Ethical decision-making: Principles, rights and duties, and intuitive cues

The long view of security strategies for your network.

In my last three columns, I've been discussing the July 30 column by Vauhini Vara of the _Wall Street Journal_ entitled, "Ten Things Your IT Department Won't Tell You." The author provides detailed information on how to violate acceptable-use policies for corporate computer equipment.

In this last column in the series, I want to finish applying Kallman and Grillo's ethical decision-making methodology. Again, the essential points of the method are:

1. Identify the ethical problem in operational terms.
2. Look for explicit and implicit guidelines relevant to the situation.
3. Identify and apply underlying principles affecting the decision.
4. Explore rights and duties of participants and stakeholders.
5. Respond to intuitive cues.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

In my last three columns, I've been discussing the July 30 column by Vauhini Vara of the _Wall Street Journal_ entitled, "Ten Things Your IT Department Won't Tell You." The author provides detailed information on how to violate acceptable-use policies for corporate computer equipment.

In this last column in the series, I want to finish applying Kallman and Grillo's ethical decision-making methodology. Again, the essential points of the method are:

1. Identify the ethical problem in operational terms.
2. Look for explicit and implicit guidelines relevant to the situation.
3. Identify and apply underlying principles affecting the decision.
4. Explore rights and duties of participants and stakeholders.
5. Respond to intuitive cues.

I've been analyzing the case of Bob, an employee who signed an appropriate-use agreement with his employer but who chooses to follow Vara's suggestions for cheating his employer of useful work - and then concealing his violations of policy. I covered the first two points of the methodology in previous newsletters; now we move to the final three.

Some of the principles that anyone can apply when deciding whether a proposed action is right or wrong can be represented as questions about the proposed course of action:

* Does it break a promise?
* Damage the trust others have in you?
* Damage friendships?
* Hurt feelings?
* Tarnish your or someone else's reputation?
* Be unjust or unfair?
* Help you and the world be better, kinder?
* Maintain your integrity and pride?
* Treat others as individuals, not as tools?
* Be a Good Thing if everyone acted so?
* Would you be happy to be the recipient of your proposed actions?

I think Bob's cheating would generate "Yes" answers for several of these questions.

From a contractual point of view, the stakeholders at Bob's place of employment have a right (a claim or an entitlement) to Bob's honest provision of work for pay, just as he has the right to be paid for his work. Reciprocally (which is the usual relationship between rights and duties), Bob has a duty to provide an honest day's work for his pay. Watching sports programs while being paid to do work does not count as fulfilling his duty.

Finally, some of the intuitive indicators that help us choose between right and wrong are as follows:

* Does it feel wrong? (The "smell test")
* Is someone trying to hush up the proposed plan? (The "shusher test")
* Would you be proud to tell your parents, your spouse? (The "mom test")
* Would you be happy having a full report on the proposed action detailed on prime-time TV news?
* Would you be proud to tell strangers what you're proposing to do?
* Would you be happy to have your children / siblings / friends acting as you are thinking of doing?

Again, I think it must be clear that at least several of these questions should raise alarm bells for any normal person.

What about Vara and the WSJ? I leave evaluation of the answers to questions raised by these guidelines to the readers as an exercise. Perhaps they will make interesting discussion points over lunch. I'm sending these articles to Vauhini Vara and to the editors of the WSJ and maybe they will respond - I'll let you know.

Read more about security in Network World's Security section.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Associate Professor of Information Assurance in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.