Ethics

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Course
Time
8 hours 25 minutes
Difficulty
Advanced
CEU/CPE
9
Video Transcription
00:00
>> The last section of Domain 1
00:00
is just a short note on ethics.
00:00
I know everybody here is ethical and
00:00
none of this is going to be
00:00
>> earth-shattering information,
00:00
>> but do want to just cover a couple of things
00:00
specifically for my sack as Code of Ethics.
00:00
Now I have the site address down at
00:00
the bottom for where you can go
00:00
to read the code of ethics in full.
00:00
I strongly recommend that it's a matter of fact,
00:00
you're going to agree to adhere to the code of ethics,
00:00
so you might as well read them. Why not.
00:00
Basically, they focus in on
00:00
four areas of requirements: support,
00:00
perform, serve, and maintain.
00:00
With supporting,
00:00
we're going to support the security function.
00:00
We going to encourage compliance
00:00
with laws, regulation, standards.
00:00
Perform. We as
00:00
security professionals are going to perform
00:00
our duties objectively using
00:00
due diligence and professional care.
00:00
We're going to represent
00:00
our clients as best as we possibly can,
00:00
serve in the interests of our stakeholders
00:00
in a lawful and honest manner.
00:00
We are acting on behalf of
00:00
our stakeholders and our commitment is to them.
00:00
Maintaining privacy and confidentiality of
00:00
information attained in the course of our duties.
00:00
Whether it's customer information or
00:00
proprietary information about a company for whom we work,
00:00
that falls under maintain.
00:00
I would know those four main canons are
00:00
those four main elements of ISACA's Code of Ethics.
00:00
Again, make sure you visit the site I've listed.
00:00
Now, each organization governance is responsible for
00:00
ensuring that there's a plan of
00:00
ethics or plan of action for ethics.
00:00
We can't ever make the assumption.
00:00
Ethics varies from culture to culture, region to region.
00:00
We really do need to put a plan of action in place.
00:00
We should have that for the organization.
00:00
Now with that being said,
00:00
if you're a multinational organization,
00:00
there may be addendum
00:00
or different versions for different regions.
00:00
Again, the norm in one place,
00:00
it's not the norm necessarily in another place.
00:00
In addition to corporate ethics,
00:00
you want to specifically have
00:00
a sub-area of computer ethics.
00:00
Here whether it's part of the employee handbook or
00:00
separate document that you have
00:00
your employees sign off as having received.
00:00
Things like, is it
00:00
ethical to access someone else's computer?
00:00
Well, you're going to put no essentially for
00:00
that but all of those things,
00:00
is it ethical to access
00:00
personal information of a friend or whatever?
00:00
That needs to be defined in ethics.
00:00
You also want sign-off.
00:00
This becomes part of employee training
00:00
and is something that is continually built upon,
00:00
might be something that is incorporated
00:00
in team meetings, staff meetings,
00:00
something that would become part of
00:00
your project management documents,
00:00
or reference to the ethical behavior document
00:00
in your project management planning documents as well.
00:00
Put your ethical requirements in writing.
00:00
This has to come from governance and
00:00
creating a culture of
00:00
ethical behavior starts at the top,
00:00
cannot start at the bottom.
00:00
This very much falls into the hands of governance.
Up Next