DEVELOPMENT OF COMPUTER ETHICAL FRAMEWORK FOR
INFORMATION SECURITY
(EDUCATIONAL CONTEXT)
MEYSAM NAMAYANDEH
A thesis submitted in fulfillment of the
requirements for the award of the degree of
Master of Computer Science (Information Security)
Centre for Advanced Software Engineering
Faculty of Computer Science and Information System
Universiti Teknologi Malaysia
MARCH 2009
DEDICATION
To my beloved Father and Mother
ACKNOWLEDGEMENT
This thesis would not have been possible without warm support of my family.
The words come alive and inspire me by many reasons for writing these words. My
father, who had guided me in breathless moments to happiness shelters and my
mother for her unspeakable miracle. To my brother, Mohammad for his supports and
her lovely wife Hengameh. To my lovely sister Marjan, the only angel in my entire
life and her husband Mohsen, whom I may not be able to elaborate his character. Of
course, I never forget my niece and nephews after all these years away from them.
Even though, I may not find the appropriate words to describe them in few sentences,
but this would remain in my heart to pray for them and I wish their holiness shadow
would shine on me until the time without the end.
Walking through all these years and meeting interesting people one after the
other, there are few friends of mine whom I wish all the best to them while we were
in India. As my second phase of life started in Malaysia, I wish to thanks Hossein
and Tahmineh for their true meaning of friendship while we were spending our
moments together. As the end of this acknowledgment, I have to dedicate my
extreme appreciation to Dr. Rabiah Ahmad and my supervisor Dr. Maslin Masrom
whom I may not experience this level of academic stage without their warm and
bottomless guidance.
ABSTRACT
Information security and ethics have viewed as one of the foremost areas of
concern and interest by academic researchers and industry practitioners. They are
defined as an all-encompassing term that refers to all activities needed to secure
information and systems that supports it in order to facilitate its ethical use. In this
research, this very important part of current studies introduced and the fundamental
concepts of a security framework are discussed. To achieve the goals of information
security and ethics in Malaysian setting, there is a need of proper research and
Malaysian students at Universiti Teknologi Malaysia International Campus Kuala
Lumpur are chosen as a case study. Many kinds of technology-induced issues
involve economic, political, social, operational and others. However, the most
important and controversial issues often deals with such legal and ethical matters as
security and privacy from educational aspects. Using survey research, insight is
provided regarding the extent to which and how university student have dealt with
issues of computer ethics and results of designed information security and computer
ethics framework on their future career and behavioral experience are addressed.
ABSTRAK
Keselamatan maklumat dan etika dilihat sebagai satu daripada bidang utama
yang menjadi perhatian dan menarik minat para penyelidik akademik dan pengamal
industri. Ia ditakrifkan sebagai istilah terangkum yang merujuk kepada semua aktiviti
yang diperlukan untuk menyelamatkan maklumat dan sistem yang menyokongnya,
dengan tujuan untuk memudahkan penggunaan secara beretika. Dalam penyelidikan
ini, kajian semasa keselamatan maklumat dan etika diperkenalkan dan konsep asas
rangka kerja keselamatan dibincang. Sejarah etika komputer yang meluas juga dikaji.
Untuk mencapai matlamat keselamatan maklumat dan etika dalam persekitaran
Malaysia, suatu kajian yang tersusun diperlukan dan pelajar-pelajar di Universiti
Teknologi Malaysia International Campus Kuala Lumpur telah dipilih sebagai
kajian kes. Terdapat banyak jenis teknologi yang menyebabkan tercetusnya isu-isu
yang berkait dengan ekonomi, politik, sosial, operasi dan lain-lain. Walau
bagaimanapun, isu kontroversi paling utama adalah yang berhubung dengan isu
undang-undang dan etika seperti keselamatan dan kerahsiaan daripada aspek
pendidikan. Dengan menggunakan penyelidikan kaji selidik, kefahaman mendalam
tentang bagaimana pelajar-pelajar universiti menangani isu-isu etika komputer
dikemukakan dan dapatan kajian rangka kerja keselamatan maklumat dan etika
komputer yang dibangunkan terhadap kerjaya masa depan pelajar dan pengalaman
lakuan dibentang.
vii
TABLE OF CONTENTS
CHAPTER
TITLE …...
..
PAGE
DECLARATION ......................................................................................... v DEDICATION ............................................................................................ vi ACKNOWLEDGEMENT ........................................................................ vii ABSTRACT .............................................................................................. viii ABSTRAK ................................................................................................... ix TABLE OF CONTENTS .......................................................................... vii LIST OF TABLES ..................................................................................... xii LIST OF FIGURES .................................................................................. xiii LIST OF APPENDICES .......................................................................... xiv
1 INTRODUCTION............................................................................................... 1 1.1 Background of Problem .......................................................................... 2 1.2 Problem Statement .................................................................................. 3 1.3 Project Aim ............................................................................................. 4 1.4 Project Objective..................................................................................... 5 1.5 Project Scope .......................................................................................... 5 1.6 Importance of Study................................................................................ 5 1.7 Summary ................................................................................................. 6
2 LITERATURE REVIEW................................................................................... 7 2.1 Introduction ............................................................................................. 7
viii
2.2 Computer and Educational Society......................................................... 8 2.3 Computer Ethics Historical Milestones .................................................. 9 2.3.1 1970s ............................................................................................. 9 2.3.2 1980s ........................................................................................... 10 2.3.3 1990s ........................................................................................... 10 2.3.4 2000s ........................................................................................... 10 2.4 Defining the Field of Computer Ethics ................................................. 14 2.5 Topics in Computer Ethics ................................................................... 16 2.5.1 Computers in the Workplace ........................................................ 16 2.5.2 Computer Crime ........................................................................... 17 2.5.3 Privacy .......................................................................................... 18 2.5.4 Intellectual Property ..................................................................... 19 2.5.5 Accuracy ....................................................................................... 20 2.5.6 Accessibility ................................................................................. 20 2.5.7 Morality ........................................................................................ 21 2.5.8 Moral Model ................................................................................. 22 2.5.9 Awareness..................................................................................... 23 2.6 Developing Computer Security Awareness .......................................... 24 2.6.1 Basic Principals of Computer Ethics .......................................... 24 2.7 Types of Typical Attacks ..................................................................... 27 2.8 Types of Prevention ............................................................................. 29 2.9 Training and Education ......................................................................... 30 2.10 Training and Security Dimension ......................................................... 32 2.11 Educational Aspect ............................................................................... 34 2.12 Why Teach Computer Ethics ................................................................ 36 2.13 Ethical Issues to be Addressed.............................................................. 38 2.14 Code of Computer Ethics and Acceptable Use policy .......................... 38 2.15 Instructional Approach to Scenario Method ........................................ 43 2.15.1 Instructional Approach One
43 2.15.2 Instructional Approach Two
44 2.15.3 Instructional Approach Three
44 2.16 Ethics as Foundation of Information Security ...................................... 45 2.17 Related Research................................................................................... 48 2.18 2.17.1 Deindividuation Model
49 2.17.2 Planned Behavior Model
51 2.17.3 ISSX model
53 Summary ............................................................................................... 55
3 RESEARCH METHODOLOGY .................................................................... 56 3.1 Introduction ........................................................................................... 56 3.2 Survey Design ....................................................................................... 57 3.3 Research Philosophy ............................................................................. 58 3.3.1 Quantitative Research
58 3.4 Research Purpose Types ........................................................................ 59 3.4.1 Descriptive
59 3.4.2 Explanatory
60 3.4.3 Experimental
61 3.5 Data Collection Method ........................................................................ 61 3.5.1 Research Flowchart
62 3.5.2 Data Sampling Method
63 3.5.3 Instrumentation and Data Analysis
64 3.6 Research Planning and Schedule .......................................................... 66 3.7 Limitation of Research.......................................................................... 67 3.8 Summary ............................................................................................... 67
4 RESULT AND DISCUSSION ......................................................................... 68 4.1 Introduction ........................................................................................... 68 4.2 Research Framework ............................................................................ 68 4.3 Educational Approaches ....................................................................... 71 4.4 Information Security and Computer Ethics .......................................... 71 4.4.1 Scenario Framework
73 4.5 Purpose of Distributed Survey .............................................................. 75 4.6 Demographics ....................................................................................... 76 4.7 Educational Perception ......................................................................... 78 4.7.1 Awareness
................................................... 78 4.7.2 Privacy ......................................................................................... 79 4.7.3 Intellectual property ..................................................................... 80 4.7.4 Accessibility ................................................................................ 81 4.7.5 Morality ....................................................................................... 82 4.7.6 Accuracy ...................................................................................... 82 4.7.7 Information Security Perception .................................................. 84 4.7.8 Computer Ethics Perception ........................................................ 84 4.8 Real Time Scenarios Analysis .............................................................. 85 4.8.1 Scenario Number One ................................................................. 86 4.8.2 Scenario Number Two ................................................................. 87 4.8.3 Scenario Number Three ............................................................... 89 4.9 Summary ............................................................................................... 90
5 CONCLUSION AND RECOMMENDATION .............................................. 91 5.1 Summary ............................................................................................... 91 5.2 Contribution of Study ........................................................................... 92 5.3 Direction of Future work ...................................................................... 92
REFERENCES ......................................................................................................... 94 Appendices A-B
............................................................................................ 101-113 xii
LIST OF TABLES
TABLE NO.
…
TITLE
….
PAGE
2.1
Classified Recent Ethical Research............................................... 12 2.2
Field of Interest ............................................................................. 13 4.1
Awareness ..................................................................................... 78 4.2
Privacy .......................................................................................... 79 4.3
Intellectual Property ...................................................................... 80 4.4
Accessibility .................................................................................. 81 4.5
Morality ......................................................................................... 82 4.6
Accuracy ....................................................................................... 83 4.7
Information Security ..................................................................... 84 4.8
Computer Ethics ............................................................................ 85 4.9
Scenario No 1 ................................................................................ 86 4.10
Scenario No.2 ................................................................................ 88 4.11
Scenario No 3 ................................................................................ 89 LIST OF FIGURES
FIGURE NO.
TITLE
PAGE
2.1
Moral Model (Mellisa, 2006) ................................................................ 23 2.2
Basic Ethical Principles (Spinello, 2002).............................................. 25 2.3
Ethical Characteristics (Lee, 2003) ....................................................... 26 2.4
Deindividuation Model (Zimbardo, 1969) ............................................ 50 2.5
Planned Behavior Model (Azjen, 1985)................................................ 51 2.6
ISSX Model (Jussipekka and Seppo, 1998) .......................................... 54 4.1
Research Framework............................................................................. 69 4.2
Development Process ............................................................................ 70 4.3
Ethical Scenario Framework ................................................................. 73 4.4
Demographic Information ..................................................................... 76 4.5
Majors ................................................................................................... 77 4.6
Age ........................................................................................................ 77 4.7
Educational Analysis............................................................................. 83 4.8
Scenario Chart No.1 .............................................................................. 87 4.9
Scenario Chart No.2 .............................................................................. 88 4.10
Scenario chart No.3 ............................................................................... 90 LIST OF APPENDICES
APPENDICES
TITLE
…...
PAGE
A
Guideline
.101
B
Survey
108 1
INTRODUCTION
CHAPTER 1
INTRODUCTION
The current development in information and communication technologies
have impacted all sectors in our daily life where does not matter whether it is
technical or routine. To ensure effective working of information security, various
controls and measures had implemented like the current policies and guidelines
between computer developers. However, lack of proper computer ethics within
information security is affecting educational society day by day.
Undoubtedly, the most important of these controls is to define an
understandable framework or model for students who roles future computer engineer
or scientist. Hence, this project examines awareness (Hamid, 2007) and information
of students in computer ethics from educational aspect. The complex interaction
among engineering, technology and social, needs new educational challenges
programs to prepare professional and technical skills (Boehlefeld, 1996).
In today`s life it is an undeniable issue about the effects of ethics in our
routine and technological life. Even though, engineer, technician, student or
undemanding user, are connecting to internet from moment to moment but still they
may not be aware of computer ethics that has become somewhat of a cottage industry
recently in this era.
Understanding computer ethics in security element is an important feature, in
fact it has served as the organizing of major conferences (Kluwer, 2000). Those
responsible for the development and application of computer technology faced with
decisions of increasing complexity, which are accompanied by many ethical
2
dilemmas (Moor, 1998). Such person explains that computer technology is a special
and unique technology, and hence the associated ethical issues warrant special
attention.
Indeed, points out that there is a need to understand the basic cultural, social,
legal and ethical issues inherent in the discipline of computing. For these reasons, it
is imperative that as a future computer professionals taught the meaning of
responsible conduct (Langford, 2000).
As information technology and the internet become ubiquitous and pervasive
in our daily lives, a more thorough understanding of issues and concern over the
information security and ethics is becoming one of the hottest trends in the whirlwind
of research and practice of information technology. This is chiefly due to the
recognition that whilst advances in information technology have made it possible for
generation, collection, storage, processing and transmission of data at a staggering
rate from various sources (Hamid, 2007).
1.1
Background of Problem
Activities of computer are matters of calculation and not judgment. As
computing become more prevalent, computer ethics becomes more difficult to
minimize the threat and risks to the current technological century (Hamid, 2007).
Similar to other technological invention throughout history, information technology
tends to have both positive and negative effects on society, and tends to raise moral
and ethical concern (Tavani, 2001).
Computer ethics is defined as the analysis of the nature and social impact of
computer technology and the corresponding formulation and justification of policies
for the ethical use of such a technology (Johnson, 1985).The number and kinds of
application of computing increase dramatically each year and the impact of
computing has felt around the planet.
3
The ubiquitous use of electronic mail, electronics transfer, reservation
systems, the World Wide Web etc, places millions of inhabitants on the planet in a
global electronic village (Philip, 2007). Communication and action at a distance have
never been easier and this is definitely evolution of computer generation. The area of
improper computer used and computer ethics has not remained unattended situations.
Now, entire population of developed countries is in the permeation stage of
revolution in which computers are rapidly moving into every aspect of daily life.
Inspire by all the given views the question approaching our mind.
The effects of information technology parallel the impact of other revolution
(Moor,1998) equates the computer revolution with the industrial revolution citing
two distinct stages involving technological introduction and technological
permeation where during the latter stage, society
has dramatically transformed
computer technology to become an integral part of all institutions.
Information age has important consequences for human being. Essentially, it
has ushered a new range of emerging computer activities that have revolutionized the
way that keeps the people connected but what if this important factor of the current
life, itself become hazardous for educated users.
1.2
Problem Statement
The internet has enormous impact on society, hacking, spam, denial of
service attack are now common (Mellisa, 2006). Computer ethics can be define as
the process of reflection on the moral meaning of action. This definition is meant to
be broad and foundational and to incorporate several components of computer ethics
in education (Waskul and Douglass, 1996). In fact, there was no comprehensive
research that influences with Malaysian educational system in security area where in
technology development it roles such an important factor to train our students and
future engineers in order to alert them from social impact.
4
Malaysia is ranked 8 out of 10 top-infected countries in the Asia Pacific
region as a target for cyber attackers (Sani, 2006). Those who seek to understand the
changes from impact to benefit are realizing that information technology not only has
already influenced lives profoundly but also will continue to do so in even greater
and diverse way.
In addition, it is necessary to understand the consequences of technology can
be both positive and negative and raised ethical issues and concern. Computer ethics
also called information technology ethics which is concerned with the ethical issues
and conflicts that arise in the use of information technology and information systems.
Further, it is about revealing the more impacts of technology shocks which
are morally controversial but people are facing problem due to lack of ethics
awareness in computer science. Here this question may across our mind that why
they are developing it in computer field. An appropriate answer would be computer
ethics has not made for particular topic; it is about people who are unaware of social
impact of computer.
In Malaysia, students should aware that computer ethics it is not simply a
study in which grasp some fundamental truth in one static moment of time. It`s rather
an ongoing process in which one is constantly engaged in a dialogue with ideas,
people, history, tradition, other discipline and issues (Sani, 2006).
1.3
Project Aim
The aim of this project is to develop a computer ethical framework. In
addition, to describe what information security represents from computer ethics in
educational context.
