Assessment Title: Ethical issues for IT security personnel Purpose of the assessment (with ULO Mapping) The purpose of this assignment is to develop skills in research, critical analysis and academic writing of high standard. In this assignment students will: • Identify potential ethical and social issues related to IT administration ethics. • Discuss ethical and social issues pertaining to IT systems’-` administration. • Interpret professional codes of ethics developed by various industry bodies. • Discuss ethical behaviour in accordance with professional codes. • Explain ethical solutions to ensure that the society benefits. Students must be able to generate ideas at abstract levels and support their arguments with strong reasoning. Students must strengthen critical thinking skills by answering the assignment. Submission Guidelines: • All work must be submitted on Moodle by the due date along with a completed Assignment Cover Page. • The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body) font and 2 cm margins on all four sides of your page with appropriate section headings. • Reference sources must be cited in the text of the report, and listed appropriately at the end in a reference list using IEEE referencing style. Assignment Description Debra Shinder writes, “IT security personnel often have access to confidential data and knowledge about individuals' and companies' networks and systems that give them a great deal of power. That power can be abused, either deliberately or inadvertently.” [1] Investigate, reflect upon and answer the following questions using Ethical Guidelines published by organisations such as: EA, ACS, ACM and IEEE. Answer 5 questions each 100 words. 1) Should you read the private e-mails of your network users just because you can? Is it OK to read employees' e-mail as a security measure to ensure that sensitive company information isn't being disclosed? Is it OK to read employees' e-mail to ensure that company rules (for instance, against personal use of the e-mail system) aren't being violated? If you do read employees' e-mail, should you disclose that policy to them? Before or after the fact? 10 Marks 2) Is it OK to monitor the Web sites visited by your network users? Should you routinely keep logs of visited sites? Is it negligent to not monitor such Internet usage, to prevent the possibility of pornography in the workplace that could create a hostile work environment? 10 Marks 3) Is it OK to place key loggers on machines on the network to capture everything the user types? What about screen capture programs so you can see everything that's displayed? Should users be informed that they're being watched in this way? 10 Marks 4) Is it OK to read the documents and look at the graphics files that are stored on users' computers or in their directories on the file server? 10 Marks 5) What if a client asks you to save money by cutting out some of the security measures that you recommended, yet your analysis of the client's security needs shows that sensitive information will be at risk if you do so? You try to explain this to the client, but he/she is adamant. Should you go ahead and configure the network in a less secure manner? 10 Marks [1] D. Shinder, ‘Ethical Issues for IT security professionals’, 2005. [Online]. Available http://www.computerworld.com/article/2557944/security0/ethical-issues-for-it-securityprofessionals. Marking criteria: Marks are allocated as follows, for each question: Aspects to be included in each answer Description of the section Marks Introduction Introduce the ethical issues in 2-3 sentences 1 Identification Identify 2 important issues 2 Analyse Analyse above identified issues 2 Evaluate/justification Evaluate the issues and write justification of your evaluation 2 Conclusion Write clear conclusion in 1-2 sentences 2 Reference style Follow IEEE reference style 1 Total 10