in the use of IT to deliberate misappropriation by individuals or groups of individuals. The focal concern of this paper is to analyse problems related to computer ...
______
219
DEVELOPING ETHICAL PRACTICES To MINIMISE COMPUTER MISUSE
Shalini Kesar
Simon Rogerson
Centre for Computing and Social Responsibility De Montfort University The Gateway Leicester, UK LE1 9BH
Centre for Computing and Social Responsibility De Montfort University The Gateway Leicester, UK LE1 9BH
Abstract - Various researchers have suggested the need to
develop sound ethical information technology practices to combat the increased incidence of computer misuse. Relating to the ubiquity of information technology, this paper presents a basis to understand the nature of computer misuse. Such an analysis will help in developing ethical practices so as to minimise computer misuse. Finally, this paper argues that by addressing ethical issues at both formal and informal levels, the risks associated with information technology usage can be minimised.
I INTRODUCTION Modern organisations widely apply information technology (IT) in order to conduct their businesses more efficiently and effectively. Indeed, the logical malleability of computers has assured enormous application of computer technology in the future [33]. This has led organisations to become dependent on IT. In spite of the potential benefits that might occur, the use of IT withn organisations has resulted in new kinds of problems. These can range from incompetence, ignorance and negligence in the use of IT to deliberate misappropriation by individuals or groups of individuals. The focal concern of this paper is to analyse problems related to computer misuse. Computer misuse encompasses a wide range of illicit activities such as fraud, virus infections, hacking, illicit software, theft of data and software, unauthorised private work, invasion of privacy, and sabotage. Such illicit activities could vary from simple pranks to serious crimes. This paper is an attempt to understand the nature of computer misuse such that necessary management practices could be developed. It argues that in order to minimise computer misuse, organisations need to focus on developing ethical practices. In conducting the argument, ethical aspects are discussed and evaluated. Further, ethical principles are identified that might assist in minimising computer misuse. This paper is divided into five sections. After a brief introduction, the next section analyses the nature of computer misuse. Section three addresses issues that deal with managmg and controlling computer misuse. Section 0-7803-3982-7/97/$10.00 0 1997 IEEE
four dscusses the emergent issues and concerns. Finally, the conclusions of the paper are presented in section five. 11 NATUREOF COMPUTER MISUSE Based on the report of the US Office of Technology Assessments [351 adverse consequences can be classified into two broad categories: non-intentional and intentional. Non-intentional acts arise due to environmental damages, human error, or because of analysis and design faults. Intentional acts, on the other hand can be classified under three categories: violations of safeguards by trusted personnel, system intruders, or malicious software, viruses and worms. Natural or physical disasters including fires, floods, earthquakes, power failure and bomb attacks can be categorised as environmental damages. Most of these result in the destruction of not only the main computer systems but also backup systems causing damages up to hundreds and thousands of dollars. Whereas human errors could result from confusing instructions or procedures, inadequate internal controls, incorrect data entry, lack of familiarity with the system, inappropriate system application. Inadequate involvement of users, lack of adequate time and resources or incorrect use of methodological tools could all lead to analysis and design faults. In contrast, intentional acts occur when employees within the organisation engage in acts that are unauthorised and prohibited. In such a situation violations of safeguards by trusted personnel occur. This is reflected in a report from the US that showed that nearly 81 per cent of computer crime is committed by current employees [5]. The second type of intentional act occurs when individuals engage in illegal or unauthorised and disruptive behaviour such as hacking (sometimes known as cracking). Intentional acts could also occur when malicious software, viruses and worms are released into computer systems. Logic bombs and Trojan horses are examples of such intrusions. For instance, the damage caused by viruses in the US was as high as 1.1 billion dollars in 1991 [36].
Intentional acts such as fraud, virus infections, hacking, illicit software, invasion of privacy and sabotage have been dealt under the term “computer misuse”. However, in the literature the terms misuse and abuse have often been used inter-changeably. Furthermore, various researchers have propounded numerous definitions for “computer misuse”.
