsibility o The primary function of a corporate ethics includes setting standards building awareness and handling internal reports o The corporate officer is a senior-level manager who provides vision and direction in the area of business conduct o Ethics officers come from diverse backgrounds such as legal staff human resource finance auditing security etc o Their role includes ldquointegrating their organizationrsquos ethics and values business conduct practicesrdquo o Typically the ethical officer tries to establish an environment that encounters ethical decision making
Page 2 of 18
Ethical Standards Set by Board of Directors o The board of directors is responsible for the careful and responsible management of an organization o In a for-profit corporation the boardrsquos primary objective is to manage business activities which benefit all the stakeholders shareholders customers consumers and social society o In a nonprofit organization the board reports to a different set of stakeholders particularly the local community that the nonprofit serves o Board is not responsible for day to day management o Board is responsible for supervising the management team Establishing a Corporate Code of Ethics o A code of ethics highlights organizations key ethical issues values and principles that are important to the organization and its decision making o The code frequently includes a set of formal written statement about the purpose organization its values and the principles o An organizationrsquos code of ethics applies to its directors officers and employees o The code of ethics should focus employees on areas of ethics n fostering cultural honesty and accountability in an organization o The code of ethics helps employees behave in an ethical manner
Conducting Social Audits o An increasing number of companies conduct social audits of their policies and practices o In social audit companies identify ethical mistakes what they had done in the past to avoid future o Example each year Intel sets social responsibility goals and tracks results against those goals o Intelrsquos annual report on its social responsibility will be shared with employees shareholders investors customer suppliers and government officials Requiring Employees to Take Ethics Training o The ancient Philosophers believed that personal belief about right and wrong behavior could be improved through education o People can continue their moral development through Education that involves critical thinking and complex issues o Organizations should show employees examples of how to apply the code of ethics in real life o Giving Ethical education programs will encourage the employees to act ethically
Including Ethical Criteria in Employees Appraisals
o Employees are increasingly evaluated on their demonstration of qualities and characteristics o Example In many companies employee appraisal will be evaluated on employees treating with others fairly and operating effectively working good in multicultural environment meets the business needs continually developing themselves and helping others to develop etc o These factors are considered along with more traditional criteria used in performance appraisals like successful completion of project contribution to business aheadrsquos maintenance of good customer relationships etc 123 When Good Ethics Result in Short Term Losses Operating ethically does not always guarantee business success Many organizations have found that the ldquobusiness as usualrdquo climate in some foreign countries can place them at a significant competitive disadvantage 124 Creating an Ethical work Environment Most Employees want to perform their job successfully and ethically but good employees make sometimes bad ethical choices Employees in highly competitive workplace often feel pressure from aggressive competitors unrealistic budgets tight deadlines bonus for meeting performance goals Employees may also be encouraged to do ldquowhatever it takesrdquo to get the job done
Page 3 of 18
Such environment can make some employees feel pressure to engage in unethical conduct to meet management expectations 125 Ethical Decision Making Often in business the ethically correct course of action is clear and easy to follow Exceptions occur however when ethical facts come into conflict with practical demands business Dealing with these situations is challenging and can even be risky to onersquos career Seven steps are summarized below which explains how decisions to be taken i) Get the facts ii) Identify stakeholders and their positions iii) Consider the consequences of our decisions iv) Weigh various guidelines and principles v) Develop and evaluate options vi) Review our decision vii) Evaluate the results of our decision
Getting the Facts o Innocent situations can often become unnecessary controversies because no one bothers to check the facts o Example we might see our boss receive an application form from an applicant and he throws that in the dustbin onersquos the applicant leaves actually our boss has to keep the report for at least a period of one year according to rules We could report to our boss to failure in policies We could be surprised to find actually the situation is different it is not applicant it is a salesman who approached our boss in promoting a product for which the company had no use and the application was marketing literature Identify the stakeholders and their positions o A stakeholder is someone stands to gain or lose from how a situation is resolved o Stakeholders are the people who are going to get affected with the decisions made by the employees o Identifying the stakeholder helps we better understand the impact of decision and could help we make better decisions o We need to find the details about stakeholders like what is at stake for each stakeholder what does each stakeholder value and what outcomes does the stakeholder want Etc
Considering the consequences (results) of our decision o Often our decision directly affects we although we must guard thinking too narrowly and focusing on what is best for we o Another perspective is considering the harmful and beneficial effects our decision might have on the stakeholders o A third perspective is to ask whether our decision will help the organization meet its goals and objectives o Finally we should consider our decisions effect on broader community of other organizations and institutions the public and the environment
Weighting various Guidelines and Principles o Do any laws apply to our decision o We certainly donrsquot want to violate a law that can lead to a fine or imprisonment for ourself or others o If the decision does not have legal implication what corporate policies or guidelines apply o What guidelines does the corporate code of ethics offer o Below are philosophers approach to deal with moral issues Philosopherrsquos theory for ethical decision making Virtue ethics approach Utilitarian approach Fairness approach Common good approach
Page 4 of 18
Virtue ethics approach Virtue ethics focuses on how we should behave and think about relationship if we are concerned with our daily life in a community Utilitarian Approach This approach to ethics decision making states that we should choose the action or policy that has best overall result for all people who are directly or indirectly affected Fairness Approach This approach focuses on how fairly actions and policies distribute benefits and burden of people affected by the decision Common good approach This approach to decision making is based on a vision of society as a community whose members work together to achieve a common set of values and goals Developing and evaluating Options o In many cases we can identify several answers to a complex ethical question o By listing the key principals that need to be applied for decision making this helps we to select two to three best options o Options we select must be ethically defensible Reviewing our Decision o Is the decision consistent with our personal values as well as those of organization o How would coworker stakeholder business partners friends and family regard our decision o Would we see our decision is right good and fair Evaluating the Result of our Decision After the organization implements the decision monitor the result to see if it achieves the desired result and observer its impact on employees and other affected parties 13 ETHICS IN INFORMATION TECHNOLOGY The growth of the Internet the ability to capture and store vast amount of personal data online and greater trust on information system in all aspects of life have increased the risk if using information technology unethically Example that raises public concern about the ethical use of information technology o Millions of people have use peer to peer network download music and movies at no charge and in apparent violation of copyright laws o Organizations contact millions of people worldwide through unsolicited e-mails (spam) at an extremely low cost o Hackers break into database of financial institutions and steal customer information then then use it to commit identity theft opening new account and charging purchases to unsuspecting victims o Student around the world have been caught downloading material from the internet and cheating in downloading the content of question papers o Website plant cookies or spyware on visitorrsquos hard drives to track their internet activities o The general public has not realized the critical importance of ethics as they apply to IT o In the corporate world important technical decisions are often left to the technical experts o General business manager must assume greater responsibility for these decisions but to do so they must be able to make broad minded objective ethical decisions based on technical knowledge and business knowledge o They must also try to create a work environment in which ethical dilemma can be discussed openly objectively and constructively
Notes Helpful for Exams (points to be remembered) 1) WHAT IS ETHICS 2) The Importance of Integrity (Honesty) 3) ETHICS IN THE BUSINESS WORLD I Why Fostering Good Business Ethics is Important 1 To gain the Goodwill of the Community 2 To create an organization that operates consistently 3 To produce good business
Page 5 of 18
4 To protect the organization and its employees from legal action 5 To avoid unfavorable publicity II Improving Corporate Ethics 1 Appointing Corporate Ethics Officer 2 Ethical Standards Set by Board of Directors 3 Establishing a Corporate Code of Ethics 4 Conducting Social Audits 5 Requiring Employees to Take Ethics Training 6 Including Ethical Criteria in Employees Appraisals III When Good Ethics Result in Short Term Losses IV Creating an Ethical work Environment V Ethical Decision Making a) Get the facts b) Identify stakeholders and their positions c) Consider the consequences of our decisions d) Weigh various guidelines and principles e) Develop and evaluate options f) Review our decision g) Evaluate the results of our decision
Unit-II ETHICS IN IT-PROFESSIONALS AND IT-USERS
Ethics for IT Professionals and IT Users OBJECTIVES
bull What key characteristics distinguish a professional from other kinds of workers and what is the role of an IT professional
bull What relationships must an IT professional manage and what key ethical issues can arise in eachbull How do codes of ethics professional organizations certification and licensing affect the ethical behaviour
of IT professionalsbull What are the key tenets of four different codes of ethics that provide guidance for IT professionalsbull What are the common ethical issues that face IT usersbull What approaches can support the ethical practices of IT users
11 IT PROFESSIONALS bull A Professional is a calling that requires specialized knowledge and often long and complete academic preparation bull The US Code of Federal Regulations defines a person ldquoEmployed in a professional capacityrdquo as one who meets these four criteria 1) Onersquos primary duty consist of Performance of work requiring knowledge of an advanced type in a field of science or learning 2) Onersquos instruction study or work should be original 3) Onersquos work is strongly knowledgeable and that exercises discretion and judgment Example ndash Accountants Doctors Lawyers4) Onersquos work is predominantly intellectual and varied in character which cannot be generalized
1) Are IT Workers Professionals IT PROFESSIONALSMany Business workers have duties backgrounds and training that qualifies them to be classified as Professionals o One could argue however that not every IT role requires knowledge of an advanced type in a field of science o According to US Code of definition IT professionals are not recognized as professionals because they are not licensed
bull Partial list of IT specialistsndash Programmers
Page 6 of 18
ndash Systems analystsndash Software engineersndash Database administratorsndash Local area network (LAN) administratorsndash Chief information officers (CIOs)
bull Legal perspectivendash IT workers are not recognized as professionals ndash Not licensedndash IT workers are not liable for malpractice
2) Professional Relationships that must be managed IT Professionals typically become involved in many different relationships In each relationship an IT Professional should act honestly and appropriately Ethics has to be maintained in these relationships
bull IT professionals have many different relationships withndash Employersndash Clientsndash Suppliersndash Other professionalsndash IT usersndash Society at large
Relationship between IT Professional and Employers IT Professional and employers have a critical strong relationship An IT professional and employer discuss and agree upon fundamental aspects of this relationship before the
professional accepts an employment offer These issues include job title general performance expectations specific work -responsibility dress code
location of employment salary working hours etc Example whether an employee can leave early one day if the time is made up on another day Some aspects are addressed to law for example an employee cannot be required to do anything illegal such as
falsify the result of a quality assurance test bull IT professionals must set an example and enforce policies regarding the ethical use of ITbull Software piracy is the act of illegally making copies of software or enabling others to access software to
which they are not entitledbull Software piracy is an area in which IT professionals can be tempted to violate laws and policies bull The Business Software Alliance (BSA) is a trade group that represents the worldrsquos largest software and
hardware manufacturers ndash Its mission is to stop the unauthorized copying of software produced by its members
bull Trade secretndash Information used in businessndash Generally unknown to the publicndash Company has taken strong measures to keep confidential
bull Whistle-blowing ndash Attracts attention to a negligent illegal unethical abusive or dangerous act that threatens the
public interestRelationship between IT Professional and clients In relationship between IT professional and clients each party agrees to provide something of value to the other Generally speaking the IT professional provides hardware software or service at a certain cost within a given time
bull IT professional providesndash Hardware software or services at a certain cost and within a given time frame
bull Client provides ndash Compensationndash Access to key contacts
Page 7 of 18
ndash Work spaceRelationship is usually documented in contractual terms This relationship is usually documented in a contractual terms who does what when the work begins how long it will take how much client pays and so on
bull Ethical problems arise if a company recommends its own products and services to remedy problems they have detected
ndash A company is unable to provide full and accurate reporting of a projectrsquos status
Legal Overview Fraud Misrepresentation and Breach of Contractndash Fraud -Crime of obtaining goods services or property through deception or trickeryndash Fraud is proven in courtndash Breach of contract -One party fails to meet the terms of a contract
bull IT projects are joint efforts in which vendors and customers work togetherndash Difficult to assign blame
Relationship between IT Professionals and Suppliers bull Develop good relationships with suppliers
ndash Deal fairly with themndash Do not make unreasonable demandsndash Bribery -Providing money property or favors to someone in business or government to obtain a
business advantagendash US Foreign Corrupt Practices Act (FCPA) makes it a crime to bribe a foreign official a foreign
political party official or a candidate for foreign political office ndash At what point does a gift become a bribendash No gift should be hidden as Perceptions of donor and recipient can differ
IT Professionals deal with many hardware software and service providers IT professionals must keep good relationship with supplier by dealing very fairly and not making unreasonable demands Threatening to replace a supplier who canrsquot deliver needed equipment tomorrow when the normal industry lead time is one week is aggressive behavior that does not help a working relationship Supplier also tries hard to maintain positive relationships with their customers to make and increase sales Sometimes their actions to achieve their goals might be unethical Example They could offer an IT professional a gift that is actually intended as a bribe Clearly IT Professional should not accept a bribe from a vendor Relationship between IT Professional and Other Professionals
bull Professionals owe each other adherence to a professions code of conductbull Ethical problems between members of the IT profession
ndash Reacutesumeacute inflationndash Inappropriate sharing of corporate information
Professionals feel a degree of loyalty to the other members of their profession As a result they always help each other and slow to criticize each other in public Professionals have interest in their own profession as a whole A number of Ethical Problems can arise between members of the IT profession One of the most common is resume inflation which includes lying on a resume and claiming competence in an IT skill that is in high demandRelationship Between IT Professional and IT Users
bull IT user is a person for whom a hardware or software product is designedbull IT professionalsrsquo duty
ndash Understand usersrsquo needs and capabilities ndash Deliver products and services that best meet those needsndash Establish an environment that supports ethical behaviour by users
Page 8 of 18
bull Actions of an IT professional can affect societyThe term IT User distinguishes the person from whom a hardware or software product is designed from the IT Professional who develop install service and support the product IT Professionals have to understand a userrsquos need and capabilities and to deliver products and services that best meet the needs of users Relationships between IT Professionals and Society Regulatory laws establish safety standards for products and services to protect the public However these laws are less than perfect and they fail to safeguard against all negative side effects of product or process The society not only expects members of a profession not to cause harm but to provide significant benefits Example a system analyst may design a computer based control system to monitor a chemical manufacturing process A failure or error occurs in the system may put workers or residents near the plant at risk 12 THE ETHICAL BEHAVIOR OF IT PROFESSIONALS
bull Corporations are taking actions to ensure good business ethics among employees121 Professional Codes of Ethics
bull A professional code of ethics states the principles and core values that are essential to the work of a particular occupational group
bull Example Doctors stick to varying versions of the 2000-year-old Hippocratic Oath with medical schools offer an affirmation to their graduating classes
bull Most codes of ethics created by professional organizations have two main parts bull The first outlines what the professional organization aspires to become and the second typically lists the rules
and principles by which members of the organization expected to follow i )Main partsndash Outlines what the professional organization aspires to becomendash Lists rules and principles by which members of the organization are expected to abide
ii) Benefits for individual profession and societyndash Improves ethical decision makingndash Promotes high standards of practice and ethical behaviour ndash Enhances trust and respect from the general publicndash Provides an evaluation benchmarkndash Promotes high standard of practice and ethical behavior
bull Note laws do not provide a complete guide to ethical behavior Just because an activity is not defined as illegal does not mean it is ethical One cannot expect professional ethical code to provide answer to every thing However practicing according to a professional code of ethics can produce many benefits for the individuals professionals and society as whole 122) Professional Organizations
a) Professional Organizationsbull No IT Professional organization has emerged to excelling others so there is no universal code of ethics for IT professionals
No single formal organization of IT professionals has emerged as preeminentbull However the existence of such organizations useful in a field that is rapidly growing and changing bull IT Professionals need to know about new development in the field which require networking with others finding new ideas and building personal skills and expertise bull In recognition for the need for professional standards of competence and conduct bull Many organizations have developed a code of ethics Four most prominent IT professional organizations are 1 Association of Computing Machinery (ACM) 2 Association of Information Technology Professionals (AITP) 3 Computer Society of the institute of Electrical and Electronics Engineers (IEEE-CS) 4 Project Management Institute (PMI)
Page 9 of 18
b) Certification Indicates a professional possesses a particular set of skills knowledge or abilities in the opinion of a certifying organizationCan also apply to products Generally voluntaryIT related certifications typically carry no equipment to stick to a code of ethics Carries no requirement to adhere to a code of ethicsVendor certifications
a Some certifications substantially improve IT workersrsquo salaries and career prospectsb Relevant for narrowly defined roles
i Or certain aspects of broader rolesc Require passing a written examd Workers are commonly recertified as newer technologies become available
c) Industry association certificationsa Require a certain level of experience and a broader perspective than vendor certificationsb Lag in developing tests that cover new technologies
Numerous companies and professional organizations offer certifications and opinions are divided on their values Many employers view them as benchmarks that indicate mastery of defined set of basic knowledge On the other hand some may disagree because the candidate may not have experience of it Certifications are again divided in to two types Vendor Certifications Many IT Vendors such as CISCO IBM Microsoft Sun and Oracle offer certification programs for their products Workers who successfully complete a program can represent themselves as certified users of manufacturerrsquos products Industry Associated Certifications Certifications from industry associations generally require a certain level of experience and a broader thinking than vendor certifications however they often lag in developing tests that cover new technology The trend in IT certification is to move from purely technical content to a broader mix of technology business and behavioral competence which are required in todayrsquos competence 4) Government Licensing bull Some Professionals must be licensed to prove that they can do their work ethically and safely including certified public accountants Lawyers Doctors various types of medical and day care providers and some engineers bull People cannot call them as professionals unless they are licensed Most countries have similar laws
bull Generally administered at the state level in the United Statesbull Case for licensing IT professionals
ndash Encourage IT professionals to follow the highest standards of the profession ndash Practice a code of ethicsndash Violators would be punished
bull Generally administered at the state level in the United Statesbull Case for licensing IT professionals
ndash Encourage IT professionals to follow the highest standards of the profession ndash Practice a code of ethicsndash Violators would be punished
The case for licensing IT Professionals The days of simple stand-alone information system are over Modern systems are highly complex Enterprise resource planning Systems (ERPs) help multimillion-dollar companies control all their business functions Complex computers and information systems manage and control the nuclear reactors of power plants that generate electricity for cities
Page 10 of 18
As a result of the increasing importance of IT in our everyday lives the development of reliable effective information systems had become an area of mounting public concern This concern had led to a debate whether the licensing if IT professionals would improve information system Proponents argue that licensing would strongly encouraged IT professionals to follow the highest standards of the profession and practice a code of ethics and that licensing would allow violators to be punished Issues Associated with Governing Licensing of IT Professionals There are very few international or national licensing programs for IT professionals for many reasons 1) There is no universally accepted core body of knowledge 2) It is unclear who should manage the content and administration of licensing exams 3) There is no administrative body to accredit professional education programs 4) There is no administrative body to assess and ensure competence of individual professionals
13 Common Ethical Issues for IT Users IT Professional Malpractice
bull Negligence has been defined as not doing something that a reasonable man would do or doing something that a reasonable man would not do
bull Duty of care refers to the obligation to protect people against any unreasonable harm or risk bull Courts consistently reject attempts to sue individual parties for computer-related malpracticebull Employeesrsquo ethical use of IT is an area of growing concern
Common Ethical Issues for IT Usersbull Software piracybull Inappropriate use of computing resourcesbull Inappropriate sharing of information
ndash Private datandash Confidential information
Software Piracy IT Users are the ones who committed software piracy A common violation occurs when employees copy software from their work computers for use at home It is still called as piracy if they had not paid for it Inappropriate Use of Computing Resources Some employees use their computers to brows some of the popular websites that have nothing to do with their jobs These activities eat away at worker productivity and waste time Inappropriate Sharing of Information Every organization stores vast amount of information that can be classified as either private or confidential An IT User who shares this information with unauthorized party has violated someonersquos privacy Example if an IT users sawrsquos his coworkers salary records and shares it with another then it would be a clear violation of the workerrsquos privacy 2 Supporting the Ethical practices of IT Users
bull Policies that protect against abusesndash Establish boundaries of acceptable and unacceptable behaviour ndash Enable management to punish violators
bull Policy components includendash Defining and limiting the appropriate use of IT resourcesndash Establishing guidelines for use of company softwarendash Structuring information systems to protect data and informationndash Installing and maintaining a corporate firewall
The growing use of IT has increased Ethical problems so many organizations are planning to develop certain policies that protect against these problems Although no policy can stop wrongdoers it can set responsibilities on IT users and enable management to punish violators
Page 11 of 18
The following actions when creating an IT usage policy Defining and limiting the appropriate use of IT Resources Companies must develop communicate and enforce written guidelines that encourage employees to respect corporate IT resources and use them to enhance their job performance Effective guidelines prohibit employees from visiting objectionable internet sites or using company e-mail to send offensive or harassing messages Establishing guidelines for use of company software Company IT managers must provide clear rules that govern the use of home computers and associated software Some companies negotiate contracts with software manufacturers and provide PCs and software so that IT users can work at home Other companies help employeersquos bye hardware and software at corporate discount rates The goal should be to ensure that employees have legal copies of all the software they need Structuring Information systems to protect Data and Information Organizations must implement system and procedures that limit data access to employee who need it Example in Banks a teller should be able to see the account details of customers but a payroll employee doesnrsquot have any need to see the customer details as he is dealing with bank employee details Installing and maintaining a corporate firewall A firewall is a hardware or software device that serves as a barrier between a company and outside world and limits access to unwanted sites from internet The firewall can be configured to serve as an effective factor to unauthorized web surfing CONCLUSION
bull A professional from a legal standpointndash Has passed the state licensing requirements ndash Has earned the right to practice there
bull IT professionals have many different relationshipsndash Each with its own set of ethical issues and potential problems
bull Professional code of ethics ndash States the principles and core values essential to the work of an occupational group
bull Licensing and certification of IT professionalsndash Many people feel that certification will increase the reliability and effectiveness of information
systemsndash Raises many issues
bull IT-related professional organizations have developed a code of ethicsNotes helpful in examination point of viewhellip
Unit ndash III PRIVACY Introduction The use of Information technology in business has made information about people to be gathered stored analysed and reported just by one swipe of a credit or debit card This information is used to know the consumers purchasing habits and financial conditions Organizations make use of various marketing strategies to target the potential buyers This is against the privacy of an individual But on the other hand organizations need the information about their customers to serve them better so there should be a balance between those who gather and use the information against the rights of privacyWhat is PrivacyPrivacy words come from lsquolatinrsquo word ldquorivatesrdquo(separated from the rest) it can be broadly defined as the right to be left alone Privacy may be defined as the claim of individuals groups or institutions to determine when how and to what extent information about them is communicated to othersLegal concept of privacyRight of privacy Privacy is the right of any individual to control the collection and use of information about themselves Privacy has the following four aspects
Page 12 of 18
Protection from unreasonable intrusion upon onersquos isolation such as gathering of details about their web surfing habits etc
Protection from identity theft by inappropriate use of name or likeness Example like stealing of credit cards Social Security Number
Protection from unreasonable publicity of onersquos private life such as revealing condition of health Protection from unreasonable false information such as giving false information about a person in the
internet media etc What is AnonymityAnonymity means that the real author of a message is not shown or his identity is hiddenAnonymity can be implemented to make it impossible or very difficult to find out the real author of a message
Key Privacy and anonymity issues Government electronic surveillanceObserving or listening to persons places or activitiesmdashusually in a secretive or unobtrusive mannermdashwith the aid of electronic devices such as cameras microphones tape recorders or wire taps Four types of electronic surveillance are most prevalent bull Wire Tapping Wire Tapping intercepts telephone calls and telegraph messages by physically penetrating the wire circuitry Someone must actually ldquotaprdquo into telephone or telegraph wires to accomplish this type of surveillancebull Bugging Bugging is accomplished without the aid of telephone wires usually by placing a small microphone or other listening device in one location to transmit conversations to a nearby receiver and recorderbull Video Tapping
Video surveillance is performed by conspicuous or hidden cameras that transmit and record visual images that may be watched simultaneously or reviewed later on tape
Web TappingLogging the IP addresses of users that access certain websites is commonly called ldquoweb tappingrdquo Data Encryptionbull Cryptography
o Science of encoding messages o Only sender and intended receiver can understand the messageso Key tool for ensuring confidentiality integrity authenticity of electronic messages and online
business transactionsbull Encryption
o Process of converting electronic messages into a form understood only by the intended recipients Encryption key It is the Variable value applied using an algorithm to encrypt or decrypt text
bull There are two types of Encryption keys used i) public Key ii) Private KeyPublic Key encryption
bull Public key encryption system uses two keys to encode and decode messagesbull Message receiverrsquos public key ndash readily available to all and anyone can use it to send a person encrypted
messagesbull Message receiverrsquos private key ndash kept secret only the receiver will know and the owner of the message will
use it to decode it to the original messagebull RSA ndash a public key encryption algorithm
Private key encryption system This system uses Single key to encode and decode messages
bull Identity Theft Identity theft occurs when someone steals key pieces of personal information to gain access to a personrsquos financial accounts
bull Information includes
Page 13 of 18
Name Address Date of birth Social Security number Passport number Driverrsquos license number Motherrsquos maiden name
bull Fastest growing form of fraud in the United Statesbull Lack of initiative in informing people whose data was stolenPhishing
o Attempt to steal personal identity data o By tricking users into entering information on a counterfeit Web siteo phishing ndash a variation in which employees are sent phony e-mails that look like they came from
high-level executives within their organization bull Spyware
o Keystroke-logging softwareo Gets automatically downloaded to users computer without hishers knowledgeo Creates a record of keystrokes entered in the systemo Enables the capture of
Account usernames Passwords Credit card numbers Other sensitive information
o Operates even if an infected computer is not connected to the Internet
Consumer Profilingbull Companies openly collect personal information about internet users when they register at Web sites
complete surveys fill out forms or enter contests onlinebull Many companies also obtain information about Web surfers through the use of cookies Cookies are the
text files that a website puts on a userrsquos hard drive so that it can remember the information laterbull Companies also use tracking software to allow their Web sites to analyze browsing habits and deduce
personal interests and preferencesbull Databases contain huge amount of consumer behavioral data
Types of data collected while surfing the web surfing details etc and send it to advertising companies Three Types of data is collected using Cookies a method used to collect information from the useri) Get data sites visited by customerExample That the consumer visited an affiliated book site and requested information about the latest Dean Koontz book ii) Post data Data given entered by customerExample POST data is entered into blank fields on an affiliated Web page when a consumer signs up for a service such as the Travelocity service that sends an e-mail when airplane fares change for flights to favorite destinations iii) Click-stream data Keeping track of all what the user viewed and sought
bull Four ways to limit or even stop the deposit of cookies on hard drives Set the browser to limit or stop cookies Manually delete them from the hard drive Download and install a cookie-management program Use anonymous browsing programs that donrsquot accept cookies
Treating consumer Data Responsibly
Page 14 of 18
When dealing with consumer data it is required to avoid problems by taking consent from the consumer before using details for marketing or for research It can be done by appointing a Chief Privacy Officer(CPO) who has the power to stop illegal use of consumer data Work Place Monitoring
The employers have the right to monitor your activities in many situations at work place major Monitoring includes
Recording CCTV cameras Opening mail or e-mail Check phone logs or recording of phone calls Videoing outside the workplace Checking the logs of website visited Some companies even do random drug test on their employees
Spamming Transmission of the same e-mail message to a large number of people Extremely inexpensive method of marketing Used by many legitimate organizations Can contain unwanted and objectionable materials
Example Some companies might send e-mail to customers to announce the release of their new product in an attempt to increase initial sales
Advanced surveillance technologyCamera surveillance camerarsquos fixed to stop illegal activities by finding people who act suspiciously i) Facial recognition software can be used to identify criminals and terroristsii) GPS(Global Positioning chips) can be placed in devices like cell phones to locate
Users
Unit IV -SOFTWARE DEVELOPMENTObjectivesWhy do companies require high-quality software in business systems industrial process control systems and consumer productsWhat ethical issues do software manufacturers face in making tradeoffs between project schedules project costs and software quality
Need for high quality software systems High quality sw systems are easy to learn and easy to use They efficiently meet the userrsquos needs They are dependable It is highly ethical for Software engineers to develop quality softwaresImpact of Quality SoftwareA software defect is an error which can cause software systems to halt without meeting the users need Software error has to be detected and removedSoftware errors can have minor or major consequencesbull Software in dryer may cause clothes not being dried enough- Minor can be toleratedbull Software in X-ray scanner may overexpose patient to powerful X-rays ndash major cannot accept as it is deadlyHigh-quality software systemsbull operate safely and dependablybull have a high degree of availabilitybull required to support the fields of- air traffic control- nuclear power- automobile safety- health care- military and defense
Page 15 of 18
- space explorationKey Issues in Software DevelopmentEthical decisions involve
Quality Management which defines the measure of quality in the development processbull tradeoff between quality and other factors such as ease of use time to market and development costsbull some managers may have a short-term profit-oriented viewbull others may prefer the more ethical view of delivering high-quality softwarebull need to also review legal implications of software errorsLiabilityResponsibilitySoftware product liabilitybull accidents due to software errors may result in lawsuits and punitive damagesbull liability is commonly referred to as product liabilitybull there is no federal liability law software liability falls under common lawbull strict liabilty means manufacturer is responsible for regardless of negligence or intent 1048774
but there are lines of defense against thisbull responsibilty may be limited to harmful defects that could have been detected through lsquoreasonablersquo software practicesbull there is also the concept of lsquocontributoryrsquo negligence (eg accidentally cut finger using nail clippers)bull warranty also protects consumer but may be hard to read
Reasons For Software Defects1) Inexperienced or quality-ignorant software coding
bull quality software evolves right from the startbull but few have the conscience to do it
2) Human errorbull programmers inject one defect for every 10 lines of codebull eg Windows XT 400 M lines of code even if 999 was cleanthere still would be 1 bug per 10000 lines of code 1048774 large softwarestill contains thousands of bugs
3) Time pressurebull competition requires fast delivery of the product with more featuresbull A patch is a fix for an software error Many think software errors can be patchedConsequences of a Software defectbull could cause a system to fail to meet usersrsquo needsbull impact may be trivial or very seriousbull even patches may contain (new) defects Software qualitybull degree to which software meets the needs of usersbull lsquotestingrsquo done by customersbull some avoid buying the first version
Strtegies for developing Quality SoftwareMore and more users are demanding high-quality softwareQuality Management measures the quality of software in the development process The objective is to deliver high quality software Various strategies are adopted
1 Following a properaccepted standard software development methodology2 Ensure Quality Assurance at each stage of software development3 Detecting an error early and fixing it early4 Testing the product before delivering it to the customer5 Document the various stages of software development to ensure quality
Quality Software Development Processi) Following a properaccepted standard software development methodology
Page 16 of 18
It is safe to follow a proper and accepted software development methodology where the software is developed in controlled and orderly way These methods are proven where negligence can be avoided
ii) Ensure software quality assurance It refers to methods in development cycle that guarantee reliable operation of the product Quality assurance is applied in each stage of the development cycle where standard methods are applied to ensure software quality
iii) Detecting an error early and fixing it early it is Safer and cheaper to avoid software problems at the beginning than to attempt to fix damages after the product is deliveredbull identify and remove errors early in the development process is a - cost-saving measure - 100 times less cost when bug is detected early before product roll-out
- most efficient way to improve software quality - bug effect (and its fix) may ripple through large pieces of the software iv) Testing This is one of the proven methods for quality assurance Types of Testing Dynamic testing software is developed in units called subroutines or programs These units are integrated to form a large system Each unit of code is tested with actual test data and compare results with expected results This is called dynamic testing bull Black-box testing - want code to demonstrate expected output behaviour for all input data in test Suite - tester has no knowledge and structure of code bull White-box testing (tester has knowledge of code) - testing all possible logic paths through the software unit - with thorough knowledge of the codersquos logic paths - make each program statement execute at least once - for example for program to calculate employee gross pay The test case would be for less than 40 hours and test case for more than 40 hours hellip to check calculations for overtime pay
Other Types of Testing Static testingbull static analyzers are run against the new code -bull looks for suspicious patterns in programs that might indicate a defectIntegration testingbull after successful unit testing bull software units are combined into an integrated subsystembull ensures that all linkages among various subsystems work SuccessfullySystem testingbull after successful integration testingbull various subsystems are combinedbull tests the entire system as a complete entityUser acceptance testingbull independent testingbull performed by trained end-usersbull ensures that the system operates as they expectSafety-Critical SystemsConsequences of software defects in certain systems can be deadly such systems are called Safety-critical systemsbull companies must take special precautions in developing Safety-critical system as failure may cause injury or deathbull examples- automobilersquos antilock brakes- nuclear power plant reactors- airplane navigation- roller coasters- elevators- medical devicesbull example bug in Therac-25 radiation therapy machine 1985-87- wrong sequence of menu selections caused large radiation dose to be delivered to the patient
Page 17 of 18
Key assumptionbull safety will not automatically result from following the organizationrsquos standard development methodologySoftware development measures for safety-critical systemsSafety-critical systems Must go through a more rigorous and time-consuming development process than other kinds of softwareAll tasks requirebull additional stepsbull more thorough documentationbull more checking and recheckingProject safety engineer takes care of safety of the machinesbull explicit responsibility for the systemrsquos safetybull uses a logging and monitoring system to track hazards from the projectrsquos start to finishHazard logbull used at each stage of the software development processbull assesses how it has accounted for detected hazardsSafety reviewsbull held throughout the development processRobust configuration management systembull tracks all safety-related documentationFormal documentation requiredbull including verification reviews and signaturesKey issuebull deciding when Quality Assurance staff has performed enough testing Riskbull probability of an undesirable event occurring times the magnitude of the eventrsquos consequences if it does happen bull consequences include- damage to property- loss of money- injury to people- deathQuality Management Standards
i) ISO 9000 standardbull guide to quality products services and managementbull organization must submit to an examination by an external assessorbull requirements- written procedures for everything it does- follow those procedures- prove to the auditor the organization fulfilled the first two requirementsii) Failure mode and effects analysis (FMEA)bull important technique to develop an ISO 9000 compliant systembull used to evaluate reliabilitybull determine the effect of system and equipment failuresbull goal identify potential design and process failures early in a project
ii) Failure mode and effects analysis (FMEA)bull Failure mode- describes how a product or process could failbull Effect- adverse consequence that a customer might experiencebull seldom is a one-to-one relationship between cause and effectQuality Management StandardsDO-178BEUROCCAE ED-128bull evaluation standard for the international aviation communitybull developed by Radio Technical Commission for Aeronautics (RTCA)
Page 18 of 18
5 To avoid unfavorable publicity To gain the Goodwill of the Community o Although organization gives importance to earn profit or to provide services to customers they also have some basic responsibility in the society o Their social responsibility includes making contribution to charitable organizations and non profit organizations o The goodwill (Kindly Feeling) that socially responsible activities create will help the organizations to grow in their business o Ex a company known for treating its employees well will find it easier to compete for the best job candidates o On the other hand companies viewed as harmful to their community may suffer a disadvantage Creating Organization that operates consistently Although each companyrsquos value system is different many share the following values o Operate with honesty and integrity staying true to corporate principles o Operate according to standards of ethical conduct in words and actions o Treat colleagues customers and consumers with respect o Accept personal responsibility for actions o Value diversity o Make decisions based on facts and principles Good Ethics can mean Good Business o In many cases good ethics can mean good business and improved profits o Companies that operate excellent services maintain their customers instead of losing them to the competitors o Companies that develop and maintain strong employee relations suffer feour turnovers and enjoy better employee morality Protecting the corporate and its employees from legal actions o Identify its core beliefs o Understand the strength and weakness its culture and organizational capacities o Scan its business environment and find what pressure the organization faces o Determine its goals and objectives and what outcome should be expected of the program o Design implement and enforce a program that will ldquoexercise to prevent detect and report criminal conduct in accordance with the lawrdquo o Regularly evaluate its programs to determine if it is effective or not Avoiding unfavorable publicity o The Public reputation of a company strongly depends on its stocks customer feedback the companyrsquos product and service and the amount of support it receives from government corporate business partners o Thus some companies are motivated to build strong ethical programs to avoid negative publicity o If an organization is perceived as operating ethically customers consumers business partners shareholders consumerrsquos advocates financial institutions and regulatory bodies will regard it more favorably o Companies that operate unethically often suffer from negative consequences and bad publicity
122 Improving Corporate Ethics The risk of unethical behavior is increasing so the improvement of business ethics is becoming more important The following are some of the actions corporate can take to improve business ethics Appointing Corporate Ethics Officer o Corporate ethics mainly include ethical conduct legal compliance and corporate social responsibility o The primary function of a corporate ethics includes setting standards building awareness and handling internal reports o The corporate officer is a senior-level manager who provides vision and direction in the area of business conduct o Ethics officers come from diverse backgrounds such as legal staff human resource finance auditing security etc o Their role includes ldquointegrating their organizationrsquos ethics and values business conduct practicesrdquo o Typically the ethical officer tries to establish an environment that encounters ethical decision making
Page 2 of 18
Ethical Standards Set by Board of Directors o The board of directors is responsible for the careful and responsible management of an organization o In a for-profit corporation the boardrsquos primary objective is to manage business activities which benefit all the stakeholders shareholders customers consumers and social society o In a nonprofit organization the board reports to a different set of stakeholders particularly the local community that the nonprofit serves o Board is not responsible for day to day management o Board is responsible for supervising the management team Establishing a Corporate Code of Ethics o A code of ethics highlights organizations key ethical issues values and principles that are important to the organization and its decision making o The code frequently includes a set of formal written statement about the purpose organization its values and the principles o An organizationrsquos code of ethics applies to its directors officers and employees o The code of ethics should focus employees on areas of ethics n fostering cultural honesty and accountability in an organization o The code of ethics helps employees behave in an ethical manner
Conducting Social Audits o An increasing number of companies conduct social audits of their policies and practices o In social audit companies identify ethical mistakes what they had done in the past to avoid future o Example each year Intel sets social responsibility goals and tracks results against those goals o Intelrsquos annual report on its social responsibility will be shared with employees shareholders investors customer suppliers and government officials Requiring Employees to Take Ethics Training o The ancient Philosophers believed that personal belief about right and wrong behavior could be improved through education o People can continue their moral development through Education that involves critical thinking and complex issues o Organizations should show employees examples of how to apply the code of ethics in real life o Giving Ethical education programs will encourage the employees to act ethically
Including Ethical Criteria in Employees Appraisals
o Employees are increasingly evaluated on their demonstration of qualities and characteristics o Example In many companies employee appraisal will be evaluated on employees treating with others fairly and operating effectively working good in multicultural environment meets the business needs continually developing themselves and helping others to develop etc o These factors are considered along with more traditional criteria used in performance appraisals like successful completion of project contribution to business aheadrsquos maintenance of good customer relationships etc 123 When Good Ethics Result in Short Term Losses Operating ethically does not always guarantee business success Many organizations have found that the ldquobusiness as usualrdquo climate in some foreign countries can place them at a significant competitive disadvantage 124 Creating an Ethical work Environment Most Employees want to perform their job successfully and ethically but good employees make sometimes bad ethical choices Employees in highly competitive workplace often feel pressure from aggressive competitors unrealistic budgets tight deadlines bonus for meeting performance goals Employees may also be encouraged to do ldquowhatever it takesrdquo to get the job done
Page 3 of 18
Such environment can make some employees feel pressure to engage in unethical conduct to meet management expectations 125 Ethical Decision Making Often in business the ethically correct course of action is clear and easy to follow Exceptions occur however when ethical facts come into conflict with practical demands business Dealing with these situations is challenging and can even be risky to onersquos career Seven steps are summarized below which explains how decisions to be taken i) Get the facts ii) Identify stakeholders and their positions iii) Consider the consequences of our decisions iv) Weigh various guidelines and principles v) Develop and evaluate options vi) Review our decision vii) Evaluate the results of our decision
Getting the Facts o Innocent situations can often become unnecessary controversies because no one bothers to check the facts o Example we might see our boss receive an application form from an applicant and he throws that in the dustbin onersquos the applicant leaves actually our boss has to keep the report for at least a period of one year according to rules We could report to our boss to failure in policies We could be surprised to find actually the situation is different it is not applicant it is a salesman who approached our boss in promoting a product for which the company had no use and the application was marketing literature Identify the stakeholders and their positions o A stakeholder is someone stands to gain or lose from how a situation is resolved o Stakeholders are the people who are going to get affected with the decisions made by the employees o Identifying the stakeholder helps we better understand the impact of decision and could help we make better decisions o We need to find the details about stakeholders like what is at stake for each stakeholder what does each stakeholder value and what outcomes does the stakeholder want Etc
Considering the consequences (results) of our decision o Often our decision directly affects we although we must guard thinking too narrowly and focusing on what is best for we o Another perspective is considering the harmful and beneficial effects our decision might have on the stakeholders o A third perspective is to ask whether our decision will help the organization meet its goals and objectives o Finally we should consider our decisions effect on broader community of other organizations and institutions the public and the environment
Weighting various Guidelines and Principles o Do any laws apply to our decision o We certainly donrsquot want to violate a law that can lead to a fine or imprisonment for ourself or others o If the decision does not have legal implication what corporate policies or guidelines apply o What guidelines does the corporate code of ethics offer o Below are philosophers approach to deal with moral issues Philosopherrsquos theory for ethical decision making Virtue ethics approach Utilitarian approach Fairness approach Common good approach
Page 4 of 18
Virtue ethics approach Virtue ethics focuses on how we should behave and think about relationship if we are concerned with our daily life in a community Utilitarian Approach This approach to ethics decision making states that we should choose the action or policy that has best overall result for all people who are directly or indirectly affected Fairness Approach This approach focuses on how fairly actions and policies distribute benefits and burden of people affected by the decision Common good approach This approach to decision making is based on a vision of society as a community whose members work together to achieve a common set of values and goals Developing and evaluating Options o In many cases we can identify several answers to a complex ethical question o By listing the key principals that need to be applied for decision making this helps we to select two to three best options o Options we select must be ethically defensible Reviewing our Decision o Is the decision consistent with our personal values as well as those of organization o How would coworker stakeholder business partners friends and family regard our decision o Would we see our decision is right good and fair Evaluating the Result of our Decision After the organization implements the decision monitor the result to see if it achieves the desired result and observer its impact on employees and other affected parties 13 ETHICS IN INFORMATION TECHNOLOGY The growth of the Internet the ability to capture and store vast amount of personal data online and greater trust on information system in all aspects of life have increased the risk if using information technology unethically Example that raises public concern about the ethical use of information technology o Millions of people have use peer to peer network download music and movies at no charge and in apparent violation of copyright laws o Organizations contact millions of people worldwide through unsolicited e-mails (spam) at an extremely low cost o Hackers break into database of financial institutions and steal customer information then then use it to commit identity theft opening new account and charging purchases to unsuspecting victims o Student around the world have been caught downloading material from the internet and cheating in downloading the content of question papers o Website plant cookies or spyware on visitorrsquos hard drives to track their internet activities o The general public has not realized the critical importance of ethics as they apply to IT o In the corporate world important technical decisions are often left to the technical experts o General business manager must assume greater responsibility for these decisions but to do so they must be able to make broad minded objective ethical decisions based on technical knowledge and business knowledge o They must also try to create a work environment in which ethical dilemma can be discussed openly objectively and constructively
