A Case Study: Ivory Homes
I intern for Ivory Homes in their IT department, and we are faced with ethical decisions constantly. On a regular basis I am asking for passwords and administrative permissions. As part of the IT team I have access to files, computers, and our networks. At Ivory Homes we do not have an official ethics code of conduct for the IT department. I am however, in the process of drafting an official code of conduct that that will guide the actions of the IT department. This will instruct IT employees on what they do with sensitive information they receive, such as passwords and documents.
IT administrators and employees are held to a very high standard and it is absolutely critical they stand up for what is right and ethical. IT employees are constantly exposed to sensitive data and information. One important standard or good practice IT professionals should follow and abide by is; “Least Privilege” and “Need to Know.” “Least Privilege” is defines as; IT employees should be granted the minimum amount of access …show more content…
Having employees tell us their password is not illegal, but it is something that both my boss and I are passionate about, and we want to limit the times we receive employee password information. The ideal situation we want to instigate is that employees would never have to give us access to their passwords, we should have them enter their credentials for us once, and then we access their computer and programs. This goes along with the practice of “Least Privilege” we should only have employees give us their passwords and credentials when it is absolutely necessary. My supervisor and I have discussed ways around this because neither of us feel good about getting passwords and credentials from employees on a regular basis, but it is difficult because that is the unwritten standard at my company, and has been for
IT administrators and employees are held to a very high standard and it is absolutely critical they stand up for what is right and ethical. IT employees are constantly exposed to sensitive data and information. One important standard or good practice IT professionals should follow and abide by is; “Least Privilege” and “Need to Know.” “Least Privilege” is defines as; IT employees should be granted the minimum amount of access …show more content…
Having employees tell us their password is not illegal, but it is something that both my boss and I are passionate about, and we want to limit the times we receive employee password information. The ideal situation we want to instigate is that employees would never have to give us access to their passwords, we should have them enter their credentials for us once, and then we access their computer and programs. This goes along with the practice of “Least Privilege” we should only have employees give us their passwords and credentials when it is absolutely necessary. My supervisor and I have discussed ways around this because neither of us feel good about getting passwords and credentials from employees on a regular basis, but it is difficult because that is the unwritten standard at my company, and has been for