8/11/2019 01-Intro-IT

1/30

Engineering Professional PracticeProfessional Practices in the IT and Software Industries

Matthew Dailey

Computer Science and Information Management

Asian Institute of Technology

Matthew Dailey (CSIM-AIT) IT PP 1 / 30

http://find/

8/11/2019 01-Intro-IT

2/30

Outline

1 Introduction

2 Ethics

3 Legal compliance

4 Standardization

5 Certification

Matthew Dailey (CSIM-AIT) IT PP 2 / 30

http://find/

8/11/2019 01-Intro-IT

3/30

IntroductionGoals

Today we discuss professional practices in the IT and software industries.Why should I care (even if Im not an IT guy/gal)?

Matthew Dailey (CSIM-AIT) IT PP 3 / 30

http://find/

8/11/2019 01-Intro-IT

4/30

Outline

1 Introduction

2 Ethics

3 Legal compliance

4 Standardization

5 Certification

Matthew Dailey (CSIM-AIT) IT PP 4 / 30

http://find/

8/11/2019 01-Intro-IT

5/30

8/11/2019 01-Intro-IT

6/30

EthicsImpact of technology

It is relatively easy to gague the short term economic benefits of a piece oftechnology.

But we must understand the effects of our technology on society, theenvironment, social justice.

Says Freeman Dyson: Technology guided by ethics has the power to helpthe billions of poor people all over the earth. My purpose is to help pushtechnology in a new direction, away from toys for the rich and towardsnecessities for the poor.

Discuss Los Alamos.

Discuss intelligent video surveillance.

Matthew Dailey (CSIM-AIT) IT PP 6 / 30

http://find/

8/11/2019 01-Intro-IT

7/30

8/11/2019 01-Intro-IT

8/30

Outline

1 Introduction

2 Ethics

3 Legal compliance

4 Standardization

5 Certification

Matthew Dailey (CSIM-AIT) IT PP 8 / 30

http://find/

8/11/2019 01-Intro-IT

9/30

8/11/2019 01-Intro-IT

10/30

Legal complianceExample

Lets take a close look at Chapter 1 (Computer Related Offenses) of theThailand Computer Crime Act, unofficial translation found athttp://http:

//www.samuiforsale.com/law-texts/computer-crime-act.html.

Section 5. Any person illegally accessing a computer system for which aspecific access prevention measure that is not intended for their own use isavailable shall be subject to imprisonment for no longer than six months ora fine of not more than ten thousand baht or both.

Section 6. If any person knowing of a measure to prevent access to a

computer system specifically created by a third party illegally discloses thatmeasure in a manner that is likely to cause damage to the third party, thenthey shall be subject to imprisonment for no longer than one year or a fineof not more than twenty thousand baht or both.

Matthew Dailey (CSIM-AIT) IT PP 10 / 30

http://http//www.samuiforsale.com/law-texts/computer-crime-act.htmlhttp://http//www.samuiforsale.com/law-texts/computer-crime-act.htmlhttp://http//www.samuiforsale.com/law-texts/computer-crime-act.htmlhttp://http//www.samuiforsale.com/law-texts/computer-crime-act.htmlhttp://http//www.samuiforsale.com/law-texts/computer-crime-act.htmlhttp://find/

8/11/2019 01-Intro-IT

11/30

Legal complianceExample

Section 7. If any person illegally accesses computer data, for which thereis a specific access prevention measure not intended for their own useavailable, then he or she shall be subject to imprisonment for no longerthan two years or a fine of not more than forty thousand baht or both.

Section 8. Any person who illegally commits any act by electronic meansto eavesdrop a third partys computer data in process of being sent in acomputer system and not intended for the public interest or generalpeoples use shall be subject to imprisonment for no longer than threeyears or a fine of not more than sixty thousand baht or both.

Section 9. Any person who illegally damages, destroys, corrects, changesor amends a third partys computer data, either in whole or in part, shallbe subject to imprisonment for no longer than five years or a fine of notmore than one hundred thousand baht or both.

Matthew Dailey (CSIM-AIT) IT PP 11 / 30

http://find/

8/11/2019 01-Intro-IT

12/30

Legal complianceExample

Section 10. Any person who illegally commits any act that causes theworking of a third partys computer system to be suspended, delayed,hindered or disrupted to the extent that the computer system fails to

operate normally shall be subject to imprisonment for no longer than fiveyears or a fine of not more than one hundred thousand baht or both.