5
1.4
Project Objective
The objectives of research are
¾ To investigate student`s awareness on information security and ethical
issues within university campus.
¾ To evaluate the concept of computer ethics in terms of information
security.
¾ To develop a computer ethics framework to focus on ethical behavior
and information security.
1.5
Project Scope
The project scope is limited to University Technology Malaysia (International
Campus, Kuala Lumpur) students to receive acknowledgment from the given
questionnaire and discussions. It will be based on a more comprehensive
understanding of key ethical issues, which are rooted in significant behavioral
assumption. However, the scope focus on the given theories and related security
concepts.
1.6
Importance of Study
As computer scientist entered to new century of information technology, it is
undeniable to see the growth of interest in research and practice of all aspects of
information security and ethics where information security and ethics is the top IT
priority-facing organizations. However, the major task is to build this important
issues from the basis of the current educational system and aware the students about
computer ethics and related information security.
6
1.7
Summary
The recent research indicates that there is an increasing demand for
developing computer ethics as a field worthy of study. As a result, computer ethics is
becoming a field in need of research based upon a necessity to provide information
for education which is related to security concepts. The legal structure appears to be
limited in its ability to provide ethical behavior effectively. While not wishing to be
alarmists, research suggests the needs to be concerted effort on the part of the all the
computer professional societies to update their ethical codes and to incorporate a process
of continual security.
Computer practitioners do not have a single representative organization
which can control membership in the profession; there is no representative
organization to impose sanctions for the violations of professional behavior. The
absence of a single organization does not impede the development of professional
ethics standards. The focus of this approach to computer ethics is on the individual
professional's responsibility in the practice of his craft. As the standards of this craft
are being developed, so are the standards of professional computer ethics.
Computer ethics as presented here gives a clear description of the relation of
values to the work of the computer professional and sets forth criteria for making
ethical decisions in that process. The focus on stories about the failures of the
product has misdirected us. They may be interesting stories to listen to, but they
convey little information about computer ethics. Computer ethics as presented here
gives a clear description of the relation of values to the work of the computer
professional and sets forth criteria for making ethical decisions in that process.
2
LITERATURE REVIEW
CHAPTER 2
LITERATURE REVIEW
2.1
Introduction
Computer ethics is a new branch of ethics that is growing and changing
rapidly as computer technology grows and develops. The term "computer ethics" is
open to interpretations both broad and narrow. On the one hand, for example,
computer ethics might understand very narrowly as the efforts of professional
philosophers to apply traditional ethics (Langford, 2000). On the other hand, it is
possible to construe computer ethics in a very broad way to include, as well,
standards of professional practice, codes of conduct, aspects of computer law, public
policy, corporate ethics even certain topics in the sociology and psychology of
computing.
Our
information-driven
society
and
endless
request
for
more
acknowledgment has created an extensive dependency on computer and information
technology. This reliance upon computers has resulted in ethical concern and legal
issues promoting organizational leaders to raise serious questions about computer
ethics and the concepts of related information security. A major contributing factor to
these concerns and issues has been the use of internet and many capabilities.
Consequently, information technology has begun to affect community life,
family life, human relationships, education, freedom, democracy, and so on.
Computer ethics in the broadest sense can be understood as that branch of applied
ethics, which studies and analyzes such social and ethical impacts of information
technology (Philip, 2007).
8
Research showing the legal issues surrounding information technology and
development of computer ethics as a better response to ethical dilemmas will all
review. The review of literature provides insights from educational community and
then turns to study showing the effectiveness of ethical instruction within a
university campus.
2.2
Computer and Educational Society
The prominence of information technology resulting in dependence on
computer as necessary tool has penetrated all of society (Langford, 2000), including
education aspects. However, the speed at which technological advancements have
progressed appears to have been far faster than consideration of their impact upon
cultural norms and values or the development or norm governing the use of
technologies. In addition, these new technologies have caused new ethical and legal
question to emerge (Langford, 2000).
Information technology represents skills so that some argue that makes
unique ethical claims and triggers distinct nations about right and wrong. Some of
key areas of ethical concern that have been raised include, accessing without
authorization, illegal copying of licensed soft ware hacking in to the network that
violets university codes of conduct (Langford, 2000).
Educational leaders have tended to dazzled by technologies or have pressured
to keep up with trends in their use or application. As a result, they may have made
decision without properly planning for and understanding the ethical problems that
have come with their use and application (Smith, 2002). Moreover, inadequate of
ethical codes and teaching about computer ethical issues become even more apparent
in today`s controversial and constantly changing technological environment.
In this environment, new ethical dilemmas are created and acting wrongfully
becomes easier. Educational leaders must address these ethical issues because they
9
have a unique opportunity to help educate computer users to make the best moral
decision.
2.3
Computer Ethics Historical Milestones
As the computer ethics was one of the major topics which have been
throughout the past decades, in order to prevent the people from the social impact,
here in this part of literature review, will have a short milestone on computer ethics
and related history of designed.
2.3.1
1970s
During the late 1960s, Joseph Weizenbaum, a computer scientist at
Massachusetts Institute of Technology in Boston, created a computer program that he
called ELIZA. In his first experiment with ELIZA, he scripted it to provide a crude
imitation of a psychotherapist engaged in an initial interview with a patient.
Weizenbaum was shocked at the reactions people had to his simple computer
program, some practicing psychiatrists saw it as evidence that computers would soon
be performing automated psychotherapy.
Even computer scholars at Masochist Institute of Technology became
emotionally involved with the computer, sharing their intimate thoughts with it.
Weizenbaum was extremely concerned that an "information processing model" of
human beings was reinforcing an already growing tendency among scientists, and
even the general public, to see humans as mere machines.
In the mid 1970s, Walter Maner began to use the term computer ethics to
refer to that field of inquiry dealing with ethical problems aggravated, transformed or
created by computer technology. Maner offered an experimental course on the
subject at University. During the late 1970s, Maner generated much interest in
university-level computer ethics courses. He offered a variety of workshops and
10
lectures at computer science conferences and philosophy conferences across
America.
2.3.2
1980s
By the 1980s, a number of social and ethical consequences of information
technology were becoming public issues in the world, issues like computer-enabled
crime, disasters caused by computer failures, invasions of privacy via computer
databases, and major law suits regarding software ownership (Deborah, 1985).
Because of the work of Parker and others, the foundation had been laid for computer
ethics as an academic discipline. In the mid-80s, James Moor of Dartmouth College
published his influential article "What Is Computer Ethics? In Computers and Ethics,
a special issue of the journal on that particular time.
2.3.3
1990s
During the 1990s, new university courses, research centers, conferences,
journals, articles and textbooks appeared, and a wide diversity of additional scholars
and topics became involved. The mid-1990s has heralded the beginning of a second
generation of computer ethics, which contain the new concept of security. The time
has come to build upon and elaborate the conceptual foundation whilst, in parallel,
developing the frameworks within which practical action can occur, thus reducing
the probability of unforeseen effects of information technology application.
2.3.4
2000s
The computer revolution can divided into three stages, two of which have
already occurred, the introduction stage and the permeation stage. The world
entered the third and most important stage the power stage in which many of the
11
most serious social, political, legal, and ethical questions involving information
technology will present themselves on a large scale (Langford, 2000).
The important mission in this era is to believe that future developments in
information technology will make computer ethics more vibrant and more important
than ever. Computer ethics is made to research about security and it`s beneficial
aspects. It can be seen from this brief review that there are many views of what
computer ethics comprises.
This richness of opinion is probably due to a difference in perception of
computing characteristics, the adopted focus - broadly split between the
outcome/symptom of computing or the undertaking of computing, and the
disciplinary background.
Starting points are certainly different and include the properties of computer
technology, the concept of computing, the application of computing and the human
value impact of computing.
¾ The perspectives can analyze using several sub categories:
¾ social - considering the computing-impact on society
¾ professional - considering the manner of professional activity
¾ universal activist - inclusive of communities around the globe
¾ parochial - restricted consideration of current and future issues
¾ ethics only - drawing only from ethics theory
¾
multi-disciplinary - blending theory from several disciplines
12
Table 2.1: Classified Recent Ethical Research
For example, Moor adopts a universal conceptual multi-disciplinary stance,
Gorniak adopts an environmental universal ethicist stance, Maner is a properties
ethicist and so on. What does this mean regarding the uniqueness claim? Those that
have a very strong emphasis on the technological makeup are likely to see computing
as unique. Those adopting a universal stance are more likely to subscribe to elements
of uniqueness.
Those who have strong application elements in their stance are more likely to
question the wholly unique position. In the context of this research, it is interesting to
analyze to what purpose these particular stances have putted. It is clear that the all
the authors reviewed in this review have argued a particular stance to explain why
and how certain situations and decisions have occurred and to give some insight to
the future.
It is also clear that these stances have used to substantiate the importance of a
particular direction of computer ethics or justify some holistic label for computer
13
ethics. The Table 2.2 shows, for each author, the main thrust with respect to
uniqueness and the underlying message as to the nature of computer ethics that the
uniqueness stance has been used to justify and promote. For example, Johnson's
genus-species stance is the justification for using existing theory for computer ethics
in other words the "use the old order" holistic label.
Table 2.2: Field of Interest
Bynum's stance of computing being all pervasive is used to argue that
computer ethics is about the human values and technology equation whilst
pervasiveness is used by Anderson to promote the idea that computer ethics is
important for all people in a technologically-dependent world.
14
2.4
Defining the Field of Computer Ethics
James Moor's (Moor, 1998) definition of computer ethics in his article was
much broader and wider ranging than that of relevant methods. It is independent of
any specific philosopher's theory (Moor, 1998) and it is compatible with a wide
variety of methodological approaches to ethical problem solving. Over the past
decade, Moor's definition has been the most influential one (Moor, 1998). He defined
computer ethics as a field concerned with policy vacuums and conceptual security
models" regarding the social and ethical use of information technology.
In the past decades, there was less discipline known as computer ethics.
However, beginning with researchers in the 1990s, active thinkers in computer ethics
began trying to delineate and define computer ethics as a field of study. Some old
ethical (Smith, 2002) problems are made worse by computers, while others are
wholly new because of information technology. By analogy with the more developed
field of medical ethics, others focused attention upon applications of traditional
ethical theories used by philosophers doing "applied ethics in information
technology".
A typical problem in computer ethics arises because there is a policy vacuum
about how computer technology should be used (Davison, 2000). Computers provide
us with new capabilities and these in turn give us new choices for action. Often,
either no policies for conduct in these situations exist or existing policies seem
inadequate. A central task of computer ethics is to determine what we should do in
such cases, that is, formulate policies to guide our actions (Davison, 2000). One
difficulty is that along with a policy vacuum there is often a conceptual vacuum.
Although a problem in computer ethics may seem clear initially, a little
reflection reveals a conceptual muddle. What is needed in such cases is an analysis
that provides a coherent conceptual framework within which to formulate a policy
for action. Moor said that computer technology is genuinely revolutionary because it
is logically malleable.
15
According to (Moor, 1998) the computer revolution is occurring in two
stages. The first stage was that of "technological introduction" in which computer
technology was developed and refined. This already occurred. The second stage one
that the industrialized world has only recently entered
is that of technological
permeation in which technology gets integrated into everyday human activities and
into social institutions, changing the very meaning of fundamental concepts, such as
money, education, work, and fair elections (Fowler, 2002).
The danger is now more apparent that computer abuse will soon increase
dramatically if it has not curtailed by legal sanctions and if people do not adapt some
code of ethics. Sometimes people employ ethics when it is convenient and to their
advantage. At other times, they set any ethical standards aside by rationalizing that
there is a greater good that should considered. Unfortunately, ethical behavior is not
part of the law of nature, but part of a person has set of beliefs and behavior.
What is the solution to this increasing penetration by computers that violate
security and invade a person’s privacy? Are laws and legal sanctions the only
resolution? A proactive approach is teaching students about the need for ethical
standards of behavior for computer professionals and users in classrooms. This may
help assure that people who have an ethical code of behavior will not be tempted to
illegally penetrate and copy data.
Way of defining the field of computer ethics and security concern is very
powerful and suggestive (Smith, 2002). It is broad enough to be compatible with a
wide range of philosophical theories and methodologies, and it is rooted in a
perceptive understanding of how technological revolutions proceed. Currently it is
the best available definition of the field. The Computer Ethics Institute, a leader in
the discipline, has comprised a guideline to help computer users in their ethical
decisions.
16
2.5
Topics in Computer Ethics
No matter which re-definition of computer ethics one chooses, the best way
to understand the nature of the field is through some representative examples of the
issues and problems that have attracted research and scholarship. Consider, for
example, the following topics:
2.5.1
Computers in the Workplace
Although computers occasionally need repair, but they don't require sleep,
don't get tired, they don't go home ill or take time off for rest and relaxation. At the
same time, computers are often far more efficient than humans in performing many
tasks. Therefore, economic incentives to replace humans with computerized devices
are very high.
Indeed, in the industrialized world many workers already have been replaced
by computerized devices bank tellers, auto workers, telephone operators, typists,
graphic artists, security guards, assembly-line workers. In addition, even
professionals like medical doctors, lawyers, teachers, accountants and psychologists
are finding that computers can perform many of their traditional professional duties
quite effectively.
The employment outlook, however, is not all bad. Consider, for example, the
fact that the computer industry already has generated a wide variety of new jobs,
hardware engineers, software engineers, systems analysts, webmasters, information
technology teachers, computer sales clerks, security consultants and so on. Thus, it
appears that, in the short run, computer-generated unemployment will be an
important social problem; but in the end, information technology will create many
more jobs than it eliminates.
17
Even when a job is not eliminated by computers (Floridi, 1999) it can be
radically altered. For example, airline pilots still sit at the controls of commercial
airplanes but during much of a flight the pilot simply watches as a computer flies the
plane. Similarly, those who prepare food in restaurants or make products in factories
may still have jobs; but often they simply push buttons and watch as computerized
devices actually perform the needed tasks.
In this way, it is possible for computers to cause "de-skilling" of workers,
turning them into passive observers and button pushers. Again, however, the picture
is not all bad because computers also have generated new jobs which require new
sophisticated skills to perform, for example, computer assisted drafting and keyhole
surgery.
2.5.2
Computer Crime
In this era of computer "viruses" and international spying by "hackers" who
are thousands of miles away, it is clear that computer security is a topic of concern in
the field of Computer ethics (Floridi, 1999). The problem is not so much the physical
security of the hardware (protecting it from theft, fire, flood, etc.) but rather logical
security, which is divided into several aspects:
¾ Privacy and confidentiality
¾ Integrity: assuring that data and programs are not modified without
proper authority
¾ Unimpaired service
¾ Consistency: ensuring that the data and behavior we see today will be
the same tomorrow
¾ Controlling access to resources
18
Malicious kinds of software, or programmed threats, provide a significant
challenge to computer security. These include viruses, which cannot run on their
own, but rather are inserted into other computer programs .Trusted personnel who
have permission to use the computer system normally commit computer crimes, such
as embezzlement or planting of logic bombs. Computer security, therefore, must also
be concerned with the actions of trusted computer users.
2.5.3
Privacy
It may define as the claim of individuals to determine for themselves when, to
whom, and to what extent individually identified data about them is communicated
or used (Smith, 2002). Most invasions of privacy are not this dramatic or this visible.
Rather, they creep up on us slowly as, for example, when a group of diverse files
relating to a student and his or her activities are integrated into a single large
database (Smith, 2002).
Collections of information reveal intimate details about a student and can
thereby deprive the person of the opportunity to form certain professional and
personal relationships (Smith, 2002). This is the ultimate cost of an invasion of
privacy. So why integrate databases in the first place. It is because the bringing
together of disparate data makes the development of new information relationships
possible
Questions of anonymity on the internet are sometimes discussed in the same
context with questions of privacy and the internet, because anonymity can provide
many of the same benefits as privacy. Similarly, both anonymity and privacy on the
internet can be helpful in preserving human values such as security, mental health,
self-fulfillment and peace of mind. Unfortunately, privacy and anonymity also can be
exploited to facilitate unwanted and undesirable computer-aided activities in
cyberspace, such as money laundering, drug trading, terrorism, or preying upon the
vulnerable.