Notes Helpful for Exams (points to be remembered) 1) WHAT IS ETHICS 2) The Importance of Integrity (Honesty) 3) ETHICS IN THE BUSINESS WORLD I Why Fostering Good Business Ethics is Important 1 To gain the Goodwill of the Community 2 To create an organization that operates consistently 3 To produce good business
Page 5 of 18
4 To protect the organization and its employees from legal action 5 To avoid unfavorable publicity II Improving Corporate Ethics 1 Appointing Corporate Ethics Officer 2 Ethical Standards Set by Board of Directors 3 Establishing a Corporate Code of Ethics 4 Conducting Social Audits 5 Requiring Employees to Take Ethics Training 6 Including Ethical Criteria in Employees Appraisals III When Good Ethics Result in Short Term Losses IV Creating an Ethical work Environment V Ethical Decision Making a) Get the facts b) Identify stakeholders and their positions c) Consider the consequences of our decisions d) Weigh various guidelines and principles e) Develop and evaluate options f) Review our decision g) Evaluate the results of our decision
Unit-II ETHICS IN IT-PROFESSIONALS AND IT-USERS
Ethics for IT Professionals and IT Users OBJECTIVES
bull What key characteristics distinguish a professional from other kinds of workers and what is the role of an IT professional
bull What relationships must an IT professional manage and what key ethical issues can arise in eachbull How do codes of ethics professional organizations certification and licensing affect the ethical behaviour
of IT professionalsbull What are the key tenets of four different codes of ethics that provide guidance for IT professionalsbull What are the common ethical issues that face IT usersbull What approaches can support the ethical practices of IT users
11 IT PROFESSIONALS bull A Professional is a calling that requires specialized knowledge and often long and complete academic preparation bull The US Code of Federal Regulations defines a person ldquoEmployed in a professional capacityrdquo as one who meets these four criteria 1) Onersquos primary duty consist of Performance of work requiring knowledge of an advanced type in a field of science or learning 2) Onersquos instruction study or work should be original 3) Onersquos work is strongly knowledgeable and that exercises discretion and judgment Example ndash Accountants Doctors Lawyers4) Onersquos work is predominantly intellectual and varied in character which cannot be generalized
1) Are IT Workers Professionals IT PROFESSIONALSMany Business workers have duties backgrounds and training that qualifies them to be classified as Professionals o One could argue however that not every IT role requires knowledge of an advanced type in a field of science o According to US Code of definition IT professionals are not recognized as professionals because they are not licensed
bull Partial list of IT specialistsndash Programmers
Page 6 of 18
ndash Systems analystsndash Software engineersndash Database administratorsndash Local area network (LAN) administratorsndash Chief information officers (CIOs)
bull Legal perspectivendash IT workers are not recognized as professionals ndash Not licensedndash IT workers are not liable for malpractice
2) Professional Relationships that must be managed IT Professionals typically become involved in many different relationships In each relationship an IT Professional should act honestly and appropriately Ethics has to be maintained in these relationships
bull IT professionals have many different relationships withndash Employersndash Clientsndash Suppliersndash Other professionalsndash IT usersndash Society at large
Relationship between IT Professional and Employers IT Professional and employers have a critical strong relationship An IT professional and employer discuss and agree upon fundamental aspects of this relationship before the
professional accepts an employment offer These issues include job title general performance expectations specific work -responsibility dress code
location of employment salary working hours etc Example whether an employee can leave early one day if the time is made up on another day Some aspects are addressed to law for example an employee cannot be required to do anything illegal such as
falsify the result of a quality assurance test bull IT professionals must set an example and enforce policies regarding the ethical use of ITbull Software piracy is the act of illegally making copies of software or enabling others to access software to
which they are not entitledbull Software piracy is an area in which IT professionals can be tempted to violate laws and policies bull The Business Software Alliance (BSA) is a trade group that represents the worldrsquos largest software and
hardware manufacturers ndash Its mission is to stop the unauthorized copying of software produced by its members
bull Trade secretndash Information used in businessndash Generally unknown to the publicndash Company has taken strong measures to keep confidential
bull Whistle-blowing ndash Attracts attention to a negligent illegal unethical abusive or dangerous act that threatens the
public interestRelationship between IT Professional and clients In relationship between IT professional and clients each party agrees to provide something of value to the other Generally speaking the IT professional provides hardware software or service at a certain cost within a given time
bull IT professional providesndash Hardware software or services at a certain cost and within a given time frame
bull Client provides ndash Compensationndash Access to key contacts
Page 7 of 18
ndash Work spaceRelationship is usually documented in contractual terms This relationship is usually documented in a contractual terms who does what when the work begins how long it will take how much client pays and so on
bull Ethical problems arise if a company recommends its own products and services to remedy problems they have detected
ndash A company is unable to provide full and accurate reporting of a projectrsquos status
Legal Overview Fraud Misrepresentation and Breach of Contractndash Fraud -Crime of obtaining goods services or property through deception or trickeryndash Fraud is proven in courtndash Breach of contract -One party fails to meet the terms of a contract
bull IT projects are joint efforts in which vendors and customers work togetherndash Difficult to assign blame
Relationship between IT Professionals and Suppliers bull Develop good relationships with suppliers
ndash Deal fairly with themndash Do not make unreasonable demandsndash Bribery -Providing money property or favors to someone in business or government to obtain a
business advantagendash US Foreign Corrupt Practices Act (FCPA) makes it a crime to bribe a foreign official a foreign
political party official or a candidate for foreign political office ndash At what point does a gift become a bribendash No gift should be hidden as Perceptions of donor and recipient can differ
IT Professionals deal with many hardware software and service providers IT professionals must keep good relationship with supplier by dealing very fairly and not making unreasonable demands Threatening to replace a supplier who canrsquot deliver needed equipment tomorrow when the normal industry lead time is one week is aggressive behavior that does not help a working relationship Supplier also tries hard to maintain positive relationships with their customers to make and increase sales Sometimes their actions to achieve their goals might be unethical Example They could offer an IT professional a gift that is actually intended as a bribe Clearly IT Professional should not accept a bribe from a vendor Relationship between IT Professional and Other Professionals
bull Professionals owe each other adherence to a professions code of conductbull Ethical problems between members of the IT profession
ndash Reacutesumeacute inflationndash Inappropriate sharing of corporate information
Professionals feel a degree of loyalty to the other members of their profession As a result they always help each other and slow to criticize each other in public Professionals have interest in their own profession as a whole A number of Ethical Problems can arise between members of the IT profession One of the most common is resume inflation which includes lying on a resume and claiming competence in an IT skill that is in high demandRelationship Between IT Professional and IT Users
bull IT user is a person for whom a hardware or software product is designedbull IT professionalsrsquo duty
ndash Understand usersrsquo needs and capabilities ndash Deliver products and services that best meet those needsndash Establish an environment that supports ethical behaviour by users
Page 8 of 18
bull Actions of an IT professional can affect societyThe term IT User distinguishes the person from whom a hardware or software product is designed from the IT Professional who develop install service and support the product IT Professionals have to understand a userrsquos need and capabilities and to deliver products and services that best meet the needs of users Relationships between IT Professionals and Society Regulatory laws establish safety standards for products and services to protect the public However these laws are less than perfect and they fail to safeguard against all negative side effects of product or process The society not only expects members of a profession not to cause harm but to provide significant benefits Example a system analyst may design a computer based control system to monitor a chemical manufacturing process A failure or error occurs in the system may put workers or residents near the plant at risk 12 THE ETHICAL BEHAVIOR OF IT PROFESSIONALS
bull Corporations are taking actions to ensure good business ethics among employees121 Professional Codes of Ethics
bull A professional code of ethics states the principles and core values that are essential to the work of a particular occupational group
bull Example Doctors stick to varying versions of the 2000-year-old Hippocratic Oath with medical schools offer an affirmation to their graduating classes
bull Most codes of ethics created by professional organizations have two main parts bull The first outlines what the professional organization aspires to become and the second typically lists the rules
and principles by which members of the organization expected to follow i )Main partsndash Outlines what the professional organization aspires to becomendash Lists rules and principles by which members of the organization are expected to abide
ii) Benefits for individual profession and societyndash Improves ethical decision makingndash Promotes high standards of practice and ethical behaviour ndash Enhances trust and respect from the general publicndash Provides an evaluation benchmarkndash Promotes high standard of practice and ethical behavior
bull Note laws do not provide a complete guide to ethical behavior Just because an activity is not defined as illegal does not mean it is ethical One cannot expect professional ethical code to provide answer to every thing However practicing according to a professional code of ethics can produce many benefits for the individuals professionals and society as whole 122) Professional Organizations
a) Professional Organizationsbull No IT Professional organization has emerged to excelling others so there is no universal code of ethics for IT professionals
No single formal organization of IT professionals has emerged as preeminentbull However the existence of such organizations useful in a field that is rapidly growing and changing bull IT Professionals need to know about new development in the field which require networking with others finding new ideas and building personal skills and expertise bull In recognition for the need for professional standards of competence and conduct bull Many organizations have developed a code of ethics Four most prominent IT professional organizations are 1 Association of Computing Machinery (ACM) 2 Association of Information Technology Professionals (AITP) 3 Computer Society of the institute of Electrical and Electronics Engineers (IEEE-CS) 4 Project Management Institute (PMI)
Page 9 of 18
b) Certification Indicates a professional possesses a particular set of skills knowledge or abilities in the opinion of a certifying organizationCan also apply to products Generally voluntaryIT related certifications typically carry no equipment to stick to a code of ethics Carries no requirement to adhere to a code of ethicsVendor certifications
a Some certifications substantially improve IT workersrsquo salaries and career prospectsb Relevant for narrowly defined roles
i Or certain aspects of broader rolesc Require passing a written examd Workers are commonly recertified as newer technologies become available
c) Industry association certificationsa Require a certain level of experience and a broader perspective than vendor certificationsb Lag in developing tests that cover new technologies
Numerous companies and professional organizations offer certifications and opinions are divided on their values Many employers view them as benchmarks that indicate mastery of defined set of basic knowledge On the other hand some may disagree because the candidate may not have experience of it Certifications are again divided in to two types Vendor Certifications Many IT Vendors such as CISCO IBM Microsoft Sun and Oracle offer certification programs for their products Workers who successfully complete a program can represent themselves as certified users of manufacturerrsquos products Industry Associated Certifications Certifications from industry associations generally require a certain level of experience and a broader thinking than vendor certifications however they often lag in developing tests that cover new technology The trend in IT certification is to move from purely technical content to a broader mix of technology business and behavioral competence which are required in todayrsquos competence 4) Government Licensing bull Some Professionals must be licensed to prove that they can do their work ethically and safely including certified public accountants Lawyers Doctors various types of medical and day care providers and some engineers bull People cannot call them as professionals unless they are licensed Most countries have similar laws
bull Generally administered at the state level in the United Statesbull Case for licensing IT professionals
ndash Encourage IT professionals to follow the highest standards of the profession ndash Practice a code of ethicsndash Violators would be punished
bull Generally administered at the state level in the United Statesbull Case for licensing IT professionals
ndash Encourage IT professionals to follow the highest standards of the profession ndash Practice a code of ethicsndash Violators would be punished
The case for licensing IT Professionals The days of simple stand-alone information system are over Modern systems are highly complex Enterprise resource planning Systems (ERPs) help multimillion-dollar companies control all their business functions Complex computers and information systems manage and control the nuclear reactors of power plants that generate electricity for cities
Page 10 of 18
As a result of the increasing importance of IT in our everyday lives the development of reliable effective information systems had become an area of mounting public concern This concern had led to a debate whether the licensing if IT professionals would improve information system Proponents argue that licensing would strongly encouraged IT professionals to follow the highest standards of the profession and practice a code of ethics and that licensing would allow violators to be punished Issues Associated with Governing Licensing of IT Professionals There are very few international or national licensing programs for IT professionals for many reasons 1) There is no universally accepted core body of knowledge 2) It is unclear who should manage the content and administration of licensing exams 3) There is no administrative body to accredit professional education programs 4) There is no administrative body to assess and ensure competence of individual professionals
13 Common Ethical Issues for IT Users IT Professional Malpractice
bull Negligence has been defined as not doing something that a reasonable man would do or doing something that a reasonable man would not do
bull Duty of care refers to the obligation to protect people against any unreasonable harm or risk bull Courts consistently reject attempts to sue individual parties for computer-related malpracticebull Employeesrsquo ethical use of IT is an area of growing concern
Common Ethical Issues for IT Usersbull Software piracybull Inappropriate use of computing resourcesbull Inappropriate sharing of information
ndash Private datandash Confidential information
Software Piracy IT Users are the ones who committed software piracy A common violation occurs when employees copy software from their work computers for use at home It is still called as piracy if they had not paid for it Inappropriate Use of Computing Resources Some employees use their computers to brows some of the popular websites that have nothing to do with their jobs These activities eat away at worker productivity and waste time Inappropriate Sharing of Information Every organization stores vast amount of information that can be classified as either private or confidential An IT User who shares this information with unauthorized party has violated someonersquos privacy Example if an IT users sawrsquos his coworkers salary records and shares it with another then it would be a clear violation of the workerrsquos privacy 2 Supporting the Ethical practices of IT Users
bull Policies that protect against abusesndash Establish boundaries of acceptable and unacceptable behaviour ndash Enable management to punish violators
bull Policy components includendash Defining and limiting the appropriate use of IT resourcesndash Establishing guidelines for use of company softwarendash Structuring information systems to protect data and informationndash Installing and maintaining a corporate firewall
The growing use of IT has increased Ethical problems so many organizations are planning to develop certain policies that protect against these problems Although no policy can stop wrongdoers it can set responsibilities on IT users and enable management to punish violators
Page 11 of 18
The following actions when creating an IT usage policy Defining and limiting the appropriate use of IT Resources Companies must develop communicate and enforce written guidelines that encourage employees to respect corporate IT resources and use them to enhance their job performance Effective guidelines prohibit employees from visiting objectionable internet sites or using company e-mail to send offensive or harassing messages Establishing guidelines for use of company software Company IT managers must provide clear rules that govern the use of home computers and associated software Some companies negotiate contracts with software manufacturers and provide PCs and software so that IT users can work at home Other companies help employeersquos bye hardware and software at corporate discount rates The goal should be to ensure that employees have legal copies of all the software they need Structuring Information systems to protect Data and Information Organizations must implement system and procedures that limit data access to employee who need it Example in Banks a teller should be able to see the account details of customers but a payroll employee doesnrsquot have any need to see the customer details as he is dealing with bank employee details Installing and maintaining a corporate firewall A firewall is a hardware or software device that serves as a barrier between a company and outside world and limits access to unwanted sites from internet The firewall can be configured to serve as an effective factor to unauthorized web surfing CONCLUSION
bull A professional from a legal standpointndash Has passed the state licensing requirements ndash Has earned the right to practice there
bull IT professionals have many different relationshipsndash Each with its own set of ethical issues and potential problems
bull Professional code of ethics ndash States the principles and core values essential to the work of an occupational group
bull Licensing and certification of IT professionalsndash Many people feel that certification will increase the reliability and effectiveness of information
systemsndash Raises many issues
bull IT-related professional organizations have developed a code of ethicsNotes helpful in examination point of viewhellip
Unit ndash III PRIVACY Introduction The use of Information technology in business has made information about people to be gathered stored analysed and reported just by one swipe of a credit or debit card This information is used to know the consumers purchasing habits and financial conditions Organizations make use of various marketing strategies to target the potential buyers This is against the privacy of an individual But on the other hand organizations need the information about their customers to serve them better so there should be a balance between those who gather and use the information against the rights of privacyWhat is PrivacyPrivacy words come from lsquolatinrsquo word ldquorivatesrdquo(separated from the rest) it can be broadly defined as the right to be left alone Privacy may be defined as the claim of individuals groups or institutions to determine when how and to what extent information about them is communicated to othersLegal concept of privacyRight of privacy Privacy is the right of any individual to control the collection and use of information about themselves Privacy has the following four aspects
Page 12 of 18
Protection from unreasonable intrusion upon onersquos isolation such as gathering of details about their web surfing habits etc
Protection from identity theft by inappropriate use of name or likeness Example like stealing of credit cards Social Security Number
Protection from unreasonable publicity of onersquos private life such as revealing condition of health Protection from unreasonable false information such as giving false information about a person in the
internet media etc What is AnonymityAnonymity means that the real author of a message is not shown or his identity is hiddenAnonymity can be implemented to make it impossible or very difficult to find out the real author of a message
Key Privacy and anonymity issues Government electronic surveillanceObserving or listening to persons places or activitiesmdashusually in a secretive or unobtrusive mannermdashwith the aid of electronic devices such as cameras microphones tape recorders or wire taps Four types of electronic surveillance are most prevalent bull Wire Tapping Wire Tapping intercepts telephone calls and telegraph messages by physically penetrating the wire circuitry Someone must actually ldquotaprdquo into telephone or telegraph wires to accomplish this type of surveillancebull Bugging Bugging is accomplished without the aid of telephone wires usually by placing a small microphone or other listening device in one location to transmit conversations to a nearby receiver and recorderbull Video Tapping
Video surveillance is performed by conspicuous or hidden cameras that transmit and record visual images that may be watched simultaneously or reviewed later on tape
Web TappingLogging the IP addresses of users that access certain websites is commonly called ldquoweb tappingrdquo Data Encryptionbull Cryptography
o Science of encoding messages o Only sender and intended receiver can understand the messageso Key tool for ensuring confidentiality integrity authenticity of electronic messages and online
business transactionsbull Encryption
o Process of converting electronic messages into a form understood only by the intended recipients Encryption key It is the Variable value applied using an algorithm to encrypt or decrypt text
bull There are two types of Encryption keys used i) public Key ii) Private KeyPublic Key encryption
bull Public key encryption system uses two keys to encode and decode messagesbull Message receiverrsquos public key ndash readily available to all and anyone can use it to send a person encrypted
messagesbull Message receiverrsquos private key ndash kept secret only the receiver will know and the owner of the message will
use it to decode it to the original messagebull RSA ndash a public key encryption algorithm
Private key encryption system This system uses Single key to encode and decode messages
bull Identity Theft Identity theft occurs when someone steals key pieces of personal information to gain access to a personrsquos financial accounts
bull Information includes
Page 13 of 18
Name Address Date of birth Social Security number Passport number Driverrsquos license number Motherrsquos maiden name
bull Fastest growing form of fraud in the United Statesbull Lack of initiative in informing people whose data was stolenPhishing
o Attempt to steal personal identity data o By tricking users into entering information on a counterfeit Web siteo phishing ndash a variation in which employees are sent phony e-mails that look like they came from
high-level executives within their organization bull Spyware
o Keystroke-logging softwareo Gets automatically downloaded to users computer without hishers knowledgeo Creates a record of keystrokes entered in the systemo Enables the capture of
Account usernames Passwords Credit card numbers Other sensitive information
o Operates even if an infected computer is not connected to the Internet
Consumer Profilingbull Companies openly collect personal information about internet users when they register at Web sites
complete surveys fill out forms or enter contests onlinebull Many companies also obtain information about Web surfers through the use of cookies Cookies are the
text files that a website puts on a userrsquos hard drive so that it can remember the information laterbull Companies also use tracking software to allow their Web sites to analyze browsing habits and deduce
personal interests and preferencesbull Databases contain huge amount of consumer behavioral data
Types of data collected while surfing the web surfing details etc and send it to advertising companies Three Types of data is collected using Cookies a method used to collect information from the useri) Get data sites visited by customerExample That the consumer visited an affiliated book site and requested information about the latest Dean Koontz book ii) Post data Data given entered by customerExample POST data is entered into blank fields on an affiliated Web page when a consumer signs up for a service such as the Travelocity service that sends an e-mail when airplane fares change for flights to favorite destinations iii) Click-stream data Keeping track of all what the user viewed and sought
bull Four ways to limit or even stop the deposit of cookies on hard drives Set the browser to limit or stop cookies Manually delete them from the hard drive Download and install a cookie-management program Use anonymous browsing programs that donrsquot accept cookies
Treating consumer Data Responsibly
Page 14 of 18
When dealing with consumer data it is required to avoid problems by taking consent from the consumer before using details for marketing or for research It can be done by appointing a Chief Privacy Officer(CPO) who has the power to stop illegal use of consumer data Work Place Monitoring
The employers have the right to monitor your activities in many situations at work place major Monitoring includes
Recording CCTV cameras Opening mail or e-mail Check phone logs or recording of phone calls Videoing outside the workplace Checking the logs of website visited Some companies even do random drug test on their employees
Spamming Transmission of the same e-mail message to a large number of people Extremely inexpensive method of marketing Used by many legitimate organizations Can contain unwanted and objectionable materials
Example Some companies might send e-mail to customers to announce the release of their new product in an attempt to increase initial sales
Advanced surveillance technologyCamera surveillance camerarsquos fixed to stop illegal activities by finding people who act suspiciously i) Facial recognition software can be used to identify criminals and terroristsii) GPS(Global Positioning chips) can be placed in devices like cell phones to locate
Users
Unit IV -SOFTWARE DEVELOPMENTObjectivesWhy do companies require high-quality software in business systems industrial process control systems and consumer productsWhat ethical issues do software manufacturers face in making tradeoffs between project schedules project costs and software quality
Need for high quality software systems High quality sw systems are easy to learn and easy to use They efficiently meet the userrsquos needs They are dependable It is highly ethical for Software engineers to develop quality softwaresImpact of Quality SoftwareA software defect is an error which can cause software systems to halt without meeting the users need Software error has to be detected and removedSoftware errors can have minor or major consequencesbull Software in dryer may cause clothes not being dried enough- Minor can be toleratedbull Software in X-ray scanner may overexpose patient to powerful X-rays ndash major cannot accept as it is deadlyHigh-quality software systemsbull operate safely and dependablybull have a high degree of availabilitybull required to support the fields of- air traffic control- nuclear power- automobile safety- health care- military and defense
Page 15 of 18
- space explorationKey Issues in Software DevelopmentEthical decisions involve
Quality Management which defines the measure of quality in the development processbull tradeoff between quality and other factors such as ease of use time to market and development costsbull some managers may have a short-term profit-oriented viewbull others may prefer the more ethical view of delivering high-quality softwarebull need to also review legal implications of software errorsLiabilityResponsibilitySoftware product liabilitybull accidents due to software errors may result in lawsuits and punitive damagesbull liability is commonly referred to as product liabilitybull there is no federal liability law software liability falls under common lawbull strict liabilty means manufacturer is responsible for regardless of negligence or intent 1048774
but there are lines of defense against thisbull responsibilty may be limited to harmful defects that could have been detected through lsquoreasonablersquo software practicesbull there is also the concept of lsquocontributoryrsquo negligence (eg accidentally cut finger using nail clippers)bull warranty also protects consumer but may be hard to read
Reasons For Software Defects1) Inexperienced or quality-ignorant software coding
bull quality software evolves right from the startbull but few have the conscience to do it
2) Human errorbull programmers inject one defect for every 10 lines of codebull eg Windows XT 400 M lines of code even if 999 was cleanthere still would be 1 bug per 10000 lines of code 1048774 large softwarestill contains thousands of bugs
3) Time pressurebull competition requires fast delivery of the product with more featuresbull A patch is a fix for an software error Many think software errors can be patchedConsequences of a Software defectbull could cause a system to fail to meet usersrsquo needsbull impact may be trivial or very seriousbull even patches may contain (new) defects Software qualitybull degree to which software meets the needs of usersbull lsquotestingrsquo done by customersbull some avoid buying the first version
Strtegies for developing Quality SoftwareMore and more users are demanding high-quality softwareQuality Management measures the quality of software in the development process The objective is to deliver high quality software Various strategies are adopted
1 Following a properaccepted standard software development methodology2 Ensure Quality Assurance at each stage of software development3 Detecting an error early and fixing it early4 Testing the product before delivering it to the customer5 Document the various stages of software development to ensure quality
Quality Software Development Processi) Following a properaccepted standard software development methodology
Page 16 of 18
It is safe to follow a proper and accepted software development methodology where the software is developed in controlled and orderly way These methods are proven where negligence can be avoided
ii) Ensure software quality assurance It refers to methods in development cycle that guarantee reliable operation of the product Quality assurance is applied in each stage of the development cycle where standard methods are applied to ensure software quality
iii) Detecting an error early and fixing it early it is Safer and cheaper to avoid software problems at the beginning than to attempt to fix damages after the product is deliveredbull identify and remove errors early in the development process is a - cost-saving measure - 100 times less cost when bug is detected early before product roll-out
- most efficient way to improve software quality - bug effect (and its fix) may ripple through large pieces of the software iv) Testing This is one of the proven methods for quality assurance Types of Testing Dynamic testing software is developed in units called subroutines or programs These units are integrated to form a large system Each unit of code is tested with actual test data and compare results with expected results This is called dynamic testing bull Black-box testing - want code to demonstrate expected output behaviour for all input data in test Suite - tester has no knowledge and structure of code bull White-box testing (tester has knowledge of code) - testing all possible logic paths through the software unit - with thorough knowledge of the codersquos logic paths - make each program statement execute at least once - for example for program to calculate employee gross pay The test case would be for less than 40 hours and test case for more than 40 hours hellip to check calculations for overtime pay
Other Types of Testing Static testingbull static analyzers are run against the new code -bull looks for suspicious patterns in programs that might indicate a defectIntegration testingbull after successful unit testing bull software units are combined into an integrated subsystembull ensures that all linkages among various subsystems work SuccessfullySystem testingbull after successful integration testingbull various subsystems are combinedbull tests the entire system as a complete entityUser acceptance testingbull independent testingbull performed by trained end-usersbull ensures that the system operates as they expectSafety-Critical SystemsConsequences of software defects in certain systems can be deadly such systems are called Safety-critical systemsbull companies must take special precautions in developing Safety-critical system as failure may cause injury or deathbull examples- automobilersquos antilock brakes- nuclear power plant reactors- airplane navigation- roller coasters- elevators- medical devicesbull example bug in Therac-25 radiation therapy machine 1985-87- wrong sequence of menu selections caused large radiation dose to be delivered to the patient
Page 17 of 18
Key assumptionbull safety will not automatically result from following the organizationrsquos standard development methodologySoftware development measures for safety-critical systemsSafety-critical systems Must go through a more rigorous and time-consuming development process than other kinds of softwareAll tasks requirebull additional stepsbull more thorough documentationbull more checking and recheckingProject safety engineer takes care of safety of the machinesbull explicit responsibility for the systemrsquos safetybull uses a logging and monitoring system to track hazards from the projectrsquos start to finishHazard logbull used at each stage of the software development processbull assesses how it has accounted for detected hazardsSafety reviewsbull held throughout the development processRobust configuration management systembull tracks all safety-related documentationFormal documentation requiredbull including verification reviews and signaturesKey issuebull deciding when Quality Assurance staff has performed enough testing Riskbull probability of an undesirable event occurring times the magnitude of the eventrsquos consequences if it does happen bull consequences include- damage to property- loss of money- injury to people- deathQuality Management Standards
i) ISO 9000 standardbull guide to quality products services and managementbull organization must submit to an examination by an external assessorbull requirements- written procedures for everything it does- follow those procedures- prove to the auditor the organization fulfilled the first two requirementsii) Failure mode and effects analysis (FMEA)bull important technique to develop an ISO 9000 compliant systembull used to evaluate reliabilitybull determine the effect of system and equipment failuresbull goal identify potential design and process failures early in a project
ii) Failure mode and effects analysis (FMEA)bull Failure mode- describes how a product or process could failbull Effect- adverse consequence that a customer might experiencebull seldom is a one-to-one relationship between cause and effectQuality Management StandardsDO-178BEUROCCAE ED-128bull evaluation standard for the international aviation communitybull developed by Radio Technical Commission for Aeronautics (RTCA)
Page 18 of 18
Ethical Standards Set by Board of Directors o The board of directors is responsible for the careful and responsible management of an organization o In a for-profit corporation the boardrsquos primary objective is to manage business activities which benefit all the stakeholders shareholders customers consumers and social society o In a nonprofit organization the board reports to a different set of stakeholders particularly the local community that the nonprofit serves o Board is not responsible for day to day management o Board is responsible for supervising the management team Establishing a Corporate Code of Ethics o A code of ethics highlights organizations key ethical issues values and principles that are important to the organization and its decision making o The code frequently includes a set of formal written statement about the purpose organization its values and the principles o An organizationrsquos code of ethics applies to its directors officers and employees o The code of ethics should focus employees on areas of ethics n fostering cultural honesty and accountability in an organization o The code of ethics helps employees behave in an ethical manner
Conducting Social Audits o An increasing number of companies conduct social audits of their policies and practices o In social audit companies identify ethical mistakes what they had done in the past to avoid future o Example each year Intel sets social responsibility goals and tracks results against those goals o Intelrsquos annual report on its social responsibility will be shared with employees shareholders investors customer suppliers and government officials Requiring Employees to Take Ethics Training o The ancient Philosophers believed that personal belief about right and wrong behavior could be improved through education o People can continue their moral development through Education that involves critical thinking and complex issues o Organizations should show employees examples of how to apply the code of ethics in real life o Giving Ethical education programs will encourage the employees to act ethically
Including Ethical Criteria in Employees Appraisals
o Employees are increasingly evaluated on their demonstration of qualities and characteristics o Example In many companies employee appraisal will be evaluated on employees treating with others fairly and operating effectively working good in multicultural environment meets the business needs continually developing themselves and helping others to develop etc o These factors are considered along with more traditional criteria used in performance appraisals like successful completion of project contribution to business aheadrsquos maintenance of good customer relationships etc 123 When Good Ethics Result in Short Term Losses Operating ethically does not always guarantee business success Many organizations have found that the ldquobusiness as usualrdquo climate in some foreign countries can place them at a significant competitive disadvantage 124 Creating an Ethical work Environment Most Employees want to perform their job successfully and ethically but good employees make sometimes bad ethical choices Employees in highly competitive workplace often feel pressure from aggressive competitors unrealistic budgets tight deadlines bonus for meeting performance goals Employees may also be encouraged to do ldquowhatever it takesrdquo to get the job done
Page 3 of 18
Such environment can make some employees feel pressure to engage in unethical conduct to meet management expectations 125 Ethical Decision Making Often in business the ethically correct course of action is clear and easy to follow Exceptions occur however when ethical facts come into conflict with practical demands business Dealing with these situations is challenging and can even be risky to onersquos career Seven steps are summarized below which explains how decisions to be taken i) Get the facts ii) Identify stakeholders and their positions iii) Consider the consequences of our decisions iv) Weigh various guidelines and principles v) Develop and evaluate options vi) Review our decision vii) Evaluate the results of our decision
Getting the Facts o Innocent situations can often become unnecessary controversies because no one bothers to check the facts o Example we might see our boss receive an application form from an applicant and he throws that in the dustbin onersquos the applicant leaves actually our boss has to keep the report for at least a period of one year according to rules We could report to our boss to failure in policies We could be surprised to find actually the situation is different it is not applicant it is a salesman who approached our boss in promoting a product for which the company had no use and the application was marketing literature Identify the stakeholders and their positions o A stakeholder is someone stands to gain or lose from how a situation is resolved o Stakeholders are the people who are going to get affected with the decisions made by the employees o Identifying the stakeholder helps we better understand the impact of decision and could help we make better decisions o We need to find the details about stakeholders like what is at stake for each stakeholder what does each stakeholder value and what outcomes does the stakeholder want Etc
Considering the consequences (results) of our decision o Often our decision directly affects we although we must guard thinking too narrowly and focusing on what is best for we o Another perspective is considering the harmful and beneficial effects our decision might have on the stakeholders o A third perspective is to ask whether our decision will help the organization meet its goals and objectives o Finally we should consider our decisions effect on broader community of other organizations and institutions the public and the environment
Weighting various Guidelines and Principles o Do any laws apply to our decision o We certainly donrsquot want to violate a law that can lead to a fine or imprisonment for ourself or others o If the decision does not have legal implication what corporate policies or guidelines apply o What guidelines does the corporate code of ethics offer o Below are philosophers approach to deal with moral issues Philosopherrsquos theory for ethical decision making Virtue ethics approach Utilitarian approach Fairness approach Common good approach
Page 4 of 18
Virtue ethics approach Virtue ethics focuses on how we should behave and think about relationship if we are concerned with our daily life in a community Utilitarian Approach This approach to ethics decision making states that we should choose the action or policy that has best overall result for all people who are directly or indirectly affected Fairness Approach This approach focuses on how fairly actions and policies distribute benefits and burden of people affected by the decision Common good approach This approach to decision making is based on a vision of society as a community whose members work together to achieve a common set of values and goals Developing and evaluating Options o In many cases we can identify several answers to a complex ethical question o By listing the key principals that need to be applied for decision making this helps we to select two to three best options o Options we select must be ethically defensible Reviewing our Decision o Is the decision consistent with our personal values as well as those of organization o How would coworker stakeholder business partners friends and family regard our decision o Would we see our decision is right good and fair Evaluating the Result of our Decision After the organization implements the decision monitor the result to see if it achieves the desired result and observer its impact on employees and other affected parties 13 ETHICS IN INFORMATION TECHNOLOGY The growth of the Internet the ability to capture and store vast amount of personal data online and greater trust on information system in all aspects of life have increased the risk if using information technology unethically Example that raises public concern about the ethical use of information technology o Millions of people have use peer to peer network download music and movies at no charge and in apparent violation of copyright laws o Organizations contact millions of people worldwide through unsolicited e-mails (spam) at an extremely low cost o Hackers break into database of financial institutions and steal customer information then then use it to commit identity theft opening new account and charging purchases to unsuspecting victims o Student around the world have been caught downloading material from the internet and cheating in downloading the content of question papers o Website plant cookies or spyware on visitorrsquos hard drives to track their internet activities o The general public has not realized the critical importance of ethics as they apply to IT o In the corporate world important technical decisions are often left to the technical experts o General business manager must assume greater responsibility for these decisions but to do so they must be able to make broad minded objective ethical decisions based on technical knowledge and business knowledge o They must also try to create a work environment in which ethical dilemma can be discussed openly objectively and constructively
Notes Helpful for Exams (points to be remembered) 1) WHAT IS ETHICS 2) The Importance of Integrity (Honesty) 3) ETHICS IN THE BUSINESS WORLD I Why Fostering Good Business Ethics is Important 1 To gain the Goodwill of the Community 2 To create an organization that operates consistently 3 To produce good business
Page 5 of 18
4 To protect the organization and its employees from legal action 5 To avoid unfavorable publicity II Improving Corporate Ethics 1 Appointing Corporate Ethics Officer 2 Ethical Standards Set by Board of Directors 3 Establishing a Corporate Code of Ethics 4 Conducting Social Audits 5 Requiring Employees to Take Ethics Training 6 Including Ethical Criteria in Employees Appraisals III When Good Ethics Result in Short Term Losses IV Creating an Ethical work Environment V Ethical Decision Making a) Get the facts b) Identify stakeholders and their positions c) Consider the consequences of our decisions d) Weigh various guidelines and principles e) Develop and evaluate options f) Review our decision g) Evaluate the results of our decision
Unit-II ETHICS IN IT-PROFESSIONALS AND IT-USERS
Ethics for IT Professionals and IT Users OBJECTIVES
bull What key characteristics distinguish a professional from other kinds of workers and what is the role of an IT professional
bull What relationships must an IT professional manage and what key ethical issues can arise in eachbull How do codes of ethics professional organizations certification and licensing affect the ethical behaviour
of IT professionalsbull What are the key tenets of four different codes of ethics that provide guidance for IT professionalsbull What are the common ethical issues that face IT usersbull What approaches can support the ethical practices of IT users
11 IT PROFESSIONALS bull A Professional is a calling that requires specialized knowledge and often long and complete academic preparation bull The US Code of Federal Regulations defines a person ldquoEmployed in a professional capacityrdquo as one who meets these four criteria 1) Onersquos primary duty consist of Performance of work requiring knowledge of an advanced type in a field of science or learning 2) Onersquos instruction study or work should be original 3) Onersquos work is strongly knowledgeable and that exercises discretion and judgment Example ndash Accountants Doctors Lawyers4) Onersquos work is predominantly intellectual and varied in character which cannot be generalized
1) Are IT Workers Professionals IT PROFESSIONALSMany Business workers have duties backgrounds and training that qualifies them to be classified as Professionals o One could argue however that not every IT role requires knowledge of an advanced type in a field of science o According to US Code of definition IT professionals are not recognized as professionals because they are not licensed
bull Partial list of IT specialistsndash Programmers
Page 6 of 18
ndash Systems analystsndash Software engineersndash Database administratorsndash Local area network (LAN) administratorsndash Chief information officers (CIOs)
bull Legal perspectivendash IT workers are not recognized as professionals ndash Not licensedndash IT workers are not liable for malpractice
2) Professional Relationships that must be managed IT Professionals typically become involved in many different relationships In each relationship an IT Professional should act honestly and appropriately Ethics has to be maintained in these relationships
bull IT professionals have many different relationships withndash Employersndash Clientsndash Suppliersndash Other professionalsndash IT usersndash Society at large
Relationship between IT Professional and Employers IT Professional and employers have a critical strong relationship An IT professional and employer discuss and agree upon fundamental aspects of this relationship before the
professional accepts an employment offer These issues include job title general performance expectations specific work -responsibility dress code
location of employment salary working hours etc Example whether an employee can leave early one day if the time is made up on another day Some aspects are addressed to law for example an employee cannot be required to do anything illegal such as
falsify the result of a quality assurance test bull IT professionals must set an example and enforce policies regarding the ethical use of ITbull Software piracy is the act of illegally making copies of software or enabling others to access software to
which they are not entitledbull Software piracy is an area in which IT professionals can be tempted to violate laws and policies bull The Business Software Alliance (BSA) is a trade group that represents the worldrsquos largest software and
hardware manufacturers ndash Its mission is to stop the unauthorized copying of software produced by its members
bull Trade secretndash Information used in businessndash Generally unknown to the publicndash Company has taken strong measures to keep confidential
bull Whistle-blowing ndash Attracts attention to a negligent illegal unethical abusive or dangerous act that threatens the
public interestRelationship between IT Professional and clients In relationship between IT professional and clients each party agrees to provide something of value to the other Generally speaking the IT professional provides hardware software or service at a certain cost within a given time
bull IT professional providesndash Hardware software or services at a certain cost and within a given time frame
bull Client provides ndash Compensationndash Access to key contacts
Page 7 of 18
ndash Work spaceRelationship is usually documented in contractual terms This relationship is usually documented in a contractual terms who does what when the work begins how long it will take how much client pays and so on
bull Ethical problems arise if a company recommends its own products and services to remedy problems they have detected
ndash A company is unable to provide full and accurate reporting of a projectrsquos status
Legal Overview Fraud Misrepresentation and Breach of Contractndash Fraud -Crime of obtaining goods services or property through deception or trickeryndash Fraud is proven in courtndash Breach of contract -One party fails to meet the terms of a contract
bull IT projects are joint efforts in which vendors and customers work togetherndash Difficult to assign blame
Relationship between IT Professionals and Suppliers bull Develop good relationships with suppliers
ndash Deal fairly with themndash Do not make unreasonable demandsndash Bribery -Providing money property or favors to someone in business or government to obtain a
business advantagendash US Foreign Corrupt Practices Act (FCPA) makes it a crime to bribe a foreign official a foreign
political party official or a candidate for foreign political office ndash At what point does a gift become a bribendash No gift should be hidden as Perceptions of donor and recipient can differ
IT Professionals deal with many hardware software and service providers IT professionals must keep good relationship with supplier by dealing very fairly and not making unreasonable demands Threatening to replace a supplier who canrsquot deliver needed equipment tomorrow when the normal industry lead time is one week is aggressive behavior that does not help a working relationship Supplier also tries hard to maintain positive relationships with their customers to make and increase sales Sometimes their actions to achieve their goals might be unethical Example They could offer an IT professional a gift that is actually intended as a bribe Clearly IT Professional should not accept a bribe from a vendor Relationship between IT Professional and Other Professionals
bull Professionals owe each other adherence to a professions code of conductbull Ethical problems between members of the IT profession
ndash Reacutesumeacute inflationndash Inappropriate sharing of corporate information
Professionals feel a degree of loyalty to the other members of their profession As a result they always help each other and slow to criticize each other in public Professionals have interest in their own profession as a whole A number of Ethical Problems can arise between members of the IT profession One of the most common is resume inflation which includes lying on a resume and claiming competence in an IT skill that is in high demandRelationship Between IT Professional and IT Users
bull IT user is a person for whom a hardware or software product is designedbull IT professionalsrsquo duty
ndash Understand usersrsquo needs and capabilities ndash Deliver products and services that best meet those needsndash Establish an environment that supports ethical behaviour by users
Page 8 of 18
bull Actions of an IT professional can affect societyThe term IT User distinguishes the person from whom a hardware or software product is designed from the IT Professional who develop install service and support the product IT Professionals have to understand a userrsquos need and capabilities and to deliver products and services that best meet the needs of users Relationships between IT Professionals and Society Regulatory laws establish safety standards for products and services to protect the public However these laws are less than perfect and they fail to safeguard against all negative side effects of product or process The society not only expects members of a profession not to cause harm but to provide significant benefits Example a system analyst may design a computer based control system to monitor a chemical manufacturing process A failure or error occurs in the system may put workers or residents near the plant at risk 12 THE ETHICAL BEHAVIOR OF IT PROFESSIONALS
bull Corporations are taking actions to ensure good business ethics among employees121 Professional Codes of Ethics
bull A professional code of ethics states the principles and core values that are essential to the work of a particular occupational group
bull Example Doctors stick to varying versions of the 2000-year-old Hippocratic Oath with medical schools offer an affirmation to their graduating classes
bull Most codes of ethics created by professional organizations have two main parts bull The first outlines what the professional organization aspires to become and the second typically lists the rules
and principles by which members of the organization expected to follow i )Main partsndash Outlines what the professional organization aspires to becomendash Lists rules and principles by which members of the organization are expected to abide
ii) Benefits for individual profession and societyndash Improves ethical decision makingndash Promotes high standards of practice and ethical behaviour ndash Enhances trust and respect from the general publicndash Provides an evaluation benchmarkndash Promotes high standard of practice and ethical behavior
bull Note laws do not provide a complete guide to ethical behavior Just because an activity is not defined as illegal does not mean it is ethical One cannot expect professional ethical code to provide answer to every thing However practicing according to a professional code of ethics can produce many benefits for the individuals professionals and society as whole 122) Professional Organizations
a) Professional Organizationsbull No IT Professional organization has emerged to excelling others so there is no universal code of ethics for IT professionals
No single formal organization of IT professionals has emerged as preeminentbull However the existence of such organizations useful in a field that is rapidly growing and changing bull IT Professionals need to know about new development in the field which require networking with others finding new ideas and building personal skills and expertise bull In recognition for the need for professional standards of competence and conduct bull Many organizations have developed a code of ethics Four most prominent IT professional organizations are 1 Association of Computing Machinery (ACM) 2 Association of Information Technology Professionals (AITP) 3 Computer Society of the institute of Electrical and Electronics Engineers (IEEE-CS) 4 Project Management Institute (PMI)
Page 9 of 18
b) Certification Indicates a professional possesses a particular set of skills knowledge or abilities in the opinion of a certifying organizationCan also apply to products Generally voluntaryIT related certifications typically carry no equipment to stick to a code of ethics Carries no requirement to adhere to a code of ethicsVendor certifications
a Some certifications substantially improve IT workersrsquo salaries and career prospectsb Relevant for narrowly defined roles
i Or certain aspects of broader rolesc Require passing a written examd Workers are commonly recertified as newer technologies become available
c) Industry association certificationsa Require a certain level of experience and a broader perspective than vendor certificationsb Lag in developing tests that cover new technologies
Numerous companies and professional organizations offer certifications and opinions are divided on their values Many employers view them as benchmarks that indicate mastery of defined set of basic knowledge On the other hand some may disagree because the candidate may not have experience of it Certifications are again divided in to two types Vendor Certifications Many IT Vendors such as CISCO IBM Microsoft Sun and Oracle offer certification programs for their products Workers who successfully complete a program can represent themselves as certified users of manufacturerrsquos products Industry Associated Certifications Certifications from industry associations generally require a certain level of experience and a broader thinking than vendor certifications however they often lag in developing tests that cover new technology The trend in IT certification is to move from purely technical content to a broader mix of technology business and behavioral competence which are required in todayrsquos competence 4) Government Licensing bull Some Professionals must be licensed to prove that they can do their work ethically and safely including certified public accountants Lawyers Doctors various types of medical and day care providers and some engineers bull People cannot call them as professionals unless they are licensed Most countries have similar laws
