Open Source Systems: the Risks and Ethical Issues Case Study

Introduction

Open source systems are built on software that is freely available to the public and which can be legally altered (or customized) by developers to meet certain needs. Generally, developing an open source system can be seen as a two-step process, the first step being acquiring source codes for the software to be used and the second step being customizing the software to suit the particular needs in play.

In this paper, the risks and ethical issues associated with open-source systems are outlined and additionally, a one-page audit plan for an open-source system for Global Airline Co. prepared in order to boost the company’s confidence in open-source systems as a viable cost-cutting measure.

A1: Enterprise risks

One enterprise risk associated with open-source systems is minimal information security. According toNetwork World (2011, 1) the development of open-source software is done in such a way that the software fail to meet set minimal security standards.

Another enterprise risk associated with open-source systems according to Findlaw (2011, 4) is infringement risk. Due to the nature of the development process of open-source software,it is possible for developers to infringe the intellectual property rights of other proprietary software (Findlaw, 2011, 4).

Another enterprise risk associated with open-source systems according to Findlaw (2011, 14) is licence restriction risk. Open-source software when compared to proprietary software comes with licence restrictions that are more likely to impact on a company’s strategy (Findlaw, 2011, 14).

Another risk associated with open-source systems is lack of support (Burton Group, 2003, 13). Support for open-source software is difficult to find owing to the nature of how they are developed.

Another enterprise risk associated with open-source systems is the cost of training, support and service of the system. According to Burton Group (2003, 12) the cost associated with training, support and service of open-source systems can at times surpass that of the commercial software product it is replacing.

A2: Ethical Issues

One ethical issue with open source systems is confidentiality and privacy (National Information Assurance Training and Education Center, 2011, 4). It is regarded, as an ethical, legal and business requirement to ensure that the discretion of information in a given organization is safeguarded.

Another ethical issue with open source systems is Patent and Copyright Law (National Information Assurance Training and Education Center, 2011, 13). Patents and Copyright Laws are legal protections of the intellectual property of an enterprise, which includes its information.

Another ethical issue with open source systems is fraud and misuse (National Information Assurance Training and Education Center, 2011, 10 ). Care has to be taken to safeguard the integrity of data in the open source system, otherwise, genuine data can be replaced with fraudulent one in a malicious scheme to benefit a threat-source to the system.

Another ethical issue with open source systems is safeguarding its allied infrastructure e.g. computers from sabotage (National Information Assurance Training and Education Center, 2011, 17). The open source system cannot function at all or optimally without its allied infrastructure e.g. computers it is thus ethically important that infrastructure is protected from intentional or unintentional sabotage.

An ethical issue with open source systems is ethics and responsible decision-making (National Information Assurance Training and Education Centre, 2011, 2). Ethics promote sound decision-making which is critical in managing the open source system.

A3: Audit Plan

The first step in the audit plan is selecting an information auditor and putting together an information audit team. The information auditor is not necessarily an employee of Global Airline Co. but it is desirable that he/she has extensive knowledge on open source systems and information auditing. The information audit team is to comprise senior officials of Global Airline Co. who have information –related backgrounds.

Once the information auditor has been selected and the audit team put in place we proceed to the second step of the audit plan that is known as promote. In this step, through the audit team, the benefits of auditing the system are promoted to the rest of the company so as to maximize support and corporation for the process as well as minimize hostility among staff, which can undermine the success for the audit.

In addition to this, a passport letter that is signed by the CEO of the company is to be circulated round the company that demands full corporation from each affected member of the company. Again, in this step, the information auditor determines awareness level and information value in Global Airline Co. does a preliminary assessment of the company.

The third step in the audit plan comprises six stages. The audit team does the first four stages and information auditor does the remaining two stages. The six stages are:

1. Identifying and defining the mission of the Global Airline Co.
2. Identifying and defining the environment of Global Airline Co.
3. Identifying and defining Global Airline Co. organizational structure
4. Identifying and describing Global Airline Co. organizational structure
5. Identifying information flows
6. Identifying Global Airline Co. information resources

The fourth step in the audit plan is analyse in which an analysis and evaluation of the information resources of Global Airline Co. is done as a means towards developing action plans that improve the company’s problematic situations and that achieve the objectives identified in the previous stage. The analyse step consists of four stages that are:

1. Evaluating Global Airline Co. information resources
2. Developing an information flow diagram
3. Preparing a preliminary report
4. Formulating the action plans

The fifth step in the audit plan is account in which a cost valuation of the information resources ofGlobal Airline Co. is done. The cost valuation is a vital part in developing and evaluating an information strategy that is apt for Global Airline Co. The sixth and final step in the audit plan is synthesise in which documentation of the whole audit process is prepared and presented.

The documentation is a report whose contents include the findings of the audit process and the recommendations made about the open source system. The recommendations made form the base of the information strategy to adopt towards the open source system. The synthesis step consists of two stages, these are:

1. Preparing and presenting the information audit report
2. Developing the information strategy

Part 2: Question one

As the information auditor, after firing Peter the next step will be to undertake an audit of the company’s information system. The aim of the audit plan would be to determine the extent of damage done by Peter and formulate action plans to deal with the situation. The final stage of this audit plan would be to document the findings and recommendations of the audit plan and present them to the senior management of the company.

Part 2: Question two

My reply to the boss as to how I came up with the shortfall would be that I followed a strategic approach to information auditing, which is a process consisting of five primary steps namely, promote, identify, analyse, account and synthesise (Buchanan and Gibb, 1998, 41).

Part 2: Question three

Information management is according to AIIM (2011, 3) the process in which information from one or multiple sources is collected and managed and distributed to a single or multiple audiences. Information control is an activity that goes hand in hand with information managementand it is undertaken toregulate the information collected from the source and the one which is distributed to the audience.

Part 3: Question one

One of the key assumptions made in the model is that in an organization the information is always steadily and continuously circulating through the six activities shown in the diagram. Another assumption is that the information is both of an electronic and non-electronic nature.

Part 3: Question two

The model lacks information control, which is an activity that is closely related to information management.

References

AIIM. (2011). What is information management. Web.

Buchanan, S. and Gibb, F. (1998). The information audit: an integrated strategic approach. International Journal of Information Management, 18(1).

Burton Group. (2003). Open source software: risks and rewards. Web.

Findlaw. (2011). The risks of open source software. Web.

Network World. (2011). Open source software a security risk, study claims. Web.

National Information Assurance Training and Education Center. (2011). Ethical issues. Web.