19
2.5.4
Intellectual Property
One of the more controversial areas of computer ethics concerns the
intellectual property rights connected with software ownership. Some people, like
Richard Stallman who started the Free Software Foundation, believe that software
ownership should not allow at all. He claims that all information should be free, and
all programs should be available for copying, studying and modifying by anyone
who wishes to do so. Others argue that software companies or programmers would
not invest weeks and months of work and significant funds in the development of
software if they could not get the investment back in the form of license fees or sales
(Walters, 2001).
Today's software industry is a multibillion-dollar part of the economy; and
software companies claim to lose billions of dollars per year through illegal copying
(Spinello, 2003). Many people think that software should be own able, but "casual
copying" of personally owned programs for one's friends should also permitted. The
software industry claims that millions of dollars in sales are lost because of such
copying.
Ownership is a complex matter, since there are several different aspects of
software that can be owned and three different types of ownership: copyrights, trade
secrets, and patents. One can own the following aspects of a program:
¾ The source code which is written by the programmer(s) in a high-level
computer language like Java or C++.
¾ The "object code", which is a machine-language translation of the
source code.
¾ The algorithm, which is the sequence of machine commands that the
source code and object code represent.
¾ The "look and feel" of a program, which is the way the program
appears on the screen and interfaces with users.
20
A very controversial issue today owns a patent on a computer algorithm. A
patent provides an exclusive monopoly on the use of the patented item, so the owner
of an algorithm can deny others use of the mathematical formulas that are part of the
algorithm. Mathematicians and scientists are outraged, claiming that algorithm
patents effectively remove parts of mathematics from the public domain, and thereby
threaten to cripple science (Walters, 2001).
2.5.5
Accuracy
Represents the legitimacy, precision and authenticity with which information
is rendered. Because of the pervasiveness of information about individuals and
organizations contained in information systems, special care must be taken to guard
against errors and to correct known mistakes. Difficult questions remain when
inaccurate information is shared between computer systems. Any framework should
describe the legal liability issues associated with information (Melissa, 2006). Who is
held accountable for the errors? this is an important question may come across every
researcher`s mind or which party liable for inexact or incorrect information that leads
to devastation of another.
In addition, who is responsible for the authenticity, fidelity and accuracy of
information? Who is to be held accountable for errors in information and how is the
injured party to be made whole? Some data available in information systems
masquerading as the gospel truth is completely in error. Today, in the information
industry, which are producing so many details about so many people and their
activities it would be such an important objective to have this concept spread out the
companies.
2.5.6
Accessibility
Regarding this important aspect of research this question may come across
the people’s mind (Adam, 2001), who is held accountable for errors? Who can you
21
trust in order to outsource your project? In fact, in term computer ethics accessibility
means, what kind of information would available for the legal users and students.
What information does a person or an organization have a right or a privilege
to obtain, under what conditions and with what safeguards? At the same time
computer usage flourishes among some, there exists a large group of informationpoor people who have no direct access to computational technology and who have
little training in its use.
The educational and economic ante can be quite high when playing the
modern information game. Many people cannot or choose not to pay it and hence are
excluded from participating fully. In effect, they may become information dropouts
(Mason, 1986).
2.5.7
Morality
Unlike the other aspects where knowledge is object, this dimension is
qualitatively different in that subject is explored in relation to object. In other words
seeks to have students explore, explain, defend, question, deconstruct, and redefine
their personal beliefs of right and wrong against the backdrop (Melissa, 2006).
Therefore, the ethical framework that researchers are interested in is not a
description of what is accepted as right and wrong by groups of people.
This is known as descriptive ethics, while useful in some areas, descriptive
ethics does not offer enough insight into who or where our students are ethically and
how mentors, can create opportunities for them to grow. Nor students are interested
in normative ethics, which are ethical frameworks for deciding what should be right
and wrong. In this part, normative ethics are as a tool for students to explore,
question, reframe, defend, tear down, and certainly rebuild their personal ethical
awareness.
22
Instead, the moral development dimension describes the stages and
transitions that humans experience as they develop morally (Langford, 2000). As
they develop their own personal beliefs and behaviors about right and wrong.
Developmental psychologists tend to agree that ethical development is
epochal, meaning that the changes experience in our personal beliefs about right and
wrong occur in distinct phases or stages. Furthermore, the growth is cumulative with
each stage building on the previous stage.
2.5.8
Moral Model
As Figure 2.1 shows, this is at the heart of interest in the moral development
dimension. In this model (Melissa, 2006), researchers wanted to create educational
opportunities that allow students to examine their existing beliefs regarding ethical
and technical issues and in relation to existing technical, professional, legal, and
cultural solutions (Melissa, 2006).
In an earlier section, it described how students examine these solutions with
an external, objective point of view. Now, the student is positioned at the centre of
the intersecting circles.
The is aim to create educational opportunities that allow and encourage
students to explore “who am I now” in relation to technical, professional, cultural,
and legal solutions to these ethical and security issues, and asks questions such as
what is the relationship between who I am, who I want to be, and these issues and
solutions?
23
Figure 2.1: Moral Model (Mellisa, 2006)
2.5.9
Awareness
The most important factor in effective computer security is people their
attitudes, their actions, and their sense of right and wrong (Huff and Frey, 2005).
Problems and issues raised in the computing environment, Topics to be discussed
include misuse of computers, concepts of privacy, codes of conduct for computer
professionals, disputed rights to products, defining ethical, moral, and legal
parameters, and what security practitioners should do about ethics.
The issue of computer security has fallen into the gray area that educators
and industry alike have avoided for fear that too little knowledge could be hazardous
and too much could be dangerous (Huff and Frey, 2005). Most organizations
acknowledge the need for data security, but at the same time, approach security as
hardware. It may be more important, and far more successful to address the issue of
data security as an attitude rather than a technology.
The technology may vary between companies and vendors, but the attitudinal
parameters can remain constant (Huff and Frey, 2005). If individuals, through
awareness and knowledge, develop an ethical, moral attitude toward computer
security, the transitions into the future will be much smoother (Cruz and Frey 2003).
24
Companies are beginning to offer very well organized, sophisticated awareness
programs for their employees with the idea that the more employees know about
security, the more likely they are to recognize danger points and possible breaches.
2.6
Developing Computer Security Awareness
The rapid increase in the use of sophisticated computers has proliferated in
the past decade. Organizations' dependence on the reliability, security, and
confidentiality of data is critical. Along with this mushrooming growth in
dependence on computers, organizations are faced with the dilemma of numerous
violations (Pierson and Bauman, 2004), either intentional or unintentional of their
computer systems. Companies are beginning to offer very well organized,
sophisticated awareness programs for their employees with the idea that the more
employees know about security, the more likely they are to recognize danger points
and possible breaches. Effective security programs must be a team effort by all
students.
2.6.1
Basic Principals of Computer Ethics
For the proper use of information in an information society, the education
relating to information ethics may present its goals as follows: First, respect for
others must be cultivated. Second, although sharing beneficial information is
welcome, other people’s intellectual property right must not be infringed. Third,
various forms of information will be used productively. Fourth, telecommunications
and the Internet will be used for acceptable time periods so that it does not harm
actual life.
25
Figure 2.2: Basic Ethical Principles (Spinello, 2002)
(Spinello, 2002) presented shown in Figure 2.2, four basic principles of
information ethics, as the respect of intellectual property rights, the respect for
privacy, a proper mark, and the prohibition of mischief. First, the respect for
intellectual property, which stands on the basis of a cultural conviction that original
work remains the property of its owner. Second, the respect of privacy, which we
have to deal with actively with more specific information.
It should be understood by the youth that hacking is a criminal offence,
hurting other people. Methods for protecting an individual’s computer system should
be taught. Accordingly, the fact that spreading viruses damages other people and the
prevention of virus attacks should be taught, the youth should protect their system by
learning about precautionary measures against viruses.
Information ethics, we can see that even though ethics has been emphasized
absolutely and universally, it has actually occurred as a function of local ethics. In
26
conclusion, information ethics in the future should be a discipline that carries out
functions as shown in Figure 2.3.
Figure 2.3: Ethical Characteristics (Lee, 2003)
It must help us give careful consideration on all types of ethical problems the
development of information and communications technology produces. Third,
information ethics is transformative ethics. It must put emphasis on the necessity of
human experience and the transformation of the system and policy. This is because it
appears as a reaction against the dysfunction of large amounts of information,
especially, the disorder and chaos in cyberspace. Fourth, information ethics must be
universally global ethics, not one or the other, but must consist of both global and
local disciplines.
Internet crime, otherwise known as cybercrime, has involved intelligent,
automated, larger-scale, distributed attacks, causing serious damage. In the past,
hacking primarily displayed the hacker’s ability; however, modern hacking has
evolved into antisocial actions, using the hacker’s knowledge for a criminal intent.
Looking into the subject of hacking according to various situations, hackers have no
regard for selling, distributing, falsifying, or destroying confidential information of a
country, company, or individual (Lee, 2003).
27
This is regarded, because of a lack of proper information ethics, which is
caused by the perception of being anonymous in cyberspace. According to the
changes in the information society, it is common for personal injuries of revelation
and forgery by malicious individuals obtaining databases with personal information,
penetrating weak security systems. The most common reported disclosure of damage
caused by stealing social security numbers, smart cards, frauds and internet hacking
banking as such phishing, denial of service attack and SSL.
2.7
Types of Typical Attacks
As practice has shown, attack types are only limited to one’s imagination .In
principal, a number of attack types have been shown to compromise most of the
known attacks experienced by corporate entities. The most common types of system
attacks are as follows:
¾ Social engineering: This attack relies on the element of human
weaknesses in protecting access information.
¾ Malicious Code: These types of attacks are often distributed via email
attachments and infect large numbers of users. They may be created
such that they self replicate. Such code, once activated, may destroy
information, provide future improper access to a network, or lock-up a
system.
¾ Distributed Denial of Service: This type of attack is often used when
other protections have provided adequate security to the network.
When such protections have denied attackers access, such attackers
may resort to denying authorized users access to the network by
overloading and hence crippling the network such that its performance
significantly degrades or ceases to function altogether.
28
¾ Physical perimeter penetration: Access to a user’s facility or network
is gained by unauthorized physical access to the network
circumventing other security implementations.
¾ Password cracking: Typically, lists of the most used passwords are
tried as a means of unauthorized access to another’s network.
¾ Screen emulators: This is where low-level access is gained to a
network and a screen emulator is placed on the access server that
brings up a false screen that emulates the proper login screen. This
false screen asks for the user’s login and password and then brings up
a screen that states login incorrect, please try again. Actually, the
login was correct and the false screen emulation program has now
captured another user’s correct login and password. Via this means,
low-level authorized parties may capture higher-level authorized
parties logins and passwords (Tavani, 2001).
¾ Data diddling or destruction: Improper access is gained and an
entity’s information is improperly changed or destroyed.
¾ Wireless intercepts: Intercepting either a wireless communication or
signals that emanate from electronic devices. For instance, for only
several hundred dollars in parts costs computer screens can be read
from a half a mile or more away from the oscillations that emanate
from the computer thereby thwarting access controls, authentication,
encryption and other protections.
¾ As an additional issues on privacy and intrusion on personal data this
could help the educators to understand the ethical behavior from
information security dimension and invasion of personal information
29
2.8
Types of Prevention
The current concept today in evaluating a computer security program is
prevention on the front end, not just punishment on the backend. This concept
represents a preventative maintenance attitude and should practiced by all members,
to be fully effective and a part of life-long learning (Pierson and Bauman, 2004),
ethical awareness should become a vital part of our educational system, starting in
elementary schools and continuing through college classes (Tavani, 2001).
Once employees or students are in the particular environment, their ethical
education should not cease. Educational centers must constantly, assess their courses
and orient for students on all facets of ethics and security. By building a strong base
in terms of ethics awareness and constantly reiterating the vital necessity to maintain
these base, educational systems will reasonably assured that they do, in fact, have a
secure system.
Many tools, processes and procedures have developed in an attempt to thwart
improper access, utilization or destruction of networks, or information assets. No
single step will likely result in adequate protection. In fact, as in weapons of
destruction, there is an escalation in protection capability that is then matched or
surpassed in Destructive capability, with this cycle constantly repeating.
In practice, professional assistance should be sought in undertaking a threat
analysis and designing and implementing concomitant adequate protections.
Moreover, this is a process and not an end in and of itself. That is, as technology
advances so do attacks that then require newer, usually more comprehensive
defenses (Huff and Frey, 2005).
¾ Threat Assessment
¾ Security Plan, Policies, Procedures and Architecture Definition
¾ Physical Security (fences, locks, surge protectors, etc.)
30
¾ Power Filtering and UPS devices to thwart oscillation interception and
interpretation of power flows
¾ Access Controls (Firewalls, Passwords, Biometrics, etc.)
¾ Intrusion Detection Tools
¾ Virus Protection Tools
¾ Encryption (PKI and Private Key Systems)
¾ Authentication (digital certificates, tokens, digital signatures)
¾ Network Management Tools (Scanners, Sniffers, Profilers, Honey
pots, Shunts)
2.9
Training and Education
New security techniques to protect networks provide companies additional
layers of security (beyond firewalls and encryption), providing better overall
security. These innovative network security solutions include honey pots or decoys,
air gaps, exit controls, self-healing tools and denial-of-service defenses .
¾ As a practical matter, it is suggested that at a minimum entities should
¾ Undertake a thorough threat assessment tempered by a cost/benefit
analysis carried out by competent professionals on an ongoing basis,
and develop and implement a plan.
31
¾ Employ proven, and if prudent, government certified computer
security tools and physical protections employing the concepts of
“depth of and diversity in defense”.
¾ Continually re-examine and test, your own systems’ vulnerabilities.
¾ Implement appropriate back-up functions and redundancies as
necessary.
¾ Update your defensive capabilities as determined as necessary from
time to time.
¾ Continually train and educate your staff relative to threats and
defenses and use outside professional assistance to fill in any gaps.
¾ Participate in educational, institutional or governmental forums that
provide. Education, alerts, and assistance relative to threats.
¾
Obtain adequate insurance.
¾ Developing an Ethics Awareness Policy in Organizations
If a company, organization or university decides to develop an Ethics
Awareness, numerous factors should addressed (Spinello, 2003). A number of terms
are used to describe the various ways in which an individual's competence or
standards may be measured, Working definitions of these terms are:
¾ Certification:
An affirmation by a governmental or private
organization that an individual has met certain qualifications.
¾ Licensing: The administrative lifting of a legislative prohibition.
32
¾ Accreditation:
An affirmation by a governmental or private
organization that an educational institution meets certain standards.
¾ Ethics: A standard of conduct drawn up by an organization to protect
the consumer and competition against unfair practices.
2.10 Training and Security Dimension
In terms of computer ethics, security would be an undeniable factor of it.
Therefore, short review on information security which is apply able in computer
ethics will help the researcher to identify the further study (Cruz and Frey, 2004).
Many different terms have been used to describe security in the IT areas. Information
security has become a commonly used concept, and is a broader term than data
security and IT security. Information is dependent on data as a carrier and on IT as a
tool to manage the information.
Information security is focused on information that the data represent, and on
related protection requirements. So the definition of information system security as
the protection of information systems against unauthorized access to or modification
of information, whether in storage, processing or transit, and against the denial of
service to authorized users or the provision of service to unauthorized users,
including those measures necessary to detect, document, and counter such threats.
Four characteristics of information security are: availability, confidentiality, integrity
and accountability, simplified as the right information to the right people in the right
time.
¾ Availability: concerns the expected use of resources within the desired
timeframe.
¾ Confidentiality: relates to data not being accessible or revealed to
unauthorized people
33
¾ Integrity: concerns protection against undesired changes.
¾ Accountability: refers to the ability of distinctly deriving performed
operations from an individual. Both technical and administrative
security measures are required to achieve these four characteristics.
Administrative security concerns the management of information
security, strategies, policies, risk assessments, education etc. Planning
and implementation of security requires a structured way of working.
