Educause Security Discussion mailing list archives
Re: Ethics of a University ISO
From: Gate <gate () USC EDU>
Date: Sun, 5 Jan 2003 13:00:15 -0800
Although the article below is focused on K-12, parents, and teachers it's a good starting place... Best, Stanton S. Gatewood USC - Chief Information Assurance & Privacy Officer University of Southern California 3716 South Hope Street, Suite 378 Los Angeles, CA 90089-7707 213-743-4900 (Voice) 213-743-4915 (Fax) "Security is everyone's responsibility" +++++++++++++++++++++++++++++++++++++++++ This email may contain material that is confidential and privileged for the sole use of the intended recipient. Any review, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies. ----------------------------- Mich Kabay wrote an article: -------------------------- Today's focus: Cyberethics education needed By M.E. Kabay Elizabeth Kennedy is a young woman with a mission. For the past year, the associate director of the Cyber-Ethics Education Program at Norwich University has been researching how children in our schools are being taught about the ethical uses of computers and networks. Why should network and systems managers be interested in cyberethics education? Education matters because criminal hackers and the media have been given free reign to teach kids that breaking into your systems is OK - as long as they don't change anything. The concept of the trusted computing base is utterly unknown to these people (or they are simply ignoring the issue). Unless we in the technical community get involved in teaching kids about what really happens when our systems are attacked, the number of attackers will continue to grow. Reducing the acceptability of criminal hacking is one of the methods we can use to reduce the overall threat to our systems in years to come. Kennedy has delivered lectures in a number of Vermont schools as well as to Rotary clubs, parent-teacher organizations and statewide teaching conferences since she began working on this project in October 2000. In her discussions with teachers and principals, she has often been told that there simply is no hacking problem at the particular schools she's visiting. No, no, say these authorities, no one in our school is involved with that sort of nonsense. Unfortunately, in school after school, the authorities are wrong. Kennedy makes a point of chatting with children about their understanding of hacking. Within minutes, she is consistently told about kids who are hackers or who participate in other unethical activities such as false identity, or pretending to be 18 to participate in certain chat rooms, view pornographic material or gamble online. Some of these kids have gotten involved with the hacker groups encouraged by 2600, The Hacker Quarterly. Kennedy attended a monthly meeting at a Borders Books store in Burlington, Vt., a few months ago; the date and time were posted on the 2600 Web site. She found a number of children under age 18 sitting with people ranging into their 30s. These kids are being socialized into a culture where attacking your systems is perceived as fun. The older teenagers and young adults become role models for the impressionable children, who will perhaps in turn become criminal hackers as they develop their technical - but not ethical - knowledge. Kennedy has created a Web site that has jargon-free research, articles and activities for parents, educators and kids to learn about the responsible use of technology: http://www.norwich.edu/cyberethics Introduced on the site is "E-dog" a technology-age superhero that Kennedy hopes children will recognize and model their ethical computing practices after. Kennedy believes that teaching children responsibly in a "cyber" world is no different than teaching responsibly in the "real" world, and that is the message that is conveyed in all of her work. Her white paper on cyberethics has an excellent introduction suitable for parents and teachers and includes links to many useful cyberethics resources: http://www.norwich.edu/cyberethics/whitepaper.html In the next part of this two-part series, I will explain how you can support the cyberethics project by voluntarily sending donations as thanks for useful materials we have freely posted on the Web. To contribute to these efforts, make your check out to NORWICH UNIVERSITY CYBERETHICS and address it to Elizabeth Kennedy / Cyber-Ethics Program / Norwich University / 158 Harmon Drive / Northfield, VT 05663-1035. Kennedy's phone number is 802-485-2250 and her e-mail address is mailto:ekennedy () norwich edu _______________________________________________________________ To contact M. E. Kabay: Check out the new "Computer Security Handbook, 4th Edition" edited by Seymour Bosworth and Michel E. Kabay; Wiley (New York), ISBN 0-4714-1258-9. Available now at your technical bookstore or visit Amazon at: http://www.amazon.com/exec/obidos/ASIN/0471412589/tag=fusion0e M. E. Kabay, Ph.D., CISSP is Associate Professor of Information Assurance in the Department of Computer Information Systems at Norwich University in Northfield, Vt. Mich can be reached by e-mail at mailto:mkabay () compuserve com He invites inquiries about his information security and operations management courses and consulting services. Visit his Web site for papers and course materials on information technology, security and management: http://www2.norwich.edu/mkabay/index.htm ----------------------------- -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU]On Behalf Of Jim Moore Sent: Sunday, January 05, 2003 12:48 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Ethics of a University ISO I need assistance in locating references to literature on the Ethics of an ISO and current trends in ethics as applied to students relative to information. The reason that I need it, is that I was asked to do a seminar in an ethics series here at RIT. Still being somewhat of the corporate mindset, I said "Sure, no problem". Then I realized that most of the people attending this will be ethics dept students and faculty. So I went to the ethics that I knew from the information security profession (part of the Common Body of Knowledge is "law and ethics") so I went to some of the reference books, ... a lot on law, little on ethics. Fortunately, a faculty friend loaned me a book on ethical theory, and so I understand a little more, and intuitively I have been applying a mixture of ethical theories. But I was wondering, if any of you more seasoned University ISOs or InfoSec professionals had ever had to do a presentation on ethics and if you could share with me what you had found. Jim Moore Rochester Institute of Technology jhmfa () cis rit edu 585-233-3802 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- Ethics of a University ISO Jim Moore (Jan 05)
- <Possible follow-ups>
- Re: Ethics of a University ISO Gate (Jan 05)
- Re: Ethics of a University ISO Ken Shaurette (Jan 05)