SlideShare una empresa de Scribd logo

Ethics in-information-security

Descargar como PPTX, PDF
Milinda Wickramasinghe
Milinda Wickramasinghe

This document discusses ethics in information security and vulnerability disclosure. It outlines 10 commandments of computer ethics focusing on avoiding harming others, respecting privacy and property. It also describes the vulnerability lifecycle from birth to death. Different types of vulnerability disclosure are explained, including non-disclosure, limited disclosure, full disclosure, and responsible disclosure. Responsible disclosure involves notifying the vendor, allowing time for a patch to be developed, then publicly disclosing technical details without exploit code. The benefits of responsible disclosure for researchers are noted. Potential issues with disclosure are acknowledged. Cybersecurity laws and the Budapest Convention are briefly mentioned.

Tecnología
1 de 15
Ethics in Information Security By Milinda Wickramasinghe
Ethics
Ethics
Ethics
Why we need ethics in IT Security
Common unethical practice
Ten Commandments of Computer Ethics 1. Thou shalt not use a computer to harm other people. 2. Thou shalt not interfere with other people's computer work. 3. Thou shalt not snoop around in other people's computer files. 4. Thou shalt not use a computer to steal. 5. Thou shalt not use a computer to bear false witness. 6. Thou shalt not copy or use proprietary software for which you have not paid. 7. Thou shalt not use other people's computer resources without authorization or proper compensation. 8. Thou shalt not appropriate other people's intellectual output. 9. Thou shalt think about the social consequences of the program you are writing or the system you are designing. 10.Thou shalt always use a computer in ways that insure consideration and respect for your fellow humans.
BIRTH DISCOVERY DISCLOSURE CORRECTION PUBLICITY DEATH RISK TIME Vulnerability lifecycle
Vulnerability lifecycle RISK TIME
Types of disclosure Non Disclosure Never disclosed to general public Once a vulnerability is found it is kept as a secret and leveraged to exploit vulnerable systems and gain benefits Limited Disclosure Vulnerability information is shared among a few individuals (Discloser, Vendor and possibly, Third party coordinator ) The initial public disclosure contains; the flawed product & very few details about the vulnerability Does not contain full technical details Will only be released once the vendor has fixed the flaw Full Disclosure Full technical details of the vulnerability is disclosed along with the exploit code Without the consent of the vendor / author of the code Vendor is informed at the same time as the general public Responsible Disclosure Discovery Finds the vulnerability by Security Firm or Researcher Initial Contact Notify the vendor - could get the help of a 3rd party Set reasonable deadline Continued Communication Vendor try to reproduce, the originator should provide assistance Patch Development Vendor creates patches, test them and analyzes further for more issues Public disclosure Technical details of the vulnerability is disclosed without the exploit code Exploit Release Enters the scripting stage Tools are developed
Responsible Disclosure - Benefits for the researcher
What could possibly go wrong..?
Cyber Security Laws in Sri Lanka
Convention on Cybercrime - Budapest Convention
Thank you.

Recomendados

Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Securitymtvvvv
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)Ali Habeeb
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Securitychauhankapil
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information securitySyaiful Ahdan
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security Shreedevi Tharanidharan
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 

Recomendados

Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Securitymtvvvv
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)Ali Habeeb
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Securitychauhankapil
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information securitySyaiful Ahdan
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security Shreedevi Tharanidharan
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
Legal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityLegal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityCarl Ceder
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
 
Security models
Security models Security models
Security models LJ PROJECTS
 
Security threats
Security threatsSecurity threats
Security threatsQamar Farooq
 
Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to securityDhani Ahmad
 
Cyber threats
Cyber threatsCyber threats
Cyber threatskelsports
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptxGulnurAzat
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Security policies
Security policiesSecurity policies
Security policiesNishant Pahad
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Information ethics
Information ethicsInformation ethics
Information ethicsSTCC Library
 
MS810 Information Security and Ethics Assignment
MS810 Information Security and Ethics AssignmentMS810 Information Security and Ethics Assignment
MS810 Information Security and Ethics AssignmentDarren McManus
 

Más contenido relacionado

La actualidad más candente

Legal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityLegal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityCarl Ceder
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
 
Security models
Security models Security models
Security models LJ PROJECTS
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to securityDhani Ahmad
 
Cyber threats
Cyber threatsCyber threats
Cyber threatskelsports
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptxGulnurAzat
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 