This part of the overall security is at an educational level and
concerns.
Technical security concerns measures to be taken in order to achieve the
overall requirements, and is subdivided into physical security and IT security.
Physical security is about physical protection of information, fire protection and
alarm systems. The aim of researcher`s framework is to describe what information
security represents from computer ethics view, combining the definitions and
descriptions mentioned above. All requirements from the organizations concerning
these characteristics must fulfill for information security to achieve. In this approach,
three major aspect of security in terms of technical, formal and informal level of
security will be studied (Spinello, 2003).
Technical level security: From a technical perspective, the preservation of
confidentiality, integrity availability and accountability requires the adoption of IT
security solutions such as encryption of data and communication, physical
eavesdropping, access control systems, secure code programming, authorization and
authentication mechanisms, database security mechanisms, intrusion detection
systems, firewalls. At this level, it is possible to introduce frameworks and methods
for the selection of the appropriate technological solution depending on the needs for
a particular application with respect to security in computer ethics.
Formal level security: The formal level of Information Security is related
with the set of policies, rules, controls, standards, etc. aimed to define an interface
between the technological subsystem (Technical level) and the behavioral subsystem
34
(Informal level and computer ethics). According with many definition of an
Information Security, this is the level where much of the effort of the Information
Security is concentrated. An interesting review of the security literature identifies a
trend in information system research moving away from a narrow technical
viewpoint towards a socio-organizational perspective.
In fact, the first methods for addressing security at this level are checklist,
behavior analysis and evaluation (Pierson and Bauman, 2004). At the beginning such
methods have been grounded in particular well-defined reality (i.e. military),
focusing on a functionalist view of reality. However many philosophers show that
the definition of rules, standards and controls becomes more complicated than the
design of technical systems.
Informal level security: In the domain of the informal level of Information
Security, the unit of analysis is individual and the research is concerned about
behavioral issues like values, attitude, beliefs, and norms that are dominant, and
influencing an individual employee regarding security practices in an organization
(Pierson and Bauman, 2004). The solutions suggested in this domain are more
descriptive than prescriptive in nature and the findings at this level need to
effectively implement through other levels (i.e. formal and technical). An interesting
review of research papers in the behavioral or computer ethical domain is, looking at
used theories, suggested solutions, current challenges, and future research.
2.11 Educational Aspect
Computer education now begins in elementary school and is not longer a
restricted technical specialty learned only by those who are going to design or
program computers. Because of the widespread prevalence of computers in society
(Spinello, 2003) a core of ethical precepts relating to computer technology should be
communicated not only to computer professionals, but to the general public through
all levels of education. The issue should be viewed from the perspective of society
and perspective of computer professionals.
35
In looking at the computer ethics there is a great emphasis upon incorporating
ethical and social impact issues throughout the curriculum starting at the point when
children first become computer users in school. In particular, there are a set of
guidelines regarding what students in general need to know about computer ethics
(Johnson, 1999). The preparation of future computer professionals should be
examined at both the high school and university computer science curriculum.
The researchers are in the process of developing new recommendations at
both levels of curriculum. In the high school curriculum, there will be both general
and specific approaches to ethics and social impact issues. The general approach is to
incorporate these concerns across the curriculum, not just in computer courses. This
is in keeping with the philosophy that computers should be integrated across the
curriculum as a tool for all disciplines. The specific approach is to develop social
impact modules within the computer courses that will focus on these concerns
(Hyder and Werth and Browne, 1993).
The dilemma is whether this new strand should be present in all computer
science courses or should be taught in a stand-alone course. Some great philosophers,
had discussions of ethics in the context of other computer science courses in the
curriculum to eliminate the tendency of professors to skip over ethical considerations
with the excuse that it is taught in ethics. However, they recognize the possibility
that the ethics material could receive short shrift in a crammed technical syllabus, as
is alleged to occur in many law schools.
When combined with other computer science core material, the teaching of
ethics is made complicated by the fact that it is not as concrete as the rest of the
curriculum. In accepting the value-laden nature of technology, researchers should
recognize the need to teach a methodology of explicit ethical analysis in all decisionmaking related technology. It may borrow from the strategy of traditional university
ethics courses to use case studies (Hyder and Werth and Browne, 1993).
Some researcher agreed that (Meyer, 2001) they must teach students to use
the preliminary of ethical concepts developed by the computer professional societies
36
to first deal with hypothetical cases in order to prepare them to deal with real ethical
dilemmas in the future. The challenge to computer educators is to develop strategies
that will raise the awareness of students regarding ethical and moral issues related to
computer technology at the same time that they are developing their technical
expertise.
The existing research and studies related to computer ethics in education
provide insight and understanding concerning student perceptions, concern of
educators, effectiveness of ethical instruction can, in fact, make a difference
promoting ethical decisions by computer users (Staehr, 2002). Information
technology is in filtrating almost every aspect of educational institution from
kindergarten to universities.
2.12 Why Teach Computer Ethics
Numerous ethical and social issues caused by computer technology arise.
According to (Staehr, 2002) these issues have three unique characteristics:
¾ New concerns are rapidly emerging,
¾ Computer ethics presents a continuous stream of new situations, and
¾ Computerized information systems are usually complex.
Ideally, students should be equipped with theories of philosophy and ethics
pertinent to these characteristic, as well as the skills to analyze, evaluate, and react
appropriately to ethical dilemmas.
It may arise during their careers as IT professionals.(Staehr, 2002) identified the
following main categories in which these ethical and social concerns usually arise:
37
¾ Computer crime and computer security,
¾ Software theft and intellectual property rights,
¾ Computer hacking and the creation of viruses,
¾ Computer and information system failure,
¾ Invasion of privacy,
¾ Social implications of artificial intelligence and expert systems.
It is often within the context of these categories, that the behavioral actions of
the IT professional impact on society. Researcher believes this to be one of the main
reasons as to why Computer Science or Information Security instructors should
sensitize their students, the IT professionals of the future, to actions that underpin
concepts such as “good”, “moral”, “ethical”, and “beneficial” for society at large.
This is in agreement who states that the teaching of CE should aim towards several
important goals, namely:
¾ Increased sensitivity to ethical concerns and situations.
¾ Reasoning about alternative courses of action and the integrity to
make moral decisions.
A certain historical perspective is gained by recalling two major contributions
in the teaching of computer science. The nine core subject areas in algorithms and
data structures, architecture, artificial intelligence and robotics, database and
information retrieval, human-computer communication, numerical and symbolic
computations,
operating
systems,
programming
languages,
and
software
methodology and engineering. The recognition of the social, ethical and professional
context of computer science was included as one of the foundational principles.
38
2.13 Ethical Issues to be Addressed
Appropriate conduct in some areas of ethical behavior is easier to teach than
others. Many aspects of computer crime, for example, are easier for most people to
grasp. Abuses of automated teller machines and electronic funds transfer systems is
becoming more common but is obvious to all as criminal activity. Other areas such
as software piracy and new laws governing ‘hacking’ and malicious software,
however, are often hard to understand. To many individuals involved with breaking
into computer systems and networks, their activities seem like harmless intrusions
that have not caused any damage (Cappel, 1995).
The issue of an individual’s right to privacy is often harder to understand
when the victim is a faceless entity. Just like a small child who has to be taught that it
is not polite to enter someone’s room and start looking through their possessions,
users of computer networks need to be taught that snooping through someone’s files
and email is also not polite or ethical. For too long the public’s perception of the
normal computer intruder was a high school (or younger) student who was doing it
for fun, not for any malicious intent (Cappel, 1995).
In addition to representing a pressing business and social concern, computer
ethics increasingly has seen as an important area of study. Many universities have
added computer ethics to their curricula, a measure that is now required for a
computer science department to earn certification by the Computer Accreditation
Board. Even elementary and secondary school students exposed to computer-ethics
lessons in the early 2000s.
2.14 Code of Computer Ethics and Acceptable Use policy
This summary of the Code of Computer Ethics and Acceptable Use Policy
outlines the ethical, acceptable, and unacceptable use of information systems. It is
intended to identify key security issues for which individuals, colleges, departments,
and units are responsible.
39
1) Privacy and confidentiality must be balanced with the need for the
university to manage and maintain networks and systems against improper
use and misconduct.
2) Exceptions to privacy of information allow to access, monitor or disclose
confidential or personal information residing on its information networks and
systems.
3) Policies for protection of information and security practices are defined as:
¾ Protection of information depends on who has created the
information, who is maintaining the information, the nature of the
information itself, and whether there are specific federal and/or state
laws or university requirements or guidelines associated with the use
and distribution of the information.
¾ University information: Students, faculty and staff are responsible for
accessing only confidential and business university information for
which they are authorized and are required to comply with security
policies established by the university or specific departments.
¾ Individuals are responsible for securing and protecting their
information based on the level of risk associated with its loss or
misuse.
¾ Password security: users are responsible for passwords and activities
linked to their accounts and must follow university standards for
maintaining and managing passwords.
¾ User security practices: users are required to employ security
practices to prevent unauthorized activity. Such practices include
using password protected screen savers, not storing passwords in
obvious places, securely transferring information.
40
¾ Security for IT systems: to protect systems individuals must use and
promptly upgrade virus-scanning software, security patches, operating
and other software, and any other security measures for specific
security threats.
¾ Reporting security breaches Individuals are expected to prevent
computer equipment under their control from being infected with
malicious software by the use of preventive software and monitoring
and take immediate action to prevent the spread of any acquired
infections from any computers under their control. Individuals should
power down the computer or disconnect it from the campus network
then report IT security incidents to an information technology support
professional. First attempt to contact local department, college, or
designated information support professional.
4) Framework for unacceptable use activities in addition to illegal
violations includes:
¾ Excessive non-priority use of computing resources, such as
recreational activities or non-academic or business services.
¾ Unacceptable system and network activities.
¾ Engaging in or effecting security breaches or malicious use of
network.
¾ Circumventing user authentication or accessing data, accounts, or
systems that the user is not expressly authorized to access.
¾ Interfering with or denying service to another user on the campus
network or using university facilities or networks to interfere with or
deny service to persons outside the university.
41
¾ Unauthorized use of intellectual property
¾ Engaging in unauthorized copying, distribution, display or publishing
of
copyrighted material including, but not limited to, digitization
and distribution of photographs from magazines, books, or other
copyrighted sources; copyrighted music or video; and the installation
of any copyrighted software without an appropriate license.
¾ Using, displaying or publishing licensed trademarks, including Iowa
State
university’s trademarks, without license or authorization or
using them in a manner inconsistent with terms of authorization.
¾ Exporting software, technical information, encryption software, or
technology in violation of international or regional export control
laws.
¾ Breaching confidentiality agreements or disclosing trade secrets or
pre-publication research.
¾ Using computing facilities and networks to engage in academic
dishonesty prohibited by university policy (such as unauthorized
sharing of academic work, plagiarism).
¾ Inappropriate or malicious use of IT systems
¾ Setting up file sharing in which protected intellectual property is
illegally shared.
¾ Intentionally introducing malicious programs into the network or
server (viruses, worms, Trojan horses, and email bombs).
42
¾ Inappropriate use or sharing of university-authorized IT privileges or
resources.
¾ Changing another user’s password, access, or authorizations.
¾ Misuses of e-mail and communications activities.
¾ Sending unsolicited email messages, including the sending of "junk
mail" or other advertising material to individuals who did not
specifically request such material,
except as approved under the
mass e-Mail policy and effective e-communication policy.
¾ Engaging in harassment via email, telephone, or paging, whether
through language, frequency, or size of messages.
¾ Masquerading as someone else by using their e-mail or internet
address or electronic signature.
¾ Soliciting email from any other email address, other than that of the
poster's account, with the intent to harass or to collect replies.
¾ Creating or forwarding "chain letters" or solicitations for business
schemes.
¾ Using email originating from within Iowa State’s networks for
commercial purposes or personal gain.
¾ Sending the same or similar non-business-related messages to large
numbers of email recipients or newsgroups.
43
2.15 Instructional Approach to Scenario Method
There are different classroom procedures for exposing students to the abstract
subject of computer users’ ethical behavior. The author prefers presenting scenarios
for discussions (Couger, 1989). However, all faculty members do not ‘dive into the
waters of a new teaching model.’ Some prefer to stay with a teaching style that is
comfortable and familiar. Therefore, what the author believes is the most desirable
approach may not be everybody’s approach. Before enumerating three methods for
teaching the subject of ethical standards, the computer-specific ethical issues are as
follows:
¾ Storing and processing data. Should an unauthorized use of otherwise
unused computer services or information stored in computers raise
questions of appropriateness and fairness?
¾ Producing computer programs. Computer programs are assets. Should
they be subject to the same concepts of ownership as other assets?
¾ Outputting computer information. To what degree must computer
services and users of computers, data and programs be responsible for
the integrity and appropriateness of computer output?
¾ Artificial Intelligence and Expert Systems. Should the images of
computers as thinking machines, absolute truth products, infallible,
and replacements for human errors and as anthropomorphic in nature
absolve them from any serious considerations?
2.15.1 Instructional Approach One
The first pedagogical approach to the teaching of ethics is to lecture that
ethics is a code of behavior. Begin with a clearly defined dictionary definition of
ethics. A set of principles of right conduct; A theory or a system of moral values; The
44
rules or standards governing the conduct of a person or the members of a profession.
Subsequently continue to lecture on the behavioral code of ethics for computer
professionals.
In turn, specify the risks and implications of the abuse of computer systems.
These could be part of a series of lectures in a computer course. This method will
inform students about the meaning of ethics. Will this excite students and ensure they
will adopt the right behaviors? Maybe, yet lectures are often the least effective way
for students to learn and reflect beyond a casual examination of any lecture notes.
2.15.2 Instructional Approach Two
The second method to imbue students with a sense of an ethical code of
behavior is to assign readings in current periodicals and newspapers. There are many
articles about professionals adapting to and violating real-life ethical issues. Reading
periodicals may start a few students personalizing ethical issues. However, how does
the instructor reach the other students who do not reflect on ethical questions? A
majority of the students need to evaluate their own ethical behavior code before they
can consider computer professionals’ codes.
2.15.3 Instructional Approach Three
The third method is to get each student to personalize the topics of computer
ethics by way of the presentation of scenarios. A typical scenario predicament for
students is as follows:
A. A company bought a micro software computer program for a part time
student to use at work. The license agreement stipulates, a person
should make a backup copy of this program, but he may only use the
program on a single machine at any one time. Knowing he has
permission to make a backup copy, why not make other copies for
45
friends? They only use one computer each and these are backup
copies. After all, making backups appears to adhere to the ‘spirit’ of
the license though not the ‘letter’ of the license agreement. Was this
student’s action in giving copies of the program to friends acceptable,
questionable or unacceptable?
B. Since this particular case requires personal interpretation of copying
software, a common dilemma for students, it can become immediately
relevant. Another scenario that includes ethics issues applicable to
student behavior is as follows: A university student obtained a parttime job as a data entry clerk. His job was to enter personal student
data into the university database. Some of this data was available in
the student directory, but some of it was not. He was attracted to a
student in his algebra class and wanted to ask her out. Before asking
her, though, he decided to access her records in the database to find
out about her background. Were the student’s actions in accessing a
fellow student’s personal information acceptable, questionable, our
unacceptable (Sackson, 1998).
Initially ask students to write answers anonymously to the questions posed by
a scenario. In a separate paragraph ask them to determine what they would do in the
same situation. After receiving the written responses, have a class discussion of the
scenario and responses This method allows the students to hear other viewpoints and
alerts them to issues that they might not have previously considered. Choosing
scenarios that are more relevant to students are more likely to result in a student’s
personalization of the situation. A meaningful sequence of scenarios may alter
student’s attitudes toward a code of ethical behavior (Sackson, 1998).
2.16 Ethics as Foundation of Information Security
Ethics is an important facet of comprehensive security of information
systems. Research in ethics and information systems has been also carried outside the
46
information security community. Anyhow, researcher (Jussipekka and Seppo, 1998)
sees that the relationship of hackers and information security personnel has not yet
been properly analyzed. Within this short review, a philosophical point of view shall
be taken, and problems of establishing ethical protection measures against violations
of information security shall be studied (Cruz and Frey, 2003).
