Key IT/IS UK/EU/International legislation

The contemporary Legal landscape in the IT industry

• Key IT/IS UK/EU/International legislation – what are the most important parts of the law that an IT professional needs to know about. Rather than just a list of relevant laws try to organise the material thematically e.g. by activity – contracting, privacy, etc.

• Professional requirements for knowledge of the Law – what are the responsibilities of a professional with respect to the law – use the BCS code of practice as a guide. What a professional should do, what mustn’t they do how can they ensure they act professionally in meeting their responsibilities with respect to the law.

• Contemporary challenges for legislators – how are recent developments in IT creating challenges that the law needs to respond to if possible give some specific real-world examples taken from the guest speakers or your reading.

The contemporary ethical environment in the IT industry

• The main normative approaches to ethics – compare and contrast the main approaches that we have looked at virtue, consequentialist and deontological.

• Professional requirements for ethical behaviour – what must a professional do to ensure they are acting ethically? Use the BCS code of conduct as a guide – does this suggest a virtue, consequentialist, deontological or mixed approach?

• Contemporary ethical dilemmas – how are recent developments in IT creating challenges for ethical behaviour? Can IT be used to make people and or organisation behaviour more ethical? If possible give some specific real-world examples taken from the guest speakers or your reading.

Ensuring systemic systems security in the contemporary IT environment

• The technical, operational and social aspects of IT security – explain the technical aspects of security, the operational aspects of security and the social aspects of security.

• Managing the development process with security in mind – how should security issues be addressed in the development process in order to ensure that technical, operational and social aspects of security are all addressed?

• Contemporary security challenges – how are recent development in IT creating new security challenges? If possible give some specific real-world examples taken from the guest speakers or your reading.

Measuring and management contemporary IT related risk

• What is risk and how can it be measured – discuss the different aspects of risk that need to be considered. You should organise risks thematically e.g. by types of activity, projects, operations etc.

• How should risk be managed – what is the professional’s responsibility for managing risk and what is recommended good practice?

• Contemporary risk challenges to measuring and managing risk – how are recent developments in IT creating new risk management challenges? If possible give some specific real-world examples taken from the guest speakers or your reading.

British computer society (BSC) is a learned society and professional society that is used to represent those working in the field of information technology both in internationally and UK, established in the year of 1957.British computer society is also known as the chartered institute for information technology and BCS which is used to make and established the rules, regulations and professional standards of conduct, ethical practices and competence for computing in UK (1981 British Computer Society Conference). The British code of good practices in the workplace describes the set of the standards of practices in the field of information technology. In UK British computer society is the professional bodies that have an ability to provide the permission to the chartered status to the informational technology professionals (British Computer Society Conference, 1958). There are the four main areas in which British computer society is conducted.

• Public interest
• Professionals competence and the integrity
• Duty of the authority
• Duty of the profession

• Members shall have due regards for privacy, wellbeing of others, public health, environment and security.
• Members shall have due to respect for legal of third parties
• Members shall have to conduct the professional exercises without segregation on the ground of sex, nationality, religion, color, sexual orientation, disability, age, ethnic origin and the others requirements or condition.
• To promote and evaluate the equally access to the advantage of information technology and search to promote the addition in all sectors or places in the society wherever several opportunities are raised.

• Manager and organization needs to provide and undertake the works or services within the professional capability and the ability.
• Members of the organization must have seek to conform to find the better practices like quality of the services and the standards and also needs to encourage their employees or subordinates to do the same (First British Computer Society Conference, 1958).
• According to the ability and capacity work should be provided by the manger to their subordinates and mot claim to any subordinates in any level.
      
• Members should have to accepts the professional codes of ethics in its organization and do not terminate any tasks and assignments accepts the reasonable notice and good reasons.

Professional requirements for knowledge of the Law

• In workplaces and organization members should have to carry their work with due diligence and care according with the needs or requirements of the clients or employers (Davies, 1987).
• Members need to complete the works within the budget and time limit or time frame.
• According to the duty to clients and employees, members of the organization shall not disclose any data and information from one place to another place and one source to another source without the permission and use for personal profit.
• Accept the professional rules and regulations, to avoid the conflicts between the members and the subordinates.
• Members shall not withhold data, information and not misrepresented on the ability of the products and services.

