Blog Posts Tagged with "Ethics"
Ethics of Big Data: Balancing Risk and Innovation
December 18, 2012 Added by:Ben Rothke
While few organizations have specific policies around big data, even less how though about the ways in which people in their organization use that data and the ethical issues involved. The benefits of big data analytics are significant, but the potential for abuse is also considerable...
Comments (0)
Fifty Shades of Grey Hat: Hacking and Ethics
September 19, 2012 Added by:Tripwire Inc
The grey hat is more interested in the “how” than the “why”. There is a respect for the black hat's technical abilities, while keeping a wary eye on them. Some grey hats have had run ins with the law, not due to being malicious, but because curiosity got the best of them...
Comments (1)
Friends and Family Breach Patient Privacy, Not Estonian Hackers
September 17, 2012 Added by:Danny Lieberman
Humans being are naturally curious, sometimes vindictive and always worried when it comes to the health condition of friends and family. Being human, they will bend rules to get information and in the course of bending rules, breach patient privacy...
Comments (0)
Official Statement on ISC2 and the Freak Power Ticket
August 26, 2012 Added by:Infosec Island Admin
Vote for the horsemen. If not me, then the others for a bigger point here. Those of you who take the ISC and CISSP seriously need to look at your org. Do you think that any with this certification are good at what we do because we took a test and adhere to some ethics rules the board ignores when they see fit?
Comments (0)
Throwing the Baby Out with the Bath Water
July 20, 2012 Added by:Infosec Island Admin
You train employees to protect not only from clicking on links or suspect emails, but you also teach them good ethics as well as security hygiene. The cumulative effect will help you secure the environment and in tandem with your technical means, and make it all the better...
Comments (3)
The Compliance Professional as a Trusted Advisor
July 18, 2012 Added by:Thomas Fox
Compliance is ar form of risk you can measure, evaluate and then manage. If the risk becomes too great, that may create an unacceptable level which your company will not tolerate. One of your key roles of a compliance practitioner is to reduce the level of risk which your company cannot or will not tolerate...
Comments (0)
On the Right to Bear Cyber Arms
July 10, 2012 Added by:J. Oquendo
An attacker is decimating my infrastructure. I have purchased and deployed every security technology I can think of. I have contacted law enforcement as a matter of relevance, but I know they will not be able to do much. I have given the service provider two fair warnings. I now fight fire with fire...
Comments (1)
Breaking the Enigma Code: Creating a Functioning Compliance Culture
June 25, 2012 Added by:Thomas Fox
New York Times reporter Adam Bryant recently profiled Angie Hicks, one of the co-founders of Angie’s List, who has some interesting observations on leadership that I found applicable to creating a functional compliance effort within an organization, from compliance professionals to ethical leadership...
Comments (0)
Napoleon’s Invasion of Russia and Risk Management
June 20, 2012 Added by:Thomas Fox
As compliance programs become more mature, you can use the information generated in a risk assessment in a variety of ways to facilitate an overall risk management program. To create an effective risk management system, understand the qualitative distinctions among types of risk an organization faces...
Comments (0)
We Don’t Need Cyber-Vigilante Justice
June 15, 2012 Added by:Andy Willingham
You see what made me so mad? It wasn’t the release of the PII of all those innocent people, it was their reason for doing it. They reported a web site vulnerability and it wasn’t fixed, so they decided to post PII of thousands of people on the internet. Who put them in the role of deciding who wins and who loses?
Comments (2)
How the DOJ Looks at Compliance Programs Part 2
May 31, 2012 Added by:Thomas Fox
The ABA Primer notes that an effective compliance program consists of documentation that an organization “exercise[s] due diligence to prevent and detect criminal conduct; and otherwise promote[s] an organizational culture that encourages ethical conduct and a commitment to compliance with the law”...
Comments (0)
Social Engineering: A True Story of Incredible Deception
May 31, 2012 Added by:Ben Rothke
In the vernacular of infosec, Tania Head was a type of social engineer. In the book Social Engineering: The Art of Human Hacking, Christopher Hadnagy details how attackers use social engineering to manipulate people into performing actions or divulging information...
Comments (0)
Is Lord Sugar a Member of Anonymous?
May 18, 2012 Added by:Javvad Malik
I’m simply asking the question that if Lord Sugar read something he didn’t agree with, and instead of privately sharing his thoughts or being in any way constructive, why did he expose the email address of Kevin OSullivan and invited 2 million people to DDoS his inbox?
Comments (0)
No National 'Stand Your Cyberground' Law Please
May 14, 2012 Added by:William Mcborrough
We know that some attacks on our privately owned critical infrastructure have been attributed to foreign government networks. Would it be wise to license companies to attack these networks? The last thing we need is an international incident started by some SysAdmin..
Comments (0)
Taming the WWW or Wild Wild West
May 13, 2012 Added by:Jayson Wylie
There is a reason the security world refers to exploitation on the Internet to activity ‘in the wild’. A comparison can be made to the lawless, tough and unforgiving world of the Wild West in American history. You can get your stuffz or scalp taken...
Comments (0)
Turn Compliance Beliefs Into Action: Impact Tone at the Bottom
May 11, 2012 Added by:Thomas Fox
This method is a good way for a compliance practitioner to get at ‘tone at the bottom’. By engaging employees at the level suggested you can find out not only what the employees think about the compliance program but use their collective experience to help design a more effective program...
Comments (0)
- Through the Executive Lens: Prioritizing Application Security Vulnerabilities
- Next Generation Firewalls are Old News in the Cloud
- Trojan Horses for the Mind, Part 2 of Building Impactful Security Awareness Messaging
- Internet-Exposed IBM BigFix Relays May Lead to Full Remote Compromise
- Google Chrome Zero-Day: What Are The Risks?
- 1 Million Apps Patched in Android Security Improvement Program
- The Role of Analytics in Protecting Healthcare Data Privacy and Security
- WINDSHIFT Hackers Target Government Agency in the Middle East
- The Rise of Ransomware and the Consequences for SMBs
- Trump Administration Starts the Ball Rolling with the National Cyber Strategy