Cybersecurity Ethics
This course examines ethical issues relevant to ethics for cybersecurity professionals, including privacy, professional code of conduct, practical conflicts between engineering ethics and business practices, individual and corporate social responsibility, ethical hacking, information warfare, and cyberwarfare. Students will gain a broad understanding of central issues in cyberethics and the ways that fundamental ethical theories relate to these core issues.
Course Material
End of Year Reflection
The first topic that I gladly engaged in over this semester, is the topic of whistleblowing and the decision-making process that goes along with it. We discussed it in terms of civilians posting videos of war that would expose our own soldiers and their questionable activities. Whistleblowing is basically the action of unanimously calling something or someone out, and to expose truth about a situation. Before I took this class, I was 100% for whistleblowing. I believed that evil should always be called out and all perversion should be unearthed. I have come to realize that this is a rather simple and naïve stance. Having now taken this course, I realize there is a lot more that goes into making a decision than the mere guise of good and evil. For instance, consequentialism made me think about the consequences of any given decision, while virtue ethics focuses on making the right and virtuous decision every time, regardless of the outcome. So, when now considering the action of whistleblowing, I am not so quick to say we should always do it. I do believe the consequences should be weighed, and that exposing huge secrets might do more bad than good. Also, it made me question whether calling out wrong is always the right thing and virtuous thing to do in every scenario. I will go into my career and into the rest of my life in general, now considering my actions more carefully, and thinking of the ethics and outcomes of my actions, instead of just blindly calling them good. The second topic that I was really engaged in and that made me think was the topic of professional ethics. I paired this subject with Confucianism. There are different codes of conduct and codes of ethics in the professional world. Obviously, you have to do your job, you have to play your role, and you have to keep the right relationships with others. However, when asked to do something possibly morally wrong, your role and your conscious are at battle. Once again with the naïve stance, I believed that we should always go with our conscious. Always do what we think is the right thing. That stance has not completely changed, but now I realize that sometimes playing our role is more beneficial to ourselves and others, than trying to break out of or role and be virtuous. If you want a job to make money to support your family, you have to play your role and do your job, even if you’re asked to do questionable things. However, you have to be able to sleep at night with a good conscious, so these two responsibilities can kind of war with each other. While I still believe in always doing the right thig, this subject has become more nuance to me, as I consider my business career. I want to have a good job, and be able to support my family, but if that forces me to make immoral decisions, while maybe necessary, I’m not sure if it is healthy for everyone, which once again comes back to consequentialism and virtue ethics. This topic has become more nuance for me and will be something I will continue to consider throughout my career with the decision I must make. Lastly, a topic I engaged with was the idea of privacy vs security. This was one of the most interesting topics to me, especially as a cyber security major. I believed that there could either be security or privacy. I still believe the Governemnt does far too much to invade our privacy in the name of national security. After reviewing the new data security laws in the UK, I realize that there can still be security, while the citizens and their data are secure and private. Also, I thought of examples like strong passwords, which encourages both privacy and security. I realize now there can be a mixture of the two. I never want full security, even as a cyber security major, because I realize full security means zero privacy. However, if I allow the employees, I work with to have full privacy, I will be unable to ensure any level of security. This topic has made me think about what I will do in the future and has force me to strike a balance in the middle, realizing that both can coexist.