220 For instance, Parker (1976) defined the term “computer abuse” to include white-collar crime, vandalism and malicious mischief. According to him, white-collar crime is “ . . ,any endeavour or practice involving the stifling of free enterprise or promoting of unfair competition; a breach of trust against an individual or an institution; a violation of occupational conduct or jeopardising of consumers and clientele”. More recently, the Audit Commission [2] defined computer abuse as a term that includes various types of deliberate acts such as computer fraud, virus distribution, hacking, and sabotage. For the purpose of this paper, computer misuse is defined as the occurrence of an intentional act, in other words a deliberate misappropriation by which individual(s) intend to gain dishonest advantages through the use of the computer system(s). Misappropriation itself may be opportunist, pressured, or a single-minded calculated contrivance. A number of studies indicate that computer misuse within organisations is increasing. For example, The Audit Commission has been conducting surveys for almost a decade, to provide information aboht misuse of computers within UK organisations. In the 1990 report based on 1,537 respondents the Commission reported 180 incidents of computer fraud and abuse. In the subsequent 1993 survey of 1,073 organisations, 537 incidents were reported - an increase from 12 per cent to 36 per cent [2]. Such is the magnitude of concern that in four of the reported cases of sabotage, organisations lost 5104,625. Another UK based study of 300 companies showed that there were more than 293 events in 1995 alone [21]. Indeed the problem of computer misuse is not restricted to particular countries. For instance, it has been indicated that the USA faces losses of up to at least 10 billion dollars every year [36]. Further, it was reported in the press that nearly &122,000 was lost because of a hacker gaining unauthorised access into the Agricultural Bank of China [101. Against this background, the extent of damage that can be caused by computer misuse cannot be underestimated. Indeed it is an issue of significant concern. Prior to considering the reason for the occurrence of such illicit activities, it is important to understand the different roles played by computers in any fraudulent activity. According to Parker, people use computers in essentially four ways to commit illicit acts [37]. Cases that involve fraud, theft, embezzlement, and vandalism could be identified with one or more of the following roles. First, a situation occurs when computers can simply be an object of attack. In such a case valuable data or programs are destroyed, sometimes computers or parts of it are stolen. Examples of such cases are vandalism, malicious mischief or sabotage. The second role played by computers is where they create a iinique environment in which unauthorised activities can occur, or where the computer creates unique forms of assets snch as computer programs and information representing money.
Examples of such cases are frand, espionage or extortion. The thxd role is where computers are used as the instrument of an illicit act. The computer enables the offender to breach security, enter an organisation’s computer system and undertake some fraudulent act Finally, the fourth role is where computers are used symbolically to intimidate, deceive or defraud. While trying to understand and analyse co’mputer misuse researchers have adopted different perspectives Backhouse and Dhillon [3] for example, focus on personal factors, work situations, and opportunities to explain the cause of computer related misuse According to them various research propounded on computer related misuse falls either into one of the categories or encompass all of them. First, this section begins by looking at an individual offender, followed by exploration of the workplace culture. Finally, opportunities found in the different organisational structures are explored. This is discussed under three categories as described by Backhouse and Dhillon. Illicit acts that are motivated by greed, selfishness and individualism inherent in the values of capitalist society can be associated with personal factors. Davies [13] advocates that complex human emotions and needs such as financial pressure could turn an otherwise trusted employee into an embezzler or saboteur. He attributes this to individuals who fear losing their jobs through redundancy, feel under-promoted, or feel aggrieved. Whereas Croall [ 121 attributes personal factors such as greed and selfishness as the basis for initial motivation for computer misuse. It is true that personality factors cannot be