Section 11. Any person sending computer data or electronic mail toanother person and covering up the source of such aforementioned data ina manner that disturbs the other persons normal operation of their

computer system shall be subject to a fine of not more than one hundredthousand baht.

Matthew Dailey (CSIM-AIT) IT PP 12 / 30

http://find/

8/11/2019 01-Intro-IT

13/30

Legal complianceExample

Section 12. The perpetration of an offence under Section 9 or Section 10

that:

1 causes damage, whether it be immediate or subsequent and whetherit be synchronous to the public shall be subject to imprisonment forno longer than ten years or a fine of not more than two hundred

thousand baht.2 is an act that is likely to damage computer data or a computer

system related to the countrys security, public security and economicsecurity or public services or is an act against computer data or acomputer system available for public use shall be subject toimprisonment from three years up to fifteen years and a fine of sixtythousand baht up to three hundred thousand baht.

The commission of an offence under (2) that causes death to anotherperson shall be subject to imprisonment from ten years up to twenty years.

Matthew Dailey (CSIM-AIT) IT PP 13 / 30

http://find/

8/11/2019 01-Intro-IT

14/30

Legal complianceExample

Section 13. Any person who sells or disseminates sets of instructions

developed as a tool used in committing an offence under Section 5,Section 6, Section 7, Section 8, Section 9, Section 10 and Section 11 shallbe subject to imprisonment for not more than one year or a fine of notmore than twenty thousand baht, or both.

Matthew Dailey (CSIM-AIT) IT PP 14 / 30

http://find/

8/11/2019 01-Intro-IT

15/30

Legal complianceExample

Section 14. If any person commits any offence of the following acts shall

be subject to imprisonment for not more than five years or a fine of notmore than one hundred thousand baht or both:

1 that involves import to a computer system of forged computer data,either in whole or in part, or false computer data, in a manner that islikely to cause damage to that third party or the public;

2 that involves import to a computer system of false computer data in amanner that is likely to damage the countrys security or cause apublic panic;

3 that involves import to a computer system of any computer data

related with an offence against the Kingdoms security under theCriminal Code;4 that involves import to a computer system of any computer data of a

pornographic nature that is publicly accessible;5 that involves the dissemination or forwarding of computer data

already known to be computer data under(1)(2) (3)or(4).Matthew Dailey (CSIM-AIT) IT PP 15 / 30

http://find/

8/11/2019 01-Intro-IT

16/30

Legal complianceExample

Section 15. Any service provider intentionally supporting or consenting to

an offence under Section 14 within a computer system under their controlshall be subject to the same penalty as that imposed upon a personcommitting an offence under Section 14.

Matthew Dailey (CSIM-AIT) IT PP 16 / 30

L l li

http://find/

8/11/2019 01-Intro-IT

17/30

Legal complianceExample

Section 16. Any person, who imports to a computer system that ispublicly accessible, computer data where a third partys picture appearseither created, edited, added or adapted by electronic means or otherwisein a manner that is likely to impair that third partys reputation or causethat third party to be isolated, disgusted or embarrassed, shall be subjectto imprisonment for not longer than three years or a fine of not more thansixty thousand baht, or both.If the commission under paragraph one is atrustworthy action the perpetrator is not guilty.

An offence under paragraph one shall be a compoundable offence.

If a party injured by an offence under paragraph one has died before filinga complaint, then their parents, spouse or children may file a complaintand shall be deemed to be the injured party.

Matthew Dailey (CSIM-AIT) IT PP 17 / 30

L l li

http://find/

8/11/2019 01-Intro-IT

18/30

Legal complianceExample

Section 17. Any person committing an offence against this Act outside theKingdom and;

1 the offender is Thai and the government of the country where theoffence has occurred or the injured party is required to be punished or;

2 the offender is a non-citizen and the Thai government or Thai personwho is an injured party or the injured party is required to bepunished;shall be penalized within the Kingdom.

Matthew Dailey (CSIM-AIT) IT PP 18 / 30

L l li

http://find/

8/11/2019 01-Intro-IT

19/30

Legal complianceExercise

Lets try an exercise.

Suppose you are tasked with designing a new online discussion boardservice for people in Thailand interested in IT security.

Go through the Computer Crime Act and make a list of issues that need tobe considered in the design of the system.

