Cybercrimes and Threats: Cyber Ethics PDF

CYBERCRIMES AND THREATS MUHANNAD ALRIHALI 5. Cyber Ethics OUTLINE What is Ethics? What is Computer (Cyber) Ethics? The ten commandment of computer ethics Ethics and cultural differences Unethical uses of computer Codes of ethics Q/A WHAT IS ETHICS? Many Professional groups have explicit rules governing ethical behavior in the workplace. For example, doctors and lawyers who commit egregious violations of their professions’ canons of conduct can be removed from practice WHAT IS COMPUYET (CYPER) ETHICS? In simple terms, computer ethics refers to the basic ethics and etiquette that must be followed while using a computer system. Ethics, in general, refers to propagating good behavior, similarly by cyber ethics we refer to propagating good behavior online that is not harsh or rude. The ten commandment of computer ethics: 1. Thou shalt not use a computer to harm other people. 3 2. Thou shalt not interfere with other people’s computer work. 3. Thou shalt not snoop around in other people’s computer files. 4. Thou shalt not use a computer to steal. 5. Thou shalt not use a computer to bear false witness. THE TEN COMMANDMENT OF COMPUTER ETHICS: 6. Thou shalt not copy or use proprietary software for which you have not paid. 7. Thou shalt not use other people’s computer resources without authorization or proper compensation. 8. Thou shalt not appropriate other people’s intellectual output. 9. Thou shalt think about the social consequences of the program you are writing or the system you are designing. 10. Thou shalt always use a computer in ways that ensure consideration and respect for your fellow humans. ETHICS AND CULTURAL DIFFERENCES Cultural differences can make it difficult to determine what is and is not ethical — especially when it comes to the use of computers. Studies on ethics and computer use reveal that people of different nationalities have different perspectives; difficulties arise when one nationality is ethical behavior violates the ethics of another national group. For example, to Western cultures, many of the ways in which Asian cultures use computer technology is software piracy. UNETHICAL USES OF COMPUTER Software License Infringement (piracy) Software piracy is the unauthorized duplication, distribution, or use of computer software-for example, making more copies of software than the license allows, or installing software licensed for one computer onto multiple computers or a server. Copying software is an act of copyright infringement and is subject to civil and criminal penalties. It's illegal whether you use the copied software yourself, give it away, or sell it. And aiding piracy by providing unauthorized access to software or to serial numbers used to register software can also be illegal. UNETHICAL USES OF COMPUTER Illicit Use Computer illicit use is the legal term for the use of a computer to carry out improper or illegal activities, but which do not constitute financial crimes that would be classified as wire fraud. Misuse of Corporate Resources Examples of misuse of company assets may include using company equipment or facilities for personal use, diverting company funds for personal gain, stealing company property or information, or engaging in fraudulent activities using company resources ETHICS AND EDUCATION Key studies reveal that the overriding factor in leveling the ethical perceptions within a small population is education Employees must be trained and kept aware of a number of topics related to information security, not the least of which are the expected behaviors of an ethical employee This is especially important in information security, as many employees may not have the formal technical training to understand that their behavior is unethical or even illegal Proper ethical and legal training is vital to creating an informed, well prepared, and low-risk system user x̅ CODES OF ETHICS A number of professional organizations have established codes of conduct or codes of ethics that members are expected to follow Codes of ethics can have a positive effect on people’s judgment regarding computer use Unfortunately, many employers do not encourage their employees to join these professional organizations But employees who have earned some level of certification or professional accreditation can be deterred from ethical lapses by the threat of loss of accreditation or certification due to a violation of a code of conduct Loss of certification or accreditation can dramatically reduce marketability and earning power ORGANIZATIONS DEVELOPING CYBERSECURITY CODES OF ETHICS Association of Computing Machinery www.acm.org Code of 24 imperatives of personal ethical responsibilities of security professionals Information Systems Audit and Control Association www.isaca.org One process area and six subject areas that focus on auditing, information security, business process analysis, and IS planning through the CISA and CISM certifications Tasks and knowledge required of the information systems audit professional ORGANIZATIONS DEVELOPING x̅ CYBERSECURITY CODES OF ETHICS International Information Systems Security Certification Consortium (ISC) 2 www.isc2.org International Consortium dedicated to improving the quality of security