• Even within the same society, people can have strong disagreements over important moral issues.
• Ethics has risen to the top of the business agenda because the risks associated with inappropriate behavior have increased, both in their likelihood and in their potential negative impact.
• Each organization must decide if corporate social responsibility (CSR) is a priority for it and, if so, what its specific CSR goals are.
• The pursuit of some CSR goals can lead to increased profits, making it easy for senior company management and stakeholders to support the organization’s goals in this arena. However, if striving to meet a specific CSR goal leads to a decrease in profits, senior management may be challenged to modify or drop that CSR goal entirely.
• Organizations have five good reasons for promoting a work environment in which they encourage employees to act ethically:
(1) to gain the goodwill of the community,
(2) to create an organization that operates consistently,
(3) to foster good business practices,
(4) to protect the organization and its employees from legal action, and
(5) to avoid unfavorable publicity.
• An organization with a successful ethics program is one in which employees are willing to seek advice about ethical issues that arise, employees feel prepared to handle situations that could lead to misconduct, employees are rewarded for ethical behavior, employees are not rewarded for success gained through questionable means, and employees feel positively about their company.
• The corporate ethics officer (or corporate compliance officer) ensures that ethical procedures are put into place and are consistently adhered to throughout the organization, creates and maintains the ethics culture, and serves as a key resource on issues relating to corporate principles and ethics.
• Managers’ behavior and expectations can strongly influence employees’ ethical behavior.
• Most of us have developed a simple decision-making model that includes these steps:
(1) Develop a problem statement,
(2) identify alternatives,
(3) evaluate and choose an alternative,
(4) implement the decision, and
(5) evaluate the results.
• You can incorporate ethical considerations into decision making by identifying and involving the stakeholders; weighing various laws, guidelines, and principles—including the organization’s code of ethics—that may apply; and considering the impact of the decision on you, your organization, your stakeholders, your customers and suppliers, and the environment.
• Philosophers have developed many approaches to ethical decision making. Four common philosophies are the virtue ethics approach, the utilitarian approach, the fairness approach, and the common good approach.
• The key characteristics that distinguish professionals from other kinds of workers are as follows: (1) They require advanced training and experience; (2) they must exercise discretion and judgment in the course of their work; and (3) their work cannot be standardized.
• A professional is expected to contribute to society, to participate in a lifelong training program, to keep abreast of developments in the field, and to help develop other professionals.
• From a legal standpoint, a professional has passed the state licensing requirements (if they exist) and earned the right to practice there.
• From a legal perspective, IT workers are not recognized as professionals because they are not licensed by the state or federal government. As a result, IT workers are not liable for malpractice.
• IT professionals typically become involved in many different relationships, each with its own set of ethical issues and potential problems.
• In relationships between IT professionals and employers, important issues include setting and enforcing policies regarding the ethical use of IT, the potential for whistle-blowing, and the safeguarding of trade secrets.
• In relationships between IT professionals and clients, key issues revolve around defining, sharing, and fulfilling each party’s responsibilities for successfully completing an IT project.
• A major goal for IT professionals and suppliers is to develop good working relationships in which no action can be perceived as unethical.
• In relationships between IT workers, the priority is to improve the profession through activities such as mentoring inexperienced colleagues and demonstrating professional loyalty.
• Résumé inflation and the inappropriate sharing of corporate information are potential problems in relationships between IT workers.
• In relationships between IT professionals and IT users, important issues include software piracy, inappropriate use of IT resources, and inappropriate sharing of information.
• When it comes to the relationship between IT workers and society at large, the main challenge for IT workers is to practice the profession in ways that cause no harm to society and provide significant benefits.
• A professional code of ethics states the principles and core values that are essential to the work of an occupational group.
• A code of ethics serves as a guideline for ethical decision making, promotes high standards of practice and ethical behavior, enhances trust and respect from the general public, and provides an evaluation benchmark.
• Several IT-related professional organizations have developed a code of ethics, including ACM, IEEE-CS, AITP, and SANS.
• Codes of ethics usually have two main parts—the first outlines what the organization aspires to become, and the second typically lists rules and principles that members are expected to live by. The codes also typically include a commitment to continuing education for those who practice the profession.
• Many people believe that the licensing and certification of IT workers would increase the reliability and effectiveness of information systems.
