Please enable JavaScript.
Coggle requires JavaScript to display documents.
The Ethics of Cybersecurity, image, image, image, image, image, image -…
The Ethics of Cybersecurity
Ethics of a Cybersecurity Specialist
Ethics is the little voice in your head that tells you what is right and what is wrong, guiding you to make the right decisions. As a cybersecurity specialist, you need to understand both the law and an organization’s interests in order to be able to make such decisions.
The Ten Commandments of Computer Ethics
Based in Washington, DC, the Computer Ethics Institute is a resource for identifying, assessing and responding to ethical issues throughout the information technology industry.
It was one of the first organizations to recognize the ethical and public policy issues arising from the rapid growth of the information technology field.
Cybercrime
Computer-targeted crime is where a computer is the target of criminal activity. Examples include malware attacks, hacking or denial of service attacks.
Computer-assisted crime occurs when a computer is used to commit a crime, such as theft or fraud.
Computer-incidental crime is where a computer provides information that is incidental to an actual crime. For example, a computer is used to store illegally downloaded videos, not the actual tool used to commit the crime.
Cyber Laws
Laws are in place to prohibit undesired behaviors. In the U.S, there are three primary sources of laws and regulations, all of which involve aspects of computer security.
FISMA
Federal IT systems contain and use a large amount of valuable information and are therefore considered high-value targets for cybercriminals.
Security Breach Notification Laws
Organizations big and small recognize the value of collecting and analyzing data and, as a result, are collecting an ever-increasing amount of personal information about their customers. Cybercriminals are always on the lookout for ways to gain access to and exploit this valuable data for their own personal gain
Governance
IT security governance determines who is authorized to make decisions about cybersecurity risks within an organization. It demonstrates accountability and provides oversight to ensure that any risks are adequately mitigated and that security strategies are aligned with the organization’s business objectives and are compliant with regulations.
Cybersecurity Policies
A cybersecurity policy is a high-level document that outlines an organization’s vision for cybersecurity, including its goals, needs, scope and responsibilities
IT Security Management Framework
The Twelve Domains of Cybersecurity
ISO/IEC 27000 is a series of information security standards or best practices to help organizations improve their information security. Published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (ICO), the ISO 27000 standards set out comprehensive information security management system (ISMS) requirements.
Control Objectives and Controls
These twelve domains are made up of control objectives (ISO 27001) and controls (ISO 27002)
ISO 27000 and the States of Data
The ISO controls specifically address security objectives for data in each of the three states: in process, at rest (in storage) and in transit.
The CIS Critical Security Controls
The Center for Internet Security (CIS) developed a set of critical security controls to help organizations with different levels of resources and expertise at their disposal to improve their cyber defenses.
