Analysis of Unethical and Illegal Behavior in Cyber Security

Module 2 Option #1: Analysis of Unethical and Illegal Behavior

This critical thinking assignment focuses on the analysis of the risk of unethical and illegal behaviors conducted by individuals, and employees at workplace, and local communities.

Ethics are based on cultural mores, relatively fixed moral attitude or customer of society group whereas unethical behavior are immoral action that contrary to the moral principles such as cheating on exams and plagiarizing someone’s ideas or article and claim it off as your own. 

The Organization staff members must be educated, trained and kept up to date on information security topics, including the expected behavior of ethical and legal staff members awareness training are vital to creating an informed, suitably prepared and low-risk system user.

The information security team and staff are responsible for deterring unethical and illegal behaviors and act, by enforcing and using policy, training, and education, technology as controls to protect the organization information and systems. Many information security specials understand technological means of data and information protection, but many underestimate the value of the law and policy. (Management of Information Security, 2017, p70).

The information security team and staff are required to grasp the scope of an organization ethical and legal responsibility and play an important role in an organization’s approach to resolve the legal disputes and controlling liability of information security risks and privacy, also, the security team must grasp the existing ethical and legal environment for the organization, keep updated and appraised of new rules and laws, ethical and regulations issues as they emerge, the security team must possess a rudimentary understanding of the legal framework within which an organization operates such as criminal and civil, tort laws. (Information Security Management Professional based on ISO/IEC 27001, 2018, p124).

The unethical behavior consists of three general categories include ignorance and accident, intent.

Ignorance is the person or employee who commits felony and offense, because he is unaware of the criminal and civil, tort laws.

Accident is the person or employee with privileges and authorization to control and manage the organization systems and data, thus, have a great chance to cause damage or harm by accident the organization systems and data.

Intent is the person or employee who commits infraction and unethical or criminal whether the intent out of ignorance or by accident.

There are three tactics for deterring and preventing unethical and illegal activities include Fear of penalty, Probability of being caught, penalty being administered, thus, strengthen the deterrence of unethical and illegal activities requires obeying a solid laws, policies, and technical controls the workplaces and local communities. (Management of Information Security, 2017, p72).

The governments and organizations are reliable for their employees and contractors and consultants illegal or unethical behaviors, causing harm of impact for others

The governments and organizations might increase their liabilities if they don’t educate, measure and evaluate their employees knowledge in low and ethics, they have to make sure that every individual acknowledges, understands the acceptable and none acceptable behaviors and the consequences of  illegal or unethical behaviors, thus , the information security manager will be the investigator when governments or organizations involve in policy violations, and the  information security manager will integrate the hypothesis testing with digital forensics techniques such as identify, acquire, take steps, analyze, report to perfume the root cause analysis to take the measurement of results, and compare the baseline with current results and identify the standard deviation areas.  (Information Security Management Professional based on ISO/IEC 27001, 2018, p124).

The governments and organizations should embrace the professional organizations codes of ethics to be able to manage the investigations processes and deterrence of unethical and illegal behavior, and It still the responsibility of information security specialist to act ethically and according to the policies and procedures of their organizations and the laws of society, thus, the governments and organizations are responsible to develop and disseminate, and enforce their policies. (Information Security Management Professional based on ISO/IEC 27001, 2018, p128).

Next, the paper will describe several professional organizations code of conduct, these codes of conducts will consolidate the deterrence of unethical and illegal behaviors and can have a positive effect on an individual’s judgment regarding computer use, thus, eliminating unethical, illegal behaviors.

First, Association for Computing Machinery (ACM)

Association for Computing Machinery code of ethics strongly encourage learning and education and give students exclusive discounts and deals; Association for Computing Machinery code of conduct emphasizing to protect the information confidentiality and privacy of individuals and respect their copyrights intellectual property, thus, Association for Computing Machinery controls  the ethical activities to protect information confidentiality and privacy of individuals by voiding harm and honoring trustworthy and confidentiality, and respecting privacy of others.