• Licensing and certification raise many issues, including the following:
(1) There is no universally accepted core body of knowledge on which to test people;
(2) it is unclear who should manage the content and administration of licensing exams;
(3) there is no administrative body to accredit professional education programs; and
(4) there is no administrative body to assess and ensure competence of individual professionals.
• The audit committee and members of the internal audit team have a major role in ensuring that both the IT organization and IT users are in compliance with organizational guidelines and policies as well as various legal and regulatory practices.
• The security of information technology used in business is of the utmost importance, but it must be balanced against other business needs and issues.
• Increasing complexity, higher computer user expectations, expanding and changing systems, and increased reliance on software with known vulnerabilities have caused a dramatic increase in the number, variety, and impact of security incidents.
• Viruses, worms, Trojan horses, spam, distributed denial-of-service attacks, rootkits, phishing, spear-phishing, smishing, and vishing are among the most common computer exploits.
• A successful computer exploit aimed at several organizations can have a cost impact of more than $1 billion.
• There are many different kinds of people who launch computer attacks, including the hacker, cracker, malicious insider, industrial spy, cybercriminal, hacktivist, and cyberterrorist. Each type has a different motivation.
• Over the years, several laws have been enacted to prosecute those responsible for computer-related crime, including the USA Patriot Act, the Computer Fraud and Abuse Act, the Identity Theft and Assumption Deterrence Act, the Fraud and Related Activity in Connection with Access Devices Statute, and the Stored Wire and Electronic Communications and Transactional Record Access Statutes.
• Trustworthy computing is a method of computing that delivers secure, private, and reliable computing experiences based on sound business practices.
• The security of any system is a combination of technology, policy, and people, and it requires a wide range of activities to be effective.
• A strong security program begins by assessing threats to the organization’s computers and network, identifying actions that address the most serious vulnerabilities, and educating users about the risks involved and the actions they must take to prevent a security incident.
• The IT security group must lead the effort to implement security policies and procedures, along with hardware and software tools to help prevent security breaches.
• No organization can ever be completely secure from attack. The key to prevention of a computer security incident is to implement a layered security solution to make computer break-ins so difficult that an attacker eventually gives up.
• No security system is perfect, so systems and procedures must be monitored to detect a possible intrusion.
• If an intrusion occurs, there must be a clear reaction plan that addresses notification, evidence protection, activity log maintenance, containment, eradication, and recovery.
• Special measures must be taken to implement safeguards against attacks by malicious insiders and to defend against cyberterrorism.
• Organizations must implement fixes against well-known vulnerabilities.
• Organizations should conduct periodic IT security audits.
• Organizations need to be knowledgeable of and have access to trained experts in computer forensics.
• The use of information technology in business requires balancing the needs of those who use the information that is collected against the rights and desires of the people whose information is being used. A combination of approaches—new laws, technical solutions, and privacy policies—is required to balance the scales.
• The Fourth Amendment reads, “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” The courts have ruled that without a reasonable expectation of privacy, there is no privacy right to protect.
• Few laws provide privacy protection from private industry.
• There is no single, overarching national data privacy policy for the United States.
• The Fair Credit Reporting Act regulates operations of credit-reporting bureaus.
• The Right to Financial Privacy Act protects the financial records of financial institution customers from unauthorized scrutiny by the federal government.
• The Gramm-Leach-Bliley Act (GLBA) establishes guidelines for the collection and disclosure of personal financial information; requires financial institutions to document their data security plan; and encourages institutions to implement safeguards against pretexting.
• The Fair and Accurate Credit Transaction Act allows consumers to request and obtain a free credit report from each of the three consumer credit reporting agencies.
• The Health Insurance Portability and Accountability Act (HIPAA) defined numerous standards to improve the portability and continuity of health insurance coverage; reduce fraud, waste, and abuse in health insurance care and healthcare delivery; and simplify the administration of health insurance.
• The American Recovery and Reinvestment Act included strong privacy provisions related to the use of electronic health records, including banning the sale of health information, promoting the use of audit trails and encryption, and providing rights of access for patients. It also mandated that each individual whose health information has been exposed be notified within 60 days after discovery of a data breach.
• The Family Educational Rights and Privacy Act (FERPA) provides students with specific rights regarding the release of their student records.
• The Children’s Online Privacy Protection Act (COPPA) requires Web sites that cater to children to offer comprehensive privacy policies, notify parents or guardians about their data collection practices, and receive parental consent before collecting any personal information from children under the age of 13.
