Code of Honor - Embracing Ethics in Cybersecurity

Mehr lesen

A blueprint for a comprehensive system of cybersecurity ethics

The Code of Honor: Embracing Ethics in Cybersecurity tackles the pressing need for an ethical framework in the rapidly evolving field of cybersecurity. As authors Ed Skoudis, a renowned cybersecurity instructor for SANS, and Dr. Paul Maurer, president of Montreat College, point out, cybersecurity has long been a domain without a unified code of conduct. This absence poses significant risks to both consumers and businesses worldwide.

This book is an absolute "must-have" for cybersecurity workers, managers, and executives who are in the tech world, but also for all those who work and run companies who serve the public, especially those kinds of essential services that we all engage in like healthcare, government, and commerce (including banks, airlines, grocery stores, etc.). An inescapable web of digital connections undergirds our lives. This creates enormous vulnerabilities and opportunities for corruption, which only highlights the need for a moral compass, a code of honor. Ethics is not something you just wake up one day and do, but rather it is a way of thinking that must be taught, practiced, and understood over time so that it can be fully developed within an individual, a team, and a company. This book provides a way forward through engaging discussions, best practice guidelines, and real-world case studies.

Rapid advancement and evolution in the cyber world have caused it to lag behind in the creation of an overarching ethical standard for the people who secure the underlying technologies. Without this, ultimately cyber cannot be trusted, chaos will be the norm, and the maturing of an industry will be stymied not to mention the loss of benefits that naturally grow out of a thriving field that is grounded in integrity.

Perfect for managers and executives who seek to sharpen knowledge of cyber ethics and security, The Code of Honor is also an indispensable guide for security analysts, incident responders, threat hunters, forensic experts, and penetration testers. It offers a sophisticated and hands-on framework for the integration of ethical standards from across the cyber world that takes into account the unique characteristics of this complex industry. This is a call to action for everyone in cyber to adopt a new code of honor to safeguard the digital world.

Inhaltsverzeichnis

Introduction: "Like Your Hair Is On Fire" ix
Chapter 1 One Code to Rule Them All? 1
In Case You Are Wondering Why You Should Care 3
Do We Need Ethics in Cybersecurity? 6
Long-Standing Models for the Code 9
Why the Need for the Code Is Urgent 11
Chapter 2 This Is a Human Business 15
Cybersecurity Is a Human Business 18
Humans Have Inherent Value 20
Humans Over Technology 21
The Solution to the Problem of Cybersecurity Is Principally a Human Solution 24
Character Costs and Character Pays 25
Case Study: When Security Is on the Chopping Block 27
Chapter 3 To Serve and Protect 33
We Need You on That Wall 35
Know Your Why- Purpose and People 37
Service Means Sharing: Sharing Starts with Good Communication 42
Sharing with the Broader Cyber Community: We Are All on the Same Wall 44
Checking In 46
A Final Example 47
Case Study: Responsible Disclosure of a Security Flaw 48
Chapter 4 "Zero-Day" Humanity and Accountability 51
Bad Decisions and Multiplication 52
Humans Are Flawed 55
Turning Vulnerability into Strength: It Begins with Humility 56
Being a Lifelong Learner 60
Handling the Mistakes of Others 62
Let's Try to Avoid "Breaking Bad" 63
How to Develop a Reflective Practice 67
Case Study: To Pay or Not to Pay- A Ransomware Quandary 69
Chapter 5 It Begins and Ends with Trust 75
The Secret of Success 77
Trust Is the Currency of Cybersecurity 80
How Trust Is Built 82
When Things Go Bad 83
Building Trust Requires Courage 84
The Role of Leadership in Building a Culture of Trust 87
A Checklist for Building Trust 90
Case Study: A Matter of Trust and Data Breaches 93
Chapter 6 There Is Strength in the Pack 99
No Room for Know-it-Alls 103
Making Informed Ethical Decisions with Input 105
Why Teamwork Really Does Make the Dream Work 106
When Collaboration Breaks Down- Seeking Allies in Your Organization 110
The Power of Mentors 111
Beware of Rattlesnakes 115
Case Study: Graded on a Curve? The Security Audit Checkmark 117
Chapter 7 Practicing Cyber Kung Fu 123
Essential to Success: Patience, Wisdom, and Self-Control 128
Remember the Titanic 129
A Few Principles for Emergency Planning 131
Stay Calm, Cool, and Collected 132
Our Job Is Not Revenge 136
Develop Your Cyber Kung Fu 138
Case Study: An Open Door: Vigilante Justice 139
Chapter 8 No Sticky Fingers Allowed 143
If It's Free, It's for Me? 146
Avoid a "Robin Hood" Narrative 148
A Tragedy of "Free Information" 150
Intellectual Property Is Property 151
To Catch a Thief, We Must Train Like One 154
Choices Have Consequences 154
All I Really Need to Know I Learned in Kindergarten 156
Case Study: Something Borrowed and Something New 157
Chapter 9 It's None of Your Business 163
Curiosity Can Kill the Cat 167
The Golden Rule Applied to Cybersecurity 169
Stay in Your Lane 170
Four Questions to Help Avoid Impropriety 172
Each Time You Cross the Line, It Becomes Easier 173
We Hurt Real Human Beings 175
An Outrageous Example of the Problem 177
Remember: We Are the Shield 179
Case Study: To Share or Not to Share? Investigating the CFO's System 181
Appendix A: The Cybersecurity Code of Honor 185
Appendix B: Where Do We Go from Here? 189
Notes 191
Acknowledgments 193
About the Authors 197
Index 199

