--Originally published at A blog by Pablo Muñoz
This post addresses #Mastery03 of the Information Security course imparted by Ken Bauer at the Tec de Monterrey campus Guadalajara on the second half of 2017.
Disclaimer: This post contains my personal opinion and in no way attempts to demerit the efforts of the technology industry regarding ethics, it is merely an observation about how I think we could improve in this matter.
I personally believe that we, the people who work in technological industries, often fall somewhat behind other industries in terms of creating, upholding and promoting a code of ethics. I decided to look at the ethics code published by one of the associations that I respect the most: the Association for Computing Machinery, you may look at their code of ethics here. The ACMs code of ethics mentions principles like: Contribute to society and human well-being, avoid harm to others, be honest and trustworthy, etc. Among the principles more related with information security we find: Respect the privacy of others and honor confidentiality, give comprehensive and thorough evaluations of computer systems and their impacts and know and respect existing laws pertaining to professional work. I won’t recite the explanations of each of these principles (I encourage you to go read the actual document at the ACM site), but you can see how they relate strongly to the AIC triad (the first one even has the world confidentiality right in it). In total, the ACMs code of ethics lists a total of 28 principles.
To illustrate, here is the definition of the “Honor confidentiality” principle:
The principle of honesty extends to issues of confidentiality of information whenever one has made an explicit promise to honor confidentiality or, implicitly, when private information not directly related to the performance of one’s duties becomes available. The ethical concern Continue reading "Ethic and legal responsibilities in computer security"