bull Generally administered at the state level in the United Statesbull Case for licensing IT professionals
ndash Encourage IT professionals to follow the highest standards of the profession ndash Practice a code of ethicsndash Violators would be punished
bull Generally administered at the state level in the United Statesbull Case for licensing IT professionals
ndash Encourage IT professionals to follow the highest standards of the profession ndash Practice a code of ethicsndash Violators would be punished
The case for licensing IT Professionals The days of simple stand-alone information system are over Modern systems are highly complex Enterprise resource planning Systems (ERPs) help multimillion-dollar companies control all their business functions Complex computers and information systems manage and control the nuclear reactors of power plants that generate electricity for cities
Page 10 of 18
As a result of the increasing importance of IT in our everyday lives the development of reliable effective information systems had become an area of mounting public concern This concern had led to a debate whether the licensing if IT professionals would improve information system Proponents argue that licensing would strongly encouraged IT professionals to follow the highest standards of the profession and practice a code of ethics and that licensing would allow violators to be punished Issues Associated with Governing Licensing of IT Professionals There are very few international or national licensing programs for IT professionals for many reasons 1) There is no universally accepted core body of knowledge 2) It is unclear who should manage the content and administration of licensing exams 3) There is no administrative body to accredit professional education programs 4) There is no administrative body to assess and ensure competence of individual professionals
13 Common Ethical Issues for IT Users IT Professional Malpractice
bull Negligence has been defined as not doing something that a reasonable man would do or doing something that a reasonable man would not do
bull Duty of care refers to the obligation to protect people against any unreasonable harm or risk bull Courts consistently reject attempts to sue individual parties for computer-related malpracticebull Employeesrsquo ethical use of IT is an area of growing concern
Common Ethical Issues for IT Usersbull Software piracybull Inappropriate use of computing resourcesbull Inappropriate sharing of information
ndash Private datandash Confidential information
Software Piracy IT Users are the ones who committed software piracy A common violation occurs when employees copy software from their work computers for use at home It is still called as piracy if they had not paid for it Inappropriate Use of Computing Resources Some employees use their computers to brows some of the popular websites that have nothing to do with their jobs These activities eat away at worker productivity and waste time Inappropriate Sharing of Information Every organization stores vast amount of information that can be classified as either private or confidential An IT User who shares this information with unauthorized party has violated someonersquos privacy Example if an IT users sawrsquos his coworkers salary records and shares it with another then it would be a clear violation of the workerrsquos privacy 2 Supporting the Ethical practices of IT Users
bull Policies that protect against abusesndash Establish boundaries of acceptable and unacceptable behaviour ndash Enable management to punish violators
bull Policy components includendash Defining and limiting the appropriate use of IT resourcesndash Establishing guidelines for use of company softwarendash Structuring information systems to protect data and informationndash Installing and maintaining a corporate firewall
The growing use of IT has increased Ethical problems so many organizations are planning to develop certain policies that protect against these problems Although no policy can stop wrongdoers it can set responsibilities on IT users and enable management to punish violators
Page 11 of 18
The following actions when creating an IT usage policy Defining and limiting the appropriate use of IT Resources Companies must develop communicate and enforce written guidelines that encourage employees to respect corporate IT resources and use them to enhance their job performance Effective guidelines prohibit employees from visiting objectionable internet sites or using company e-mail to send offensive or harassing messages Establishing guidelines for use of company software Company IT managers must provide clear rules that govern the use of home computers and associated software Some companies negotiate contracts with software manufacturers and provide PCs and software so that IT users can work at home Other companies help employeersquos bye hardware and software at corporate discount rates The goal should be to ensure that employees have legal copies of all the software they need Structuring Information systems to protect Data and Information Organizations must implement system and procedures that limit data access to employee who need it Example in Banks a teller should be able to see the account details of customers but a payroll employee doesnrsquot have any need to see the customer details as he is dealing with bank employee details Installing and maintaining a corporate firewall A firewall is a hardware or software device that serves as a barrier between a company and outside world and limits access to unwanted sites from internet The firewall can be configured to serve as an effective factor to unauthorized web surfing CONCLUSION
bull A professional from a legal standpointndash Has passed the state licensing requirements ndash Has earned the right to practice there
bull IT professionals have many different relationshipsndash Each with its own set of ethical issues and potential problems
bull Professional code of ethics ndash States the principles and core values essential to the work of an occupational group
bull Licensing and certification of IT professionalsndash Many people feel that certification will increase the reliability and effectiveness of information
systemsndash Raises many issues
bull IT-related professional organizations have developed a code of ethicsNotes helpful in examination point of viewhellip
Unit ndash III PRIVACY Introduction The use of Information technology in business has made information about people to be gathered stored analysed and reported just by one swipe of a credit or debit card This information is used to know the consumers purchasing habits and financial conditions Organizations make use of various marketing strategies to target the potential buyers This is against the privacy of an individual But on the other hand organizations need the information about their customers to serve them better so there should be a balance between those who gather and use the information against the rights of privacyWhat is PrivacyPrivacy words come from lsquolatinrsquo word ldquorivatesrdquo(separated from the rest) it can be broadly defined as the right to be left alone Privacy may be defined as the claim of individuals groups or institutions to determine when how and to what extent information about them is communicated to othersLegal concept of privacyRight of privacy Privacy is the right of any individual to control the collection and use of information about themselves Privacy has the following four aspects
Page 12 of 18
Protection from unreasonable intrusion upon onersquos isolation such as gathering of details about their web surfing habits etc
Protection from identity theft by inappropriate use of name or likeness Example like stealing of credit cards Social Security Number
Protection from unreasonable publicity of onersquos private life such as revealing condition of health Protection from unreasonable false information such as giving false information about a person in the
internet media etc What is AnonymityAnonymity means that the real author of a message is not shown or his identity is hiddenAnonymity can be implemented to make it impossible or very difficult to find out the real author of a message
Key Privacy and anonymity issues Government electronic surveillanceObserving or listening to persons places or activitiesmdashusually in a secretive or unobtrusive mannermdashwith the aid of electronic devices such as cameras microphones tape recorders or wire taps Four types of electronic surveillance are most prevalent bull Wire Tapping Wire Tapping intercepts telephone calls and telegraph messages by physically penetrating the wire circuitry Someone must actually ldquotaprdquo into telephone or telegraph wires to accomplish this type of surveillancebull Bugging Bugging is accomplished without the aid of telephone wires usually by placing a small microphone or other listening device in one location to transmit conversations to a nearby receiver and recorderbull Video Tapping
Video surveillance is performed by conspicuous or hidden cameras that transmit and record visual images that may be watched simultaneously or reviewed later on tape
Web TappingLogging the IP addresses of users that access certain websites is commonly called ldquoweb tappingrdquo Data Encryptionbull Cryptography
o Science of encoding messages o Only sender and intended receiver can understand the messageso Key tool for ensuring confidentiality integrity authenticity of electronic messages and online
business transactionsbull Encryption
o Process of converting electronic messages into a form understood only by the intended recipients Encryption key It is the Variable value applied using an algorithm to encrypt or decrypt text
bull There are two types of Encryption keys used i) public Key ii) Private KeyPublic Key encryption
bull Public key encryption system uses two keys to encode and decode messagesbull Message receiverrsquos public key ndash readily available to all and anyone can use it to send a person encrypted
messagesbull Message receiverrsquos private key ndash kept secret only the receiver will know and the owner of the message will
use it to decode it to the original messagebull RSA ndash a public key encryption algorithm
Private key encryption system This system uses Single key to encode and decode messages
bull Identity Theft Identity theft occurs when someone steals key pieces of personal information to gain access to a personrsquos financial accounts
bull Information includes
Page 13 of 18
Name Address Date of birth Social Security number Passport number Driverrsquos license number Motherrsquos maiden name
bull Fastest growing form of fraud in the United Statesbull Lack of initiative in informing people whose data was stolenPhishing
o Attempt to steal personal identity data o By tricking users into entering information on a counterfeit Web siteo phishing ndash a variation in which employees are sent phony e-mails that look like they came from
high-level executives within their organization bull Spyware
o Keystroke-logging softwareo Gets automatically downloaded to users computer without hishers knowledgeo Creates a record of keystrokes entered in the systemo Enables the capture of
Account usernames Passwords Credit card numbers Other sensitive information
o Operates even if an infected computer is not connected to the Internet
Consumer Profilingbull Companies openly collect personal information about internet users when they register at Web sites
complete surveys fill out forms or enter contests onlinebull Many companies also obtain information about Web surfers through the use of cookies Cookies are the
text files that a website puts on a userrsquos hard drive so that it can remember the information laterbull Companies also use tracking software to allow their Web sites to analyze browsing habits and deduce
personal interests and preferencesbull Databases contain huge amount of consumer behavioral data
Types of data collected while surfing the web surfing details etc and send it to advertising companies Three Types of data is collected using Cookies a method used to collect information from the useri) Get data sites visited by customerExample That the consumer visited an affiliated book site and requested information about the latest Dean Koontz book ii) Post data Data given entered by customerExample POST data is entered into blank fields on an affiliated Web page when a consumer signs up for a service such as the Travelocity service that sends an e-mail when airplane fares change for flights to favorite destinations iii) Click-stream data Keeping track of all what the user viewed and sought
bull Four ways to limit or even stop the deposit of cookies on hard drives Set the browser to limit or stop cookies Manually delete them from the hard drive Download and install a cookie-management program Use anonymous browsing programs that donrsquot accept cookies
Treating consumer Data Responsibly
Page 14 of 18
When dealing with consumer data it is required to avoid problems by taking consent from the consumer before using details for marketing or for research It can be done by appointing a Chief Privacy Officer(CPO) who has the power to stop illegal use of consumer data Work Place Monitoring
The employers have the right to monitor your activities in many situations at work place major Monitoring includes
Recording CCTV cameras Opening mail or e-mail Check phone logs or recording of phone calls Videoing outside the workplace Checking the logs of website visited Some companies even do random drug test on their employees
Spamming Transmission of the same e-mail message to a large number of people Extremely inexpensive method of marketing Used by many legitimate organizations Can contain unwanted and objectionable materials
Example Some companies might send e-mail to customers to announce the release of their new product in an attempt to increase initial sales
Advanced surveillance technologyCamera surveillance camerarsquos fixed to stop illegal activities by finding people who act suspiciously i) Facial recognition software can be used to identify criminals and terroristsii) GPS(Global Positioning chips) can be placed in devices like cell phones to locate
Users
Unit IV -SOFTWARE DEVELOPMENTObjectivesWhy do companies require high-quality software in business systems industrial process control systems and consumer productsWhat ethical issues do software manufacturers face in making tradeoffs between project schedules project costs and software quality
Need for high quality software systems High quality sw systems are easy to learn and easy to use They efficiently meet the userrsquos needs They are dependable It is highly ethical for Software engineers to develop quality softwaresImpact of Quality SoftwareA software defect is an error which can cause software systems to halt without meeting the users need Software error has to be detected and removedSoftware errors can have minor or major consequencesbull Software in dryer may cause clothes not being dried enough- Minor can be toleratedbull Software in X-ray scanner may overexpose patient to powerful X-rays ndash major cannot accept as it is deadlyHigh-quality software systemsbull operate safely and dependablybull have a high degree of availabilitybull required to support the fields of- air traffic control- nuclear power- automobile safety- health care- military and defense
Page 15 of 18
- space explorationKey Issues in Software DevelopmentEthical decisions involve
Quality Management which defines the measure of quality in the development processbull tradeoff between quality and other factors such as ease of use time to market and development costsbull some managers may have a short-term profit-oriented viewbull others may prefer the more ethical view of delivering high-quality softwarebull need to also review legal implications of software errorsLiabilityResponsibilitySoftware product liabilitybull accidents due to software errors may result in lawsuits and punitive damagesbull liability is commonly referred to as product liabilitybull there is no federal liability law software liability falls under common lawbull strict liabilty means manufacturer is responsible for regardless of negligence or intent 1048774
but there are lines of defense against thisbull responsibilty may be limited to harmful defects that could have been detected through lsquoreasonablersquo software practicesbull there is also the concept of lsquocontributoryrsquo negligence (eg accidentally cut finger using nail clippers)bull warranty also protects consumer but may be hard to read
Reasons For Software Defects1) Inexperienced or quality-ignorant software coding
bull quality software evolves right from the startbull but few have the conscience to do it
2) Human errorbull programmers inject one defect for every 10 lines of codebull eg Windows XT 400 M lines of code even if 999 was cleanthere still would be 1 bug per 10000 lines of code 1048774 large softwarestill contains thousands of bugs
3) Time pressurebull competition requires fast delivery of the product with more featuresbull A patch is a fix for an software error Many think software errors can be patchedConsequences of a Software defectbull could cause a system to fail to meet usersrsquo needsbull impact may be trivial or very seriousbull even patches may contain (new) defects Software qualitybull degree to which software meets the needs of usersbull lsquotestingrsquo done by customersbull some avoid buying the first version
Strtegies for developing Quality SoftwareMore and more users are demanding high-quality softwareQuality Management measures the quality of software in the development process The objective is to deliver high quality software Various strategies are adopted
1 Following a properaccepted standard software development methodology2 Ensure Quality Assurance at each stage of software development3 Detecting an error early and fixing it early4 Testing the product before delivering it to the customer5 Document the various stages of software development to ensure quality
Quality Software Development Processi) Following a properaccepted standard software development methodology
Page 16 of 18
It is safe to follow a proper and accepted software development methodology where the software is developed in controlled and orderly way These methods are proven where negligence can be avoided
ii) Ensure software quality assurance It refers to methods in development cycle that guarantee reliable operation of the product Quality assurance is applied in each stage of the development cycle where standard methods are applied to ensure software quality
iii) Detecting an error early and fixing it early it is Safer and cheaper to avoid software problems at the beginning than to attempt to fix damages after the product is deliveredbull identify and remove errors early in the development process is a - cost-saving measure - 100 times less cost when bug is detected early before product roll-out
- most efficient way to improve software quality - bug effect (and its fix) may ripple through large pieces of the software iv) Testing This is one of the proven methods for quality assurance Types of Testing Dynamic testing software is developed in units called subroutines or programs These units are integrated to form a large system Each unit of code is tested with actual test data and compare results with expected results This is called dynamic testing bull Black-box testing - want code to demonstrate expected output behaviour for all input data in test Suite - tester has no knowledge and structure of code bull White-box testing (tester has knowledge of code) - testing all possible logic paths through the software unit - with thorough knowledge of the codersquos logic paths - make each program statement execute at least once - for example for program to calculate employee gross pay The test case would be for less than 40 hours and test case for more than 40 hours hellip to check calculations for overtime pay
Other Types of Testing Static testingbull static analyzers are run against the new code -bull looks for suspicious patterns in programs that might indicate a defectIntegration testingbull after successful unit testing bull software units are combined into an integrated subsystembull ensures that all linkages among various subsystems work SuccessfullySystem testingbull after successful integration testingbull various subsystems are combinedbull tests the entire system as a complete entityUser acceptance testingbull independent testingbull performed by trained end-usersbull ensures that the system operates as they expectSafety-Critical SystemsConsequences of software defects in certain systems can be deadly such systems are called Safety-critical systemsbull companies must take special precautions in developing Safety-critical system as failure may cause injury or deathbull examples- automobilersquos antilock brakes- nuclear power plant reactors- airplane navigation- roller coasters- elevators- medical devicesbull example bug in Therac-25 radiation therapy machine 1985-87- wrong sequence of menu selections caused large radiation dose to be delivered to the patient
Page 17 of 18
Key assumptionbull safety will not automatically result from following the organizationrsquos standard development methodologySoftware development measures for safety-critical systemsSafety-critical systems Must go through a more rigorous and time-consuming development process than other kinds of softwareAll tasks requirebull additional stepsbull more thorough documentationbull more checking and recheckingProject safety engineer takes care of safety of the machinesbull explicit responsibility for the systemrsquos safetybull uses a logging and monitoring system to track hazards from the projectrsquos start to finishHazard logbull used at each stage of the software development processbull assesses how it has accounted for detected hazardsSafety reviewsbull held throughout the development processRobust configuration management systembull tracks all safety-related documentationFormal documentation requiredbull including verification reviews and signaturesKey issuebull deciding when Quality Assurance staff has performed enough testing Riskbull probability of an undesirable event occurring times the magnitude of the eventrsquos consequences if it does happen bull consequences include- damage to property- loss of money- injury to people- deathQuality Management Standards
i) ISO 9000 standardbull guide to quality products services and managementbull organization must submit to an examination by an external assessorbull requirements- written procedures for everything it does- follow those procedures- prove to the auditor the organization fulfilled the first two requirementsii) Failure mode and effects analysis (FMEA)bull important technique to develop an ISO 9000 compliant systembull used to evaluate reliabilitybull determine the effect of system and equipment failuresbull goal identify potential design and process failures early in a project
ii) Failure mode and effects analysis (FMEA)bull Failure mode- describes how a product or process could failbull Effect- adverse consequence that a customer might experiencebull seldom is a one-to-one relationship between cause and effectQuality Management StandardsDO-178BEUROCCAE ED-128bull evaluation standard for the international aviation communitybull developed by Radio Technical Commission for Aeronautics (RTCA)
Page 18 of 18
Such environment can make some employees feel pressure to engage in unethical conduct to meet management expectations 125 Ethical Decision Making Often in business the ethically correct course of action is clear and easy to follow Exceptions occur however when ethical facts come into conflict with practical demands business Dealing with these situations is challenging and can even be risky to onersquos career Seven steps are summarized below which explains how decisions to be taken i) Get the facts ii) Identify stakeholders and their positions iii) Consider the consequences of our decisions iv) Weigh various guidelines and principles v) Develop and evaluate options vi) Review our decision vii) Evaluate the results of our decision
Getting the Facts o Innocent situations can often become unnecessary controversies because no one bothers to check the facts o Example we might see our boss receive an application form from an applicant and he throws that in the dustbin onersquos the applicant leaves actually our boss has to keep the report for at least a period of one year according to rules We could report to our boss to failure in policies We could be surprised to find actually the situation is different it is not applicant it is a salesman who approached our boss in promoting a product for which the company had no use and the application was marketing literature Identify the stakeholders and their positions o A stakeholder is someone stands to gain or lose from how a situation is resolved o Stakeholders are the people who are going to get affected with the decisions made by the employees o Identifying the stakeholder helps we better understand the impact of decision and could help we make better decisions o We need to find the details about stakeholders like what is at stake for each stakeholder what does each stakeholder value and what outcomes does the stakeholder want Etc
Considering the consequences (results) of our decision o Often our decision directly affects we although we must guard thinking too narrowly and focusing on what is best for we o Another perspective is considering the harmful and beneficial effects our decision might have on the stakeholders o A third perspective is to ask whether our decision will help the organization meet its goals and objectives o Finally we should consider our decisions effect on broader community of other organizations and institutions the public and the environment
Weighting various Guidelines and Principles o Do any laws apply to our decision o We certainly donrsquot want to violate a law that can lead to a fine or imprisonment for ourself or others o If the decision does not have legal implication what corporate policies or guidelines apply o What guidelines does the corporate code of ethics offer o Below are philosophers approach to deal with moral issues Philosopherrsquos theory for ethical decision making Virtue ethics approach Utilitarian approach Fairness approach Common good approach
Page 4 of 18
Virtue ethics approach Virtue ethics focuses on how we should behave and think about relationship if we are concerned with our daily life in a community Utilitarian Approach This approach to ethics decision making states that we should choose the action or policy that has best overall result for all people who are directly or indirectly affected Fairness Approach This approach focuses on how fairly actions and policies distribute benefits and burden of people affected by the decision Common good approach This approach to decision making is based on a vision of society as a community whose members work together to achieve a common set of values and goals Developing and evaluating Options o In many cases we can identify several answers to a complex ethical question o By listing the key principals that need to be applied for decision making this helps we to select two to three best options o Options we select must be ethically defensible Reviewing our Decision o Is the decision consistent with our personal values as well as those of organization o How would coworker stakeholder business partners friends and family regard our decision o Would we see our decision is right good and fair Evaluating the Result of our Decision After the organization implements the decision monitor the result to see if it achieves the desired result and observer its impact on employees and other affected parties 13 ETHICS IN INFORMATION TECHNOLOGY The growth of the Internet the ability to capture and store vast amount of personal data online and greater trust on information system in all aspects of life have increased the risk if using information technology unethically Example that raises public concern about the ethical use of information technology o Millions of people have use peer to peer network download music and movies at no charge and in apparent violation of copyright laws o Organizations contact millions of people worldwide through unsolicited e-mails (spam) at an extremely low cost o Hackers break into database of financial institutions and steal customer information then then use it to commit identity theft opening new account and charging purchases to unsuspecting victims o Student around the world have been caught downloading material from the internet and cheating in downloading the content of question papers o Website plant cookies or spyware on visitorrsquos hard drives to track their internet activities o The general public has not realized the critical importance of ethics as they apply to IT o In the corporate world important technical decisions are often left to the technical experts o General business manager must assume greater responsibility for these decisions but to do so they must be able to make broad minded objective ethical decisions based on technical knowledge and business knowledge o They must also try to create a work environment in which ethical dilemma can be discussed openly objectively and constructively
Notes Helpful for Exams (points to be remembered) 1) WHAT IS ETHICS 2) The Importance of Integrity (Honesty) 3) ETHICS IN THE BUSINESS WORLD I Why Fostering Good Business Ethics is Important 1 To gain the Goodwill of the Community 2 To create an organization that operates consistently 3 To produce good business
Page 5 of 18
4 To protect the organization and its employees from legal action 5 To avoid unfavorable publicity II Improving Corporate Ethics 1 Appointing Corporate Ethics Officer 2 Ethical Standards Set by Board of Directors 3 Establishing a Corporate Code of Ethics 4 Conducting Social Audits 5 Requiring Employees to Take Ethics Training 6 Including Ethical Criteria in Employees Appraisals III When Good Ethics Result in Short Term Losses IV Creating an Ethical work Environment V Ethical Decision Making a) Get the facts b) Identify stakeholders and their positions c) Consider the consequences of our decisions d) Weigh various guidelines and principles e) Develop and evaluate options f) Review our decision g) Evaluate the results of our decision
Unit-II ETHICS IN IT-PROFESSIONALS AND IT-USERS
Ethics for IT Professionals and IT Users OBJECTIVES
bull What key characteristics distinguish a professional from other kinds of workers and what is the role of an IT professional
bull What relationships must an IT professional manage and what key ethical issues can arise in eachbull How do codes of ethics professional organizations certification and licensing affect the ethical behaviour
of IT professionalsbull What are the key tenets of four different codes of ethics that provide guidance for IT professionalsbull What are the common ethical issues that face IT usersbull What approaches can support the ethical practices of IT users
11 IT PROFESSIONALS bull A Professional is a calling that requires specialized knowledge and often long and complete academic preparation bull The US Code of Federal Regulations defines a person ldquoEmployed in a professional capacityrdquo as one who meets these four criteria 1) Onersquos primary duty consist of Performance of work requiring knowledge of an advanced type in a field of science or learning 2) Onersquos instruction study or work should be original 3) Onersquos work is strongly knowledgeable and that exercises discretion and judgment Example ndash Accountants Doctors Lawyers4) Onersquos work is predominantly intellectual and varied in character which cannot be generalized
1) Are IT Workers Professionals IT PROFESSIONALSMany Business workers have duties backgrounds and training that qualifies them to be classified as Professionals o One could argue however that not every IT role requires knowledge of an advanced type in a field of science o According to US Code of definition IT professionals are not recognized as professionals because they are not licensed
bull Partial list of IT specialistsndash Programmers
Page 6 of 18
ndash Systems analystsndash Software engineersndash Database administratorsndash Local area network (LAN) administratorsndash Chief information officers (CIOs)
bull Legal perspectivendash IT workers are not recognized as professionals ndash Not licensedndash IT workers are not liable for malpractice
2) Professional Relationships that must be managed IT Professionals typically become involved in many different relationships In each relationship an IT Professional should act honestly and appropriately Ethics has to be maintained in these relationships
bull IT professionals have many different relationships withndash Employersndash Clientsndash Suppliersndash Other professionalsndash IT usersndash Society at large
Relationship between IT Professional and Employers IT Professional and employers have a critical strong relationship An IT professional and employer discuss and agree upon fundamental aspects of this relationship before the
professional accepts an employment offer These issues include job title general performance expectations specific work -responsibility dress code
location of employment salary working hours etc Example whether an employee can leave early one day if the time is made up on another day Some aspects are addressed to law for example an employee cannot be required to do anything illegal such as
falsify the result of a quality assurance test bull IT professionals must set an example and enforce policies regarding the ethical use of ITbull Software piracy is the act of illegally making copies of software or enabling others to access software to
which they are not entitledbull Software piracy is an area in which IT professionals can be tempted to violate laws and policies bull The Business Software Alliance (BSA) is a trade group that represents the worldrsquos largest software and
hardware manufacturers ndash Its mission is to stop the unauthorized copying of software produced by its members
bull Trade secretndash Information used in businessndash Generally unknown to the publicndash Company has taken strong measures to keep confidential
bull Whistle-blowing ndash Attracts attention to a negligent illegal unethical abusive or dangerous act that threatens the
public interestRelationship between IT Professional and clients In relationship between IT professional and clients each party agrees to provide something of value to the other Generally speaking the IT professional provides hardware software or service at a certain cost within a given time
bull IT professional providesndash Hardware software or services at a certain cost and within a given time frame
bull Client provides ndash Compensationndash Access to key contacts
Page 7 of 18
ndash Work spaceRelationship is usually documented in contractual terms This relationship is usually documented in a contractual terms who does what when the work begins how long it will take how much client pays and so on
bull Ethical problems arise if a company recommends its own products and services to remedy problems they have detected
ndash A company is unable to provide full and accurate reporting of a projectrsquos status
Legal Overview Fraud Misrepresentation and Breach of Contractndash Fraud -Crime of obtaining goods services or property through deception or trickeryndash Fraud is proven in courtndash Breach of contract -One party fails to meet the terms of a contract
bull IT projects are joint efforts in which vendors and customers work togetherndash Difficult to assign blame
Relationship between IT Professionals and Suppliers bull Develop good relationships with suppliers
ndash Deal fairly with themndash Do not make unreasonable demandsndash Bribery -Providing money property or favors to someone in business or government to obtain a
business advantagendash US Foreign Corrupt Practices Act (FCPA) makes it a crime to bribe a foreign official a foreign
political party official or a candidate for foreign political office ndash At what point does a gift become a bribendash No gift should be hidden as Perceptions of donor and recipient can differ
IT Professionals deal with many hardware software and service providers IT professionals must keep good relationship with supplier by dealing very fairly and not making unreasonable demands Threatening to replace a supplier who canrsquot deliver needed equipment tomorrow when the normal industry lead time is one week is aggressive behavior that does not help a working relationship Supplier also tries hard to maintain positive relationships with their customers to make and increase sales Sometimes their actions to achieve their goals might be unethical Example They could offer an IT professional a gift that is actually intended as a bribe Clearly IT Professional should not accept a bribe from a vendor Relationship between IT Professional and Other Professionals
bull Professionals owe each other adherence to a professions code of conductbull Ethical problems between members of the IT profession
ndash Reacutesumeacute inflationndash Inappropriate sharing of corporate information
Professionals feel a degree of loyalty to the other members of their profession As a result they always help each other and slow to criticize each other in public Professionals have interest in their own profession as a whole A number of Ethical Problems can arise between members of the IT profession One of the most common is resume inflation which includes lying on a resume and claiming competence in an IT skill that is in high demandRelationship Between IT Professional and IT Users
bull IT user is a person for whom a hardware or software product is designedbull IT professionalsrsquo duty
ndash Understand usersrsquo needs and capabilities ndash Deliver products and services that best meet those needsndash Establish an environment that supports ethical behaviour by users
Page 8 of 18
bull Actions of an IT professional can affect societyThe term IT User distinguishes the person from whom a hardware or software product is designed from the IT Professional who develop install service and support the product IT Professionals have to understand a userrsquos need and capabilities and to deliver products and services that best meet the needs of users Relationships between IT Professionals and Society Regulatory laws establish safety standards for products and services to protect the public However these laws are less than perfect and they fail to safeguard against all negative side effects of product or process The society not only expects members of a profession not to cause harm but to provide significant benefits Example a system analyst may design a computer based control system to monitor a chemical manufacturing process A failure or error occurs in the system may put workers or residents near the plant at risk 12 THE ETHICAL BEHAVIOR OF IT PROFESSIONALS
bull Corporations are taking actions to ensure good business ethics among employees121 Professional Codes of Ethics
bull A professional code of ethics states the principles and core values that are essential to the work of a particular occupational group
bull Example Doctors stick to varying versions of the 2000-year-old Hippocratic Oath with medical schools offer an affirmation to their graduating classes
bull Most codes of ethics created by professional organizations have two main parts bull The first outlines what the professional organization aspires to become and the second typically lists the rules
and principles by which members of the organization expected to follow i )Main partsndash Outlines what the professional organization aspires to becomendash Lists rules and principles by which members of the organization are expected to abide
ii) Benefits for individual profession and societyndash Improves ethical decision makingndash Promotes high standards of practice and ethical behaviour ndash Enhances trust and respect from the general publicndash Provides an evaluation benchmarkndash Promotes high standard of practice and ethical behavior
bull Note laws do not provide a complete guide to ethical behavior Just because an activity is not defined as illegal does not mean it is ethical One cannot expect professional ethical code to provide answer to every thing However practicing according to a professional code of ethics can produce many benefits for the individuals professionals and society as whole 122) Professional Organizations
a) Professional Organizationsbull No IT Professional organization has emerged to excelling others so there is no universal code of ethics for IT professionals
No single formal organization of IT professionals has emerged as preeminentbull However the existence of such organizations useful in a field that is rapidly growing and changing bull IT Professionals need to know about new development in the field which require networking with others finding new ideas and building personal skills and expertise bull In recognition for the need for professional standards of competence and conduct bull Many organizations have developed a code of ethics Four most prominent IT professional organizations are 1 Association of Computing Machinery (ACM) 2 Association of Information Technology Professionals (AITP) 3 Computer Society of the institute of Electrical and Electronics Engineers (IEEE-CS) 4 Project Management Institute (PMI)
Page 9 of 18
b) Certification Indicates a professional possesses a particular set of skills knowledge or abilities in the opinion of a certifying organizationCan also apply to products Generally voluntaryIT related certifications typically carry no equipment to stick to a code of ethics Carries no requirement to adhere to a code of ethicsVendor certifications
a Some certifications substantially improve IT workersrsquo salaries and career prospectsb Relevant for narrowly defined roles
i Or certain aspects of broader rolesc Require passing a written examd Workers are commonly recertified as newer technologies become available
c) Industry association certificationsa Require a certain level of experience and a broader perspective than vendor certificationsb Lag in developing tests that cover new technologies
Numerous companies and professional organizations offer certifications and opinions are divided on their values Many employers view them as benchmarks that indicate mastery of defined set of basic knowledge On the other hand some may disagree because the candidate may not have experience of it Certifications are again divided in to two types Vendor Certifications Many IT Vendors such as CISCO IBM Microsoft Sun and Oracle offer certification programs for their products Workers who successfully complete a program can represent themselves as certified users of manufacturerrsquos products Industry Associated Certifications Certifications from industry associations generally require a certain level of experience and a broader thinking than vendor certifications however they often lag in developing tests that cover new technology The trend in IT certification is to move from purely technical content to a broader mix of technology business and behavioral competence which are required in todayrsquos competence 4) Government Licensing bull Some Professionals must be licensed to prove that they can do their work ethically and safely including certified public accountants Lawyers Doctors various types of medical and day care providers and some engineers bull People cannot call them as professionals unless they are licensed Most countries have similar laws
bull Generally administered at the state level in the United Statesbull Case for licensing IT professionals
ndash Encourage IT professionals to follow the highest standards of the profession ndash Practice a code of ethicsndash Violators would be punished
bull Generally administered at the state level in the United Statesbull Case for licensing IT professionals
ndash Encourage IT professionals to follow the highest standards of the profession ndash Practice a code of ethicsndash Violators would be punished
The case for licensing IT Professionals The days of simple stand-alone information system are over Modern systems are highly complex Enterprise resource planning Systems (ERPs) help multimillion-dollar companies control all their business functions Complex computers and information systems manage and control the nuclear reactors of power plants that generate electricity for cities
Page 10 of 18
As a result of the increasing importance of IT in our everyday lives the development of reliable effective information systems had become an area of mounting public concern This concern had led to a debate whether the licensing if IT professionals would improve information system Proponents argue that licensing would strongly encouraged IT professionals to follow the highest standards of the profession and practice a code of ethics and that licensing would allow violators to be punished Issues Associated with Governing Licensing of IT Professionals There are very few international or national licensing programs for IT professionals for many reasons 1) There is no universally accepted core body of knowledge 2) It is unclear who should manage the content and administration of licensing exams 3) There is no administrative body to accredit professional education programs 4) There is no administrative body to assess and ensure competence of individual professionals
13 Common Ethical Issues for IT Users IT Professional Malpractice
bull Negligence has been defined as not doing something that a reasonable man would do or doing something that a reasonable man would not do
bull Duty of care refers to the obligation to protect people against any unreasonable harm or risk bull Courts consistently reject attempts to sue individual parties for computer-related malpracticebull Employeesrsquo ethical use of IT is an area of growing concern
Common Ethical Issues for IT Usersbull Software piracybull Inappropriate use of computing resourcesbull Inappropriate sharing of information
ndash Private datandash Confidential information
Software Piracy IT Users are the ones who committed software piracy A common violation occurs when employees copy software from their work computers for use at home It is still called as piracy if they had not paid for it Inappropriate Use of Computing Resources Some employees use their computers to brows some of the popular websites that have nothing to do with their jobs These activities eat away at worker productivity and waste time Inappropriate Sharing of Information Every organization stores vast amount of information that can be classified as either private or confidential An IT User who shares this information with unauthorized party has violated someonersquos privacy Example if an IT users sawrsquos his coworkers salary records and shares it with another then it would be a clear violation of the workerrsquos privacy 2 Supporting the Ethical practices of IT Users
bull Policies that protect against abusesndash Establish boundaries of acceptable and unacceptable behaviour ndash Enable management to punish violators
bull Policy components includendash Defining and limiting the appropriate use of IT resourcesndash Establishing guidelines for use of company softwarendash Structuring information systems to protect data and informationndash Installing and maintaining a corporate firewall
The growing use of IT has increased Ethical problems so many organizations are planning to develop certain policies that protect against these problems Although no policy can stop wrongdoers it can set responsibilities on IT users and enable management to punish violators
Page 11 of 18
The following actions when creating an IT usage policy Defining and limiting the appropriate use of IT Resources Companies must develop communicate and enforce written guidelines that encourage employees to respect corporate IT resources and use them to enhance their job performance Effective guidelines prohibit employees from visiting objectionable internet sites or using company e-mail to send offensive or harassing messages Establishing guidelines for use of company software Company IT managers must provide clear rules that govern the use of home computers and associated software Some companies negotiate contracts with software manufacturers and provide PCs and software so that IT users can work at home Other companies help employeersquos bye hardware and software at corporate discount rates The goal should be to ensure that employees have legal copies of all the software they need Structuring Information systems to protect Data and Information Organizations must implement system and procedures that limit data access to employee who need it Example in Banks a teller should be able to see the account details of customers but a payroll employee doesnrsquot have any need to see the customer details as he is dealing with bank employee details Installing and maintaining a corporate firewall A firewall is a hardware or software device that serves as a barrier between a company and outside world and limits access to unwanted sites from internet The firewall can be configured to serve as an effective factor to unauthorized web surfing CONCLUSION
bull A professional from a legal standpointndash Has passed the state licensing requirements ndash Has earned the right to practice there
bull IT professionals have many different relationshipsndash Each with its own set of ethical issues and potential problems
bull Professional code of ethics ndash States the principles and core values essential to the work of an occupational group
bull Licensing and certification of IT professionalsndash Many people feel that certification will increase the reliability and effectiveness of information
systemsndash Raises many issues
bull IT-related professional organizations have developed a code of ethicsNotes helpful in examination point of viewhellip
Unit ndash III PRIVACY Introduction The use of Information technology in business has made information about people to be gathered stored analysed and reported just by one swipe of a credit or debit card This information is used to know the consumers purchasing habits and financial conditions Organizations make use of various marketing strategies to target the potential buyers This is against the privacy of an individual But on the other hand organizations need the information about their customers to serve them better so there should be a balance between those who gather and use the information against the rights of privacyWhat is PrivacyPrivacy words come from lsquolatinrsquo word ldquorivatesrdquo(separated from the rest) it can be broadly defined as the right to be left alone Privacy may be defined as the claim of individuals groups or institutions to determine when how and to what extent information about them is communicated to othersLegal concept of privacyRight of privacy Privacy is the right of any individual to control the collection and use of information about themselves Privacy has the following four aspects
Page 12 of 18
Protection from unreasonable intrusion upon onersquos isolation such as gathering of details about their web surfing habits etc
Protection from identity theft by inappropriate use of name or likeness Example like stealing of credit cards Social Security Number
Protection from unreasonable publicity of onersquos private life such as revealing condition of health Protection from unreasonable false information such as giving false information about a person in the
internet media etc What is AnonymityAnonymity means that the real author of a message is not shown or his identity is hiddenAnonymity can be implemented to make it impossible or very difficult to find out the real author of a message
Key Privacy and anonymity issues Government electronic surveillanceObserving or listening to persons places or activitiesmdashusually in a secretive or unobtrusive mannermdashwith the aid of electronic devices such as cameras microphones tape recorders or wire taps Four types of electronic surveillance are most prevalent bull Wire Tapping Wire Tapping intercepts telephone calls and telegraph messages by physically penetrating the wire circuitry Someone must actually ldquotaprdquo into telephone or telegraph wires to accomplish this type of surveillancebull Bugging Bugging is accomplished without the aid of telephone wires usually by placing a small microphone or other listening device in one location to transmit conversations to a nearby receiver and recorderbull Video Tapping
Video surveillance is performed by conspicuous or hidden cameras that transmit and record visual images that may be watched simultaneously or reviewed later on tape
Web TappingLogging the IP addresses of users that access certain websites is commonly called ldquoweb tappingrdquo Data Encryptionbull Cryptography
o Science of encoding messages o Only sender and intended receiver can understand the messageso Key tool for ensuring confidentiality integrity authenticity of electronic messages and online
business transactionsbull Encryption
o Process of converting electronic messages into a form understood only by the intended recipients Encryption key It is the Variable value applied using an algorithm to encrypt or decrypt text
bull There are two types of Encryption keys used i) public Key ii) Private KeyPublic Key encryption
bull Public key encryption system uses two keys to encode and decode messagesbull Message receiverrsquos public key ndash readily available to all and anyone can use it to send a person encrypted
messagesbull Message receiverrsquos private key ndash kept secret only the receiver will know and the owner of the message will
use it to decode it to the original messagebull RSA ndash a public key encryption algorithm
Private key encryption system This system uses Single key to encode and decode messages
bull Identity Theft Identity theft occurs when someone steals key pieces of personal information to gain access to a personrsquos financial accounts
bull Information includes
Page 13 of 18
Name Address Date of birth Social Security number Passport number Driverrsquos license number Motherrsquos maiden name
bull Fastest growing form of fraud in the United Statesbull Lack of initiative in informing people whose data was stolenPhishing
o Attempt to steal personal identity data o By tricking users into entering information on a counterfeit Web siteo phishing ndash a variation in which employees are sent phony e-mails that look like they came from
high-level executives within their organization bull Spyware
o Keystroke-logging softwareo Gets automatically downloaded to users computer without hishers knowledgeo Creates a record of keystrokes entered in the systemo Enables the capture of
Account usernames Passwords Credit card numbers Other sensitive information
o Operates even if an infected computer is not connected to the Internet
Consumer Profilingbull Companies openly collect personal information about internet users when they register at Web sites
complete surveys fill out forms or enter contests onlinebull Many companies also obtain information about Web surfers through the use of cookies Cookies are the
text files that a website puts on a userrsquos hard drive so that it can remember the information laterbull Companies also use tracking software to allow their Web sites to analyze browsing habits and deduce
personal interests and preferencesbull Databases contain huge amount of consumer behavioral data
Types of data collected while surfing the web surfing details etc and send it to advertising companies Three Types of data is collected using Cookies a method used to collect information from the useri) Get data sites visited by customerExample That the consumer visited an affiliated book site and requested information about the latest Dean Koontz book ii) Post data Data given entered by customerExample POST data is entered into blank fields on an affiliated Web page when a consumer signs up for a service such as the Travelocity service that sends an e-mail when airplane fares change for flights to favorite destinations iii) Click-stream data Keeping track of all what the user viewed and sought
bull Four ways to limit or even stop the deposit of cookies on hard drives Set the browser to limit or stop cookies Manually delete them from the hard drive Download and install a cookie-management program Use anonymous browsing programs that donrsquot accept cookies
Treating consumer Data Responsibly
Page 14 of 18
When dealing with consumer data it is required to avoid problems by taking consent from the consumer before using details for marketing or for research It can be done by appointing a Chief Privacy Officer(CPO) who has the power to stop illegal use of consumer data Work Place Monitoring
The employers have the right to monitor your activities in many situations at work place major Monitoring includes
Recording CCTV cameras Opening mail or e-mail Check phone logs or recording of phone calls Videoing outside the workplace Checking the logs of website visited Some companies even do random drug test on their employees
Spamming Transmission of the same e-mail message to a large number of people Extremely inexpensive method of marketing Used by many legitimate organizations Can contain unwanted and objectionable materials
Example Some companies might send e-mail to customers to announce the release of their new product in an attempt to increase initial sales
Advanced surveillance technologyCamera surveillance camerarsquos fixed to stop illegal activities by finding people who act suspiciously i) Facial recognition software can be used to identify criminals and terroristsii) GPS(Global Positioning chips) can be placed in devices like cell phones to locate
Users
Unit IV -SOFTWARE DEVELOPMENTObjectivesWhy do companies require high-quality software in business systems industrial process control systems and consumer productsWhat ethical issues do software manufacturers face in making tradeoffs between project schedules project costs and software quality
Need for high quality software systems High quality sw systems are easy to learn and easy to use They efficiently meet the userrsquos needs They are dependable It is highly ethical for Software engineers to develop quality softwaresImpact of Quality SoftwareA software defect is an error which can cause software systems to halt without meeting the users need Software error has to be detected and removedSoftware errors can have minor or major consequencesbull Software in dryer may cause clothes not being dried enough- Minor can be toleratedbull Software in X-ray scanner may overexpose patient to powerful X-rays ndash major cannot accept as it is deadlyHigh-quality software systemsbull operate safely and dependablybull have a high degree of availabilitybull required to support the fields of- air traffic control- nuclear power- automobile safety- health care- military and defense
Page 15 of 18
- space explorationKey Issues in Software DevelopmentEthical decisions involve
Quality Management which defines the measure of quality in the development processbull tradeoff between quality and other factors such as ease of use time to market and development costsbull some managers may have a short-term profit-oriented viewbull others may prefer the more ethical view of delivering high-quality softwarebull need to also review legal implications of software errorsLiabilityResponsibilitySoftware product liabilitybull accidents due to software errors may result in lawsuits and punitive damagesbull liability is commonly referred to as product liabilitybull there is no federal liability law software liability falls under common lawbull strict liabilty means manufacturer is responsible for regardless of negligence or intent 1048774
but there are lines of defense against thisbull responsibilty may be limited to harmful defects that could have been detected through lsquoreasonablersquo software practicesbull there is also the concept of lsquocontributoryrsquo negligence (eg accidentally cut finger using nail clippers)bull warranty also protects consumer but may be hard to read