• The Communications Act of 1934 established the Federal Communications Commission and gave it responsibility for regulating all non-federal-government use of radio, television, and interstate telecommunications as well as all international communications that originate or terminate in the United States.
• The Foreign Intelligence Surveillance Act (FISA) describes procedures for the electronic surveillance and collection of foreign intelligence information between foreign powers and agents of foreign powers.
• Title III of the Omnibus Crime Control and Safe Streets Act (also known as the Wiretap Act) regulates the interception of wire (telephone) and oral communications.
• The FISA Amendments Act granted the NSA expanded authority to collect, without court-approved warrants, international communications as they flow through U.S. telecommunications networks and equipment.
• The Electronic Communications Privacy Act (ECPA) deals with the protection of communications while in transit from sender to receiver; the protection of communications held in electronic storage; and the prohibition of devices from recording dialing, routing, addressing, and signaling information without a search warrant.
• The Communications Assistance for Law Enforcement Act (CALEA) required the telecommunications industry to build tools into its products that federal investigators can use—after gaining a court order—to eavesdrop on conversations and intercept electronic communications.
• The USA PATRIOT Act modified 15 existing statutes and gave sweeping new powers both to domestic law enforcement and to international intelligence agencies, including increasing the ability of law enforcement agencies to eavesdrop on telephone communication, intercept email messages, and search medical, financial, and other records; the act also eased restrictions on foreign intelligence gathering in the United States.
• Fair information practices is a term for a set of guidelines that govern the collection and use of personal data. Various organizations as well as countries have developed their own set of guidelines and call them by different names.
• The Organisation for Economic Co-operation and Development (OECD) created a set of fair information practices that are often held up as the model for organizations to adopt for the ethical treatment of consumer data.
• The European Union Data Protection Directive requires member countries to ensure that data transferred to non-European Union countries is protected. It also bars the export of data to countries that do not have data privacy protection standards comparable to those of the European Union.
• The Freedom of Information Act (FOIA) grants citizens the right to access certain information and records of the federal government upon request.
• The Privacy Act prohibits U.S. government agencies from concealing the existence of any personal data record-keeping system.
• The number of data breaches is alarming, as is the lack of initiative by some companies in informing the people whose data is stolen. A number of states have passed data breach notifications laws that require companies to notify affected customers on a timely basis.
• Discovery is part of the pretrial phase of a lawsuit in which each party can obtain evidence from the other party by various means, including requests for the production of documents. E-discovery is the collection, preparation, review, and production of electronically stored information for use in criminal and civil actions and proceedings.
• Companies use many different methods to collect personal data about visitors to their Web sites, including depositing cookies on visitors’ hard drives.
• Consumer data privacy has become a major marketing issue—companies that cannot protect or do not respect customer information have lost business and have become defendants in class actions stemming from privacy violations.
• Many organizations have developed IT usage policies to protect against employee abuses that can reduce worker productivity and expose employers to harassment lawsuits.
• Many U.S. firms record and review employee communications and activities on the job, including phone calls, email, Web surfing, and computer files.
• Surveillance cameras are used in major cities around the world to deter crime and terrorist activities. Critics believe that such security is a violation of civil liberties.
• A vehicle event data recorder (EDR) is a device that records vehicle and occupant data for a few seconds before, during, and after any vehicle crash that is severe enough to deploy the vehicle’s air bags. The fact that most cars now come equipped with an EDR and that the data from this device may be used as evidence in a court of law is not broadly known by the public.
• Stalking apps can be downloaded onto a person’s cell phone, making it possible to perform location tracking, record calls and conversations, view every text and photograph sent or received, and record the URLs of any Web site visited on that phone.
• The Internet enables a worldwide exchange of news, ideas, opinions, rumors, and information. Its broad accessibility, open discussions, and anonymity make it a powerful communications medium. People must often make ethical decisions about how to use such remarkable freedom and power.
• Organizations and governments have attempted to establish policies and laws to help guide Internet use as well as protect their own interests. Businesses, in particular, have sought to conserve corporate network capacity, avoid legal liability, and improve worker productivity by limiting the nonbusiness use of IT resources.
• The First Amendment protects Americans’ rights to freedom of religion and freedom of expression. The Supreme Court has ruled that the First Amendment also protects the right to speak anonymously.
• Obscene speech, defamation, incitement of panic, incitement to crime, “fighting words,” and sedition are not protected by the First Amendment and may be forbidden by the government.
