professional ethics purpose of course?: purpose 1 students need to learn how to communicate...

Professional Ethics

Purpose of Course?:Purpose 1Students need to learn how to communicate effectively.

Purpose 2Students need to learn Ethics of the Profession.

Study Questions

Q1 What is Professional Ethics?Q2 How do we learn ethical behavior?Q3 How do we learn to be an ethical professional?Q4 How do we know what is ethical in the work place?Q5 What happens when Ethics don’t win the day?Q6 What does the book say about Professional Ethics?Q7 Can we prevent unethical behavior (Law, Policy)?Q8 Know any Ethical Dilemmas?

Q1 What is Professional Ethics?

• Profession: A vocation that requires a high level of education and practical experience in the field.

• Professional: A professional is a person who is paid to undertake a specialized set of tasks and to complete them for a fee. The traditional professions were doctors, lawyers, clergymen and commissioned military officers. Today, the term is applied to , architects, accountants, educators, engineers, scientists, social workers and many more…


Main criteria for a professional include the following:• Expert and specialized knowledge in field which one is practicing professionally. [6]

• Excellent manual/practical and literary skills in relation to profession. [7]

• High quality work in (examples): creations, products, services, presentations, consultancy, primary/other research, administrative, marketing, photography or other work endeavours.

• A high standard of professional ethics, behaviour and work activities while carrying out one's profession (as an employee, self-employed person, career, enterprise, business, company, or partnership/associate/colleague, etc.). The professional owes a higher duty to a client, often a privilege of confidentiality, as well as a duty not to abandon the client just because he or she may not be able to pay or remunerate the professional. Often the professional is required to put the interest of the client ahead of his own interests.

• Reasonable work morale and motivation. Having interest and desire to do a job well as holding positive attitude towards the profession are important elements in attaining a high level of professionalism.

• Participating for gain or livelihood in an activity or field of endeavour often engaged in by amateurs b : having a particular profession as a permanent career c : engaged in by persons receiving financial return[6]

• Appropriate treatment of relationships with colleagues. Consideration should be shown to elderly, junior or inexperienced colleagues, as well as those with special needs. An example must be set to perpetuate the attitude of one's business without doing it harm.

• A professional is an expert who is master in a specific field.


• What’s a Computer Professional:– Education– Accreditation– Skills Development– Certification– Licensing– Professional Development

–Code of Ethics– Professional Society


What’s Ethics?:• Normative ethics• Traditionally, normative ethics (also known as moral

theory) was the study of what makes actions right and wrong. These theories offered an overarching moral principle one could appeal to in resolving difficult moral decisions.

• At the turn of the 20th century, moral theories became more complex and are no longer concerned solely with rightness and wrongness, but are interested in many different kinds of moral status.


What’s Ethics?:• Virtue ethics• Virtue ethics describes the character of a moral

agent as a driving force for ethical behavior, and is used to describe the ethics of Socrates, Aristotle


What’s Ethics?: (from Chapter 2 lesson)

Study Questions


Q2 How do we learn ethical behavior?Q3 How do we learn to be an ethical professional?Q4 How do we know what is ethical in the work place?Q5 What happens when Ethics don’t win the day?Q6 What does the book say about Professional Ethics?Q7 Can we prevent unethical behavior (Law, Policy)?Q8 Know any Ethical Dilemmas?

Q2 How do we learn ethical behavior?

But,

How do we really learn ethical behavior?


• At Home– “If you always tell the truth, you never have to

remember what you said.” Mom Phillips circa 1975

– “People lie when the truth is just as good?” Mom Phillips circa 1970

– “You little @#%$&%$!, If you ever treat your mother like that again, Pow! Right to the moon.”

Dad Phillips 1958-1977


Scout LawA Scout is trustworthy, loyal, helpful, friendly, courteous, kind, obedient,cheerful, thrifty, brave, clean, and reverent.

Scout OathOn my honor, I will do my bestTo do my duty to God and my country;To obey the Scout Law;To help other people at all times;To keep myself physically strong, mentally

awake and morally straight


Religious Beliefs?

Movies?


School?

http://www.usma.edu/

U.S. Military Academy Mission"To educate, train, and inspire the Corps of Cadets so that each graduate is a commissioned leader of character committed to the values of Duty, Honor, Country and prepared for a career of professional excellence and service to the Nation as an officer in the United States Army."

Cadet PrayerMake us to choose the harder right instead of the easier wrong, and never to be content with a half truth when the whole can be won. Endow us with courage that is born of loyalty to all that is noble and worthy, that scorns to compromise with vice and injustice and knows no fear when truth and right are in jeopardy.

Study Questions

Q1 What is Professional Ethics?Q2 How do we learn ethical behavior?

Q3 How do we learn to be an ethical professional?Q4 How do we know what is ethical in the work place?Q5 What happens when Ethics don’t win the day?Q6 What does the book say about Professional Ethics?Q7 Can we prevent unethical behavior (Law, Policy)?Q8 Know any Ethical Dilemmas?

Q3 How do we learn to be an ethical professional?

Professional Organizations?

• www.acm.org• Respect confidentiality of information• Cause no harm to systems (i.e. viruses)• Protect others' privacy• Respect others' copyrights

• www.isc2.org• Protect the infrastructure• Act responsibly and legally• Provide competent service to principals• Advance and protect the profession

• www.sans.org• Respect for the Public• Respect for the Certification• Respect for My Employer• Respect for Myself

• www.issa.org• Perform professional activities and duties in

accordance with highest ethical principles• Promote best practices and standards• Main confidentiality• Carry out responsibilities with honesty• Abstain from "conflicts of interest"• Do not intentionally injure the reputation of

colleagues, clients, or employers

Study Questions

Q1 What is Professional Ethics?Q2 How do we learn ethical behavior?Q3 How do we learn to be an ethical professional?

Q4 How do we know what is ethical in the work place?Q5 What happens when Ethics don’t win the day?Q6 What does the book say about Professional Ethics?Q7 Can we prevent unethical behavior (Law, Policy)?Q8 Know any Ethical Dilemmas?

Q4 How do we know what is ethical in the work place?

Work?


Work?- Oath of Office- Promotion- 24/7- UCMJ- Contract Law

Ethics & Business Conduct Welcome Video

Lockheed Martin Proprietary Information



Work?

Study Questions

Q1 What is Professional Ethics?Q2 How do we learn ethical behavior?Q3 How do we learn to be an ethical professional?Q4 How do we know what is ethical in the work place?

Q5 What happens when Ethics don’t win the day?Q6 What does the book say about Professional Ethics?Q7 Can we prevent unethical behavior (Law, Policy)?Q8 Know any Ethical Dilemmas?

Q5 What happens when Ethics don’t win the day?

Study Questions

Q1 What is Professional Ethics?Q2 How do we learn ethical behavior?Q3 How do we learn to be an ethical professional?Q4 How do we know what is ethical in the work place?Q5 What happens when Ethics don’t win the day?

Q6 What does the book say about Professional Ethics?Q7 Can we prevent unethical behavior (Law, Policy)?Q8 Know any Ethical Dilemmas?

Q6 What does the book say about Professional Ethics?


Eight Principles:

1.PUBLIC - Software engineers shall act consistently with the public interest.

2. CLIENT AND EMPLOYER - Software engineers shall act in a manner that is in the best interests of their client and employer consistent with the public interest.

3. PRODUCT - Softwareengineers shall ensure that their products and related modifications meet the highest professional standards possible.

4. JUDGMENT - Softwareengineers shall maintain integrity and independence in their professional judgment.

5. MANAGEMENT - Software engineering managers and leaders shall subscribe to and promote an ethical approach to the management of software development and maintenance.

6. PROFESSION - Softwareengineers shall advance the integrity and reputation of the profession consistent with the public interest.

7. COLLEAGUES - Softwareengineers shall be fair to and supportive of their colleagues.

8. SELF - Softwareengineers shall participate in lifelong learning regarding the practice of their profession and shall promote an ethical approach to the practice of the profession.


Alternative Principles:

1.Be Impartial2.Disclose Information other ought to know3.Respect the Rights of Others4.Treat Others Justly5.Take Responsibility of your Actions6.Take Responsibility for the Actions of those you supervise7.Maintain your Integrity8.Continually Improve your Abilities9.Share your Knowledge, Expertise, and Values.

Study Questions

Q1 What is Professional Ethics?Q2 How do we learn ethical behavior?Q3 How do we learn to be an ethical professional?Q4 How do we know what is ethical in the work place?Q5 What happens when Ethics don’t win the day?Q6 What does the book say about Professional Ethics?

