5. Describe ethical conduct within cyber security (AC 3.1)

Answer:Cyberethics is a much discussed topic. Both because cyber is on the rise in popularity in the past couple of decades and because ethics have a great source for conversation ever since humanity have started talking. Ethics can be very personal as everyone views the word through a different lens and because of that, everyone considers what's 'right' and 'wrong' differently. Professionals working in the field of cyber security, must have strong sense of morality and ethics. It's what separates them from bad actors. It's the drive to protect the innocent, like your private medical data, or children school data from 'baddies' who attack with ransomware. The UK Cyber Security Council (UKCSC)have an Ethical Declaration I like. They have several points that I live by either in terms of cyber of other areas of life. And since discovering these, I'll try to adopt as many as I can into my personal and work life. Credibility We will maintain the highest standards of objectivity in our service delivery We will present the highest standards of advice and conduct We will always act with accountability Integrity We will be honest and act with integrity in the conduct of our activities and services We will always act in compliance with legislation and regulation Professionalism We will uphold and improve the professionalism and reputation of the cyber security sector We will promote and advance understanding and awareness of cyber security and its benefits We will always operate from an evidence-based position We will rebut any false or misleading statement concerning the industry or profession We will give back to the profession through relevant bodies and organisation It goes in to much more details here UKCSC have a page on their website with ethics scenarios. These would be a great practice for any company or individuals. One of the scenarios goes like this: "My organisation has received a ransomware demand. Management wants to pay, but someone on the management team believes that it is inappropriate or illegal. Should we pay to recover our information." Another thing you can find on their website is a form where you can report an ethical breach. After submitting a report they will begin an investigation, next the Ethics Committee will review the findings ,and lastly the verdict is carried, this could be anything from suspension of membership of the council, referral to other regulatory body/accreditation body or report to the relevant authorities if crime is suspected.