IT Ethics Handbook: Right and Wrong for IT Professionals [Illustrated] [Paperback]

Stephen Northcutt (Author), Cynthia Madden (Author)

Book Description

ISBN-10: 1931836140 | ISBN-13: 978-1931836142 | Publication Date: July 29, 2004 | Edition: 1

The target audience for this book is any IT professional responsible for designing, configuring, deploying or managing information systems. This audience understands that the purpose of ethics in information security is not just morally important; it equals the survival of their business. A perfect example of this is Enron. Enron's ultimate failure due to a glitch in the ethics systems of the business created the most infamous example of an ethics corporate breakdown resulting in disaster. Ethics is no longer a matter of morals anymore when it comes to information security; it is also a matter of success or failure for big business.

* This groundbreaking book takes on the difficult ethical issues that IT professional confront every day.

* The book provides clear guidelines that can be readily translated into policies and procedures.

* This is not a text book. Rather, it provides specific guidelines to System Administrators, Security Consultants and Programmers on how to apply ethical standards to day-to-day operations.

Editorial Reviews

About the Author

Stephen Northcutt, Director of Training and Certification for the SANS Institute, is a graduate of Mary Washington College. Before entering the computer security field he had a varied career as a Navy helicopter search and rescue crewman, white water rafting guide, culinary chef, martial arts instructor, cartographer, and network designer. He is the author or co-author of various publications including: Incident Handling Step-by-Step, Intrusion Signatures and Analysis, Inside Network Perimeter Security, SANS Security Essentials, Network Intrusion Detection, 3RD edition and now IT Ethics Handbook: Right and Wrong for IT Professionals. He was also the original author of the Shadow Intrusion Detection system and first DoD Shadow team leader before becoming the Chief for Information Warfare at the Ballistic Missile Defense Organization.

Cynthia Madden was educated at the University of Connecticut and Columbia University. She has ten years of experience working as a senior consultant on Wall Street advising brokerage firms on all aspects of information technology and business ranging from hands on software development to high-level management and street-wide test co-ordination. Her passion is bringing a new model to businesses, which creates co-operation, balance, and integrity among all relationships within a business be it management and employees, vendors relationships, investor relations, and family life for employees and business owners alike. Cynthia lives in Hawaii and is an active martial artist holding two championship titles for women’s black belt division full contact fighting.

Product Details

• Paperback: 648 pages
• Publisher: Syngress; 1 edition (July 29, 2004)
• Language: English
• ISBN-10: 1931836140
• ISBN-13: 978-1931836142
• Product Dimensions: 9.5 x 7 x 1.5 inches
• Shipping Weight: 1.9 pounds (View shipping rates and policies)
• Average Customer Review: 2.4 out of 5 stars  See all reviews (7 customer reviews)
• Amazon Best Sellers Rank: #2,101,731 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

7 of 7 people found the following review helpful:

2.0 out of 5 stars Uneven and irrelevant throughout..., September 26, 2004

By 

Thomas Duff "Duffbert" (Portland, OR United States) - See all my reviews
(VINE VOICE)    (TOP 500 REVIEWER)    (HALL OF FAME REVIEWER)    (REAL NAME)   

This review is from: IT Ethics Handbook: Right and Wrong for IT Professionals (Paperback)

Over the last couple of months, I've been reading a book titled IT Ethics Handbook by Stephen Northcutt (Syngress). I'd like to say I spent all that time examining ethical issues, when in reality it was just a hard book to finish...

Chapter list: System Administration and Operations; Audit; Vulnerability Disclosure; Digital Postmaster; E-mail Scams; Information Security Officers; Programmers and System Analysts; Database Administration; Information Service Providers; Brother's Keeper; End-user and Employee Computer Security; Customer Ethics; Trusted Assistant; Ethics and Contractors/Consultants; Telecommuting and Mobile Computer Security; Personal Computer Users; Penetration Testing; Content Providing; Privacy; Management/Employer Ethics; Conclusion