ignored. However, focusing on individual characteristics of offenders provides only a partial perspective of computer misuse. Therefore, changes in personality must be seen in the context of the work situations. Some aspects of computer misuse can be influenced by the culture of the organisation. In particular, management attitude, staff supervision, d f i s i o n of responsibilities, work pressure, and payment systems can all be associated with computer misuse. Research shows that often management do not report cases related to computer misuse or deliberately hide the offence. Icove [22] attributes this to management fear of loosing the confidence of their employees, clients, and stockholders if they admit that their computer systems have been attacked. This is illustrated in a recent test sponsored by the Department of Defence where in 8932 participating systems, 7860 of those systems were penetrated. Surprisingly, management detected only 390 of the intrusions. Moreover, only 19 of these cases were reported by the management. This evidence hghlights the need to monitor carefully work situations as they can inadvertently promote computer misuse. Computer misuse often occurs because of the opportunities that an environment may offer
22 1 Organisational problems such as lack of safeguards, together with ineffective monitoring and lack of internal audits lead to illicit acts (for example see, [36], [IS]). This is perhaps reflected in the finding that nearly 61 per cent of computer misuses have been carried out by employees within organisations, while only 9 per cent have been positively linked with outsiders. It is therefore likely that some of the remaining 30 percent will be employees as well [43]. The Audit Commission Survey indicated that supervisory and managerial staff are responsible for the majority of the computer misuse. Nevertheless the reports have also shown a change in the pattern indicating that administrative staff were responsible for 60 per cent of computer fraud 121. Hence, it is evident that potential offenders can only benefit given suitable opportunities where organisations have failed to take the necessary precautions. This explains why offenders find that the rewards of engaging in an illicit act outweigh the risks of detection and punishment [4]. Furthermore, poor administration system such as inefficient passwords policies, out of date technical knowledge, and lack of security software are cited as the principle weakness by hackers 1261. Finally, lack of awareness was also found to be a key factor. Employees at a managerial and supervisory level often fail to understand the consequential risks that computer misuse might present [2]. Personality factors, work situation, and opportunities are equally relevant in understanding computer misuse. This is because opportunities for computer misuse may be well spread in an organisation but different responses arise from various pressures and working conditions which may originate within organisations or from outside. Consequently, such factors have a profound significance on analysing issues raised in understanding computer misuse. However, in practice most research tends to focus on law and its enforcement rather than attitudes and motivations of the offenders or the cultures within the organisation [ 121, MANAGING COMPUTER MISUSE In addressing the issue of computer related misuse, this paper suggests that management needs to adopt ethical practices. This is because techniques and countermeasure that focus on technical and formal applications within organisations are not enough. Furthermore, attempting to manage computer misuse through these two mechanisms fails to recognise the significant moral dimension of these problems. Computer misuse is inextricably linked to ethics and thus organisations are increasingly interested in sensitising members of staff to the ethical components of their everyday business decisions [29]. To be effective this ethical consideration must be practical and should address issues such as employee awareness, training and education, and corporate policy. 111
In light of this, organisations are still trying to cope with the new opportunities, ethical dilemmas, and threats
induced by computers. Indeed, with the ubiquity of computer misuse ethical issues such as privacy and confidentiality are multiplying. In this respect, the focus of this paper is to argue that organisations need to consider certain ethical principles at a more pragmatic level. First, relevant measures taken by various organisations to improve their regulations and controls are explored. This is followed by looking at ethical consideration at different levels within an organisation.
