Ethical decision-making: Using formal and informal guidelines

The long view of security strategies for your network.

In my last two columns, I began discussing the July 30 column by Vauhini Vara of the _Wall Street Journal_ entitled, “Ten Things Your IT Department Won’t Tell You.” The author provides detailed information on how to violate acceptable-use policies for corporate computer equipment.

In this column and the next, I want to continue applying Kallman and Grillo’s ethical decision-making methodology. We applied part 1 of the methodology last week. Moving on to part 2 - "Look for explicit and implicit guidelines relevant to the situation" - I’ll continue analyzing the case of Bob, an employee who signed an appropriate-use agreement with his employer but who chooses to follow Vara’s suggestions for cheating his employer of useful work - and then concealing his violations of policy.

Explicit guidelines include:

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

In my last two columns, I began discussing the July 30 column by Vauhini Vara of the _Wall Street Journal_ entitled, “Ten Things Your IT Department Won’t Tell You.” The author provides detailed information on how to violate acceptable-use policies for corporate computer equipment.

In this column and the next, I want to continue applying Kallman and Grillo’s ethical decision-making methodology. We applied part 1 of the methodology last week. Moving on to part 2 - "Look for explicit and implicit guidelines relevant to the situation" - I’ll continue analyzing the case of Bob, an employee who signed an appropriate-use agreement with his employer but who chooses to follow Vara’s suggestions for cheating his employer of useful work - and then concealing his violations of policy.

Explicit guidelines include:

* Laws
* Contracts
* Agreements
* Policies
* Rules
* Professional standards
* Codes of ethics

The most obvious explicit guideline in our example is the acceptable-use policy. Bob is unquestionably violating the policy as written. He is almost certainly also violating the terms of his employment contract, which should stipulate that he agrees to follow policies and guidelines promulgated for the protection of corporate assets. Depending on whether Bob belongs to various professional societies and holds professional certifications, his duplicitous behavior may also violate professional standards and codes of ethics.

What about Vara? Are there any explicit professional standards she could follow?

Journalists can subscribe to the Code of Ethics (CoE) of the Society of Professional Journalists (SPJ). According to the Preamble, “Members of the Society share a dedication to ethical behavior.” However, I have been unable to find any specific injunction in the SPJ’s CoE that would bear on the issue of publishing instructions for employees about how to cheat employers and then lie about it. Perhaps it never occurred to anyone at the SPJ that any of their members would do that, any more than I suppose a member would write an article about how to commit a crime and get away with it.

What about the WSJ itself? Does it publish explicit guidelines for its writers? I couldn’t find the guidelines on the WSJ Web site, but James A. White, a news editor for the publication, very kindly responded by e-mail to my request. The Code of Conduct (CoC) for the Dow Jones organizations is available online and includes these explicit words in its “Employment” section:

“For its part, the Company expects employees to perform excellent work in a cost-effective manner, to strive for quality and productivity, to follow directions and instructions, to properly care for facilities and equipment, to anticipate problems and suggest improvements, to treat other employees and clients and customers with honesty and courtesy, and to be energetic in the performance of tasks and fulfillment of goals.”

Presumably if Vara were to apply her own advice, she’d be violating that instruction.

However (and unfortunately), I don’t see anything in the CoC that explicitly applies to publishing instructions on how to break contracts or even laws. I suppose that it’s possible that the WSJ could sanction an article on getting away with stock fraud or mortgage fraud, but perhaps that’s stretching the analogy beyond belief. Or is it?

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Associate Professor of Information Assurance in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.