Domain 1: Security and Risk Management; Ethics Flashcards
Why is ethics important?
Information security professionals are trusted with highly sensitive information, and our employers, clients, and customers must know we will treat their information ethically.
What is the ISC2 code of ethics preamble?
Safety of the commonwealth, duty to our principals, and to each other requires that we adhere, and be seen to adhere, to the highest ethical standards to behavior. Therefore, strict adherence to this Code is a condition of certification.
State the four ISC2 canons in the correct order.
Protect society, the commonwealth, and the infrastructure.
Act honorably, honestly, justly, responsibly, and legally.
Provide diligent and competent service to principals.
Advance and protect the profession.
Explain in detail “protect society, the commonwealth, and the infrastructure.”
Security professionals are charged with the promoting of safe security practices and bettering the security of systems and infrastructure for the public good.
Explain in detail “act honorably, honestly, justly, responsibly, and legally.”
This is straightforward. In terms of legally, laws from different regions can be found to be in conflict. ISC2 Code of Ethics suggest that priority be given to the jurisdiction where the services are being provided. Another point to be made is related to providing prudent advice, and cautioning the security professional from unnecessarily promoting fear, uncertainty, and doubt.
Explain in detail “provide diligent and competent service to principals.”
The primary focus of this canon is ensuring the security professional provides competent service for which she is qualified and which maintains the value and confidentiality of information and the associated systems. An additional important consideration is to ensure the professional does not have a conflict of interest in providing the quality services.
Explain in detail “advance and protect the profession.”
This canon requires the security professionals to maintain their skills, and advance the skills and knowledge of others. Additionally not to negatively impact the security profession by associating in a professional fashion with those who might harm the profession.
The Computer Ethics Institute provides their “Ten Commandments of Computer Ethics” as a code of computer ethics. What are they?
- Thou shalt not use a computer to harm other people.
- Thou shalt not interfere with other people’s computer work.
- Thou shalt not snoop around in other people’s computer files.
- Thou shalt not use a computer to steal.
- Thou shalt not use a computer to bear false witness.
- Thou shalt not copy or use proprietary software for which you have not paid.
- Thou shalt not use other people’s computer resources without authorization or proper compensation.
- Thou shalt not appropriate other people’s intellectual output.
- Thou shalt think about the social consequences of the program you are writing or the sytem you are designing.
- Thou shalt always use a computer in ways that ensure consideration and respect for your fellow humans.
Internet Activity Board (IAB) defined RFC 1087 listing their code of ethics, published in 1987. These five principles is considered to be unethical behavior if someone purposely:
Seeks to gain unauthorized access to resources of the Internet;
Disrupts the intended use of the Internet;
Wastes resources (people, capacity, computer) through such actions;
Destroys the integrity of computer-based information;
Compromises the privacy of users.