The major argument is that hacking ethics is significantly different from
information security ethics (Jussipekka and Seppo, 1998) and therefore major
difficulties must be solved to establish widely accepted standards for ethical usage on
information systems and communication networks. This argument is supported by an
extensive analysis and comparison of philosophical and ethical theories.
This analysis leads to quite opposite results of the main stream arguments that
support the need of common ethical foundation for the security of information
systems. A new group and social contract based security layer shall be added on top
of ethical layer. This addition provides with a framework that is feasible within the
current technology, supports natural social behavior of human beings and is iterative
enabling forming of larger communities from smaller units. Typically, the hacking
community has been arguing for the freedom of information.
Security community has been opposing by arguing that system intrusion and
hacking, even if no actual harm is caused, is unethical and criminal activity that one
should not commit to, even if technically possible(Cruz and Frey,2003). The
question rising from this conflict is how can these two groups claim they have a right
to tell each other what is ethical and what is not.
Recently, the trend appears to be that the ethics approved by the security
community is having the law enforcement (Cruz and Frey, 2003). Several attempts
around the world have made to enforce proper behavior in the information society by
juridical methods. From information security, point of view hackers have seen as
criminals, unaware of the results of their immoral activities making fun out of serious
problems. Hacker community, on the other hand, sees information security staff as
militants that respecting the freedom of individual and information (Fowler, 2002).
47
Information security specialists tend to specify what ethical behavior is and
what not (Jussipekka and Seppo, 1998) is. On the other hand, typical approach
among hackers is that their activity provides good outcome for the information
security community by identifying vulnerabilities in systems. These approaches
unfortunately are in a strong conflict (Jussipekka and Seppo, 1998). Further depth
into the conflict can found by introducing another dimension to the classification of
ethical theories into two categories: Phenomenologist vs. Positivist and individualist
vs. collectivist ethics (Jussipekka and Seppo, 1998).
Phenomenologism vs. Positivism: According to the phenomenological
school, what is good is given in the situation, derived from the logic and language of
the situation or from dialogue and debate about “goodness”. Positivism encourages s
to observe the real world and derive ethical principles inductively.
Individualism vs. Collectivism: According to the individualistic school, the
moral authority is located in the individual (Jussipekka and Seppo, 1998), whereas
collectivism says that a larger collectivity must care the moral authority. Major
schools, based on these concepts, can listed to be Collective Rule-Based Ethics,
Individual Rule- Based Ethics (Waskul and Douglass, 1996). Ethical protection
measures intend to provide a common high moral code for the usage of
communication networks. It is very difficult to find common values between hackers
and information security personnel.
As these values cannot be identified, there is no need for common moral code
to protect these values (Adam, 2001). The truth values of ethical value statements are
subjective and can therefore not be transferred from one moral system to another.
Universality is a fatal requirement for ethical and moral systems, especially when the
relationship of culture and moral is agreed upon the given situation to students
(Adam, 2001).
48
2.17 Related Research
The importance of teaching computer ethics is becoming one of the main
factors of university nowadays. However, as the paper outline says defining issues
test of moral judgment are important, significantly larger increase moral judgment
better enable students to decide under the certain computer ethical circumstances.
Further, as per to the consideration of the researcher, there is a lack of
conceptual framework in order to show the potential meaning of security. Even
though, all the aspect like developing ethics in education , moral development, issues
test have been studied but still student may not be aware define the security area in
their professional career.
From Malaysian perspective, review of related research indicates the
existence of conflicting views concerning the ethical perceptions of students. In
several papers that studied under Malaysian students shows about conducted of
awareness in a survey for 245 students to analyze Malaysian student`s information
from ethical views and behavioral awareness. Their finding reveals a high proportion
of young adults actively struggling with their concept of ethics and behavior. They
also found that a large number of students are engaged in their daily life regarding
lack of awareness in information security (Masrom and Ismail, 2008).
Given the explosive growth of computer ethics during the past two decades,
the field appears to have a very robust and significant future (Deborah, 1985).
However, some philosophers and Deborah Johnson have recently argued that
computer ethics will disappear as a separate branch of applied ethics into global
ethics.
He expressed a view, which, upon first sight, may seem to be the same as
before. Deborah’s hypothesis addresses the question of whether or not the name
computer ethics (or perhaps information ethics) will continue to be used by ethicists
and others to refer to ethical questions and problems associated with information
technology.
49
On Deborah’s view, as information technology becomes very commonplace
as it is integrated and absorbed into our everyday surroundings and is perceived
simply as aspect of ordinary life we may no longer notice its presence. At that point,
we would no longer need a term like ‘computer ethics’ to single out a subset of
ethical issues arising from the use of information technology. Computer technology
would be absorbed into the fabric of life, and computer ethics would thus be
effectively absorbed into ordinary ethics.
2.17.1 Deindividuation Model
Deindividuation (Zimbardo, 1969) theory is a social psychological account of
the individual in the crowd. Deindividuation is a psychological state of decreased
self-evaluation, causing anti-normative and disinherited behavior.
As Figure 2.4 depicts, the impact of deindividuation theory in science and
society (especially 20th century politics) make it one of social science's contributions
that are more influential. Deindividuation theory is rooted in some of the earliest
social psychological theorizing, more than a century ago. It seeks to explain the
apparent transformation of rational individuals into an unruly group or crowd. It
posits that the group provides an environment in which the individual, submerged
and anonymous suffers from a loss of self-awareness.
50
Figure 2.4: Deindividuation Model (Zimbardo, 1969)
Deindividuation hinders reflection about the consequences of actions,
rendering social norms impotent while increasing suggestibility to random outside
influences. In addition, it has been proposed, that deindividuation marks a transition
from individual identity to social dimensions of the self (Zimbardo, 1969).
This transition to a social identity may increase responsiveness to social
norms particular to the crowd, instead of decreasing responsiveness to generic social
norms, as suggested by deindividuation theory. Some have noted that the computer is
often considered one of the most socially distancing and impersonal modes of
communication and that computer communication represents only one-step above no
communication.
Some researcher states, because computer breaks down hierarchy and cut
cross norms and organizations boundaries, people behave differently when using
them. New technology tends to have an unintended social effect because it
permanently changes the way social and work activities are organized. The computer
has become a communication tool, and is referred to some individuals as social
51
activity. Information technology also has the ability to break down hierarchical and
departmental barriers.
2.17.2 Planned Behavior Model
The theory of Researched Action expanded to become the theory of planned
behavior. The central factor of this theory is individual`s intention to perform a give
behavior. Intention assumed to capture motivational factors that influence behavior.
These are indications of how hard people are willing to try and how much effort is
exerted in order to perform the behavior (Walters, 2001).
This theory postulates three dimension of intention: a) attitude towards
behavior and degree to which a person has favorable or unfavorable evaluation of
behavior b) the social factor, or subjective norm is to perform or not to perform the
behavior; and c) the last determinant is the difficulty of performing the behavior
based upon prior experience and anticipated action (Azjen,1985 and Walters, 2001).
Figure 2.5: Planned Behavior Model (Azjen, 1985)
52
This theory postulates three dimension of intention: a) attitude towards
behavior and degree to which a person has favorable or unfavorable evaluation of
behavior b) the social factor, or subjective norm is to perform or not to perform the
behavior; and c) the last determinant is the difficulty of performing the behavior
based upon prior experience and anticipated action (Azjen,1985 and Walters, 2001).
The main purpose of this theory was:
¾ To predict and understand motivational influences on behavior that is
not under the individual's volitional control.
¾ To identify how and where to target strategies for changing behavior.
¾ To explain virtually any human behavior such as why a person buys a
new car, votes against a certain candidate, is absent from work or
engages in premarital sexual intercourse.
This theory provides a framework to study attitudes toward behaviors.
According to the theory, the most important determinant of a person's behavior is
behavior intent. The individual's intention to perform a behavior is a combination of
attitude toward performing the behavior and subjective norm. The individual's
attitude toward the behavior includes; Behavioral belief, evaluations of behavioral
outcome, subjective norm, normative beliefs, and the motivation to comply.
If a person perceives that the outcome from performing a behavior is positive,
she/he will have a positive attitude forward performing that behavior. The opposite
can also be stated if the behavior is thought to be negative. If relevant others see
performing the behavior as positive and the individual is motivated to meet the
exceptions of relevant others, then a positive subjective norm is expected. If relevant
others see the behavior as negative, and the individual wants to meet the expectations
of these "others", then the experience is likely to be a negative subjective norm for
the individual.
53
Attitudes and subjective norm are measured on scales using phrases or terms
such as like/unlike, good/bad, and agree/disagree. The intent to perform a behavior
depends upon the product of the measures of attitude and subjective norm. A positive
product indicates behavioral intent.
2.17.3 ISSX model
To establish a new foundation for the security of distributed systems, three
fundamental requirements shall be set for the proposed framework. First, the
framework must support the natural behavior of human beings with establishment of
social contracts. Second, the framework must be iterative in the sense that large
systems can composed from smaller sub systems. Third, the Framework must be
feasible within current technologies (Jussipekka and Seppo, 1998).
First requirement is crucial to guarantee that no conflicts exist with behaviour
of human beings within society in general and in the context of public distributed
systems. This requirement is satisfied by the group establishment procedure. Humans
within a group can be expected to follow the acceptable code of conduct within that
group. Similarly, different groups can form larger groups that are essential to satisfy
the second requirement (Jussipekka and Seppo, 1998). The model must support
forming of groups first of human beings, and then by combining groups and
establishing communication links between different groups. This is supported by the
nature of group behavior.
54
Figure 2.6: ISSX Model (Jussipekka and Seppo, 1998)
As Figure 2.6 shows security of information systems requires both technical
and non-technical measures, special effort must be paid on the assurance that all
methods support each other and do not set contradictory or infeasible requirements
for each other. Security protocols have been established for secure group
communications and therefore the uppermost level in the extended ISSX model can
be enforced using existing technology (Adam, 2001).
As groups expand, it is not only those groups get new members, but also
different groups with common interests act in cooperation to achieve their goals.
Further, the ISSX model assumes managerial and administrative layers on top of
operational layer. This is on align with commonly agreed view that comprehensive
information security requires participation of several administrative layers and
strongly depends on the managerial commitment. Inclusion of legal and ethical
measures is also justified (Jussipekka and Seppo, 1998).
As has been shown within (Jussipekka and Seppo, 1998), there is a need for
legal and ethical measures to provide with comprehensive security of information
systems from tow given aspect stated below.
Ethics negotiation phase is where organizations or individuals representing
themselves negotiate the content of ethical communication agreement over specific
communication channels. Also, to have the respected phase from security phases and
55
related analysis on this an important of study to mature the concept of information
security and ethics within educational context.
Ethics enforcement phase is where each organization enforces changes in
the ethical code of conduct by specifying administrative and managerial routines,
operational guidelines, monitoring procedures, and sanctions for unacceptable
behavior. Organizations or university individuals involved in negotiation should code
desired ethical norms in terms of acceptable behavior within the information
processing. In the optimal case, ethics has the law enforcement and juridical actions
against violations can prosecute in court.
2.18 Summary
To enable student to make wise ethical decisions, it is necessary to make
them active participants instead of passive observers in the making of moral choices.
Consequently, the content of ethics courses should not be about what is right or
wrong but how to recognize when there is problem. Therefore, it becomes apparent
that educating computer users may not be concern about how to make the best
decision, if a problem arises.
Also, as a main heart of study it would be an undeniable element of educating
computer user from different perspective of morality, attitudes, awareness and
scenarios. The solution would be, to revise the policies, subjects or analysis of
computer students that guide the technology in the correct ethical framework and get
rid the most of vulnerabilities and social impact. Computer technology is particularly
powerful due to its potential to change how people think about human beings.
56
3
RESEARCH METHODOLOGY
CHAPTER 3
RESEARCH METHODOLOGY
3.1
Introduction
After examining the many and various ethical problems and issues caused by
information technologies and their uses, the analysis of literature and review of
previous attempts to create computer ethics framework, the need for further research
focusing on computer ethics and conditions that needs in higher education level is
evident.
The design of research questions consisted of five-point scale, ranging from
Strongly Disagree, Disagree, Neutral, Agree and followed by Strongly Agree. Survey
participants consisted of 331 (out of 431) students of University Technology
Malaysia. An online instrument been distributed among students in order to receive
the acknowledgment throughout URL address from zoomerang data center and
online instrument development.
It lists the participant’s field, age also, the contact details of the presenter was
available that if in case anybody would like to have further interest in computer
ethics, they could be in contact throughout email or phone. However, as it was
mentioned in the survey, the results will remain confidential to the researcher and it
will be used for the purpose of this study only.
57
3.2
Survey Design
Start
ISSX
Mellisa
Review on Models
Planned
Behavior
Deindividuation
Evaluate the Feasibility
Design Instrument
Distribute the Survey
Data Assortment
Analyze with SPSS
Conclusion
Online
58
3.3
Research Philosophy
Most research projects share the same general structure. Everybody might
think of this structure as following the shape of an hourglass. The research process
usually starts with a broad area of interest, the initial problem that the researcher
wishes to study. For instance, the researcher could be interested in how to use
computers to improve the performance of students in mathematics (Bazely, 2003).
However, this initial interest is far too broad to study in any single research
project. The researcher has to narrow the question down to one that can reasonably
study in a research project. This might involve formulating a hypothesis or a focus
question. For instance, the researcher might hypothesize that a particular method of
computer instruction in math will improve the ability of elementary school students
in a specific district. At the narrowest point of the research hourglass, the researcher
is engaged in direct measurement or observation of the question of interest.
3.3.1
Quantitative Research
Quantitative research is used to investigate research questions. There is a
potentially infinite array of possible quantitative research designs, and in the human
sciences particularly, it can be difficult to do pure, experimental research. Thus, a
great many adaptations of experimental designs, called quasi-experimental and nonexperimental designs have developed. It is important to consider a range of possible
quantitative research designs and their strengths and weaknesses, before adopting
any particular design (Bazely, 2003).
In the social sciences particularly, quantitative research is often contrasted
with qualitative research which is the examination, analysis and interpretation of
observations for the purpose of discovering underlying meanings and patterns of
relationships, including classifications of types of phenomena and entities, in a
manner that does not involve mathematical models.
59
Approaches to quantitative psychology were first modeled on quantitative
approaches in the physical sciences by Gustav in his work on psychophysics, which
built on the work. Although a distinction is commonly drawn between qualitative and
quantitative aspects of scientific investigation, it has been argued that the two go
hand in hand.
For example, based on analysis of the history of science, concludes large
amounts of qualitative work have usually been prerequisite to fruitful quantification
in the physical sciences. The questionnaire will measure this study. Measuring the
results from the distributed questionnaire specify the result. Therefore, we have
to come to disintegration the numeric information. Thus, it is known as
quantitative study.
3.4
Research Purpose Types
The broad purpose of descriptive research in `Education' is to study the
present problems of the students, teachers, administration, curriculum, teaching
learning process, and the like, and to suggest some solutions to these problems. For
example, many researchers conducted a descriptive research on classroom discipline
and used the collected information to formulate a `system of discipline' which now
has been used by many teachers in their classrooms to maintain discipline among
students.
3.4.1
Descriptive
Sometimes referred to as non-experimental or co relational research,
descriptive research studies the relationships among non-manipulated variables only.
In this type of research, the investigator selects the relevant variables from the
events/conditions that have already occurred or exist at present, and analyzes their
relationship without introducing any manipulations to the variables. In descriptive
research, researcher studies the events or human behavior in natural settings, because
60
sometimes it would be difficult to manipulate the variables, and because sometimes it
is unethical.
Therefore, this and other types of relationships between and among the
variables are studied under natural conditions of the classroom, home, factory,
offices. Because of its ease in use, descriptive research is the most popular and
widely used method in educational research. The descriptive research method is easy
to use because in this method, the research data can be very easily obtained and
interpreted. The results of descriptive research provide us with a platform to make
important decisions and also generate more research ideas to be tested by the future
researchers (Croom, 2002).
