Ethics are one of the most essential
issues for system and network administrators. Trying to determine
what is truly ethical and unethical should result in some very important
discussions. People such as computer administrators and other
privileged users have knowledge and
access that can result in serious problems if used in clearly unethical
ways. Privileged users have access to things such as
But it is also important to develop ethics policies that
apply to all users.
One basic widespread approach to making use of ethics
policies is to utilize something called informed
consent. In medical implementation, informed consent
consists of the following.
- Before something is done to another, this other
should be fully informed about the options
- likelihood of the outcomes
- This should be explained in whatever ways the
person is competent to understand.
- Must be given option to accept or reject.
- Whatever is chosen must have a high likelihood
When applied to system and network
administration, informed consent implies
- People should know the rules under which
they are living.
- Users need to be made aware of how the
system will operate in various situations.
SAGE Code of
Ethics. SAGE - System Administrators Guild
has developed its own code of ethics. This code is
reviewed in the following list.
The integrity of a system administrator must be beyond
A system administrator may come in contact
with privileged information on a regular basis and has a duty
to the owners of such information to both keep confidential
and to protect the confidentiality of all such information.
Protecting the integrity of information includes ensuring that
neither system administrators nor unauthorized users
unnecessarily access, make any changes to, or divulge any data
not belonging to them. It includes all appropriate
effort, in accordance with industry accepted practices, by the
system administrator to enforce security measures to protect
the computers and the data contained in them.
System administrators must uphold the law and policies
established for the systems and networks they manage, and make
all efforts to require the same adherence from their users.
Where the law is not clear, or appears to be in conflict with
their ethical standards, system administrators must exercise
sound judgment, and are also obliged to take steps to have the
law upgraded or corrected as is possible within their
A system administrator shall not
unnecessarily infringe upon the rights of users.
System administrators shall not act with,
nor tolerate from others, discrimination between authorized
users based on any commonly recognized grounds (e.g. age,
gender, religion, etceteras), except when such discrimination
(e.g. with respect to unauthorized users as a class) is a
necessary part of their job, and then only to the extent that
such treatment is required in dealing with the issue at hand.
System administrators will not exercise their special powers
to access any private information other than when necessary to
their role as system managers, and then only to the degree
necessary to perform that role, while remaining within
established site policies. Regardless of how it was
obtained, system administrators will maintain the
confidentiality of all private information.
Communications of system
administrators with all whom they may come in contact shall be
kept to the highest standards of professional behavior.
System administrators must keep users
informed about computing matters that might affect them, such
as conditions of acceptable use, sharing and availability of
common resources, maintenance of security, occurrence of
system monitoring, and any applicable legal obligations.
It is incumbent upon the system administrator to ensure that
such information is presented in a manner calculated to ensure
user awareness and understanding.
Honesty and timeliness are keys to ensuring accurate
communication to users. A system administrator shall,
when advice is sought, give it impartially, accompanied by any
necessary statement of the limitations of personal knowledge
or bias. Any potential conflicts of interest must be
fully and immediately declared.
The continuance of
professional education is critical to maintaining currency as
a system administrator.
Since technology in computing continues to
make significant strides, a system administrator must take an
appropriate level of action to update and enhance personal
technical knowledge. Reading, study, acquiring training,
and sharing knowledge. Reading, study, acquiring
training, and sharing knowledge and experience are
requirements to maintaining currency and ensuring the customer
base of the advantages and security of advances in the field.
A system administrator must maintain an
exemplary work ethic.
System administrators must be tireless in
their effort to maintain high levels of quality in their work.
Day to day operation in the field of system administration
requires significant energy and resiliency. The system
administrator is placed in a position of such significant
impact upon the business of the organization that the required
level of trust can only be maintained by exemplary behavior.
At all times system
administrators must display professionalism in the performance
of their duties.
All manner of behavior must reflect highly
upon the profession as a whole. Dealing with
recalcitrant users, upper management, vendors, or other system
administrators calls for the utmost in patience and care to
ensure that mutual respect is never at risk.
Actions that enhance the image of the profession are
encouraged. Actions that enlarge the understanding of
the social and legal issues in computing are part of the role.
System administrators are obligated to assist the community at
large in areas that are fundamental to the advancement and
integrity of local, national, and international computing
User Code of
Conduct. Each organization needs guidelines
for the acceptable uses of the organization's computing
systems. Some of the major issues that are likely to be
addresses are in the following list.
- Under what circumstances is personal use of the
organization's equipment permitted?
- What types of personal use are forbidden?
- What websites are restricted from browsing?
- How do the rules change if you are using the
equipment from home?
- How do the rules change if you are using the
equipment on the road for the organization?
- What are defined as harassing communications?
- How should they be reported?
- How are they processed?
- How do codes of conduct differ based on the
type of organization?
- Job Shop
It is almost always very worthwhile to
sample and examine codes of conduct in various industries and
Privileged Access Code of Conduct.
Some users need privileged access to do their jobs. For
example, some users may need to install their own software, access and
update information in particular databases, and publish webpages.
While this list of the types of permissions can go on and on we need to
focus on more general issues of ethical behavior with respect to
these users. Based on this goal a code of conduct is very likely to
need to address the following issues.
- Require the user to acknowledge that their
privileged access comes with a responsibility to use it properly.
- Limitations about the type of work/play that can
be done with these elevated privileges.
- The company acknowledges that mistakes happen and
addresses approaches to ensure that minimal damage results from
- Retain software sources
- What a privileged user must do with privileged
- Warnings about possible penalties for policy
- Require a signed statement of comprehension
preceded by some sort of reading.
- The sys admins need to make sure they keep
track of who has privileged access to what and how it should be
- Might want privileged access to expire and
- Levels of monitoring are likely to be different
for users that have privileged access.