A comprehensive and practical framework for ethical practices in contemporary cybersecurity
While some professions - including medicine, law, and engineering - have wholeheartedly embraced wide-ranging codes of ethics and conduct, the field of cybersecurity continues to lack an overarching ethical standard. This vacuum constitutes a significant threat to the safety of consumers and businesses around the world, slows commerce, and delays innovation.
The Code of Honor: Embracing Ethics in Cybersecurity delivers a first of its kind comprehensive discussion of the ethical challenges that face contemporary information security workers, managers, and executives. Authors Ed Skoudis, President of the SANS Technology Institute College and founder of the Counter Hack team, and Dr. Paul Maurer, President of Montreat College, explain how timeless ethical wisdom gives birth to the Cybersecurity Code which is currently being adopted by security practitioners and leaders around the world.
This practical book tells numerous engaging stories that highlight ethically complex situations many cybersecurity and tech professionals commonly encounter. It also contains compelling real-world case studies - called Critical Applications - at the end of each chapter that help the reader determine how to apply the hands-on skills described in the book.
You'll also find:
- A complete system of cybersecurity ethics relevant to C-suite leaders and executives, front-line cybersecurity practitioners, and students preparing for careers in cybersecurity.
- Carefully crafted frameworks for ethical decision-making in cybersecurity.
- Timeless principles based on those adopted in countless professions, creeds, and civilizations.
Perfect for security leaders, operations center analysts, incident responders, threat hunters, forensics personnel, and penetration testers, The Code of Honor is an up-to-date and engaging read about the ethically challenging world of modern cybersecurity that will earn a place in the libraries of aspiring and practicing professionals and leaders who deal with tech every day.
Table of Contents
Introduction: “Like Your Hair Is On Fire” ix
Chapter 1 One Code to Rule Them All? 1
In Case You Are Wondering Why You Should Care 3
Do We Need Ethics in Cybersecurity? 6
Long-Standing Models for the Code 9
Why the Need for the Code Is Urgent 11
Chapter 2 This Is a Human Business 15
Cybersecurity Is a Human Business 18
Humans Have Inherent Value 20
Humans Over Technology 21
The Solution to the Problem of Cybersecurity Is Principally a Human Solution 24
Character Costs and Character Pays 25
Case Study: When Security Is on the Chopping Block 27
Chapter 3 To Serve and Protect 33
We Need You on That Wall 35
Know Your Why - Purpose and People 37
Service Means Sharing: Sharing Starts with Good Communication 42
Sharing with the Broader Cyber Community: We Are All on the Same Wall 44
Checking In 46
A Final Example 47
Case Study: Responsible Disclosure of a Security Flaw 48
Chapter 4 “Zero-Day” Humanity and Accountability 51
Bad Decisions and Multiplication 52
Humans Are Flawed 55
Turning Vulnerability into Strength: It Begins with Humility 56
Being a Lifelong Learner 60
Handling the Mistakes of Others 62
Let’s Try to Avoid “Breaking Bad” 63
How to Develop a Reflective Practice 67
Case Study: To Pay or Not to Pay - A Ransomware Quandary 69
Chapter 5 It Begins and Ends with Trust 75
The Secret of Success 77
Trust Is the Currency of Cybersecurity 80
How Trust Is Built 82
When Things Go Bad 83
Building Trust Requires Courage 84
The Role of Leadership in Building a Culture of Trust 87
A Checklist for Building Trust 90
Case Study: A Matter of Trust and Data Breaches 93
Chapter 6 There Is Strength in the Pack 99
No Room for Know-it-Alls 103
Making Informed Ethical Decisions with Input 105
Why Teamwork Really Does Make the Dream Work 106
When Collaboration Breaks Down - Seeking Allies in Your Organization 110
The Power of Mentors 111
Beware of Rattlesnakes 115
Case Study: Graded on a Curve? The Security Audit Checkmark 117
Chapter 7 Practicing Cyber Kung Fu 123
Essential to Success: Patience, Wisdom, and Self-Control 128
Remember the Titanic 129
A Few Principles for Emergency Planning 131
Stay Calm, Cool, and Collected 132
Our Job Is Not Revenge 136
Develop Your Cyber Kung Fu 138
Case Study: An Open Door: Vigilante Justice 139
Chapter 8 No Sticky Fingers Allowed 143
If It’s Free, It’s for Me? 146
Avoid a “Robin Hood” Narrative 148
A Tragedy of “Free Information” 150
Intellectual Property Is Property 151
To Catch a Thief, We Must Train Like One 154
Choices Have Consequences 154
All I Really Need to Know I Learned in Kindergarten 156
Case Study: Something Borrowed and Something New 157
Chapter 9 It’s None of Your Business 163
Curiosity Can Kill the Cat 167
The Golden Rule Applied to Cybersecurity 169
Stay in Your Lane 170
Four Questions to Help Avoid Impropriety 172
Each Time You Cross the Line, It Becomes Easier 173
We Hurt Real Human Beings 175
An Outrageous Example of the Problem 177
Remember: We Are the Shield 179
Case Study: To Share or Not to Share? Investigating the CFO’s System 181
Appendix A: The Cybersecurity Code of Honor 185
Appendix B: Where Do We Go from Here? 189
Notes 191
Acknowledgments 193
About the Authors 197
Index 199