Reasons For Software Defects1) Inexperienced or quality-ignorant software coding
bull quality software evolves right from the startbull but few have the conscience to do it
2) Human errorbull programmers inject one defect for every 10 lines of codebull eg Windows XT 400 M lines of code even if 999 was cleanthere still would be 1 bug per 10000 lines of code 1048774 large softwarestill contains thousands of bugs
3) Time pressurebull competition requires fast delivery of the product with more featuresbull A patch is a fix for an software error Many think software errors can be patchedConsequences of a Software defectbull could cause a system to fail to meet usersrsquo needsbull impact may be trivial or very seriousbull even patches may contain (new) defects Software qualitybull degree to which software meets the needs of usersbull lsquotestingrsquo done by customersbull some avoid buying the first version
Strtegies for developing Quality SoftwareMore and more users are demanding high-quality softwareQuality Management measures the quality of software in the development process The objective is to deliver high quality software Various strategies are adopted
1 Following a properaccepted standard software development methodology2 Ensure Quality Assurance at each stage of software development3 Detecting an error early and fixing it early4 Testing the product before delivering it to the customer5 Document the various stages of software development to ensure quality
Quality Software Development Processi) Following a properaccepted standard software development methodology
Page 16 of 18
It is safe to follow a proper and accepted software development methodology where the software is developed in controlled and orderly way These methods are proven where negligence can be avoided
ii) Ensure software quality assurance It refers to methods in development cycle that guarantee reliable operation of the product Quality assurance is applied in each stage of the development cycle where standard methods are applied to ensure software quality
iii) Detecting an error early and fixing it early it is Safer and cheaper to avoid software problems at the beginning than to attempt to fix damages after the product is deliveredbull identify and remove errors early in the development process is a - cost-saving measure - 100 times less cost when bug is detected early before product roll-out
- most efficient way to improve software quality - bug effect (and its fix) may ripple through large pieces of the software iv) Testing This is one of the proven methods for quality assurance Types of Testing Dynamic testing software is developed in units called subroutines or programs These units are integrated to form a large system Each unit of code is tested with actual test data and compare results with expected results This is called dynamic testing bull Black-box testing - want code to demonstrate expected output behaviour for all input data in test Suite - tester has no knowledge and structure of code bull White-box testing (tester has knowledge of code) - testing all possible logic paths through the software unit - with thorough knowledge of the codersquos logic paths - make each program statement execute at least once - for example for program to calculate employee gross pay The test case would be for less than 40 hours and test case for more than 40 hours hellip to check calculations for overtime pay
Other Types of Testing Static testingbull static analyzers are run against the new code -bull looks for suspicious patterns in programs that might indicate a defectIntegration testingbull after successful unit testing bull software units are combined into an integrated subsystembull ensures that all linkages among various subsystems work SuccessfullySystem testingbull after successful integration testingbull various subsystems are combinedbull tests the entire system as a complete entityUser acceptance testingbull independent testingbull performed by trained end-usersbull ensures that the system operates as they expectSafety-Critical SystemsConsequences of software defects in certain systems can be deadly such systems are called Safety-critical systemsbull companies must take special precautions in developing Safety-critical system as failure may cause injury or deathbull examples- automobilersquos antilock brakes- nuclear power plant reactors- airplane navigation- roller coasters- elevators- medical devicesbull example bug in Therac-25 radiation therapy machine 1985-87- wrong sequence of menu selections caused large radiation dose to be delivered to the patient
Page 17 of 18
Key assumptionbull safety will not automatically result from following the organizationrsquos standard development methodologySoftware development measures for safety-critical systemsSafety-critical systems Must go through a more rigorous and time-consuming development process than other kinds of softwareAll tasks requirebull additional stepsbull more thorough documentationbull more checking and recheckingProject safety engineer takes care of safety of the machinesbull explicit responsibility for the systemrsquos safetybull uses a logging and monitoring system to track hazards from the projectrsquos start to finishHazard logbull used at each stage of the software development processbull assesses how it has accounted for detected hazardsSafety reviewsbull held throughout the development processRobust configuration management systembull tracks all safety-related documentationFormal documentation requiredbull including verification reviews and signaturesKey issuebull deciding when Quality Assurance staff has performed enough testing Riskbull probability of an undesirable event occurring times the magnitude of the eventrsquos consequences if it does happen bull consequences include- damage to property- loss of money- injury to people- deathQuality Management Standards
i) ISO 9000 standardbull guide to quality products services and managementbull organization must submit to an examination by an external assessorbull requirements- written procedures for everything it does- follow those procedures- prove to the auditor the organization fulfilled the first two requirementsii) Failure mode and effects analysis (FMEA)bull important technique to develop an ISO 9000 compliant systembull used to evaluate reliabilitybull determine the effect of system and equipment failuresbull goal identify potential design and process failures early in a project
ii) Failure mode and effects analysis (FMEA)bull Failure mode- describes how a product or process could failbull Effect- adverse consequence that a customer might experiencebull seldom is a one-to-one relationship between cause and effectQuality Management StandardsDO-178BEUROCCAE ED-128bull evaluation standard for the international aviation communitybull developed by Radio Technical Commission for Aeronautics (RTCA)
Page 18 of 18
Virtue ethics approach Virtue ethics focuses on how we should behave and think about relationship if we are concerned with our daily life in a community Utilitarian Approach This approach to ethics decision making states that we should choose the action or policy that has best overall result for all people who are directly or indirectly affected Fairness Approach This approach focuses on how fairly actions and policies distribute benefits and burden of people affected by the decision Common good approach This approach to decision making is based on a vision of society as a community whose members work together to achieve a common set of values and goals Developing and evaluating Options o In many cases we can identify several answers to a complex ethical question o By listing the key principals that need to be applied for decision making this helps we to select two to three best options o Options we select must be ethically defensible Reviewing our Decision o Is the decision consistent with our personal values as well as those of organization o How would coworker stakeholder business partners friends and family regard our decision o Would we see our decision is right good and fair Evaluating the Result of our Decision After the organization implements the decision monitor the result to see if it achieves the desired result and observer its impact on employees and other affected parties 13 ETHICS IN INFORMATION TECHNOLOGY The growth of the Internet the ability to capture and store vast amount of personal data online and greater trust on information system in all aspects of life have increased the risk if using information technology unethically Example that raises public concern about the ethical use of information technology o Millions of people have use peer to peer network download music and movies at no charge and in apparent violation of copyright laws o Organizations contact millions of people worldwide through unsolicited e-mails (spam) at an extremely low cost o Hackers break into database of financial institutions and steal customer information then then use it to commit identity theft opening new account and charging purchases to unsuspecting victims o Student around the world have been caught downloading material from the internet and cheating in downloading the content of question papers o Website plant cookies or spyware on visitorrsquos hard drives to track their internet activities o The general public has not realized the critical importance of ethics as they apply to IT o In the corporate world important technical decisions are often left to the technical experts o General business manager must assume greater responsibility for these decisions but to do so they must be able to make broad minded objective ethical decisions based on technical knowledge and business knowledge o They must also try to create a work environment in which ethical dilemma can be discussed openly objectively and constructively
Notes Helpful for Exams (points to be remembered) 1) WHAT IS ETHICS 2) The Importance of Integrity (Honesty) 3) ETHICS IN THE BUSINESS WORLD I Why Fostering Good Business Ethics is Important 1 To gain the Goodwill of the Community 2 To create an organization that operates consistently 3 To produce good business
Page 5 of 18
4 To protect the organization and its employees from legal action 5 To avoid unfavorable publicity II Improving Corporate Ethics 1 Appointing Corporate Ethics Officer 2 Ethical Standards Set by Board of Directors 3 Establishing a Corporate Code of Ethics 4 Conducting Social Audits 5 Requiring Employees to Take Ethics Training 6 Including Ethical Criteria in Employees Appraisals III When Good Ethics Result in Short Term Losses IV Creating an Ethical work Environment V Ethical Decision Making a) Get the facts b) Identify stakeholders and their positions c) Consider the consequences of our decisions d) Weigh various guidelines and principles e) Develop and evaluate options f) Review our decision g) Evaluate the results of our decision
Unit-II ETHICS IN IT-PROFESSIONALS AND IT-USERS
Ethics for IT Professionals and IT Users OBJECTIVES
bull What key characteristics distinguish a professional from other kinds of workers and what is the role of an IT professional
bull What relationships must an IT professional manage and what key ethical issues can arise in eachbull How do codes of ethics professional organizations certification and licensing affect the ethical behaviour
of IT professionalsbull What are the key tenets of four different codes of ethics that provide guidance for IT professionalsbull What are the common ethical issues that face IT usersbull What approaches can support the ethical practices of IT users
11 IT PROFESSIONALS bull A Professional is a calling that requires specialized knowledge and often long and complete academic preparation bull The US Code of Federal Regulations defines a person ldquoEmployed in a professional capacityrdquo as one who meets these four criteria 1) Onersquos primary duty consist of Performance of work requiring knowledge of an advanced type in a field of science or learning 2) Onersquos instruction study or work should be original 3) Onersquos work is strongly knowledgeable and that exercises discretion and judgment Example ndash Accountants Doctors Lawyers4) Onersquos work is predominantly intellectual and varied in character which cannot be generalized
1) Are IT Workers Professionals IT PROFESSIONALSMany Business workers have duties backgrounds and training that qualifies them to be classified as Professionals o One could argue however that not every IT role requires knowledge of an advanced type in a field of science o According to US Code of definition IT professionals are not recognized as professionals because they are not licensed
bull Partial list of IT specialistsndash Programmers
Page 6 of 18
ndash Systems analystsndash Software engineersndash Database administratorsndash Local area network (LAN) administratorsndash Chief information officers (CIOs)
bull Legal perspectivendash IT workers are not recognized as professionals ndash Not licensedndash IT workers are not liable for malpractice
2) Professional Relationships that must be managed IT Professionals typically become involved in many different relationships In each relationship an IT Professional should act honestly and appropriately Ethics has to be maintained in these relationships
bull IT professionals have many different relationships withndash Employersndash Clientsndash Suppliersndash Other professionalsndash IT usersndash Society at large
Relationship between IT Professional and Employers IT Professional and employers have a critical strong relationship An IT professional and employer discuss and agree upon fundamental aspects of this relationship before the
professional accepts an employment offer These issues include job title general performance expectations specific work -responsibility dress code
location of employment salary working hours etc Example whether an employee can leave early one day if the time is made up on another day Some aspects are addressed to law for example an employee cannot be required to do anything illegal such as
falsify the result of a quality assurance test bull IT professionals must set an example and enforce policies regarding the ethical use of ITbull Software piracy is the act of illegally making copies of software or enabling others to access software to
which they are not entitledbull Software piracy is an area in which IT professionals can be tempted to violate laws and policies bull The Business Software Alliance (BSA) is a trade group that represents the worldrsquos largest software and
hardware manufacturers ndash Its mission is to stop the unauthorized copying of software produced by its members
bull Trade secretndash Information used in businessndash Generally unknown to the publicndash Company has taken strong measures to keep confidential
bull Whistle-blowing ndash Attracts attention to a negligent illegal unethical abusive or dangerous act that threatens the
public interestRelationship between IT Professional and clients In relationship between IT professional and clients each party agrees to provide something of value to the other Generally speaking the IT professional provides hardware software or service at a certain cost within a given time
bull IT professional providesndash Hardware software or services at a certain cost and within a given time frame
bull Client provides ndash Compensationndash Access to key contacts
Page 7 of 18
ndash Work spaceRelationship is usually documented in contractual terms This relationship is usually documented in a contractual terms who does what when the work begins how long it will take how much client pays and so on
bull Ethical problems arise if a company recommends its own products and services to remedy problems they have detected
ndash A company is unable to provide full and accurate reporting of a projectrsquos status
Legal Overview Fraud Misrepresentation and Breach of Contractndash Fraud -Crime of obtaining goods services or property through deception or trickeryndash Fraud is proven in courtndash Breach of contract -One party fails to meet the terms of a contract
bull IT projects are joint efforts in which vendors and customers work togetherndash Difficult to assign blame
Relationship between IT Professionals and Suppliers bull Develop good relationships with suppliers
ndash Deal fairly with themndash Do not make unreasonable demandsndash Bribery -Providing money property or favors to someone in business or government to obtain a
business advantagendash US Foreign Corrupt Practices Act (FCPA) makes it a crime to bribe a foreign official a foreign
political party official or a candidate for foreign political office ndash At what point does a gift become a bribendash No gift should be hidden as Perceptions of donor and recipient can differ
IT Professionals deal with many hardware software and service providers IT professionals must keep good relationship with supplier by dealing very fairly and not making unreasonable demands Threatening to replace a supplier who canrsquot deliver needed equipment tomorrow when the normal industry lead time is one week is aggressive behavior that does not help a working relationship Supplier also tries hard to maintain positive relationships with their customers to make and increase sales Sometimes their actions to achieve their goals might be unethical Example They could offer an IT professional a gift that is actually intended as a bribe Clearly IT Professional should not accept a bribe from a vendor Relationship between IT Professional and Other Professionals
bull Professionals owe each other adherence to a professions code of conductbull Ethical problems between members of the IT profession
ndash Reacutesumeacute inflationndash Inappropriate sharing of corporate information
Professionals feel a degree of loyalty to the other members of their profession As a result they always help each other and slow to criticize each other in public Professionals have interest in their own profession as a whole A number of Ethical Problems can arise between members of the IT profession One of the most common is resume inflation which includes lying on a resume and claiming competence in an IT skill that is in high demandRelationship Between IT Professional and IT Users
bull IT user is a person for whom a hardware or software product is designedbull IT professionalsrsquo duty
ndash Understand usersrsquo needs and capabilities ndash Deliver products and services that best meet those needsndash Establish an environment that supports ethical behaviour by users
Page 8 of 18
bull Actions of an IT professional can affect societyThe term IT User distinguishes the person from whom a hardware or software product is designed from the IT Professional who develop install service and support the product IT Professionals have to understand a userrsquos need and capabilities and to deliver products and services that best meet the needs of users Relationships between IT Professionals and Society Regulatory laws establish safety standards for products and services to protect the public However these laws are less than perfect and they fail to safeguard against all negative side effects of product or process The society not only expects members of a profession not to cause harm but to provide significant benefits Example a system analyst may design a computer based control system to monitor a chemical manufacturing process A failure or error occurs in the system may put workers or residents near the plant at risk 12 THE ETHICAL BEHAVIOR OF IT PROFESSIONALS
bull Corporations are taking actions to ensure good business ethics among employees121 Professional Codes of Ethics
bull A professional code of ethics states the principles and core values that are essential to the work of a particular occupational group
bull Example Doctors stick to varying versions of the 2000-year-old Hippocratic Oath with medical schools offer an affirmation to their graduating classes
bull Most codes of ethics created by professional organizations have two main parts bull The first outlines what the professional organization aspires to become and the second typically lists the rules
and principles by which members of the organization expected to follow i )Main partsndash Outlines what the professional organization aspires to becomendash Lists rules and principles by which members of the organization are expected to abide
ii) Benefits for individual profession and societyndash Improves ethical decision makingndash Promotes high standards of practice and ethical behaviour ndash Enhances trust and respect from the general publicndash Provides an evaluation benchmarkndash Promotes high standard of practice and ethical behavior
bull Note laws do not provide a complete guide to ethical behavior Just because an activity is not defined as illegal does not mean it is ethical One cannot expect professional ethical code to provide answer to every thing However practicing according to a professional code of ethics can produce many benefits for the individuals professionals and society as whole 122) Professional Organizations
a) Professional Organizationsbull No IT Professional organization has emerged to excelling others so there is no universal code of ethics for IT professionals
No single formal organization of IT professionals has emerged as preeminentbull However the existence of such organizations useful in a field that is rapidly growing and changing bull IT Professionals need to know about new development in the field which require networking with others finding new ideas and building personal skills and expertise bull In recognition for the need for professional standards of competence and conduct bull Many organizations have developed a code of ethics Four most prominent IT professional organizations are 1 Association of Computing Machinery (ACM) 2 Association of Information Technology Professionals (AITP) 3 Computer Society of the institute of Electrical and Electronics Engineers (IEEE-CS) 4 Project Management Institute (PMI)
Page 9 of 18
b) Certification Indicates a professional possesses a particular set of skills knowledge or abilities in the opinion of a certifying organizationCan also apply to products Generally voluntaryIT related certifications typically carry no equipment to stick to a code of ethics Carries no requirement to adhere to a code of ethicsVendor certifications
a Some certifications substantially improve IT workersrsquo salaries and career prospectsb Relevant for narrowly defined roles
i Or certain aspects of broader rolesc Require passing a written examd Workers are commonly recertified as newer technologies become available
c) Industry association certificationsa Require a certain level of experience and a broader perspective than vendor certificationsb Lag in developing tests that cover new technologies
Numerous companies and professional organizations offer certifications and opinions are divided on their values Many employers view them as benchmarks that indicate mastery of defined set of basic knowledge On the other hand some may disagree because the candidate may not have experience of it Certifications are again divided in to two types Vendor Certifications Many IT Vendors such as CISCO IBM Microsoft Sun and Oracle offer certification programs for their products Workers who successfully complete a program can represent themselves as certified users of manufacturerrsquos products Industry Associated Certifications Certifications from industry associations generally require a certain level of experience and a broader thinking than vendor certifications however they often lag in developing tests that cover new technology The trend in IT certification is to move from purely technical content to a broader mix of technology business and behavioral competence which are required in todayrsquos competence 4) Government Licensing bull Some Professionals must be licensed to prove that they can do their work ethically and safely including certified public accountants Lawyers Doctors various types of medical and day care providers and some engineers bull People cannot call them as professionals unless they are licensed Most countries have similar laws
bull Generally administered at the state level in the United Statesbull Case for licensing IT professionals
ndash Encourage IT professionals to follow the highest standards of the profession ndash Practice a code of ethicsndash Violators would be punished
bull Generally administered at the state level in the United Statesbull Case for licensing IT professionals
ndash Encourage IT professionals to follow the highest standards of the profession ndash Practice a code of ethicsndash Violators would be punished
The case for licensing IT Professionals The days of simple stand-alone information system are over Modern systems are highly complex Enterprise resource planning Systems (ERPs) help multimillion-dollar companies control all their business functions Complex computers and information systems manage and control the nuclear reactors of power plants that generate electricity for cities
Page 10 of 18
As a result of the increasing importance of IT in our everyday lives the development of reliable effective information systems had become an area of mounting public concern This concern had led to a debate whether the licensing if IT professionals would improve information system Proponents argue that licensing would strongly encouraged IT professionals to follow the highest standards of the profession and practice a code of ethics and that licensing would allow violators to be punished Issues Associated with Governing Licensing of IT Professionals There are very few international or national licensing programs for IT professionals for many reasons 1) There is no universally accepted core body of knowledge 2) It is unclear who should manage the content and administration of licensing exams 3) There is no administrative body to accredit professional education programs 4) There is no administrative body to assess and ensure competence of individual professionals
13 Common Ethical Issues for IT Users IT Professional Malpractice
bull Negligence has been defined as not doing something that a reasonable man would do or doing something that a reasonable man would not do
bull Duty of care refers to the obligation to protect people against any unreasonable harm or risk bull Courts consistently reject attempts to sue individual parties for computer-related malpracticebull Employeesrsquo ethical use of IT is an area of growing concern
Common Ethical Issues for IT Usersbull Software piracybull Inappropriate use of computing resourcesbull Inappropriate sharing of information
ndash Private datandash Confidential information
Software Piracy IT Users are the ones who committed software piracy A common violation occurs when employees copy software from their work computers for use at home It is still called as piracy if they had not paid for it Inappropriate Use of Computing Resources Some employees use their computers to brows some of the popular websites that have nothing to do with their jobs These activities eat away at worker productivity and waste time Inappropriate Sharing of Information Every organization stores vast amount of information that can be classified as either private or confidential An IT User who shares this information with unauthorized party has violated someonersquos privacy Example if an IT users sawrsquos his coworkers salary records and shares it with another then it would be a clear violation of the workerrsquos privacy 2 Supporting the Ethical practices of IT Users
bull Policies that protect against abusesndash Establish boundaries of acceptable and unacceptable behaviour ndash Enable management to punish violators
bull Policy components includendash Defining and limiting the appropriate use of IT resourcesndash Establishing guidelines for use of company softwarendash Structuring information systems to protect data and informationndash Installing and maintaining a corporate firewall
The growing use of IT has increased Ethical problems so many organizations are planning to develop certain policies that protect against these problems Although no policy can stop wrongdoers it can set responsibilities on IT users and enable management to punish violators
Page 11 of 18
The following actions when creating an IT usage policy Defining and limiting the appropriate use of IT Resources Companies must develop communicate and enforce written guidelines that encourage employees to respect corporate IT resources and use them to enhance their job performance Effective guidelines prohibit employees from visiting objectionable internet sites or using company e-mail to send offensive or harassing messages Establishing guidelines for use of company software Company IT managers must provide clear rules that govern the use of home computers and associated software Some companies negotiate contracts with software manufacturers and provide PCs and software so that IT users can work at home Other companies help employeersquos bye hardware and software at corporate discount rates The goal should be to ensure that employees have legal copies of all the software they need Structuring Information systems to protect Data and Information Organizations must implement system and procedures that limit data access to employee who need it Example in Banks a teller should be able to see the account details of customers but a payroll employee doesnrsquot have any need to see the customer details as he is dealing with bank employee details Installing and maintaining a corporate firewall A firewall is a hardware or software device that serves as a barrier between a company and outside world and limits access to unwanted sites from internet The firewall can be configured to serve as an effective factor to unauthorized web surfing CONCLUSION
bull A professional from a legal standpointndash Has passed the state licensing requirements ndash Has earned the right to practice there
bull IT professionals have many different relationshipsndash Each with its own set of ethical issues and potential problems
bull Professional code of ethics ndash States the principles and core values essential to the work of an occupational group
bull Licensing and certification of IT professionalsndash Many people feel that certification will increase the reliability and effectiveness of information
systemsndash Raises many issues
bull IT-related professional organizations have developed a code of ethicsNotes helpful in examination point of viewhellip
Unit ndash III PRIVACY Introduction The use of Information technology in business has made information about people to be gathered stored analysed and reported just by one swipe of a credit or debit card This information is used to know the consumers purchasing habits and financial conditions Organizations make use of various marketing strategies to target the potential buyers This is against the privacy of an individual But on the other hand organizations need the information about their customers to serve them better so there should be a balance between those who gather and use the information against the rights of privacyWhat is PrivacyPrivacy words come from lsquolatinrsquo word ldquorivatesrdquo(separated from the rest) it can be broadly defined as the right to be left alone Privacy may be defined as the claim of individuals groups or institutions to determine when how and to what extent information about them is communicated to othersLegal concept of privacyRight of privacy Privacy is the right of any individual to control the collection and use of information about themselves Privacy has the following four aspects
Page 12 of 18
Protection from unreasonable intrusion upon onersquos isolation such as gathering of details about their web surfing habits etc
Protection from identity theft by inappropriate use of name or likeness Example like stealing of credit cards Social Security Number
Protection from unreasonable publicity of onersquos private life such as revealing condition of health Protection from unreasonable false information such as giving false information about a person in the
internet media etc What is AnonymityAnonymity means that the real author of a message is not shown or his identity is hiddenAnonymity can be implemented to make it impossible or very difficult to find out the real author of a message
Key Privacy and anonymity issues Government electronic surveillanceObserving or listening to persons places or activitiesmdashusually in a secretive or unobtrusive mannermdashwith the aid of electronic devices such as cameras microphones tape recorders or wire taps Four types of electronic surveillance are most prevalent bull Wire Tapping Wire Tapping intercepts telephone calls and telegraph messages by physically penetrating the wire circuitry Someone must actually ldquotaprdquo into telephone or telegraph wires to accomplish this type of surveillancebull Bugging Bugging is accomplished without the aid of telephone wires usually by placing a small microphone or other listening device in one location to transmit conversations to a nearby receiver and recorderbull Video Tapping
Video surveillance is performed by conspicuous or hidden cameras that transmit and record visual images that may be watched simultaneously or reviewed later on tape
Web TappingLogging the IP addresses of users that access certain websites is commonly called ldquoweb tappingrdquo Data Encryptionbull Cryptography
o Science of encoding messages o Only sender and intended receiver can understand the messageso Key tool for ensuring confidentiality integrity authenticity of electronic messages and online
business transactionsbull Encryption
o Process of converting electronic messages into a form understood only by the intended recipients Encryption key It is the Variable value applied using an algorithm to encrypt or decrypt text
bull There are two types of Encryption keys used i) public Key ii) Private KeyPublic Key encryption
bull Public key encryption system uses two keys to encode and decode messagesbull Message receiverrsquos public key ndash readily available to all and anyone can use it to send a person encrypted
messagesbull Message receiverrsquos private key ndash kept secret only the receiver will know and the owner of the message will
use it to decode it to the original messagebull RSA ndash a public key encryption algorithm
Private key encryption system This system uses Single key to encode and decode messages
bull Identity Theft Identity theft occurs when someone steals key pieces of personal information to gain access to a personrsquos financial accounts
bull Information includes
Page 13 of 18
Name Address Date of birth Social Security number Passport number Driverrsquos license number Motherrsquos maiden name
bull Fastest growing form of fraud in the United Statesbull Lack of initiative in informing people whose data was stolenPhishing
o Attempt to steal personal identity data o By tricking users into entering information on a counterfeit Web siteo phishing ndash a variation in which employees are sent phony e-mails that look like they came from
high-level executives within their organization bull Spyware
o Keystroke-logging softwareo Gets automatically downloaded to users computer without hishers knowledgeo Creates a record of keystrokes entered in the systemo Enables the capture of
Account usernames Passwords Credit card numbers Other sensitive information
o Operates even if an infected computer is not connected to the Internet
Consumer Profilingbull Companies openly collect personal information about internet users when they register at Web sites
complete surveys fill out forms or enter contests onlinebull Many companies also obtain information about Web surfers through the use of cookies Cookies are the
text files that a website puts on a userrsquos hard drive so that it can remember the information laterbull Companies also use tracking software to allow their Web sites to analyze browsing habits and deduce
personal interests and preferencesbull Databases contain huge amount of consumer behavioral data
Types of data collected while surfing the web surfing details etc and send it to advertising companies Three Types of data is collected using Cookies a method used to collect information from the useri) Get data sites visited by customerExample That the consumer visited an affiliated book site and requested information about the latest Dean Koontz book ii) Post data Data given entered by customerExample POST data is entered into blank fields on an affiliated Web page when a consumer signs up for a service such as the Travelocity service that sends an e-mail when airplane fares change for flights to favorite destinations iii) Click-stream data Keeping track of all what the user viewed and sought
bull Four ways to limit or even stop the deposit of cookies on hard drives Set the browser to limit or stop cookies Manually delete them from the hard drive Download and install a cookie-management program Use anonymous browsing programs that donrsquot accept cookies
Treating consumer Data Responsibly
Page 14 of 18
When dealing with consumer data it is required to avoid problems by taking consent from the consumer before using details for marketing or for research It can be done by appointing a Chief Privacy Officer(CPO) who has the power to stop illegal use of consumer data Work Place Monitoring
The employers have the right to monitor your activities in many situations at work place major Monitoring includes
Recording CCTV cameras Opening mail or e-mail Check phone logs or recording of phone calls Videoing outside the workplace Checking the logs of website visited Some companies even do random drug test on their employees
Spamming Transmission of the same e-mail message to a large number of people Extremely inexpensive method of marketing Used by many legitimate organizations Can contain unwanted and objectionable materials
Example Some companies might send e-mail to customers to announce the release of their new product in an attempt to increase initial sales
Advanced surveillance technologyCamera surveillance camerarsquos fixed to stop illegal activities by finding people who act suspiciously i) Facial recognition software can be used to identify criminals and terroristsii) GPS(Global Positioning chips) can be placed in devices like cell phones to locate
Users
Unit IV -SOFTWARE DEVELOPMENTObjectivesWhy do companies require high-quality software in business systems industrial process control systems and consumer productsWhat ethical issues do software manufacturers face in making tradeoffs between project schedules project costs and software quality
Need for high quality software systems High quality sw systems are easy to learn and easy to use They efficiently meet the userrsquos needs They are dependable It is highly ethical for Software engineers to develop quality softwaresImpact of Quality SoftwareA software defect is an error which can cause software systems to halt without meeting the users need Software error has to be detected and removedSoftware errors can have minor or major consequencesbull Software in dryer may cause clothes not being dried enough- Minor can be toleratedbull Software in X-ray scanner may overexpose patient to powerful X-rays ndash major cannot accept as it is deadlyHigh-quality software systemsbull operate safely and dependablybull have a high degree of availabilitybull required to support the fields of- air traffic control- nuclear power- automobile safety- health care- military and defense
Page 15 of 18
- space explorationKey Issues in Software DevelopmentEthical decisions involve
Quality Management which defines the measure of quality in the development processbull tradeoff between quality and other factors such as ease of use time to market and development costsbull some managers may have a short-term profit-oriented viewbull others may prefer the more ethical view of delivering high-quality softwarebull need to also review legal implications of software errorsLiabilityResponsibilitySoftware product liabilitybull accidents due to software errors may result in lawsuits and punitive damagesbull liability is commonly referred to as product liabilitybull there is no federal liability law software liability falls under common lawbull strict liabilty means manufacturer is responsible for regardless of negligence or intent 1048774
but there are lines of defense against thisbull responsibilty may be limited to harmful defects that could have been detected through lsquoreasonablersquo software practicesbull there is also the concept of lsquocontributoryrsquo negligence (eg accidentally cut finger using nail clippers)bull warranty also protects consumer but may be hard to read
Reasons For Software Defects1) Inexperienced or quality-ignorant software coding
bull quality software evolves right from the startbull but few have the conscience to do it
2) Human errorbull programmers inject one defect for every 10 lines of codebull eg Windows XT 400 M lines of code even if 999 was cleanthere still would be 1 bug per 10000 lines of code 1048774 large softwarestill contains thousands of bugs
3) Time pressurebull competition requires fast delivery of the product with more featuresbull A patch is a fix for an software error Many think software errors can be patchedConsequences of a Software defectbull could cause a system to fail to meet usersrsquo needsbull impact may be trivial or very seriousbull even patches may contain (new) defects Software qualitybull degree to which software meets the needs of usersbull lsquotestingrsquo done by customersbull some avoid buying the first version
Strtegies for developing Quality SoftwareMore and more users are demanding high-quality softwareQuality Management measures the quality of software in the development process The objective is to deliver high quality software Various strategies are adopted
1 Following a properaccepted standard software development methodology2 Ensure Quality Assurance at each stage of software development3 Detecting an error early and fixing it early4 Testing the product before delivering it to the customer5 Document the various stages of software development to ensure quality
Quality Software Development Processi) Following a properaccepted standard software development methodology
Page 16 of 18
It is safe to follow a proper and accepted software development methodology where the software is developed in controlled and orderly way These methods are proven where negligence can be avoided
ii) Ensure software quality assurance It refers to methods in development cycle that guarantee reliable operation of the product Quality assurance is applied in each stage of the development cycle where standard methods are applied to ensure software quality
iii) Detecting an error early and fixing it early it is Safer and cheaper to avoid software problems at the beginning than to attempt to fix damages after the product is deliveredbull identify and remove errors early in the development process is a - cost-saving measure - 100 times less cost when bug is detected early before product roll-out
- most efficient way to improve software quality - bug effect (and its fix) may ripple through large pieces of the software iv) Testing This is one of the proven methods for quality assurance Types of Testing Dynamic testing software is developed in units called subroutines or programs These units are integrated to form a large system Each unit of code is tested with actual test data and compare results with expected results This is called dynamic testing bull Black-box testing - want code to demonstrate expected output behaviour for all input data in test Suite - tester has no knowledge and structure of code bull White-box testing (tester has knowledge of code) - testing all possible logic paths through the software unit - with thorough knowledge of the codersquos logic paths - make each program statement execute at least once - for example for program to calculate employee gross pay The test case would be for less than 40 hours and test case for more than 40 hours hellip to check calculations for overtime pay
Other Types of Testing Static testingbull static analyzers are run against the new code -bull looks for suspicious patterns in programs that might indicate a defectIntegration testingbull after successful unit testing bull software units are combined into an integrated subsystembull ensures that all linkages among various subsystems work SuccessfullySystem testingbull after successful integration testingbull various subsystems are combinedbull tests the entire system as a complete entityUser acceptance testingbull independent testingbull performed by trained end-usersbull ensures that the system operates as they expectSafety-Critical SystemsConsequences of software defects in certain systems can be deadly such systems are called Safety-critical systemsbull companies must take special precautions in developing Safety-critical system as failure may cause injury or deathbull examples- automobilersquos antilock brakes- nuclear power plant reactors- airplane navigation- roller coasters- elevators- medical devicesbull example bug in Therac-25 radiation therapy machine 1985-87- wrong sequence of menu selections caused large radiation dose to be delivered to the patient
Page 17 of 18
Key assumptionbull safety will not automatically result from following the organizationrsquos standard development methodologySoftware development measures for safety-critical systemsSafety-critical systems Must go through a more rigorous and time-consuming development process than other kinds of softwareAll tasks requirebull additional stepsbull more thorough documentationbull more checking and recheckingProject safety engineer takes care of safety of the machinesbull explicit responsibility for the systemrsquos safetybull uses a logging and monitoring system to track hazards from the projectrsquos start to finishHazard logbull used at each stage of the software development processbull assesses how it has accounted for detected hazardsSafety reviewsbull held throughout the development processRobust configuration management systembull tracks all safety-related documentationFormal documentation requiredbull including verification reviews and signaturesKey issuebull deciding when Quality Assurance staff has performed enough testing Riskbull probability of an undesirable event occurring times the magnitude of the eventrsquos consequences if it does happen bull consequences include- damage to property- loss of money- injury to people- deathQuality Management Standards
i) ISO 9000 standardbull guide to quality products services and managementbull organization must submit to an examination by an external assessorbull requirements- written procedures for everything it does- follow those procedures- prove to the auditor the organization fulfilled the first two requirementsii) Failure mode and effects analysis (FMEA)bull important technique to develop an ISO 9000 compliant systembull used to evaluate reliabilitybull determine the effect of system and equipment failuresbull goal identify potential design and process failures early in a project
ii) Failure mode and effects analysis (FMEA)bull Failure mode- describes how a product or process could failbull Effect- adverse consequence that a customer might experiencebull seldom is a one-to-one relationship between cause and effectQuality Management StandardsDO-178BEUROCCAE ED-128bull evaluation standard for the international aviation communitybull developed by Radio Technical Commission for Aeronautics (RTCA)
Page 18 of 18
4 To protect the organization and its employees from legal action 5 To avoid unfavorable publicity II Improving Corporate Ethics 1 Appointing Corporate Ethics Officer 2 Ethical Standards Set by Board of Directors 3 Establishing a Corporate Code of Ethics 4 Conducting Social Audits 5 Requiring Employees to Take Ethics Training 6 Including Ethical Criteria in Employees Appraisals III When Good Ethics Result in Short Term Losses IV Creating an Ethical work Environment V Ethical Decision Making a) Get the facts b) Identify stakeholders and their positions c) Consider the consequences of our decisions d) Weigh various guidelines and principles e) Develop and evaluate options f) Review our decision g) Evaluate the results of our decision
Unit-II ETHICS IN IT-PROFESSIONALS AND IT-USERS
Ethics for IT Professionals and IT Users OBJECTIVES
bull What key characteristics distinguish a professional from other kinds of workers and what is the role of an IT professional
bull What relationships must an IT professional manage and what key ethical issues can arise in eachbull How do codes of ethics professional organizations certification and licensing affect the ethical behaviour
of IT professionalsbull What are the key tenets of four different codes of ethics that provide guidance for IT professionalsbull What are the common ethical issues that face IT usersbull What approaches can support the ethical practices of IT users
11 IT PROFESSIONALS bull A Professional is a calling that requires specialized knowledge and often long and complete academic preparation bull The US Code of Federal Regulations defines a person ldquoEmployed in a professional capacityrdquo as one who meets these four criteria 1) Onersquos primary duty consist of Performance of work requiring knowledge of an advanced type in a field of science or learning 2) Onersquos instruction study or work should be original 3) Onersquos work is strongly knowledgeable and that exercises discretion and judgment Example ndash Accountants Doctors Lawyers4) Onersquos work is predominantly intellectual and varied in character which cannot be generalized
1) Are IT Workers Professionals IT PROFESSIONALSMany Business workers have duties backgrounds and training that qualifies them to be classified as Professionals o One could argue however that not every IT role requires knowledge of an advanced type in a field of science o According to US Code of definition IT professionals are not recognized as professionals because they are not licensed
bull Partial list of IT specialistsndash Programmers
Page 6 of 18
ndash Systems analystsndash Software engineersndash Database administratorsndash Local area network (LAN) administratorsndash Chief information officers (CIOs)
bull Legal perspectivendash IT workers are not recognized as professionals ndash Not licensedndash IT workers are not liable for malpractice
2) Professional Relationships that must be managed IT Professionals typically become involved in many different relationships In each relationship an IT Professional should act honestly and appropriately Ethics has to be maintained in these relationships
bull IT professionals have many different relationships withndash Employersndash Clientsndash Suppliersndash Other professionalsndash IT usersndash Society at large
Relationship between IT Professional and Employers IT Professional and employers have a critical strong relationship An IT professional and employer discuss and agree upon fundamental aspects of this relationship before the
professional accepts an employment offer These issues include job title general performance expectations specific work -responsibility dress code
location of employment salary working hours etc Example whether an employee can leave early one day if the time is made up on another day Some aspects are addressed to law for example an employee cannot be required to do anything illegal such as
falsify the result of a quality assurance test bull IT professionals must set an example and enforce policies regarding the ethical use of ITbull Software piracy is the act of illegally making copies of software or enabling others to access software to
which they are not entitledbull Software piracy is an area in which IT professionals can be tempted to violate laws and policies bull The Business Software Alliance (BSA) is a trade group that represents the worldrsquos largest software and
hardware manufacturers ndash Its mission is to stop the unauthorized copying of software produced by its members
bull Trade secretndash Information used in businessndash Generally unknown to the publicndash Company has taken strong measures to keep confidential
bull Whistle-blowing ndash Attracts attention to a negligent illegal unethical abusive or dangerous act that threatens the
public interestRelationship between IT Professional and clients In relationship between IT professional and clients each party agrees to provide something of value to the other Generally speaking the IT professional provides hardware software or service at a certain cost within a given time
bull IT professional providesndash Hardware software or services at a certain cost and within a given time frame
bull Client provides ndash Compensationndash Access to key contacts
Page 7 of 18
ndash Work spaceRelationship is usually documented in contractual terms This relationship is usually documented in a contractual terms who does what when the work begins how long it will take how much client pays and so on
bull Ethical problems arise if a company recommends its own products and services to remedy problems they have detected
ndash A company is unable to provide full and accurate reporting of a projectrsquos status
Legal Overview Fraud Misrepresentation and Breach of Contractndash Fraud -Crime of obtaining goods services or property through deception or trickeryndash Fraud is proven in courtndash Breach of contract -One party fails to meet the terms of a contract
bull IT projects are joint efforts in which vendors and customers work togetherndash Difficult to assign blame
Relationship between IT Professionals and Suppliers bull Develop good relationships with suppliers
ndash Deal fairly with themndash Do not make unreasonable demandsndash Bribery -Providing money property or favors to someone in business or government to obtain a
business advantagendash US Foreign Corrupt Practices Act (FCPA) makes it a crime to bribe a foreign official a foreign
political party official or a candidate for foreign political office ndash At what point does a gift become a bribendash No gift should be hidden as Perceptions of donor and recipient can differ
IT Professionals deal with many hardware software and service providers IT professionals must keep good relationship with supplier by dealing very fairly and not making unreasonable demands Threatening to replace a supplier who canrsquot deliver needed equipment tomorrow when the normal industry lead time is one week is aggressive behavior that does not help a working relationship Supplier also tries hard to maintain positive relationships with their customers to make and increase sales Sometimes their actions to achieve their goals might be unethical Example They could offer an IT professional a gift that is actually intended as a bribe Clearly IT Professional should not accept a bribe from a vendor Relationship between IT Professional and Other Professionals
bull Professionals owe each other adherence to a professions code of conductbull Ethical problems between members of the IT profession
ndash Reacutesumeacute inflationndash Inappropriate sharing of corporate information
Professionals feel a degree of loyalty to the other members of their profession As a result they always help each other and slow to criticize each other in public Professionals have interest in their own profession as a whole A number of Ethical Problems can arise between members of the IT profession One of the most common is resume inflation which includes lying on a resume and claiming competence in an IT skill that is in high demandRelationship Between IT Professional and IT Users
bull IT user is a person for whom a hardware or software product is designedbull IT professionalsrsquo duty
ndash Understand usersrsquo needs and capabilities ndash Deliver products and services that best meet those needsndash Establish an environment that supports ethical behaviour by users
Page 8 of 18
bull Actions of an IT professional can affect societyThe term IT User distinguishes the person from whom a hardware or software product is designed from the IT Professional who develop install service and support the product IT Professionals have to understand a userrsquos need and capabilities and to deliver products and services that best meet the needs of users Relationships between IT Professionals and Society Regulatory laws establish safety standards for products and services to protect the public However these laws are less than perfect and they fail to safeguard against all negative side effects of product or process The society not only expects members of a profession not to cause harm but to provide significant benefits Example a system analyst may design a computer based control system to monitor a chemical manufacturing process A failure or error occurs in the system may put workers or residents near the plant at risk 12 THE ETHICAL BEHAVIOR OF IT PROFESSIONALS
bull Corporations are taking actions to ensure good business ethics among employees121 Professional Codes of Ethics
bull A professional code of ethics states the principles and core values that are essential to the work of a particular occupational group
bull Example Doctors stick to varying versions of the 2000-year-old Hippocratic Oath with medical schools offer an affirmation to their graduating classes
bull Most codes of ethics created by professional organizations have two main parts bull The first outlines what the professional organization aspires to become and the second typically lists the rules
and principles by which members of the organization expected to follow i )Main partsndash Outlines what the professional organization aspires to becomendash Lists rules and principles by which members of the organization are expected to abide
ii) Benefits for individual profession and societyndash Improves ethical decision makingndash Promotes high standards of practice and ethical behaviour ndash Enhances trust and respect from the general publicndash Provides an evaluation benchmarkndash Promotes high standard of practice and ethical behavior
bull Note laws do not provide a complete guide to ethical behavior Just because an activity is not defined as illegal does not mean it is ethical One cannot expect professional ethical code to provide answer to every thing However practicing according to a professional code of ethics can produce many benefits for the individuals professionals and society as whole 122) Professional Organizations
a) Professional Organizationsbull No IT Professional organization has emerged to excelling others so there is no universal code of ethics for IT professionals
No single formal organization of IT professionals has emerged as preeminentbull However the existence of such organizations useful in a field that is rapidly growing and changing bull IT Professionals need to know about new development in the field which require networking with others finding new ideas and building personal skills and expertise bull In recognition for the need for professional standards of competence and conduct bull Many organizations have developed a code of ethics Four most prominent IT professional organizations are 1 Association of Computing Machinery (ACM) 2 Association of Information Technology Professionals (AITP) 3 Computer Society of the institute of Electrical and Electronics Engineers (IEEE-CS) 4 Project Management Institute (PMI)
Page 9 of 18
b) Certification Indicates a professional possesses a particular set of skills knowledge or abilities in the opinion of a certifying organizationCan also apply to products Generally voluntaryIT related certifications typically carry no equipment to stick to a code of ethics Carries no requirement to adhere to a code of ethicsVendor certifications
a Some certifications substantially improve IT workersrsquo salaries and career prospectsb Relevant for narrowly defined roles
i Or certain aspects of broader rolesc Require passing a written examd Workers are commonly recertified as newer technologies become available
c) Industry association certificationsa Require a certain level of experience and a broader perspective than vendor certificationsb Lag in developing tests that cover new technologies