Computer security controls: In order to deal with the ever increasing problem of computer misuse, organisations have developed various techniques and countermeasures. Before the realisation of computer security measures, organisations were simply concerned with general security such as locks, barriers, and uniformed guards [38]. Unfortunately, threat from intentional acts such as computer fraud, hacking, and sabotage is not amenable to effective treatment by just applying technical approaches. For technical applications are mechanisms which are built into systems and need, to some extent, an element of voluntary compliance by all users. Tools, techniques, and various handbooks have been developed in order to detect and prevent intentional illicit activities within organisations. However, this is not enough as it is difficult to secure systems in a heterogeneous, networked computer environment [42]. Legislative controls: Various laws exist that deal with issues related to computer misuse, for example, the Computer Misuse Act 1990 in UK and the Computer Fraud and Abuse Act 1986 in the US. Computer-related legislation started in the late 1970s. Most advanced nations have some form of legislation which addresses issues concerning computer systems and related aspects. Although in theory many forms of computer misuse could be dealt with using existing legislation, prosecuting people who are involved in computer misuse is very hard and demanding in practice (for example, see the cases of Robert Morris and Craig Neidorf). Computer related legislation can be helpful to organisations to prosecute employees only if they have effective and up to date records, personnel disciplinary measures and clear policy statement. Researchers and practitioners alike have begun to realise that existing law cannot easily be applied to deal with computer related misuse and additional necessary legislation is required. For example, the Computer Fraud Abuse Act and other legislation have been criticised for having loopholes and ambiguities [24]. A . Shortcomings In practice, it has often been found that while developing countermeasures for computer misuse threats, the primary concern has been to focus on technical solutions and their functionality [15]. Studies have also highlighted a gap between the use of IT and the understanding of security implications inherent in its use by the employees (for example, see [28]). This perhaps
222
explains why figures representing the number of systems within organisations that have been successfully penetrated without detection are startling. For example, the FBI’s National Computer Squad estimated that approximately 85 per cent of computer intrusions are not even detected [22]. There is a clear indication that security and legal solutions on their own are not effective.
B. Ethical considerations It has already been indicated in the previous section that organisations need to focus on controls that consider ethical aspects of IT. It has also been suggested that the role of ethics in IT is to provide an approach to problems where processes need to be examined from various angles [30]. Moreover, the study of ethics in technological fields will allow developers to gain more insight into the human element of the systems [46] The concept of ethics has been defined and interpreted by various thinkers such as Aristotle, Plato, and Kant. The term “ethics” refers to a code or set of principles by which people live and involves a process of self-reflection. According to Donaldson [16], ethics is not a religion nor does it presuppose religious precepts. Supporting t h s view, White [45] regards this attribute of ethics as a major advantage. This is because ethics not only avoids the authorisation bases of law and religion as well as their subjectivity and arbitrariness, but also irrationality that may characterise cultural or personal moral views. Ethcal issues surrounding IT have attracted many researchers from different disciplines (for example, see [9] and [17]). In the literature many of the computer misuse issues have been dealt with under “computer ethics”. The term “computer ethics” was coined by Maner [311 to refer to the study of ethical problems aggravated, transformed or created by computer technology. Mumford [34] on the other hand, suggests that “Ethics is about making choices .... ethical problems do not appear to change very much with time, although the nature of choices and available solutions may take very different forms”. Other seminal work in this area has been done by researchers such as Moor [33] and Johnson [23]. Bynum [6] uses Moor’s adaptation to define computer ethics as the identification and analysis of the impact of IT on social and human values like health, wealth, work, opportunity, security, and self fulfilment. This broad definition not only embraces applied ethics but also computer law, sociology of computing and other related fields. Moreover, it employs concepts, theories and methodologies from those and any other relevant disciplines. Indeed this provides a perspective that is practically useful. In order to manage computer misuse, it is important organisations accept that illicit acts such as computer fraud and sabotage may take place at any point within the occupational hierarchy. This management task is no doubt difficult and requires conscious effort, a careful allocation
of time, and specialised personnel [SI. An ongoing process is necessary that considers ethical issues both at the formal and informal level of an organisation. This classification was originally proposed by Liebenau and Backhouse to understand the nature of organisations [27]. However, it is not the intention of this paper to give a detailed description of the technical, formal, and informal systems. This classifcation is used to understand the systematic position of ethics within an organisation. The next section considers the role of ethics at the formal and informal levels of an organisation. This section stresses equal consideration of both the levels in order to minimise computer misuse, which is contrary to current organisational practice. C. Ethics at the formal level The higher the level of dependency on IT, the greater the likelihood of organisation to become vulnerable to computer related misuse. It is therefore important that organisations need to implement effective and systematic policies. The reviewing and updating process of corporate policy should be governed by the organisation’s objectives and the level of vulnerabilities. As Conger et a1 [ 111 point out, lack of policies and formal rules within organisations are interpreted by employees as a license to what they wish. Formalised rules will also help in facilitating bureaucratic functions in order to resolve any ambiguities and misunderstanding within organisations.