• Although there are clear and convincing arguments to support freedom of speech on the Internet, the issue is complicated by the ease with which children can use the Internet to gain access to material that many parents and others feel is inappropriate for children. The conundrum is that it is difficult to restrict children’s Internet access without also restricting adults’ access and violating First Amendment rights.
• The U.S. government has passed several laws to attempt to address this issue, including the Communications Decency Act (CDA), which is aimed at protecting children from online pornography, and the Child Online Protection Act (COPA), which prohibits making harmful material available to minors via the Internet. Both laws were ultimately ruled unconstitutional. However, Section 230 of the Communications Decency Act was not ruled unconstitutional and provides immunity to ISPs that publish user-generated content, as long as they do not also serve as a content provider.
• Software manufacturers have developed Internet filters, which are designed to block access to objectionable material through a combination of URL, keyword, and dynamic content filtering.
• The Children’s Internet Protection Act (CIPA) requires federally financed schools and libraries to use filters to block computer access to any material considered harmful to minors.
• Internet censorship is the control or suppression of the publishing or accessing of information on the Internet. There are many forms of Internet censorship. Many countries practice some form on Internet censorship.
• A SLAPP (strategic lawsuit against public participation) is a strategy of filing a lawsuit against citizens and community groups who oppose them on matters of concern.
• Anti-SLAPP laws are designed to reduce frivolous SLAPPs. Twenty-six states and the District of Columbia have put into effect anti-SLAPP legislature to protect people who are victims of a SLAPP.
• Maintaining anonymity on the Internet is important to some computer users. Such users sometimes use an anonymous remailer service, which strips the originating header and/or IP address from the message and then forwards the message to its intended recipient.
• Doxing involves the examination of Internet records in an attempt to reveal the identity of an anonymous poster.
• Many businesses monitor the Web for the public expression of opinions that might hurt their reputations. They also try to guard against the public sharing of company confidential information.
• Organizations may file a John Doe lawsuit to enable them to gain subpoena power in an effort to learn the identity of anonymous Internet users who have caused some form of harm through their postings.
• In the United States, speech that is merely annoying, critical, demeaning, or offensive enjoys protection under the First Amendment. Legal recourse is possible only when hate speech turns into clear threats and intimidation against specific citizens.
• Some ISPs have voluntarily agreed to prohibit their subscribers from sending hate messages using their services. Because such prohibitions can be included in the service contracts between a private ISP and its subscribers, and do not involve the federal government, they do not violate subscribers’ First Amendment rights.
• Many adults and free-speech advocates believe there is nothing illegal or wrong about purchasing adult pornographic material made by and for consenting adults. However, organizations must be very careful when dealing with pornography in the workplace. As long as companies can show that they were taking reasonable steps to prevent pornography, they have a valid defense if they are subject to a sexual harassment lawsuit.
• Reasonable steps include establishing a computer usage policy that prohibits access to pornography sites, identifying those who violate the policy, and taking action against those users—regardless of how embarrassing it is for the users or how harmful it might be for the company.
• The key question in deciding what Internet material is obscene is: “Whose community standards are used?”
• Sexting—sending sexual messages, nude or seminude photos, or sexually explicit videos over a cell phone—is a fast-growing trend and can lead to many problems for both senders and receivers.
• The CAN-SPAM Act specifies requirements that commercial emailers must follow in sending out messages that advertise a commercial product or service. The CAN-SPAM Act can also be used in the fight against the dissemination of pornography.
• Intellectual property is a term used to describe works of the mind—such as art, books, films, formulas, inventions, music, and processes—that are distinct and owned or created by a single person or group.
• Copyrights, patents, trademarks, and trade secrets form a complex body of law relating to the ownership of intellectual property, which represents a large and valuable asset to most companies. If these assets are not protected, other companies can copy or steal them, resulting in significant loss of revenue and competitive advantage.
• A copyright is the exclusive right to distribute, display, perform, or reproduce an original work in copies; prepare derivative works based on the work; and grant these exclusive rights to others.
• Copyright law has proven to be extremely flexible in covering new technologies, including software, video games, multimedia works, and Web pages. However, evaluating the originality of a work can be difficult and can lead to litigation.
• Copyrights provide less protection for software than patents; software that produces the same result in a slightly different way may not infringe a copyright if no copying occurred.
