For your initial post, develop a scenario that presents an ethical dilemma in an information security setting. This is an opportunity for you to develop a scenario that will stimulate a discussion on different approaches to privacy and ethical problems. The scenario you create should be realistic but unique, and it’s okay to think outside the box.
Follow these guidelines to make your scenario engaging and meaningful:
The scenario should be plausible. Focus on typical events rather than relatively rare occurrences or unrealistic characters.
Provide enough background to indicate how the situation and policies could influence outcomes, but leave enough ambiguity so that participants must interpret unknown factors that might influence their approach.
Provide a clear question or decision for participants to address.
- An example scenario is shown below. Do not use this as your initial post.
- Your IT administrator tasks the members of your department with performing the yearly ethical hacking audit for the company. During last year’s exercise, one of the IT engineers went outside the scope of the ethical hacking contract and accessed HR files. This was deemed a deliberate violation of the plan, and the employee was fired. However, the vulnerability to access the records was included in the ethical hacking audit report. Knowing that this vulnerability existed last year, how would you proceed in this year’s audit?
- In your response posts, address the ethical dilemmas posed by your peers. Apply one of the five sources of ethical standards from the article A Framework for Ethical Decision Making to justify your response.
https://www.scu.edu/ethics/ethics-resources/ethica…
Peer 1:
Hi everyone,
You are an IT advisor for Somerset’s Board of Education. Your IT administrator tasked you and a colleague specifically, to ethically monitor the emails that were flagged due to various concerns. The IT advisor left it up to us how and when we would monitor the flagged emails. However, he did ask for a weekly report, and if there were to be any critical emails, those needed to be brought up to his attention immediately. You and your colleague agreed to monitor the flagged emails once per day after lunch. After a few weeks, you noticed your colleague looking at the “supposedly” flagged emails during other hours. Then the colleague went to the bathroom in the morning, he left the screen open and unlocked, and you noticed he was not looking at the flagged emails; he was looking at a specific Board of Education employee’s inbox. Knowing what you know and with evidence you have collected, how will you address the issue?
Peer 2:
Hi everyone,
My made-up ethical dilemma is as follows:
You overhear your coworker, coworker A, talking to another coworker, coworker B, bragging about how he might be a white-hat hacker by day, but becomes a black-hat hacker by night. You want to tell your supervisor but you should not have been eavesdropping and now the only person that should know this information is coworker B, your other coworker. You do not want to put coworker B at risk by saying something, however you worry that coworker A could be a threat to the company. What if coworker A is sharing trade secrets on the dark-web? Or using techniques that he learned at work to expose vulnerabilities in other weaker systems? Coworker B could also potentially lose their job for not saying anything themselves.
Would you tell your supervisor or pretend you never overheard the conversation?
0 comments