IT Governance and Ethics

IT Governance
• IT governance (ITG) is the process of managing and controlling key IT capability decisions to
improve IT management, ensure compliance, and increase value from IT technology
investments. IT governance centers around making sure the organization knows what
impact IT decisions have on business value.
• IT governance encompasses the processes, structures, and policies that ensure the effective
and efficient use of information technology (IT) in an organization to achieve its goals. Key
aspects of IT governance include:
• Strategic Alignment: Ensuring that IT initiatives and investments are aligned with the
organization's overall strategic objectives. This involves understanding business needs,
identifying IT opportunities, and prioritizing IT projects accordingly.
• Risk Management: Identifying, assessing, and mitigating IT-related risks to protect the
organization's assets, data, and reputation. This includes cybersecurity measures,
compliance with regulations, and contingency planning.
• Resource Management: Optimizing the allocation of IT resources, including budget,
personnel, and infrastructure, to support business objectives while controlling costs and
maximizing return on investment (ROI).
• Performance Measurement: Establishing metrics and Key Performance Indicators (KPIs) to
evaluate the performance of IT systems, processes, and services. Regular monitoring and
reporting enable continuous improvement and accountability.
• Decision-Making Processes: Implementing clear decision-making structures and processes
for IT-related matters, ensuring that decisions are made in alignment with organizational
goals, with appropriate input from stakeholders.
• Information Security: Protecting the confidentiality, integrity, and availability of
information assets through policies, controls, and technologies. This includes
data encryption, access controls, and security awareness training.
• Compliance and Legal Considerations: Ensuring that IT activities comply with
relevant laws, regulations, and industry standards. This may include data
protection laws, industry-specific regulations, and contractual obligations.
• IT Service Management: Implementing processes and tools for delivering and
supporting IT services effectively and efficiently. This includes incident
management, problem management, change management, and service level
management.
• Stakeholder Engagement: Engaging with stakeholders across the organization
to understand their needs, gather feedback, and foster collaboration. Effective
communication and relationship-building are essential for successful IT
governance.
• Continuous Improvement: Establishing mechanisms for ongoing review,
evaluation, and improvement of IT governance practices. This may involve
regular audits, benchmarking against industry standards, and feedback loops
from stakeholders.
By addressing these key aspects, organizations can ensure that their IT investments
contribute to business value, mitigate risks, and support long-term success.
Why IT governance is important
Ensures regulatory compliance
Organizations must follow set standards to promote transparency, fairness, and
accountability in their business. Not keeping an eye on your IT activities can easily
land a company in hot waters. Having an IT governance process in place means
that you can maintain good practices within the organization and are in
compliance with key regulations.
Gains competitive advantage
You can increase the value gained from your IT investments with the right IT
governance strategy. An effective structure enables you to draw out the most
potential from your IT capabilities, removing bottlenecks and putting you ahead of
your competitors.
Supports business goals
It can be all too easy for the interests of organizations and those managing their IT
infrastructure to be at odds with each other. IT governance forces your IT
management to be aligned with your business goals, in so doing you can drive the
best positive results that matter to your organization.
Encourages growth and innovation
Failing to implement IT governance processes can also stunt an organization’s
growth and ability to innovate. Unmonitored costs or inefficient communication
channels not only mean compliance issues but also make it harder to determine
the value and thus find opportunities to improve value creation.
Reduces risks
Cyber threats are a constant and ever-increasing challenge for all businesses,
stressing the importance of implementing IT governance processes. Following a
strict structure and set procedures can help everyone stay informed of the dangers
involved in IT initiatives, mitigate these everyday risks, and provide a safe way of
using IT.
IT Governance Frameworks
ISO 38500
• ISO/IEC 38500:2015 is the international standard for corporate IT governance. It
provides a high-level framework for organizations of all sizes, covering legal, regulatory,
and ethical obligations.
ISO/IEC 27000
• ISO/IEC 27000 is the international standard for Information Security Management. It
provides an overview of information security management and helps organizations
implement the right policies to maintain the privacy, confidentiality, and security of their
IT services.
COBIT
• Control Objectives for Information Technologies (COBIT) provides a framework of best
practices, models, and analytics tools to assist with enterprise IT management and
governance. It's designed to help organizations with risk management and meeting
regulatory requirements while ensuring the IT strategy is aligned with the business'
broader goals.
There are five fundamental principles of COBIT:
• Ensuring stakeholder needs are met
• Enabling a holistic approach to IT strategy
• End-to-end coverage
• Providing a single, integrated framework
• The separation of governance from management
ITIL
• The IT Infrastructure Library (ITIL) is a best-practice framework for IT
departments. It's an internationally accepted governance framework that offers
practical guidance to manage and improve IT services. The guiding principles of
ITIL include optimization and automation, taking a holistic approach to IT
systems, focusing on value, and promoting visibility.
CMMI
• The Capability Maturity Model Integration (CMMI) model was initially designed
for software development activities but has since been altered, and now it's
applicable to hardware-software and end-to-end service development. It helps
organizations reduce risks and improve their processes.
• There are five levels to the model, indicating the level of maturity an
organization is at, from "incomplete," where goals have not yet been
established, to "optimizing". When an organization reaches the final level, it
doesn't mean the work is done. It means processes are in place, and the
organization is stable, but it's also in a constant state of improvement and
review.
Digital Ethics and responsible IT usage
• Digital ethics refers to the principles, values, and guidelines that govern our
behavior in the online world. It encompasses a wide range of issues, including
privacy, security, freedom of speech, intellectual property, and accessibility.
• These issues are complex and multifaceted, and there are often no clear-cut
answers. However, as responsible digital citizens, we must strive to make ethical
decisions that balance our own needs and interests with those of others.
• One of the biggest challenges of digital ethics is the sheer scope and scale of the
internet. With billions of users and an endless stream of content, it can be
difficult to know what is true, trustworthy, or even legal.
• The spread of fake news, disinformation, and propaganda has become a major
concern, as these can have real-world consequences such as election
interference, public health crises, and social unrest.
• To address these issues, we need to be more critical and discerning consumers of
online content. This means fact-checking information before sharing it, verifying
the credibility of sources, and being aware of our own biases and assumptions.
We can also support initiatives that promote media literacy and digital
citizenship, such as educational programs and public awareness campaigns.
Responsible use of information technology requires that you:
• Respect the rights of others by complying with all policies regarding sexual,
racial, and other forms of harassment, and by preserving the privacy of personal
data to which you have access. resources, from any location, may not be used
to transmit content that is discriminatory, defamatory, fraudulent, or obscene;
or which violates any federal or state law.
• Use only accounts and communication facilities which you are duly authorized
to use and for the purposes for which they were intended; for example, you
should not use University information technology to run a private business for
financial gain or to solicit others for commercial ventures, religious or political
causes or outside organizations.
• Acknowledge that personal use of the technology resources is not prohibited,
provided the personal activity does not violate federal, state, or University
policies or regulations, and does not disrupt, distract from, or interfere with the
conduct of University business; or impose a burden on the University.
• Respect all pertinent licenses (including software licenses), copyrights,
contracts, and other restricted or proprietary information. Use only legal
versions of copyrighted software in compliance with vendor license
requirements.
• Respect the integrity of computing systems and data; for example, by not
intentionally developing programs or making use of already existing programs
that harass other users, or infiltrate a network or computing system, and/or
damage or alter the components of a network or computing system or gain
unauthorized access to other facilities accessible via the network.
• Respect and adhere to any state or federal law which may govern the use of
information technology or communication networks.
• Acknowledge that the privacy and confidentiality of electronic information
transmissions cannot be guaranteed; for example, electronic mail is generally not
secured and is vulnerable to unauthorized access and modification.
Intellectual Property Rights
• Intellectual property is a broad categorical description for the set of intangible
assets owned and legally protected by a company or individual from outside use
or implementation without consent. An intangible asset is a non-physical asset
that a company or person owns.
• The concept of intellectual property relates to the fact that certain products of
human intellect should be afforded the same protective rights that apply to
physical property, which are called tangible assets.
• Intellectual property is an umbrella term for a set of intangible assets or assets
that are not physical in nature.
