Ethics and Security ISSA International Ethics Committee V2.1 4/27/07.

Slides:

Advertisements

Similar presentations

ETHICS. Business Conduct  The Agent agrees to conform to all applicable federal, state and local laws in conducting business under this agreement.

Advertisements

Technology and Ethics Joel Price. Lenses The first lens is as a technology user. The second lens is as an educator. The third lens is as a writer.

Integrity and impartiality

ASAC Annual Conference – St. Louis, MO October 21, 2014 Presented by: Paige Gilligan, CAC.

Overview and General Application

Sizewise Code of Ethics, Conflict of Interest and Disclosure HR-CECID.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

Chapter 1: The Context of SA&D Methods

ACCOUNTING ETHICS Lect. Victor-Octavian Müller, Ph.D.

Internet Etiquette Shenita D. Ballard Misty Monreal Sandra Monroe

Ethics CS-480b Network Security Dick Steflik. ACM Code of Ethics This Code, consisting of 24 imperatives formulated as statements of personal responsibility,

Cyber Crime. Statistics  The 2000 Computer Security Institute/FBI Computer Crime and Security Survey  Ninety percent of the study's 585 respondents.

The AMA Code of Ethics Could Egyptian Marketing Professionals Agree on a List of Rules, Perhaps Similar to This? The IMI Journal. Members of the AMA are.

Chapter 29 Ethics in Accounting

 What are systems analysis and design?  Where do systems analysts work?  What modern business and technology trends are affecting information systems.

Understanding Business Ethics

(computer) Ethics CMPT Ethics and Morality Morality and ethics have same roots and meaning: Mores means manner and customs in Latin Ethos (ΗΘ0Σ)

Spring 2010 Marco Valtorta CSCE 390 Professional Issues in Computer Science and Engineering Privacy Concerns (Chapters [B]) Spring.

What Is Computer Ethics?

Port Byron Central School Port Byron NY Computer Ethics Presentation September 2003.

Computer Ethics – The Ten Commandments

Computer ethics.

Internal Auditing and Outsourcing

Possible WebQuest type links  

Irwin/McGraw-Hill Copyright © 2000 The McGraw-Hill Companies. All Rights reserved Whitten Bentley DittmanSYSTEMS ANALYSIS AND DESIGN METHODS5th Edition.

Computer technology—a double-edged sword Social issues Environmental issues Employment issues Legal and Security issues Ethical issues.

Home. Copyright © by The McGraw-Hill Companies, Inc. All rights reserved.Glencoe Accounting The accounting profession requires its members to follow a.

Computer Ethics for Computer Users

Professional Ethics: Should Software Engineers Adhere to a Professional Code of Conduct? Jonathan Schiff CS 301.

2014 SPE Engineering and Professionalism Committee.

Ethics and Standards of Conduct “How important is ethical conduct?”

Ethical and Legal Issues v Ethical and legal issues are relevant to any project involving systems development. – privacy – professionalism – ownership.

Ethics Presented by: Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas.

Laws, Investigations & Ethical Issues in Security (CIM3562)

Chapter 7: IT Ethcs Courtney Littlejohn CSCI 101 Thursday 3:30.

Ethics in Computers. Top 12 Ways to Protect Your Online Privacy 1) Do not reveal personal information inadvertently 2) Turn on cookie notices in your.

Business Ethics Why should business ethics concern you?

IT Professionalism Ethics Modified by Andrew Poon.

The Ten Commandments of Computer Ethics. The 1st Commandment Thou shalt not use a computer to harm Thou shalt not use a computer to harm other people.

8/16/08Computer Ethics Institute Mae Thomas The Ten Commandments of Computer Ethics by the Computer Ethics Institute.

COMPUTER ETHICS. Computer Ethics n What is ethical behavior? n How do we make ethical decisions? n Matherial from Ethical Decision Making and Information.

CSC Intro. to Computing Lecture 19: Ethics & Computers.

The Ten Commandments of Computer Ethics Written by the Computer Ethics Institute A project of the Brookings Institution

A.S. FlemingFall 2009 Acct 431 – Cost Management "Ethics in its broader sense, deals with human conduct in relation to what is morally good and bad, right.

Ethics Business Law Sunny Hills High School Mrs. Larsen.

ICS131 – Ethics 11/17/03. IEEE-CS and ACM 1.PUBLIC - Software engineers shall act consistently with the public.

Draft Ethics Bylaws Current draft. The new code describes ethical behaviour Old A Member shall refrain from making false statements, written or oral,

Computer Ethics. Ten Commandments of Computer Ethics Copyright: Computer Ethics Institute Author: Dr. Ramon C. Barquin.

What is the safeguards when we want to reveal secret info? What things can people keep to them selves and not being cracked? Who is responsible for.

Developing Ethical Systems Barbara W. Scofield, PhD, CPA For Institute of Internal Auditors November 3,

ALABAMA TECHNOLGY STANDARDS FOR TEACHERS Ethical Issues of Technology Presented by: Shirley Johnson & Keisha D. Smith.

Chapter 2 - Ethics for IT Professionals and IT Users1 Ethics for IT Professionals and IT Users 2 Chapter.

Intro to Information Security Phil Grimes Coach / Mentor Security Consultant.

IT depends on several codes of ethics 1. PUBLIC - IT engineers shall act consistently with the public interest. 2. CLIENT AND EMPLOYER - IT engineers shall.

 Computer Ethics  Definition  Information Ethics  Areas of Ethical Problems  Computer Ethics Issues  Computer Ethics: Academic Discipline  History.