Numerous companies and professional organizations offer certifications and opinions are divided on their values Many employers view them as benchmarks that indicate mastery of defined set of basic knowledge On the other hand some may disagree because the candidate may not have experience of it Certifications are again divided in to two types Vendor Certifications Many IT Vendors such as CISCO IBM Microsoft Sun and Oracle offer certification programs for their products Workers who successfully complete a program can represent themselves as certified users of manufacturerrsquos products Industry Associated Certifications Certifications from industry associations generally require a certain level of experience and a broader thinking than vendor certifications however they often lag in developing tests that cover new technology The trend in IT certification is to move from purely technical content to a broader mix of technology business and behavioral competence which are required in todayrsquos competence 4) Government Licensing bull Some Professionals must be licensed to prove that they can do their work ethically and safely including certified public accountants Lawyers Doctors various types of medical and day care providers and some engineers bull People cannot call them as professionals unless they are licensed Most countries have similar laws
bull Generally administered at the state level in the United Statesbull Case for licensing IT professionals
ndash Encourage IT professionals to follow the highest standards of the profession ndash Practice a code of ethicsndash Violators would be punished
bull Generally administered at the state level in the United Statesbull Case for licensing IT professionals
ndash Encourage IT professionals to follow the highest standards of the profession ndash Practice a code of ethicsndash Violators would be punished
The case for licensing IT Professionals The days of simple stand-alone information system are over Modern systems are highly complex Enterprise resource planning Systems (ERPs) help multimillion-dollar companies control all their business functions Complex computers and information systems manage and control the nuclear reactors of power plants that generate electricity for cities
Page 10 of 18
As a result of the increasing importance of IT in our everyday lives the development of reliable effective information systems had become an area of mounting public concern This concern had led to a debate whether the licensing if IT professionals would improve information system Proponents argue that licensing would strongly encouraged IT professionals to follow the highest standards of the profession and practice a code of ethics and that licensing would allow violators to be punished Issues Associated with Governing Licensing of IT Professionals There are very few international or national licensing programs for IT professionals for many reasons 1) There is no universally accepted core body of knowledge 2) It is unclear who should manage the content and administration of licensing exams 3) There is no administrative body to accredit professional education programs 4) There is no administrative body to assess and ensure competence of individual professionals
13 Common Ethical Issues for IT Users IT Professional Malpractice
bull Negligence has been defined as not doing something that a reasonable man would do or doing something that a reasonable man would not do
bull Duty of care refers to the obligation to protect people against any unreasonable harm or risk bull Courts consistently reject attempts to sue individual parties for computer-related malpracticebull Employeesrsquo ethical use of IT is an area of growing concern
Common Ethical Issues for IT Usersbull Software piracybull Inappropriate use of computing resourcesbull Inappropriate sharing of information
ndash Private datandash Confidential information
Software Piracy IT Users are the ones who committed software piracy A common violation occurs when employees copy software from their work computers for use at home It is still called as piracy if they had not paid for it Inappropriate Use of Computing Resources Some employees use their computers to brows some of the popular websites that have nothing to do with their jobs These activities eat away at worker productivity and waste time Inappropriate Sharing of Information Every organization stores vast amount of information that can be classified as either private or confidential An IT User who shares this information with unauthorized party has violated someonersquos privacy Example if an IT users sawrsquos his coworkers salary records and shares it with another then it would be a clear violation of the workerrsquos privacy 2 Supporting the Ethical practices of IT Users
bull Policies that protect against abusesndash Establish boundaries of acceptable and unacceptable behaviour ndash Enable management to punish violators
bull Policy components includendash Defining and limiting the appropriate use of IT resourcesndash Establishing guidelines for use of company softwarendash Structuring information systems to protect data and informationndash Installing and maintaining a corporate firewall
The growing use of IT has increased Ethical problems so many organizations are planning to develop certain policies that protect against these problems Although no policy can stop wrongdoers it can set responsibilities on IT users and enable management to punish violators
Page 11 of 18
The following actions when creating an IT usage policy Defining and limiting the appropriate use of IT Resources Companies must develop communicate and enforce written guidelines that encourage employees to respect corporate IT resources and use them to enhance their job performance Effective guidelines prohibit employees from visiting objectionable internet sites or using company e-mail to send offensive or harassing messages Establishing guidelines for use of company software Company IT managers must provide clear rules that govern the use of home computers and associated software Some companies negotiate contracts with software manufacturers and provide PCs and software so that IT users can work at home Other companies help employeersquos bye hardware and software at corporate discount rates The goal should be to ensure that employees have legal copies of all the software they need Structuring Information systems to protect Data and Information Organizations must implement system and procedures that limit data access to employee who need it Example in Banks a teller should be able to see the account details of customers but a payroll employee doesnrsquot have any need to see the customer details as he is dealing with bank employee details Installing and maintaining a corporate firewall A firewall is a hardware or software device that serves as a barrier between a company and outside world and limits access to unwanted sites from internet The firewall can be configured to serve as an effective factor to unauthorized web surfing CONCLUSION
bull A professional from a legal standpointndash Has passed the state licensing requirements ndash Has earned the right to practice there
bull IT professionals have many different relationshipsndash Each with its own set of ethical issues and potential problems
bull Professional code of ethics ndash States the principles and core values essential to the work of an occupational group
bull Licensing and certification of IT professionalsndash Many people feel that certification will increase the reliability and effectiveness of information
systemsndash Raises many issues
bull IT-related professional organizations have developed a code of ethicsNotes helpful in examination point of viewhellip
Unit ndash III PRIVACY Introduction The use of Information technology in business has made information about people to be gathered stored analysed and reported just by one swipe of a credit or debit card This information is used to know the consumers purchasing habits and financial conditions Organizations make use of various marketing strategies to target the potential buyers This is against the privacy of an individual But on the other hand organizations need the information about their customers to serve them better so there should be a balance between those who gather and use the information against the rights of privacyWhat is PrivacyPrivacy words come from lsquolatinrsquo word ldquorivatesrdquo(separated from the rest) it can be broadly defined as the right to be left alone Privacy may be defined as the claim of individuals groups or institutions to determine when how and to what extent information about them is communicated to othersLegal concept of privacyRight of privacy Privacy is the right of any individual to control the collection and use of information about themselves Privacy has the following four aspects
Page 12 of 18
Protection from unreasonable intrusion upon onersquos isolation such as gathering of details about their web surfing habits etc
Protection from identity theft by inappropriate use of name or likeness Example like stealing of credit cards Social Security Number
Protection from unreasonable publicity of onersquos private life such as revealing condition of health Protection from unreasonable false information such as giving false information about a person in the
internet media etc What is AnonymityAnonymity means that the real author of a message is not shown or his identity is hiddenAnonymity can be implemented to make it impossible or very difficult to find out the real author of a message
Key Privacy and anonymity issues Government electronic surveillanceObserving or listening to persons places or activitiesmdashusually in a secretive or unobtrusive mannermdashwith the aid of electronic devices such as cameras microphones tape recorders or wire taps Four types of electronic surveillance are most prevalent bull Wire Tapping Wire Tapping intercepts telephone calls and telegraph messages by physically penetrating the wire circuitry Someone must actually ldquotaprdquo into telephone or telegraph wires to accomplish this type of surveillancebull Bugging Bugging is accomplished without the aid of telephone wires usually by placing a small microphone or other listening device in one location to transmit conversations to a nearby receiver and recorderbull Video Tapping
Video surveillance is performed by conspicuous or hidden cameras that transmit and record visual images that may be watched simultaneously or reviewed later on tape
Web TappingLogging the IP addresses of users that access certain websites is commonly called ldquoweb tappingrdquo Data Encryptionbull Cryptography
o Science of encoding messages o Only sender and intended receiver can understand the messageso Key tool for ensuring confidentiality integrity authenticity of electronic messages and online
business transactionsbull Encryption
o Process of converting electronic messages into a form understood only by the intended recipients Encryption key It is the Variable value applied using an algorithm to encrypt or decrypt text
bull There are two types of Encryption keys used i) public Key ii) Private KeyPublic Key encryption
bull Public key encryption system uses two keys to encode and decode messagesbull Message receiverrsquos public key ndash readily available to all and anyone can use it to send a person encrypted
messagesbull Message receiverrsquos private key ndash kept secret only the receiver will know and the owner of the message will
use it to decode it to the original messagebull RSA ndash a public key encryption algorithm
Private key encryption system This system uses Single key to encode and decode messages
bull Identity Theft Identity theft occurs when someone steals key pieces of personal information to gain access to a personrsquos financial accounts
bull Information includes
Page 13 of 18
Name Address Date of birth Social Security number Passport number Driverrsquos license number Motherrsquos maiden name
bull Fastest growing form of fraud in the United Statesbull Lack of initiative in informing people whose data was stolenPhishing
o Attempt to steal personal identity data o By tricking users into entering information on a counterfeit Web siteo phishing ndash a variation in which employees are sent phony e-mails that look like they came from
high-level executives within their organization bull Spyware
o Keystroke-logging softwareo Gets automatically downloaded to users computer without hishers knowledgeo Creates a record of keystrokes entered in the systemo Enables the capture of
Account usernames Passwords Credit card numbers Other sensitive information
o Operates even if an infected computer is not connected to the Internet
Consumer Profilingbull Companies openly collect personal information about internet users when they register at Web sites
complete surveys fill out forms or enter contests onlinebull Many companies also obtain information about Web surfers through the use of cookies Cookies are the
text files that a website puts on a userrsquos hard drive so that it can remember the information laterbull Companies also use tracking software to allow their Web sites to analyze browsing habits and deduce
personal interests and preferencesbull Databases contain huge amount of consumer behavioral data
Types of data collected while surfing the web surfing details etc and send it to advertising companies Three Types of data is collected using Cookies a method used to collect information from the useri) Get data sites visited by customerExample That the consumer visited an affiliated book site and requested information about the latest Dean Koontz book ii) Post data Data given entered by customerExample POST data is entered into blank fields on an affiliated Web page when a consumer signs up for a service such as the Travelocity service that sends an e-mail when airplane fares change for flights to favorite destinations iii) Click-stream data Keeping track of all what the user viewed and sought
bull Four ways to limit or even stop the deposit of cookies on hard drives Set the browser to limit or stop cookies Manually delete them from the hard drive Download and install a cookie-management program Use anonymous browsing programs that donrsquot accept cookies
Treating consumer Data Responsibly
Page 14 of 18
When dealing with consumer data it is required to avoid problems by taking consent from the consumer before using details for marketing or for research It can be done by appointing a Chief Privacy Officer(CPO) who has the power to stop illegal use of consumer data Work Place Monitoring
The employers have the right to monitor your activities in many situations at work place major Monitoring includes
Recording CCTV cameras Opening mail or e-mail Check phone logs or recording of phone calls Videoing outside the workplace Checking the logs of website visited Some companies even do random drug test on their employees
Spamming Transmission of the same e-mail message to a large number of people Extremely inexpensive method of marketing Used by many legitimate organizations Can contain unwanted and objectionable materials
Example Some companies might send e-mail to customers to announce the release of their new product in an attempt to increase initial sales
Advanced surveillance technologyCamera surveillance camerarsquos fixed to stop illegal activities by finding people who act suspiciously i) Facial recognition software can be used to identify criminals and terroristsii) GPS(Global Positioning chips) can be placed in devices like cell phones to locate
Users
Unit IV -SOFTWARE DEVELOPMENTObjectivesWhy do companies require high-quality software in business systems industrial process control systems and consumer productsWhat ethical issues do software manufacturers face in making tradeoffs between project schedules project costs and software quality
Need for high quality software systems High quality sw systems are easy to learn and easy to use They efficiently meet the userrsquos needs They are dependable It is highly ethical for Software engineers to develop quality softwaresImpact of Quality SoftwareA software defect is an error which can cause software systems to halt without meeting the users need Software error has to be detected and removedSoftware errors can have minor or major consequencesbull Software in dryer may cause clothes not being dried enough- Minor can be toleratedbull Software in X-ray scanner may overexpose patient to powerful X-rays ndash major cannot accept as it is deadlyHigh-quality software systemsbull operate safely and dependablybull have a high degree of availabilitybull required to support the fields of- air traffic control- nuclear power- automobile safety- health care- military and defense
Page 15 of 18
- space explorationKey Issues in Software DevelopmentEthical decisions involve
Quality Management which defines the measure of quality in the development processbull tradeoff between quality and other factors such as ease of use time to market and development costsbull some managers may have a short-term profit-oriented viewbull others may prefer the more ethical view of delivering high-quality softwarebull need to also review legal implications of software errorsLiabilityResponsibilitySoftware product liabilitybull accidents due to software errors may result in lawsuits and punitive damagesbull liability is commonly referred to as product liabilitybull there is no federal liability law software liability falls under common lawbull strict liabilty means manufacturer is responsible for regardless of negligence or intent 1048774
but there are lines of defense against thisbull responsibilty may be limited to harmful defects that could have been detected through lsquoreasonablersquo software practicesbull there is also the concept of lsquocontributoryrsquo negligence (eg accidentally cut finger using nail clippers)bull warranty also protects consumer but may be hard to read
Reasons For Software Defects1) Inexperienced or quality-ignorant software coding
bull quality software evolves right from the startbull but few have the conscience to do it
2) Human errorbull programmers inject one defect for every 10 lines of codebull eg Windows XT 400 M lines of code even if 999 was cleanthere still would be 1 bug per 10000 lines of code 1048774 large softwarestill contains thousands of bugs
3) Time pressurebull competition requires fast delivery of the product with more featuresbull A patch is a fix for an software error Many think software errors can be patchedConsequences of a Software defectbull could cause a system to fail to meet usersrsquo needsbull impact may be trivial or very seriousbull even patches may contain (new) defects Software qualitybull degree to which software meets the needs of usersbull lsquotestingrsquo done by customersbull some avoid buying the first version
Strtegies for developing Quality SoftwareMore and more users are demanding high-quality softwareQuality Management measures the quality of software in the development process The objective is to deliver high quality software Various strategies are adopted
1 Following a properaccepted standard software development methodology2 Ensure Quality Assurance at each stage of software development3 Detecting an error early and fixing it early4 Testing the product before delivering it to the customer5 Document the various stages of software development to ensure quality
Quality Software Development Processi) Following a properaccepted standard software development methodology
Page 16 of 18
It is safe to follow a proper and accepted software development methodology where the software is developed in controlled and orderly way These methods are proven where negligence can be avoided
ii) Ensure software quality assurance It refers to methods in development cycle that guarantee reliable operation of the product Quality assurance is applied in each stage of the development cycle where standard methods are applied to ensure software quality
iii) Detecting an error early and fixing it early it is Safer and cheaper to avoid software problems at the beginning than to attempt to fix damages after the product is deliveredbull identify and remove errors early in the development process is a - cost-saving measure - 100 times less cost when bug is detected early before product roll-out
- most efficient way to improve software quality - bug effect (and its fix) may ripple through large pieces of the software iv) Testing This is one of the proven methods for quality assurance Types of Testing Dynamic testing software is developed in units called subroutines or programs These units are integrated to form a large system Each unit of code is tested with actual test data and compare results with expected results This is called dynamic testing bull Black-box testing - want code to demonstrate expected output behaviour for all input data in test Suite - tester has no knowledge and structure of code bull White-box testing (tester has knowledge of code) - testing all possible logic paths through the software unit - with thorough knowledge of the codersquos logic paths - make each program statement execute at least once - for example for program to calculate employee gross pay The test case would be for less than 40 hours and test case for more than 40 hours hellip to check calculations for overtime pay
Other Types of Testing Static testingbull static analyzers are run against the new code -bull looks for suspicious patterns in programs that might indicate a defectIntegration testingbull after successful unit testing bull software units are combined into an integrated subsystembull ensures that all linkages among various subsystems work SuccessfullySystem testingbull after successful integration testingbull various subsystems are combinedbull tests the entire system as a complete entityUser acceptance testingbull independent testingbull performed by trained end-usersbull ensures that the system operates as they expectSafety-Critical SystemsConsequences of software defects in certain systems can be deadly such systems are called Safety-critical systemsbull companies must take special precautions in developing Safety-critical system as failure may cause injury or deathbull examples- automobilersquos antilock brakes- nuclear power plant reactors- airplane navigation- roller coasters- elevators- medical devicesbull example bug in Therac-25 radiation therapy machine 1985-87- wrong sequence of menu selections caused large radiation dose to be delivered to the patient
Page 17 of 18
Key assumptionbull safety will not automatically result from following the organizationrsquos standard development methodologySoftware development measures for safety-critical systemsSafety-critical systems Must go through a more rigorous and time-consuming development process than other kinds of softwareAll tasks requirebull additional stepsbull more thorough documentationbull more checking and recheckingProject safety engineer takes care of safety of the machinesbull explicit responsibility for the systemrsquos safetybull uses a logging and monitoring system to track hazards from the projectrsquos start to finishHazard logbull used at each stage of the software development processbull assesses how it has accounted for detected hazardsSafety reviewsbull held throughout the development processRobust configuration management systembull tracks all safety-related documentationFormal documentation requiredbull including verification reviews and signaturesKey issuebull deciding when Quality Assurance staff has performed enough testing Riskbull probability of an undesirable event occurring times the magnitude of the eventrsquos consequences if it does happen bull consequences include- damage to property- loss of money- injury to people- deathQuality Management Standards
i) ISO 9000 standardbull guide to quality products services and managementbull organization must submit to an examination by an external assessorbull requirements- written procedures for everything it does- follow those procedures- prove to the auditor the organization fulfilled the first two requirementsii) Failure mode and effects analysis (FMEA)bull important technique to develop an ISO 9000 compliant systembull used to evaluate reliabilitybull determine the effect of system and equipment failuresbull goal identify potential design and process failures early in a project
ii) Failure mode and effects analysis (FMEA)bull Failure mode- describes how a product or process could failbull Effect- adverse consequence that a customer might experiencebull seldom is a one-to-one relationship between cause and effectQuality Management StandardsDO-178BEUROCCAE ED-128bull evaluation standard for the international aviation communitybull developed by Radio Technical Commission for Aeronautics (RTCA)
Page 18 of 18
ndash Systems analystsndash Software engineersndash Database administratorsndash Local area network (LAN) administratorsndash Chief information officers (CIOs)
bull Legal perspectivendash IT workers are not recognized as professionals ndash Not licensedndash IT workers are not liable for malpractice
2) Professional Relationships that must be managed IT Professionals typically become involved in many different relationships In each relationship an IT Professional should act honestly and appropriately Ethics has to be maintained in these relationships
bull IT professionals have many different relationships withndash Employersndash Clientsndash Suppliersndash Other professionalsndash IT usersndash Society at large
Relationship between IT Professional and Employers IT Professional and employers have a critical strong relationship An IT professional and employer discuss and agree upon fundamental aspects of this relationship before the
professional accepts an employment offer These issues include job title general performance expectations specific work -responsibility dress code
location of employment salary working hours etc Example whether an employee can leave early one day if the time is made up on another day Some aspects are addressed to law for example an employee cannot be required to do anything illegal such as
falsify the result of a quality assurance test bull IT professionals must set an example and enforce policies regarding the ethical use of ITbull Software piracy is the act of illegally making copies of software or enabling others to access software to
which they are not entitledbull Software piracy is an area in which IT professionals can be tempted to violate laws and policies bull The Business Software Alliance (BSA) is a trade group that represents the worldrsquos largest software and
hardware manufacturers ndash Its mission is to stop the unauthorized copying of software produced by its members
bull Trade secretndash Information used in businessndash Generally unknown to the publicndash Company has taken strong measures to keep confidential
bull Whistle-blowing ndash Attracts attention to a negligent illegal unethical abusive or dangerous act that threatens the
public interestRelationship between IT Professional and clients In relationship between IT professional and clients each party agrees to provide something of value to the other Generally speaking the IT professional provides hardware software or service at a certain cost within a given time
bull IT professional providesndash Hardware software or services at a certain cost and within a given time frame
bull Client provides ndash Compensationndash Access to key contacts
Page 7 of 18
ndash Work spaceRelationship is usually documented in contractual terms This relationship is usually documented in a contractual terms who does what when the work begins how long it will take how much client pays and so on
bull Ethical problems arise if a company recommends its own products and services to remedy problems they have detected
ndash A company is unable to provide full and accurate reporting of a projectrsquos status
Legal Overview Fraud Misrepresentation and Breach of Contractndash Fraud -Crime of obtaining goods services or property through deception or trickeryndash Fraud is proven in courtndash Breach of contract -One party fails to meet the terms of a contract
bull IT projects are joint efforts in which vendors and customers work togetherndash Difficult to assign blame
Relationship between IT Professionals and Suppliers bull Develop good relationships with suppliers
ndash Deal fairly with themndash Do not make unreasonable demandsndash Bribery -Providing money property or favors to someone in business or government to obtain a
business advantagendash US Foreign Corrupt Practices Act (FCPA) makes it a crime to bribe a foreign official a foreign
political party official or a candidate for foreign political office ndash At what point does a gift become a bribendash No gift should be hidden as Perceptions of donor and recipient can differ
IT Professionals deal with many hardware software and service providers IT professionals must keep good relationship with supplier by dealing very fairly and not making unreasonable demands Threatening to replace a supplier who canrsquot deliver needed equipment tomorrow when the normal industry lead time is one week is aggressive behavior that does not help a working relationship Supplier also tries hard to maintain positive relationships with their customers to make and increase sales Sometimes their actions to achieve their goals might be unethical Example They could offer an IT professional a gift that is actually intended as a bribe Clearly IT Professional should not accept a bribe from a vendor Relationship between IT Professional and Other Professionals
bull Professionals owe each other adherence to a professions code of conductbull Ethical problems between members of the IT profession
ndash Reacutesumeacute inflationndash Inappropriate sharing of corporate information
Professionals feel a degree of loyalty to the other members of their profession As a result they always help each other and slow to criticize each other in public Professionals have interest in their own profession as a whole A number of Ethical Problems can arise between members of the IT profession One of the most common is resume inflation which includes lying on a resume and claiming competence in an IT skill that is in high demandRelationship Between IT Professional and IT Users
bull IT user is a person for whom a hardware or software product is designedbull IT professionalsrsquo duty
ndash Understand usersrsquo needs and capabilities ndash Deliver products and services that best meet those needsndash Establish an environment that supports ethical behaviour by users
Page 8 of 18
bull Actions of an IT professional can affect societyThe term IT User distinguishes the person from whom a hardware or software product is designed from the IT Professional who develop install service and support the product IT Professionals have to understand a userrsquos need and capabilities and to deliver products and services that best meet the needs of users Relationships between IT Professionals and Society Regulatory laws establish safety standards for products and services to protect the public However these laws are less than perfect and they fail to safeguard against all negative side effects of product or process The society not only expects members of a profession not to cause harm but to provide significant benefits Example a system analyst may design a computer based control system to monitor a chemical manufacturing process A failure or error occurs in the system may put workers or residents near the plant at risk 12 THE ETHICAL BEHAVIOR OF IT PROFESSIONALS
bull Corporations are taking actions to ensure good business ethics among employees121 Professional Codes of Ethics
bull A professional code of ethics states the principles and core values that are essential to the work of a particular occupational group
bull Example Doctors stick to varying versions of the 2000-year-old Hippocratic Oath with medical schools offer an affirmation to their graduating classes
bull Most codes of ethics created by professional organizations have two main parts bull The first outlines what the professional organization aspires to become and the second typically lists the rules
and principles by which members of the organization expected to follow i )Main partsndash Outlines what the professional organization aspires to becomendash Lists rules and principles by which members of the organization are expected to abide
ii) Benefits for individual profession and societyndash Improves ethical decision makingndash Promotes high standards of practice and ethical behaviour ndash Enhances trust and respect from the general publicndash Provides an evaluation benchmarkndash Promotes high standard of practice and ethical behavior
bull Note laws do not provide a complete guide to ethical behavior Just because an activity is not defined as illegal does not mean it is ethical One cannot expect professional ethical code to provide answer to every thing However practicing according to a professional code of ethics can produce many benefits for the individuals professionals and society as whole 122) Professional Organizations
a) Professional Organizationsbull No IT Professional organization has emerged to excelling others so there is no universal code of ethics for IT professionals
No single formal organization of IT professionals has emerged as preeminentbull However the existence of such organizations useful in a field that is rapidly growing and changing bull IT Professionals need to know about new development in the field which require networking with others finding new ideas and building personal skills and expertise bull In recognition for the need for professional standards of competence and conduct bull Many organizations have developed a code of ethics Four most prominent IT professional organizations are 1 Association of Computing Machinery (ACM) 2 Association of Information Technology Professionals (AITP) 3 Computer Society of the institute of Electrical and Electronics Engineers (IEEE-CS) 4 Project Management Institute (PMI)
Page 9 of 18
b) Certification Indicates a professional possesses a particular set of skills knowledge or abilities in the opinion of a certifying organizationCan also apply to products Generally voluntaryIT related certifications typically carry no equipment to stick to a code of ethics Carries no requirement to adhere to a code of ethicsVendor certifications
a Some certifications substantially improve IT workersrsquo salaries and career prospectsb Relevant for narrowly defined roles
i Or certain aspects of broader rolesc Require passing a written examd Workers are commonly recertified as newer technologies become available
c) Industry association certificationsa Require a certain level of experience and a broader perspective than vendor certificationsb Lag in developing tests that cover new technologies
Numerous companies and professional organizations offer certifications and opinions are divided on their values Many employers view them as benchmarks that indicate mastery of defined set of basic knowledge On the other hand some may disagree because the candidate may not have experience of it Certifications are again divided in to two types Vendor Certifications Many IT Vendors such as CISCO IBM Microsoft Sun and Oracle offer certification programs for their products Workers who successfully complete a program can represent themselves as certified users of manufacturerrsquos products Industry Associated Certifications Certifications from industry associations generally require a certain level of experience and a broader thinking than vendor certifications however they often lag in developing tests that cover new technology The trend in IT certification is to move from purely technical content to a broader mix of technology business and behavioral competence which are required in todayrsquos competence 4) Government Licensing bull Some Professionals must be licensed to prove that they can do their work ethically and safely including certified public accountants Lawyers Doctors various types of medical and day care providers and some engineers bull People cannot call them as professionals unless they are licensed Most countries have similar laws
bull Generally administered at the state level in the United Statesbull Case for licensing IT professionals
ndash Encourage IT professionals to follow the highest standards of the profession ndash Practice a code of ethicsndash Violators would be punished
bull Generally administered at the state level in the United Statesbull Case for licensing IT professionals
ndash Encourage IT professionals to follow the highest standards of the profession ndash Practice a code of ethicsndash Violators would be punished
The case for licensing IT Professionals The days of simple stand-alone information system are over Modern systems are highly complex Enterprise resource planning Systems (ERPs) help multimillion-dollar companies control all their business functions Complex computers and information systems manage and control the nuclear reactors of power plants that generate electricity for cities
Page 10 of 18
As a result of the increasing importance of IT in our everyday lives the development of reliable effective information systems had become an area of mounting public concern This concern had led to a debate whether the licensing if IT professionals would improve information system Proponents argue that licensing would strongly encouraged IT professionals to follow the highest standards of the profession and practice a code of ethics and that licensing would allow violators to be punished Issues Associated with Governing Licensing of IT Professionals There are very few international or national licensing programs for IT professionals for many reasons 1) There is no universally accepted core body of knowledge 2) It is unclear who should manage the content and administration of licensing exams 3) There is no administrative body to accredit professional education programs 4) There is no administrative body to assess and ensure competence of individual professionals
13 Common Ethical Issues for IT Users IT Professional Malpractice
bull Negligence has been defined as not doing something that a reasonable man would do or doing something that a reasonable man would not do
bull Duty of care refers to the obligation to protect people against any unreasonable harm or risk bull Courts consistently reject attempts to sue individual parties for computer-related malpracticebull Employeesrsquo ethical use of IT is an area of growing concern
Common Ethical Issues for IT Usersbull Software piracybull Inappropriate use of computing resourcesbull Inappropriate sharing of information
ndash Private datandash Confidential information
Software Piracy IT Users are the ones who committed software piracy A common violation occurs when employees copy software from their work computers for use at home It is still called as piracy if they had not paid for it Inappropriate Use of Computing Resources Some employees use their computers to brows some of the popular websites that have nothing to do with their jobs These activities eat away at worker productivity and waste time Inappropriate Sharing of Information Every organization stores vast amount of information that can be classified as either private or confidential An IT User who shares this information with unauthorized party has violated someonersquos privacy Example if an IT users sawrsquos his coworkers salary records and shares it with another then it would be a clear violation of the workerrsquos privacy 2 Supporting the Ethical practices of IT Users
bull Policies that protect against abusesndash Establish boundaries of acceptable and unacceptable behaviour ndash Enable management to punish violators
bull Policy components includendash Defining and limiting the appropriate use of IT resourcesndash Establishing guidelines for use of company softwarendash Structuring information systems to protect data and informationndash Installing and maintaining a corporate firewall
The growing use of IT has increased Ethical problems so many organizations are planning to develop certain policies that protect against these problems Although no policy can stop wrongdoers it can set responsibilities on IT users and enable management to punish violators
Page 11 of 18
The following actions when creating an IT usage policy Defining and limiting the appropriate use of IT Resources Companies must develop communicate and enforce written guidelines that encourage employees to respect corporate IT resources and use them to enhance their job performance Effective guidelines prohibit employees from visiting objectionable internet sites or using company e-mail to send offensive or harassing messages Establishing guidelines for use of company software Company IT managers must provide clear rules that govern the use of home computers and associated software Some companies negotiate contracts with software manufacturers and provide PCs and software so that IT users can work at home Other companies help employeersquos bye hardware and software at corporate discount rates The goal should be to ensure that employees have legal copies of all the software they need Structuring Information systems to protect Data and Information Organizations must implement system and procedures that limit data access to employee who need it Example in Banks a teller should be able to see the account details of customers but a payroll employee doesnrsquot have any need to see the customer details as he is dealing with bank employee details Installing and maintaining a corporate firewall A firewall is a hardware or software device that serves as a barrier between a company and outside world and limits access to unwanted sites from internet The firewall can be configured to serve as an effective factor to unauthorized web surfing CONCLUSION
bull A professional from a legal standpointndash Has passed the state licensing requirements ndash Has earned the right to practice there
bull IT professionals have many different relationshipsndash Each with its own set of ethical issues and potential problems
bull Professional code of ethics ndash States the principles and core values essential to the work of an occupational group
bull Licensing and certification of IT professionalsndash Many people feel that certification will increase the reliability and effectiveness of information
systemsndash Raises many issues
bull IT-related professional organizations have developed a code of ethicsNotes helpful in examination point of viewhellip
Unit ndash III PRIVACY Introduction The use of Information technology in business has made information about people to be gathered stored analysed and reported just by one swipe of a credit or debit card This information is used to know the consumers purchasing habits and financial conditions Organizations make use of various marketing strategies to target the potential buyers This is against the privacy of an individual But on the other hand organizations need the information about their customers to serve them better so there should be a balance between those who gather and use the information against the rights of privacyWhat is PrivacyPrivacy words come from lsquolatinrsquo word ldquorivatesrdquo(separated from the rest) it can be broadly defined as the right to be left alone Privacy may be defined as the claim of individuals groups or institutions to determine when how and to what extent information about them is communicated to othersLegal concept of privacyRight of privacy Privacy is the right of any individual to control the collection and use of information about themselves Privacy has the following four aspects
Page 12 of 18
Protection from unreasonable intrusion upon onersquos isolation such as gathering of details about their web surfing habits etc
Protection from identity theft by inappropriate use of name or likeness Example like stealing of credit cards Social Security Number
Protection from unreasonable publicity of onersquos private life such as revealing condition of health Protection from unreasonable false information such as giving false information about a person in the
internet media etc What is AnonymityAnonymity means that the real author of a message is not shown or his identity is hiddenAnonymity can be implemented to make it impossible or very difficult to find out the real author of a message
Key Privacy and anonymity issues Government electronic surveillanceObserving or listening to persons places or activitiesmdashusually in a secretive or unobtrusive mannermdashwith the aid of electronic devices such as cameras microphones tape recorders or wire taps Four types of electronic surveillance are most prevalent bull Wire Tapping Wire Tapping intercepts telephone calls and telegraph messages by physically penetrating the wire circuitry Someone must actually ldquotaprdquo into telephone or telegraph wires to accomplish this type of surveillancebull Bugging Bugging is accomplished without the aid of telephone wires usually by placing a small microphone or other listening device in one location to transmit conversations to a nearby receiver and recorderbull Video Tapping
Video surveillance is performed by conspicuous or hidden cameras that transmit and record visual images that may be watched simultaneously or reviewed later on tape
Web TappingLogging the IP addresses of users that access certain websites is commonly called ldquoweb tappingrdquo Data Encryptionbull Cryptography
o Science of encoding messages o Only sender and intended receiver can understand the messageso Key tool for ensuring confidentiality integrity authenticity of electronic messages and online
business transactionsbull Encryption
o Process of converting electronic messages into a form understood only by the intended recipients Encryption key It is the Variable value applied using an algorithm to encrypt or decrypt text
bull There are two types of Encryption keys used i) public Key ii) Private KeyPublic Key encryption
bull Public key encryption system uses two keys to encode and decode messagesbull Message receiverrsquos public key ndash readily available to all and anyone can use it to send a person encrypted
messagesbull Message receiverrsquos private key ndash kept secret only the receiver will know and the owner of the message will
use it to decode it to the original messagebull RSA ndash a public key encryption algorithm
Private key encryption system This system uses Single key to encode and decode messages
bull Identity Theft Identity theft occurs when someone steals key pieces of personal information to gain access to a personrsquos financial accounts
bull Information includes
Page 13 of 18
Name Address Date of birth Social Security number Passport number Driverrsquos license number Motherrsquos maiden name
bull Fastest growing form of fraud in the United Statesbull Lack of initiative in informing people whose data was stolenPhishing
o Attempt to steal personal identity data o By tricking users into entering information on a counterfeit Web siteo phishing ndash a variation in which employees are sent phony e-mails that look like they came from
high-level executives within their organization bull Spyware
o Keystroke-logging softwareo Gets automatically downloaded to users computer without hishers knowledgeo Creates a record of keystrokes entered in the systemo Enables the capture of
Account usernames Passwords Credit card numbers Other sensitive information
o Operates even if an infected computer is not connected to the Internet
Consumer Profilingbull Companies openly collect personal information about internet users when they register at Web sites
complete surveys fill out forms or enter contests onlinebull Many companies also obtain information about Web surfers through the use of cookies Cookies are the
text files that a website puts on a userrsquos hard drive so that it can remember the information laterbull Companies also use tracking software to allow their Web sites to analyze browsing habits and deduce
personal interests and preferencesbull Databases contain huge amount of consumer behavioral data
Types of data collected while surfing the web surfing details etc and send it to advertising companies Three Types of data is collected using Cookies a method used to collect information from the useri) Get data sites visited by customerExample That the consumer visited an affiliated book site and requested information about the latest Dean Koontz book ii) Post data Data given entered by customerExample POST data is entered into blank fields on an affiliated Web page when a consumer signs up for a service such as the Travelocity service that sends an e-mail when airplane fares change for flights to favorite destinations iii) Click-stream data Keeping track of all what the user viewed and sought
bull Four ways to limit or even stop the deposit of cookies on hard drives Set the browser to limit or stop cookies Manually delete them from the hard drive Download and install a cookie-management program Use anonymous browsing programs that donrsquot accept cookies
Treating consumer Data Responsibly
Page 14 of 18
When dealing with consumer data it is required to avoid problems by taking consent from the consumer before using details for marketing or for research It can be done by appointing a Chief Privacy Officer(CPO) who has the power to stop illegal use of consumer data Work Place Monitoring
The employers have the right to monitor your activities in many situations at work place major Monitoring includes
Recording CCTV cameras Opening mail or e-mail Check phone logs or recording of phone calls Videoing outside the workplace Checking the logs of website visited Some companies even do random drug test on their employees
Spamming Transmission of the same e-mail message to a large number of people Extremely inexpensive method of marketing Used by many legitimate organizations Can contain unwanted and objectionable materials
Example Some companies might send e-mail to customers to announce the release of their new product in an attempt to increase initial sales
Advanced surveillance technologyCamera surveillance camerarsquos fixed to stop illegal activities by finding people who act suspiciously i) Facial recognition software can be used to identify criminals and terroristsii) GPS(Global Positioning chips) can be placed in devices like cell phones to locate
Users
Unit IV -SOFTWARE DEVELOPMENTObjectivesWhy do companies require high-quality software in business systems industrial process control systems and consumer productsWhat ethical issues do software manufacturers face in making tradeoffs between project schedules project costs and software quality
Need for high quality software systems High quality sw systems are easy to learn and easy to use They efficiently meet the userrsquos needs They are dependable It is highly ethical for Software engineers to develop quality softwaresImpact of Quality SoftwareA software defect is an error which can cause software systems to halt without meeting the users need Software error has to be detected and removedSoftware errors can have minor or major consequencesbull Software in dryer may cause clothes not being dried enough- Minor can be toleratedbull Software in X-ray scanner may overexpose patient to powerful X-rays ndash major cannot accept as it is deadlyHigh-quality software systemsbull operate safely and dependablybull have a high degree of availabilitybull required to support the fields of- air traffic control- nuclear power- automobile safety- health care- military and defense
Page 15 of 18
- space explorationKey Issues in Software DevelopmentEthical decisions involve
Quality Management which defines the measure of quality in the development processbull tradeoff between quality and other factors such as ease of use time to market and development costsbull some managers may have a short-term profit-oriented viewbull others may prefer the more ethical view of delivering high-quality softwarebull need to also review legal implications of software errorsLiabilityResponsibilitySoftware product liabilitybull accidents due to software errors may result in lawsuits and punitive damagesbull liability is commonly referred to as product liabilitybull there is no federal liability law software liability falls under common lawbull strict liabilty means manufacturer is responsible for regardless of negligence or intent 1048774
but there are lines of defense against thisbull responsibilty may be limited to harmful defects that could have been detected through lsquoreasonablersquo software practicesbull there is also the concept of lsquocontributoryrsquo negligence (eg accidentally cut finger using nail clippers)bull warranty also protects consumer but may be hard to read
Reasons For Software Defects1) Inexperienced or quality-ignorant software coding
bull quality software evolves right from the startbull but few have the conscience to do it
2) Human errorbull programmers inject one defect for every 10 lines of codebull eg Windows XT 400 M lines of code even if 999 was cleanthere still would be 1 bug per 10000 lines of code 1048774 large softwarestill contains thousands of bugs
3) Time pressurebull competition requires fast delivery of the product with more featuresbull A patch is a fix for an software error Many think software errors can be patchedConsequences of a Software defectbull could cause a system to fail to meet usersrsquo needsbull impact may be trivial or very seriousbull even patches may contain (new) defects Software qualitybull degree to which software meets the needs of usersbull lsquotestingrsquo done by customersbull some avoid buying the first version
Strtegies for developing Quality SoftwareMore and more users are demanding high-quality softwareQuality Management measures the quality of software in the development process The objective is to deliver high quality software Various strategies are adopted
1 Following a properaccepted standard software development methodology2 Ensure Quality Assurance at each stage of software development3 Detecting an error early and fixing it early4 Testing the product before delivering it to the customer5 Document the various stages of software development to ensure quality
Quality Software Development Processi) Following a properaccepted standard software development methodology
Page 16 of 18
It is safe to follow a proper and accepted software development methodology where the software is developed in controlled and orderly way These methods are proven where negligence can be avoided
ii) Ensure software quality assurance It refers to methods in development cycle that guarantee reliable operation of the product Quality assurance is applied in each stage of the development cycle where standard methods are applied to ensure software quality
iii) Detecting an error early and fixing it early it is Safer and cheaper to avoid software problems at the beginning than to attempt to fix damages after the product is deliveredbull identify and remove errors early in the development process is a - cost-saving measure - 100 times less cost when bug is detected early before product roll-out
- most efficient way to improve software quality - bug effect (and its fix) may ripple through large pieces of the software iv) Testing This is one of the proven methods for quality assurance Types of Testing Dynamic testing software is developed in units called subroutines or programs These units are integrated to form a large system Each unit of code is tested with actual test data and compare results with expected results This is called dynamic testing bull Black-box testing - want code to demonstrate expected output behaviour for all input data in test Suite - tester has no knowledge and structure of code bull White-box testing (tester has knowledge of code) - testing all possible logic paths through the software unit - with thorough knowledge of the codersquos logic paths - make each program statement execute at least once - for example for program to calculate employee gross pay The test case would be for less than 40 hours and test case for more than 40 hours hellip to check calculations for overtime pay
Other Types of Testing Static testingbull static analyzers are run against the new code -bull looks for suspicious patterns in programs that might indicate a defectIntegration testingbull after successful unit testing bull software units are combined into an integrated subsystembull ensures that all linkages among various subsystems work SuccessfullySystem testingbull after successful integration testingbull various subsystems are combinedbull tests the entire system as a complete entityUser acceptance testingbull independent testingbull performed by trained end-usersbull ensures that the system operates as they expectSafety-Critical SystemsConsequences of software defects in certain systems can be deadly such systems are called Safety-critical systemsbull companies must take special precautions in developing Safety-critical system as failure may cause injury or deathbull examples- automobilersquos antilock brakes- nuclear power plant reactors- airplane navigation- roller coasters- elevators- medical devicesbull example bug in Therac-25 radiation therapy machine 1985-87- wrong sequence of menu selections caused large radiation dose to be delivered to the patient
Page 17 of 18
Key assumptionbull safety will not automatically result from following the organizationrsquos standard development methodologySoftware development measures for safety-critical systemsSafety-critical systems Must go through a more rigorous and time-consuming development process than other kinds of softwareAll tasks requirebull additional stepsbull more thorough documentationbull more checking and recheckingProject safety engineer takes care of safety of the machinesbull explicit responsibility for the systemrsquos safetybull uses a logging and monitoring system to track hazards from the projectrsquos start to finishHazard logbull used at each stage of the software development processbull assesses how it has accounted for detected hazardsSafety reviewsbull held throughout the development processRobust configuration management systembull tracks all safety-related documentationFormal documentation requiredbull including verification reviews and signaturesKey issuebull deciding when Quality Assurance staff has performed enough testing Riskbull probability of an undesirable event occurring times the magnitude of the eventrsquos consequences if it does happen bull consequences include- damage to property- loss of money- injury to people- deathQuality Management Standards
i) ISO 9000 standardbull guide to quality products services and managementbull organization must submit to an examination by an external assessorbull requirements- written procedures for everything it does- follow those procedures- prove to the auditor the organization fulfilled the first two requirementsii) Failure mode and effects analysis (FMEA)bull important technique to develop an ISO 9000 compliant systembull used to evaluate reliabilitybull determine the effect of system and equipment failuresbull goal identify potential design and process failures early in a project
ii) Failure mode and effects analysis (FMEA)bull Failure mode- describes how a product or process could failbull Effect- adverse consequence that a customer might experiencebull seldom is a one-to-one relationship between cause and effectQuality Management StandardsDO-178BEUROCCAE ED-128bull evaluation standard for the international aviation communitybull developed by Radio Technical Commission for Aeronautics (RTCA)
Page 18 of 18
ndash Work spaceRelationship is usually documented in contractual terms This relationship is usually documented in a contractual terms who does what when the work begins how long it will take how much client pays and so on
bull Ethical problems arise if a company recommends its own products and services to remedy problems they have detected
ndash A company is unable to provide full and accurate reporting of a projectrsquos status
Legal Overview Fraud Misrepresentation and Breach of Contractndash Fraud -Crime of obtaining goods services or property through deception or trickeryndash Fraud is proven in courtndash Breach of contract -One party fails to meet the terms of a contract
bull IT projects are joint efforts in which vendors and customers work togetherndash Difficult to assign blame
Relationship between IT Professionals and Suppliers bull Develop good relationships with suppliers
ndash Deal fairly with themndash Do not make unreasonable demandsndash Bribery -Providing money property or favors to someone in business or government to obtain a
business advantagendash US Foreign Corrupt Practices Act (FCPA) makes it a crime to bribe a foreign official a foreign
political party official or a candidate for foreign political office ndash At what point does a gift become a bribendash No gift should be hidden as Perceptions of donor and recipient can differ