• Intellectual property is owned and legally protected by a person or company
from outside use or implementation without consent.
• It can consist of many types of assets, including trademarks, patents, and
copyrights.
• Intellectual property infringement occurs when a third party engages in the
unauthorized use of the asset.
• Legal protections for most intellectual property expire after some time but last
forever for others.
• Types of Intellectual Property
• Intellectual property can consist of many types of intangibles, and some of the
most common are listed below.
Patents
• A patent is a property right for an investor that's typically granted by a
government agency, such as the U.S. Patent and Trademark Office. The patent
allows the inventor exclusive rights to the invention, which could be a design,
process, improvement, or physical invention such as a machine.
• Technology and software companies often have patents for their designs. For
example, the patent for the personal computer was filed in 1980 by Steve Jobs
and three other colleagues at Apple (AAPL).
Copyrights
• Copyrights provide authors and creators of original material the exclusive right
to use, copy, or duplicate their material. Authors of books have their works
copyrighted as do musical artists. A copyright also states that the original
creators can grant anyone authorization through a licensing agreement to use
the work.
Trademarks
• A trademark is a symbol, phrase, or insignia that is recognizable and represents
a product that legally separates it from other products. A trademark is
exclusively assigned to a company, meaning the company owns the trademark
so that no others may use or copy it.
• A trademark is often associated with a company's brand. For example, the logo
and brand name of Coca-Cola is owned by the Coca-Cola Company (KO).
PLAGIARISM AND FAIR USE
Plagiarism and fair use are two concepts related to the use of intellectual property,
particularly in the context of written or creative works.
Plagiarism:
• Plagiarism is the act of presenting someone else’s ideas, words, or work as your
own without giving them proper credit. It involves using someone else’s
intellectual property without permission and without providing proper
attribution.
Examples:
• Copying and pasting text from a source without quotation marks or citation,
submitting someone else’s work as your own, and paraphrasing without proper
attribution are all examples of plagiarism.
• To avoid plagiarism, it is important to give credit to the original source through
proper citation and referencing. Different academic and professional settings
may have specific guidelines on how to properly cite sources.
Fair Use
Fair use is a legal doctrine that allows the use of copyrighted material under certain
circumstances without the need for permission from or payment to the copyright
holder. It is a provision in copyright law that balances the rights of the copyright
owner with the public interest in the free exchange of ideas and information.
Factors Considered in Fair Use:
• Purpose: The purpose of the use, such as whether it is for educational,
commercial, or nonprofit purposes.
• Nature: The nature of the copyrighted work, with some types of works more
likely to be eligible for fair use.
• Amount: The amount and substantiality of the portion used in relation to the
whole copyrighted work.
• Effect: The effect of the use on the market value of the original work.
Impact of Technology on Society
In the past few decades, technology has proliferated. The use of technology has also
increased drastically. It affects the lives of people and changes the way they learn,
think, and communicate. It plays a major role in society, and now it is very tough to
imagine life without technology. Both technology and society are co-related, co-
dependent, co-influence with each other. Technology has an impact on society,
including the potential for society to progress or decline, in both good and bad
manner. Our society is shaped by technology, which has both beneficial and harmful
consequences.
Positive Impacts of Technology on Society
• Technology has a more positive impact on humans or society as compared to
negative. It makes our life easier and reward us by providing resources or tool that
make our life much easier. Following are some positive changes that technology
brings to our life:
Improved Communication: Communication is the most important part of society, we
build or transfer our thoughts with each other with the help of communication. Earlier
people used pigeons or birds to transfer their messages to their loved ones. After that
technology slowly grows and the medium of transferring information is changed to
mobile phones, email, etc. Nowadays, we send messages to loved ones or known
people via email, social media platforms, etc. It is the fastest, efficient, and effective
medium. People can talk or share information with their loved ones easily even if they
are very far away from them.
• Improved Education and learning process: Technology enhances the education
and learning process. Nowadays, people can easily enhance their knowledge
using the internet. Most of the data is present on the internet is free of cost, and
you can access this data anytime and anywhere.
