IT and Ethics
June 23, 2008
The study states that one third of questioned IT workers admits to misusing their position of trust to view information that is not within their job description, or to just plain old fashioned snoop on other peoples personal information.
Personally I subscribe to the Code of Professional Ethics as set forth by the Information Systems Audit and Control Association (ISACA) , and I have zero tolerance for that kind of unethical behaviour.
This is one area where larger organizations have advantages over businesses in the SMB space. Larger organizations have the staff and processes to ensure that there are segregation of duties and the ability to deeply audit all use of privileged accounts.
All is not completely lost, there are methods for SMB’s to reduce this risk;
1) The Network Administrator accounts should have their passwords changed regularly
2) IT Staff are not to use these accounts in their day to day work. Administrator accounts are only to be used when those administrative priveleges are required.
3) For smaller organizations, keep those administrator passwords locked up somewhere and periodically check to ensure IT staff have not “promoted” their own Login account to the administrator level
4) For larger SME organizations, implement and monitor auditing of these accounts.
5) When hiring or contracting – ensure that it is documented that this sort of behaviour is unacceptable.
You can subscribe to this blog by clicking the RSS icon on the Home Page!