Re: Ethics of a University ISO

[Gate <gate () USC EDU>]

Although the article below is focused on K-12, parents, and teachers it's a
good starting place...


Best,



Stanton S. Gatewood
USC - Chief Information Assurance &
Privacy Officer
University of Southern California
3716 South Hope Street, Suite 378
Los Angeles, CA 90089-7707
213-743-4900 (Voice)
213-743-4915 (Fax)

"Security is everyone's responsibility"

+++++++++++++++++++++++++++++++++++++++++
This email may contain material that is confidential and privileged for the
sole use of the intended recipient.  Any review, reliance or distribution
by others or forwarding without express permission is strictly prohibited.
If you are not the intended recipient, please contact the sender and delete
all copies.

-----------------------------


Mich Kabay wrote an article:

--------------------------

Today's focus: Cyberethics education needed

By M.E. Kabay

Elizabeth Kennedy is a young woman with a mission. For the past
year, the associate director of the Cyber-Ethics Education
Program at Norwich University has been researching how children
in our schools are being taught about the ethical uses of
computers and networks.

Why should network and systems managers be interested in
cyberethics education? Education matters because criminal
hackers and the media have been given free reign to teach kids
that breaking into your systems is OK - as long as they don't
change anything. The concept of the trusted computing base is
utterly unknown to these people (or they are simply ignoring
the issue).

Unless we in the technical community get involved in teaching
kids about what really happens when our systems are attacked,
the number of attackers will continue to grow. Reducing the
acceptability of criminal hacking is one of the methods we can
use to reduce the overall threat to our systems in years to
come.

Kennedy has delivered lectures in a number of Vermont schools
as well as to Rotary clubs, parent-teacher organizations and
statewide teaching conferences since she began working on this
project in October 2000. In her discussions with teachers and
principals, she has often been told that there simply is no
hacking problem at the particular schools she's visiting. No,
no, say these authorities, no one in our school is involved
with that sort of nonsense. Unfortunately, in school after
school, the authorities are wrong.

Kennedy makes a point of chatting with children about their
understanding of hacking. Within minutes, she is consistently
told about kids who are hackers or who participate in other
unethical activities such as false identity, or pretending to
be 18 to participate in certain chat rooms, view pornographic
material or gamble online.

Some of these kids have gotten involved with the hacker groups
encouraged by 2600, The Hacker Quarterly. Kennedy attended a
monthly meeting at a Borders Books store in Burlington, Vt., a
few months ago; the date and time were posted on the 2600 Web
site. She found a number of children under age 18 sitting with
people ranging into their 30s. These kids are being socialized
into a culture where attacking your systems is perceived as
fun. The older teenagers and young adults become role models
for the impressionable children, who will perhaps in turn
become criminal hackers as they develop their technical - but
not ethical - knowledge.

Kennedy has created a Web site that has jargon-free research,
articles and activities for parents, educators and kids to
learn about the responsible use of technology:
http://www.norwich.edu/cyberethics

Introduced on the site is "E-dog" a technology-age superhero
that Kennedy hopes children will recognize and model their
ethical computing practices after. Kennedy believes that
teaching children responsibly in a "cyber" world is no
different than teaching responsibly in the "real" world, and
that is the message that is conveyed in all of her work. Her
white paper on cyberethics has an excellent introduction
suitable for parents and teachers and includes links to many
useful cyberethics resources:
http://www.norwich.edu/cyberethics/whitepaper.html

In the next part of this two-part series, I will explain how
you can support the cyberethics project by voluntarily sending
donations as thanks for useful materials we have freely posted
on the Web. To contribute to these efforts, make your check out
to NORWICH UNIVERSITY CYBERETHICS and address it to Elizabeth
Kennedy / Cyber-Ethics Program / Norwich University / 158
Harmon Drive / Northfield, VT 05663-1035. Kennedy's phone
number is 802-485-2250 and her e-mail address is
mailto:ekennedy () norwich edu

_______________________________________________________________
To contact M. E. Kabay:

Check out the new "Computer Security Handbook, 4th Edition"
edited by Seymour Bosworth and Michel E. Kabay; Wiley (New
York), ISBN 0-4714-1258-9. Available now at your technical
bookstore or visit Amazon at:
http://www.amazon.com/exec/obidos/ASIN/0471412589/tag=fusion0e

M. E. Kabay, Ph.D., CISSP is Associate Professor of
Information Assurance in the Department of Computer Information
Systems at Norwich University in Northfield, Vt. Mich can be
reached by e-mail at mailto:mkabay () compuserve com He invites
inquiries about his information security and operations
management courses and consulting services. Visit his Web site
for papers and course materials on information technology,
security and management:
http://www2.norwich.edu/mkabay/index.htm



-----------------------------


-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU]On Behalf Of Jim Moore
Sent: Sunday, January 05, 2003 12:48 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Ethics of a University ISO


I need assistance in locating references to literature on the Ethics of
an ISO and current trends in ethics as applied to students relative to
information.   The reason that I need it, is that I was asked to do a
seminar in an ethics series here at RIT.  Still being somewhat of the
corporate mindset, I said "Sure, no problem".  Then I realized that most
of the people attending this will be ethics dept students and faculty.

So I went to the ethics that I knew from the information security
profession (part of the Common Body of Knowledge is "law and ethics")
so I went to some of the reference books, ... a lot on law, little on
ethics.

Fortunately, a faculty friend loaned me a book on ethical theory, and so
I understand a little more, and intuitively I have been applying a
mixture of ethical theories.  But I was wondering, if any of you more
seasoned University ISOs or InfoSec professionals had ever had to do a
presentation on ethics and if you could share with me what you had found.

Jim Moore
Rochester Institute of Technology
jhmfa () cis rit edu
585-233-3802

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/memdir/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.