Difference between revisions of "LegalEthics"
Jump to navigation
Jump to search
(Added link to Google Presentation) |
m |
||
| Line 33: | Line 33: | ||
===== Legal ===== | ===== Legal ===== | ||
| − | * Hacking is illegal without permission | + | ** State and Federal Statutes |
| − | * Statement of Work is needed before any "foreign" hacking | + | *** prohibited activities |
| + | ** Contracts | ||
| + | ** Regulatory Obligations | ||
| + | ** | ||
| + | ** Hacking is illegal without permission | ||
| + | ** Statement of Work is needed before any "foreign" hacking | ||
* | * | ||
Latest revision as of 14:55, 28 May 2021
Legal and Ethics
References
- The Ethics of Cybersecurity, 2020, ISSN 1875-0044e-ISSN 1875-0036 The International Library of Ethics, Law, and Technology ISBN 978-3-030-29052-8e-ISBN 978-3-030-29053-5 https://doi.org/10.1007/978-3-030-29053-5. Christen, Markus; Bert Gordijn; Michele Loi. The Ethics of Cybersecurity: 21 (The International Library of Ethics, Law, and Technology). Springer International Publishing. Kindle Edition.
- 10 Commandments of Ethical Hacking, C:\Users\dginter\Google Drive (dginter@ewsd.org)\2021CST\cybersecurity\CyberSecurity
- Guidelines for Developing Penetration Rules of Behavior(https://www.sans.org/reading-room/whitepapers/testing/paper/259
- In Search of an Ethical Code for Cybersecurity, https://www.infosecurity-magazine.com/magazine-features/search-ethical-code-cybersecurity/
- pre-engagement: http://www.pentest-standard.org/index.php/Pre-engagement
- Penetration Testing Agreement C:\Users\dginter\Google Drive (dginter@ewsd.org)\2021CST\cybersecurity\CyberSecurity\Units\Ethics and Legal Issues
- An Introduction to Cybersecurity Ethics
- Information Security Systems Association (ISSA) Code of Ethics http://www.issa.org/?page=CodeofEthics
- SANS Institute Code of Ethics https://www.sans.org/security-resources/ethics
- Cybersecurity Institute Code of Ethics and Conduct http://www.cybersecurityinstitute.biz/training/ethicsconduct.htm
- ASIS Code of Ethics https://www.asisonline.org/About-ASIS/Pages/Code-of-Ethics.aspx
- Code of Ethics and Professional Conduct of ACM (Association for Computing Machinery) https://www.acm.org/about-acm/acm-code-of-ethics-and-professional-conduct
- Software Engineering Code of Ethics and Professional Practice of ACM (Association for Computing Machinery) and IEEE-Computer Society http://www.acm.org/about/se-code
What we want them to know
Presentation: https://drive.google.com/file/d/1lGczWDPQNixvwDHY4zdfJIRKOLJwcFaU/view?usp=sharing
Descriptions
Ethics
Values: Security, Privacy, Fairness, Accountability
Conflicts:
- Sec vs Priv,
- Priv vs Fair
- Priv vs Account
- Sec vs Fair
Legal
- State and Federal Statutes
- prohibited activities
- Contracts
- Regulatory Obligations
- Hacking is illegal without permission
- Statement of Work is needed before any "foreign" hacking
- State and Federal Statutes
Objectives
What we want them to do
Labs/Exercises
Scenarios
- Social Media algorithms impact on democracy
- Student applying to college is rejected due to a "friend" hacking his grades as a "joke"
- A software engineer at a major network monitoring company opens a phishing email which causes all future updates to the company's software to install a backdoor (see solarwinds hack:https://duckduckgo.com/?q=solarwinds+hack&t=brave&ia=web, https://www.iiss.org/blogs/survival-blog/2021/04/lessons-of-the-solarwinds-hack)
- Two high school seniors taking a cybersecurity class at a prominent Vermont Tech Center, discovery a vulnerability in a recent cell phone release. They question their options of keeping the zero day secret for their own use, notifying the manufacturer with a "responsible discloser", notifying the local new media, or publishing on their own blog.
- A college cybersecurity student has a friend that has been physically abused by a campus sports team. The college is covering up the crime,
Questions:
- What would I do?
- What should I do?