AUTHOR
Cliff Evans
ABSTRACT
IT Security is becoming very important wherever computers and information come together. Training in IT Security in the UK has taken many forms, some good, and some poor. In order to provide guidance to those wishing to learn more about IT Security the Confederation of British industry (CBI) produced Guidelines on IT Security Training.
The author chaired the committee which produced these guidelines. When he later joined the University of Westminster he was given the opportunity to devise a course of study leading to a Masters degree in IT Security based on the CBI Guidelines.
The Guidelines included in post graduate degree courses a section on Law and Ethics in relation to IT Security. The Ethics section includes:-
- Principles of Conduct
- Codes of Conduct
- Rights and Responsibilities of People
- Employment Issues
- Ethical Considerations
This paper describes how the content of the Ethics teaching was devised, and how it was carried out. The University of Westminster attracts a very wide variety of students to it’s courses from a wide variety of backgrounds, so the section on Ethics had to be devised to cope with this situation without compromising the objective of the of the degree course.
The understanding of Ethics in any society depends on the background of both students and teachers. Ethical concepts are dependent of culture, race and faith, and can vary considerably as these dependencies vary. One of the ways of teaching computer ethics in this situation was to guide the students towards the search for common ethical values in IT within the group.
The current Ethics Module covers:-
- Introduction & definitions
- The Effect of Information Technology
- Rights and responsibilities of people
- Ethical Issues
- Law & Ethics
- Principles of conduct, Codes of Conduct & Codes of Practice
- Ethical Problems and the search for a Common Ethic
- Plus a Project
The background to all this is the main subject of ‘IT Security’, and the relevance of Ethics to this subject. Comparisons are also made to Ethics in some other professions
The subjects were covered by both formal lectures and by discussion/workshops. Much was learned from the project.
Information Technology covers the world. Almost everyone is (or soon will be) affected by it. The rapid development of computer communications (including the Internet) has brought about an ‘Information Revolution’ as significant as past revolutions such as the Industrial Revolution and the Printing Revolution. But, the Information Revolution has happened much more rapidly, and has affected many more people than any previous bloodless revolution. This has led to the rapid development of computer crime, which is increasing at a phenomenal rate. Hence the importance of IT Security.
If the world is to maximize the benefits of the Information Revolution, then it is imperative that we all find a common Ethic acceptable to all practitioners of Information Technology. The work on teaching Ethics in the context of teaching IT Security to graduates is forcing a reassessment of this important issue.
The section on Ethics, along with the rest of the course is still developing. This is usual in a subject which is changing so rapidly. The Ethics part of the course is changing as we adapt it to the needs of the students and to the changing subject itself.