• The fair use doctrine establishes four factors for courts to consider when deciding whether a particular use of copyrighted property is fair and can be allowed without penalty:
(1) the purpose and character of the use,
(2) the nature of the copyrighted work,
(3) the portion of the copyrighted work used, and
(4) the effect of the use on the value of the copyrighted work.
• The use of copyright to protect computer software raises many complicated issues of interpretation of what constitutes infringement.
• The Prioritizing Resources and Organization for Intellectual Property (PRO-IP) Act of 2008 increased trademark and copyright enforcement; it also substantially increased penalties for infringement.
• The original General Agreement on Tariffs and Trade (GATT) created the World Trade Organization (WTO) in Geneva, Switzerland, to enforce compliance with the agreement. GATT includes a section covering copyrights called the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS).
• The WTO is a global organization that deals with rules of international trade based on WTO agreements that are negotiated and signed by representatives of the world’s trading nations. The goal of the WTO is to help producers of goods and services, exporters, and importers conduct their business.
• The World Intellectual Property Organization (WIPO) is an agency of the United Nations dedicated to “the use of intellectual property as a means to stimulate innovation and creativity.”
• The Digital Millennium Copyright Act (DMCA), which was signed into law in 1998, implements two WIPO treaties in the United States. It also makes it illegal to circumvent a technical protection or develop and provide tools that allow others to access a technologically protected work. In addition, the DMCA limits the liability of Internet service providers for copyright infringement by their subscribers or customers.
• Some view the DMCA as a boon to the growth of the Internet and its use as a conduit for innovation and freedom of expression. Others believe that the DMCA has given excessive powers to copyright holders.
• A patent is a grant of property right issued by the United States Patent and Trademark Office to an inventor that permits its owner to exclude the public from making, using, or selling a protected invention, and it allows for legal action against violators. A patent prevents copying as well as independent creation (which is allowable under copyright law).
• For an invention to be eligible for a patent, it must fall into one of three statutory classes of items that can be patented: It must be useful; it must be novel; and it must not be obvious to a person having ordinary skill in the same field.
• The Leahy-Smith America Invents Act changed the U.S. patent system from a “firstto-invent” to a “first-inventor-to-file” system and expanded the definition of prior art used to determine the novelty of an invention and whether it can be patented. The act made it more difficult to obtain a patent in the United States.
• Unlike copyright infringement, for which monetary penalties are limited, if the court determines that a patent has been intentionally infringed, it can award up to triple the amount of the damages claimed by the patent holder.
• The courts and the U.S. Patent and Trademark Office have changed their attitudes and opinions of the patenting of software over the years.
• To qualify as a trade secret, information must have economic value and must not be readily ascertainable. In addition, the trade secret’s owner must have taken steps to maintain its secrecy. Trade secret laws do not prevent someone from using the same idea if it was developed independently or from analyzing an end product to figure out the trade secret behind it.
• Trade secrets are protected by the Uniform Trade Secrets Act and the Economic Espionage Act.
• Trade secret law has three key advantages over the use of patents and copyrights in protecting companies from losing control of their intellectual property:
(1) There are no time limitations on the protection of trade secrets, unlike patents and copyrights;
(2) there is no need to file any application or otherwise disclose a trade secret to outsiders to gain protection; and
(3) there is no risk that a trade secret might be found invalid in court.
• Plagiarism is the act of stealing someone’s ideas or words and passing them off as one’s own. Plagiarism detection systems enable people to check the originality of documents and manuscripts.
• Reverse engineering is the process of breaking something down in order to understand it, build a copy of it, or improve it. Reverse engineering was originally applied to computer hardware but is now commonly applied to software.
• In some situations, reverse engineering might be considered unethical because it enables access to information that another organization may have copyrighted or classified as a trade secret.
• Recent court rulings and software license agreements that forbid reverse engineering, as well as restrictions in the DMCA, have made reverse engineering a riskier proposition in the United States.
• Open source code refers to any program whose source code is made available for use or modification, as users or other developers see fit. The basic premise behind open source code is that when many programmers can read, redistribute, and modify it, the software improves. Open source code can be adapted to meet new needs, and bugs can be rapidly identified and fixed.
• Competitive intelligence is legally obtained information that is gathered to help a company gain an advantage over its rivals. Competitive intelligence is not the same as industrial espionage, which is the use of illegal means to obtain business information that is not readily available to the general public. In the United States, industrial espionage is a serious crime that carries heavy penalties.
