OPINION: A troubling article in Forbes raises concerns about how society takes care of those who raise legitimate, well-founded concerns about their employers. Aside from the specific legal decision in this particular case, there is a wider issue about protecting whistleblowers from retribution. If a whistleblowing employee makes allegations of serious impropriety by his employer, and those allegations are upheld, is it reasonable for him/her to insist on remaining employed by the organization? A few enlightened managements might swallow their pride and allow the whistleblowing employee to carry on normally in employment but I strongly suspect that in most cases... Read more →
46 posts categorized "Ethics"
18 May 2012
Bullet-proofing messengers
Posted by Gary Hinson on 18 May 2012 at 07:19 PM in Ethics, Insider Risk, Legal | Permalink
|
Comments (0)
14 May 2012
Dotted lines in shifting sands
An opinion piece regarding a possible US law change raises fascinating ethical questions about privacy rights. Whereas employers have some interest in what their employees are saying and doing in their personal/non-work time, employees also have reasonable expectations of privacy concerning their private lives: OPINION: On the battlefield of the Internet, the Privacy Platoon struck a clanging blow against the Transparency Brigade last week, when two members of Congress introduced the Social Networking Online Protection Act. The bill would bar employers from demanding job applicants' Facebook passwords - which recently has become an issue: The ACLU's Maryland branch championed the... Read more →
Posted by Gary Hinson on 14 May 2012 at 06:02 PM in Ethics, Insider Risk, Legal, Privacy | Permalink
|
Comments (0)
13 January 2012
2012: Redefining United States Cyber Security: Taking a Holistic View and Machiavellian Approach, part 1
By: Larry P. Bunch CISSP, CEH http://mysite.verizon.net/vze18ez5m/id3.html Twitter: https://twitter.com/#!/bunchlarryp Preface This article was originally intended to be a light reading OP/ED piece. However, it has slowly evolved into a hybrid OP/ED – Whitepaper dealing with Cyber Intelligence and Network Security. The opinions in this article do not represent the United States government or my employer (VortechX LLC.). This article is intended to generate discussion, collaboration, and interaction within the Intelligence and Network Defense communities of both the Public and Private sectors of the United States. The ideas and recommendations presented here reflect only my own opinions and may NOT be... Read more →
Posted by LPBunch on 13 January 2012 at 04:07 PM in Ethics, IT Security, Malware, Network Security, Operations Security | Permalink
|
Comments (7)
29 November 2011
Applying Newton's third law to information security
Simply banning stuff (such as using social media at work) through management edict or policy can be counterproductive for security if employees react by circumventing the ban. I argue that effective security awareness using motivation and persuasion is a far more effective technique. Read more →
Posted by Gary Hinson on 29 November 2011 at 05:01 PM in Cybersecurity Training, Ethics, Insider Risk, Risk | Permalink
|
Comments (1)
10 September 2011
(ISC)2 board candidates
I'm not 100% au fait with ISC2's board election process but as I understand it the sitting board proposes a bunch of candidates, while the general membership can propose their own "independent candidates" as well. If you aren't into nepotism and fancy the idea of fresh faces at the top table, you might like to consider supporting some of the independents who need endorsement from at least 500 members in order to qualify and get their names onto the ballot papers. I'm aware of the following five independents so far: Tadd Axon email: isc2bodpetition@tadda.org website: https://sites.google.com/a/tadda.org/isc2petition/ Seth Hardy email: shardy@asymptotic.ca... Read more →
Posted by Gary Hinson on 10 September 2011 at 08:38 PM in Cybersecurity Certifications, Ethics | Permalink
|
Comments (1)
16 August 2011
(Intellectual) Property is Theft?
