• Subscribe to our feed
  • Like us on Facebook
  • Follow us on Twitter
  • Join Us on LinkedIn

Considering Ethics in Security

by Christine Meyers on November 2, 2011

Recently, on the heels of the ISSA International Conference, noted authority Michael Angelo raised the question of ethics in security. It is a topic that comes up from time to time and never ceases to fascinate me. In his recent blog posting, Michael writes “Ethics is a particularly interesting topic as the security industry is always concerned about addressing issues in a constantly changing environment. It is easy to follow a set of ethics if the environment is consistent, however if the environment changes will those ethics still apply or do they need to evolve?”

Over the years, we’ve seen huge shifts in the issue of ethics and security. The spectrum of recent dialog ranges from securing end points and the interests of enterprise all the way to hacktivism. The core tenants of privacy, security and personal responsibility are all represented in the current debate. I was heartened to see the diversity of opinion expressed by our community. It shows that we are examining critical issues, considering the implications of choice and the why of new technologies rather than mindlessly favoring the technical possibilities

Michael concludes his article by stating, “In the 70’s corporate and professional ethics demanded secrecy around all aspects of security. The corporate and professional ethics from the 70’s have gradually evolved to enable us to disclose information and work together on solutions so that we can not only survive but we can innovate and surpass our individual boundaries. In the end it is important to remember that while our environments are evolving we must re-examine our ethics and see if they also need to evolve.” I, for one, whole heartedly agree.

Here are some other positions on the issues of ethics in security:

ISACA: Auditors Ethics for Continuous Monitoring and Continuous Auditing: http://www.isaca.org/Journal/Past-Issues/2008/Volume-3/Pages/Auditor-Ethics-for-Continuous-Auditing-and-Continuous-Monitoring1.aspx

SANS: The Legal System and Ethics in Information Security: http://www.sans.org/reading_room/whitepapers/legal/legal-system-ethics-information-security_54

Dell SecureWorks: Crossing the Line: Ethics for the Security

http://www.secureworks.com/research/articles/other articles/ethics/

Tagged as: Ethics, monitoring, privacy, risk, security, threats

{ 1 comment }

Christine Meyers January 12, 2012 at 8:10 am

Thanks for visiting–really appreciate it! –C