LegalEthics

From Think Outside the Circle
Revision as of 13:58, 25 May 2021 by Dginter (talk | contribs) (Added link to Google Presentation)
Jump to navigation Jump to search

Legal and Ethics

References

  • The Ethics of Cybersecurity, 2020, ISSN 1875-0044e-ISSN 1875-0036 The International Library of Ethics, Law, and Technology ISBN 978-3-030-29052-8e-ISBN 978-3-030-29053-5 https://doi.org/10.1007/978-3-030-29053-5. Christen, Markus; Bert Gordijn; Michele Loi. The Ethics of Cybersecurity: 21 (The International Library of Ethics, Law, and Technology). Springer International Publishing. Kindle Edition.
  • 10 Commandments of Ethical Hacking, C:\Users\dginter\Google Drive (dginter@ewsd.org)\2021CST\cybersecurity\CyberSecurity
  • Guidelines for Developing Penetration Rules of Behavior(https://www.sans.org/reading-room/whitepapers/testing/paper/259
  • In Search of an Ethical Code for Cybersecurity, https://www.infosecurity-magazine.com/magazine-features/search-ethical-code-cybersecurity/
  • pre-engagement: http://www.pentest-standard.org/index.php/Pre-engagement
  • Penetration Testing Agreement C:\Users\dginter\Google Drive (dginter@ewsd.org)\2021CST\cybersecurity\CyberSecurity\Units\Ethics and Legal Issues
  • An Introduction to Cybersecurity Ethics
  • Information Security Systems Association (ISSA) Code of Ethics http://www.issa.org/?page=CodeofEthics
  • SANS Institute Code of Ethics https://www.sans.org/security-resources/ethics
  • Cybersecurity Institute Code of Ethics and Conduct http://www.cybersecurityinstitute.biz/training/ethicsconduct.htm
  • ASIS Code of Ethics https://www.asisonline.org/About-ASIS/Pages/Code-of-Ethics.aspx
  • Code of Ethics and Professional Conduct of ACM (Association for Computing Machinery) https://www.acm.org/about-acm/acm-code-of-ethics-and-professional-conduct
  • Software Engineering Code of Ethics and Professional Practice of ACM (Association for Computing Machinery) and IEEE-Computer Society http://www.acm.org/about/se-code

What we want them to know

Presentation: https://drive.google.com/file/d/1lGczWDPQNixvwDHY4zdfJIRKOLJwcFaU/view?usp=sharing

Descriptions

Ethics

Values: Security, Privacy, Fairness, Accountability

Conflicts:

  • Sec vs Priv,
  • Priv vs Fair
  • Priv vs Account
  • Sec vs Fair
Legal
  • Hacking is illegal without permission
  • Statement of Work is needed before any "foreign" hacking

Objectives

What we want them to do

Labs/Exercises

Scenarios
  • Social Media algorithms impact on democracy
  • Student applying to college is rejected due to a "friend" hacking his grades as a "joke"
  • A software engineer at a major network monitoring company opens a phishing email which causes all future updates to the company's software to install a backdoor (see solarwinds hack:https://duckduckgo.com/?q=solarwinds+hack&t=brave&ia=web, https://www.iiss.org/blogs/survival-blog/2021/04/lessons-of-the-solarwinds-hack)
  • Two high school seniors taking a cybersecurity class at a prominent Vermont Tech Center, discovery a vulnerability in a recent cell phone release. They question their options of keeping the zero day secret for their own use, notifying the manufacturer with a "responsible discloser", notifying the local new media, or publishing on their own blog.
  • A college cybersecurity student has a friend that has been physically abused by a campus sports team. The college is covering up the crime,

Questions:

  • What would I do?
  • What should I do?

Stuff

Lectures

Documents

Retrieved from "https://www.thinkoutsidethecircle.net/mediawiki/index.php?title=LegalEthics&oldid=29"