Laws tend to adjust slowly to social and technological trends, especially trends that change with the dramatic speed that modern IT allows. Read more →
Posted by David Harley on 16 August 2011 at 07:31 AM in Ethics | Permalink
|
Comments (3)
31 January 2011
We are living on strange "Cyberwar times"
In the after-crisis of the Stuxnet worm, Governments around the world are mobilizing to be better prepared against CyberThreats and CyberWar. It's becoming clear, more and more that groups pf individuals with a lot of knowledge, time and motivation can do harm against economies, healthcare, utilities and other systems, being responsible (who knows?) for the collapse of a country. We already had, in the past, cases of well succeeded CyberAttacks that collapsed a country information structure and paralyzed it for a while. We can remember of: 2007 CyberAttakcs on Estonia 2007 CyberAttacks against Syria Radar Infrastructure 2008 CyberAttacks on Georgia... Read more →
Posted by Alexandre Cezar on 31 January 2011 at 01:37 PM in Ethics, Network Security, Operations Security, Privacy | Permalink
|
Comments (0)
24 January 2011
Pragmatic ethics
Is it ethically acceptable for workers to pinch the odd pencil or Post-It note from work, or is this just the thin end of the wedge that leads to fraud, theft, corruption, Enron and Global Economic Meltdown? It's a tricky issue when you factor in the difficulties of writing and enforcing corporate policies on ethics, the effects these have on the workforce, and the prospect of tacitly or even formally endorsing unethical and perhaps illegal behaviours through weak policies and lax attitudes towards compliance. It's also a cultural issue, which makes it fuzzy and complex both to characterise and even... Read more →
Posted by Gary Hinson on 24 January 2011 at 05:20 PM in Ethics, Insider Risk, Legal, Risk | Permalink
|
Comments (2)
05 May 2010
Patent Absurdity
Patents are generally held to be granted on devices, or inventions. In recent years, United States patents have been granted on processes, and even software. "Patent Absurdity" is a half hour video outlining the dangers and difficulties surrounding the granting of software patents. The interviews take place around the "Bilski" case appeal before the Supreme Court. (The "Bilski" case decision is generally held to strike down software patents, but is still the subject of a good deal of debate.) Read more →
Posted by Rob Slade on 05 May 2010 at 12:26 AM in Cybersecurity Training, Ethics, Legal, Risk | Permalink
|
Comments (0)
29 January 2010
Ethics (Kabay)
Fairly standard articles and slide decks on ethics. Read more →
Posted by Rob Slade on 29 January 2010 at 02:34 PM in Cybersecurity Training, Ethics | Permalink
|
Comments (0)
26 January 2010
Shariah and Cybercrime
From the International Journal of Cyber Criminology, "Shariah Law and Cyber-Sectarian Conflict: How can Islamic Criminal Law respond to cyber crime?" This paper looks at the concepts in Islamic Shariah law that relate to specifically computer or information system related crimes. The paper is possibly not a complete examination, but is not hopeful as regards the ability to criminalize cybercrime. Also available as PDF. Read more →
Posted by Rob Slade on 26 January 2010 at 12:57 PM in Cybersecurity Training, Ethics, Legal | Permalink
|
Comments (0)
15 November 2009
Psych and sec
Ross Anderson has put together a great page of links about psychological factors in security. Quite a few resources and papers on deception and social engineering, usability, risk calculations, economics, and more. Read more →
Posted by Rob Slade on 15 November 2009 at 02:38 AM in Cybersecurity Training, Ethics, Risk | Permalink
|
Comments (0)
|
TrackBack (0)
22 August 2009
Should the CISSP CBK be improved to place greater emphasis on “human factors” in information security? Definitely Yes!
Should the CISSP CBK be expanded to cover "human factors" in security? [1] Add “Human Factors” No.[2] Clearly, human factors are a major component to information security and Gary Hinson presents effective arguments that they should be established as an additional domain. On the other hand, Rob Slade makes an effective argument that the human factors are a significant component of each of the current ten domains primarily based on his experience teaching the CBK® to CISSP® aspirants for (ISC)²®. In full disclosure, I also teach the CBK® to CISSP® aspirants, but not for (ISC)²®, but at a local college.... Read more →
Posted by Bob Johnston on 22 August 2009 at 05:56 PM in Cybersecurity Certifications, Cybersecurity Training, Digital Forensics, Ethics, IT Security, Legal, Network Security, Operations Security, Privacy, Risk, Software Development | Permalink
|
Comments (1)
|
TrackBack (0)
10 August 2009
Add "human factors"? No.