• Competitive intelligence analysts must take care to avoid unethical or illegal behavior, including lying, misrepresentation, theft, bribery, or eavesdropping with illegal devices.
• A trademark is a logo, package design, phrase, sound, or word that enables a consumer to differentiate one company’s products from another’s. Web site owners who sell trademarked goods or services must take care to ensure they are not sued for trademark infringement.
• Cybersquatters register domain names for famous trademarks or company names to which they have no connection, with the hope that the trademark’s owner will eventually buy the domain name for a large sum of money.
• The main tactic organizations use to circumvent cybersquatting is to protect a trademark by registering numerous domain names and variations as soon as they know they want to develop a Web presence.
• High-quality software systems are easy to learn and use. Such systems perform quickly and efficiently to meet their users’ needs, operate safely and reliably, and have a high degree of availability that keeps unexpected downtime to a minimum.
• High-quality software has long been required to support the fields of air traffic control, nuclear power, automobile safety, health care, military and defense, and space exploration, among others.
• Now that computers and software have become integral parts of almost every business, the demand for high-quality software is increasing. End users cannot afford system crashes, lost work, or lower productivity. Nor can they tolerate security holes through which intruders can spread viruses, steal data, or shut down Web sites.
• A software defect is any error that, if not removed, could cause a software system to fail to meet its users’ needs.
• Software quality is the degree to which a software product meets the needs of its users.
• Software developers are under extreme pressure to reduce the time to market of their products. They are driven by the need to beat the competition in delivering new functionality to users, to begin generating revenue to recover the cost of development, and to show a profit for shareholders.
• The resources and time needed to ensure quality are often cut under the intense pressure to ship a new software product. When forced to choose between adding more user features and doing more testing, many software companies decide in favor of more features.
• Software product liability claims are typically based on strict liability, negligence, breach of warranty, or misrepresentation—sometimes in combination.
• A software development methodology defines the activities in the software development process, defines individual and group responsibilities for accomplishing objectives, recommends specific techniques for accomplishing the objectives, and offers guidelines for managing the quality of the products during the various stages of the development cycle.
• Using an effective development methodology enables a manufacturer to produce high-quality software, forecast project-completion milestones, and reduce the overall cost to develop and support software. An effective development methodology can also help protect software manufacturers from legal liability for defective software in two ways:
(1) by reducing the number of software errors that could cause damage and
(2) by making negligence more difficult to prove.
• The cost to identify and remove a defect in the early stages of software development can be up to 100 times less than removing a defect in a piece of software that has been distributed to customers.
• Quality assurance (QA) refers to methods within the development cycle designed to guarantee reliable operation of a product. Ideally, these methods are applied at each stage of the development cycle.
• Capability Maturity Model Integration (CMMI)—developed by the Software Engineering Institute at Carnegie Mellon—is a process-improvement approach that defines the essential elements of effective processes. CMMI defines five levels of software development maturity: initial, managed, defined, quantitatively managed, and optimizing. CMMI identifies the issues that are most critical to software quality and process improvement. Its use can improve an organization’s ability to predict and control quality, schedule, costs, and productivity when acquiring, building, or enhancing software systems. CMMI also helps software engineers analyze, predict, and control selected properties of software systems.
• A safety-critical system is one whose failure may cause human injury or death. In the development of safety-critical systems, a key assumption is that safety will not automatically result from following an organization’s standard software development methodology.
• Safety-critical software must go through a much more rigorous and time-consuming development and testing process than other kinds of software; the appointment of a project safety engineer and the use of a hazard log and risk analysis are common in the development of safety-critical software.
• The International Organization for Standardization (ISO) issued its 9000 series of business management standards in 1988. These standards require organizations to develop formal quality management systems that focus on identifying and meeting the needs, desires, and expectations of their customers.
• The ISO 9001:2008 standard serves as a guide to quality products, services, and management. Approximately 1 million organizations in more than 175 countries have ISO 9001 certification. Many businesses and government agencies specify that a vendor must be ISO 9001 certified to win a contract from them.
• Failure mode and effects analysis (FMEA) is an important technique used to develop ISO 9001-compliant quality systems. FMEA is used to evaluate reliability and determine the effects of system and equipment failures.
• The most widely used measurement of the material standard of living is gross domestic product (GDP) per capita.
• In the United States, as in most developed nations, the standard of living has been improving over time. However, its rate of change varies as a result of business cycles that affect prices, wages, employment levels, and the production of goods and services.
