Ethics

Learning outcomes:

• Explain the concepts of trust and trustworthiness
• Describe important ethical issues in computer security
• Discuss ethical issues in regards to bug handling, bug disclosure, breach disclosure and data exfiltration
• Discuss compliance in relation to state and federal data handling

Would you like to download my PowerPoint to follow along?

• Trust
• Confidence placed in a person by making that person the nominal owner of property to be held or used for the benefit of one or more others.
• Transitive trust
• Web Certificates
• Digital signatures
• Ethics (With examples)
• Moral principles that govern a person's behavior or the conducting of an activity.
• Example: In the course of your job you find confidential info relating to mental health about someone who babysits your child, what do you do?
• Example:You are scheduling a meeting with a client, it turns out this client requested a meeting at 3pm on a Friday near your house. Do you go home or back to work if the meeting ends early?
• Example:Your at work or school and you're getting all the credit on a team project, do you say anything?
• Example: You work in IT and you happen to see emails from your coworkers. Or you are asked to go through emails/computers for your coworkers or bosses.
• Real life Example: Schools putting loggers and RATs on loaned laptopsThere are multiple examples and articles talking about this
• Hackers
• Types of hackers
• White Hat
• Grey Hat
• Black Hat
• Hacktivists
• Ethics in Computer Security Example: Well known People
• Edward Snowden
• Kevin Mitnick
• Adrian Lamo
• Ethics in Computer Security: Hacker groups and Hacktivists
• Anonymous
• Lulzsec
• Chaos Computer Club
• Ethics: How to handle Bugs
• Patch times
• Bug prioritization
• Patch cycle
• How to do bug disclosure
• Responsible disclosure: Allows stakeholders time to fix bugs
• Full disclosure: Tells the public everything
• OWASP Vulnerability Disclosure Cheat Sheet
• Ethics: How to do Breach Disclosure
• Current Best Practices for Breach Disclosure
• Examples of Breaches and disclosures in real life
• Case Study TJX
• Case Study Equifax
• Case Study Facebook
• Case Study Yahoo
• Ethics: Data Exfiltration
• Steganography
• Ipods (podsnarfing)
• Cameras
• Usb drives (thumbsucking)
• Bluetooth (bluesnarfing)
• Sneakernet
• Compliance
• Certification or confirmation that the doer of an action (such as the writer of an audit report), or the manufacturer or supplier of a product, meets the requirements of accepted practices, legislation, prescribed rules and regulations, specified standards, or the terms of a contract.
• Federal Data Handling
• HIPAA
• FERPA
• Sarbanes Oxley (SOX)
• PCI-DSS (payment cards)
• International Bonus: GDPR

Suggested Activities and Discussion Topics:

• Write a paper following the instructions on this PDF (accessible HTML version)
• The following are some discussion topic ideas on ethics:
• Is it ever ok to pirate content(Movies, games, software etc.) Does it matter if the content is no longer available? Not available in your current location? Priced in such a way that it's not affordable for anyone besides a large corporation?
• Is information on a company device considered private? What about accounts logged in to that device? What about if you are required to have a mobile device for the company, but they aren't willing to pay for one? What if they are willing to pay for one but you can't afford your own secondary device
• When should your data belong to you? What if the data is collected in such a way you couldn't do it on your own (medical imaging or expensive equipment required type of thing)
• Should companies be able to see your credit score? What about require your login for social networking sites? Does your answer change if it's different jobs or companies? Government jobs or contractors? Jobs that affect all members of society such as teachers, police officers or social workers?

Would you like to see some more classes? View all classes