Cybersecurity Ethics
This course examines ethical issues relevant to ethics for cybersecurity professionals, including privacy, professional code of conduct, practical conflicts between engineering ethics and business practices, individual and corporate social responsibility, ethical hacking, information warfare, and cyberwarfare. Students will gain a broad understanding of central issues in cyberethics and the ways that fundamental ethical theories relate to these core issues.
Course Material
End Of Course Reflection
In the beginning of this course, I held the position that ethics has little to do with cybersecurity. Even upon registering for the course, I found it difficult to see the role ethics plays in the world of cyber. However, during this semester, I learned that ethics plays a large part in how the rules that govern the world of cyber are made. For example, the advance of technology has decreased the informational friction that exists on the internet. As a result, privacy has become a bigger issue in recent years. There must be rules in place to protect user’s private information while using the internet. However, many questions arise when considering which pieces of information are considered private and how to go about protecting such information. Ethics forces you to look at each problem you face from a different perspective. Yes, it would be very useful for a company like Facebook to collect all your personal data. But would it be right to collect someone’s data against their will or without telling them what you plan to do with that data? These are the kinds of questions I was forced to ask myself throughout the semester as I read the material and came up with my analysis for the cases. The second thing I learned was the importance of a company’s policy to the success of the security program. Yes, I knew that the policies are important. However, I now realize how important it is to be as specific as possible when outlining the do’s and don’ts to your employees. For example, USB drives are a commonly used way of spreading malware to target systems. Although a company may prohibit the use of USB drives, if they capability is still enabled on systems, the vulnerability is still there. The only way, in this case, to completely mitigate the vulnerability would be to disable the capability from all system. These steps would be outlined in the security policy. If not, there someone will eventually find a way to circumvent the “best practices”. It is also important that ethical principle be made a part of the company’s policy. There should be a solid plan in place to deal with issues such as sexual harassment should something like that occur. Employees should also be educated by the organization they work for about such ethical issues so that the individual cannot deny knowing the information. Finally, the thing I appreciated most about this course was how the assigned stories for the tools helped us to grasp what the tool was all about. It deepened my understanding for the way of reasoning so that I was able to successfully apply it to the cases that we reviewed. This turned out to be really helpful as the world of ethics and reasoning were very new to me at the start of the semester. I can also use these reasoning strategies in other areas of my life. For example, if plan to do something risky, a consequentialist view would help me to weight the pros and cons of the action to determine if I should go through with it. Just a side note, it surprised me how much I enjoyed this class. The workflow was not hard to handle and everything we did throughout the week made sense as it led us to be able to write the analysis at the end of the module.