Consorting with Black Hats and Negotiating with Cybercriminals: The Ethics of Information Security

Terri Williams, Oct 30,2015

http://digitalethics.org/essays/the-ethics-of-information-security/

Title:

Information security Vs Hackers 

My First Impression:

all about securing your files and how to prevent hackers from going in to your system 

Quote:

 “If the information is breached, people may have their financial and personal information stolen, even their identities may be stolen. If you fail to sound the alarm, you’re just as guilty as the people who actually steal the information because you knew it could happen and you did nothing.” 

Reflection Proper:

Information security professionals has two important goals when it comes to critical data protecting it and knowing its source. ethics need to be addressed more frequently in the workplace. Organizations can no longer assume information is legitimate or has been gained through ethical means.Making sure important information is confidential and that it is priority number one,

criminal-type activity would take place and somebody would get some information and they would just sell that information to another source, who would sell it to another source. Eventually it would be presented legitimately to an organization as industrial information about one of their competitors. They would be buying it from what they thought was a legitimate source. journalists appear to have been employing the kind that's actually doing the phone hacking on an individual basis. They can plead really they were getting this from a legitimate source. unfortunately as things get bigger, more and more people want to get into it, possibly lead by the attraction of higher salaries. Of course not everybody that gets into it perhaps has the same highest percentages as the originators and the people that you'd want. I think that's where the professional organizations play an important part to maintain that standard.When you look across the industry, you see the information security professionals really control so much data now, and with mobility, social media and emerging technologies, there is so much access to it. information security profession should come into this or not, but where the data has come from and whether the source of the data is a legitimate source that the organization should be holding

5 Things That I have Learned:

1.  Companies  do their analysis based on consideration of potential impact on their stock price.

2.  In certain situations the case for paying the ransom would be stronger.

3.  Company should be responsible for paying the costs that are necessary to recover data

4.  Retrieving stolen data from cybercriminals is another ethically murky area for security professionals

5.  Companies forbid interactions with black hats

5 Integrative Questions:

1.  How frequently are data records lost or stolen?

2.  What is a major vulnerability on a company’s system or website?       

3.  What are the Security you need?

4.  What are the best courses of action?

5.  How do hackers get inside these securities and the white hat checkers?