IT Professionals deal with many hardware software and service providers IT professionals must keep good relationship with supplier by dealing very fairly and not making unreasonable demands Threatening to replace a supplier who canrsquot deliver needed equipment tomorrow when the normal industry lead time is one week is aggressive behavior that does not help a working relationship Supplier also tries hard to maintain positive relationships with their customers to make and increase sales Sometimes their actions to achieve their goals might be unethical Example They could offer an IT professional a gift that is actually intended as a bribe Clearly IT Professional should not accept a bribe from a vendor Relationship between IT Professional and Other Professionals
bull Professionals owe each other adherence to a professions code of conductbull Ethical problems between members of the IT profession
ndash Reacutesumeacute inflationndash Inappropriate sharing of corporate information
Professionals feel a degree of loyalty to the other members of their profession As a result they always help each other and slow to criticize each other in public Professionals have interest in their own profession as a whole A number of Ethical Problems can arise between members of the IT profession One of the most common is resume inflation which includes lying on a resume and claiming competence in an IT skill that is in high demandRelationship Between IT Professional and IT Users
bull IT user is a person for whom a hardware or software product is designedbull IT professionalsrsquo duty
ndash Understand usersrsquo needs and capabilities ndash Deliver products and services that best meet those needsndash Establish an environment that supports ethical behaviour by users
Page 8 of 18
bull Actions of an IT professional can affect societyThe term IT User distinguishes the person from whom a hardware or software product is designed from the IT Professional who develop install service and support the product IT Professionals have to understand a userrsquos need and capabilities and to deliver products and services that best meet the needs of users Relationships between IT Professionals and Society Regulatory laws establish safety standards for products and services to protect the public However these laws are less than perfect and they fail to safeguard against all negative side effects of product or process The society not only expects members of a profession not to cause harm but to provide significant benefits Example a system analyst may design a computer based control system to monitor a chemical manufacturing process A failure or error occurs in the system may put workers or residents near the plant at risk 12 THE ETHICAL BEHAVIOR OF IT PROFESSIONALS
bull Corporations are taking actions to ensure good business ethics among employees121 Professional Codes of Ethics
bull A professional code of ethics states the principles and core values that are essential to the work of a particular occupational group
bull Example Doctors stick to varying versions of the 2000-year-old Hippocratic Oath with medical schools offer an affirmation to their graduating classes
bull Most codes of ethics created by professional organizations have two main parts bull The first outlines what the professional organization aspires to become and the second typically lists the rules
and principles by which members of the organization expected to follow i )Main partsndash Outlines what the professional organization aspires to becomendash Lists rules and principles by which members of the organization are expected to abide
ii) Benefits for individual profession and societyndash Improves ethical decision makingndash Promotes high standards of practice and ethical behaviour ndash Enhances trust and respect from the general publicndash Provides an evaluation benchmarkndash Promotes high standard of practice and ethical behavior
bull Note laws do not provide a complete guide to ethical behavior Just because an activity is not defined as illegal does not mean it is ethical One cannot expect professional ethical code to provide answer to every thing However practicing according to a professional code of ethics can produce many benefits for the individuals professionals and society as whole 122) Professional Organizations
a) Professional Organizationsbull No IT Professional organization has emerged to excelling others so there is no universal code of ethics for IT professionals
No single formal organization of IT professionals has emerged as preeminentbull However the existence of such organizations useful in a field that is rapidly growing and changing bull IT Professionals need to know about new development in the field which require networking with others finding new ideas and building personal skills and expertise bull In recognition for the need for professional standards of competence and conduct bull Many organizations have developed a code of ethics Four most prominent IT professional organizations are 1 Association of Computing Machinery (ACM) 2 Association of Information Technology Professionals (AITP) 3 Computer Society of the institute of Electrical and Electronics Engineers (IEEE-CS) 4 Project Management Institute (PMI)
Page 9 of 18
b) Certification Indicates a professional possesses a particular set of skills knowledge or abilities in the opinion of a certifying organizationCan also apply to products Generally voluntaryIT related certifications typically carry no equipment to stick to a code of ethics Carries no requirement to adhere to a code of ethicsVendor certifications
a Some certifications substantially improve IT workersrsquo salaries and career prospectsb Relevant for narrowly defined roles
i Or certain aspects of broader rolesc Require passing a written examd Workers are commonly recertified as newer technologies become available
c) Industry association certificationsa Require a certain level of experience and a broader perspective than vendor certificationsb Lag in developing tests that cover new technologies
Numerous companies and professional organizations offer certifications and opinions are divided on their values Many employers view them as benchmarks that indicate mastery of defined set of basic knowledge On the other hand some may disagree because the candidate may not have experience of it Certifications are again divided in to two types Vendor Certifications Many IT Vendors such as CISCO IBM Microsoft Sun and Oracle offer certification programs for their products Workers who successfully complete a program can represent themselves as certified users of manufacturerrsquos products Industry Associated Certifications Certifications from industry associations generally require a certain level of experience and a broader thinking than vendor certifications however they often lag in developing tests that cover new technology The trend in IT certification is to move from purely technical content to a broader mix of technology business and behavioral competence which are required in todayrsquos competence 4) Government Licensing bull Some Professionals must be licensed to prove that they can do their work ethically and safely including certified public accountants Lawyers Doctors various types of medical and day care providers and some engineers bull People cannot call them as professionals unless they are licensed Most countries have similar laws
bull Generally administered at the state level in the United Statesbull Case for licensing IT professionals
ndash Encourage IT professionals to follow the highest standards of the profession ndash Practice a code of ethicsndash Violators would be punished
bull Generally administered at the state level in the United Statesbull Case for licensing IT professionals
ndash Encourage IT professionals to follow the highest standards of the profession ndash Practice a code of ethicsndash Violators would be punished
The case for licensing IT Professionals The days of simple stand-alone information system are over Modern systems are highly complex Enterprise resource planning Systems (ERPs) help multimillion-dollar companies control all their business functions Complex computers and information systems manage and control the nuclear reactors of power plants that generate electricity for cities
Page 10 of 18
As a result of the increasing importance of IT in our everyday lives the development of reliable effective information systems had become an area of mounting public concern This concern had led to a debate whether the licensing if IT professionals would improve information system Proponents argue that licensing would strongly encouraged IT professionals to follow the highest standards of the profession and practice a code of ethics and that licensing would allow violators to be punished Issues Associated with Governing Licensing of IT Professionals There are very few international or national licensing programs for IT professionals for many reasons 1) There is no universally accepted core body of knowledge 2) It is unclear who should manage the content and administration of licensing exams 3) There is no administrative body to accredit professional education programs 4) There is no administrative body to assess and ensure competence of individual professionals
13 Common Ethical Issues for IT Users IT Professional Malpractice
bull Negligence has been defined as not doing something that a reasonable man would do or doing something that a reasonable man would not do
bull Duty of care refers to the obligation to protect people against any unreasonable harm or risk bull Courts consistently reject attempts to sue individual parties for computer-related malpracticebull Employeesrsquo ethical use of IT is an area of growing concern
Common Ethical Issues for IT Usersbull Software piracybull Inappropriate use of computing resourcesbull Inappropriate sharing of information
ndash Private datandash Confidential information
Software Piracy IT Users are the ones who committed software piracy A common violation occurs when employees copy software from their work computers for use at home It is still called as piracy if they had not paid for it Inappropriate Use of Computing Resources Some employees use their computers to brows some of the popular websites that have nothing to do with their jobs These activities eat away at worker productivity and waste time Inappropriate Sharing of Information Every organization stores vast amount of information that can be classified as either private or confidential An IT User who shares this information with unauthorized party has violated someonersquos privacy Example if an IT users sawrsquos his coworkers salary records and shares it with another then it would be a clear violation of the workerrsquos privacy 2 Supporting the Ethical practices of IT Users
bull Policies that protect against abusesndash Establish boundaries of acceptable and unacceptable behaviour ndash Enable management to punish violators
bull Policy components includendash Defining and limiting the appropriate use of IT resourcesndash Establishing guidelines for use of company softwarendash Structuring information systems to protect data and informationndash Installing and maintaining a corporate firewall
The growing use of IT has increased Ethical problems so many organizations are planning to develop certain policies that protect against these problems Although no policy can stop wrongdoers it can set responsibilities on IT users and enable management to punish violators
Page 11 of 18
The following actions when creating an IT usage policy Defining and limiting the appropriate use of IT Resources Companies must develop communicate and enforce written guidelines that encourage employees to respect corporate IT resources and use them to enhance their job performance Effective guidelines prohibit employees from visiting objectionable internet sites or using company e-mail to send offensive or harassing messages Establishing guidelines for use of company software Company IT managers must provide clear rules that govern the use of home computers and associated software Some companies negotiate contracts with software manufacturers and provide PCs and software so that IT users can work at home Other companies help employeersquos bye hardware and software at corporate discount rates The goal should be to ensure that employees have legal copies of all the software they need Structuring Information systems to protect Data and Information Organizations must implement system and procedures that limit data access to employee who need it Example in Banks a teller should be able to see the account details of customers but a payroll employee doesnrsquot have any need to see the customer details as he is dealing with bank employee details Installing and maintaining a corporate firewall A firewall is a hardware or software device that serves as a barrier between a company and outside world and limits access to unwanted sites from internet The firewall can be configured to serve as an effective factor to unauthorized web surfing CONCLUSION
bull A professional from a legal standpointndash Has passed the state licensing requirements ndash Has earned the right to practice there
bull IT professionals have many different relationshipsndash Each with its own set of ethical issues and potential problems
bull Professional code of ethics ndash States the principles and core values essential to the work of an occupational group
bull Licensing and certification of IT professionalsndash Many people feel that certification will increase the reliability and effectiveness of information
systemsndash Raises many issues
bull IT-related professional organizations have developed a code of ethicsNotes helpful in examination point of viewhellip
Unit ndash III PRIVACY Introduction The use of Information technology in business has made information about people to be gathered stored analysed and reported just by one swipe of a credit or debit card This information is used to know the consumers purchasing habits and financial conditions Organizations make use of various marketing strategies to target the potential buyers This is against the privacy of an individual But on the other hand organizations need the information about their customers to serve them better so there should be a balance between those who gather and use the information against the rights of privacyWhat is PrivacyPrivacy words come from lsquolatinrsquo word ldquorivatesrdquo(separated from the rest) it can be broadly defined as the right to be left alone Privacy may be defined as the claim of individuals groups or institutions to determine when how and to what extent information about them is communicated to othersLegal concept of privacyRight of privacy Privacy is the right of any individual to control the collection and use of information about themselves Privacy has the following four aspects
Page 12 of 18
Protection from unreasonable intrusion upon onersquos isolation such as gathering of details about their web surfing habits etc
Protection from identity theft by inappropriate use of name or likeness Example like stealing of credit cards Social Security Number
Protection from unreasonable publicity of onersquos private life such as revealing condition of health Protection from unreasonable false information such as giving false information about a person in the
internet media etc What is AnonymityAnonymity means that the real author of a message is not shown or his identity is hiddenAnonymity can be implemented to make it impossible or very difficult to find out the real author of a message
Key Privacy and anonymity issues Government electronic surveillanceObserving or listening to persons places or activitiesmdashusually in a secretive or unobtrusive mannermdashwith the aid of electronic devices such as cameras microphones tape recorders or wire taps Four types of electronic surveillance are most prevalent bull Wire Tapping Wire Tapping intercepts telephone calls and telegraph messages by physically penetrating the wire circuitry Someone must actually ldquotaprdquo into telephone or telegraph wires to accomplish this type of surveillancebull Bugging Bugging is accomplished without the aid of telephone wires usually by placing a small microphone or other listening device in one location to transmit conversations to a nearby receiver and recorderbull Video Tapping
Video surveillance is performed by conspicuous or hidden cameras that transmit and record visual images that may be watched simultaneously or reviewed later on tape
Web TappingLogging the IP addresses of users that access certain websites is commonly called ldquoweb tappingrdquo Data Encryptionbull Cryptography
o Science of encoding messages o Only sender and intended receiver can understand the messageso Key tool for ensuring confidentiality integrity authenticity of electronic messages and online
business transactionsbull Encryption
o Process of converting electronic messages into a form understood only by the intended recipients Encryption key It is the Variable value applied using an algorithm to encrypt or decrypt text
bull There are two types of Encryption keys used i) public Key ii) Private KeyPublic Key encryption
bull Public key encryption system uses two keys to encode and decode messagesbull Message receiverrsquos public key ndash readily available to all and anyone can use it to send a person encrypted
messagesbull Message receiverrsquos private key ndash kept secret only the receiver will know and the owner of the message will
use it to decode it to the original messagebull RSA ndash a public key encryption algorithm
Private key encryption system This system uses Single key to encode and decode messages
bull Identity Theft Identity theft occurs when someone steals key pieces of personal information to gain access to a personrsquos financial accounts
bull Information includes
Page 13 of 18
Name Address Date of birth Social Security number Passport number Driverrsquos license number Motherrsquos maiden name
bull Fastest growing form of fraud in the United Statesbull Lack of initiative in informing people whose data was stolenPhishing
o Attempt to steal personal identity data o By tricking users into entering information on a counterfeit Web siteo phishing ndash a variation in which employees are sent phony e-mails that look like they came from
high-level executives within their organization bull Spyware
o Keystroke-logging softwareo Gets automatically downloaded to users computer without hishers knowledgeo Creates a record of keystrokes entered in the systemo Enables the capture of
Account usernames Passwords Credit card numbers Other sensitive information
o Operates even if an infected computer is not connected to the Internet
Consumer Profilingbull Companies openly collect personal information about internet users when they register at Web sites
complete surveys fill out forms or enter contests onlinebull Many companies also obtain information about Web surfers through the use of cookies Cookies are the
text files that a website puts on a userrsquos hard drive so that it can remember the information laterbull Companies also use tracking software to allow their Web sites to analyze browsing habits and deduce
personal interests and preferencesbull Databases contain huge amount of consumer behavioral data
Types of data collected while surfing the web surfing details etc and send it to advertising companies Three Types of data is collected using Cookies a method used to collect information from the useri) Get data sites visited by customerExample That the consumer visited an affiliated book site and requested information about the latest Dean Koontz book ii) Post data Data given entered by customerExample POST data is entered into blank fields on an affiliated Web page when a consumer signs up for a service such as the Travelocity service that sends an e-mail when airplane fares change for flights to favorite destinations iii) Click-stream data Keeping track of all what the user viewed and sought
bull Four ways to limit or even stop the deposit of cookies on hard drives Set the browser to limit or stop cookies Manually delete them from the hard drive Download and install a cookie-management program Use anonymous browsing programs that donrsquot accept cookies
Treating consumer Data Responsibly
Page 14 of 18
When dealing with consumer data it is required to avoid problems by taking consent from the consumer before using details for marketing or for research It can be done by appointing a Chief Privacy Officer(CPO) who has the power to stop illegal use of consumer data Work Place Monitoring
The employers have the right to monitor your activities in many situations at work place major Monitoring includes
Recording CCTV cameras Opening mail or e-mail Check phone logs or recording of phone calls Videoing outside the workplace Checking the logs of website visited Some companies even do random drug test on their employees
Spamming Transmission of the same e-mail message to a large number of people Extremely inexpensive method of marketing Used by many legitimate organizations Can contain unwanted and objectionable materials
Example Some companies might send e-mail to customers to announce the release of their new product in an attempt to increase initial sales
Advanced surveillance technologyCamera surveillance camerarsquos fixed to stop illegal activities by finding people who act suspiciously i) Facial recognition software can be used to identify criminals and terroristsii) GPS(Global Positioning chips) can be placed in devices like cell phones to locate
Users
Unit IV -SOFTWARE DEVELOPMENTObjectivesWhy do companies require high-quality software in business systems industrial process control systems and consumer productsWhat ethical issues do software manufacturers face in making tradeoffs between project schedules project costs and software quality
Need for high quality software systems High quality sw systems are easy to learn and easy to use They efficiently meet the userrsquos needs They are dependable It is highly ethical for Software engineers to develop quality softwaresImpact of Quality SoftwareA software defect is an error which can cause software systems to halt without meeting the users need Software error has to be detected and removedSoftware errors can have minor or major consequencesbull Software in dryer may cause clothes not being dried enough- Minor can be toleratedbull Software in X-ray scanner may overexpose patient to powerful X-rays ndash major cannot accept as it is deadlyHigh-quality software systemsbull operate safely and dependablybull have a high degree of availabilitybull required to support the fields of- air traffic control- nuclear power- automobile safety- health care- military and defense
Page 15 of 18
- space explorationKey Issues in Software DevelopmentEthical decisions involve
Quality Management which defines the measure of quality in the development processbull tradeoff between quality and other factors such as ease of use time to market and development costsbull some managers may have a short-term profit-oriented viewbull others may prefer the more ethical view of delivering high-quality softwarebull need to also review legal implications of software errorsLiabilityResponsibilitySoftware product liabilitybull accidents due to software errors may result in lawsuits and punitive damagesbull liability is commonly referred to as product liabilitybull there is no federal liability law software liability falls under common lawbull strict liabilty means manufacturer is responsible for regardless of negligence or intent 1048774
but there are lines of defense against thisbull responsibilty may be limited to harmful defects that could have been detected through lsquoreasonablersquo software practicesbull there is also the concept of lsquocontributoryrsquo negligence (eg accidentally cut finger using nail clippers)bull warranty also protects consumer but may be hard to read
Reasons For Software Defects1) Inexperienced or quality-ignorant software coding
bull quality software evolves right from the startbull but few have the conscience to do it
2) Human errorbull programmers inject one defect for every 10 lines of codebull eg Windows XT 400 M lines of code even if 999 was cleanthere still would be 1 bug per 10000 lines of code 1048774 large softwarestill contains thousands of bugs
3) Time pressurebull competition requires fast delivery of the product with more featuresbull A patch is a fix for an software error Many think software errors can be patchedConsequences of a Software defectbull could cause a system to fail to meet usersrsquo needsbull impact may be trivial or very seriousbull even patches may contain (new) defects Software qualitybull degree to which software meets the needs of usersbull lsquotestingrsquo done by customersbull some avoid buying the first version
Strtegies for developing Quality SoftwareMore and more users are demanding high-quality softwareQuality Management measures the quality of software in the development process The objective is to deliver high quality software Various strategies are adopted
1 Following a properaccepted standard software development methodology2 Ensure Quality Assurance at each stage of software development3 Detecting an error early and fixing it early4 Testing the product before delivering it to the customer5 Document the various stages of software development to ensure quality
Quality Software Development Processi) Following a properaccepted standard software development methodology
Page 16 of 18
It is safe to follow a proper and accepted software development methodology where the software is developed in controlled and orderly way These methods are proven where negligence can be avoided
ii) Ensure software quality assurance It refers to methods in development cycle that guarantee reliable operation of the product Quality assurance is applied in each stage of the development cycle where standard methods are applied to ensure software quality
iii) Detecting an error early and fixing it early it is Safer and cheaper to avoid software problems at the beginning than to attempt to fix damages after the product is deliveredbull identify and remove errors early in the development process is a - cost-saving measure - 100 times less cost when bug is detected early before product roll-out
- most efficient way to improve software quality - bug effect (and its fix) may ripple through large pieces of the software iv) Testing This is one of the proven methods for quality assurance Types of Testing Dynamic testing software is developed in units called subroutines or programs These units are integrated to form a large system Each unit of code is tested with actual test data and compare results with expected results This is called dynamic testing bull Black-box testing - want code to demonstrate expected output behaviour for all input data in test Suite - tester has no knowledge and structure of code bull White-box testing (tester has knowledge of code) - testing all possible logic paths through the software unit - with thorough knowledge of the codersquos logic paths - make each program statement execute at least once - for example for program to calculate employee gross pay The test case would be for less than 40 hours and test case for more than 40 hours hellip to check calculations for overtime pay
Other Types of Testing Static testingbull static analyzers are run against the new code -bull looks for suspicious patterns in programs that might indicate a defectIntegration testingbull after successful unit testing bull software units are combined into an integrated subsystembull ensures that all linkages among various subsystems work SuccessfullySystem testingbull after successful integration testingbull various subsystems are combinedbull tests the entire system as a complete entityUser acceptance testingbull independent testingbull performed by trained end-usersbull ensures that the system operates as they expectSafety-Critical SystemsConsequences of software defects in certain systems can be deadly such systems are called Safety-critical systemsbull companies must take special precautions in developing Safety-critical system as failure may cause injury or deathbull examples- automobilersquos antilock brakes- nuclear power plant reactors- airplane navigation- roller coasters- elevators- medical devicesbull example bug in Therac-25 radiation therapy machine 1985-87- wrong sequence of menu selections caused large radiation dose to be delivered to the patient
Page 17 of 18
Key assumptionbull safety will not automatically result from following the organizationrsquos standard development methodologySoftware development measures for safety-critical systemsSafety-critical systems Must go through a more rigorous and time-consuming development process than other kinds of softwareAll tasks requirebull additional stepsbull more thorough documentationbull more checking and recheckingProject safety engineer takes care of safety of the machinesbull explicit responsibility for the systemrsquos safetybull uses a logging and monitoring system to track hazards from the projectrsquos start to finishHazard logbull used at each stage of the software development processbull assesses how it has accounted for detected hazardsSafety reviewsbull held throughout the development processRobust configuration management systembull tracks all safety-related documentationFormal documentation requiredbull including verification reviews and signaturesKey issuebull deciding when Quality Assurance staff has performed enough testing Riskbull probability of an undesirable event occurring times the magnitude of the eventrsquos consequences if it does happen bull consequences include- damage to property- loss of money- injury to people- deathQuality Management Standards
i) ISO 9000 standardbull guide to quality products services and managementbull organization must submit to an examination by an external assessorbull requirements- written procedures for everything it does- follow those procedures- prove to the auditor the organization fulfilled the first two requirementsii) Failure mode and effects analysis (FMEA)bull important technique to develop an ISO 9000 compliant systembull used to evaluate reliabilitybull determine the effect of system and equipment failuresbull goal identify potential design and process failures early in a project
ii) Failure mode and effects analysis (FMEA)bull Failure mode- describes how a product or process could failbull Effect- adverse consequence that a customer might experiencebull seldom is a one-to-one relationship between cause and effectQuality Management StandardsDO-178BEUROCCAE ED-128bull evaluation standard for the international aviation communitybull developed by Radio Technical Commission for Aeronautics (RTCA)
Page 18 of 18
bull Actions of an IT professional can affect societyThe term IT User distinguishes the person from whom a hardware or software product is designed from the IT Professional who develop install service and support the product IT Professionals have to understand a userrsquos need and capabilities and to deliver products and services that best meet the needs of users Relationships between IT Professionals and Society Regulatory laws establish safety standards for products and services to protect the public However these laws are less than perfect and they fail to safeguard against all negative side effects of product or process The society not only expects members of a profession not to cause harm but to provide significant benefits Example a system analyst may design a computer based control system to monitor a chemical manufacturing process A failure or error occurs in the system may put workers or residents near the plant at risk 12 THE ETHICAL BEHAVIOR OF IT PROFESSIONALS
bull Corporations are taking actions to ensure good business ethics among employees121 Professional Codes of Ethics
bull A professional code of ethics states the principles and core values that are essential to the work of a particular occupational group
bull Example Doctors stick to varying versions of the 2000-year-old Hippocratic Oath with medical schools offer an affirmation to their graduating classes
bull Most codes of ethics created by professional organizations have two main parts bull The first outlines what the professional organization aspires to become and the second typically lists the rules
and principles by which members of the organization expected to follow i )Main partsndash Outlines what the professional organization aspires to becomendash Lists rules and principles by which members of the organization are expected to abide
ii) Benefits for individual profession and societyndash Improves ethical decision makingndash Promotes high standards of practice and ethical behaviour ndash Enhances trust and respect from the general publicndash Provides an evaluation benchmarkndash Promotes high standard of practice and ethical behavior
bull Note laws do not provide a complete guide to ethical behavior Just because an activity is not defined as illegal does not mean it is ethical One cannot expect professional ethical code to provide answer to every thing However practicing according to a professional code of ethics can produce many benefits for the individuals professionals and society as whole 122) Professional Organizations
a) Professional Organizationsbull No IT Professional organization has emerged to excelling others so there is no universal code of ethics for IT professionals
No single formal organization of IT professionals has emerged as preeminentbull However the existence of such organizations useful in a field that is rapidly growing and changing bull IT Professionals need to know about new development in the field which require networking with others finding new ideas and building personal skills and expertise bull In recognition for the need for professional standards of competence and conduct bull Many organizations have developed a code of ethics Four most prominent IT professional organizations are 1 Association of Computing Machinery (ACM) 2 Association of Information Technology Professionals (AITP) 3 Computer Society of the institute of Electrical and Electronics Engineers (IEEE-CS) 4 Project Management Institute (PMI)
Page 9 of 18
b) Certification Indicates a professional possesses a particular set of skills knowledge or abilities in the opinion of a certifying organizationCan also apply to products Generally voluntaryIT related certifications typically carry no equipment to stick to a code of ethics Carries no requirement to adhere to a code of ethicsVendor certifications
a Some certifications substantially improve IT workersrsquo salaries and career prospectsb Relevant for narrowly defined roles
i Or certain aspects of broader rolesc Require passing a written examd Workers are commonly recertified as newer technologies become available
c) Industry association certificationsa Require a certain level of experience and a broader perspective than vendor certificationsb Lag in developing tests that cover new technologies
Numerous companies and professional organizations offer certifications and opinions are divided on their values Many employers view them as benchmarks that indicate mastery of defined set of basic knowledge On the other hand some may disagree because the candidate may not have experience of it Certifications are again divided in to two types Vendor Certifications Many IT Vendors such as CISCO IBM Microsoft Sun and Oracle offer certification programs for their products Workers who successfully complete a program can represent themselves as certified users of manufacturerrsquos products Industry Associated Certifications Certifications from industry associations generally require a certain level of experience and a broader thinking than vendor certifications however they often lag in developing tests that cover new technology The trend in IT certification is to move from purely technical content to a broader mix of technology business and behavioral competence which are required in todayrsquos competence 4) Government Licensing bull Some Professionals must be licensed to prove that they can do their work ethically and safely including certified public accountants Lawyers Doctors various types of medical and day care providers and some engineers bull People cannot call them as professionals unless they are licensed Most countries have similar laws
bull Generally administered at the state level in the United Statesbull Case for licensing IT professionals
ndash Encourage IT professionals to follow the highest standards of the profession ndash Practice a code of ethicsndash Violators would be punished
bull Generally administered at the state level in the United Statesbull Case for licensing IT professionals
ndash Encourage IT professionals to follow the highest standards of the profession ndash Practice a code of ethicsndash Violators would be punished
The case for licensing IT Professionals The days of simple stand-alone information system are over Modern systems are highly complex Enterprise resource planning Systems (ERPs) help multimillion-dollar companies control all their business functions Complex computers and information systems manage and control the nuclear reactors of power plants that generate electricity for cities
Page 10 of 18
As a result of the increasing importance of IT in our everyday lives the development of reliable effective information systems had become an area of mounting public concern This concern had led to a debate whether the licensing if IT professionals would improve information system Proponents argue that licensing would strongly encouraged IT professionals to follow the highest standards of the profession and practice a code of ethics and that licensing would allow violators to be punished Issues Associated with Governing Licensing of IT Professionals There are very few international or national licensing programs for IT professionals for many reasons 1) There is no universally accepted core body of knowledge 2) It is unclear who should manage the content and administration of licensing exams 3) There is no administrative body to accredit professional education programs 4) There is no administrative body to assess and ensure competence of individual professionals
13 Common Ethical Issues for IT Users IT Professional Malpractice
bull Negligence has been defined as not doing something that a reasonable man would do or doing something that a reasonable man would not do
bull Duty of care refers to the obligation to protect people against any unreasonable harm or risk bull Courts consistently reject attempts to sue individual parties for computer-related malpracticebull Employeesrsquo ethical use of IT is an area of growing concern
Common Ethical Issues for IT Usersbull Software piracybull Inappropriate use of computing resourcesbull Inappropriate sharing of information
ndash Private datandash Confidential information
Software Piracy IT Users are the ones who committed software piracy A common violation occurs when employees copy software from their work computers for use at home It is still called as piracy if they had not paid for it Inappropriate Use of Computing Resources Some employees use their computers to brows some of the popular websites that have nothing to do with their jobs These activities eat away at worker productivity and waste time Inappropriate Sharing of Information Every organization stores vast amount of information that can be classified as either private or confidential An IT User who shares this information with unauthorized party has violated someonersquos privacy Example if an IT users sawrsquos his coworkers salary records and shares it with another then it would be a clear violation of the workerrsquos privacy 2 Supporting the Ethical practices of IT Users
bull Policies that protect against abusesndash Establish boundaries of acceptable and unacceptable behaviour ndash Enable management to punish violators
bull Policy components includendash Defining and limiting the appropriate use of IT resourcesndash Establishing guidelines for use of company softwarendash Structuring information systems to protect data and informationndash Installing and maintaining a corporate firewall
The growing use of IT has increased Ethical problems so many organizations are planning to develop certain policies that protect against these problems Although no policy can stop wrongdoers it can set responsibilities on IT users and enable management to punish violators
Page 11 of 18
The following actions when creating an IT usage policy Defining and limiting the appropriate use of IT Resources Companies must develop communicate and enforce written guidelines that encourage employees to respect corporate IT resources and use them to enhance their job performance Effective guidelines prohibit employees from visiting objectionable internet sites or using company e-mail to send offensive or harassing messages Establishing guidelines for use of company software Company IT managers must provide clear rules that govern the use of home computers and associated software Some companies negotiate contracts with software manufacturers and provide PCs and software so that IT users can work at home Other companies help employeersquos bye hardware and software at corporate discount rates The goal should be to ensure that employees have legal copies of all the software they need Structuring Information systems to protect Data and Information Organizations must implement system and procedures that limit data access to employee who need it Example in Banks a teller should be able to see the account details of customers but a payroll employee doesnrsquot have any need to see the customer details as he is dealing with bank employee details Installing and maintaining a corporate firewall A firewall is a hardware or software device that serves as a barrier between a company and outside world and limits access to unwanted sites from internet The firewall can be configured to serve as an effective factor to unauthorized web surfing CONCLUSION
bull A professional from a legal standpointndash Has passed the state licensing requirements ndash Has earned the right to practice there
bull IT professionals have many different relationshipsndash Each with its own set of ethical issues and potential problems
bull Professional code of ethics ndash States the principles and core values essential to the work of an occupational group
bull Licensing and certification of IT professionalsndash Many people feel that certification will increase the reliability and effectiveness of information
systemsndash Raises many issues
bull IT-related professional organizations have developed a code of ethicsNotes helpful in examination point of viewhellip
Unit ndash III PRIVACY Introduction The use of Information technology in business has made information about people to be gathered stored analysed and reported just by one swipe of a credit or debit card This information is used to know the consumers purchasing habits and financial conditions Organizations make use of various marketing strategies to target the potential buyers This is against the privacy of an individual But on the other hand organizations need the information about their customers to serve them better so there should be a balance between those who gather and use the information against the rights of privacyWhat is PrivacyPrivacy words come from lsquolatinrsquo word ldquorivatesrdquo(separated from the rest) it can be broadly defined as the right to be left alone Privacy may be defined as the claim of individuals groups or institutions to determine when how and to what extent information about them is communicated to othersLegal concept of privacyRight of privacy Privacy is the right of any individual to control the collection and use of information about themselves Privacy has the following four aspects
Page 12 of 18
Protection from unreasonable intrusion upon onersquos isolation such as gathering of details about their web surfing habits etc
Protection from identity theft by inappropriate use of name or likeness Example like stealing of credit cards Social Security Number
Protection from unreasonable publicity of onersquos private life such as revealing condition of health Protection from unreasonable false information such as giving false information about a person in the
internet media etc What is AnonymityAnonymity means that the real author of a message is not shown or his identity is hiddenAnonymity can be implemented to make it impossible or very difficult to find out the real author of a message
Key Privacy and anonymity issues Government electronic surveillanceObserving or listening to persons places or activitiesmdashusually in a secretive or unobtrusive mannermdashwith the aid of electronic devices such as cameras microphones tape recorders or wire taps Four types of electronic surveillance are most prevalent bull Wire Tapping Wire Tapping intercepts telephone calls and telegraph messages by physically penetrating the wire circuitry Someone must actually ldquotaprdquo into telephone or telegraph wires to accomplish this type of surveillancebull Bugging Bugging is accomplished without the aid of telephone wires usually by placing a small microphone or other listening device in one location to transmit conversations to a nearby receiver and recorderbull Video Tapping
Video surveillance is performed by conspicuous or hidden cameras that transmit and record visual images that may be watched simultaneously or reviewed later on tape
Web TappingLogging the IP addresses of users that access certain websites is commonly called ldquoweb tappingrdquo Data Encryptionbull Cryptography
o Science of encoding messages o Only sender and intended receiver can understand the messageso Key tool for ensuring confidentiality integrity authenticity of electronic messages and online
business transactionsbull Encryption
o Process of converting electronic messages into a form understood only by the intended recipients Encryption key It is the Variable value applied using an algorithm to encrypt or decrypt text
bull There are two types of Encryption keys used i) public Key ii) Private KeyPublic Key encryption
bull Public key encryption system uses two keys to encode and decode messagesbull Message receiverrsquos public key ndash readily available to all and anyone can use it to send a person encrypted
messagesbull Message receiverrsquos private key ndash kept secret only the receiver will know and the owner of the message will
use it to decode it to the original messagebull RSA ndash a public key encryption algorithm
Private key encryption system This system uses Single key to encode and decode messages
bull Identity Theft Identity theft occurs when someone steals key pieces of personal information to gain access to a personrsquos financial accounts
bull Information includes
Page 13 of 18
Name Address Date of birth Social Security number Passport number Driverrsquos license number Motherrsquos maiden name
bull Fastest growing form of fraud in the United Statesbull Lack of initiative in informing people whose data was stolenPhishing
o Attempt to steal personal identity data o By tricking users into entering information on a counterfeit Web siteo phishing ndash a variation in which employees are sent phony e-mails that look like they came from
high-level executives within their organization bull Spyware
o Keystroke-logging softwareo Gets automatically downloaded to users computer without hishers knowledgeo Creates a record of keystrokes entered in the systemo Enables the capture of
Account usernames Passwords Credit card numbers Other sensitive information
o Operates even if an infected computer is not connected to the Internet
Consumer Profilingbull Companies openly collect personal information about internet users when they register at Web sites
complete surveys fill out forms or enter contests onlinebull Many companies also obtain information about Web surfers through the use of cookies Cookies are the
text files that a website puts on a userrsquos hard drive so that it can remember the information laterbull Companies also use tracking software to allow their Web sites to analyze browsing habits and deduce
personal interests and preferencesbull Databases contain huge amount of consumer behavioral data
Types of data collected while surfing the web surfing details etc and send it to advertising companies Three Types of data is collected using Cookies a method used to collect information from the useri) Get data sites visited by customerExample That the consumer visited an affiliated book site and requested information about the latest Dean Koontz book ii) Post data Data given entered by customerExample POST data is entered into blank fields on an affiliated Web page when a consumer signs up for a service such as the Travelocity service that sends an e-mail when airplane fares change for flights to favorite destinations iii) Click-stream data Keeping track of all what the user viewed and sought
bull Four ways to limit or even stop the deposit of cookies on hard drives Set the browser to limit or stop cookies Manually delete them from the hard drive Download and install a cookie-management program Use anonymous browsing programs that donrsquot accept cookies
Treating consumer Data Responsibly
Page 14 of 18
When dealing with consumer data it is required to avoid problems by taking consent from the consumer before using details for marketing or for research It can be done by appointing a Chief Privacy Officer(CPO) who has the power to stop illegal use of consumer data Work Place Monitoring
The employers have the right to monitor your activities in many situations at work place major Monitoring includes
Recording CCTV cameras Opening mail or e-mail Check phone logs or recording of phone calls Videoing outside the workplace Checking the logs of website visited Some companies even do random drug test on their employees
Spamming Transmission of the same e-mail message to a large number of people Extremely inexpensive method of marketing Used by many legitimate organizations Can contain unwanted and objectionable materials
Example Some companies might send e-mail to customers to announce the release of their new product in an attempt to increase initial sales
Advanced surveillance technologyCamera surveillance camerarsquos fixed to stop illegal activities by finding people who act suspiciously i) Facial recognition software can be used to identify criminals and terroristsii) GPS(Global Positioning chips) can be placed in devices like cell phones to locate
Users
Unit IV -SOFTWARE DEVELOPMENTObjectivesWhy do companies require high-quality software in business systems industrial process control systems and consumer productsWhat ethical issues do software manufacturers face in making tradeoffs between project schedules project costs and software quality
Need for high quality software systems High quality sw systems are easy to learn and easy to use They efficiently meet the userrsquos needs They are dependable It is highly ethical for Software engineers to develop quality softwaresImpact of Quality SoftwareA software defect is an error which can cause software systems to halt without meeting the users need Software error has to be detected and removedSoftware errors can have minor or major consequencesbull Software in dryer may cause clothes not being dried enough- Minor can be toleratedbull Software in X-ray scanner may overexpose patient to powerful X-rays ndash major cannot accept as it is deadlyHigh-quality software systemsbull operate safely and dependablybull have a high degree of availabilitybull required to support the fields of- air traffic control- nuclear power- automobile safety- health care- military and defense
Page 15 of 18
- space explorationKey Issues in Software DevelopmentEthical decisions involve
Quality Management which defines the measure of quality in the development processbull tradeoff between quality and other factors such as ease of use time to market and development costsbull some managers may have a short-term profit-oriented viewbull others may prefer the more ethical view of delivering high-quality softwarebull need to also review legal implications of software errorsLiabilityResponsibilitySoftware product liabilitybull accidents due to software errors may result in lawsuits and punitive damagesbull liability is commonly referred to as product liabilitybull there is no federal liability law software liability falls under common lawbull strict liabilty means manufacturer is responsible for regardless of negligence or intent 1048774
but there are lines of defense against thisbull responsibilty may be limited to harmful defects that could have been detected through lsquoreasonablersquo software practicesbull there is also the concept of lsquocontributoryrsquo negligence (eg accidentally cut finger using nail clippers)bull warranty also protects consumer but may be hard to read
Reasons For Software Defects1) Inexperienced or quality-ignorant software coding
bull quality software evolves right from the startbull but few have the conscience to do it
2) Human errorbull programmers inject one defect for every 10 lines of codebull eg Windows XT 400 M lines of code even if 999 was cleanthere still would be 1 bug per 10000 lines of code 1048774 large softwarestill contains thousands of bugs
3) Time pressurebull competition requires fast delivery of the product with more featuresbull A patch is a fix for an software error Many think software errors can be patchedConsequences of a Software defectbull could cause a system to fail to meet usersrsquo needsbull impact may be trivial or very seriousbull even patches may contain (new) defects Software qualitybull degree to which software meets the needs of usersbull lsquotestingrsquo done by customersbull some avoid buying the first version
Strtegies for developing Quality SoftwareMore and more users are demanding high-quality softwareQuality Management measures the quality of software in the development process The objective is to deliver high quality software Various strategies are adopted
1 Following a properaccepted standard software development methodology2 Ensure Quality Assurance at each stage of software development3 Detecting an error early and fixing it early4 Testing the product before delivering it to the customer5 Document the various stages of software development to ensure quality
Quality Software Development Processi) Following a properaccepted standard software development methodology
Page 16 of 18
It is safe to follow a proper and accepted software development methodology where the software is developed in controlled and orderly way These methods are proven where negligence can be avoided
ii) Ensure software quality assurance It refers to methods in development cycle that guarantee reliable operation of the product Quality assurance is applied in each stage of the development cycle where standard methods are applied to ensure software quality
iii) Detecting an error early and fixing it early it is Safer and cheaper to avoid software problems at the beginning than to attempt to fix damages after the product is deliveredbull identify and remove errors early in the development process is a - cost-saving measure - 100 times less cost when bug is detected early before product roll-out
- most efficient way to improve software quality - bug effect (and its fix) may ripple through large pieces of the software iv) Testing This is one of the proven methods for quality assurance Types of Testing Dynamic testing software is developed in units called subroutines or programs These units are integrated to form a large system Each unit of code is tested with actual test data and compare results with expected results This is called dynamic testing bull Black-box testing - want code to demonstrate expected output behaviour for all input data in test Suite - tester has no knowledge and structure of code bull White-box testing (tester has knowledge of code) - testing all possible logic paths through the software unit - with thorough knowledge of the codersquos logic paths - make each program statement execute at least once - for example for program to calculate employee gross pay The test case would be for less than 40 hours and test case for more than 40 hours hellip to check calculations for overtime pay
Other Types of Testing Static testingbull static analyzers are run against the new code -bull looks for suspicious patterns in programs that might indicate a defectIntegration testingbull after successful unit testing bull software units are combined into an integrated subsystembull ensures that all linkages among various subsystems work SuccessfullySystem testingbull after successful integration testingbull various subsystems are combinedbull tests the entire system as a complete entityUser acceptance testingbull independent testingbull performed by trained end-usersbull ensures that the system operates as they expectSafety-Critical SystemsConsequences of software defects in certain systems can be deadly such systems are called Safety-critical systemsbull companies must take special precautions in developing Safety-critical system as failure may cause injury or deathbull examples- automobilersquos antilock brakes- nuclear power plant reactors- airplane navigation- roller coasters- elevators- medical devicesbull example bug in Therac-25 radiation therapy machine 1985-87- wrong sequence of menu selections caused large radiation dose to be delivered to the patient
Page 17 of 18
Key assumptionbull safety will not automatically result from following the organizationrsquos standard development methodologySoftware development measures for safety-critical systemsSafety-critical systems Must go through a more rigorous and time-consuming development process than other kinds of softwareAll tasks requirebull additional stepsbull more thorough documentationbull more checking and recheckingProject safety engineer takes care of safety of the machinesbull explicit responsibility for the systemrsquos safetybull uses a logging and monitoring system to track hazards from the projectrsquos start to finishHazard logbull used at each stage of the software development processbull assesses how it has accounted for detected hazardsSafety reviewsbull held throughout the development processRobust configuration management systembull tracks all safety-related documentationFormal documentation requiredbull including verification reviews and signaturesKey issuebull deciding when Quality Assurance staff has performed enough testing Riskbull probability of an undesirable event occurring times the magnitude of the eventrsquos consequences if it does happen bull consequences include- damage to property- loss of money- injury to people- deathQuality Management Standards
i) ISO 9000 standardbull guide to quality products services and managementbull organization must submit to an examination by an external assessorbull requirements- written procedures for everything it does- follow those procedures- prove to the auditor the organization fulfilled the first two requirementsii) Failure mode and effects analysis (FMEA)bull important technique to develop an ISO 9000 compliant systembull used to evaluate reliabilitybull determine the effect of system and equipment failuresbull goal identify potential design and process failures early in a project
ii) Failure mode and effects analysis (FMEA)bull Failure mode- describes how a product or process could failbull Effect- adverse consequence that a customer might experiencebull seldom is a one-to-one relationship between cause and effectQuality Management StandardsDO-178BEUROCCAE ED-128bull evaluation standard for the international aviation communitybull developed by Radio Technical Commission for Aeronautics (RTCA)
Page 18 of 18
b) Certification Indicates a professional possesses a particular set of skills knowledge or abilities in the opinion of a certifying organizationCan also apply to products Generally voluntaryIT related certifications typically carry no equipment to stick to a code of ethics Carries no requirement to adhere to a code of ethicsVendor certifications
a Some certifications substantially improve IT workersrsquo salaries and career prospectsb Relevant for narrowly defined roles
i Or certain aspects of broader rolesc Require passing a written examd Workers are commonly recertified as newer technologies become available
c) Industry association certificationsa Require a certain level of experience and a broader perspective than vendor certificationsb Lag in developing tests that cover new technologies
