Security's Everyman

Security's Everyman

Friday, November 09, 2007

Are you ethical?

I ran across an interesting post this morning regarding ethics and information security. Most of us can remember the surveys that have come out in the last year or so that talk about how many IT and IS professionals actually act in an unethical way. I've blogged about it as well as many others. It's sad and both surprising and unsurprising at the same time. It's surprising because you expect people in positions of trust to do the right thing and unsurprising because everyone has their own idea of trust and what is right.

The Intel blog post linked above has 4 questions that pose hypothetical questions about ethics and what you would do in areas that are often considered gray. Take a look at them and be honest with your answers.

I'd also challenge you to think about other things that you do that many don't think about as possibly being unethical. What do you do on the internet that is against company policy? Do you allow yourself access to internet based resources that the rest of the company is blocked from? What does company policy say about that? If it allows it because of the nature of your job then it's one thing. It's another if you have punched a hole for yourself that isn't "approved" by policy and management.

Things such as this are what either gives us credibility or takes it away. In my last job the company DBA bought me a tee shirt that said "I read your email". (That's read as in present and future tense not past tense) It's a funny tee shirt that got me lots or laughs but it wouldn't be funny if I actually did read everyone else's email. Yet, lots of email admins and security guys do that very thing. They want to keep up on what management is talking about and the latest gossip or love affair in the office. Even though things such as that are blatant and obvious unethical acts they aren't the only ways. Ethics has to be at the core of who we are and what we do if we really want to succeed in life and in our careers.

I'm reading a great book on that very subject right now. It's called "High Performance Ethics" by Wes Cantrell. He was the CEO of Lanier Office Products for several years and he lead Lanier in modeling High Performance Ethics in how they conducted business. I highly recommend reading it. It's also kind of cool because Wes and his wife teach the Sunday School class that we go to at Church.

1 comment:

Matthew Rosenquist said...

Great post. I fully agree, credibility is the key. It represents a kind of currency with management as well as the customers of security. It can only be earned through consistent ethical behaviors and can easily be spent with just a single indiscretion, even good-natured humor (“read your email” shirt, which I think is hilarious).

..I noticed you did not answer the questions off the referenced link. Want to give it a shot? One of your readers, Martin McKeay took a pass at the first question in his blog http://www.mckeay.net/secure/2007/11/ever_heard_of_a_code_of_ethics_1.html

Matthew Rosenquist

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.