Über den Autor / die Autorin

PAUL J. MAURER, PhD, is the president of Montreat College, a national leader in cybersecurity education and workforce development. After being approached by the NSA to create a curriculum on cybersecurity ethics for our nation's students preparing for cybersecurity careers, Paul was convinced this book needed to be written. He speaks and writes frequently on a wide range of topics, but regularly does so on cybersecurity across the country. ED SKOUDIS serves as president of the SANS Technology Institute College, the country's leading provider of cybersecurity professional development. Ed began teaching at the SANS Institute in 1999 and has trained over 30,000 cybersecurity professionals in incident response and ethical hacking, codifying many of the practices used throughout the industry today. He is the recipient of the Order of Thor medal from the Military Cyber Professionals Association and is the author of Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses.

Zusammenfassung

A comprehensive and practical framework for ethical practices in contemporary cybersecurity

While some professions - including medicine, law, and engineering - have wholeheartedly embraced wide-ranging codes of ethics and conduct, the field of cybersecurity continues to lack an overarching ethical standard. This vacuum constitutes a significant threat to the safety of consumers and businesses around the world, slows commerce, and delays innovation.

The Code of Honor: Embracing Ethics in Cybersecurity delivers a first of its kind comprehensive discussion of the ethical challenges that face contemporary information security workers, managers, and executives. Authors Ed Skoudis, President of the SANS Technology Institute College and founder of the Counter Hack team, and Dr. Paul Maurer, President of Montreat College, explain how timeless ethical wisdom gives birth to the Cybersecurity Code which is currently being adopted by security practitioners and leaders around the world.

This practical book tells numerous engaging stories that highlight ethically complex situations many cybersecurity and tech professionals commonly encounter. It also contains compelling real-world case studies - called Critical Applications - at the end of each chapter that help the reader determine how to apply the hands-on skills described in the book.

You'll also find:
* A complete system of cybersecurity ethics relevant to C-suite leaders and executives, front-line cybersecurity practitioners, and students preparing for careers in cybersecurity.
* Carefully crafted frameworks for ethical decision-making in cybersecurity.
* Timeless principles based on those adopted in countless professions, creeds, and civilizations.

Perfect for security leaders, operations center analysts, incident responders, threat hunters, forensics personnel, and penetration testers, The Code of Honor is an up-to-date and engaging read about the ethically challenging world of modern cybersecurity that will earn a place in the libraries of aspiring and practicing professionals and leaders who deal with tech every day.