Numerous companies and professional organizations offer certifications and opinions are divided on their values Many employers view them as benchmarks that indicate mastery of defined set of basic knowledge On the other hand some may disagree because the candidate may not have experience of it Certifications are again divided in to two types Vendor Certifications Many IT Vendors such as CISCO IBM Microsoft Sun and Oracle offer certification programs for their products Workers who successfully complete a program can represent themselves as certified users of manufacturerrsquos products Industry Associated Certifications Certifications from industry associations generally require a certain level of experience and a broader thinking than vendor certifications however they often lag in developing tests that cover new technology The trend in IT certification is to move from purely technical content to a broader mix of technology business and behavioral competence which are required in todayrsquos competence 4) Government Licensing bull Some Professionals must be licensed to prove that they can do their work ethically and safely including certified public accountants Lawyers Doctors various types of medical and day care providers and some engineers bull People cannot call them as professionals unless they are licensed Most countries have similar laws
bull Generally administered at the state level in the United Statesbull Case for licensing IT professionals
ndash Encourage IT professionals to follow the highest standards of the profession ndash Practice a code of ethicsndash Violators would be punished
bull Generally administered at the state level in the United Statesbull Case for licensing IT professionals
ndash Encourage IT professionals to follow the highest standards of the profession ndash Practice a code of ethicsndash Violators would be punished
The case for licensing IT Professionals The days of simple stand-alone information system are over Modern systems are highly complex Enterprise resource planning Systems (ERPs) help multimillion-dollar companies control all their business functions Complex computers and information systems manage and control the nuclear reactors of power plants that generate electricity for cities
Page 10 of 18
As a result of the increasing importance of IT in our everyday lives the development of reliable effective information systems had become an area of mounting public concern This concern had led to a debate whether the licensing if IT professionals would improve information system Proponents argue that licensing would strongly encouraged IT professionals to follow the highest standards of the profession and practice a code of ethics and that licensing would allow violators to be punished Issues Associated with Governing Licensing of IT Professionals There are very few international or national licensing programs for IT professionals for many reasons 1) There is no universally accepted core body of knowledge 2) It is unclear who should manage the content and administration of licensing exams 3) There is no administrative body to accredit professional education programs 4) There is no administrative body to assess and ensure competence of individual professionals
13 Common Ethical Issues for IT Users IT Professional Malpractice
bull Negligence has been defined as not doing something that a reasonable man would do or doing something that a reasonable man would not do
bull Duty of care refers to the obligation to protect people against any unreasonable harm or risk bull Courts consistently reject attempts to sue individual parties for computer-related malpracticebull Employeesrsquo ethical use of IT is an area of growing concern
Common Ethical Issues for IT Usersbull Software piracybull Inappropriate use of computing resourcesbull Inappropriate sharing of information
ndash Private datandash Confidential information
Software Piracy IT Users are the ones who committed software piracy A common violation occurs when employees copy software from their work computers for use at home It is still called as piracy if they had not paid for it Inappropriate Use of Computing Resources Some employees use their computers to brows some of the popular websites that have nothing to do with their jobs These activities eat away at worker productivity and waste time Inappropriate Sharing of Information Every organization stores vast amount of information that can be classified as either private or confidential An IT User who shares this information with unauthorized party has violated someonersquos privacy Example if an IT users sawrsquos his coworkers salary records and shares it with another then it would be a clear violation of the workerrsquos privacy 2 Supporting the Ethical practices of IT Users
bull Policies that protect against abusesndash Establish boundaries of acceptable and unacceptable behaviour ndash Enable management to punish violators
bull Policy components includendash Defining and limiting the appropriate use of IT resourcesndash Establishing guidelines for use of company softwarendash Structuring information systems to protect data and informationndash Installing and maintaining a corporate firewall
The growing use of IT has increased Ethical problems so many organizations are planning to develop certain policies that protect against these problems Although no policy can stop wrongdoers it can set responsibilities on IT users and enable management to punish violators
Page 11 of 18
The following actions when creating an IT usage policy Defining and limiting the appropriate use of IT Resources Companies must develop communicate and enforce written guidelines that encourage employees to respect corporate IT resources and use them to enhance their job performance Effective guidelines prohibit employees from visiting objectionable internet sites or using company e-mail to send offensive or harassing messages Establishing guidelines for use of company software Company IT managers must provide clear rules that govern the use of home computers and associated software Some companies negotiate contracts with software manufacturers and provide PCs and software so that IT users can work at home Other companies help employeersquos bye hardware and software at corporate discount rates The goal should be to ensure that employees have legal copies of all the software they need Structuring Information systems to protect Data and Information Organizations must implement system and procedures that limit data access to employee who need it Example in Banks a teller should be able to see the account details of customers but a payroll employee doesnrsquot have any need to see the customer details as he is dealing with bank employee details Installing and maintaining a corporate firewall A firewall is a hardware or software device that serves as a barrier between a company and outside world and limits access to unwanted sites from internet The firewall can be configured to serve as an effective factor to unauthorized web surfing CONCLUSION
bull A professional from a legal standpointndash Has passed the state licensing requirements ndash Has earned the right to practice there
bull IT professionals have many different relationshipsndash Each with its own set of ethical issues and potential problems
bull Professional code of ethics ndash States the principles and core values essential to the work of an occupational group
bull Licensing and certification of IT professionalsndash Many people feel that certification will increase the reliability and effectiveness of information
systemsndash Raises many issues
bull IT-related professional organizations have developed a code of ethicsNotes helpful in examination point of viewhellip
Unit ndash III PRIVACY Introduction The use of Information technology in business has made information about people to be gathered stored analysed and reported just by one swipe of a credit or debit card This information is used to know the consumers purchasing habits and financial conditions Organizations make use of various marketing strategies to target the potential buyers This is against the privacy of an individual But on the other hand organizations need the information about their customers to serve them better so there should be a balance between those who gather and use the information against the rights of privacyWhat is PrivacyPrivacy words come from lsquolatinrsquo word ldquorivatesrdquo(separated from the rest) it can be broadly defined as the right to be left alone Privacy may be defined as the claim of individuals groups or institutions to determine when how and to what extent information about them is communicated to othersLegal concept of privacyRight of privacy Privacy is the right of any individual to control the collection and use of information about themselves Privacy has the following four aspects
Page 12 of 18
Protection from unreasonable intrusion upon onersquos isolation such as gathering of details about their web surfing habits etc
Protection from identity theft by inappropriate use of name or likeness Example like stealing of credit cards Social Security Number
Protection from unreasonable publicity of onersquos private life such as revealing condition of health Protection from unreasonable false information such as giving false information about a person in the
internet media etc What is AnonymityAnonymity means that the real author of a message is not shown or his identity is hiddenAnonymity can be implemented to make it impossible or very difficult to find out the real author of a message
Key Privacy and anonymity issues Government electronic surveillanceObserving or listening to persons places or activitiesmdashusually in a secretive or unobtrusive mannermdashwith the aid of electronic devices such as cameras microphones tape recorders or wire taps Four types of electronic surveillance are most prevalent bull Wire Tapping Wire Tapping intercepts telephone calls and telegraph messages by physically penetrating the wire circuitry Someone must actually ldquotaprdquo into telephone or telegraph wires to accomplish this type of surveillancebull Bugging Bugging is accomplished without the aid of telephone wires usually by placing a small microphone or other listening device in one location to transmit conversations to a nearby receiver and recorderbull Video Tapping
Video surveillance is performed by conspicuous or hidden cameras that transmit and record visual images that may be watched simultaneously or reviewed later on tape
Web TappingLogging the IP addresses of users that access certain websites is commonly called ldquoweb tappingrdquo Data Encryptionbull Cryptography
o Science of encoding messages o Only sender and intended receiver can understand the messageso Key tool for ensuring confidentiality integrity authenticity of electronic messages and online
business transactionsbull Encryption
o Process of converting electronic messages into a form understood only by the intended recipients Encryption key It is the Variable value applied using an algorithm to encrypt or decrypt text
bull There are two types of Encryption keys used i) public Key ii) Private KeyPublic Key encryption
bull Public key encryption system uses two keys to encode and decode messagesbull Message receiverrsquos public key ndash readily available to all and anyone can use it to send a person encrypted
messagesbull Message receiverrsquos private key ndash kept secret only the receiver will know and the owner of the message will
use it to decode it to the original messagebull RSA ndash a public key encryption algorithm
Private key encryption system This system uses Single key to encode and decode messages
bull Identity Theft Identity theft occurs when someone steals key pieces of personal information to gain access to a personrsquos financial accounts
bull Information includes
Page 13 of 18
Name Address Date of birth Social Security number Passport number Driverrsquos license number Motherrsquos maiden name
bull Fastest growing form of fraud in the United Statesbull Lack of initiative in informing people whose data was stolenPhishing
o Attempt to steal personal identity data o By tricking users into entering information on a counterfeit Web siteo phishing ndash a variation in which employees are sent phony e-mails that look like they came from
high-level executives within their organization bull Spyware
o Keystroke-logging softwareo Gets automatically downloaded to users computer without hishers knowledgeo Creates a record of keystrokes entered in the systemo Enables the capture of
Account usernames Passwords Credit card numbers Other sensitive information
o Operates even if an infected computer is not connected to the Internet
Consumer Profilingbull Companies openly collect personal information about internet users when they register at Web sites
complete surveys fill out forms or enter contests onlinebull Many companies also obtain information about Web surfers through the use of cookies Cookies are the
text files that a website puts on a userrsquos hard drive so that it can remember the information laterbull Companies also use tracking software to allow their Web sites to analyze browsing habits and deduce
personal interests and preferencesbull Databases contain huge amount of consumer behavioral data
Types of data collected while surfing the web surfing details etc and send it to advertising companies Three Types of data is collected using Cookies a method used to collect information from the useri) Get data sites visited by customerExample That the consumer visited an affiliated book site and requested information about the latest Dean Koontz book ii) Post data Data given entered by customerExample POST data is entered into blank fields on an affiliated Web page when a consumer signs up for a service such as the Travelocity service that sends an e-mail when airplane fares change for flights to favorite destinations iii) Click-stream data Keeping track of all what the user viewed and sought
bull Four ways to limit or even stop the deposit of cookies on hard drives Set the browser to limit or stop cookies Manually delete them from the hard drive Download and install a cookie-management program Use anonymous browsing programs that donrsquot accept cookies
Treating consumer Data Responsibly
Page 14 of 18
When dealing with consumer data it is required to avoid problems by taking consent from the consumer before using details for marketing or for research It can be done by appointing a Chief Privacy Officer(CPO) who has the power to stop illegal use of consumer data Work Place Monitoring
The employers have the right to monitor your activities in many situations at work place major Monitoring includes
Recording CCTV cameras Opening mail or e-mail Check phone logs or recording of phone calls Videoing outside the workplace Checking the logs of website visited Some companies even do random drug test on their employees
Spamming Transmission of the same e-mail message to a large number of people Extremely inexpensive method of marketing Used by many legitimate organizations Can contain unwanted and objectionable materials
Example Some companies might send e-mail to customers to announce the release of their new product in an attempt to increase initial sales
Advanced surveillance technologyCamera surveillance camerarsquos fixed to stop illegal activities by finding people who act suspiciously i) Facial recognition software can be used to identify criminals and terroristsii) GPS(Global Positioning chips) can be placed in devices like cell phones to locate
Users
Unit IV -SOFTWARE DEVELOPMENTObjectivesWhy do companies require high-quality software in business systems industrial process control systems and consumer productsWhat ethical issues do software manufacturers face in making tradeoffs between project schedules project costs and software quality
Need for high quality software systems High quality sw systems are easy to learn and easy to use They efficiently meet the userrsquos needs They are dependable It is highly ethical for Software engineers to develop quality softwaresImpact of Quality SoftwareA software defect is an error which can cause software systems to halt without meeting the users need Software error has to be detected and removedSoftware errors can have minor or major consequencesbull Software in dryer may cause clothes not being dried enough- Minor can be toleratedbull Software in X-ray scanner may overexpose patient to powerful X-rays ndash major cannot accept as it is deadlyHigh-quality software systemsbull operate safely and dependablybull have a high degree of availabilitybull required to support the fields of- air traffic control- nuclear power- automobile safety- health care- military and defense
Page 15 of 18
- space explorationKey Issues in Software DevelopmentEthical decisions involve
Quality Management which defines the measure of quality in the development processbull tradeoff between quality and other factors such as ease of use time to market and development costsbull some managers may have a short-term profit-oriented viewbull others may prefer the more ethical view of delivering high-quality softwarebull need to also review legal implications of software errorsLiabilityResponsibilitySoftware product liabilitybull accidents due to software errors may result in lawsuits and punitive damagesbull liability is commonly referred to as product liabilitybull there is no federal liability law software liability falls under common lawbull strict liabilty means manufacturer is responsible for regardless of negligence or intent 1048774
but there are lines of defense against thisbull responsibilty may be limited to harmful defects that could have been detected through lsquoreasonablersquo software practicesbull there is also the concept of lsquocontributoryrsquo negligence (eg accidentally cut finger using nail clippers)bull warranty also protects consumer but may be hard to read
Reasons For Software Defects1) Inexperienced or quality-ignorant software coding
bull quality software evolves right from the startbull but few have the conscience to do it
2) Human errorbull programmers inject one defect for every 10 lines of codebull eg Windows XT 400 M lines of code even if 999 was cleanthere still would be 1 bug per 10000 lines of code 1048774 large softwarestill contains thousands of bugs
3) Time pressurebull competition requires fast delivery of the product with more featuresbull A patch is a fix for an software error Many think software errors can be patchedConsequences of a Software defectbull could cause a system to fail to meet usersrsquo needsbull impact may be trivial or very seriousbull even patches may contain (new) defects Software qualitybull degree to which software meets the needs of usersbull lsquotestingrsquo done by customersbull some avoid buying the first version
Strtegies for developing Quality SoftwareMore and more users are demanding high-quality softwareQuality Management measures the quality of software in the development process The objective is to deliver high quality software Various strategies are adopted
1 Following a properaccepted standard software development methodology2 Ensure Quality Assurance at each stage of software development3 Detecting an error early and fixing it early4 Testing the product before delivering it to the customer5 Document the various stages of software development to ensure quality
Quality Software Development Processi) Following a properaccepted standard software development methodology
Page 16 of 18
It is safe to follow a proper and accepted software development methodology where the software is developed in controlled and orderly way These methods are proven where negligence can be avoided
ii) Ensure software quality assurance It refers to methods in development cycle that guarantee reliable operation of the product Quality assurance is applied in each stage of the development cycle where standard methods are applied to ensure software quality
iii) Detecting an error early and fixing it early it is Safer and cheaper to avoid software problems at the beginning than to attempt to fix damages after the product is deliveredbull identify and remove errors early in the development process is a - cost-saving measure - 100 times less cost when bug is detected early before product roll-out
- most efficient way to improve software quality - bug effect (and its fix) may ripple through large pieces of the software iv) Testing This is one of the proven methods for quality assurance Types of Testing Dynamic testing software is developed in units called subroutines or programs These units are integrated to form a large system Each unit of code is tested with actual test data and compare results with expected results This is called dynamic testing bull Black-box testing - want code to demonstrate expected output behaviour for all input data in test Suite - tester has no knowledge and structure of code bull White-box testing (tester has knowledge of code) - testing all possible logic paths through the software unit - with thorough knowledge of the codersquos logic paths - make each program statement execute at least once - for example for program to calculate employee gross pay The test case would be for less than 40 hours and test case for more than 40 hours hellip to check calculations for overtime pay
Other Types of Testing Static testingbull static analyzers are run against the new code -bull looks for suspicious patterns in programs that might indicate a defectIntegration testingbull after successful unit testing bull software units are combined into an integrated subsystembull ensures that all linkages among various subsystems work SuccessfullySystem testingbull after successful integration testingbull various subsystems are combinedbull tests the entire system as a complete entityUser acceptance testingbull independent testingbull performed by trained end-usersbull ensures that the system operates as they expectSafety-Critical SystemsConsequences of software defects in certain systems can be deadly such systems are called Safety-critical systemsbull companies must take special precautions in developing Safety-critical system as failure may cause injury or deathbull examples- automobilersquos antilock brakes- nuclear power plant reactors- airplane navigation- roller coasters- elevators- medical devicesbull example bug in Therac-25 radiation therapy machine 1985-87- wrong sequence of menu selections caused large radiation dose to be delivered to the patient
Page 17 of 18
Key assumptionbull safety will not automatically result from following the organizationrsquos standard development methodologySoftware development measures for safety-critical systemsSafety-critical systems Must go through a more rigorous and time-consuming development process than other kinds of softwareAll tasks requirebull additional stepsbull more thorough documentationbull more checking and recheckingProject safety engineer takes care of safety of the machinesbull explicit responsibility for the systemrsquos safetybull uses a logging and monitoring system to track hazards from the projectrsquos start to finishHazard logbull used at each stage of the software development processbull assesses how it has accounted for detected hazardsSafety reviewsbull held throughout the development processRobust configuration management systembull tracks all safety-related documentationFormal documentation requiredbull including verification reviews and signaturesKey issuebull deciding when Quality Assurance staff has performed enough testing Riskbull probability of an undesirable event occurring times the magnitude of the eventrsquos consequences if it does happen bull consequences include- damage to property- loss of money- injury to people- deathQuality Management Standards
i) ISO 9000 standardbull guide to quality products services and managementbull organization must submit to an examination by an external assessorbull requirements- written procedures for everything it does- follow those procedures- prove to the auditor the organization fulfilled the first two requirementsii) Failure mode and effects analysis (FMEA)bull important technique to develop an ISO 9000 compliant systembull used to evaluate reliabilitybull determine the effect of system and equipment failuresbull goal identify potential design and process failures early in a project
ii) Failure mode and effects analysis (FMEA)bull Failure mode- describes how a product or process could failbull Effect- adverse consequence that a customer might experiencebull seldom is a one-to-one relationship between cause and effectQuality Management StandardsDO-178BEUROCCAE ED-128bull evaluation standard for the international aviation communitybull developed by Radio Technical Commission for Aeronautics (RTCA)
Page 18 of 18
As a result of the increasing importance of IT in our everyday lives the development of reliable effective information systems had become an area of mounting public concern This concern had led to a debate whether the licensing if IT professionals would improve information system Proponents argue that licensing would strongly encouraged IT professionals to follow the highest standards of the profession and practice a code of ethics and that licensing would allow violators to be punished Issues Associated with Governing Licensing of IT Professionals There are very few international or national licensing programs for IT professionals for many reasons 1) There is no universally accepted core body of knowledge 2) It is unclear who should manage the content and administration of licensing exams 3) There is no administrative body to accredit professional education programs 4) There is no administrative body to assess and ensure competence of individual professionals
13 Common Ethical Issues for IT Users IT Professional Malpractice
bull Negligence has been defined as not doing something that a reasonable man would do or doing something that a reasonable man would not do
bull Duty of care refers to the obligation to protect people against any unreasonable harm or risk bull Courts consistently reject attempts to sue individual parties for computer-related malpracticebull Employeesrsquo ethical use of IT is an area of growing concern
Common Ethical Issues for IT Usersbull Software piracybull Inappropriate use of computing resourcesbull Inappropriate sharing of information
ndash Private datandash Confidential information
Software Piracy IT Users are the ones who committed software piracy A common violation occurs when employees copy software from their work computers for use at home It is still called as piracy if they had not paid for it Inappropriate Use of Computing Resources Some employees use their computers to brows some of the popular websites that have nothing to do with their jobs These activities eat away at worker productivity and waste time Inappropriate Sharing of Information Every organization stores vast amount of information that can be classified as either private or confidential An IT User who shares this information with unauthorized party has violated someonersquos privacy Example if an IT users sawrsquos his coworkers salary records and shares it with another then it would be a clear violation of the workerrsquos privacy 2 Supporting the Ethical practices of IT Users
bull Policies that protect against abusesndash Establish boundaries of acceptable and unacceptable behaviour ndash Enable management to punish violators
bull Policy components includendash Defining and limiting the appropriate use of IT resourcesndash Establishing guidelines for use of company softwarendash Structuring information systems to protect data and informationndash Installing and maintaining a corporate firewall
The growing use of IT has increased Ethical problems so many organizations are planning to develop certain policies that protect against these problems Although no policy can stop wrongdoers it can set responsibilities on IT users and enable management to punish violators
Page 11 of 18
The following actions when creating an IT usage policy Defining and limiting the appropriate use of IT Resources Companies must develop communicate and enforce written guidelines that encourage employees to respect corporate IT resources and use them to enhance their job performance Effective guidelines prohibit employees from visiting objectionable internet sites or using company e-mail to send offensive or harassing messages Establishing guidelines for use of company software Company IT managers must provide clear rules that govern the use of home computers and associated software Some companies negotiate contracts with software manufacturers and provide PCs and software so that IT users can work at home Other companies help employeersquos bye hardware and software at corporate discount rates The goal should be to ensure that employees have legal copies of all the software they need Structuring Information systems to protect Data and Information Organizations must implement system and procedures that limit data access to employee who need it Example in Banks a teller should be able to see the account details of customers but a payroll employee doesnrsquot have any need to see the customer details as he is dealing with bank employee details Installing and maintaining a corporate firewall A firewall is a hardware or software device that serves as a barrier between a company and outside world and limits access to unwanted sites from internet The firewall can be configured to serve as an effective factor to unauthorized web surfing CONCLUSION
bull A professional from a legal standpointndash Has passed the state licensing requirements ndash Has earned the right to practice there
bull IT professionals have many different relationshipsndash Each with its own set of ethical issues and potential problems
bull Professional code of ethics ndash States the principles and core values essential to the work of an occupational group
bull Licensing and certification of IT professionalsndash Many people feel that certification will increase the reliability and effectiveness of information
systemsndash Raises many issues
bull IT-related professional organizations have developed a code of ethicsNotes helpful in examination point of viewhellip
Unit ndash III PRIVACY Introduction The use of Information technology in business has made information about people to be gathered stored analysed and reported just by one swipe of a credit or debit card This information is used to know the consumers purchasing habits and financial conditions Organizations make use of various marketing strategies to target the potential buyers This is against the privacy of an individual But on the other hand organizations need the information about their customers to serve them better so there should be a balance between those who gather and use the information against the rights of privacyWhat is PrivacyPrivacy words come from lsquolatinrsquo word ldquorivatesrdquo(separated from the rest) it can be broadly defined as the right to be left alone Privacy may be defined as the claim of individuals groups or institutions to determine when how and to what extent information about them is communicated to othersLegal concept of privacyRight of privacy Privacy is the right of any individual to control the collection and use of information about themselves Privacy has the following four aspects
Page 12 of 18
Protection from unreasonable intrusion upon onersquos isolation such as gathering of details about their web surfing habits etc
Protection from identity theft by inappropriate use of name or likeness Example like stealing of credit cards Social Security Number
Protection from unreasonable publicity of onersquos private life such as revealing condition of health Protection from unreasonable false information such as giving false information about a person in the
internet media etc What is AnonymityAnonymity means that the real author of a message is not shown or his identity is hiddenAnonymity can be implemented to make it impossible or very difficult to find out the real author of a message
Key Privacy and anonymity issues Government electronic surveillanceObserving or listening to persons places or activitiesmdashusually in a secretive or unobtrusive mannermdashwith the aid of electronic devices such as cameras microphones tape recorders or wire taps Four types of electronic surveillance are most prevalent bull Wire Tapping Wire Tapping intercepts telephone calls and telegraph messages by physically penetrating the wire circuitry Someone must actually ldquotaprdquo into telephone or telegraph wires to accomplish this type of surveillancebull Bugging Bugging is accomplished without the aid of telephone wires usually by placing a small microphone or other listening device in one location to transmit conversations to a nearby receiver and recorderbull Video Tapping
Video surveillance is performed by conspicuous or hidden cameras that transmit and record visual images that may be watched simultaneously or reviewed later on tape
Web TappingLogging the IP addresses of users that access certain websites is commonly called ldquoweb tappingrdquo Data Encryptionbull Cryptography
o Science of encoding messages o Only sender and intended receiver can understand the messageso Key tool for ensuring confidentiality integrity authenticity of electronic messages and online
business transactionsbull Encryption
o Process of converting electronic messages into a form understood only by the intended recipients Encryption key It is the Variable value applied using an algorithm to encrypt or decrypt text
bull There are two types of Encryption keys used i) public Key ii) Private KeyPublic Key encryption
bull Public key encryption system uses two keys to encode and decode messagesbull Message receiverrsquos public key ndash readily available to all and anyone can use it to send a person encrypted
messagesbull Message receiverrsquos private key ndash kept secret only the receiver will know and the owner of the message will
use it to decode it to the original messagebull RSA ndash a public key encryption algorithm
Private key encryption system This system uses Single key to encode and decode messages
bull Identity Theft Identity theft occurs when someone steals key pieces of personal information to gain access to a personrsquos financial accounts
bull Information includes
Page 13 of 18
Name Address Date of birth Social Security number Passport number Driverrsquos license number Motherrsquos maiden name
bull Fastest growing form of fraud in the United Statesbull Lack of initiative in informing people whose data was stolenPhishing
o Attempt to steal personal identity data o By tricking users into entering information on a counterfeit Web siteo phishing ndash a variation in which employees are sent phony e-mails that look like they came from
high-level executives within their organization bull Spyware
o Keystroke-logging softwareo Gets automatically downloaded to users computer without hishers knowledgeo Creates a record of keystrokes entered in the systemo Enables the capture of
Account usernames Passwords Credit card numbers Other sensitive information
o Operates even if an infected computer is not connected to the Internet
Consumer Profilingbull Companies openly collect personal information about internet users when they register at Web sites
complete surveys fill out forms or enter contests onlinebull Many companies also obtain information about Web surfers through the use of cookies Cookies are the
text files that a website puts on a userrsquos hard drive so that it can remember the information laterbull Companies also use tracking software to allow their Web sites to analyze browsing habits and deduce
personal interests and preferencesbull Databases contain huge amount of consumer behavioral data
Types of data collected while surfing the web surfing details etc and send it to advertising companies Three Types of data is collected using Cookies a method used to collect information from the useri) Get data sites visited by customerExample That the consumer visited an affiliated book site and requested information about the latest Dean Koontz book ii) Post data Data given entered by customerExample POST data is entered into blank fields on an affiliated Web page when a consumer signs up for a service such as the Travelocity service that sends an e-mail when airplane fares change for flights to favorite destinations iii) Click-stream data Keeping track of all what the user viewed and sought
bull Four ways to limit or even stop the deposit of cookies on hard drives Set the browser to limit or stop cookies Manually delete them from the hard drive Download and install a cookie-management program Use anonymous browsing programs that donrsquot accept cookies
Treating consumer Data Responsibly
Page 14 of 18
When dealing with consumer data it is required to avoid problems by taking consent from the consumer before using details for marketing or for research It can be done by appointing a Chief Privacy Officer(CPO) who has the power to stop illegal use of consumer data Work Place Monitoring
The employers have the right to monitor your activities in many situations at work place major Monitoring includes
Recording CCTV cameras Opening mail or e-mail Check phone logs or recording of phone calls Videoing outside the workplace Checking the logs of website visited Some companies even do random drug test on their employees
Spamming Transmission of the same e-mail message to a large number of people Extremely inexpensive method of marketing Used by many legitimate organizations Can contain unwanted and objectionable materials
Example Some companies might send e-mail to customers to announce the release of their new product in an attempt to increase initial sales
Advanced surveillance technologyCamera surveillance camerarsquos fixed to stop illegal activities by finding people who act suspiciously i) Facial recognition software can be used to identify criminals and terroristsii) GPS(Global Positioning chips) can be placed in devices like cell phones to locate
Users
Unit IV -SOFTWARE DEVELOPMENTObjectivesWhy do companies require high-quality software in business systems industrial process control systems and consumer productsWhat ethical issues do software manufacturers face in making tradeoffs between project schedules project costs and software quality
Need for high quality software systems High quality sw systems are easy to learn and easy to use They efficiently meet the userrsquos needs They are dependable It is highly ethical for Software engineers to develop quality softwaresImpact of Quality SoftwareA software defect is an error which can cause software systems to halt without meeting the users need Software error has to be detected and removedSoftware errors can have minor or major consequencesbull Software in dryer may cause clothes not being dried enough- Minor can be toleratedbull Software in X-ray scanner may overexpose patient to powerful X-rays ndash major cannot accept as it is deadlyHigh-quality software systemsbull operate safely and dependablybull have a high degree of availabilitybull required to support the fields of- air traffic control- nuclear power- automobile safety- health care- military and defense
Page 15 of 18
- space explorationKey Issues in Software DevelopmentEthical decisions involve
Quality Management which defines the measure of quality in the development processbull tradeoff between quality and other factors such as ease of use time to market and development costsbull some managers may have a short-term profit-oriented viewbull others may prefer the more ethical view of delivering high-quality softwarebull need to also review legal implications of software errorsLiabilityResponsibilitySoftware product liabilitybull accidents due to software errors may result in lawsuits and punitive damagesbull liability is commonly referred to as product liabilitybull there is no federal liability law software liability falls under common lawbull strict liabilty means manufacturer is responsible for regardless of negligence or intent 1048774
but there are lines of defense against thisbull responsibilty may be limited to harmful defects that could have been detected through lsquoreasonablersquo software practicesbull there is also the concept of lsquocontributoryrsquo negligence (eg accidentally cut finger using nail clippers)bull warranty also protects consumer but may be hard to read
Reasons For Software Defects1) Inexperienced or quality-ignorant software coding
bull quality software evolves right from the startbull but few have the conscience to do it
2) Human errorbull programmers inject one defect for every 10 lines of codebull eg Windows XT 400 M lines of code even if 999 was cleanthere still would be 1 bug per 10000 lines of code 1048774 large softwarestill contains thousands of bugs
3) Time pressurebull competition requires fast delivery of the product with more featuresbull A patch is a fix for an software error Many think software errors can be patchedConsequences of a Software defectbull could cause a system to fail to meet usersrsquo needsbull impact may be trivial or very seriousbull even patches may contain (new) defects Software qualitybull degree to which software meets the needs of usersbull lsquotestingrsquo done by customersbull some avoid buying the first version
Strtegies for developing Quality SoftwareMore and more users are demanding high-quality softwareQuality Management measures the quality of software in the development process The objective is to deliver high quality software Various strategies are adopted
1 Following a properaccepted standard software development methodology2 Ensure Quality Assurance at each stage of software development3 Detecting an error early and fixing it early4 Testing the product before delivering it to the customer5 Document the various stages of software development to ensure quality
Quality Software Development Processi) Following a properaccepted standard software development methodology
Page 16 of 18
It is safe to follow a proper and accepted software development methodology where the software is developed in controlled and orderly way These methods are proven where negligence can be avoided
ii) Ensure software quality assurance It refers to methods in development cycle that guarantee reliable operation of the product Quality assurance is applied in each stage of the development cycle where standard methods are applied to ensure software quality
iii) Detecting an error early and fixing it early it is Safer and cheaper to avoid software problems at the beginning than to attempt to fix damages after the product is deliveredbull identify and remove errors early in the development process is a - cost-saving measure - 100 times less cost when bug is detected early before product roll-out
- most efficient way to improve software quality - bug effect (and its fix) may ripple through large pieces of the software iv) Testing This is one of the proven methods for quality assurance Types of Testing Dynamic testing software is developed in units called subroutines or programs These units are integrated to form a large system Each unit of code is tested with actual test data and compare results with expected results This is called dynamic testing bull Black-box testing - want code to demonstrate expected output behaviour for all input data in test Suite - tester has no knowledge and structure of code bull White-box testing (tester has knowledge of code) - testing all possible logic paths through the software unit - with thorough knowledge of the codersquos logic paths - make each program statement execute at least once - for example for program to calculate employee gross pay The test case would be for less than 40 hours and test case for more than 40 hours hellip to check calculations for overtime pay
Other Types of Testing Static testingbull static analyzers are run against the new code -bull looks for suspicious patterns in programs that might indicate a defectIntegration testingbull after successful unit testing bull software units are combined into an integrated subsystembull ensures that all linkages among various subsystems work SuccessfullySystem testingbull after successful integration testingbull various subsystems are combinedbull tests the entire system as a complete entityUser acceptance testingbull independent testingbull performed by trained end-usersbull ensures that the system operates as they expectSafety-Critical SystemsConsequences of software defects in certain systems can be deadly such systems are called Safety-critical systemsbull companies must take special precautions in developing Safety-critical system as failure may cause injury or deathbull examples- automobilersquos antilock brakes- nuclear power plant reactors- airplane navigation- roller coasters- elevators- medical devicesbull example bug in Therac-25 radiation therapy machine 1985-87- wrong sequence of menu selections caused large radiation dose to be delivered to the patient
Page 17 of 18
Key assumptionbull safety will not automatically result from following the organizationrsquos standard development methodologySoftware development measures for safety-critical systemsSafety-critical systems Must go through a more rigorous and time-consuming development process than other kinds of softwareAll tasks requirebull additional stepsbull more thorough documentationbull more checking and recheckingProject safety engineer takes care of safety of the machinesbull explicit responsibility for the systemrsquos safetybull uses a logging and monitoring system to track hazards from the projectrsquos start to finishHazard logbull used at each stage of the software development processbull assesses how it has accounted for detected hazardsSafety reviewsbull held throughout the development processRobust configuration management systembull tracks all safety-related documentationFormal documentation requiredbull including verification reviews and signaturesKey issuebull deciding when Quality Assurance staff has performed enough testing Riskbull probability of an undesirable event occurring times the magnitude of the eventrsquos consequences if it does happen bull consequences include- damage to property- loss of money- injury to people- deathQuality Management Standards
i) ISO 9000 standardbull guide to quality products services and managementbull organization must submit to an examination by an external assessorbull requirements- written procedures for everything it does- follow those procedures- prove to the auditor the organization fulfilled the first two requirementsii) Failure mode and effects analysis (FMEA)bull important technique to develop an ISO 9000 compliant systembull used to evaluate reliabilitybull determine the effect of system and equipment failuresbull goal identify potential design and process failures early in a project
ii) Failure mode and effects analysis (FMEA)bull Failure mode- describes how a product or process could failbull Effect- adverse consequence that a customer might experiencebull seldom is a one-to-one relationship between cause and effectQuality Management StandardsDO-178BEUROCCAE ED-128bull evaluation standard for the international aviation communitybull developed by Radio Technical Commission for Aeronautics (RTCA)
Page 18 of 18
The following actions when creating an IT usage policy Defining and limiting the appropriate use of IT Resources Companies must develop communicate and enforce written guidelines that encourage employees to respect corporate IT resources and use them to enhance their job performance Effective guidelines prohibit employees from visiting objectionable internet sites or using company e-mail to send offensive or harassing messages Establishing guidelines for use of company software Company IT managers must provide clear rules that govern the use of home computers and associated software Some companies negotiate contracts with software manufacturers and provide PCs and software so that IT users can work at home Other companies help employeersquos bye hardware and software at corporate discount rates The goal should be to ensure that employees have legal copies of all the software they need Structuring Information systems to protect Data and Information Organizations must implement system and procedures that limit data access to employee who need it Example in Banks a teller should be able to see the account details of customers but a payroll employee doesnrsquot have any need to see the customer details as he is dealing with bank employee details Installing and maintaining a corporate firewall A firewall is a hardware or software device that serves as a barrier between a company and outside world and limits access to unwanted sites from internet The firewall can be configured to serve as an effective factor to unauthorized web surfing CONCLUSION
bull A professional from a legal standpointndash Has passed the state licensing requirements ndash Has earned the right to practice there
bull IT professionals have many different relationshipsndash Each with its own set of ethical issues and potential problems
bull Professional code of ethics ndash States the principles and core values essential to the work of an occupational group
bull Licensing and certification of IT professionalsndash Many people feel that certification will increase the reliability and effectiveness of information
systemsndash Raises many issues
bull IT-related professional organizations have developed a code of ethicsNotes helpful in examination point of viewhellip
Unit ndash III PRIVACY Introduction The use of Information technology in business has made information about people to be gathered stored analysed and reported just by one swipe of a credit or debit card This information is used to know the consumers purchasing habits and financial conditions Organizations make use of various marketing strategies to target the potential buyers This is against the privacy of an individual But on the other hand organizations need the information about their customers to serve them better so there should be a balance between those who gather and use the information against the rights of privacyWhat is PrivacyPrivacy words come from lsquolatinrsquo word ldquorivatesrdquo(separated from the rest) it can be broadly defined as the right to be left alone Privacy may be defined as the claim of individuals groups or institutions to determine when how and to what extent information about them is communicated to othersLegal concept of privacyRight of privacy Privacy is the right of any individual to control the collection and use of information about themselves Privacy has the following four aspects
Page 12 of 18
Protection from unreasonable intrusion upon onersquos isolation such as gathering of details about their web surfing habits etc
Protection from identity theft by inappropriate use of name or likeness Example like stealing of credit cards Social Security Number
Protection from unreasonable publicity of onersquos private life such as revealing condition of health Protection from unreasonable false information such as giving false information about a person in the
internet media etc What is AnonymityAnonymity means that the real author of a message is not shown or his identity is hiddenAnonymity can be implemented to make it impossible or very difficult to find out the real author of a message
Key Privacy and anonymity issues Government electronic surveillanceObserving or listening to persons places or activitiesmdashusually in a secretive or unobtrusive mannermdashwith the aid of electronic devices such as cameras microphones tape recorders or wire taps Four types of electronic surveillance are most prevalent bull Wire Tapping Wire Tapping intercepts telephone calls and telegraph messages by physically penetrating the wire circuitry Someone must actually ldquotaprdquo into telephone or telegraph wires to accomplish this type of surveillancebull Bugging Bugging is accomplished without the aid of telephone wires usually by placing a small microphone or other listening device in one location to transmit conversations to a nearby receiver and recorderbull Video Tapping
Video surveillance is performed by conspicuous or hidden cameras that transmit and record visual images that may be watched simultaneously or reviewed later on tape
Web TappingLogging the IP addresses of users that access certain websites is commonly called ldquoweb tappingrdquo Data Encryptionbull Cryptography
o Science of encoding messages o Only sender and intended receiver can understand the messageso Key tool for ensuring confidentiality integrity authenticity of electronic messages and online
business transactionsbull Encryption
o Process of converting electronic messages into a form understood only by the intended recipients Encryption key It is the Variable value applied using an algorithm to encrypt or decrypt text
bull There are two types of Encryption keys used i) public Key ii) Private KeyPublic Key encryption
bull Public key encryption system uses two keys to encode and decode messagesbull Message receiverrsquos public key ndash readily available to all and anyone can use it to send a person encrypted
messagesbull Message receiverrsquos private key ndash kept secret only the receiver will know and the owner of the message will
use it to decode it to the original messagebull RSA ndash a public key encryption algorithm
Private key encryption system This system uses Single key to encode and decode messages
bull Identity Theft Identity theft occurs when someone steals key pieces of personal information to gain access to a personrsquos financial accounts
bull Information includes
Page 13 of 18
Name Address Date of birth Social Security number Passport number Driverrsquos license number Motherrsquos maiden name
bull Fastest growing form of fraud in the United Statesbull Lack of initiative in informing people whose data was stolenPhishing
o Attempt to steal personal identity data o By tricking users into entering information on a counterfeit Web siteo phishing ndash a variation in which employees are sent phony e-mails that look like they came from
high-level executives within their organization bull Spyware
o Keystroke-logging softwareo Gets automatically downloaded to users computer without hishers knowledgeo Creates a record of keystrokes entered in the systemo Enables the capture of
Account usernames Passwords Credit card numbers Other sensitive information
o Operates even if an infected computer is not connected to the Internet
Consumer Profilingbull Companies openly collect personal information about internet users when they register at Web sites
complete surveys fill out forms or enter contests onlinebull Many companies also obtain information about Web surfers through the use of cookies Cookies are the
text files that a website puts on a userrsquos hard drive so that it can remember the information laterbull Companies also use tracking software to allow their Web sites to analyze browsing habits and deduce
personal interests and preferencesbull Databases contain huge amount of consumer behavioral data
Types of data collected while surfing the web surfing details etc and send it to advertising companies Three Types of data is collected using Cookies a method used to collect information from the useri) Get data sites visited by customerExample That the consumer visited an affiliated book site and requested information about the latest Dean Koontz book ii) Post data Data given entered by customerExample POST data is entered into blank fields on an affiliated Web page when a consumer signs up for a service such as the Travelocity service that sends an e-mail when airplane fares change for flights to favorite destinations iii) Click-stream data Keeping track of all what the user viewed and sought
bull Four ways to limit or even stop the deposit of cookies on hard drives Set the browser to limit or stop cookies Manually delete them from the hard drive Download and install a cookie-management program Use anonymous browsing programs that donrsquot accept cookies
Treating consumer Data Responsibly
Page 14 of 18
When dealing with consumer data it is required to avoid problems by taking consent from the consumer before using details for marketing or for research It can be done by appointing a Chief Privacy Officer(CPO) who has the power to stop illegal use of consumer data Work Place Monitoring
The employers have the right to monitor your activities in many situations at work place major Monitoring includes
Recording CCTV cameras Opening mail or e-mail Check phone logs or recording of phone calls Videoing outside the workplace Checking the logs of website visited Some companies even do random drug test on their employees
Spamming Transmission of the same e-mail message to a large number of people Extremely inexpensive method of marketing Used by many legitimate organizations Can contain unwanted and objectionable materials
Example Some companies might send e-mail to customers to announce the release of their new product in an attempt to increase initial sales
Advanced surveillance technologyCamera surveillance camerarsquos fixed to stop illegal activities by finding people who act suspiciously i) Facial recognition software can be used to identify criminals and terroristsii) GPS(Global Positioning chips) can be placed in devices like cell phones to locate
Users
Unit IV -SOFTWARE DEVELOPMENTObjectivesWhy do companies require high-quality software in business systems industrial process control systems and consumer productsWhat ethical issues do software manufacturers face in making tradeoffs between project schedules project costs and software quality
Need for high quality software systems High quality sw systems are easy to learn and easy to use They efficiently meet the userrsquos needs They are dependable It is highly ethical for Software engineers to develop quality softwaresImpact of Quality SoftwareA software defect is an error which can cause software systems to halt without meeting the users need Software error has to be detected and removedSoftware errors can have minor or major consequencesbull Software in dryer may cause clothes not being dried enough- Minor can be toleratedbull Software in X-ray scanner may overexpose patient to powerful X-rays ndash major cannot accept as it is deadlyHigh-quality software systemsbull operate safely and dependablybull have a high degree of availabilitybull required to support the fields of- air traffic control- nuclear power- automobile safety- health care- military and defense
Page 15 of 18
- space explorationKey Issues in Software DevelopmentEthical decisions involve
Quality Management which defines the measure of quality in the development processbull tradeoff between quality and other factors such as ease of use time to market and development costsbull some managers may have a short-term profit-oriented viewbull others may prefer the more ethical view of delivering high-quality softwarebull need to also review legal implications of software errorsLiabilityResponsibilitySoftware product liabilitybull accidents due to software errors may result in lawsuits and punitive damagesbull liability is commonly referred to as product liabilitybull there is no federal liability law software liability falls under common lawbull strict liabilty means manufacturer is responsible for regardless of negligence or intent 1048774
but there are lines of defense against thisbull responsibilty may be limited to harmful defects that could have been detected through lsquoreasonablersquo software practicesbull there is also the concept of lsquocontributoryrsquo negligence (eg accidentally cut finger using nail clippers)bull warranty also protects consumer but may be hard to read
Reasons For Software Defects1) Inexperienced or quality-ignorant software coding
bull quality software evolves right from the startbull but few have the conscience to do it
2) Human errorbull programmers inject one defect for every 10 lines of codebull eg Windows XT 400 M lines of code even if 999 was cleanthere still would be 1 bug per 10000 lines of code 1048774 large softwarestill contains thousands of bugs
3) Time pressurebull competition requires fast delivery of the product with more featuresbull A patch is a fix for an software error Many think software errors can be patchedConsequences of a Software defectbull could cause a system to fail to meet usersrsquo needsbull impact may be trivial or very seriousbull even patches may contain (new) defects Software qualitybull degree to which software meets the needs of usersbull lsquotestingrsquo done by customersbull some avoid buying the first version
Strtegies for developing Quality SoftwareMore and more users are demanding high-quality softwareQuality Management measures the quality of software in the development process The objective is to deliver high quality software Various strategies are adopted
