cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Champion

Ethical principals

Over on the CISSPforum, we are having a little discussion about codes of ethics.

 

Somebody noticed that:

 

> Yes, that's the writing on the site, but shouldn't it be "competent
> service to principals"?

And, good grief, he's absolutely right.

code of ethics oops.PNG

In a sense, the Website is correct: we should competently serve the moral principles of our profession.  (Even if it sometimes means we disappoint our principal employers, since the society and ethics canons come first  :-)


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
18 Replies
Community Champion

Re: Ethical principals

Yes, there will often be a difference between what's expected of us as CISSPs and as employees, & the degree of the variance may be unpredictable.

 

Imagine adding a disclaimer to one's CV or cover letter, something like 'Please note that as a CISSP, I am committed to following the (ISC)2 Code of Ethics at all times.'  Man Wink

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
Community Champion

Re: Ethical principals

@SamanthaO_isc2, tagging you so that you see this message.  If you could forward it to the (ISC)² web admin, I would appreciate it.

Community Champion

Re: Ethical principals

 

 

<humor>
Do principals have principles? 
Are principals principled?
We have the principal principles set forth powerfully in the Canon (or is that cannon?)
Hopefully loose cannons will recognize the Canon and respect its principles! </humor>

 

 

It appears ambiguities lurk deeply in the English lexicon; and what of Ethics?

 

Ambiguities lurk there, too. What may seem deontologically unethical to one person may be perfectly acceptable to someone else.

 

For a Hacktivist, for instance, it may seem perfectly acceptable to use LOIC against his sociopolitical targets. However, those who enforce legislation would likely take a dim view of that action and proffer charges if they catch the perpetrator.

 

Moreover, would it be ethical or unethical for a CISSP in the employ of an Agency, acting under authority, to use knowledge to degrade the infrastructure of an adversary, whether non-state or state? After all, we are to “Protect society, the common good, necessary public trust and confidence, and the infrastructure”; and to “Act honorably, honestly, justly, responsibly, and legally.”

 

Quite complex. An excellent question, Rob!

Community Champion

Re: Ethical principals ((ISC)² Community Subscription Update)

> j_M007 (Contributor I) posted a new reply in Welcome on 08-01-2018 05:27 PM in

>     It appears ambiguities lurk deeply in the English lexicon; and
> what of Ethics?   Ambiguities lurk there, too. What may seem deontologically
> unethical to one person may be perfectly acceptable to someone else.

Usually teleologically :-)

>   Moreover, would it be ethical or unethical for a CISSP in the
> employ of an Agency, acting under authority, to use knowledge to degrade the
> infrastructure of an adversary, whether non-state or state? After all, we are to
> "Protect society, the common good, necessary public trust and confidence, and
> the infrastructure"

Actually, I am currently working (with a colleague) on a presentation on exactly
that issue: the ethics of active defence. (I'm pretty sure I have a solid argument
that yes, in some cases you can degrade the infrastructure of an adversary, and
argue that it is for the good of society.)

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Every old idea will be proposed again with a different name and
a different presentation, regardless of whether it works.
- RFC 1925 #11
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Community Champion

Re: Ethical principals ((ISC)² Community Subscription Update)

"Actually, I am currently working (with a colleague) on a presentation on exactly that issue: the ethics of active defence. (I'm pretty sure I have a solid argument that yes, in some cases you can degrade the infrastructure of an adversary, and argue that it is for the good of society.)"

 

By the same token, the adversary could use the same argument, notions like "society" and "good" are very broad ranging.

 

I suppose the test is that of the legal challenge - if the adversary's society is relying on electricity to power its hospitals, as well as its centrifuges for more nefarious purposes, then the principle of "Do No Harm (or As Little Harm As Possible)" or would have to be applied -- launch DDoS against the installation, degrade its capacities, but spare the grid to which the hospital is attached. Easier said than done, though.

 

So when the inevitable discussions arrive, "the Degrader" can argue in an international tribunal that he exercised due diligence and due care.

Community Manager

Re: Ethical principals

Thank you for tagging me @denbesten.  Apologies for the delay here, I was out of the office yesterday. I will forward this along to our team. 

Samantha O'Connor
(ISC)² Online Community Manager
Community Manager

Re: Ethical principals

Just a quick update - this is now fixed. Thank you for letting us know! 

 

 

Samantha O'Connor
(ISC)² Online Community Manager
Highlighted
Newcomer III

Re: Ethical principals ((ISC)² Community Subscription Update)

     This is an interesting topic but hardly a new one. The ethics philosophy has been discussed throughout history by all sorts of “deep thinkers.” The only true novelty of this discussion is that we are now applying it to the “cyber” world but otherwise, it’s a one-for-one swap of the same conversation.

 

     I think, at its most basic form, ethics defines what is good for individuals AND society. To be more specific, it is what determines right or wrong as agreed upon by the majority of the collective group of people that are impacted – stakeholders if you will.

 

     The hacktivist example is clearly unethical behavior no matter how strongly that one individual’s, or group’s, feelings are. Why? Because there is legislation on the record that states it is illegal (aka wrong). Those laws have been proposed through an accepted process, negotiated by representatives elected by the people (usually), and ratified for the good of the society. There is also a legal method to challenge and change laws that doesn’t include “taking the law into your own hands.”

 

     Problems arise when individuals or small groups, whose views are often borne from limited personal experience, bias, and a narrow view of the world, think they are somehow smarter or better suited to decide what is right and wrong than the larger collective or those in a position to see the big picture.

 

     I would argue that ethics is only complex if you choose to make it so. Do what is right and legal in the society you live, respect others, don’t take what’s not yours, and live by the Golden Rule. Of course, there are questionable situations but if you know the law then at least there is a framework to guide your decisions.

Community Champion

Re: Ethical principals

> DAlexander (Newcomer III) posted a new reply in Welcome on 08-03-2018 02:26 AM

>   I think, at its most basic form, ethics
> defines what is good for individuals AND society. To be more specific, it is
> what determines right or wrong as agreed upon by the majority of the collective
> group of people that are impacted stakeholders if you will.

My stakeholders, right or wrong!

> Because there is legislation on
> the record that states it is illegal (aka wrong).

Frequently the attitude of LE-only groups. "Orders! I vas only following orders!"

> Those laws have been proposed through an accepted process, negotiated by
> representatives elected by the people (usually), and ratified for the good of
> the society.

The tyranny of the majority :-)

>   I would argue that ethics is only complex if
> you choose to make it so.

"There is always a well-known solution to every human problem — neat,
plausible, and wrong."

"The Divine Afflatus," H. L. Mencken

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
In answer to the question of why it happened, I offer the modest
proposal that our Universe is simply one of those things which
happen from time to time. - Edward P. Tryon
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468