Ethics are a set of moral principles and behaviours that control the individual or a group which is used to decide what is good and bad. Ethics talks about the human behaviour’s consequences such as being honest, fair and keep on the integrity and reliability and confidentiality among each other. (BBC, 2014)
Basically, ethical decisions depend on the mindset and personal beliefs of the people. In additions to that, they can follow up some code of ethical principles, standards and the agreements such as non-disclosure agreement.
These codes of ethics are in place to assist the people and give professional judgements to them while there are facing several ideas and obligations in order to solve them in an ethical way. Some of the main code of ethic principles are named as Privacy, Integrity, honesty, education, fair treatment, Social responsibility with workplace qualities and Communication. (System Administrators Guild of Australia, 2015)
When we are talking regarding a company internal network upgrading process in-order to increase the information security of a system that the network administrator is the one who deploys a huge role in the company to make sure that the network upgrading process is compliance to the company policies and rules. A network administrator of a company or organization generally has an ability and enough privileges to access all information and sensitive data of an existing network. This much of wide access means that network administrator should have a variety of ethical issues and regulations to be considered while doing his job. This is described as an invasion of privacy. (McDunnigan, 2007)
When upgrading the network security that the main ethical issues as relevant authority control issues are described as placing several devices and using several mechanisms to read the private e-mail of the members on network, gain information and monitoring websites that are being visited by users on network, Using key loggers and screen capture programs, implementing ACL, firewalls (Hardware, Software) and IDS(The systems of intrusion detections) . This kind of interception under the relevant authority could be described by the RIPA act 2000 (Regulation of investigatory power act). (Kaminsky, 2017)
As a real-world example, an incident that happened to a company IT manager. He hired a new network administrator to intensify the protection of the company network. So, that hired person ultimately stole the user’s home directories information on the network to use the company marketing and supplier details. So that guilty Network admin had infringed the Company Privacy policies which were coming under the code of ethics policy of that company. (Tek tips, 2017)
In 2005 NBES (National Business Ethics Study) reported 16% of employees were observed about workplace safety regulation violations such as not wearing the safety hard hats and other safety precautions. finally, these things can result in employee worker injuries and loss of productivity impact of them. (Joseph, 2019)
Another main part of ethical issues when upgrading a network is about to maintain the equality of reporting and comply with the fair treatment principle of the code of ethics. As an obligation to the Incident reporting policy of a company the network administrator should need to treat everyone fairly in order to prevent of infringements of company policies that means he won’t be accusing against anyone based on the severities, abilities, disabilities(discriminations) and varieties such as gender, religion, sexual orientation, national varieties, and age. (McDunnigan, 2007)
Most commonly the network administrators have to be flexible with the Company management (Owners) and other security high profession members (Network manager). What will happen the network manager ask from network administrator to speed up the configuring process by skipping some of the security features or make some quick fix to configure network devices that the network administrator recommended unless that security features the network’s protection may be reduced, and it causes to increase the vulnerability threat for the company’s network. This may cause to generate a conflict of interest based on the Code of conduct of company policies between the owner and network manager to the network administrator. A lower security standard would violate such acts like Graham leach Bliley act. (Shinder, 2005)
The authorized people should have equal access to the company network devices in order to seek the benefits of them. The company can place a VPN to allow the people to securely access the company internal network devices who are having disabilities to directly coming and interactive with those devices. The company should have a good environment and proper mechanisms for accessing the network devices who are having disabilities without any discriminations. This scenario is addressed by ADA508 act. (Bourgeois, 2014)
According to the code of ethics, ‘Privacy’ state the network user’s information should be gathered with having a proper awareness of the network users. According to the established transparent policies can be used to give the rights to the individuals to get to know about what information is being gathered and how it is being utilized. These gathered data can be used to measure the anonymized data and accuracy of the data in order to prevent the data disclosures accidentally, banned the unauthorized access, detect attacks, vulnerabilities, threats and risk factors by placing firewalls, Making ACL rules, Backups and so on.
The new changes (added Security features, Software updates, network monitoring devices and interface changes) can be affected to productivity and work qualities of their normal routine. In -order to mitigate this matter the network professional should help to the network users and strive to explain how these changes are important to keep the system securely and UpToDate.
According to the Code of conduct ‘Professional Competence’ state When upgrading the security of the network the employees should have to evaluate the lack of professional expertise with the competence areas of currently working employees in-order to take the necessary skilled full employees related to those problems to come up with the expert solutions.
According to the ‘Prevent harm’ statement of Code of conduct the company management professionals and network professions have the responsibilities to prevent the consequences of harms such as employees physical and mental situations and related injuries, unintended destruction of network internal information, reputation troubles, internal environment impact (employees, management, culture), external environment impact (Competitors, Suppliers, Political influences). (ACM, 2019)
The better security policies can be used to guide the employees who are using credential information resources while upgrading the network in the case of violation of these policies. These policies should be controlled by the company administrates based upon the Confidentiality, availability and integrity principles. (Bourgeois, 2014)
Communication among each other is more important to be a good professional and ethical network administrator. The network administrator would have to always communicate with the network’s users and the executive management of the company that helps to understand all parties’ opinions and work with them without having any conflicts among them. (LOPSA, 2019)
While the time of the network security upgrading, establishing proper ethical standards and policies by maintaining the safety, healthy, privacy needs and with having proper rewarding and criticism mechanisms cause to make a productive working environment around the employees and assist to co-workers to make decisions properly according to the policies and standers. (Searchnetworking, 2008)
By keeping proper professionalism standards in-order to conduct the workplace will help to treat the employees fairly or professionally. (LOPSA, 2019)
References
ACM, 2019. ACM. [Online] Available at: https://www.acm.org/code-of-ethics [Accessed 02 05 2019].
BBC, 2014. BBC. [Online] Available at: http://www.bbc.co.uk/ethics/introduction/intro_1.shtml [Accessed 22 1 2019].
Bourgeois, D. T., 2014. Information Systems for Business and Beyond, s.l.: Saylor Academy.
Joseph, C., 2019. chron. [Online] Available at: https://smallbusiness.chron.com/common-workplace-ethics-violations-2736.html [Accessed 02 05 2019].
Kaminsky, K., 2017. WizIQ. [Online] Available at: https://www.wiziq.com/tutorial/30178-General-Ethical-Issues-in-the-IT-Security-Profession [Accessed 22 1 2019].
LOPSA, 2019. LOPSA. [Online] Available at: https://LOPSA.org/CodeOfEthics [Accessed 02 05 2019].
McDunnigan, M., 2007. Ethical Issues a Network Administrator May Encounter. [Online] Available at: https://careertrend.com/info-12183631-ethical-issues-network-administrator-may-encounter.html [Accessed 22 1 2019].
Searchnetworking, 2008. Searchnetworking. [Online] Available at: https://searchnetworking.techtarget.com/blog/The-Network-Hub/IT-Ethics [Accessed 02 05 2019].
Shinder, D., 2005. Computerworld. [Online] Available at: https://www.computerworld.com/article/2557944/security0/ethical-issues-for-it-security-professionals.html [Accessed 22 1 2019].
System Administrators Guild of Australia (SAGE-AU), 2015. Ethics codes collection. [Online] Available at: http://ethics.iit.edu/ecodes/node/5712 [Accessed 22 1 2019].
Tek tips, 2017. Tek tips.com. [Online] Available at: https://www.tek-tips.com/viewthread.cfm?qid=929023 [Accessed 22 1 2019].