Difference between revisions of "LegalEthics"

Legal and Ethics

References

• The Ethics of Cybersecurity, 2020, ISSN 1875-0044e-ISSN 1875-0036 The International Library of Ethics, Law, and Technology ISBN 978-3-030-29052-8e-ISBN 978-3-030-29053-5 https://doi.org/10.1007/978-3-030-29053-5. Christen, Markus; Bert Gordijn; Michele Loi. The Ethics of Cybersecurity: 21 (The International Library of Ethics, Law, and Technology). Springer International Publishing. Kindle Edition.

• 10 Commandments of Ethical Hacking, C:\Users\dginter\Google Drive (dginter@ewsd.org)\2021CST\cybersecurity\CyberSecurity
• Guidelines for Developing Penetration Rules of Behavior(https://www.sans.org/reading-room/whitepapers/testing/paper/259
• In Search of an Ethical Code for Cybersecurity, https://www.infosecurity-magazine.com/magazine-features/search-ethical-code-cybersecurity/
• pre-engagement: http://www.pentest-standard.org/index.php/Pre-engagement
• Penetration Testing Agreement C:\Users\dginter\Google Drive (dginter@ewsd.org)\2021CST\cybersecurity\CyberSecurity\Units\Ethics and Legal Issues
• An Introduction to Cybersecurity Ethics
• Information Security Systems Association (ISSA) Code of Ethics http://www.issa.org/?page=CodeofEthics
• SANS Institute Code of Ethics https://www.sans.org/security-resources/ethics
• Cybersecurity Institute Code of Ethics and Conduct http://www.cybersecurityinstitute.biz/training/ethicsconduct.htm
• ASIS Code of Ethics https://www.asisonline.org/About-ASIS/Pages/Code-of-Ethics.aspx
• Code of Ethics and Professional Conduct of ACM (Association for Computing Machinery) https://www.acm.org/about-acm/acm-code-of-ethics-and-professional-conduct
• Software Engineering Code of Ethics and Professional Practice of ACM (Association for Computing Machinery) and IEEE-Computer Society http://www.acm.org/about/se-code

What we want them to know

Presentation: https://drive.google.com/file/d/1lGczWDPQNixvwDHY4zdfJIRKOLJwcFaU/view?usp=sharing

Descriptions

Ethics

Values: Security, Privacy, Fairness, Accountability

Conflicts:

• Sec vs Priv,
• Priv vs Fair
• Priv vs Account
• Sec vs Fair

Legal

• • State and Federal Statutes
    • prohibited activities
  • Contracts
  • Regulatory Obligations
  • Hacking is illegal without permission
  • Statement of Work is needed before any "foreign" hacking

Objectives

What we want them to do

Labs/Exercises

Scenarios

• Social Media algorithms impact on democracy
• Student applying to college is rejected due to a "friend" hacking his grades as a "joke"
• A software engineer at a major network monitoring company opens a phishing email which causes all future updates to the company's software to install a backdoor (see solarwinds hack:https://duckduckgo.com/?q=solarwinds+hack&t=brave&ia=web, https://www.iiss.org/blogs/survival-blog/2021/04/lessons-of-the-solarwinds-hack)
• Two high school seniors taking a cybersecurity class at a prominent Vermont Tech Center, discovery a vulnerability in a recent cell phone release. They question their options of keeping the zero day secret for their own use, notifying the manufacturer with a "responsible discloser", notifying the local new media, or publishing on their own blog.
• A college cybersecurity student has a friend that has been physically abused by a campus sports team. The college is covering up the crime,

Questions:

• What would I do?
• What should I do?

Stuff

Lectures

Documents