• Within the workplaces and the organizations members should have to uphold the professionals and needs to improve or enhance the standards code of ethics through enforcement and use, their deployment and apart from that members needs to avoids such things that affects the professions.
• Managers needs to accepts the personal duty within the organization and don’t take any actions which harms for organization.
• To improve and encourage the members to their developments.

Explain the main normative approaches to ethics

In the contemporary ethical environmental in information technology; normative ethics is used to examine and identify the wrongness and rightness actions. Basically normative ethics is separated from the meta-ethics and descriptive ethics. In traditional ways it is said that the normative ethics is used to determine whether action is wrong and right. Universal decoration of human Right (UDHR) and charter of fundamental right of European Union (EFREU) are the two fundamental normative incumbents and tools (British Computer Society (BCS) Business Books, 2008).  Right of the humans or individuals, freedom and educations right, environment rights, justice and non-discriminations are eh fundamental normative ethics. Normative instruments provides to ensure the requisite depth and breadth of ethical context and concerned can be addressed.

[Source: www. Gsb.stanford.com]

For business perspective ethics plays critical role and the important aspect in IS. The main objective of using the ethics within the organization is to remain long time and achieve better revenue. Codes of ethics contain the professional accountable and professional used the ethics to restrict the unethical activity in the organization. Codes of ethical rules and regulations help the professional to control their operations and memberships. Code of ethics helps the professional to identify the integrity, objectivity,    professional competence, confidentially and professional’s behaviors in an effective and efficient manner. In integrity members will be honest and straightforward (Jeffrey, 2007).  Conflicts can be easily solved within the organization with the help of ethic codes. It provides the conceptual framework that must be applied by the members to identify and evaluate the treats. Members maintain the objective and obtain the result in effective manner through the ethics code.

In the field of information technology several ethical dilemmas are raised but form that ‘PAPA’ i.e. privacy, accuracy, protections and accessibility are the four issues.  Apart from that software theft, computer crime, copy right are another dilemmas in the field of computer or information technology. Due to advancement and development of the information technology, larger numbers of data and information are available, thus privacy is most important from organization perspective and this is obtained with the help of ethical codes or ethical rules and regulations. Thus with the help of ethical laws computing professionals understand what is right or wrong, understand their own responsibility in the workplace and do the work with honest and loyalty.

To explain the operational, social and technical aspects of information technology security

The security in the field of information technology must contemplate not in technical aspect but also consider in operational and social aspects that is related to the process and the environment aspects (Deming, 1987). Information technology provides the ways to the users to transmit the data and information from source to destination end or from one individual to other individuals. They provide the efficiency, speed, quality, accuracy, dependability and help the business to achieve their objective in efficient manners. In the digital market environment information technology work as a vehicle that store the data and information carried it; these resources are most important resources for organization perspective. Thus protection of the data and information is most important.

• Abstraction

Contemporary challenges for legislators

In the field of information technology abstraction is used to abstract the data and information i.e. it showing only functionality without display their process and internal part. Like for example how data and information are sending from source to destination end it does not display, it only shows the data in source computer and destination computer; that means processing of the data are not displayed.                   

• Data hiding

Data and information is stored in the database, thus it is necessary for the organization to secure the database. This is done with the help of data hiding techniques. the main principle of this techniques is to hide the locations of the physical data i.e. location of the data and information are not displayed to any users. Thus uses only see the logical data not physical data.               

• Encryption

In the field of information technology main objective of the encryption is to change the meaning of the data before sending it from one place to another place.      

• Layering

In multilayered technology security are designed in all layers and it allow executing the process in a linear ways that helps to control the accessing of the data.    

• Regulations

The regulations include the norms, procedures and politics that provides and make the standard behavior. If the members of the organization are not flows these rules and regulations within the organization then it would break the organization existence rules.

• Organization culture

Organization cultures also considered into the information security process; because all security within the organization must be follow effective manner if the organization culture is good.         