Training programme: It has often been noted that information systems personnel frequently receive little or no training in ethical implications [ 141. Training programmes at different levels within organisation will help in increasing general awareness and understanding of the potential damage that can be caused by computer misuse. Training programmes that include staff awareness and professional development programmes could be conducted at both formal and informal level in an organisation. Such measures will not necessarily reach a definitive conclusion but will alert employees to the risks of computer misuse. Awareness results in alertness in areas where dishonesty, conflict of interest, and exploitation may occur and ensures employees apply current standards. Controls and policies are of no value unless there is awareness and appreciation among employees [44]. Consequently, controls and policies require full support of the staff within the organisation and checks and controls can only be successfully implemented when the staff support the concept of those checks. At a formal level courses could be conducted through seminars, workshops, conferences, specific user training, and staff induction. Training and development programmes need to be established that will cater for the employees at all levels of an organisations. As Gotterbarn [ 191 points out, development programmes within computing should include the following: an introduction to
223 the responsibilities of the profession, an articulation of the standards and methods used to resolve non-technical ethical questions within the profession, and finally to include the development of proactive skills to reduce the likelihood of future ethical issues.
controls and ethical policies play an important role in minimising the risks associated with IT. However, it is significant that people functioning within such constraints of controls and policies should be aware of the need for them.
Disciplinary measures: It is important that organisations formally implement disciplinary measures as one of the methods of dealing with computer related misuse. Depending on the nature of the offence, different measures can be taken by the management ranging from a written warning with reference to the existing legislation through to prosecution of an employee.
D. Ethics at informal level According to Liebenau and Backhouse [27], an informal system is dynamic in nature where people have capacity to meet changing circumstances. Indeed, by sustaining informal systems, organisations can respond to the new threats and opportunities that they may face. Thus, people working in an informal system within organisations have the adaptability and flexibility to recognise new conditions. Organisations need to have both formal and informal systems because the characteristics of an organisation cannot simply be represented by formalised rules.
Effective controls: Formal controls within organisations relate to physical access control, systems development, maintenance controls, changing of passwords, library controls, and system performance measurement aids. These controls play a prominent role in the management of computer misuse such as computer fraud. According to Krauss [25], such controls are not mandated by law or by any external commission or government bodies but it is the responsibility of the management to define, administer, monitor and enforce controls on employees. Planning and establishing a corporate policy: The overall corporate policy should be endorsed and promulgated by the members is the management. Key issues such as a code of practice for IT security, conduct of employees, regular internal checks, rotation of duties need to be addressed. Although, it is important to note that controls within organisations will differ since controls and policies largely depend upon the prevalent organisational culture. Professional organisations such as ACM (Association for Communication Machinery), IEEE (Institute of Electrical and Electronics Engineers), BCS (the British Computer Society), and IFIP (International Federation for Information Processing) have been formulating and revising codes of ethics and conduct applicable to IT industry in order to assist computer professional in organisations when facing complex ethical issues. In fact, in the late 1960s Parker [39] was among the first to assist the ACM in adopting a code of ethics prohibiting actions that undermined corporate and societal support for the computer professional. Parker's ACM activities and reports on computer related misuse were followed by social science research on ethcal practices among computer professionals (for example, see [20]). Although, codes of ethics have been developed to provide guidelines to the computer professional, the fundamental difficulty with codes of ethics is that there is no guarantee that this will make people behave ethically. Furthermore, the codes of ethics have context-sensitive use of moral directives but they can ignore personal and societal issues [46]. A number of critics have also pointed out that such codes are not being implemented in practice [ 181. Indeed technical
Awareness: The importance of training, awareness and development programmes at both formal and informal level has already been stressed. At the informal level, organisations need to address more pragmatic and ethical issues in order to minimise computer misuse. This could involve the utilisation of existing corporate and departmental means of communications such as videos, magazines, newsletters, and circulars, as these can have a favourable effect on the ' employees in the organisation. This can not only be beneficial in increasing general awareness on computer misuse but will also increase awareness of new and otherwise unknown threats within organisations [44]. Hence, each method and tool can be used in an ad hoc way to convey issues effectively and raise awareness concerning ethical dilemmas that surround IT. Nevertheless, some organisations regard this as having limited benefit, and by some even as a waste of time and a diversion from the goals of production and profitability [SI. Monitoring employee behaviour: Another step that could be taken at the informal level is to monitor employee behaviour. This could be done by managers simply being observant and sensitive to any behavioural change in employees. Indeed there is a fine line between monitoring employees and invading their privacy. Hence, it may be appropriate to leave such issues at an informal level where bureaucratic procedures can be avoided and management can be relied upon to continue to be sensitive to behavioural changes among staff such as personal or group conflicts [27].