• Mechanized Agriculture: Technology changes the working mechanism of
farmers. Lots of machines and technical instruments were introduced in the
agricultural area which makes farming very easy, effective, automated, etc.
• Easy to access information: We can easily access information via the internet
anytime and anywhere. Most of the information is present on the internet are
free of cost, so you can use them to enhance your knowledge, skills, etc.
Negative Impacts of Technology on Society
As we know that everything present on this planet has both advantages and
disadvantages. The same goes for technology it also has negative impacts on
society and some other negative impacts are:
Increase in unemployment: Nowadays, large and small business uses machinery
and technical equipment because of their low costing and high efficiency due to
which the rate of unemployment is increasing continuously.
• Increase in pollution: Not only humans but technology also affecting our
environment. Due to vehicles and machinery, the rate of pollution is increasing
continuously which causes global warming, etc.
• Increase in health and mental concerns: Nowadays, technology effecting the
physical as well as mental health of human beings. It makes people lazy,
emotionally weak, sleeping problems, reduce physical activity, also people are
spending less time with their family and friends.
• Increase in cybercrimes: Due to the excessive use of the internet, the rate of
cybercrimes are also increased. Some people (attackers) harm innocent people
(victims) or children for money or fun.
Cyber Law
Cyber law, also known as Internet Law or Cyber Law, is the part of the overall legal
system that is related to legal informatics and supervises the digital circulation of
information, e-commerce, software and information security. It is associated with
legal informatics and electronic elements, including information systems,
computers, software, and hardware. It covers many areas, such as access to and
usage of the Internet, encompassing various subtopics as well as freedom of
expression, and online privacy.
• Cyber laws help to reduce or prevent people from cybercriminal activities on a
large scale with the help of protecting information access from unauthorized
people, freedom of speech related to the use of the Internet, privacy,
communications, email, websites, intellectual property, hardware and software,
such as data storage devices.
• As Internet traffic is increasing rapidly day by day, that has led to a higher
percentage of legal issues worldwide. Because cyber laws are different according
to the country and jurisdiction, restitution ranges from fines to imprisonment,
and enforcement is challenging.
Areas involving in Cyber Laws
These laws deal with multiple activities and areas that occur online and serve
several purposes. Some laws are formed to describe the policies for using the
Internet and the computer in an organization, and some are formed to offer people
security from unauthorized users and malicious activities. There are various broad
categories that come under cyber laws; some are as follows:
Fraud
• Cyber laws are formed to prevent financial crimes such as identity theft, credit
card theft and other that occurring online. A person may face confederate or
state criminal charges if he commits any type of identity theft. These laws have
explained strict policies to prosecute and defend against allegations of using the
internet.
Copyrighting Issues
• The Internet is the source that contains different types of data, which can be
accessed anytime, anywhere. But it is the authority of anyone to copy the
content of any other person. The strict rules are defined in the cyber laws if
anyone goes against copyright that protects the creative work of individuals and
companies.
Scam/ Treachery
• There are different frauds and scams available on the Internet that can be
personally harmful to any company or an individual. Cyber laws offer many ways
to protect people and prevent any identity theft and financial crimes that
happen online.
Online Harassment and Stalking
• Harassment is a big issue in cyberspace, which is a violation of both criminal
laws and civil. In cyber laws, there are some hard laws defined to prohibit these
kinds of despicable crimes.
Data Protection
People using the internet depends on cyber laws and policies to protect their
personal information. Companies or organizations are also relying on cyber laws to
protect the data of their users as well as maintain the confidentiality of their data.
Contracts and Employment Law
When you are visiting a website, you click a button that gives a message to ask you
to agree for terms and conditions; if you agree with it, that ensures you have used
cyber law. For every website, there are terms and conditions available that are
associated with privacy concerns.
Trade Secrets
There are many organizations that are doing online businesses, which are often
relying on cyber laws to protect their trade secrets. For example, online search
engines like Google spend much time to develop the algorithms that generate a
search result. They also spend lots of time developing other features such as
intelligent assistance, flight search services, to name a few and maps. Cyber laws
help these organizations to perform legal action by describing necessary legal laws
for protecting their trade secrets.