The information/knowledge society as risk society: Assessing and enforcing IT safety and security standards for IT systems: About responsibility of experts and governments

Abstract

As daily experience demonstrates, contemporary networks (esp The Internet) and computer systems (whether clients or servers) are "Insecure and Unsafe at any speed" (quotation from Ralph Nader, addressing industrial products). Besides many beneficial effects of IT for enterprises, organisations and individual, many incidents have contributed to significant loss and damage. Even pubertarian boys succeed easily in attacking important IT systems and produce significant damage to systems, users and customers. Among several reasons, including basic design of technologies, IT experts do not care sufficiently for the consequences of their design, products and usage. As technical improvements of contemporary IT systems will - for a foreseeable period - only partly help to overcome basic causes of InSecurity, education of IT engineers to safer and more secure design and implementation of their products may help to reduce IT risks. While some professional organisations such have suggested some rules for ethical behaviour of their members, contemporary curricula fail to include Ethics into the education of IT experts esp. Including System and Software Engineering. "Good Practice" becomes even more important with growing dependency of enterprises, organisations, governments and individuals on vulnerable and growingly interconnected IT systems, IT and legal experts must find ways to enforce "good practice". © 2007 International Federation for Information Processing.