Q7 Can we prevent unethical behavior (Law, Policy)?Q8 Know any Ethical Dilemmas?

Law and Ethics in Information Security

• Laws– Rules adopted and enforced by governments to codify

expected behavior in modern society

• The key difference between law and ethics is that law carries the sanction of a governing authority and ethics do not

• Ethics are based on cultural mores– Relatively fixed moral attitudes or customs of a

societal group

Management of Information Security, 3rd ed.42

Types of Law

• Civil law– Pertains to relationships between and among

individuals and organizations

• Criminal law – Addresses violations harmful to society– Actively enforced and prosecuted by the state

• Tort law – A subset of civil law that allows individuals to seek

redress in the event of personal, physical, or financial injury


Types of Law (cont.)

• Private law – Regulates the relationships among individuals and

among individuals and organizations• Family law, commercial law, and labor law

• Public law – Regulates the structure and administration of

government agencies and their relationships with citizens, employees, and other governments

• Criminal, administrative, and constitutional law


Table 12-1a: Key U.S. laws of interest to information security professionals


Table 12-1b: Key U.S. laws of interest to information security professionalsManagement of Information Security, 3rd ed.46

Relevant U.S. Laws

• The Computer Fraud and Abuse Act of 1986 (CFA Act)– Cornerstone of computer-related federal laws and

enforcement efforts – Amended in October 1996 by the National Information

Infrastructure Protection Act• Modified several sections of the previous act, and increased

the penalties for select crimes

Management of Information Security, 3rd ed.

• CFA Act (cont)– Further modified by the USA Patriot Act of 2001

• Gave law enforcement agencies broader latitude to combat activities related to terrorism

• The USA Patriot Improvement and Reauthorization Act of 2005 updated and extended the USA Patriot Act


Relevant U.S. Laws

Relevant U.S. Laws (cont.)

• Computer Security Act of 1987– One of the first attempts to protect federal computer

systems by establishing minimum acceptable security practices

– Established the Computer System Security and Privacy Advisory Board within the Department of Commerce

– Mandated periodic training in accepted computer security awareness and practices for all users of Federal computer systems



• Privacy Laws– Many organizations collect, trade, and sell personal

information as a commodity– Aggregation of data from multiple sources permits

organizations to build databases with alarming quantities of personal information

– Individuals are looking to governments to protect their privacy



• Privacy Laws (cont.)– The Privacy of Customer Information Section of USC

Title 47 covering common carriers • Specifies that proprietary information shall be used only for

providing services, and not for marketing

– The Federal Privacy Act of 1974 regulates the government’s use of private information

• Ensure sthat government agencies protect the privacy of individuals’ and businesses’ information



• Privacy Laws (cont.)– Electronic Communications Privacy Act of 1986

• A collection of statutes that regulates the interception of wire, electronic, and oral communications

– These statutes work in tandem with the 4th Amendment of the Constitution which prohibits search and seizure without a warrant



• Health Insurance Portability & Accountability Act Of 1996 (HIPAA)– Attempts to protect the confidentiality and security of

healthcare data• Establishes and enforces standards• Standardizes electronic data interchange (EDI)

– Requires organizations that retain healthcare information to use information security mechanisms

– Also requires the assessment of the organization's InfoSec systems, policies, and procedures



• The Financial Services Modernization Act– Also called Gramm-Leach-Bliley Act of 1999– Applies to banks, securities firms, and insurance

companies– Requires all financial institutions to disclose their

privacy policies and must describe:• How they share nonpublic personal information• How customers can request that their information not be

shared with third parties



• Export and Espionage Laws– Economic Espionage Act (EEA) of 1996

• Attempts to protect U.S. intellectual property and competitive advantage

• Attempts to protect a company’s trade secrets from espionage initiated by:

– A foreign government– Another company– Or a disgruntled former employee



• U.S. Copyright Law– Extends protection of intellectual property, including

words published in electronic formats– ‘Fair use’ allows material to be quoted so long as the

purpose is educational and not for profit, and that usage is not excessive

– Proper acknowledgement must be provided to the author and/or copyright holder of such works by including a description of the location of source materials, using a recognized form of citation



