At the onset, it may seem that there are not a lot of ethical issues that arise in the field of security ethics. There are, however, certain areas that challenge the norms and give rise to policies concerning whether or not certain acts fall under what is considered as ethical and what is unethical. It is basic understanding that in any department handling security the basic rights and freedoms are to be respected such as the right of certain employees to a degree of privacy that does not in any way interfere with the prerogative of management.
The code of ethics of any security professional revolves around the basic concepts as embodied in the ten ethics principles of technologists and computer system experts. The relevance of this is due to the fact that the security professionals these days deal mostly technology and computers. As such, it is important to remember the basic concept of respecting the intellectual property of others and preventing the commission of any act of mischief or malice.
Simple guidelines such as ensuring the integrity of the information path and the authenticity of documents may seem too simplistic but these lie at the very core of the ethics of security professionalism. There is no single code of ethics, however, that encapsulates the basic rules needed in order to protect the security of systems. Instead, there are basic ethics approaches that have been developed to guide security professionals.
These two basic approaches are the Rights Approach which is based on the ability of an individual to make ethical decisions based on the basic rights that have been granted to individuals by society, and the Common-Good Approach which is anchored on the belief that the ethical act is one that caters to more people and brings about the greatest good, which is quite similar to the Utilitarianism method which was developed by John Stuart Mills and Jeremy Bentham.
The basic difference between these two ethical guidelines is that the Rights Approach dictates that what is moral and ethical is based on a fixed guideline from which no derogation is allowed. The Common-Good Approach, on the other hand, is based more loosely around an active set of ethics that change with regard to the situations or circumstance to which they are applied to. As mentioned earlier, there is really no single guideline or standard for ethics, particularly in the field of security professionals.
There are methods however, that aid in arriving at the ethical solutions and these should never be forgotten.
References: Crossing the Line: Ethics for the Security Professional, last accessed on October 6, 2007, from http://www. secureworks. com/research/articles/ethics/ Velasquez, Manuel; Andre, Claire; Shanks, S. J. ,Thomas and Meyer, Michael J. Thinking Ethically: A Framework for Moral Decision Making. Issues in Ethics - V. 7, N. 1 Winter 1996