3.4.2
Explanatory
When the purpose of the study is to explore a new universe, one that has not
been studied earlier, the research design, is called explanatory. The research purpose
in this case is to gain familiarity in unknown areas. Often explanatory research
design is used to formulate a problem for precise investigation, or aims at
formulating research design. Thus, often when the universe of study is an unknown
community, explanatory design forms the first step of research, after which other
types of research designs can be used.
Instead of concentrating on just unspecific areas and selecting a few aspects
for consideration (as may be the case in descriptive research design), researchers
gather such a great variety of data that they are able to see the actors in their total life
situation. Explanatory studies are not to be confused with raw empiricism, with fact
gathering that is unrelated to sociological theory. The explanatory study always
carries with it a set of concepts that guide the researcher to look for the facts.
61
3.4.3
Experimental
The research design that is used to test a research design of causal
relationship under controlled situation is called experimental design. The essence of
the experimental design lies in its testing research design derived from a theory.
Experimentation in sociology raises certain important questions, viz. ethical
question, difficulties in forming a control sample and retaining it over time; the
difficulties encountered in controlling the extraneous environment, etc.
Realizing these problems, in some of the 'experiments' carried out by
sociologists, the experimental sample is used as the control sample. It is debatable
whether the absence of a control means a non experimental study. This actually is a
modification of the classic experimental design.
Further, due to this survey two-discussion class was given. As expected,
responses resulting from the survey and class discussion provided insight points
regarding the nature, social impact and ethical issues concern with the key security
between students (Croom, 2002).
3.5
Data Collection Method
In order to make a comprehensive study in detail, required information must
be collected. For the purpose of this research, questionnaire and pilot study has
been chosen because of certain problems and difficulties on hypotheses. The
data gathering was carried out through questionnaire and the data analysis will be
based on a sample data. The survey was designed to determine the perception and
awareness of students regarding the fundamental concept of computer ethics and
related security framework (Croom, 2002).
62
An online survey has been distributed among current student of University
Technology Malaysia (International Campus, Kula Lumpur) which was designed to
examining the level of awareness, morality, knowledge and interest of student in
computer ethics and related security concept
3.5.1
Research Flowchart
Review
Class Discussion
(Pre Test)
Data Analysis
Survey Distribution
Data Analysis
Conclusion
End
63
3.5.2
Data Sampling Method
There are many types of sampling methods which may suits to this kind of
research. However, as long as the main focus of this research is on University
Technology Malaysia (International Campus, Kuala Lumpur) therefore mainly,
stratified random sampling and cluster sampling remain the only useful method for
the purpose of further research.
3.5.2.1 Stratified Random Sampling
Stratified random sampling method is useful when populations are divided
into subgroups depending on particular characteristics. In fact, when the nature of the
issues to be investigated means that it is important to give respondents from
particular subgroups an equal chance of representation and this would not happen
through random sampling.
Methods of the relevant characteristics to be used for stratification are
identified on the basis of the questions to be asked, female or male students or even
from which year and department they belong to. A random list is then drawn up for
each subgroup and respondents chosen randomly within each. However potential
problems may results on identification of the characteristics for classification of
respondents is crucial and may need to be refined during investigation.
In fact cluster sampling is divided the population into groups, or clusters. A
number of clusters are selected randomly to represent the population, and then all
units within selected clusters are included in the sample. No units from non-selected
clusters are included in the sample. They are represented by those from selected
clusters. This differs from stratified sampling, where some units are selected from
each group (Rache, 2008).
64
3.5.2.2 Cluster Sampling
Cluster sampling is useful when clusters are randomly selected and all
individuals or households in particular clusters are interviewed and mostly, beneficial
when the target population is very large. Cluster sampling has several advantages as
like: reduced costs, simplified field work and administration is more convenient.
Instead of having a sample scattered over the entire coverage area, the sample is
more localized in relatively few centers.
Cluster sampling’s disadvantage is that less accurate results are often
obtained due to higher sampling error than for simple random sampling with the
same sample size. In addition, multi-stage sampling is like cluster sampling, but
involves selecting a sample within each chosen cluster, rather than including all units
in the cluster. Thus, multi-stage sampling involves selecting a sample in at least two
stages.
In the first stage, large groups or clusters are selected. These clusters are
designed to contain more population units than are required for the final sample. In
the second stage, population units are chosen from selected clusters to derive a final
sample. If more than two stages are used, the process of choosing population units
within clusters continues until the final sample is achieved (Rache, 2008).
3.5.3
Instrumentation and Data Analysis
As it has been shown in result and discussion, the collected data was analyzed
with the help of Microsoft Excel. However, benefits of some other soft ware analysis
like SPSS would be undeniable according to certain circumstances. SPSS stands for
one the most useful tool for statistical analysis. It is used for market researchers,
healthcares, survey companies and educations.
65
Statistics include in the base software are:
¾ Descriptive Analysis
¾ Bivariate statistics
¾ Prediction for numeral outcomes
¾ Prediction for identifying groups
SPSS and descriptive analysis is among the most widely used programs for
this research. The original SPSS manual been describe as one of the most useful tools
for research analysis located in US and around the world. It is also graphical user
interface where it carries two option views.
The data view shows a spread sheet view of cases (rows) and variables
(column). The variable views displays the metadata dictionary where each row
represents a variable and shows the variable name, variable label, measurement types
and variety of other characteristics.
Cells in both views can be manually edited, defining the file structure and
allowing data entry without using command syntax. This may be sufficient for small
datasets. Larger datasets such as statistical surveys are more often created in data
entry software, or entered during computer-assisted personal interviewing, by
scanning and using optical character recognition and optical mark recognition
software, or by direct capture from online questionnaires.
66
3.6
Research Planning and Schedule
No
Activity
1
Literature Review
2
Problem Definition
3
Present the Research Proposal
4
Develop the Proposed Framework
5
Class Discussion and Survey (Pre Test)
6
Analyses Collected Data
7
Integrate The Data
8
Test the Online Instrument
9
Evaluate the Proposed Framework
10
Write up the Thesis Report
Week
1
2
3
4
5
6
7
8
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36
67
3.7
Limitation of Research
There are several limitations of the research. The most noticeable limitation
relates to small sample size. The theory of deindividuation may possibly help to
explain why the students may lose their motivation to complete the survey or even
not submitting it. The brighter answer, which would be under this theory, will be
that, students have believed that their lack of participation would not be identifiable.
Second reason would be the lecturer is not capable of teaching this portion of
study well, and then they lose their future interest and may not attend in lectures or
discussions. Final reason is related to the higher than anticipated number of existing
policies or framework that means the concept of a computer ethics framework might
not have been operationally defined well for the respondents.
3.8
Summary
The finding from this survey, despite from limitations and small size, are still
an important and relatively unique contribution to this study. The survey did
accomplish the basic objective which was design to fulfill and provided the
necessary data and idea needed to develop a more useful computer ethics framework
and instructional plan. The information from the study proved that computer ethics
and related security concept are very valuable factor of every educational centre and
UTM University as well.
4
RESULT AND DISCUSSION
CHAPTER 4
RESULT AND DISCUSSION
4.1
Introduction
This chapter has been written in order to complete the related literature
review and mentioned objective in chapter one. In addition, scenario method
analyses with respect to related analysis been studied.
4.2
Research Framework
The research framework been developed in order to evaluate the lack of
understanding of students on computer ethics and information security. The overall
importance of this study is based upon the premise that information obtained from
previous literature related to computer ethics on university campus, coupled with
related ethical scenarios that are most involved with computer ethics needs, issues
and problems on educational context. The developed scenarios would accompanied
by recommendations for implementing an actual core of study with respect to
computer ethics and information security.
Researcher has developed a framework for development of information
security with computer ethics respect to educational conception. The further
discussion follows the exact code of ethics, which are including Privacy, Property,
Accuracy and Accessibility.
69
As Figure 4.1 depicts, framework examines information security and
computer ethics from two major dimensions: the educational and information
security. In addition, research framework are also explored to suggested the
educational core of computer ethics which is the effective ways to teach information
security along with computer ethics from the basis of educational level rather than
higher level. The educational dimension is focusing on the core of information
security, which considers along with awareness and morality.
Figure 4.1: Research Framework
In fact, educational dimension is explored from various perspectives to have
relevance for group rather than individuals where the focus of this issue has been
mentioned in literature review. Examples of questions in order to guide the
development of research framework references include: have you ever heard about
computer ethics? What are ethical dilemmas and its social impacts?
The other main phase of educational dimension is moral development that
includes personal beliefs related to their background of computer ethics. In fact, it
focus on morality and further effectiveness that how individual morality can change
their attitude and therefore acquire appropriate awareness hence evaluate ethical
70
dilemmas. Research approaches present methods and creative ideas for teaching of
computer ethics with respect of information security for diverse audiences.
Figure 4.2: Development Process
As Figure 4.2 shows, the developing process obtained from the existing
theories and models. The framework`s dimensions cover the basic levels for
computer ethics lectures and class room discussions related to ethical behavior of
future computer scientists. The main emphasis is to presents creative and beneficial
methods for learning experiences in various kinds of information security ethics. The
authors place particular focus that will require students to build and rebuilt their
beliefs in different ways in order to know unethical behaviors and their social impact
on their future career.
71
4.3
Educational Approaches
A computer ethics policy is only the first step in the process of instilling
ethical behavior on every university campus. In addition to educating students,
emphasizes that one of the most important factors for successful ethical education is
for faculty to promote and maintain a climate consistent with high ethical standards.
Researcher recommends that teaching approaches should begin with a
dictionary definition of computer ethics relating to secure method of computer use.
This should be reinforced by role-playing to determine how computer ethics would
fit in real-life scenarios and followed by encouraging students to personalize the
topic within group discussion.
Many researchers also offer advice for effective teaching information security
strategies. They begin with guidelines for an instructional unit. First, instructors
should begin by introducing key concepts and definitions relating to computer ethics.
Second, they need to include relevant historical and legal information related to
ethical use of computer. Next, they should provide real-life examples (Scenarios) of
common ethical issues that may be of personal relevance to students.
Researchers suggest involving student participation through assigned reading,
computer based activities, writing assignments, role-playing and classroom
discussion. As an additional activity to elicit student’s participation is the use of
mock trials of cases involving unethical use of technology. A meaningful follow-up
could include having students conduct survey of other student’s attitudes concerning
computer ethics and information security issues.
4.4
Information Security and Computer Ethics
As the public becomes increasingly computer literate, the gap between
technology and information security shrinks. Computer systems are no longer
composed of one large, simple, straightforward batch-oriented computer. They are
72
now integrated real-time query-based systems. The computers of former years
understood by the knowledgeable few, but currently available computers, software,
and assorted output devices have enlightened many.
The danger is now more apparent that computer abuse will soon increase
dramatically if it is not curtailed by legal sanctions and if people do not adapt some
code of ethics Sometimes people employ ethics when it is convenient and to their
advantage. At other times, they set any ethical standards aside by rationalizing that
there is a greater good that should be considered. Unfortunately, ethical behavior is
not part of the law of nature, but it would be future threats on human status.
An important aspect of computer user’s ethical abuse includes the privacy
question. Why exactly is a person’s privacy important? There is no simple answer to
this question, as long as people have concerns and commitments that may be harmed
by personal disclosures.
There are several reasons why medical records should be kept private, having
to do with the consequences to individuals that facts concerning them becoming
public knowledge. The average patient does not realize the importance of the
confidentiality of medical records. Passing out information on venereal disease can
wreck a marriage. Revealing a pattern of alcoholism or drug abuse can result in a
person losing his job or make it impossible for the person to obtain insurance
protection (Brier, 1997).
When people apply for credit they are often investigated, and the result is a
fat file of information about them. Now there is something to be said in favor of such
investigations. Organizations granting credit need to know if the credit-applicants are
financially reliable. The trouble is that all sorts of other information go into such data
bases. For example, it is possible that information exists about the applicant’s
organization membership, political views, and so forth. Clearly it is unfair for one’s
application for credit to be influenced by such irrelevant matters (Collins, 1992).
73
4.4.1
Scenario Framework
From scenarios perspective, rapidly changing environment requires a
continuous, adaptable, and enhances able personal approach to ethics. fortunately for
it professionals, this approach is not a foreign concept, continuous improvement has
been a cornerstone of professional development, quality improvement, and software
process improvement through the capability maturity models of the software
engineering institute.
Figure 4.3: Ethical Scenario Framework
Ethical scenario framework is a personal framework that responds to an IT
professional is need for guidance in ethical decision-making. It is designed to see to
IT that IT professionals integrate ethics into their personal and professional lives.
74
As Figure 4.3 illustrates the approach as the interactions among three elements:
¾ The IT professional seeks to be ethical in conduct and decisionmaking.
¾ The real world is a constantly changing, enormously complex
environment of people, cultures, products, events, and so on. The
world continually presents situations that call for decisions, actions,
and reactions from it professionals.
Scholars and practitioners from the supporting ethics community are also
valuable references. This resource pool also includes educational programs, training
(especially in multimedia and interactive formats), consultants, ethics advisors, and
hardcopy and online documents including laws, codes of ethics, institutional policies
and procedures, and ethics self tests.
Scenario framework also allows the IT professional to give something back to
the industry by contributing to the pool of ethical resources, an activity consistent
with being a professional. One opportunity is to cooperate with in-house ethics
training by providing a case study or scenario for discussion.
Ethics start out as personal. When researchers upbringing, values, ingrained
sense of right and wrong, moral predicaments, and moments of anguish integrated
over a lifetime influence how they perceive the morality of today’s actions and
choices. No alarm will ring to prompt that this is one of those times when people
should apply what they learned (or forgot) from those ethics training sessions last
year.
Moreover, with IT continually changing, some of today’s ethical dilemmas
were not even around last year. So IT professionals can benefit from a personal
framework for recognizing and understanding the ethical dimensions in the situations
they encounter every day. Educational programs and company training can help IT
75
professionals improve their awareness of ethics issues, but the IT profession needs
more help for several reasons.
In software, such models arose because of the nature of software
development, the certainty of changes in essential elements (such as subject content
and application environment) and the enormous leverage people can have on the
final outcomes. The same is true today of ethical decision-making in it. Therefore, it
makes sense to think about applying continuous-improvement models and techniques
to ethics enhancement.
4.5
Purpose of Distributed Survey
It is important to reiterate the main purpose of the survey portion of the study
was not to find the data that represent community of UTM campus, but to obtain
useful input from student`s views regarding computer ethical conditions and analysis
in their campuses.
A secondary purpose of survey was to obtain useful input that focused upon
participants reactions to elements of a working computer ethics scenario and
accompanying instructional plan being developed and proposed by this study.
The results obtained from completed survey and response sheets have
provided a great deal of interesting and useful data that successfully met these survey
objectives and contributed greatly to the proposed model and ethical instruction plan.
In addition, responses to certain key questions do indicate the presence of
deindividuated behavior among computer users on college campus within the
research area. The question planned for this purpose, did indicate the presence of
computer ethics among the current users or students of computer science.
76
In addition, as morality, awareness, intellectual property and privacy play a
very important aspect of this research. It was a main part of survey to analyze these
issues and further effects on students.
4.6
Demographics
Out of 431 students 331 (Response Rate:76.79%) has participated in the
survey where all the respondents agreed to answer the entire question motivationally.
Students were asked to respond each of the questions using a five-point likert scale,
ranging from strongly disagree to strongly agree.
200
180
160
140
120
100
80
60
40
20
0
Male
Female
Figure 4.4: Demographic Information
77
Maajors
En
ngineering
24%
Post Graduate
10%
Colleege Studeents
36%
%
Diplo
oma
30
0%
Figure 4.5
5: Majors
Thhe result of the survey and respon
nse sheets are
a examineed below in
n light of
the key research quesstions that guided
g
this research.
r
Age Chart
200
150
100
50
0
Under 19
20 to
o 25
Figure 4.6: Age
2
26 and above
78
4.7
Educational Perception
The question focused on this dimension, been designed in order to evaluate
and analyze the level of awareness on computer ethics and information security. In
addition, PAPA model also remain the heart of research for the further appraisal on
computer ethics and information security.