• Freedom of Information Act of 1966– All Federal agencies are required to disclose records,

requested in writing, by any person – Applies only to Federal agencies and not records held

by Congress, the courts, or by state or local government agencies

• Sarbanes-Oxley Act of 2002 (SOX)– Enforces accountability for the financial record

keeping and reporting of publicly traded corporations



• Sarbanes-Oxley Act of 2002 (cont.)– Requires that the CEO and CFO assume direct and

personal accountability for the completeness and accuracy of a publicly traded company’s financial reporting and record-keeping systems and their internal controls

– Availability and confidentiality are also emphasized as executives attempt to ensure that the systems used to record and report are sound


International Laws and Legal Bodies

• International trade is governed by international treaties and trade agreements– Many domestic laws and customs do not apply

• There are currently few international laws relating to privacy and information security– Because of cultural differences and political

complexities of the relationships among nations


International Laws and Legal Bodies (cont.)

• European Council Cyber-Crime Convention– Empowers an international task force to oversee a

range of Internet security functions• Standardizes technology laws internationally

– Attempts to improve the effectiveness of international investigations into breaches of technology law

– Goal is to simplify the acquisition of information for law enforcement agents in certain types of international crimes, as well as the extradition process


International Laws and Legal Bodies (cont.)

• The Digital Millennium Copyright Act– A U.S.-based international effort to reduce the impact

of copyright, trademark, and privacy infringement, especially via the removal of technological copyright protection measures

• European Union Directive 95/46/EC – Increases individual rights to process and freely move

personal data

• Database Right– U.K. version of this directive


State and Local Regulations (cont.)

• The Georgia Identity Theft Law– Requires that a business may not discard a record

containing personal information unless it shreds, erases, modifies, or otherwise makes the information irretrievable


Policy Versus Law

• Difference between policy and law – Ignorance of policy is an acceptable defense

• Policies must be:– Distributed to all individuals who are expected to

comply with them– Readily available for employee reference– Easily understood, with multilingual, visually impaired

and low-literacy translations– Acknowledged by employee with consent form– Uniformly enforced for all employees


Ethics in Information Security

• The student of information security is not expected to study the topic of ethics in a vacuum, but within a larger ethical framework – Information security professionals may be expected to

be more articulate about the topic than others in the organization

• Often must withstand a higher degree of scrutiny


Ethics in Information Security (cont.)

• The Ten Commandments of Computer Ethics – From the Computer Ethics Institute– Thou shalt not:

• Use a computer to harm other people • Interfere with other people's computer work • Snoop around in other people's computer files • Use a computer to steal• Use a computer to bear false witness • Copy or use proprietary software for which you have not

paid


Ethics in Information Security (cont.)

• The Ten Commandments of Computer Ethics (cont.)– Thou shalt not: (cont.)

• Use other people's computer resources without authorization or proper compensation

• Appropriate other people's intellectual output

– Think about the social consequences of the program you are writing or the system you are designing

– Always use a computer in ways that ensure consideration and respect for fellow humans


Ethics and Education

• Differences in computer use ethics– Not exclusively cultural – Found among individuals within the same country,

within the same social class, and within the same company

• Key studies reveal that the overriding factor in leveling the ethical perceptions within a small population is education

• Employees must be trained on the expected behaviors of an ethical employee


Deterring Unethical and Illegal Behavior

• InfoSec personnel should do everything in their power to deter unethical and illegal acts– Using policy, education and training, and technology

as controls to protect information

• Categories of unethical behavior– Ignorance– Accident– Intent


Deterring Unethical and Illegal Behavior (cont.)

• Deterrence– Best method for preventing an illegal or unethical

activity– Examples: laws, policies, and technical controls– Laws and policies and their associated penalties only

deter if three conditions are present:• Fear of penalty• Probability of being caught• Probability of penalty being administered


Study Questions

Q1 What is Professional Ethics?Q2 How do we learn ethical behavior?Q3 How do we learn to be an ethical professional?Q4 How do we know what is ethical in the work place?Q5 What happens when Ethics don’t win the day?Q6 What does the book say about Professional Ethics?Q7 Can we prevent unethical behavior (Law, Policy)?

Q8 Know any Ethical Dilemmas?

professional ethics purpose of course?: purpose 1 students need to learn how to communicate...

Documents

ethical professional

computer professional

professional ethicspurpose

whats ethics

ethics dont

ones profession

particular profession

high quality work