1 The Nature of Ethics Ethics is generally concerned with rules or guidelines for morals and/or socially approved conduct Ethical standards generally apply.

Q1 A) What are the skills needed by systems analyst? The skills needed by systems analyst:  Working knowledge of information technology.  Computer programming.

Introduction to Information Security Module 1. Objectives Definitions of information technology and information security Fundamental Security Concepts.

Part 1 WHAT SHOULD HAVE BEEN COVERED DAY ONE Ms. T. N. Jones1.

ISSA International Ethics Committee

The accounting profession requires its members to follow a code of ethics.

Chapter 16 – Careers in Information Technology

The Legal System and Ethics in Information Security

ACCOUNTING ETHICS Conf.univ.dr. Victor-Octavian Müller.

ACCOUNTING ETHICS Conf.univ.dr. Victor-Octavian Müller.

Computer Ethics.

ACCOUNTING ETHICS Conf.univ.dr. Victor-Octavian Müller.

ACCOUNTING ETHICS Conf.univ.dr. Victor-Octavian Müller.

ACCOUNTING ETHICS Lect. Victor-Octavian Müller, Ph.D.

CS-480b Network Security Dick Steflik

Presentation transcript:

Ethics and Security ISSA International Ethics Committee V2.1 4/27/07

Importance of Ethics to Security Information Security professionals are entrusted with the crown jewels of an organization. Ethical behavior, both on and off-the-job, is the assurance that we are worthy of that trust. IS Security sets and upholds a standard –Corporate Ethics programs originating from the CSO –Promote uniform adherence to policy through example

Topics Ethics in the Information Security Realm ISSA International Ethics Posture ISSA International Ethics Committee Importance of Ethics To Security Responsibilities of Security Professionals

Ethics Overview Ethics is about how we ought to live* The purpose of Ethics in Information Security is not just philosophically important, it can mean the survival of a business or an industry** Ethics is doing the right thing, even when no one is looking

ISSA International Code of Ethics ( Part 1) Perform all professional activities and duties in accordance with all applicable laws and the highest ethical principles; Promote generally accepted information security current best practices and standards; Maintain appropriate confidentiality of proprietary or otherwise sensitive information encountered in the course of professional activities;

ISSA International Code of Ethics ( Part 2) Discharge professional responsibilities with diligence and honesty; Refrain from any activities which might constitute a conflict of interest or otherwise damage the reputation of employers, the information security profession, or the Association; and Not intentionally injure or impugn the professional reputation or practice of colleagues, clients, or employers.

ISSA’s Posture – Ethics for the Security Professional Set Ethical Standards for Membership –Include Broader Audiences Educated and Informed Members –Case Studies, Articles, Courses Universally Applicable Standards –Geographically, Culturally –Cross Discipline

ISSA International Ethics Committee Founded in active members Purpose: Provide guidance on ethical behavior for Information System Security professionals, develop and maintain guidelines for ethics relating to Information Security practices. Proactive Promotion and Education to Influence Positive Behavior

Accomplishments Approved policy by ISSA International Board –Reporting and reviewing ethical complaints, appeals Respond to and hear valid ethics complaints –Time-sensitive –Confidential –Unbiased –Consistent analysis of facts and perspectives –Findings referred up to ISSA International Board New Disclosure of Relationships Process –Identify and mitigate potential Conflicts of Interest –Completed forms are reviewed and suggestions provided –ISSA International Board, ISSA Foundation, Ethics Committee Articles for ISSA Journal, Outreach and Education Ad-hoc research

ISSA Ethics Complaint Handling Formal, Written Complaint is Received and Verified for Completeness Notices sent to both parties –Complete Complaint –Copy of Policy, Clear Description of Next Steps –Listing of Ethics Committee members (ability to recuse members – eliminate bias) Evaluation of Facts as Submitted by Both Parties –Some Clarification may be Requested –Mediation Assistance may be Requested Hearing Panel Assembled – Conference Call Scheduled –At least 3 members of the Committee (Voting) –A member of the ISSA International Board (Voting) –Include a current Chapter Officer (Voting) –Association Attorney (Non-Voting) Findings and Recommendation Sent to ISSA International Board

Ethical Challenges in InfoSec Misrepresentation of certifications, skills Abuse of privileges Inappropriate monitoring Withholding information Divulging information inappropriately Overstating issues Conflicts of interest Management / employee / client issues

Ethical Challenges – Snake Oil “Consultants" who profess to offer information security consulting, but offer profoundly bad advice "Educators", both individuals and companies, that offer to teach information security, but provide misinformation (generally through ignorance, not intent) "Security Vendors", who oversell the security of their products "Analysts", who oversimplify security challenges, and try to upsell additional services to naïve clients "Legislators", who push through "from-the-hip" regulations, without thoughtful consideration of their long-term impact

Some Resource Links Some Resource Links On the development of a personal code of ethics... Corporate ethics training On the role of ethics... security_07.html Something from the SANS Reading Room

Ten Commandments of Ethics in Information Security Thou shalt not use a computer to harm other people. Thou shalt not interfere with other people's computer work. Thou shalt not snoop around in other people's computer files. Thou shalt not use a computer to steal. Thou shalt not use a computer to bear false witness. Thou shalt not copy or use proprietary software for which you have not paid. Thou shalt not use other people's computer resources without authorization or proper compensation. Thou shalt not appropriate other people's intellectual output. Thou shalt think about the social consequences of the program you are writing or the system you are designing. Thou shalt always use a computer in ways that insure consideration and respect for your fellow humans. -Courtesy of the Computer Ethics Institute, A project of the Brookings Institution

Questions/Discussion