-.
IV
DISCUSSION
In the previous section, we discussed issues at both formal and informal levels that can help organisations in managing computer misuse. This will help in developing comprehensive ethical principles to manage and prevent computer misuse. This section synthesises some key
224
ethical principles that will help organisations in developing good practice frameworks. Many researchers believe that ethical theories will help in providing a rational basis for making moral judgements, providing guidance, and in decision making. For instance, Maner [32] uses applied ethics to deal with the ethical aspects that surround IT. He focuses on Utilitarian ethics of Jeremy Bentham and John Stuart Mill and on ethics of the philosopher Immanual Kant. Similarly, in her book “Computer Ethics”, Johnson [23] analyses ethical aspects of IT by combing philosophy, law and technology. She uses procedures and concepts from Utilitarianism and Kantianism to address ethical issues that surround information technology. A similar stance is adopted by Spinello [42]. Further, Rogerson and Bynum [41] have developed a perspectives model, based on Aristotle’s model of ethic,il decision making. According to them this model will help in the preliminary analysis and decision making of any system development project. More recently, Rogerson [40] has also developed a set of eight ethical principles regarding how computer professionals should conduct themselves. The eight principles relate to honour, honesty, bias, adequacy, due care, fairness, social cost, and action. These principles are based on the ideas of McLeod and Velasquez. Rogerson argues that people within organisations need to be aware of the ethical issues surrounding IT. This is because they are responsible for influencing and establishing ethical sensitivity within their organisations. However in practice, it is difficult to consider each ethical dimension in detail, therefore it is important to focus on the key factors which are likely to influence significantly the success of that particular project. Rogerson defines these key factors as ethical hot-spots. Ethical hot-spots are “points where activities and decision making are likely to include a relatively high ethical dimension”. Ethical hot-spots have been identified in project management of an information system development activity. Thus by using these eight principles and identifying ethical hot-spots computer professionals consider technological, economical and sociological aspects of IT. Although, these principles can be found embedded in the codes of conduct such as the ACM, identification of ethical hot-spots can be used at an informal level Once, ethical principles and hot-spots are established, frameworks can be developed with the support of the technical and formal controls. This will not only enhance critical analysis but also help in understanding ethical issues that surround IT. Finally, researchers (for example, see Maner [3 I], Gotterbarn [19], and Bynum [7]) argued that tomorrow’s computer professionals need to be aware of the ethical dimension of IT. This can be done by exposing and sensitising computer science students to ethical dimension of IT [6]. The ACWIEEE-CS report nominated “Social, Ethical and Professional Context” as one of the nine key
areas of the recommended computer science curricula. This educational enhancement is required because in the near future many of computer science undergraduates will create systems that will not only have an impact on people and organisations but also on society in general. As a result, technically oriented students will be well versed in the social aspects of computing.
