Ethics are one of the most important aspects of working in cybersecurity. In all the various cyber positions available at companies and government, each of them requires cybersecurity staff that will uphold the highest standards for ethics. Everyday cybersecurity professionals face ethical decisions on a daily basis. There are many different scenarios a cybersecurity professional might experience. One has to do with their authorization and access to security control settings. A disgruntled employee or one that makes a human error by mistake could make adjustments to control settings that could have a negative impact on business operations or the country’s critical infrastructure.
It is particularly concerning when there is an insider threat at an organization or government. These state actors can create zero-day attacks and use them to deploy malware, conduct espionage and launch distributed denial of service attacks (DDoS). On a global scale, several threat actors could direct many cyberattacks at another state actor. It is important to note that when a state actor is hit with cyberattacks that adversely affect many parts of critical infrastructure like financial, transportation, electric grid, water supply and many others, the state actor will most likely need help from its allies to regain security for its networks and systems (Herzog, 2011).
The Forum of Incident Response and Security Teams (FIRST) created new cybersecurity policies regarding the implementation of incident response. The new policies were made available on Global Ethics Day. They released a publication that is open for any cybersecurity professional to use at their place of employment or for individual use. The publication provides detailed instructions on how to conduct cybersecurity features while maintaining the ethics in regards to selecting an implementation and the professional’s responsibilities to do what is best for protecting and securing networks and systems, rather than deliberately making unauthorized decisions or conducting a cyberattack.
FIRST offers these principles to executive staff and upper management that make decisions on an enterprise or government information technology and systems. The goal of the publications is to maintain the “trustworthiness, coordinated vulnerability disclosure, authorization, team health and recognition or jurisdictional boundaries when cybersecurity teams handle these difficult situations”. One of the most important aspects is to show an analytics firm’s ability to collect intelligence and share it in the open source for other organizations to use as a possible solution for their operations.
Just like when the EU and NATO shared cybersecurity resources with Estonia, the analytics firm is also being collaborative by sharing its existing intelligence as well as its new strategies for incident response. Every organization needs a sound security policy for incident response because there will always be the potential for a cyberattack or a small-scale error or discrepancy that will need specific, step-by-step-, incident response procedures.
This is true for all organizations from startups to large-scale corporations. It is important pinpoint incident response relative to the misuse of information systems, which is a valid argument. However, it is also true that companies and government, especially those that have a significant dependency on internet and telecommunications, a broad incident response policy that will give them a proven method to mitigate and report issues with networks and systems can be a benefit to IT and Cybersecurity.