4.7.1
Awareness
The basic research question stated in research explored through the survey
was to extent to educational dimension along with the examined elements as
awareness, morality and PAPA model that has been discovered in 1986.
As shown in Table 4.1, more than (63.44%) of the respondent whether
strongly agreed that they have heard about information security. Of those who
participated in the survey, a little under (3.32%) did not have any idea about
information security and computer ethics only (15.10%) where strongly disagreed
that they have never been informed about information security and ethics.
Table 4.1: Awareness
Variable
about N
F
I believe that Universities have N
the main role to inform students
about Information Security
F
Ethics and their social impacts.
I believe in Computer Ethical N
principles and I apply them to
F
my educational life.
Have
you
heard
Information Security?
N= Number F= Frequency
Awareness
Strongly
Disagree
Disagree
50
Neutral
Agree
11
210
Strongly
Agree
60
-
15.10%
3.32%
63.44%
18.12%
-
-
33
271
27
-
-
9.96%
81.87%
8.15%
-
80
93
101
57
-
24.16%
28.09%
30.51%
17.22%
79
As also Table 4.1 indicates, most of those responding (81.87%) agreed or
strongly agreed (8.12%) that Universities have the main role to inform students about
information security ethics and their social impacts. This an important result proof
that, students themselves believe in educational institution and leaders on the main
factor of awareness and educating them with respect to information security and
computer ethics.
While being informed from social impact of computer and lack of ethical
awareness, more than (24.16%) of students disagreed that they believe in computer
ethical principles and rules where this result may indicates the more need of ethical
morality and study in University Technology Malaysia. In addition (30.51%) were
agreed on ethical rules and using them on their daily and career life which is a small
and doubted result for a developed country like Malaysia.
4.7.2
Privacy
A number of variables in the measuring (Mason, 1986) model were an
attempt to determine whether information security felt the computer ethics from
PAPA model or it is in more need of research and analyses.
Table 4.2: Privacy
Variable
Computer privacy is the main N
factor of Computer Ethics.
F
Computer privacy can protect
me from losing my private N
information.
F
N= Number F= Frequency
Privacy
Strongly
Disagree
Disagree
Neutral
Agree
Strongly
Agree
-
-
50
87
194
-
-
15.10%
26.28%
58.61%
-
-
16
291
24
-
-
4.83%
87.91%
7.25%
80
A shown in Table 4.2 almost three quarters either agreed or strongly agreed
with the statement that ethical problems had increased since then or after. However,
students unanimously agreed or strongly agreed that computer privacy can protect
their private information from hackers, crackers and internet thefts. Finally, (58.61%)
were strongly agreed that privacy is the main factor of computer ethics based on
PAPA model where only (15.10%) did not have any idea on this element
4.7.3
Intellectual property
As the main discussion in Table 4.3 and debate on computer rule and
regulations, copy right and intellectual policies remain the heart of study of any
researchers and scholars. In order to continue the mission of previous researcher on
this key factor of computer ethics, researcher focus on the main question that,
whether students believe in copy rights or not and if in case they are aware of
following purpose, on which level of understanding they can differentiate between
copied software and original software.
Table 4.3: Intellectual Property
Variable
I believe in copyrights rules N
and regulation.
F
Does your University have
formally
stated
policies N
regarding copying software for
F
educational purpose?
Copyright
Strongly
Disagree
Disagree
Neutral
Agree
Strongly
Agree
-
13
78
168
72
-
3.92%
23.56%
50.75%
21.75%
79
62
161
29
-
23.86%
18.73%
48.64%
8.76%
-
N= Number F= Frequency
More than (21.75%) of students they were strongly agreed that they believe in
copyright rules and regulations followed by (50.75%), where (23.64%) indicates
their neutral opinion on this debate. Even though with the attended number students
on their lack of awareness in copyright rules, (42.59%) of students were totally
81
agreed that their university itself do not have any stated copyright policy that can
inspire students to act and behave on copyright rules.
4.7.4
Accessibility
Another basic research question that they study attempted to answer was
concerned with how participants might enforced to use violated software and asked
whether they share their private information with others or not.
While respondent were given the opportunity to answer their question
without any identification number or signature, they answer could not target that
researcher as expected to be.
Table 4.4: Accessibility
Variable
I use violated copied software N
regularly.
F
I do share my private
information and password with N
my close friends.
F
Accessibility
Strongly
Disagree
Disagree
Neutral
Agree
Strongly
Agree
-
21
13
201
96
-
6.34%
3.92%
60.72%
29%
199
39
-
80
13
60.12%
11.78%
-
24.16%
3.92%
N= Number F= Frequency
On the other hand, Table 4.4 indicates that, almost (60.72%) were expressed
disagreement with the idea that they respect to software product key and they use
original versions. Further, (60.12%) indicates that, they do not share their personal
data along with close friend.
82
4.7.5
Morality
Another fundamentals research question from chapter 1 that guided the
survey focused on the extent of the influent of computer ethics with personal
morality. Out of two question been reviewed on this an important factor of any
research, as it is shown in Table 4.5 all participants either agreed (19.03%) or
strongly agreed (59.81%) that they respect to others private information. almost
(21.14%) did not have any comments on this question with their neutral answer. As
morality is one of main factor of computer ethics regarding this research the results
been taken from survey indicates a clear answer in any research area.
Table 4.5: Morality
Variable
I always respect to my friends N
private information and I
never want to access their F
personal data.
I never want to become
unethical hacker even if I N
have the talent and ability.
F
Morality
Strongly
Disagree
Disagree
Neutral
Agree
Strongly
Agree
-
-
70
63
198
-
-
21.14%
19.03%
59.81%
38
22
128
103
40
11.48%
6.64%
38.67%
31.11%
12.08%
N= Number F= Frequency
4.7.6
Accuracy
Another important area of questioning sought to determine that
in
which
level of usage they influent password policy in their career. As it is shown in the
Table 4.6, most of participants (53.47%) were strongly disagree or disagree that they
never forget password. From the earlier analysis this may conclude on PAPA model
comment, about human weakness of computer ethics followed by (25.07%) agreed
that they rarely forget their password.
83
Table 4.6: Accuracy
Accuracy
Strongly
Disagree
Disagree
Variable
I rarely forget my password. N
(Example: E-learning, Smart
card)
F
Neutral
Agree
Strongly
Agree
121
56
-
83
71
36.55%
16.91%
-
25.07%
21.45%
N= Number F= Frequency
Final phase of educational dimension on research model will focus on every
dimension`s result in order to compare which phase would be more effective as an
educational elements. As Figure 4.7 shows every details of stated dimension are as
follows that researcher can retrieve the purpose of this study from the given analysis.
Educational Analysis
250
200
150
100
50
0
Figure 4.7: Educational Analysis
These figures and analysis, stated that students have less attention on
accuracy and property where morality indicates the student`s intention to ethical
behavior even though they are not been alert before this research. Therefore, as an
earlier conclusion, we can conclude that we, as educational leaders should focus on
accuracy and awareness of our students in order to prevent from future and upcoming
problems.
84
4.7.7
Information Security Perception
Table 4.7 shows the results of research assumption concerning the
information security perception. More respondent did not have any comment on lack
of security policy in their campus (39.27%). In addition, according to the results the
attended number of students either strongly disagreed (9.66%) or disagreed that
UTM campus do not have any vulnerability of security administration policy. In
addition, frequent number of students was agreed (89.12%) that information security
and computer security can protect their private information and personal data. In
Table 4.7, even though most of the students were agree on this element to use and
regulate information security but still (9.36%) of student find lack of trust and use on
this important information technology era. Not surprisingly, (23.86%) of students
were disagreed that information security may not be helpful for their future career.
Table 4.7: Information Security
Variable
I find lack of Security Policy N
Administration in my campus.
F
Information
Security
and
Computer Security can fully N
protect my private information.
F
I agree, if I want to join to any N
company they will asked about
my knowledge based on
F
Information Security.
`
Strongly
Disagree Neutral
Disagree
Agree
Strongly
Agree
89
-
32
80
130
9.66%
24.16%
39.27% 26.88% -
-
-
5
295
-
-
1.51%
89.12% 9.36%
-
79
94
80
-
23.86%
28.39% 24.16% 23.56%
31
78
N= Number F= Frequency
4.7.8
Computer Ethics Perception
Table 4.8 shows, ethical question relating to final phase of research focusing
on applicability of computer ethics and ethical conflicts. Of respondent, (60.72%)
were agree on applicability of computer ethics and frameworks to all users but still
85
(19.93%) still did not have any idea on this an important issue of current technology.
On the other hand, (25.07%) of students are emphasizing on neutral element when
they have been asked violating software may conflicts ethical principal rules and
regulations. In addition, (33.23%) of students agreed on this element that computer
ethics conflicts computer ethics.
Table 4.8: Computer Ethics
Computer Ethics
Strongly
Disagree
Disagree
Variable
I believe in applicability of N
Computer Ethics Policy to all
users. (Faculty, Stuff, Student ) F
I agree violating
copyright
laws
Computer Ethics.
Neutral
Agree
Strongly
Agree
-
-
66
201
64
-
-
19.93%
60.72%
19.33%
software
conflict N
-
87
83
110
51
F
-
26.28%
25.07%
33.23%
15.40%
N= Number F= Frequency
4.8
Real Time Scenarios Analysis
The following are scenarios represent typical ethical issues that arise when
we use computers irrespective of computer ethics. Computer science educators who
address ethical issues demonstrate that ethical concerns about computing are
appropriate and important to the study and profession of computer science. When
ethical theories will apply in the context of traditional computer science courses,
students are encouraged to view ethical decision-making and conduct as important
professional skills that are relevant to the computing field.
Rather than deflecting attention away from the significant theoretical and
technical content of a course, considerations of the larger context of computing can
actually enhance the study of a computer science topic. For almost all of recorded
history, ethical issues have been decided according to neighborhood, community or
national norms. These have been our main purpose in order to develop the stated
86
scenarios to evaluate Malaysian students perspective by one of the best method been
introduce in ethics research area.
4.8.1
Scenario Number One
A university student, who is technical assistant of his /her supervisor, has
already received an access code, which might be useful for other student. Also, as a
developer he/she was assigned the task of developing software to control the number
of print out pages in order to charge students for the facility expenses. While, he/she
is acting in both the character (Student and teacher assistant) will it be an ethical
behavior if he/she can share the free username and password for his/her friend.
Table 4.9: Scenario No 1
Variable
Frequency
Percent
Valid Percent
Cumulative
Percent
Strongly
Disagree
18
5.4
5.5
5.5
Disagree
90
27.2
27.3
32.7
Neutral
75
22.7
22.7
55.5
Agree
113
34.1
34.2
89.7
Strongly Agree
35
10.3
10.3
Total
331
100
100.0
100.0
As we can see from Figure 4.8 most of students (34.10%) of students agreed
on where close number (27.20 %) disagreed followed by (22.70%) neutral on this
unethical behavior. Even though many awareness been given to the students through
outs courses that these action may not be useful for students perception but still
researchers could conclude that still there are lack of attention exist among students
computer ethics backgrounds.
87
Fiigure 4.8: Scenario
S
Chart No.1
4.8.2 Scenario Num
mber Two
A person X, buy onlinee software in order to his/her prooject enhan
ncement.
Prior to ussing the sofftware, a friend
fr
of perrson X whoo is person Y, needs to
o use the
software ,so person X share his/hher usernam
me and passsword for fuurther devellopment.
Is this Computer
C
E
Ethical
behhavior regaarding intellectual prooperties ru
ules and
regulationns?
Thhis scenario been desiggned in ordeer to evaluaate copyrighht perspectiive from
Malaysiann students. As Table 4.10 depiicts, researcher conclude from strongly
disagree (11.50%)
(
too disagree (19.40%) an
nd from stroongly agreee (10.30%) to agree
(31.10%). From one of the maain elementss on compuuter ethics which is copyright
rules and regulation
r
M
Malaysian
s
students
werre mostly giiven their sttatement eq
qually on
both ethiccally and unnethically behavior.
b
Th
his scenarioo also indicaates and proves the
need of coomputer ethics course in Malaysian
n core of edducational ssystem.
88
Table 4.10
0: Scenario No.2
Variabble
F
Frequency
Perccent
Valid Percennt
Cumu
ulative
Perrcent
Stronggly
Disagrree
38
11
1.5
11.5
11.5
Disagrree
64
19
9.3
19.4
30.9
Neutraal
91
27
7.5
27.6
58.5
Agreee
103
31
1.1
31.2
89.7
Strongly Agree
A
35
10
0.3
10.3
Totall
331
10
00
100.0
Fiigure 4.9: Scenario
S
Chart No.2
10
00.0
89
4.8.3
Scenario Number Three
A senior security officer has recently resigned from his/her previous
company. Nevertheless, still he is aware that the username and password has not
been change yet and he would access the private emails and letters. On the other
hand, his/her friend, suggesting him/her to publish the dishonesty among the
employees and management in order to aware stockholder to prevent from further
corruptions. Is this an ethical behavior to act or not?
This scenario been designed in order to test the morality of student from the
unethical and ethical behavior. Interestingly, from the Table 4.11 most of students
from (18.10%) strongly disagree to (36.60%) disagree followed by (22.10%) neutral.
Also, (16.90%) agreed and (6.30%) strongly agreed, conclude that the action of a
employee may not be ethical if he publish the dishonesty among the management
throughout society because of the only reason that shows he is not the right person to
act and react in this situation. However, this may need more focus as a future
research.
Table 4.11: Scenario No 3
Variable
Frequency
Percent
Valid Percent
Cumulative
Percent
Strongly
Disagree
60
18.1
18.2
18.2
Disagree
121
36.6
36.7
54.8
Neutral
73
22.1
22.1
77.0
Agree
56
16.9
17.0
93.9
Strongly Agree
21
6.30
6.1
Total
331
100
100.0
100.0
90
Figuree 4.10: Scen
nario chart No.3
N
4.9
Su
ummary
Onne may alsoo assume thaat given the increasing demand forr improvem
ments and
resulting rapidly
r
channging naturre of techno
ologies, new
w ethical dillemmas are concern
to occur. Students must
m
be encoouraged and
d guided inn developingg measures that are
more effeective, policcies and innstruction to
o insure thhat computeer ethics reemains a
current annd informatiive area. In addition, Sccenario metthod as a m
major elemen
nt of this
research could
c
indicaates the lackk of accuraccy and intelllectual prooperty elemeent from
Malaysiann student’s perspective.
p
.
Froom the givven third sccenario, ressearcher coould absorbb the numb
bers that
proves higgh volume of moralitty among students
s
beiing studiedd which cou
uld be a
major elem
ment for fuurther ethicaal research to focus more
m
on this view and discover
the lack of
o others miiss understaanding of computer
c
etthics and innformation security.
5
CONCLUSION AND RECOMMENDATION
CHAPTER 5
CONCLUSION AND RECOMMENDATION
5.1
Summary
As discussed previously, educational leaders within higher education, remain
the main body of computer ethics instructions. The literature supports the use of
computer ethics instructions and computer ethics policies as effective measure in
facilitating ethical conduct by computer users. In addition, the body of research
regarding the study of behavioral models, particularly the theory of deindeviduation
(Zimbardo, 1969), planned behavior (Azjen, 1985), moral model (Melissa, 2006)
and ISSX model (Jussipekka and Seppo, 1998) indicates that an increased
understanding and awareness of the underlying factors involved in unethical
behavior are possible through the application of such theories and frameworks.
Based upon the information required through the survey at UTM university
(international campus), and what was found in previous research and supporting
literature, the framework of computer ethics presented from information security
perspective. It may serve the needs of students, staff, and faculty within University
Technology Malaysia for further educational development system. The proposed
computer ethics Framework should not only assist UTM University but could aid
other educational leaders plagued by information technology concern and issues with
respect to information security.
In addition, the results from previous chapter, particularly from real time
scenarios indicates the need of computer ethical courses in Malaysian educational
systems. Even though, the outcome of some phases were as it was expected but it
92
would be an undeniable issue to embed this an important field of research in order to
keep our students up to date and away from social impact of current technology.