V
CONCLUSION The extent to which computer misuse could cause damage within organisations can be gauged from the findings of the 1994 UK Audit Commission survey. It revealed a 183 per cent increase in reported incidents of computer misuse. In order to have a greater understanding of the nature of computer misuse, it is important to analyse the attitudes and motivations that lie behind such illicit activities. At the same time, some computer related misuse can also be associated with opportunities and workplace cultures within an organisation. Examination of such factors will not only help in exposing the offenders but assist the development of effective control measures. In order to deal with the increasing incidents of computer misuse, this paper has suggested the need to develop sound ethical IT practices to combat this growing trend. By adopting such management practices there is a greater chance of establishing ethical sensitivity within an organisation. Further, combination of continuing activities involving formal and informal training, awareness and development programmes will help in raising and enhancing general issues related to IT. Such programmes should be targeted at all level in an organisation ranging from senior management, middle management (both technical and non-technical) through to the IT users themselves. This will perhaps promote a consensus on controversial issues such as privacy and intellectual property. Ultimately, adoption of professional codes of ethcs cannot guarantee that people within organisations will behave more ethically, just as the teaching of computer ethics and legislation cannot in themselves transform human behaviour. However, it will help in reducing the incidences of malfunctions and computer misuse within organisations. As Anderson [11 points out, professional societies and educational institutions need to set an example, for other members of the society, to take the lead and address the ethical issues related to IT.
VI
REFERENCES
R. E. Anderson, The ACM code of ethics: history, process, and 1. implications. in Social issues in computing: putting computing in its place, C. Huff and T. Finholt, Editor., McGraw-Hill, 1994. Audit Commission, Opportunlty makes a thief- an analysis of 2. computer abuse, HMSO: London, 1994.
225
3. J. Backhouse, and G. Dhillon “ Managing computer crime: a research outlook,” Computers &Security, Vol. 14, 1995, pp. 645-65 1. 4. P. Balsmeier, and J. Kelly, “The ethics of sentencing white-collar criminals,” Journal ofBusinessEthics, Vol. 15, no. 2, 1996, pp. 143-152. 5. R. K. Brown, Security overview and threat, National Computer Security Educators, Information Resource Management College, National Defence University, 199 1.
6. T.W. Bynum, Computer ethics in the computer science curriculum, in Teaching computer ethics, T W Bynum, et al., Editor, Research Center on Computing and Society, Southem Connecticut State University: New Haven, Connecticut, 1992. 7. T.W. Bynum, W. Maner, and J. L. Foder, Teaching computer ethics, Research Center on Computing and Society, Southem Connecticut University: New Haven, Connecticut, 1992. 8. M. Clarke, Business crime: its nature and control, Southport: Polity Press, 1990.
24. D. J. Kluth, “The computer virus threat: a survey of current criminal statues,” Humline Law Review, vol. 13, spring, 1990, pp. 297-3 12. 25. L. I. Krauss, and A. MacGahan, Computer fraud and countermeasures, Englewoods Cliffs: Prentice-Hall, 1979. 26. J. Lambeth, “Why hackers have no fear of facing security”, in Computer Weekly, 1996. 27. J. Liebenau, and J. Backhouse, Understanding information: an introduction, London: MacMillan, 1990. K. D. Loch, H. H. Cam, and M.E. Warkentin, “Threats to 28, information systems: today’s reality, yesterday’s understanding,” MIS Quarterly, June, 1992, pp. 173-186.
29. K. D. Loch and S. Conger, “Evaluating ethical decision making and computer use,” Communication of the ACM, vol. 39, no.7, 1996, pp. 74 -83. J. M. Lozano, “Ethics and management: a controversial issue,” 30. Journal OfBusinessEthics, vol. 15, n0.2, 1996, pp. 227-236.
9. W. R. Collins, K.W. Miller, B.J. Spielman, and P. Wherry, “How good is good enough?: an ethical analysis of software construction and use,” Communication of the ACM, vol. 37, no. 1, 1994.