• Organization environment

Information security implantation process helps the organization to create better work environment. Lack of the environment increase the conflicts, unfriendly people and decrease the productivity.       

• Organization training process

In order to provide the better security organization needs to give continuous training to their staffs because proper tanning create a positive environment and improving the knowledge of the workers.         

• Process control

ITIL (information technology infrastructure library) is a technique that helps the organization to manage the IT infrastructure, operations and developments.  Thus management needs to provide better security polices in their process because better process leads the organization in the better positions (Pathak, 2005). 

• Monitoring

With the help of better monitoring polices organization achieve better security. Monitoring polices helps the organization to identify the unethical uses.

To explain how to manage the risk

Risk management is the process used to identify and assessing the risk, making and applying the steps in order to reduce the risks and maintain the risk level in efficient manner. in the field of information technology, information risk management helps the organization to manage the risk in an effective and efficient manner (Crouhy, Galai and Mark, 2000).  Risk management contains Risk assessments, risk migrations and uncertainty analysis to analyze and manage the risk. Identification, estimation and evolutions are three major steps to determine and mange the risks.  Risks identification helps the organization to determine the cause of the risks, cause of the potential failure. The main objective of the identification of risk is to   identify the threats, security measure and risk managed.   Risk estimation helps the organization to estimate the risks and this is done by the quantitative and qualitative risks assessments process.  Risk evaluation is the final steps in which risk is determined in the process level i.e. both input and output level. In this level risk assessment is compare with the risks level and here it is determined that risk is acceptable or not.

The organization is considering the following things when they assess the risk;

Risk assessment process helps the organization to analyze and evaluate the risk in an effective and efficient manner. Determinations, collection and evolutions are the basic steps used in the process of risk assessment. Determination process is used to identify the risk and it is analyzed with the help of available data and information. Analyze process contains the three steps including asset valuation; consequence and identification i.e. threat identification. After identification analyzing process is done with the help of safeguard analyzing, likelihood analyzing and vulnerability analyzing process.   Finally risk assessment includes the final result and output (Hester and Harrison, 1998).

 Risk migration helps the organization to involve the implementation and selection of the security in order to reduce the risk and achieve the better productivity. Identification of the appropriate risks control function is done in select safeguard process.  Acceptance of the risk are done in the process of accept residual risk methods. Acceptances of the risks in the field of computer are closely related to the information system known as the accreditation (Daveri and Faini, 1995).  Monitoring and implementation process helps the organization to continue to efficient.            

Uncertainty analysis is used to perform and documentation of the risk management result that helps the organization in future. There are two source of uncertainty risk analysis management process. First is the methodology or lack of confidence and another is the risk model, consequences or safeguard effectiveness (Ronen, 1988).

References

British Computer Society (BCS) Business Books. (2008). Kybernetes, 37(3/4).

British computer society conference. (1981). Computer Networks (1976), 5(6), pp.459-462.

British Computer Society Conference: June 1959. (1958). The Computer Journal, 1(2), pp.70-70.

Crouhy, M., Galai, D. and Mark, R. (2000). Risk management. New York: McGraw Hill.

Daveri, F. and Faini, R. (1995). Risk and migration. Oxford, U.K.: Queen Elizabeth House.

Davies, D. (1987). The consumer protection act British computer society, 24 September 1987. Computer Law & Security Review, 3(4), pp.38-40.

Deming, R. (1987). Advances in security technology. Boston: Butterworths.

First British Computer Society Conference. (1958). The Computer Journal, 1(3), pp.141-141.

Hester, R. and Harrison, R. (1998). Risk assessment and risk management. Cambridge, UK: Royal Society of Chemistry.

Jeffrey, C. (2007). Research on professional responsibility and ethics in accounting. Amsterdam, the Netherlands: Elsevier JAI.

Pathak, J. (2005). Information Technology Auditing. Berlin, Heidelberg: Springer-Verlag Berlin Heidelberg.

Ronen, Y. (1988). Uncertainty analysis. Boca Raton, Fla.: CRC Press.