Read NBlog, the NoticeBored blog
Click the banner for the site map of NoticeBored.com, the information security awareness service
Ethics resources

   

Quote from Open Compliance and Ethics Group

General ethics resources

Buy this from AmazonVisit the Amazon page on this book

 

Recommended reading The Encyclopedia of Information Ethics and Security by Dr Marian Quigley (~US$325 from Amazon) follows her previous book Information Security and Ethics: Social and Organizational Issues (~US$80 from Amazon).

 

 

Visit its Amazon pageBetter Ethics NOW: How To Avoid The Ethics Disaster You Never Saw Coming by Christopher Bauer (~US$15 from Amazon) is an eminently readable general guide to ethics in the corporate context.

Professor Mich Kabay of Norwich University maintains a small but perfectly formed collection of links to ethics resources, as does CFO Magazine.

Crossing the line: ethics for the security professional applies common ethical principles to the work of information security professionals.

A number of popular conceptual frameworks for making ethical decisions are outlined at Santa Clara University.

ComplianceLine, SilentWhistle and Shareholder.com are examples of commercial services handling calls from customers’ employees who wish to blow the whistle on dishonest/unethical behavior, fraud, health and safety breaches, HIPAA/data  protection breaches and related matters. 

The Government Accountability Project and BlowTheWhistle support those blowing the whistle on wrongdoing affecting public bodies.

Whereas it appears to be legal to trade online in fake sick-notes, representatives of Britain’s National Health Service describe it in no uncertain terms as fraud.

What’s your stance on full disclosure (publication of technical vulnerabilities in publicly available software)?  Read Bruce Schneier and Tim Bass’ perspectives.

Wikipedia describes cheating at online games and the hacker ethic while the ethics of ‘hacking back’ (actively retaliating against an attacker) are considered in Network World.

There's lots of good philosophy and angst on Eric Raymond's site.

The Honeynet project is researching hacking techniques using specially-configured systems installed on the Internet.  Detailed analysis of actual black-hat attacks relies heavily on the efforts of highly-skilled network security experts using tools to track and gather evidence on the attacks.  You are invited to join the project by deploying honeypot systems and sharing data with the team and there are monthly challenges to test and develop your own technical skills by analyzing logs etc. Honeypot techniques are also being used to investigate wLAN hackers.  A technical article in SecurityFocus ably describes how it’s done.

According to Stealing the Network (~US$60 from Amazon), “There really is no difference between responsible hacking and evil hacking. Either way, it's hacking. The only difference is the content. Perhaps that's why it's so natural for a black hat to go white, and why it's so easy for a white hat to go black. The line between the two is fine, mostly defined by ethics and law. To the hacker, ethics and laws have holes, just like anything else.”

Adherence to (ISC)2’s Code of Ethics is mandatory for holders of CISSP and their other certificates.

Related NoticeBored links collections

 Human factors

NB: we do not necessarily endorse or agree with the third party websites accessible through the links. Use at your own risk.  Please let us know about new or broken links
NB homeLinks collection > Ethics >

Copyright © 2010  IsecT Ltd.