INFT1150 Information Systems for Monitoring of Web Surfing

Questions 

An information security manager routinely monitored the web surfing done by her company’s employees. She discovered that many employees were visiting the ‘sinful six’ websites. (Note: The sinful six are websites with material related to pornography, gambling, hate, illegal activities, tastelessness and violence.) She then prepared a list of the employees and their surfing histories and gave the list to management. Some managers punished their employees. Some employees, in turn, objected to the monitoring, claiming that they should have a right to privacy.

. The ethical theory of Social Contract says that the presence of an agreement or contract will promote ethical behavior among the people (Broad 2014). In this case if the employees are aware of the fact that they are being monitored then they will tend to focus on their work rather than waste time. Monitoring of web surfing is ethical as it promotes a disciplined work environment. The overall productivity of the company will improve.

b. Six sinful websites include but is not limited to illegal activities, gambling and violence. It has been seen that if the employees engage themselves in all these activities then they tend to lose focus in their work. The employees need to maintain certain level of discipline in the work environment. The employees should not disobey the company rules and policies. The resources that are provided by the company should not be wasted by the employees for their personal use. The harmony of the work place must be maintained. The Virtue Ethics theory judges the character of the people based on the moral values (Bright, Winn and Kanov 2014). Even if the employees access the sinful six websites during their recess time then it will consume bandwidth as well as disk space that is provided by the company.  Any type of illegal actions taken by the employees of the company can harm its reputation because the IP address of the equipment of the company can be tracked through heavy investigation process (Gritzalis et al. 2014). It has been seen that if the employees misuse the Internet for their personal requirement then it will affect their productivity which in turn will affect the productivity of the company. The employees will get distracted from work by diverting their mind in other activities. According to Deontology Theory, the employees are not following their duties. Therefore, it can be said that it is not ethical for the employees to surf the six sinful websites during office premises.

c. It is the duty of the information security manager to protect the organization from any type of security threat and to monitor the activities of the employees. The main motive of the security manger is to think about the welfare of the organization. The Deontology Theory says that if person follows his duties and responsibilities correctly and in a right way then it leads to a morally permissible act (Gray and Schein 2012).  Here the security manager carries out his duties properly by submitting the list of the abusers to the management and therefore it can be considered to be ethical. The main motive of the security manager is to make sure that the productivity of the company is not harmed in any manner. The motive of the security manager is right and it promotes discipline in the work place. Submitting the list to the management will enable the management to take appropriate decisions and steps in order to promote ethical activities in the work place. But this could have been done in a better manner by giving a first warning to the employees before submitting the list to the management.

d. Punishing the employees for any breach of policy is an ethical as well as legal act. It is mentioned in the policy of every company that the resources that will be provided by the company needs to be used by the employees only for the purpose of official use. Certain types of punishments are applicable in breach of company policy. Initially the employees can be given verbal warning followed by written warning regarding this issue. If the employees do not obey the instructions even after the warning, then the company can suspend the employees. This suspension can be without any pay. The employees are eligible for suspension if they violate the company policies and regulations (Stavrou et al. 2014). After the suspension, the employees can be asked to take a leave for deciding whether they want to continue working in the company in a disciplined manner. The security manager will continue to monitor the activities of the employees and if they notice that this breach of policy is being continued then they can even get terminated.

e. The company can take several steps in this type of situation. The company can restate its policy and make the employees aware of it in a detailed manner. The company can conduct a meeting where the board members can give an explanation of the policies of the company along with the consequences of disobeying the policies (Knapp and Ferrante 2012). The employees can be made aware of the fact that they will be monitored on a constant basis and breach of the policy can even lead to termination in extreme cases. The company will try to encourage ethical activities in the work place. The company can encourage the employees to participate in the process of developing practices. This will help the employees to build moral values. The presence of a contract or agreement will motivate the employees to act in a morally correct manner. The company can encourage the employees to act in an ethical manner by conducting several exhibitions and meetings for the purpose of promoting ethical activities.

References 

Bright, D.S., Winn, B.A. and Kanov, J., 2014. Reconsidering virtue: Differences of perspective in virtue ethics and the positive social sciences. Journal of Business Ethics, 119(4), pp.445-460.

Broad, C.D., 2014. Five types of ethical theory (Vol. 2). Routledge.

Chen, Y., Ramamurthy, K. and Wen, K.W., 2012. Organizations' information security policy compliance: Stick or carrot approach?. Journal of Management Information Systems, 29(3), pp.157-188.

Gray, K. and Schein, C., 2012. Two minds vs. two philosophies: Mind perception defines morality and dissolves the debate between deontology and utilitarianism. Review of Philosophy and Psychology, 3(3), pp.405-423.

Gritzalis, D., Stavrou, V., Kandias, M. and Stergiopoulos, G., 2014, March. Insider threat: enhancing BPM through social media. In New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on (pp. 1-6). IEEE.

Hurley, P., 2013. Deontology. The International Encyclopedia of Ethics.

Knapp, K.J. and Ferrante, C.J., 2012. Policy awareness, enforcement and maintenance: Critical to information security effectiveness in organizations. Journal of Management Policy and Practice, 13(5), p.66.

Stavrou, V., Kandias, M., Karoulas, G. and Gritzalis, D., 2014, September. Business Process Modeling for Insider threat monitoring and handling. In International Conference on Trust, Privacy and Security in Digital Business(pp. 119-131). Springer, Cham.