Second, International Information Systems Security Certification Consortium, Inc. (ISC)2

ISC code of ethics helps the information security specialist to eliminate the unethical behaviors by mandating the following four canons:

Protecting the infrastructure, and commonwealth, society.

Act legally and justly, responsibly, honestly, honorably.

Provide competent and diligent service to principals.

Protect and advance the profession, thus, ISC aims to provide the guidance that will enable dependence on the trustworthiness and ethicality of the Information Security specialist as the safeguard of the organization data, information and systems. (Management of Information Security, 2017, p74).

Second, System Administration, Networking and security institution (SANS)

SANS code of ethics is dedicated to the protection of the organization data, information and systems, individuals who aims to be SANS certified must agree to comply with SANS code of ethics and requires to be open and respect the public community security and welfare for the following :

Decisions making responsibility.

Not engage in negative acts affecting the public community, and information security discipline such as unethical or unlawful activities.

The information security specialist shall respect his awarded certificate, and not share, disseminate, distribute confidential or proprietary information,

The information security specialist shall not use his certificate, objects or information associated with his certificate such as certificate logos to represent others or entity other than himself

The information security specialist shall respect his organization, and not deliver capable service that is consistent with the expectations of his position and certificate as well.

The information security specialist shall protect proprietary information and confidential which he comes into contact.

The information security specialist shall minimize risks to the availability, confidentiality, integrity of technology solution, and align it with risk management practice.

The information security specialist shall respect himself and avoid conflicts of interest.

The information security specialist shall not misuse any privileges, information he is afforded as part of his responsibilities.

The information security specialist shall not misrepresent his abilities or his work to the community, his organization employer, or his colleagues. (Management of Information Security, 2017, p75).

Third, Information Systems Audit and Control Association (ISACA)

ISACA code of ethics focus on security and control, auditing, and providing IT standards and control practices. The security specialist and managers holding ISACA certification must abide by the following code of ethics:

The information security specialist must encourage compliance with, and support the implementation of, procedures and controls, appropriate standards for information systems.

The information security specialist must perform their duties with due diligence and professional care, and objectivity in accordance with professional standards and best practices.

The information security specialist must serve in the interest of stakeholders in an honest manner and lawful, and maintaining high standards of character and conduct, and not engage in acts discreditable to the profession.

The information security specialist must maintain the confidentiality, privacy of information obtained in the course of their duties unless the legal authority has requested to disclose this information, information not be used for personal benefit or released to inappropriate parties.

The information security specialist must maintain competency in their respective fields and agree to undertake only those activities that they can reasonably expect to complete with professional competence.

The information security specialist must inform appropriate parties of the results of work performed; revealing all significant facts known to them.

The information security specialist must support the professional education of stakeholders in enhancing their understanding of information systems control and security. (Management of Information Security, 2017, p76).

Fourth, Information Systems Security Association (ISSA)

ISSA code of ethics and primary mission is to ensure the confidentiality integrity, and availability of organizational information and systems and resources, and primary mission is to bring together the information security specialist educational development and information exchange by providing publication, conferences, information resources to promote security awareness and training, meetings

The information security specialists have and will:

Promoted information security best practices and industry standards.

Worked in compliance with all relevant laws, and to the highest ethical standards.

Worked to protect information entrusted to them, and confidentiality of sensitive with honesty and diligence.

 Avoided any actions that could harm the reputation of organization or ISSA association, or actions may be construed as a conflict of interest and acted in ways so that they have not slandered, maligned, harmed actions or reputations of their organization and peers or constituents. (Management of Information Security, 2017, p77).

Fifth, Organizational Liability to encourage strong ethical conduct

Due diligence requires the organizational to make and maintain a valid effort to protect others and to prevent unethical and illegal actions, and long arm jurisdiction for Court’s right to hear a case if a wrong is committed ,thus long arm of the law reaches across the country or around the world to bring the accused into its court systems. (Management of Information Security, 2017, p104).

References

• Michael E, Herbert J. (2017). “Management of Information Security”.
• Ruben Zeegers (2018). “Information Security Management Professional based on ISO/IEC 27001”.