03.ethics

Ethics

Chulantha Kulasekere

Department of Electronic and Computer EngineeringSri Lanka Institute of Information Technology

[email protected]

October 12,2013

ECK/2013 (SLIIT) FCCS October 12, 2013 1 / 5

Ethics and Cyber SecurityWhy is ethics important from the point of view of cyber security?

It is critical to understand the ethical responsibilities of your work as youwill be dealing with privacy and secrecy issues

All security setups and incident investigations have a legal and ethicalcomponents.How you deal with the ethical component of your work is crucial as itcan increase the liability of both your organization and yourself.Organizations should demand that the employees have a strong ethicalbehavior.Security setup, as mentioned before, specifies the rules and procedureswhich ultimately determine the behavior of employees.A computer security professional maintains security by developing andhelping with the implementation of security policies.The security policies are enforceable when the following requirementsare met:

the policy has been communicated to all staffthe policy is easily comprehended by all staffcompliance with the policy is agreed with by the staffthe enforcement is uniform and consistent


Ethics and Professional Organizations

There is no universal binding ethics code for computer securityprofessionals.Different international professional organizations (ACM, SANS,ISACA) provide their own guidelines on ethical behavior.

Information Systems Audit and Control Association (ISACA):https://www.isaca.org

SANS Training Institute: http://www.sans.org/

Association for Computing Machinery (ACM) Special group on Security,Audit and Control (SIGSAC): http://www.sigsac.org/

The Australian Computer Society has its own recommendations onethics.


Ethics Ruleshttp://computerethicsinstitute.org/images/TheTenCommandmentsOfComputerEthics.pdf

The ethics rules specified by the Computer Ethics Institute are asfollows:

Thou shalt not use a computer to harm other people.Thou shalt not interfere with other people’s computer work.Thou shalt not snoop around in other people’s computer files.Thou shalt not use a computer to steal.Thou shalt not use a computer to bear false witness.Thou shalt not copy or use proprietary software for which you have notpaid.Thou shalt not use other people’s computer resources withoutauthorization or proper compensation.Thou shalt not appropriate other people’s intellectual output.Thou shalt think about the social consequences of the program you arewriting or the system you are designing.Thou shalt always use a computer in ways that ensure consideration andrespect for your fellow humans.


Ethics and Ethical Behavior

Ethics and ethical behavior vary depending on the country or culturethat one has interaction with.This is a significant problem especially when attempting to handlegroups across area with different ethical expectations and enforcementmechanisms.Education and training are key in reducing unethical behavior.Causes of unethical behavior:

IgnoranceAccidentIntent


Preventing Unethical Behavior

The computer security professionals have a responsibility to preventunethical or illegal behavior.Deterrence can be enhanced if there is a concerted effort to highlightthrough training the type of behavior that is unacceptable and theconsequences of such behavior, specifically one needs to ensure that:

the penalty is appropriate to discourage repeat offendingthe likelihood that the offense is detected is highthe enforcement of the penalties is carried out according to the securitypolicy


Ethical Issues in Cyber Security

Security rightsHackersDomainsIllegal Downloading of MaterialPrivate vs public informationCommercial collection of personal informationMisuse of corporate resourcesSoftware piracy
