Ethics


Ethics (or moral values) are not easily discerned, and a fine line often hovers between ethical and unethical activity. Unethical activity doesn’t necessarily equate to illegal activity. And what may be acceptable in some organizations, cultures, or societies may be unacceptable or even illegal in others.

Ethical standards can be based on a common or national interest, individual rights, laws, tradition, culture, or religion. One helpful distinction between laws and ethics is that laws define what we must do and ethics define what we should do.

Many common fallacies abound about computers and the Internet, which contribute to this gray area:

  • The Computer Game Fallacy: Any system or network that’s not properly protected is fair game.

  • The Law-Abiding Citizen Fallacy: If no physical theft is involved, an activity really isn’t stealing.

  • The Shatterproof Fallacy: Any damage done will have a limited effect.

  • The Candy-from-a-Baby Fallacy: It’s so easy, it can’t be wrong.

  • The Hacker’s Fallacy: Computers provide a valuable means of learning that will, in turn, benefit society. The problem here lies in the distinction between hackers and crackers. Although both may have a genuine desire to learn, crackers do it at the expense of others.

  • The Free Information Fallacy: Any and all information should be free and thus can be obtained through any means.

Almost every recognized group of professionals defines a code of conduct or standards of ethical behavior by which its members must abide. For the CISSP, it is the (ISC) 2 Code of Ethics. The CISSP candidate must be familiar with the (ISC) 2 Code of Ethics and Request for Comments (RFC) 1087 for professional guidance on ethics (and the exam).

(ISC) 2 Code of Ethics

As a requirement for (ISC) 2 certification, all CISSP candidates must subscribe to and fully support the (ISC) 2 Code of Ethics.

The (ISC) 2 Code of Ethics consists of a mandatory preamble and four mandatory canons. Additional guidance is provided for each of the canons on the (ISC) 2 Web site at www.isc2.org.

Internet Architecture Board (IAB) - “Ethics and the Internet” (RFC 1087)

Published by the Internet Architecture Board (IAB) in January 1989, RFC 1087 characterizes as unethical and unacceptable any activity that purposely:

  1. Seeks to gain unauthorized access to the resources of the Internet.”

  2. “Disrupts the intended use of the Internet.”

  3. “Wastes resources (people, capacity, computer) through such actions.”

  4. “Destroys the integrity of computer-based information.”

  5. “Compromises the privacy of users.”

Other important tenets of RFC 1087 include

“Access to and use of the Internet is a privilege and should be treated as such by all users of [the] system.”

“Many of the Internet resources are provided by the U.S. Government. Abuse of the system thus becomes a Federal matter above and beyond simple professional ethics.”

“Negligence in the conduct of Internet-wide experiments is both irresponsible and unacceptable.”

“In the final analysis, the health and well-being of the Internet is the responsibility of its users who must, uniformly, guard against abuses which disrupt the system and threaten its long-term viability.”




CISSP For Dummies
CISSP For Dummies
ISBN: 0470537914
EAN: 2147483647
Year: 2004
Pages: 242

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net