• Productivity is defined as the amount of output produced per unit of input.
• Most countries have been able to produce more goods and services over time—not through a proportional increase in input but by making production more efficient. These gains in productivity have led to increases in the GDP-based standard of living because the average hour of labor produced more goods and services.
• Progressive management teams use IT, other new technology, and capital investment to implement innovations in products, processes, and services.
• It can be difficult to quantify the benefits of IT investments on worker productivity because there can be a considerable lag between the application of innovative IT solutions and the capture of significant productivity gains. In addition, many factors other than IT influence worker productivity rates.
• Telework (also known as telecommuting) is a work arrangement in which an employee works away from the office—at home, at a client’s office, in a hotel—literally, anywhere.
• Many organizations offer telework opportunities to their employees as a means of reducing costs, improving morale, reducing turnover, increasing productivity, reducing the organization’s carbon footprint, and allowing for the continuity of business operations.
• Telework opportunities provide many advantages for employees, such as avoiding long, stressful commutes, providing more flexibility to balance the needs of work and family life, and enabling people with disabilities to be productive members of the workforce.
• The digital divide is a term used to describe the gulf between those who do and those who don’t have access to modern information and technology, such as smartphones, personal computers, and the Internet.
• The digital divide exists not only between more and less developed countries but also within countries—among age groups, economic classes, and people who live in cities versus those in rural areas.
• The Education Rate (E-Rate) program was created through the Telecommunications Act of 1996. The E-Rate program helps schools and libraries obtain broadband Internet services to advance the availability of educational and informational resources.
• One Laptop per Child is a nonprofit organization whose goal is to provide children around the world with low-cost laptop computers to aid in their education. Intel and the Raspberry Pi Foundation also provide low-cost computers for educational purposes.
• Many people think that it will be the cell phone and the smartphone—and not the computer—that will ultimately bridge the digital divide.
• Healthcare costs are soaring and are expected to increase an average of 6.3 percent per year from 2015 to 2021.
• To gain control over healthcare costs, patients will need to gain a much greater awareness of medical costs, and new technology costs will need to be managed more carefully.
• Improved use of IT in the healthcare industry can lead to significantly reduced costs in a number of ways: Electronic health records (EHRs) of patient information can be generated from each patient visit in every healthcare setting; wireless technology can be used to access and update EHRs at patients’ bedsides, match bar-coded patient wristbands and medication packages to physician orders, and communicate with healthcare employees wherever they may be.
• Skeptics question the ability of EHR to lower healthcare costs and improve the quality of care.
• Telehealth employs modern telecommunications and information technologies to provide medical care to people who live or work far away from healthcare providers, provide professional and patient health-related training, and support healthcare administration. It reduces the need for patients to travel for treatment and allows healthcare professionals to serve more patients in a broader geographic area.
• Web-based health information can help people inform themselves about medical topics.
• A social networking Web site creates an online community of Internet users that enables members to break down barriers created by time, distance, and cultural differences; such a site allows people to interact with others online by sharing opinions, insights, information, interests, and experiences.
• By some estimates, people spend about 20 percent of their time on PCs and 30 percent of their time on mobile devices accessing social networks.
• An increasing number of business-oriented social networking sites are designed to encourage and support relationships with consumers, clients, potential employees, suppliers, and business partners around the world.
• Social network advertising enables advertisers to generate a conversation with viewers of their ads and to target ads to reach people with the desired demographic characteristics. The two primary objectives of social media advertisers are raising brand awareness and driving traffic to a Web site to increase product sales.
• There are several social network advertising strategies, including direct advertising, advertising using an individual’s network of friends, indirect advertising through social networking groups, advertising via company-owned social networking Web sites, and viral marketing.
• Employers often look at the social networking Web site profiles of job candidates when making hiring decisions.
• Employers can legally reject a job applicant based on the contents of the individual’s social networking profile as long as the company is not violating federal or state discrimination laws.
• Job candidates who use social networking Web sites should review and make appropriate changes to their profiles before starting a job search.
• Many organizations monitor social media networks as a means of improving customer service, retaining customers, and increasing sales.
• A social shopping Web site brings shoppers and sellers together in a social networking environment in which members share information and make recommendations while shopping online.
• Cyberbullying is the harassment, torment, humiliation, or threatening of one minor by another minor or group of minors via the Internet or cell phone. It is estimated that as many as 25 percent of teenagers have experienced cyberbullying in their lifetime.