W. Maner, Starter kit on teaching computer ethics, Helvetia 31. Press, 1980.
10. Computing, “China executes hacker over 5122,000 theft”, 1993, London. pp. 1.
W. Maner, “Unique ethical problems in information technology,” 32. Science and Engineering Ethics, v01.2, no.2, 1996, pp. 137-154.
S. Conger, K. D. Loch, and B. L. Helft, “Ethics and information 11. technology use: a factor analysis of attitudes to computer use,” Information Systems Journal, vol. 5, 1995, pp. 161-184.
J. H. Moor, “What is computer ethics,”Metuphilosophy, vol. 16, 33. no.4, 1985, pp. 266-275.
H . Croall, White collar crime, Milton Keynes: Open University 12. Press, 1992.
D. Davies, 13. Law, 1990.
“
The nature of computer crime,” Computers and
J. T. Delaney, and D. Stockell, “Do company ethics training 14. programs make a difference? an empirical analysis,” Journal of Business Ethics, vol. 11, no.9, 1992.
E. Mumford, Systems design - ethical tools for ethical change. 34. London: Macmillan Press Ltd. 1996.
35. Ofice of Technology Assessment, Information security and privacy in network environments, US Government Publication, 1994. E. Oz, Ethics for the information age, 1st ed., Business and 36. Educational Technologies, 1994.
37. D. B. Parker, Crime by computer, New York: Charles Scribner’s Sons, 1976.
G. Dhillon, and J. Backhouse, “Risks in the use of information 15. technology within organisations,” International Journal of Information Management, vol. 16, no.1, 1996, pp. 65-74.
38. D. B. Parker, Computer security management, Reston: PrenticeHall, 1981.
T. Donaldson, and T. W. Dunfee, “Toward a unified conception 16. of business ethics: integrative social contracts theory,” Academy of ManagementReview, vol. 19, no. 2, 1994, pp. 252-284.
39. D. B. Parker, S. Swope, and B. N. Barker, Ethical conflicts in information and computer science, technology, and business, Wellesley: QED Information Sciences, 1990.
C. Dunlop, and R. Kling, ed. Computerization and controversy.’ 17. value conflicts and social choices, Academic Press: San Diego, 1991.
40. S. Rogerson, Sofhare project management ethics, in The Responsible software engineer, C Myers, et al., Editor., Springer, 1996, pp. 100-106.
T. Forester, and P. Morrison, Computer ethics: cautionary tules 18. and ethical dilemmas in computing. 2nd ed., Camhridge: The MIT Press, 1994. D. Gotterbarn, The use and abuse of computer ethics, in 19. Teaching computer ethics, T. W. Bynum, et al., Editor., Research Center on Computing and Society, Southem Connecticut State University. p. 73-83, 1992.
S. Rogerson, S and T. W. Bynum, “Towards ethically sensitive 41. WIT projected related decision making,” in COOC’95, 1995. R. A. Spinello, Ethical aspects of information technology, 42. Englewood cliffs: Prentice- Hall, 1995. I. Strain, “Top bosses pose the main security threat,” Computer 43. Weekly, 1991, UK. p. 22.
C. HUE, and .T Finholt, ed. Social issues in computing: puffing 20. computing in its place, McGraw-Hill, 1994. 21.
I B M , A risk too far: business continuity: every manager’s
responsibility, IBM in association with Cranfeld School of Management, 1996.
A. R. Warman, Computer security within organisations, 44. London. Macmillan Press, 1993.
T. I. White, A business ethics- a phllosophical reader, New 45. York. 1993.
22. D. Icove, K. Seger, and W. VonStorch, Computer crime: a crimefighter‘s handbook, Sebastopol: O’Riley & Associates, 1995. D. G. Johnson, Computer ethics, 2nd ed., Englewood Cliffs: 23. Prentice-Hall, 1994.
T. Wood-Harper, S. Corder, J. R. G. wood, and H. Watson, 46. “How we profess: the ethical systems analyst,” Communication of the ACM, vol. 39, no. 3, 1996, pp. 69-77.
