Prepared by: Assoc. Prof. Nalin Sharda Moderated by: Dr. Imran Jokhio July, 2017 Assessment Details and Submission Guidelines Unit Code MN501 Unit Title Network Management in Organisations Term, Year Term‐2, 2017 Assessment Type Assignment‐1 Assessment Title Ethical issues for IT security personnel Purpose of the assessment (with ULO Mapping) The purpose of this assignment is to develop skills in research, critical analysis and academic writing of high standard. In this assignment students will:  Identify potential ethical and social issues related to IT administration ethics.  Discuss ethical and social issues pertaining to IT systems‐administration.  Interpret professional codes of ethics developed by various industry bodies.  Discuss ethical behaviour in accordance with professional codes.  Explain ethical solutions to ensure that the society benefits. Students must be able to generate ideas at abstract levels and support their arguments with strong reasoning. Students must strengthen critical thinking skills by answering the assignment. Weight 10% Total Marks 100 Word limit 500 ‐ 1000 Due Date Week‐7 Thursday 5.00 PM. Submission Guidelines  All work must be submitted on Moodle by the due date along with a completed Assignment Cover Page.  The assignment must be in MS Word format, 1.5 spacing, 11‐pt Calibri (Body) font and 2 cm margins on all four sides of your page with appropriate section headings.  Reference sources must be cited in the text of the report, and listed appropriately at the end in a reference list using IEEE referencing style. Extension  If an extension of time to submit work is required, a Special Consideration Application must be submitted directly to the School's Administration Officer, in Melbourne on Level 6 or in Sydney on Level 7. You must submit this application three working days prior to the due date of the assignment. Further information is available at: http://www.mit.edu.au/about‐mit/institute‐publications/policies‐procedures‐and‐ guidelines/specialconsiderationdeferment Academic Misconduct  Academic Misconduct is a serious offence. Depending on the seriousness of the case, penalties can vary from a written warning or zero marks to exclusion from the course or rescinding the degree. Students should make themselves familiar with the full policy and procedure available at:http://www.mit.edu.au/about‐ mit/institute‐publications/policies‐procedures‐and‐guidelines/Plagiarism‐ Academic‐Misconduct‐Policy‐Procedure.For further information, please refer to the Academic Integrity Section in your Unit Description.MN501 Network Management in Organisations Page 2 of 4 Prepared by: Assoc. Prof. Nalin Sharda Moderated by: Dr. Imran Jokhio July, 2017 Assignment Description Debra Shinder writes, “In fact, many IT pros don't even realize that their jobs involve ethical issues. Yet we make decisions on a daily basis that raise ethical questions [1].” Debra poses the following ethical scenarios. 0) IT and security consultants who do work for multiple companies have even more ethical issues to deal with. If you learn things about one of your clients that might affect your other client(s), where does your loyalty lie? Should you use the information gained from Client‐A for the benefit of the other client, Client‐B? 1) Then there are money issues. The proliferation of network attacks, hacks, viruses and other threats to their IT infrastructures have caused many companies to "be afraid, be very afraid." As a security consultant, it may be very easy to play on that fear to convince companies to spend far more money than they really need to. Is it wrong for you to charge hundreds or even thousands of dollars per hour for your services, or is it a case of "whatever the market will bear?" 2) Is it wrong for you to mark up the equipment and software that you get for the customer when you pass the cost through? What about kickbacks from equipment manufacturers? Is it wrong to accept "commissions" from them for persuading your clients to go with their products? Or what if the connection is more subtle? Is it wrong to steer your clients toward the products of companies in which you hold stock? 3) Another ethical issue involves promising more than you can deliver, or manipulating data to obtain higher fees. You can install technologies and configure settings to make a client's network more secure, but you can never make it completely secure. Is it wrong to talk a client into replacing their current firewalls with those of a different manufacturer, or switching to an open source operating system – which changes, coincidentally, will result in many more billable hours for you – on the premise that this is the answer to their security problems? 4) What if a client asks you to save money by cutting out some of the security measures that you recommended, yet your analysis of the client's security needs shows that sensitive information will be at risk if you do so? You try to explain this to the client, but he/she is adamant. Should you go ahead and configure the network in a less secure manner? Should you "eat" the cost and install the extra security measures at no cost to the client? Should you refuse to do the job? Investigate and reflect upon one of the above scenarios using Ethical Guidelines published by organisations such as: EA, ACS, ACM and IEEE. Students with ID ending with 0 or 5, answer scenario number 0 Students with ID ending with 1 or 6, answer scenario number 1 Students with ID ending with 2 or 7, answer scenario number 2 Students with ID ending with 3 or 8, answer scenario number 3 Students with ID ending with 4 or 9, answer scenario number 4 [1] D.Shinder, ‘Ethical Issues for IT security professionals’, 2005. [Online]. Available http://www.computerworld.com/article/2557944/security0/ethical‐issues‐for‐it‐security‐ professionals.html [Accessed 28‐July‐2017]MN501 Network Management in Organisations Page 3 of 4 Prepared by: Assoc. Prof. Nalin Sharda Moderated by: Dr. Imran Jokhio July, 2017 Marking criteria: You must use the following aspects as headings for your answer. Marks are allocated as follows: Aspects Description of the section Marks Introduction Introduce the ethical issues in 3‐5 sentences 10 Identification Identify at least 2 important ethical issues 20 Analyse Analyse the above identified issues 20 Evaluate/justification Evaluate the issues and write justification of your evaluation 20 Conclusion Write clear conclusion in 2‐3 sentences 20 Reference style Follow APA or IEEE reference style 10 Total 100MN501 Network Management in Organisations Page 4 of 4 Prepared by: Assoc. Prof. Nalin Sharda Moderated by: Dr. Imran Jokhio July, 2017 Marking Rubric for Assignment‐1:Total Marks 50 Grade Mark HD 80‐100% DI 70‐79% CR 60‐69% P 50‐59% Fail <50% Excellent Very Good Good Satisfactory Unsatisfactory Introduction All topics are pertinent and covered in depth. Ability to think critically and source material is demonstrated Topics are relevant and soundly analysed. Generally relevant and analysed. Some relevance and briefly presented. This is not relevant to the assignment topic. Identification Demonstrated excellent ability to think critically and sourced reference material appropriately Demonstrat ed excellent ability to think critically but did not source reference material appropriatel y Demonstrated ability to think critically and sourced reference material appropriately Demonstrated ability to think critically and did not source reference material appropriately Did not demonstrate ability to think critically and did not source reference material appropriately Analyse Logic is clear and easy to follow with strong arguments Consistency logical and convincing Mostly consistent logical and convincing Adequate cohesion and conviction Argument is confused and disjointed Evaluate/justific ation Excellent use of creditable sources. Accurate referencing. Obvious that outstanding effort made Extremely good effort Good effort made but not outstanding Made some effort. For example, Web searches only Very little attempt to reference. Lazy effort with inaccuracies Conclusion Logic is clear and easy to follow with strong arguments Consistency logical and convincing Mostly consistent logical and convincing Adequate cohesion and conviction Argument is confused and disjointed Reference style Clear styles with excellent source of references. Clear referencing style Generally good referencing style Sometimes clear referencing style Lacks consistency with many errors