Each chapter is made up of a brief discussion of ethical matters in that particular area, followed by vignettes where you have to figure out what you'd do. The author gives a "conservative" and "liberal" answer to the dilemma, followed by a summary of what they consider the right answer to be. While there's some benefit to be gained from thinking through some of the scenarios, the content is just far too uneven and in some cases irrelevant. It took me a number of attempts to find where the author explains what is meant by the conservative and liberal "answers". They are so extreme as to be comical in some cases. Apparently the author uses them as "guardrails" to set the boundaries of the issue. Even then, the author's answer is often too liberal for my tastes or just wishy-washy. In one scenario, the question is asked if IP spoofing is acceptable if it causes no damage (since it's a way for super hackers to show off). The author feels that at best it helps shore up security, and at worst it eats up resources and causes destruction. So what? Is it right or wrong?

In the Personal Computer Users area, the first scenario is being unable to stop playing FreeCell when your husband asks you to come to bed and not play past midnight. For the life of me, I don't see how this has anything to do with IT ethics. The whole Trusted Assistant chapter has nothing to do with IT. It's basically about what an administrative assistant should or should not be able to do. Fine for general business, out of place for IT ethics. And as a final nit, the chapter on Information Service Providers has the term misspelled at the top of each page ("Information Sercive Providers").

While it's possible to get some value from this book, I feel it could have been much better.

5 of 5 people found the following review helpful:

1.0 out of 5 stars Don't know right from wrong? This book isn't going to help., December 7, 2004

By 

brian d foy (Chicago, IL United States) - See all my reviews
(VINE VOICE)   

This review is from: IT Ethics Handbook: Right and Wrong for IT Professionals (Paperback)

Have you ever wondered if you are doing the right thing? Is is okay to steal from work? How about downloading pirated music using the company network? Do the rules apply to everyone? Can I do whatever I want if I'm a system administrator?

These are real topics covered in "IT Ethics Handbook". Sadly, each answer comes in two varieties: Conservative and liberal (each of which get their own font!). If you don't like one answer, you can just choose the other. The (long) list of contributors put their heads together to come up with rationalizations for both sides.

I tend to think that if you have to ask the question, you already know the answer, and if you truly don't, asking your friends, boss, or co-workers will clear it right up. Heck, the employee handbook might even answer them. The book doesn't really lay a foundation for ethics, but sticks to specifics questions. Indeed, it seems to ignore the idea that ethics isn't an absolute, and may vary between different groups and cultures. They merely mention all that stuff in the introduction, but then quickly discard it.

Some other paraphrased questions, in case you still think you need this book. You can quickly find a rationalization for the right and wrong of each and apply the answer that you like best.

* Can I write malicious virus code for profit?
* Should I use somebody else's login and password?
* Can I use company resources for personal gain?
* Can I videotape my co-workers having sex in the hallways? (real question)
* Do I have to obey the law?
* Can I be lazy?
* Can I spy on employees?
* Can I take revenge on a co-worker?

Perhaps this book is for the guy who wears the expensive suit and takes off fridays to play golf.

3 of 3 people found the following review helpful:

2.0 out of 5 stars This could have been better, February 2, 2005

By 

Michael R. Brown (Tamarac, FL) - See all my reviews

This review is from: IT Ethics Handbook: Right and Wrong for IT Professionals (Paperback)

I really wanted to like this book. There are a lot of good things in it, but the negatives outway them.

Problems:
* No bibliography, refrences or pointers to further reading/research. There have been other books on it/computer ethics, this is not the first.
* The slant seems too much toward ethics as it relates to security and security-related matters. There's more to it/computer ethics then that.
* No mention of the several professional organizations of IT/ITSEC people!!! Slight mention is made of ACM & IEEE, but no mention of SAGE (the System Administrators Guide at www.sage.org) which is THE professional association of sysadmins, who have spent YEARS developing a professional code of ethics. This code should have been included in the book. And what about the several professional groups of ITSEC people, like ISSA (Information Systems Security Association at www.issa.org) which also has a code of ethics, Computer Security Insitute (www.gocsi.com), and so forth?? They should have been mentioned. (and since SANS, the authors group, did stuff with SAGE, ignoring them is pretty bad).