La actualidad más candente (20)

Legal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityLegal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information Security
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security
 
Security models
Security models Security models
Security models
 
Security threats
Security threatsSecurity threats
Security threats
 
Information security
Information securityInformation security
Information security
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
 
Cyber threats
Cyber threatsCyber threats
Cyber threats
 
Cia security model
Cia security modelCia security model
Cia security model
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Information security management system
Information security management systemInformation security management system
Information security management system
 
Security policies
Security policiesSecurity policies
Security policies
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
 
Information security management
Information security managementInformation security management
Information security management
 

Destacado

Information ethics
Information ethicsInformation ethics
Information ethicsSTCC Library
 
MS810 Information Security and Ethics Assignment
MS810 Information Security and Ethics AssignmentMS810 Information Security and Ethics Assignment
MS810 Information Security and Ethics AssignmentDarren McManus
 
ABC's of Privacy and Security
ABC's of Privacy and SecurityABC's of Privacy and Security
ABC's of Privacy and SecurityChristina Gagnier
 
Rainer+3e Student Pp Ts Ch03
Rainer+3e Student Pp Ts Ch03Rainer+3e Student Pp Ts Ch03
Rainer+3e Student Pp Ts Ch03kbzdox ivanovich
 
Human Impact on Information Security - Computer Society of India Conference, ...
Human Impact on Information Security - Computer Society of India Conference, ...Human Impact on Information Security - Computer Society of India Conference, ...
Human Impact on Information Security - Computer Society of India Conference, ...Anup Narayanan
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
Proposal risk based internal audit 2013
Proposal risk based internal audit 2013Proposal risk based internal audit 2013
Proposal risk based internal audit 2013Nidhi Gupta
 
Organizational Culture and Ethics, Enron Case Study
Organizational Culture and Ethics, Enron Case StudyOrganizational Culture and Ethics, Enron Case Study
Organizational Culture and Ethics, Enron Case StudyBrynne VanHettinga
 
The 10 Commandments of Computer Ethics
The 10 Commandments of Computer EthicsThe 10 Commandments of Computer Ethics
The 10 Commandments of Computer Ethicssmartinson
 

Destacado (11)

Information ethics
Information ethicsInformation ethics
Information ethics
 
MS810 Information Security and Ethics Assignment
MS810 Information Security and Ethics AssignmentMS810 Information Security and Ethics Assignment
MS810 Information Security and Ethics Assignment
 
ABC's of Privacy and Security
ABC's of Privacy and SecurityABC's of Privacy and Security
ABC's of Privacy and Security
 
Rainer+3e Student Pp Ts Ch03
Rainer+3e Student Pp Ts Ch03Rainer+3e Student Pp Ts Ch03
Rainer+3e Student Pp Ts Ch03
 
Ethics and information security 2
Ethics and information security 2Ethics and information security 2
Ethics and information security 2
 
Human Impact on Information Security - Computer Society of India Conference, ...
Human Impact on Information Security - Computer Society of India Conference, ...Human Impact on Information Security - Computer Society of India Conference, ...
Human Impact on Information Security - Computer Society of India Conference, ...
 
Risk based internal auditing
Risk based internal auditing Risk based internal auditing
Risk based internal auditing
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About Compliance
 
Proposal risk based internal audit 2013
Proposal risk based internal audit 2013Proposal risk based internal audit 2013
Proposal risk based internal audit 2013
 
Organizational Culture and Ethics, Enron Case Study
Organizational Culture and Ethics, Enron Case StudyOrganizational Culture and Ethics, Enron Case Study
Organizational Culture and Ethics, Enron Case Study
 
The 10 Commandments of Computer Ethics
The 10 Commandments of Computer EthicsThe 10 Commandments of Computer Ethics
The 10 Commandments of Computer Ethics
 

Similar a Ethics in-information-security

Computer ethics cyber security and technology of it
Computer ethics cyber security and technology of itComputer ethics cyber security and technology of it
Computer ethics cyber security and technology of itsr24production
 
GETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptxGETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptxBishalRay8
 
Super billing computers are your future
Super billing computers are your futureSuper billing computers are your future
Super billing computers are your futuresuperb11b
 
chapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggchapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggadabotor7
 
computer and society impact of Computer in society
computer and society impact of Computer in society computer and society impact of Computer in society
computer and society impact of Computer in society Sumama Shakir
 
