Reference no: EM132161074
Assignment -
Write a review on this article with 2 APA references. Regarding if passive reconnaissance is ethical or not and requires written consent, would venture to say it's based on the details and circumstances involved with the actual client. It's certainly not against the law or unethical to gather or research information that's publicly available.
According to Walker, M. (2017), nothing happens before you have a signed, sealed agreement in place. Nothing. This agreement should spell out the limitations, constraints, and liabilities between the organization and the penetration test team, and is designed to maximize the effectiveness of the test itself while minimizing operational impact. From a hypothetical pen tester vantage point, we would want to gather as much publicly available information about my client in advance to advise them on what they should and shouldn't disseminate to the public as part of my assessment strategy.
Now understand the concept of getting "everything" sealed in a signed agreement before moving forward however, we don't consider passive reconnaissance apart of that agreement. According to Danny Bradbury (2017), Ethics plays a big part in many lines of work. Doctors can be struck down for violating codes of conduct, and lawyers can be disbarred. Journalism, too, has many ethical codes that overlap. Shouldn't those working in cybersecurity have a code of conduct too? The stakes are rising in this field, as attackers and defenders alike gain increasing power over our systems and data. For example, 40 years ago, most work was still manual and desktop computers were a hobbyist pursuit. Cybersecurity didn't matter as much.
Now, attackers can gain control of everything from our homes to our pacemakers electronically. Cybersecurity practitioners and researchers are working at the cutting edge of a highly adversarial industry, and dealing with a range of thorny problems. At the end of the day, my reputation and character mean more to me than anything with the exception of my family. So I'm not going to do anything that will jeopardize the aforementioned. With that said, I do believe there should be consequences if one deliberately decides to "cross the line" from ethical to unethical. Specifically, conducting actual pen testing on a system without written consent.
The following biblical reference lends itself very well to the topic of ethics: Matthew 5:9: Blessed are the peacemakers, for they shall be called sons of God. Regarding being a peacemaker as Jesus discussed in Matthew 5:9, Jesus used the word peacemaker in the context of solving a problem not ending a conflict such as a war. A peacemaker, in the context of solving a problem, is exactly what a security practitioner should not only be but epitomize. Proverbs 22:1 "A good name is to be chosen rather than great riches, and favor is better than silver or gold." Bottom line, as cybersecurity professionals, we should "always" operate in a glass house with a strict honor code and with an unwavering mindset that we'll "always" protect the users that we support and the profession even if we're place in those uncomfortable and unenviable positions.
Article - In Search of an Ethical Code for Cybersecurity.
Attachment:- Assignment File.rar