OK, Gary has asked if the CISSP CBK should be expanded to cover "human factors" in security? And I answer "No." With that kind of beginning, you could be forgiven for thinking that I disagree with Gary about the importance of human factors in security. Nothing could be further from the truth. I agree with everything he has said about the fundamental significance of human factors in information security, as well as the difficulty of dealing with them, and will defend to the death his right to say it. What I disagree with is the question. The CBK already addresses... Read more →
Posted by Rob Slade on 10 August 2009 at 10:04 PM in Cybersecurity Certifications, Cybersecurity Training, Ethics, Insider Risk, IT Security, Legal, Malware, Operations Security, Privacy, Risk | Permalink
|
Comments (2)
|
TrackBack (0)
20 July 2009
Guidelines for social media
A useful collection of links to guidelines for the use of social networking media and systems. Read more →
Posted by Rob Slade on 20 July 2009 at 08:34 PM in Cybersecurity Training, Ethics, IT Security, Privacy | Permalink
|
Comments (1)
|
TrackBack (0)
18 July 2009
Moral code experiments
A very interesting presentation and intriguing research into moral behaviour. The culminating point is that we need to test and experiment with morality, since we seem to have many incorrect notions about it. Read more →
Posted by Rob Slade on 18 July 2009 at 05:43 PM in Cybersecurity Training, Ethics, Insider Risk, Risk | Permalink
|
Comments (0)
|
TrackBack (0)
11 July 2009
Are policies mandatory and guidelines optional?
Although this is often expressed, I fundamentally disagree that policies are mandatory whereas guidelines are optional. This to me is a rather naïve assessment, and is distinctly unhelpful, misleading even. Let me explain. For a start, do you truly understand the distinction between "mandatory" and "optional"? Are they really (as some claim) as different as binary and analogue? I beg to differ. In my world, they are both analogue concepts. They are both a matter of degree. Occasionally by "mandatory" the information security manager or CISO probably does mean an absolute hard-and-fast rule with no exemptions (authorized non-compliance) or exceptions... Read more →
Posted by Gary Hinson on 11 July 2009 at 05:47 PM in Ethics, Insider Risk, Legal | Permalink
|
Comments (1)
|
TrackBack (0)
08 July 2009
Primary Lessons Learned from the TSA Laptop Mess (Part 2)
A couple of weeks ago, I read about the demise of the Verified Identity Pass, Inc.'s Fly Clear program. This was a program working with TSA on the Registered Traveler service. Back in August 2008, I wrote how VIP and TSA had no accountability for losing a laptop with personal information of over 33,000 applicants. There is an additional lesson to be learned on top those from of my original article. If the public can't trust you with their personal information, they are not going to buy your product or service in the long run. That's why you need security... Read more →
Posted by John Dittmer on 08 July 2009 at 03:49 PM in Ethics, IT Security, Privacy | Permalink
|
Comments (2)
|
TrackBack (0)
09 June 2009
Don't Sue Me, Sue the Auditor
The recent Wired article In Legal First, Data-Breach Suit Targets Auditor discusses how a credit card company is suing the company that performed their security audit. The problem is that the credit card company was told that it was CISP (Cardholder Information Security Program) compliant, when it really wasn't. Per visa.com, "CISP is intended to protect Visa cardholder data–wherever it resides–ensuring that members, merchants, and service providers maintain the highest information security standard" (CISP has since been replaced by the PCI (Payment Card Industry) standard.) The lawsuit was triggered by the theft of 263,000 card numbers from the credit card... Read more →
Posted by Don Franke on 09 June 2009 at 12:16 PM in Cybersecurity Certifications, Ethics | Permalink
|
Comments (0)
|
TrackBack (0)
18 April 2009
Proceeds of crime
The Supreme Court of Canada has struck down a challenge to a provincial law enabling seizure of proceeds of crime. Under the provincial law, proceeds could be seized under a civil action, without a conviction for a crime having taken place. A report appeared in the Vancouver Sun. The challenge appears to have stressed the jurisdictional issues. (In Canada, criminal law is a matter for the federal government: the provinces do not make their own criminal laws.) However, there is also the matter of burden of proof. Under criminal law (under a Common Law system, at any rate), the charge... Read more →
Posted by Rob Slade on 18 April 2009 at 11:25 PM in Cybersecurity Training, Ethics, Legal, Privacy, Risk | Permalink
|
Comments (0)
|
TrackBack (0)
Search
Categories
- (ISC)² Chapters (16)
- (ISC)² Events (99)
- Center for Cyber Safety and Education (45)
- Cloud Security (84)
- Cybersecurity Certifications (269)
- Cybersecurity Training (268)
- Cybersecurity Workforce (138)
- Digital Forensics (27)
- Ethics (46)
- Government (83)
- Insider Risk (52)
- IT Security (345)
- Legal (41)
- Malware (95)
- Network Security (149)
- Operations Security (115)
- Privacy (93)
- Ransomware (32)
- Risk (154)
- Software Development (36)
- Spotlight (52)