5.2
Contribution of Study
The findings from this study, although limited in scope, contribute to ongoing
demand for scholarly research on computer ethics issues and information security in
context of higher education. These findings do elucidate and verify some of the
pressing concerns facing educational leaders due to information technology. In
particular, computer ethics problems do exist extensively on many educational
centers, however, more severe problems such as hacking, theft, and virus spreading
are not currently great problems. In addition, from the student’s perspective, a result
indicates the lack of computer ethics policy in UTM University.
The finding from this study contributes to the existing body of literature and
scholarly research on computer ethics and information security issues, policies, and
educational instruction. This contribution to research may assist other scholars in
their endeavor to help determine what educational leaders think about current
problems and issues as well as viable solutions. In addition, the finding of this
research may contribute to scholar`s understanding of computer ethics and
information security within current educational settings and should raise new
questions about computer ethics and information security that scholars can pursue.
5.3
Direction of Future work
This study clearly reveals that there is a need for more scholarly research
dealing with computer ethics and information security in educational setting. To
better equip educational leaders for addressing technology-induced ethical concerns,
further research is necessary using a variety of research methodologies. Research is
need within the area of computer ethics instruction and more specifically computer
ethics policies and their effectiveness.
93
The scope of this study was limited to University Technology Malaysia
(International Campus). While the results of this study are certainly applicable within
the campus, but the need of future and further research is undeniable. As the future of
education becomes more technology driven and technology dependent, further
studies are necessary for analyzing and anticipating the impact and implementation
of such trend. Scholarly research and empirical evidence on computer ethics
behavior and the effectiveness of various computer ethics policies and instructions
are needed to enrich and add to the existing body of research.
Other educational and organizational institution or setting should be
examined to gain a more thorough understanding of computer ethical issues. Better
demographic and psychographic profiles of computer users in educational
environments need to be developed. Studies should not be limited to just students,
but rather all users of computing resources.
Qualitative studies could include both observed behavior of computer user
and in depth interviews of educational leaders with respect to information security.
Combining qualitative and quantities approach to this issue will assist greatly in the
development of information that is valid and useful to educators and administrators.
94
REFERENCES
REFERENCES
Adam, A., (2001). Computer Ethics in a Different Voice. Information and
Organization. Volume 11(4): 235-261.
Allen, C., (1996). Conundrums of Conducting Ethical Research in Cyberspace. The
Information Society. American Physiology Association, Vol.12 (3):
175-187.
Ajzen, I., (2002). Attitudes, Personality, and Behavior. Buckingham, Open University
Press.Vol.50: 179-211
Banerjee, D. (1998). Modeling IT Ethics. A Study of Situational Ethics. Management
Information Systems Quarterly. Volume 22( 1): 31-60.
Barnett, T., and Vaicys, C. (2000). The moderating effect of individuals' perception
of ethical work climate on ethical judgments and behavioral intentions.
Journal of Business Ethics. Volume 27 (4):351-362.
Bazeley, P. (2003). Teaching mixed methods. Research Journal. Special Issue 2003.
117-126.
Bazeley, P. (2004). Teaching mixed methods. Qualitative Research Journal. Special
Volume 4 (3): 117-126.
Berleur, J. and Bruunstein, K. (1996). Ethics of Computing: Codes, Spaces for
Discussion and Law, Chapman & Hall: London.
Berleur, J. (1996). IFIP Framework for Ethics, Science and Engineering Ethics
(Special Issue on Global Information Ethics). Volume 2( 2): 155-165.
95
Boehlefeld, S.P. (1996). Doing the Right Thing. Ethical Cyberspace Research. The
Information Society. Volume 12( 2): 141-152.
Bowman, J.S., and Menzel, D.C. (1998). Teaching Ethics and Values in Public
Administration Programs, Innovations, Strategies and Issues, SUNY Press.
Albany.
Brier, Steven (1997). How to Keep Your Privacy. Battle Lines Get Clearer. The
New York Times.
Bynum, T. (2006). Computer Ethics. Basic Concepts and Historical Overview .
Stanford . Encyclopedia of philosophy.
Cappel, J.J., (1995). A Study of Individuals Ethical Beliefs and Perceptions of
Electronic Mail Privacy. Journal of Business Ethics. Volume 14 (10):
819-827.
Cappel, J.J., and Kappelman, L., (1997). The Year 2000 Problem, An Ethical
Perspective in year 2000 Problem. Strategies and Solutions from the Fortune
100. International Thomson Computer Press, Boston, 158-163.
Croom, S. (2002). Methodology Editorial, Special issue on research methodology in
operations management. International Journal of Operations and Production
Management. Volume 22 (2): 148-151.
Cruz, J. A., Frey, W. J. (2003). An Effective Strategy for Integration Ethics
Across the Curriculum in Engineering. An ABET 2000 Challenge. Science
and Engineering Ethics. Volume 17 (3): 543-568.
Collins, W. R., and Miller, W., (1992). Paramedic Ethics for Computer
Professionals, Journal of Systems Software, Volume 17 (3): 23-38.
Couger, J.D. (1989). Preparing IS Students to Deal with Ethical Issues, Management
Information Systems Quarterly. 211-218.
96
Cortada, J. W. (2002). Researching the History of Software from the 1960's. IEEE
Annals of the History of Computing. Volume 24 (1): 72-79.
Cowton, C.J., and Thompson, P. (2000). Do codes make a difference. The case of
bank lending and the environment. Journal of Business Ethics. Volume 24
(2): 165-178.
Deborah, J. (1985). Computer Ethics, Prentice-Hall.
Davison, R.M. (2000). Professional Ethics in Information Systems: A Personal
Perspective, Communications of the AIS.
Diener, E. (1980). The absence of self-awareness and self regulation in-group
members. The psychology of group influence Hillsdale, NJ. Lawrence
Erlbaum. 209-242.
Floridi, L. (1999). Philosophy and Computing, London. Routledge.
Fowler, T.B., (2002). Technology’s Changing Role in Intellectual Property Rights,
IT Pro. Volume 4(2): 39-44.
Grupe, F., and Kuechler, W. (2002). Is It Time for an IT Ethics Program?
Information Systems Management. Volume 19(3): 51-57.
Hamid, N. (2007). Information Security and Computer Ethics. Tools ,Theories and
Modeling. North Carolina University , Igbi Science Publication. 543-568.
Herkert, J. (2009). Engineering Ethics Education. European Association of
Engineering. Taylor and Francis Publications. 303-313.
Huff, C. and Frey, W. (2005). Moral Pedagogy and Practical Ethics, in Science
and Engineering Ethics (Forthcoming).
97
Janine, D. (2001). Carolyn Oxen ford Marymount University, Defining
the Limits: Cyber Ethics.
Jussipekka, L., Seppo, H. (1998). An Analysis of Ethics as Foundation of
Information Security in Distributed Systems. HICSS. Volume 6 (6): 213-222.
Kluwer, E. (2000). Journal of Business Ethics Academic Publishers.
Kallman, E. ,and Grillo, J.P., (1996). Ethical Decision Making and Information
Technology. An Introduction with Cases. McGraw Hill.
Kini, R.B., Rominger, A. and Vijayaraman, B.(2000). An Empirical Study of
Software Privacy and Moral Intensity among University Students, The
Journal of Computer Information Systems. Volume 3 (6): 62-72.
Langford, D. (1995). Practical Computer Ethics, London: McGraw Hill.
Langford, D. (1999). Business Computer Ethics, London: Addison Wesley
Longmans.
Langford, D. (2000). Internet Ethics, London: Macmillan.
Lee, K. (2006). Efforts for the Fixation of Systemic Information and
Communication Ethics Education, Information Communication Ethics
Committee. IJCSNS International Journal of Computer Science and Network
Security. Volume 6 (6): 3-5.
Masrom, M., and Ismail, Z., (2008). Computer Security and Computer Ethics
Awareness: A Component of Management Information System, IEEE
Technology and Society Magazine.
Mellisa, D. (2006). A Framework for Information Security in Ethics Education
system. 10th Colloquium for Information Systems Security Education
University of Maryland.
98
Namayandeh, M., and Masrom, M., and Ismail Z., (2009). Development of
Computer Ethics Framework for Information Security within Educational
Context. SEATUC. Shibuara University, Japan. 235-240.
Meyer, K. (2001). Transition Economies in. T. Brewer and A. Rugman, Oxford
Handbook of International Business, Oxford.
Mason, R.O. (1986). Four Ethical Issues of the Information Age. Management
Information Systems Quarterly. Volume 10 (1): 5-12.
Oz, E. (1992). Ethical Standards for Information Systems Professionals. A Case for a
Unified Code. Management Information Systems Quarterly. Volume 16 (4):
423-433.
Oz, E. (1993). Ethical Standards for Computer Professionals. A Comparative
Analysis of Four Major Codes. Journal of Business Ethics. Volume 12 (9):
709-726.
Pierson, J. and Bauman, B. (2004). Developing awareness of computer ethics. In
Proceedings of the Ninth International Conference on Information Systems.
Minneapolis, Volume 3(3): 341-342.
Philip, B. (2007). Research in Philosophy and Technology. Journal of Technology.
Volume 11(2): 3-8.
Rache, P. (2008). Convenience Samples and Research How Are The Findings?
Gerontologist. United States. Volume 48: (6). 3-12.
Spinello, A. (2003). Cyber Ethics: Morality and Law in Cyberspace (2nd Ed.).
Sudbury, Jones and Bartlett.
Spinello, A., and Herman T., (2002). Readings in Cyber Ethics. Second Edition.
99
Sackson, M. (1974). Computer Security - Fraud: Prevention and Detection. Master’s
Thesis, Pleasantville, NY: Pace University.
Sackson, M . (1991). Computers and Society Impact. New York: Mitchell
McGraw-Hill. 418-423.
Smith, H. (2002). Ethics and Information Systems, Resolving the Quandaries, the
Database for Advances in Information Systems. Volume 33 (3): 8-20.
Sani, R. (2006). Cybercrime Gains Momentum . New Straits Times.
Staehr, L. (2002). Helping computing students to develop a personal ethical
Framework. IEEE Technology and Society Magazine. Volume 21 (2): 13-20.
Steidlmeier, P. (1993). The Moral Legitimacy of Intellectual Property Claims.
American Business and Developing Country Perspectives. Journal of
Business Ethics. Volume 12( 2): 157-164.
Tavani, H.T. (2001). Information and Communication Technology (ICT) ethics: A
Bibliography of Recent Books, Ethics and Information Technology. Volume
14 (3): 77-81.
Tavani, H.T. (2001). The State of Computer Ethics as a Philosophical Field of
Inquiry: Some Contemporary Perspectives, Future Projections, and Current
Resources. Journal of Ethics and Information Technology. Volume 3 (2):
97-108.
Tavani, H.T., and Moor, J.H., (2003). Privacy Protection, Control of Information,
and Privacy Enhancing Technologies. Associate Computers and Society.
Volume 38 (25):6-11.
Walters, G., (2001). Privacy and Security, An Ethical Analysis, ACM Computers and
Society. Volume 31 (2): 8-23.
100
Wong, E.Y.W., (1994). Data Protection Legislation in Hong Kong - A Practical
Perspective. Journal of Information Technology Management.
Volume 5 (25): 59-63.
Walsham, G. (1996). Ethical Theory, Codes of Ethics and IS Practice, Information
Systems Journal. Volume 13 (2): 69-81.
Waskul, D., and Douglass, M. ,(1996). Considering the Electronic Participant. Some
Polemical Observations on the Ethics of On-Line Research. The Information
Society.Volume 12 (2): 129-139.
Hyder, S., and Werth, J., and J., Browne, C. (1993). A Unified Model for Concurrent
Debugging. Proc. International Conference on Parallel Processing. Volume
3(1): 75-83.
Zimbardo, P. (1969). The Human Choice, Individuation, Reason, and Order Versus
Deindividuation, Impulse, and Chaos, Nebraska symposium on Motivation.
Volume 17(7): 33-38.
101
Appendix A
Guideline
Introduction
The guideline for appropriate computing behavior and ethical conduct consist
of a fourteen-week instructional plan for introducing ethical subject with respect to
information security in educational context. This module may be included within any
existing computer course. However, an introductory and short review had been
studied in this part of research. Each topic is introduced by the instructor and
followed by class discussion. Each point listed below comes from college computer
ethics policy. While students should have already read the policy, they may not be
aware of what would be the full content of such a security and academic policy.
Instructional Plan
Concerning the findings from previous research, supporting literature and
feedback provided by (Namayandeh, Marom and Ismail, 2009), held by Shibaura
Institute of Technology in Japan and response analysis, the purpose of this chapter is
to
embed
computer
Recommendations
are
ethics
throughout
include
assisting
Malaysian
educational
educational
leaders
and
centers.
system
administrations in the implementation of such a policy and plan. Additional
recommendations are suggested to assist and help scholars who are interested in
contributing to computer ethics further research and analysis.
102
Proposed Instructional Plan
Ethics education is a critical component for overall success of a computer
ethics framework and to encourage ethical behavior in general. Unfortunately, the
findings in this study suggest that many educators think they should not be
responsible for the ethical and moral development of others, but should simply teach
objective concepts and facts. Many educational leaders and administrators also
hesitate to develop ethics education. Some have suggested that if computer ethics
were a required course at institution, it would be legitimizes and professors or others
would be more anxious to teach it (Herkert, 2009).
Importance of Ethical Instruction
Some people may felt that ethical instruction would be unnecessary within
educational context. It is interesting to note that at the same time many indicated high
occurrences of unethical behavior that could potentially be avoided by better
educating computer users. As argued (Namayandeh, Marom and Ismail, 2009)
teaching the ethical aspect of computer and information security is just as important
as teaching the basic computer concepts and skills.
Many educational institutes have found this to be the case and have
implemented various types of activities designed to empower their students for
ethical action. Many researcher advices that education should assist students to
become more alert at discovering moral issues, should teach them to reason ethical
issues, and should clarify moral and aspiration.
Some educators and administrative leaders debate whether to provide ethical
instruction within all computer courses or to offer just one. Many scholars believe
that ethics education is best taught and learned throughout the curriculum with a
variety of ethics activities rather than compartmentalized within one course. The
most effective way to reach all or most students is through integration of computer
ethics and information security within all computer courses (Herkert, 2009).
103
Faculty and staff, on the other hand, could receive computer ethics instruction
through workshops, seminars, or professional development activities at their
particular institution. Through the integration and incorporation of ethical concepts
and information security within educational context, it is hope that users will begin to
see how ethical concepts relates to all issues involved in computer and apply ethical
behavior to their specific fields or areas of interest.
Campus Culture
For the long-term success of computer ethics emphasis as describe and
outlined in this chapter, it must infiltrate the very fabric and culture of educational
institution. The effectiveness of computer ethics initiatives is dependent upon the
influence of a common core of beliefs, attitudes and customs. Faculty, staff, and
students must believe that computer ethics and information security are important
and critical to the mission of global and developed society.
This is one of the reasons why the computer ethics policy should begin in
Malaysian educational centers, on the other hand, ethical system can easily influence
with attitudes after an ongoing process rather than a short analysis. This will help
insure long term success by maintaining accountability between existing members
and enabling new members to adapt positive norms of behavior.
Designed Course
The purpose of this instructional unit is to provide students with an
understanding of why ethical behavior is necessary and how to make the widest
decisions when faced with ethical dilemmas. Ethical cases shows that one of the
most effective method to teach ethics is to stimulate individual thinking and personal
interpretation through the case based approach. The ethical cases place the students
in dilemmas that each must solve one (Oz, 1992).
104
Course Flowcharts
105
Weekly Course Guidelines
106
Course Chart
Ethics Cases
1. Data Alteration
2. Ethics in Higher Education
3. Worker Displacement
4. Invasion of Privacy
5. Monitoring E-mails
107
6. Obligations on Society
7. Conflicts and Priorities
8. Confidentiality
9. Obligations to Students
10. Integrity
11. Obligation to Employee
12. Availability