IS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and PrivacyIS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and PrivacyJan Wong
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityNcell
 
computer ethics.pptx
computer ethics.pptxcomputer ethics.pptx
computer ethics.pptxglorysunny
 
Computer Ethics
Computer EthicsComputer Ethics
Computer EthicsRamki M
 
Security & ethical challenges
Security & ethical challengesSecurity & ethical challenges
Security & ethical challengesLouie Medinaceli
 
Computer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdfComputer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdfxererenhosdominaram
 
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdfUnit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdfSujanTimalsina5
 
Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...
Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...
Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...Dr. Khaled Bakro
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsMuhammadRobeel3
 

Similar a Ethics in-information-security (20)

Computer ethics cyber security and technology of it
Computer ethics cyber security and technology of itComputer ethics cyber security and technology of it
Computer ethics cyber security and technology of it
 
GETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptxGETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptx
 
Super billing computers are your future
Super billing computers are your futureSuper billing computers are your future
Super billing computers are your future
 
chapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggchapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxggggggggggggggggggggggggggg
 
Cyber laws
Cyber lawsCyber laws
Cyber laws
 
computer and society impact of Computer in society
computer and society impact of Computer in society computer and society impact of Computer in society
computer and society impact of Computer in society
 
Cyber Laws
Cyber LawsCyber Laws
Cyber Laws
 
IS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and PrivacyIS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and Privacy
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
computer ethics.pptx
computer ethics.pptxcomputer ethics.pptx
computer ethics.pptx
 
Computer Ethics
Computer EthicsComputer Ethics
Computer Ethics
 
Puna 2015
Puna 2015Puna 2015
Puna 2015
 
Security & ethical challenges
Security & ethical challengesSecurity & ethical challenges
Security & ethical challenges
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Computer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdfComputer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdf
 
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdfUnit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
 
Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...
Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...
Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guards
 
Chapter 5.pptx
Chapter 5.pptxChapter 5.pptx
Chapter 5.pptx
 
COMPUTER ETHICS.pptx
COMPUTER ETHICS.pptxCOMPUTER ETHICS.pptx
COMPUTER ETHICS.pptx
 

Último

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 

Último (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 

Ethics in-information-security

  • 1. Ethics in Information Security By Milinda Wickramasinghe
  • 5. Why we need ethics in IT Security
  • 7. Ten Commandments of Computer Ethics 1. Thou shalt not use a computer to harm other people. 2. Thou shalt not interfere with other people's computer work. 3. Thou shalt not snoop around in other people's computer files. 4. Thou shalt not use a computer to steal. 5. Thou shalt not use a computer to bear false witness. 6. Thou shalt not copy or use proprietary software for which you have not paid. 7. Thou shalt not use other people's computer resources without authorization or proper compensation. 8. Thou shalt not appropriate other people's intellectual output. 9. Thou shalt think about the social consequences of the program you are writing or the system you are designing. 10.Thou shalt always use a computer in ways that insure consideration and respect for your fellow humans.
  • 8. BIRTH DISCOVERY DISCLOSURE CORRECTION PUBLICITY DEATH RISK TIME Vulnerability lifecycle
  • 10. Types of disclosure Non Disclosure Never disclosed to general public Once a vulnerability is found it is kept as a secret and leveraged to exploit vulnerable systems and gain benefits Limited Disclosure Vulnerability information is shared among a few individuals (Discloser, Vendor and possibly, Third party coordinator ) The initial public disclosure contains; the flawed product & very few details about the vulnerability Does not contain full technical details Will only be released once the vendor has fixed the flaw Full Disclosure Full technical details of the vulnerability is disclosed along with the exploit code Without the consent of the vendor / author of the code Vendor is informed at the same time as the general public Responsible Disclosure Discovery Finds the vulnerability by Security Firm or Researcher Initial Contact Notify the vendor - could get the help of a 3rd party Set reasonable deadline Continued Communication Vendor try to reproduce, the originator should provide assistance Patch Development Vendor creates patches, test them and analyzes further for more issues Public disclosure Technical details of the vulnerability is disclosed without the exploit code Exploit Release Enters the scripting stage Tools are developed
  • 11. Responsible Disclosure - Benefits for the researcher
  • 12. What could possibly go wrong..?
  • 13. Cyber Security Laws in Sri Lanka
  • 14. Convention on Cybercrime - Budapest Convention