Zuraini Ismail, Maslin Masrom and Fiza Abdul Rahim
The expansion and evolution of computer usage has proven to offer significant business opportunities to organizations and it provides us with many capabilities and these in turn give us new choices for action. The business impact of its misuse due to unethical behaviour related should not be underestimated.
The widespread use of IT raises its own ethical problems. Issues such as privacy protection, information violations, misuse of peer file sharing and accessing inappropriate websites indicates what is at stake. Users are unaware of the damage that will occur as a result of their action when using computers unethically. Similarly, privacy for example, is now recognized by many ethicists as requiring more attention than previously received in moral theory because the use of IT (Brey, 2000). These issues give rise to a new field of ethics called IT Ethics or Computer Ethics, which may have a similar status as other fields of applied ethics, such as medical ethics and business ethics.
According to the Gartner Group Report of 2008, 75% of IT security incident are caused from within the company by insiders and not hackers. Additional statistics analyzed by Malaysia KPMG Fraud Survey Report (2004) also indicate that 87% of fraud is perpetuated internally i.e. 18% by management employees while 69% is by other employees. Computer crimes, such as embezzlement or planting of logic bombs, are normally committed by trusted personnel who have permission to use the computer system. Computer security, therefore, entails organizations concerned with the actions of trusted computer users.
In this paper we investigate and further examine which components of the computer ethics that positively influence the information security of ICT users in the manufacturing and services sectors. In addressing this issue, this paper is organized into six sections. This section introduces the importance of computer ethics in harnessing information security. Section two presents the aspects of Computer Ethics and Information Security. Section three leads to the development of the conceptual framework. Section four presents the evaluation and section five draws the conclusion of study and further suggests future work.
Computer Ethics and Information Security
Computer ethics has long been involved in analyzing the computer’s role in our ethical and belief systems, as well as, monitoring the rapidly changing landscape of computing technology (Sullins, 2005). It is about people and their relations with a focus on right and wrong, with additional issues enabled by IT involving the misuse of information. In composite, ethical behaviors, perceptions, and practices frequently are viewed as the organization’s ethical work climate (Victor & Cullen, 1987), which can influence individual ethical decision-making (Wyld & Jones, 1997). Computer ethics aims to help formulate guidelines to direct action in the development, management and use of IT. Bynum (1998) believes further that computer ethics is rapidly evolving into global information ethics, that computer ethics is driven by the World Wide Web (WWW) and that computer ethics includes topics such as global laws, global cyber-business and global education.
Information security may directs and supports the organization and affiliated organizations in the protection of their information assets from intentional and unintentional disclosure, modification, destruction or denial through the implementation of appropriate information security and business resumption planning policies, procedures and guidelines (Peltier, 2005). There are three (3) main components in information security, which are Confidentiality, Integrity and Availability. Confidentiality is necessary to conceal important information that is saved or transmitted in online and offline environments from an unauthorized or unidentified party. Integrity is required to protect information content transmitted via the network from being illegally created, modified, or deleted. Availability refers to the availability of information resources, it may be much worse, depending on how reliant the organization has become on a functioning computer and communications infrastructure (Jong, 2007). The combination of these three main components may provide a better secure environment for information.
Security breach is where a stated organizational policy or legal requirement regarding information security has been contravened. A study was conducted by Symantec Corp in their Internet Security Threat Report, Malaysia is ranked 8 out of 10 top-infected countries in Asia-Pacific region as a target for cyber attackers (Sani, 2006). It shows that information assets and infrastructure become more vulnerable to cyber attacks.
Hence, it may be more important to address the issue of computer use and security as an attitude rather than a technology (Masrom and Ismail, 2008). The technology may vary between companies and vendors, but the attitudinal parameters can remain constant (Oblinger, 2003). If individuals, through awareness and knowledge, develop an ethical, moral attitude toward computer use and security, the transitions into the future will be much smoother. Computer use and security depends on shared responsibility for the ethics and integrity at the work place in securing the organization’s information.
The proposed framework comprises of The Code of Ethics, Ethics Awareness and The Law that makes up the antecedents that influence the information security. This study further establishes the relationship between computer ethics and information security.
Brey, P. (2000). Method in Computer Ethics:Toward a Multi-Level Interdisciplinary Approach. Ethics and Information Technology, 2(2):pp. 125-129.
Bynum, T.W. and Moor, J.H. eds. (1998). The Digital Phoenix: How Computers are Changing Philosophy, Oxford:Blackwell.
Jong, W.S. (2007). Information Security Component Framework and Interfaces for Implementation of SSL, IJCSNS International Journal of Computer Science and Network Security, 7(10).
Malaysia KPMG Fraud Survey Report. (2004). Nature of malware changes in 2001/2002.
Masrom, M and Ismail, Z. (2008). Computer Security and Computer Ethics Awareness: A Component of Management Information Systems. IEEE ITSim08. ISBN 978-1-4244-2327-9.
Oblinger, D. (2003). Computer and Network Security and Higher Education’s Core Values, EDUCAUSE Center for Applied Research, Research Bulletin, Vol. 2003, Issue 6, 1-11.
Peltier,R. (2005). Information Security Risk Analysis, CRC Press.
Sani.R. (2006). Cybercrime Gains Momentum. April3, New Straits Times.
Sullins, J. (2005). Ethics and artificial life: From modeling to moral agents, Ethics and Information Technology, 7:139-148.
Victor, B. and Cullen, J.B.(1987). Theory and Measure of Ethical Climate in Organizations. Research in Corporate Social Performance and Policy, 9:51-71.
Wyld, D.C. and Jones, C.A.(1997). Theimportance of context: The ethical work climate constructs and models of ethical decision-making –An agenda for research. Journal of Business Ethics, 16:465-472.
Yassin, Y. and Yunos, Z. (2006). Ethics in Info Security. NST Tech & U. November, 20:pp1-4.