Matthew Dailey (CSIM-AIT) IT PP 19 / 30

L l li

http://find/http://goback/

8/11/2019 01-Intro-IT

20/30

Legal complianceConclusion

Be aware of such laws that apply in the locations you do business in, andtake steps to comply and protect your organization.

Matthew Dailey (CSIM-AIT) IT PP 20 / 30

O tli

http://find/

8/11/2019 01-Intro-IT

21/30

Outline

1 Introduction

2 Ethics

3 Legal compliance

4 Standardization

5 Certification

Matthew Dailey (CSIM-AIT) IT PP 21 / 30

Standardization

http://find/

8/11/2019 01-Intro-IT

22/30

StandardizationIntroduction

Standards prescribe norms or levels of quality.

Every industry has a wide array of standards.Compliance and certification of compliance can be resource intensive.

So why do it? Why not just do things as we see fit?

Matthew Dailey (CSIM-AIT) IT PP 22 / 30

Standardization

http://find/http://goback/

8/11/2019 01-Intro-IT

23/30

StandardizationIT and software industry standards

The important standards in IT and the software industry revolve aroundquality assurance in IT management and software engineering.

Example: the IT Infrastructure Library (ITIL) is a set of practices for ITservice management.

If your IT department is not ITIL compliant you might ask why not.

If you, as a member of IT engineering are not familiar with ITIL, youarent doing your job.

By following an IT standard such as ITIL, you will be better able toprevent security incidents, data loss incidents, decrease downtime due tounmanaged configuration information, etc.

Matthew Dailey (CSIM-AIT) IT PP 23 / 30

Standardization

http://find/

8/11/2019 01-Intro-IT

24/30

StandardizationIT and software industry standards

Software engineering is full of standards.

The IEEE maintains a giant library of software engineering standards.

The Carnegie Mellon University Software Engineering Institute (SEI)

developed the Capability Maturity Model Integration (CMMI):Evaluates organizations abilities in terms of product and servicedevelopment, implementation and management, and acquisition intolevels.

Required by many department of defense contractors.

Required of offshore development teams by many U.S. clients.

Enormous impact on the software industry.

Matthew Dailey (CSIM-AIT) IT PP 24 / 30

Standardization

http://find/

8/11/2019 01-Intro-IT

25/30

StandardizationConclusion

Whatever your industry focus, you need to identify the standards that your

customers want to see and the standards that will help solidify thematurity of your organization.

Matthew Dailey (CSIM-AIT) IT PP 25 / 30

Outline

http://find/

8/11/2019 01-Intro-IT

26/30

Outline

1 Introduction

2 Ethics

3 Legal compliance

4 Standardization

5 Certification

Matthew Dailey (CSIM-AIT) IT PP 26 / 30

Certification

http://find/

8/11/2019 01-Intro-IT

27/30

CertificationIntroduction

Some standards come with certification programs.

At worst, certification is just a money making scheme, and potentialemployers and clientss will laugh at your bogus certifications.

At best, certification gives potential employers and customers confidencein your capabilities.

Matthew Dailey (CSIM-AIT) IT PP 27 / 30

Certification

http://find/

8/11/2019 01-Intro-IT

28/30

CertificationExamples

Example: the Personal Software Process is an application of CMMI to thepractices of an individual software developer.

The focus is on being able to estimate effort accurately, manage quality,and eliminate defects at a personal level.

SEI offers certification in PSP.

Matthew Dailey (CSIM-AIT) IT PP 28 / 30

Certification

http://find/

8/11/2019 01-Intro-IT

29/30

CertificationExamples

Another example: Oracle certification examinations in Java technologies.

Certification may not necessarily mean you are highly productive!

However, it does give confidence that you know the platform well,assuming you studied the language rather than how to pass the test.

Most engineers who take such exams report a positive experience.

Matthew Dailey (CSIM-AIT) IT PP 29 / 30

Certification

http://find/http://goback/

8/11/2019 01-Intro-IT

30/30

CertificationSummary

Overall, get a certification if

required by your employer or customer.

you are intersted in the technology/process and want to push yourself

to learn it well.

But be careful not to overemphasize the importance of certifications.

In the end, a reference from a respected colleague or people who can

attest to your abilities are much more effective than a list of professionalcertifications.

Matthew Dailey (CSIM-AIT) IT PP 30 / 30

http://find/http://goback/