1 Following a properaccepted standard software development methodology2 Ensure Quality Assurance at each stage of software development3 Detecting an error early and fixing it early4 Testing the product before delivering it to the customer5 Document the various stages of software development to ensure quality
Quality Software Development Processi) Following a properaccepted standard software development methodology
Page 16 of 18
It is safe to follow a proper and accepted software development methodology where the software is developed in controlled and orderly way These methods are proven where negligence can be avoided
ii) Ensure software quality assurance It refers to methods in development cycle that guarantee reliable operation of the product Quality assurance is applied in each stage of the development cycle where standard methods are applied to ensure software quality
iii) Detecting an error early and fixing it early it is Safer and cheaper to avoid software problems at the beginning than to attempt to fix damages after the product is deliveredbull identify and remove errors early in the development process is a - cost-saving measure - 100 times less cost when bug is detected early before product roll-out
- most efficient way to improve software quality - bug effect (and its fix) may ripple through large pieces of the software iv) Testing This is one of the proven methods for quality assurance Types of Testing Dynamic testing software is developed in units called subroutines or programs These units are integrated to form a large system Each unit of code is tested with actual test data and compare results with expected results This is called dynamic testing bull Black-box testing - want code to demonstrate expected output behaviour for all input data in test Suite - tester has no knowledge and structure of code bull White-box testing (tester has knowledge of code) - testing all possible logic paths through the software unit - with thorough knowledge of the codersquos logic paths - make each program statement execute at least once - for example for program to calculate employee gross pay The test case would be for less than 40 hours and test case for more than 40 hours hellip to check calculations for overtime pay
Other Types of Testing Static testingbull static analyzers are run against the new code -bull looks for suspicious patterns in programs that might indicate a defectIntegration testingbull after successful unit testing bull software units are combined into an integrated subsystembull ensures that all linkages among various subsystems work SuccessfullySystem testingbull after successful integration testingbull various subsystems are combinedbull tests the entire system as a complete entityUser acceptance testingbull independent testingbull performed by trained end-usersbull ensures that the system operates as they expectSafety-Critical SystemsConsequences of software defects in certain systems can be deadly such systems are called Safety-critical systemsbull companies must take special precautions in developing Safety-critical system as failure may cause injury or deathbull examples- automobilersquos antilock brakes- nuclear power plant reactors- airplane navigation- roller coasters- elevators- medical devicesbull example bug in Therac-25 radiation therapy machine 1985-87- wrong sequence of menu selections caused large radiation dose to be delivered to the patient
Page 17 of 18
Key assumptionbull safety will not automatically result from following the organizationrsquos standard development methodologySoftware development measures for safety-critical systemsSafety-critical systems Must go through a more rigorous and time-consuming development process than other kinds of softwareAll tasks requirebull additional stepsbull more thorough documentationbull more checking and recheckingProject safety engineer takes care of safety of the machinesbull explicit responsibility for the systemrsquos safetybull uses a logging and monitoring system to track hazards from the projectrsquos start to finishHazard logbull used at each stage of the software development processbull assesses how it has accounted for detected hazardsSafety reviewsbull held throughout the development processRobust configuration management systembull tracks all safety-related documentationFormal documentation requiredbull including verification reviews and signaturesKey issuebull deciding when Quality Assurance staff has performed enough testing Riskbull probability of an undesirable event occurring times the magnitude of the eventrsquos consequences if it does happen bull consequences include- damage to property- loss of money- injury to people- deathQuality Management Standards
i) ISO 9000 standardbull guide to quality products services and managementbull organization must submit to an examination by an external assessorbull requirements- written procedures for everything it does- follow those procedures- prove to the auditor the organization fulfilled the first two requirementsii) Failure mode and effects analysis (FMEA)bull important technique to develop an ISO 9000 compliant systembull used to evaluate reliabilitybull determine the effect of system and equipment failuresbull goal identify potential design and process failures early in a project
ii) Failure mode and effects analysis (FMEA)bull Failure mode- describes how a product or process could failbull Effect- adverse consequence that a customer might experiencebull seldom is a one-to-one relationship between cause and effectQuality Management StandardsDO-178BEUROCCAE ED-128bull evaluation standard for the international aviation communitybull developed by Radio Technical Commission for Aeronautics (RTCA)
Page 18 of 18
Protection from unreasonable intrusion upon onersquos isolation such as gathering of details about their web surfing habits etc
Protection from identity theft by inappropriate use of name or likeness Example like stealing of credit cards Social Security Number
Protection from unreasonable publicity of onersquos private life such as revealing condition of health Protection from unreasonable false information such as giving false information about a person in the
internet media etc What is AnonymityAnonymity means that the real author of a message is not shown or his identity is hiddenAnonymity can be implemented to make it impossible or very difficult to find out the real author of a message
Key Privacy and anonymity issues Government electronic surveillanceObserving or listening to persons places or activitiesmdashusually in a secretive or unobtrusive mannermdashwith the aid of electronic devices such as cameras microphones tape recorders or wire taps Four types of electronic surveillance are most prevalent bull Wire Tapping Wire Tapping intercepts telephone calls and telegraph messages by physically penetrating the wire circuitry Someone must actually ldquotaprdquo into telephone or telegraph wires to accomplish this type of surveillancebull Bugging Bugging is accomplished without the aid of telephone wires usually by placing a small microphone or other listening device in one location to transmit conversations to a nearby receiver and recorderbull Video Tapping
Video surveillance is performed by conspicuous or hidden cameras that transmit and record visual images that may be watched simultaneously or reviewed later on tape
Web TappingLogging the IP addresses of users that access certain websites is commonly called ldquoweb tappingrdquo Data Encryptionbull Cryptography
o Science of encoding messages o Only sender and intended receiver can understand the messageso Key tool for ensuring confidentiality integrity authenticity of electronic messages and online
business transactionsbull Encryption
o Process of converting electronic messages into a form understood only by the intended recipients Encryption key It is the Variable value applied using an algorithm to encrypt or decrypt text
bull There are two types of Encryption keys used i) public Key ii) Private KeyPublic Key encryption
bull Public key encryption system uses two keys to encode and decode messagesbull Message receiverrsquos public key ndash readily available to all and anyone can use it to send a person encrypted
messagesbull Message receiverrsquos private key ndash kept secret only the receiver will know and the owner of the message will
use it to decode it to the original messagebull RSA ndash a public key encryption algorithm
Private key encryption system This system uses Single key to encode and decode messages
bull Identity Theft Identity theft occurs when someone steals key pieces of personal information to gain access to a personrsquos financial accounts
bull Information includes
Page 13 of 18
Name Address Date of birth Social Security number Passport number Driverrsquos license number Motherrsquos maiden name
bull Fastest growing form of fraud in the United Statesbull Lack of initiative in informing people whose data was stolenPhishing
o Attempt to steal personal identity data o By tricking users into entering information on a counterfeit Web siteo phishing ndash a variation in which employees are sent phony e-mails that look like they came from
high-level executives within their organization bull Spyware
o Keystroke-logging softwareo Gets automatically downloaded to users computer without hishers knowledgeo Creates a record of keystrokes entered in the systemo Enables the capture of
Account usernames Passwords Credit card numbers Other sensitive information
o Operates even if an infected computer is not connected to the Internet
Consumer Profilingbull Companies openly collect personal information about internet users when they register at Web sites
complete surveys fill out forms or enter contests onlinebull Many companies also obtain information about Web surfers through the use of cookies Cookies are the
text files that a website puts on a userrsquos hard drive so that it can remember the information laterbull Companies also use tracking software to allow their Web sites to analyze browsing habits and deduce
personal interests and preferencesbull Databases contain huge amount of consumer behavioral data
Types of data collected while surfing the web surfing details etc and send it to advertising companies Three Types of data is collected using Cookies a method used to collect information from the useri) Get data sites visited by customerExample That the consumer visited an affiliated book site and requested information about the latest Dean Koontz book ii) Post data Data given entered by customerExample POST data is entered into blank fields on an affiliated Web page when a consumer signs up for a service such as the Travelocity service that sends an e-mail when airplane fares change for flights to favorite destinations iii) Click-stream data Keeping track of all what the user viewed and sought
bull Four ways to limit or even stop the deposit of cookies on hard drives Set the browser to limit or stop cookies Manually delete them from the hard drive Download and install a cookie-management program Use anonymous browsing programs that donrsquot accept cookies
Treating consumer Data Responsibly
Page 14 of 18
When dealing with consumer data it is required to avoid problems by taking consent from the consumer before using details for marketing or for research It can be done by appointing a Chief Privacy Officer(CPO) who has the power to stop illegal use of consumer data Work Place Monitoring
The employers have the right to monitor your activities in many situations at work place major Monitoring includes
Recording CCTV cameras Opening mail or e-mail Check phone logs or recording of phone calls Videoing outside the workplace Checking the logs of website visited Some companies even do random drug test on their employees
Spamming Transmission of the same e-mail message to a large number of people Extremely inexpensive method of marketing Used by many legitimate organizations Can contain unwanted and objectionable materials
Example Some companies might send e-mail to customers to announce the release of their new product in an attempt to increase initial sales
Advanced surveillance technologyCamera surveillance camerarsquos fixed to stop illegal activities by finding people who act suspiciously i) Facial recognition software can be used to identify criminals and terroristsii) GPS(Global Positioning chips) can be placed in devices like cell phones to locate
Users
Unit IV -SOFTWARE DEVELOPMENTObjectivesWhy do companies require high-quality software in business systems industrial process control systems and consumer productsWhat ethical issues do software manufacturers face in making tradeoffs between project schedules project costs and software quality
Need for high quality software systems High quality sw systems are easy to learn and easy to use They efficiently meet the userrsquos needs They are dependable It is highly ethical for Software engineers to develop quality softwaresImpact of Quality SoftwareA software defect is an error which can cause software systems to halt without meeting the users need Software error has to be detected and removedSoftware errors can have minor or major consequencesbull Software in dryer may cause clothes not being dried enough- Minor can be toleratedbull Software in X-ray scanner may overexpose patient to powerful X-rays ndash major cannot accept as it is deadlyHigh-quality software systemsbull operate safely and dependablybull have a high degree of availabilitybull required to support the fields of- air traffic control- nuclear power- automobile safety- health care- military and defense
Page 15 of 18
- space explorationKey Issues in Software DevelopmentEthical decisions involve
Quality Management which defines the measure of quality in the development processbull tradeoff between quality and other factors such as ease of use time to market and development costsbull some managers may have a short-term profit-oriented viewbull others may prefer the more ethical view of delivering high-quality softwarebull need to also review legal implications of software errorsLiabilityResponsibilitySoftware product liabilitybull accidents due to software errors may result in lawsuits and punitive damagesbull liability is commonly referred to as product liabilitybull there is no federal liability law software liability falls under common lawbull strict liabilty means manufacturer is responsible for regardless of negligence or intent 1048774
but there are lines of defense against thisbull responsibilty may be limited to harmful defects that could have been detected through lsquoreasonablersquo software practicesbull there is also the concept of lsquocontributoryrsquo negligence (eg accidentally cut finger using nail clippers)bull warranty also protects consumer but may be hard to read
Reasons For Software Defects1) Inexperienced or quality-ignorant software coding
bull quality software evolves right from the startbull but few have the conscience to do it
2) Human errorbull programmers inject one defect for every 10 lines of codebull eg Windows XT 400 M lines of code even if 999 was cleanthere still would be 1 bug per 10000 lines of code 1048774 large softwarestill contains thousands of bugs
3) Time pressurebull competition requires fast delivery of the product with more featuresbull A patch is a fix for an software error Many think software errors can be patchedConsequences of a Software defectbull could cause a system to fail to meet usersrsquo needsbull impact may be trivial or very seriousbull even patches may contain (new) defects Software qualitybull degree to which software meets the needs of usersbull lsquotestingrsquo done by customersbull some avoid buying the first version
Strtegies for developing Quality SoftwareMore and more users are demanding high-quality softwareQuality Management measures the quality of software in the development process The objective is to deliver high quality software Various strategies are adopted
1 Following a properaccepted standard software development methodology2 Ensure Quality Assurance at each stage of software development3 Detecting an error early and fixing it early4 Testing the product before delivering it to the customer5 Document the various stages of software development to ensure quality
Quality Software Development Processi) Following a properaccepted standard software development methodology
Page 16 of 18
It is safe to follow a proper and accepted software development methodology where the software is developed in controlled and orderly way These methods are proven where negligence can be avoided
ii) Ensure software quality assurance It refers to methods in development cycle that guarantee reliable operation of the product Quality assurance is applied in each stage of the development cycle where standard methods are applied to ensure software quality
iii) Detecting an error early and fixing it early it is Safer and cheaper to avoid software problems at the beginning than to attempt to fix damages after the product is deliveredbull identify and remove errors early in the development process is a - cost-saving measure - 100 times less cost when bug is detected early before product roll-out
- most efficient way to improve software quality - bug effect (and its fix) may ripple through large pieces of the software iv) Testing This is one of the proven methods for quality assurance Types of Testing Dynamic testing software is developed in units called subroutines or programs These units are integrated to form a large system Each unit of code is tested with actual test data and compare results with expected results This is called dynamic testing bull Black-box testing - want code to demonstrate expected output behaviour for all input data in test Suite - tester has no knowledge and structure of code bull White-box testing (tester has knowledge of code) - testing all possible logic paths through the software unit - with thorough knowledge of the codersquos logic paths - make each program statement execute at least once - for example for program to calculate employee gross pay The test case would be for less than 40 hours and test case for more than 40 hours hellip to check calculations for overtime pay
Other Types of Testing Static testingbull static analyzers are run against the new code -bull looks for suspicious patterns in programs that might indicate a defectIntegration testingbull after successful unit testing bull software units are combined into an integrated subsystembull ensures that all linkages among various subsystems work SuccessfullySystem testingbull after successful integration testingbull various subsystems are combinedbull tests the entire system as a complete entityUser acceptance testingbull independent testingbull performed by trained end-usersbull ensures that the system operates as they expectSafety-Critical SystemsConsequences of software defects in certain systems can be deadly such systems are called Safety-critical systemsbull companies must take special precautions in developing Safety-critical system as failure may cause injury or deathbull examples- automobilersquos antilock brakes- nuclear power plant reactors- airplane navigation- roller coasters- elevators- medical devicesbull example bug in Therac-25 radiation therapy machine 1985-87- wrong sequence of menu selections caused large radiation dose to be delivered to the patient
Page 17 of 18
Key assumptionbull safety will not automatically result from following the organizationrsquos standard development methodologySoftware development measures for safety-critical systemsSafety-critical systems Must go through a more rigorous and time-consuming development process than other kinds of softwareAll tasks requirebull additional stepsbull more thorough documentationbull more checking and recheckingProject safety engineer takes care of safety of the machinesbull explicit responsibility for the systemrsquos safetybull uses a logging and monitoring system to track hazards from the projectrsquos start to finishHazard logbull used at each stage of the software development processbull assesses how it has accounted for detected hazardsSafety reviewsbull held throughout the development processRobust configuration management systembull tracks all safety-related documentationFormal documentation requiredbull including verification reviews and signaturesKey issuebull deciding when Quality Assurance staff has performed enough testing Riskbull probability of an undesirable event occurring times the magnitude of the eventrsquos consequences if it does happen bull consequences include- damage to property- loss of money- injury to people- deathQuality Management Standards
i) ISO 9000 standardbull guide to quality products services and managementbull organization must submit to an examination by an external assessorbull requirements- written procedures for everything it does- follow those procedures- prove to the auditor the organization fulfilled the first two requirementsii) Failure mode and effects analysis (FMEA)bull important technique to develop an ISO 9000 compliant systembull used to evaluate reliabilitybull determine the effect of system and equipment failuresbull goal identify potential design and process failures early in a project
ii) Failure mode and effects analysis (FMEA)bull Failure mode- describes how a product or process could failbull Effect- adverse consequence that a customer might experiencebull seldom is a one-to-one relationship between cause and effectQuality Management StandardsDO-178BEUROCCAE ED-128bull evaluation standard for the international aviation communitybull developed by Radio Technical Commission for Aeronautics (RTCA)
Page 18 of 18
Name Address Date of birth Social Security number Passport number Driverrsquos license number Motherrsquos maiden name
bull Fastest growing form of fraud in the United Statesbull Lack of initiative in informing people whose data was stolenPhishing
o Attempt to steal personal identity data o By tricking users into entering information on a counterfeit Web siteo phishing ndash a variation in which employees are sent phony e-mails that look like they came from
high-level executives within their organization bull Spyware
o Keystroke-logging softwareo Gets automatically downloaded to users computer without hishers knowledgeo Creates a record of keystrokes entered in the systemo Enables the capture of
Account usernames Passwords Credit card numbers Other sensitive information
o Operates even if an infected computer is not connected to the Internet
Consumer Profilingbull Companies openly collect personal information about internet users when they register at Web sites
complete surveys fill out forms or enter contests onlinebull Many companies also obtain information about Web surfers through the use of cookies Cookies are the
text files that a website puts on a userrsquos hard drive so that it can remember the information laterbull Companies also use tracking software to allow their Web sites to analyze browsing habits and deduce
personal interests and preferencesbull Databases contain huge amount of consumer behavioral data
Types of data collected while surfing the web surfing details etc and send it to advertising companies Three Types of data is collected using Cookies a method used to collect information from the useri) Get data sites visited by customerExample That the consumer visited an affiliated book site and requested information about the latest Dean Koontz book ii) Post data Data given entered by customerExample POST data is entered into blank fields on an affiliated Web page when a consumer signs up for a service such as the Travelocity service that sends an e-mail when airplane fares change for flights to favorite destinations iii) Click-stream data Keeping track of all what the user viewed and sought
bull Four ways to limit or even stop the deposit of cookies on hard drives Set the browser to limit or stop cookies Manually delete them from the hard drive Download and install a cookie-management program Use anonymous browsing programs that donrsquot accept cookies
Treating consumer Data Responsibly
Page 14 of 18
When dealing with consumer data it is required to avoid problems by taking consent from the consumer before using details for marketing or for research It can be done by appointing a Chief Privacy Officer(CPO) who has the power to stop illegal use of consumer data Work Place Monitoring
The employers have the right to monitor your activities in many situations at work place major Monitoring includes
Recording CCTV cameras Opening mail or e-mail Check phone logs or recording of phone calls Videoing outside the workplace Checking the logs of website visited Some companies even do random drug test on their employees
Spamming Transmission of the same e-mail message to a large number of people Extremely inexpensive method of marketing Used by many legitimate organizations Can contain unwanted and objectionable materials
Example Some companies might send e-mail to customers to announce the release of their new product in an attempt to increase initial sales
Advanced surveillance technologyCamera surveillance camerarsquos fixed to stop illegal activities by finding people who act suspiciously i) Facial recognition software can be used to identify criminals and terroristsii) GPS(Global Positioning chips) can be placed in devices like cell phones to locate
Users
Unit IV -SOFTWARE DEVELOPMENTObjectivesWhy do companies require high-quality software in business systems industrial process control systems and consumer productsWhat ethical issues do software manufacturers face in making tradeoffs between project schedules project costs and software quality
Need for high quality software systems High quality sw systems are easy to learn and easy to use They efficiently meet the userrsquos needs They are dependable It is highly ethical for Software engineers to develop quality softwaresImpact of Quality SoftwareA software defect is an error which can cause software systems to halt without meeting the users need Software error has to be detected and removedSoftware errors can have minor or major consequencesbull Software in dryer may cause clothes not being dried enough- Minor can be toleratedbull Software in X-ray scanner may overexpose patient to powerful X-rays ndash major cannot accept as it is deadlyHigh-quality software systemsbull operate safely and dependablybull have a high degree of availabilitybull required to support the fields of- air traffic control- nuclear power- automobile safety- health care- military and defense
Page 15 of 18
- space explorationKey Issues in Software DevelopmentEthical decisions involve
Quality Management which defines the measure of quality in the development processbull tradeoff between quality and other factors such as ease of use time to market and development costsbull some managers may have a short-term profit-oriented viewbull others may prefer the more ethical view of delivering high-quality softwarebull need to also review legal implications of software errorsLiabilityResponsibilitySoftware product liabilitybull accidents due to software errors may result in lawsuits and punitive damagesbull liability is commonly referred to as product liabilitybull there is no federal liability law software liability falls under common lawbull strict liabilty means manufacturer is responsible for regardless of negligence or intent 1048774
but there are lines of defense against thisbull responsibilty may be limited to harmful defects that could have been detected through lsquoreasonablersquo software practicesbull there is also the concept of lsquocontributoryrsquo negligence (eg accidentally cut finger using nail clippers)bull warranty also protects consumer but may be hard to read
Reasons For Software Defects1) Inexperienced or quality-ignorant software coding
bull quality software evolves right from the startbull but few have the conscience to do it
2) Human errorbull programmers inject one defect for every 10 lines of codebull eg Windows XT 400 M lines of code even if 999 was cleanthere still would be 1 bug per 10000 lines of code 1048774 large softwarestill contains thousands of bugs
3) Time pressurebull competition requires fast delivery of the product with more featuresbull A patch is a fix for an software error Many think software errors can be patchedConsequences of a Software defectbull could cause a system to fail to meet usersrsquo needsbull impact may be trivial or very seriousbull even patches may contain (new) defects Software qualitybull degree to which software meets the needs of usersbull lsquotestingrsquo done by customersbull some avoid buying the first version
Strtegies for developing Quality SoftwareMore and more users are demanding high-quality softwareQuality Management measures the quality of software in the development process The objective is to deliver high quality software Various strategies are adopted
1 Following a properaccepted standard software development methodology2 Ensure Quality Assurance at each stage of software development3 Detecting an error early and fixing it early4 Testing the product before delivering it to the customer5 Document the various stages of software development to ensure quality
Quality Software Development Processi) Following a properaccepted standard software development methodology
Page 16 of 18
It is safe to follow a proper and accepted software development methodology where the software is developed in controlled and orderly way These methods are proven where negligence can be avoided
ii) Ensure software quality assurance It refers to methods in development cycle that guarantee reliable operation of the product Quality assurance is applied in each stage of the development cycle where standard methods are applied to ensure software quality
iii) Detecting an error early and fixing it early it is Safer and cheaper to avoid software problems at the beginning than to attempt to fix damages after the product is deliveredbull identify and remove errors early in the development process is a - cost-saving measure - 100 times less cost when bug is detected early before product roll-out
- most efficient way to improve software quality - bug effect (and its fix) may ripple through large pieces of the software iv) Testing This is one of the proven methods for quality assurance Types of Testing Dynamic testing software is developed in units called subroutines or programs These units are integrated to form a large system Each unit of code is tested with actual test data and compare results with expected results This is called dynamic testing bull Black-box testing - want code to demonstrate expected output behaviour for all input data in test Suite - tester has no knowledge and structure of code bull White-box testing (tester has knowledge of code) - testing all possible logic paths through the software unit - with thorough knowledge of the codersquos logic paths - make each program statement execute at least once - for example for program to calculate employee gross pay The test case would be for less than 40 hours and test case for more than 40 hours hellip to check calculations for overtime pay
Other Types of Testing Static testingbull static analyzers are run against the new code -bull looks for suspicious patterns in programs that might indicate a defectIntegration testingbull after successful unit testing bull software units are combined into an integrated subsystembull ensures that all linkages among various subsystems work SuccessfullySystem testingbull after successful integration testingbull various subsystems are combinedbull tests the entire system as a complete entityUser acceptance testingbull independent testingbull performed by trained end-usersbull ensures that the system operates as they expectSafety-Critical SystemsConsequences of software defects in certain systems can be deadly such systems are called Safety-critical systemsbull companies must take special precautions in developing Safety-critical system as failure may cause injury or deathbull examples- automobilersquos antilock brakes- nuclear power plant reactors- airplane navigation- roller coasters- elevators- medical devicesbull example bug in Therac-25 radiation therapy machine 1985-87- wrong sequence of menu selections caused large radiation dose to be delivered to the patient
Page 17 of 18
Key assumptionbull safety will not automatically result from following the organizationrsquos standard development methodologySoftware development measures for safety-critical systemsSafety-critical systems Must go through a more rigorous and time-consuming development process than other kinds of softwareAll tasks requirebull additional stepsbull more thorough documentationbull more checking and recheckingProject safety engineer takes care of safety of the machinesbull explicit responsibility for the systemrsquos safetybull uses a logging and monitoring system to track hazards from the projectrsquos start to finishHazard logbull used at each stage of the software development processbull assesses how it has accounted for detected hazardsSafety reviewsbull held throughout the development processRobust configuration management systembull tracks all safety-related documentationFormal documentation requiredbull including verification reviews and signaturesKey issuebull deciding when Quality Assurance staff has performed enough testing Riskbull probability of an undesirable event occurring times the magnitude of the eventrsquos consequences if it does happen bull consequences include- damage to property- loss of money- injury to people- deathQuality Management Standards
i) ISO 9000 standardbull guide to quality products services and managementbull organization must submit to an examination by an external assessorbull requirements- written procedures for everything it does- follow those procedures- prove to the auditor the organization fulfilled the first two requirementsii) Failure mode and effects analysis (FMEA)bull important technique to develop an ISO 9000 compliant systembull used to evaluate reliabilitybull determine the effect of system and equipment failuresbull goal identify potential design and process failures early in a project
ii) Failure mode and effects analysis (FMEA)bull Failure mode- describes how a product or process could failbull Effect- adverse consequence that a customer might experiencebull seldom is a one-to-one relationship between cause and effectQuality Management StandardsDO-178BEUROCCAE ED-128bull evaluation standard for the international aviation communitybull developed by Radio Technical Commission for Aeronautics (RTCA)
Page 18 of 18
When dealing with consumer data it is required to avoid problems by taking consent from the consumer before using details for marketing or for research It can be done by appointing a Chief Privacy Officer(CPO) who has the power to stop illegal use of consumer data Work Place Monitoring
The employers have the right to monitor your activities in many situations at work place major Monitoring includes
Recording CCTV cameras Opening mail or e-mail Check phone logs or recording of phone calls Videoing outside the workplace Checking the logs of website visited Some companies even do random drug test on their employees
Spamming Transmission of the same e-mail message to a large number of people Extremely inexpensive method of marketing Used by many legitimate organizations Can contain unwanted and objectionable materials
Example Some companies might send e-mail to customers to announce the release of their new product in an attempt to increase initial sales
Advanced surveillance technologyCamera surveillance camerarsquos fixed to stop illegal activities by finding people who act suspiciously i) Facial recognition software can be used to identify criminals and terroristsii) GPS(Global Positioning chips) can be placed in devices like cell phones to locate
Users
Unit IV -SOFTWARE DEVELOPMENTObjectivesWhy do companies require high-quality software in business systems industrial process control systems and consumer productsWhat ethical issues do software manufacturers face in making tradeoffs between project schedules project costs and software quality
Need for high quality software systems High quality sw systems are easy to learn and easy to use They efficiently meet the userrsquos needs They are dependable It is highly ethical for Software engineers to develop quality softwaresImpact of Quality SoftwareA software defect is an error which can cause software systems to halt without meeting the users need Software error has to be detected and removedSoftware errors can have minor or major consequencesbull Software in dryer may cause clothes not being dried enough- Minor can be toleratedbull Software in X-ray scanner may overexpose patient to powerful X-rays ndash major cannot accept as it is deadlyHigh-quality software systemsbull operate safely and dependablybull have a high degree of availabilitybull required to support the fields of- air traffic control- nuclear power- automobile safety- health care- military and defense
Page 15 of 18
- space explorationKey Issues in Software DevelopmentEthical decisions involve
Quality Management which defines the measure of quality in the development processbull tradeoff between quality and other factors such as ease of use time to market and development costsbull some managers may have a short-term profit-oriented viewbull others may prefer the more ethical view of delivering high-quality softwarebull need to also review legal implications of software errorsLiabilityResponsibilitySoftware product liabilitybull accidents due to software errors may result in lawsuits and punitive damagesbull liability is commonly referred to as product liabilitybull there is no federal liability law software liability falls under common lawbull strict liabilty means manufacturer is responsible for regardless of negligence or intent 1048774
but there are lines of defense against thisbull responsibilty may be limited to harmful defects that could have been detected through lsquoreasonablersquo software practicesbull there is also the concept of lsquocontributoryrsquo negligence (eg accidentally cut finger using nail clippers)bull warranty also protects consumer but may be hard to read
Reasons For Software Defects1) Inexperienced or quality-ignorant software coding
bull quality software evolves right from the startbull but few have the conscience to do it
2) Human errorbull programmers inject one defect for every 10 lines of codebull eg Windows XT 400 M lines of code even if 999 was cleanthere still would be 1 bug per 10000 lines of code 1048774 large softwarestill contains thousands of bugs
3) Time pressurebull competition requires fast delivery of the product with more featuresbull A patch is a fix for an software error Many think software errors can be patchedConsequences of a Software defectbull could cause a system to fail to meet usersrsquo needsbull impact may be trivial or very seriousbull even patches may contain (new) defects Software qualitybull degree to which software meets the needs of usersbull lsquotestingrsquo done by customersbull some avoid buying the first version
Strtegies for developing Quality SoftwareMore and more users are demanding high-quality softwareQuality Management measures the quality of software in the development process The objective is to deliver high quality software Various strategies are adopted
1 Following a properaccepted standard software development methodology2 Ensure Quality Assurance at each stage of software development3 Detecting an error early and fixing it early4 Testing the product before delivering it to the customer5 Document the various stages of software development to ensure quality
Quality Software Development Processi) Following a properaccepted standard software development methodology
Page 16 of 18
It is safe to follow a proper and accepted software development methodology where the software is developed in controlled and orderly way These methods are proven where negligence can be avoided
ii) Ensure software quality assurance It refers to methods in development cycle that guarantee reliable operation of the product Quality assurance is applied in each stage of the development cycle where standard methods are applied to ensure software quality
iii) Detecting an error early and fixing it early it is Safer and cheaper to avoid software problems at the beginning than to attempt to fix damages after the product is deliveredbull identify and remove errors early in the development process is a - cost-saving measure - 100 times less cost when bug is detected early before product roll-out
- most efficient way to improve software quality - bug effect (and its fix) may ripple through large pieces of the software iv) Testing This is one of the proven methods for quality assurance Types of Testing Dynamic testing software is developed in units called subroutines or programs These units are integrated to form a large system Each unit of code is tested with actual test data and compare results with expected results This is called dynamic testing bull Black-box testing - want code to demonstrate expected output behaviour for all input data in test Suite - tester has no knowledge and structure of code bull White-box testing (tester has knowledge of code) - testing all possible logic paths through the software unit - with thorough knowledge of the codersquos logic paths - make each program statement execute at least once - for example for program to calculate employee gross pay The test case would be for less than 40 hours and test case for more than 40 hours hellip to check calculations for overtime pay
Other Types of Testing Static testingbull static analyzers are run against the new code -bull looks for suspicious patterns in programs that might indicate a defectIntegration testingbull after successful unit testing bull software units are combined into an integrated subsystembull ensures that all linkages among various subsystems work SuccessfullySystem testingbull after successful integration testingbull various subsystems are combinedbull tests the entire system as a complete entityUser acceptance testingbull independent testingbull performed by trained end-usersbull ensures that the system operates as they expectSafety-Critical SystemsConsequences of software defects in certain systems can be deadly such systems are called Safety-critical systemsbull companies must take special precautions in developing Safety-critical system as failure may cause injury or deathbull examples- automobilersquos antilock brakes- nuclear power plant reactors- airplane navigation- roller coasters- elevators- medical devicesbull example bug in Therac-25 radiation therapy machine 1985-87- wrong sequence of menu selections caused large radiation dose to be delivered to the patient
Page 17 of 18
Key assumptionbull safety will not automatically result from following the organizationrsquos standard development methodologySoftware development measures for safety-critical systemsSafety-critical systems Must go through a more rigorous and time-consuming development process than other kinds of softwareAll tasks requirebull additional stepsbull more thorough documentationbull more checking and recheckingProject safety engineer takes care of safety of the machinesbull explicit responsibility for the systemrsquos safetybull uses a logging and monitoring system to track hazards from the projectrsquos start to finishHazard logbull used at each stage of the software development processbull assesses how it has accounted for detected hazardsSafety reviewsbull held throughout the development processRobust configuration management systembull tracks all safety-related documentationFormal documentation requiredbull including verification reviews and signaturesKey issuebull deciding when Quality Assurance staff has performed enough testing Riskbull probability of an undesirable event occurring times the magnitude of the eventrsquos consequences if it does happen bull consequences include- damage to property- loss of money- injury to people- deathQuality Management Standards
i) ISO 9000 standardbull guide to quality products services and managementbull organization must submit to an examination by an external assessorbull requirements- written procedures for everything it does- follow those procedures- prove to the auditor the organization fulfilled the first two requirementsii) Failure mode and effects analysis (FMEA)bull important technique to develop an ISO 9000 compliant systembull used to evaluate reliabilitybull determine the effect of system and equipment failuresbull goal identify potential design and process failures early in a project
ii) Failure mode and effects analysis (FMEA)bull Failure mode- describes how a product or process could failbull Effect- adverse consequence that a customer might experiencebull seldom is a one-to-one relationship between cause and effectQuality Management StandardsDO-178BEUROCCAE ED-128bull evaluation standard for the international aviation communitybull developed by Radio Technical Commission for Aeronautics (RTCA)
Page 18 of 18
- space explorationKey Issues in Software DevelopmentEthical decisions involve
Quality Management which defines the measure of quality in the development processbull tradeoff between quality and other factors such as ease of use time to market and development costsbull some managers may have a short-term profit-oriented viewbull others may prefer the more ethical view of delivering high-quality softwarebull need to also review legal implications of software errorsLiabilityResponsibilitySoftware product liabilitybull accidents due to software errors may result in lawsuits and punitive damagesbull liability is commonly referred to as product liabilitybull there is no federal liability law software liability falls under common lawbull strict liabilty means manufacturer is responsible for regardless of negligence or intent 1048774
but there are lines of defense against thisbull responsibilty may be limited to harmful defects that could have been detected through lsquoreasonablersquo software practicesbull there is also the concept of lsquocontributoryrsquo negligence (eg accidentally cut finger using nail clippers)bull warranty also protects consumer but may be hard to read
Reasons For Software Defects1) Inexperienced or quality-ignorant software coding
bull quality software evolves right from the startbull but few have the conscience to do it
2) Human errorbull programmers inject one defect for every 10 lines of codebull eg Windows XT 400 M lines of code even if 999 was cleanthere still would be 1 bug per 10000 lines of code 1048774 large softwarestill contains thousands of bugs
3) Time pressurebull competition requires fast delivery of the product with more featuresbull A patch is a fix for an software error Many think software errors can be patchedConsequences of a Software defectbull could cause a system to fail to meet usersrsquo needsbull impact may be trivial or very seriousbull even patches may contain (new) defects Software qualitybull degree to which software meets the needs of usersbull lsquotestingrsquo done by customersbull some avoid buying the first version
Strtegies for developing Quality SoftwareMore and more users are demanding high-quality softwareQuality Management measures the quality of software in the development process The objective is to deliver high quality software Various strategies are adopted
1 Following a properaccepted standard software development methodology2 Ensure Quality Assurance at each stage of software development3 Detecting an error early and fixing it early4 Testing the product before delivering it to the customer5 Document the various stages of software development to ensure quality
Quality Software Development Processi) Following a properaccepted standard software development methodology
Page 16 of 18
It is safe to follow a proper and accepted software development methodology where the software is developed in controlled and orderly way These methods are proven where negligence can be avoided
ii) Ensure software quality assurance It refers to methods in development cycle that guarantee reliable operation of the product Quality assurance is applied in each stage of the development cycle where standard methods are applied to ensure software quality
iii) Detecting an error early and fixing it early it is Safer and cheaper to avoid software problems at the beginning than to attempt to fix damages after the product is deliveredbull identify and remove errors early in the development process is a - cost-saving measure - 100 times less cost when bug is detected early before product roll-out
- most efficient way to improve software quality - bug effect (and its fix) may ripple through large pieces of the software iv) Testing This is one of the proven methods for quality assurance Types of Testing Dynamic testing software is developed in units called subroutines or programs These units are integrated to form a large system Each unit of code is tested with actual test data and compare results with expected results This is called dynamic testing bull Black-box testing - want code to demonstrate expected output behaviour for all input data in test Suite - tester has no knowledge and structure of code bull White-box testing (tester has knowledge of code) - testing all possible logic paths through the software unit - with thorough knowledge of the codersquos logic paths - make each program statement execute at least once - for example for program to calculate employee gross pay The test case would be for less than 40 hours and test case for more than 40 hours hellip to check calculations for overtime pay
Other Types of Testing Static testingbull static analyzers are run against the new code -bull looks for suspicious patterns in programs that might indicate a defectIntegration testingbull after successful unit testing bull software units are combined into an integrated subsystembull ensures that all linkages among various subsystems work SuccessfullySystem testingbull after successful integration testingbull various subsystems are combinedbull tests the entire system as a complete entityUser acceptance testingbull independent testingbull performed by trained end-usersbull ensures that the system operates as they expectSafety-Critical SystemsConsequences of software defects in certain systems can be deadly such systems are called Safety-critical systemsbull companies must take special precautions in developing Safety-critical system as failure may cause injury or deathbull examples- automobilersquos antilock brakes- nuclear power plant reactors- airplane navigation- roller coasters- elevators- medical devicesbull example bug in Therac-25 radiation therapy machine 1985-87- wrong sequence of menu selections caused large radiation dose to be delivered to the patient
Page 17 of 18
Key assumptionbull safety will not automatically result from following the organizationrsquos standard development methodologySoftware development measures for safety-critical systemsSafety-critical systems Must go through a more rigorous and time-consuming development process than other kinds of softwareAll tasks requirebull additional stepsbull more thorough documentationbull more checking and recheckingProject safety engineer takes care of safety of the machinesbull explicit responsibility for the systemrsquos safetybull uses a logging and monitoring system to track hazards from the projectrsquos start to finishHazard logbull used at each stage of the software development processbull assesses how it has accounted for detected hazardsSafety reviewsbull held throughout the development processRobust configuration management systembull tracks all safety-related documentationFormal documentation requiredbull including verification reviews and signaturesKey issuebull deciding when Quality Assurance staff has performed enough testing Riskbull probability of an undesirable event occurring times the magnitude of the eventrsquos consequences if it does happen bull consequences include- damage to property- loss of money- injury to people- deathQuality Management Standards
i) ISO 9000 standardbull guide to quality products services and managementbull organization must submit to an examination by an external assessorbull requirements- written procedures for everything it does- follow those procedures- prove to the auditor the organization fulfilled the first two requirementsii) Failure mode and effects analysis (FMEA)bull important technique to develop an ISO 9000 compliant systembull used to evaluate reliabilitybull determine the effect of system and equipment failuresbull goal identify potential design and process failures early in a project
ii) Failure mode and effects analysis (FMEA)bull Failure mode- describes how a product or process could failbull Effect- adverse consequence that a customer might experiencebull seldom is a one-to-one relationship between cause and effectQuality Management StandardsDO-178BEUROCCAE ED-128bull evaluation standard for the international aviation communitybull developed by Radio Technical Commission for Aeronautics (RTCA)
Page 18 of 18
It is safe to follow a proper and accepted software development methodology where the software is developed in controlled and orderly way These methods are proven where negligence can be avoided
ii) Ensure software quality assurance It refers to methods in development cycle that guarantee reliable operation of the product Quality assurance is applied in each stage of the development cycle where standard methods are applied to ensure software quality
iii) Detecting an error early and fixing it early it is Safer and cheaper to avoid software problems at the beginning than to attempt to fix damages after the product is deliveredbull identify and remove errors early in the development process is a - cost-saving measure - 100 times less cost when bug is detected early before product roll-out
- most efficient way to improve software quality - bug effect (and its fix) may ripple through large pieces of the software iv) Testing This is one of the proven methods for quality assurance Types of Testing Dynamic testing software is developed in units called subroutines or programs These units are integrated to form a large system Each unit of code is tested with actual test data and compare results with expected results This is called dynamic testing bull Black-box testing - want code to demonstrate expected output behaviour for all input data in test Suite - tester has no knowledge and structure of code bull White-box testing (tester has knowledge of code) - testing all possible logic paths through the software unit - with thorough knowledge of the codersquos logic paths - make each program statement execute at least once - for example for program to calculate employee gross pay The test case would be for less than 40 hours and test case for more than 40 hours hellip to check calculations for overtime pay
Other Types of Testing Static testingbull static analyzers are run against the new code -bull looks for suspicious patterns in programs that might indicate a defectIntegration testingbull after successful unit testing bull software units are combined into an integrated subsystembull ensures that all linkages among various subsystems work SuccessfullySystem testingbull after successful integration testingbull various subsystems are combinedbull tests the entire system as a complete entityUser acceptance testingbull independent testingbull performed by trained end-usersbull ensures that the system operates as they expectSafety-Critical SystemsConsequences of software defects in certain systems can be deadly such systems are called Safety-critical systemsbull companies must take special precautions in developing Safety-critical system as failure may cause injury or deathbull examples- automobilersquos antilock brakes- nuclear power plant reactors- airplane navigation- roller coasters- elevators- medical devicesbull example bug in Therac-25 radiation therapy machine 1985-87- wrong sequence of menu selections caused large radiation dose to be delivered to the patient
Page 17 of 18
Key assumptionbull safety will not automatically result from following the organizationrsquos standard development methodologySoftware development measures for safety-critical systemsSafety-critical systems Must go through a more rigorous and time-consuming development process than other kinds of softwareAll tasks requirebull additional stepsbull more thorough documentationbull more checking and recheckingProject safety engineer takes care of safety of the machinesbull explicit responsibility for the systemrsquos safetybull uses a logging and monitoring system to track hazards from the projectrsquos start to finishHazard logbull used at each stage of the software development processbull assesses how it has accounted for detected hazardsSafety reviewsbull held throughout the development processRobust configuration management systembull tracks all safety-related documentationFormal documentation requiredbull including verification reviews and signaturesKey issuebull deciding when Quality Assurance staff has performed enough testing Riskbull probability of an undesirable event occurring times the magnitude of the eventrsquos consequences if it does happen bull consequences include- damage to property- loss of money- injury to people- deathQuality Management Standards
i) ISO 9000 standardbull guide to quality products services and managementbull organization must submit to an examination by an external assessorbull requirements- written procedures for everything it does- follow those procedures- prove to the auditor the organization fulfilled the first two requirementsii) Failure mode and effects analysis (FMEA)bull important technique to develop an ISO 9000 compliant systembull used to evaluate reliabilitybull determine the effect of system and equipment failuresbull goal identify potential design and process failures early in a project
ii) Failure mode and effects analysis (FMEA)bull Failure mode- describes how a product or process could failbull Effect- adverse consequence that a customer might experiencebull seldom is a one-to-one relationship between cause and effectQuality Management StandardsDO-178BEUROCCAE ED-128bull evaluation standard for the international aviation communitybull developed by Radio Technical Commission for Aeronautics (RTCA)
Page 18 of 18
Key assumptionbull safety will not automatically result from following the organizationrsquos standard development methodologySoftware development measures for safety-critical systemsSafety-critical systems Must go through a more rigorous and time-consuming development process than other kinds of softwareAll tasks requirebull additional stepsbull more thorough documentationbull more checking and recheckingProject safety engineer takes care of safety of the machinesbull explicit responsibility for the systemrsquos safetybull uses a logging and monitoring system to track hazards from the projectrsquos start to finishHazard logbull used at each stage of the software development processbull assesses how it has accounted for detected hazardsSafety reviewsbull held throughout the development processRobust configuration management systembull tracks all safety-related documentationFormal documentation requiredbull including verification reviews and signaturesKey issuebull deciding when Quality Assurance staff has performed enough testing Riskbull probability of an undesirable event occurring times the magnitude of the eventrsquos consequences if it does happen bull consequences include- damage to property- loss of money- injury to people- deathQuality Management Standards
i) ISO 9000 standardbull guide to quality products services and managementbull organization must submit to an examination by an external assessorbull requirements- written procedures for everything it does- follow those procedures- prove to the auditor the organization fulfilled the first two requirementsii) Failure mode and effects analysis (FMEA)bull important technique to develop an ISO 9000 compliant systembull used to evaluate reliabilitybull determine the effect of system and equipment failuresbull goal identify potential design and process failures early in a project
ii) Failure mode and effects analysis (FMEA)bull Failure mode- describes how a product or process could failbull Effect- adverse consequence that a customer might experiencebull seldom is a one-to-one relationship between cause and effectQuality Management StandardsDO-178BEUROCCAE ED-128bull evaluation standard for the international aviation communitybull developed by Radio Technical Commission for Aeronautics (RTCA)
Page 18 of 18