professionals through SSCP and CISSP certifications Requires certificates to follow its p published code of ethics ACM CODE OF ETHICS AND PROFESSIONAL CONDUCT The ACM Code of Ethics and Professional Conduct is a guide to proactive action that helps computing professionals promote good. The Code is designed to inspire and guide the ethical conduct of all computing professionals, including current and aspiring practitioners, instructors, students, influencers, and anyone who uses computing technology in an impactful way Additionally, the Code serves as a basis for remediation when violations occur The Code includes principles formulated as statements of responsibility, based on the understanding that the public good is always the primary consideration ACM CODE OF ETHICS AND PROFESSIONAL CONDUCT Each principle is supplemented by guidelines, which provide explanations to assist computing professionals in understanding and applying the principle The code is made of four sections General ethical principles Professional responsibilities Professional leadership principles Compliance with this code GENERAL ETHICAL PRINCIPLES Contribute to society and human well-being: Promoting ethical computing for the benefit of society. Avoid harm: Minimizing or preventing harm to users, individuals, and communities. Be honest and trustworthy: Acting transparently and truthfully in all professional endeavors. Be fair and take action not to discriminate: Promoting equality, fairness, and inclusiveness. Respect privacy: Maintaining the privacy and confidentiality of user data. Honor confidentiality: Protecting sensitive information obtained in the course of professional work. PROFESSIONAL RESPONSIBILITIES 1. Strive to achieve high quality in both the processes and products of professional work Computing professionals should insist on and support high quality work from themselves and from colleagues The dignity of employers, employees, colleagues, clients, users, and anyone else affected either directly or indirectly by the work should be respected throughout the process. Computing professionals should respect the right of those involved to transparent communication about the project Professionals should be cognizant of any serious negative consequences affecting any stakeholder that may result from poor quality work and should resist inducements to neglect this responsibility 2. PROFESSIONAL RESPONSIBILITIES 2. Maintain high standards of professional competence, conduct, and ethical practice High quality computing depends on individuals and teams who take personal and group responsibility for acquiring and maintaining professional competence Professional competence starts with technical knowledge and with awareness of the social context in which their work may be deployed Professional competence also requires skill in communication, in reflective analysis, and in recognizing and navigating ethical challenges. Upgrading skills should be an ongoing process and might include independent study, attending conferences or seminars, and other informal or formal education. Professional organizations and employers should encourage and facilitate these activities 2. PROFESSIONAL RESPONSIBILITIES 3. Accept and provide appropriate professional review High quality professional work in computing depends on professional review at all stages. Whenever appropriate, computing professionals should seek and utilize peer and stakeholder review. Computing professionals should also provide constructive, critical reviews of others' work. 4. Perform work only in areas of competence A computing professional is responsible for evaluating potential work assignments. This includes evaluating the work's feasibility and advisability, and making a judgment about whether the work assignment is within the professional's areas of competence 2. PROFESSIONAL RESPONSIBILITIES 4. Perform work only in areas of competence If at any time before or during the work assignment the professional identifies a lack of a necessary expertise, they must disclose this to the employer or client. The client or employer may decide to pursue the assignment with the professional after additional time to acquire the necessary competencies, to pursue the assignment with someone else who has the required expertise, or to forgo the assignment A computing professional's ethical judgment should be the final guide in deciding whether to work on the assignment. 2. PROFESSIONAL RESPONSIBILITIES 5. Foster public awareness and understanding of computing, related technologies, and their consequences As appropriate to the context and one's abilities, computing professionals should share technical knowledge with the public, foster awareness of computing, and encourage understanding of computing. These communications with the public should be clear, respectful, and welcoming. Important issues include the impacts of computer systems, their limitations, their vulnerabilities, and the opportunities that they present Additionally, a computing professional should respectfully address inaccurate or misleading information related to computing. Q/A THANK YOU FOR LISTENING x ANY QUESTIONS?

Cybercrimes and Threats: Cyber Ethics PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue