03.ethics
TRANSCRIPT
Ethics
Chulantha Kulasekere
Department of Electronic and Computer EngineeringSri Lanka Institute of Information Technology
October 12,2013
ECK/2013 (SLIIT) FCCS October 12, 2013 1 / 5
Ethics and Cyber SecurityWhy is ethics important from the point of view of cyber security?
It is critical to understand the ethical responsibilities of your work as youwill be dealing with privacy and secrecy issues
All security setups and incident investigations have a legal and ethicalcomponents.How you deal with the ethical component of your work is crucial as itcan increase the liability of both your organization and yourself.Organizations should demand that the employees have a strong ethicalbehavior.Security setup, as mentioned before, specifies the rules and procedureswhich ultimately determine the behavior of employees.A computer security professional maintains security by developing andhelping with the implementation of security policies.The security policies are enforceable when the following requirementsare met:
the policy has been communicated to all staffthe policy is easily comprehended by all staffcompliance with the policy is agreed with by the staffthe enforcement is uniform and consistent
ECK/2013 (SLIIT) FCCS October 12, 2013 2 / 5
Ethics and Professional Organizations
There is no universal binding ethics code for computer securityprofessionals.Different international professional organizations (ACM, SANS,ISACA) provide their own guidelines on ethical behavior.
Information Systems Audit and Control Association (ISACA):https://www.isaca.org
SANS Training Institute: http://www.sans.org/
Association for Computing Machinery (ACM) Special group on Security,Audit and Control (SIGSAC): http://www.sigsac.org/
The Australian Computer Society has its own recommendations onethics.
ECK/2013 (SLIIT) FCCS October 12, 2013 3 / 5
Ethics Ruleshttp://computerethicsinstitute.org/images/TheTenCommandmentsOfComputerEthics.pdf
The ethics rules specified by the Computer Ethics Institute are asfollows:
Thou shalt not use a computer to harm other people.Thou shalt not interfere with other people’s computer work.Thou shalt not snoop around in other people’s computer files.Thou shalt not use a computer to steal.Thou shalt not use a computer to bear false witness.Thou shalt not copy or use proprietary software for which you have notpaid.Thou shalt not use other people’s computer resources withoutauthorization or proper compensation.Thou shalt not appropriate other people’s intellectual output.Thou shalt think about the social consequences of the program you arewriting or the system you are designing.Thou shalt always use a computer in ways that ensure consideration andrespect for your fellow humans.
ECK/2013 (SLIIT) FCCS October 12, 2013 4 / 5
Ethics and Ethical Behavior
Ethics and ethical behavior vary depending on the country or culturethat one has interaction with.This is a significant problem especially when attempting to handlegroups across area with different ethical expectations and enforcementmechanisms.Education and training are key in reducing unethical behavior.Causes of unethical behavior:
IgnoranceAccidentIntent
ECK/2013 (SLIIT) FCCS October 12, 2013 5 / 5
Preventing Unethical Behavior
The computer security professionals have a responsibility to preventunethical or illegal behavior.Deterrence can be enhanced if there is a concerted effort to highlightthrough training the type of behavior that is unacceptable and theconsequences of such behavior, specifically one needs to ensure that:
the penalty is appropriate to discourage repeat offendingthe likelihood that the offense is detected is highthe enforcement of the penalties is carried out according to the securitypolicy
ECK/2013 (SLIIT) FCCS October 12, 2013 6 / 5
Ethical Issues in Cyber Security
Security rightsHackersDomainsIllegal Downloading of MaterialPrivate vs public informationCommercial collection of personal informationMisuse of corporate resourcesSoftware piracy
ECK/2013 (SLIIT) FCCS October 12, 2013 7 / 5