• Cyberstalking is threatening behavior or unwanted advances directed at an adult using the Internet or other forms of online and electronic communications; it is the adult version of cyberbullying.
• Although current federal statutes address some forms of cyberstalking, there are still large gaps in current federal and state law.
• There are over 747,000 registered sex offenders in the United States; 90,000 of them were onetime members of MySpace.
• Many social networking Web sites have policies against uploading violent or obscene material; however, these policies are difficult to enforce.
• An online virtual world is a shared multimedia, computer-generated environment in which users, represented by avatars, can act, communicate, create, retain ownership of what they create, and exchange assets, including currency.
• Virtual worlds raise many interesting questions regarding what is a criminal act and whether law enforcement, real or virtual, should get involved in acts that occur in virtual worlds.
• Virtual online worlds are increasingly being used for education and business purposes.
• IT firms and organizations that use IT products and services are concerned about a shortfall in the number of U.S. workers to fill these positions. As a result, they are turning to nontraditional sources to find IT workers with skills that meet their needs.
• Contingent work is a job situation in which an individual does not have an explicit or implicit contract for long-term employment. The contingent workforce includes independent contractors, temporary workers hired through employment agencies, on-call or day laborers, and on-site workers whose services are provided through contract firms.
• An H-1B is a temporary work visa granted by the U.S. Citizenship and Immigration Services (USCIS) for people who work in specialty occupations—jobs that require at least a fouryear bachelor’s degree in a specific field, or equivalent experience.
• Employers hire H-1B workers to meet critical business needs or to obtain essential technical skills or knowledge that cannot be readily found in the United States. H-1B workers may also be used when there are temporary shortages of needed skills.
• Some people contend that employers exploit contingent workers, especially H-1B foreign workers, to obtain skilled labor at less-than-competitive salaries. Others believe that the use of H-1B workers is required to keep the United States competitive.
• Employers must make ethical decisions about whether to recruit new and more skilled workers from these sources or to spend the time and money to develop their current staff to meet the needs of their business.
• Outsourcing is a long-term business arrangement in which a company contracts for services with an outside organization that has expertise in providing a specific function. Offshore outsourcing is a form of outsourcing in which the services are provided by an organization whose employees are in a foreign country.
• Outsourcing and offshore outsourcing are used to meet staffing needs while potentially reducing costs and speeding up project schedules.
• Many of the same ethical issues that arise when considering whether to hire H-1B and contingent workers apply to outsourcing and offshore outsourcing.
• Whistle-blowing is an effort to attract public attention to a negligent, illegal, unethical, abusive, or dangerous act by a company or some other organization.
• A potential whistle-blower must consider many ethical implications prior to going public with his or her allegations, including whether the high price of whistle-blowing is worth it; whether all other means of dealing with the problem have been exhausted; whether whistleblowing violates the obligation of loyalty that the employee owes to his or her employer; and whether public exposure of the problem will actually correct its underlying cause and protect others from harm.
• An effective whistle-blowing process includes the following steps:
(1) assess the seriousness of the situation,
(2) begin documentation,
(3) attempt to address the situation internally,
(4) consider escalating the situation within the company,
(5) assess the implications of becoming a whistle-blower,
(6) use experienced resources to develop an action plan,
(7) execute the action plan, and
(8) live with the consequences.
• Computer companies looking to manufacture green computers are challenged to produce computers that use less electricity, include fewer hazardous materials that may harm people or pollute the environment, and contain a high percentage of reusable or recyclable material. These companies should also provide programs to help consumers dispose of their products in an environmentally safe manner at the end of their useful life.
• EPEAT (Electronic Product Environmental Assessment Tool) is a system that enables purchasers to evaluate, compare, and select electronic products based on 51 environmental criteria.
• The European Union passed the Restriction of Hazardous Substances Directive to restrict the use of many hazardous materials in computer manufacturing, require manufacturers to use at least 65 percent reusable or recyclable components, implement a plan to manage products at the end of their life cycle in an environmentally safe manner, and reduce or eliminate toxic material in their packaging.
• The Electronic Industry Citizenship Coalition (EICC) has established a code of conduct that defines performance, compliance, auditing, and reporting guidelines across five areas of social responsibility: labor, health and safety, environment, management system, and ethics.
• A number of electronics manufacturers have applied this code across their entire worldwide supply chain and also require their first-tier suppliers to acknowledge and implement the code.
