Ethics In Cybersecurity: How Best Practices Shape the Public Good


Cybersecurity is an ethically significant public good because ethical practices in cybersecurity help ensure that users can trust their personal, financial, medical, and identity information is safe from exploitation. Where business processes strive to create a competitive edge, innovation, and financial gain, cybersecurity strives to protect the public from unethical behavior.


The ISACA Code of Professional Ethics (2023) strives to ensure proper IT governance through compliance with standards, procedures, and controls for implementation systems. CISA provides an assurance to businesses that an IT auditor will follow professional standards and best practices with due diligence, objectivity, and competency. IT auditors must be trusted to maintain a high standard of conduct and character in both their personal and professional activities. Unless IT auditors are required legally to disclose information, IT auditors promise to educate and inform stakeholders of their findings while maintaining the privacy and confidentiality of the sensitive information they view during the audit after the audit is complete. 


IT Security Auditing provides an assurance that an organization operates according to an agreed-upon set of standards. Businesses often handle sensitive user data, such as social security numbers, home addresses, phone numbers, and pictures. IT Auditors pay careful attention to the Confidentiality, Integrity, and Availability of Data because a person’s personal life can be significantly impacted when their data is accessed by unknown parties with malicious intent. It goes beyond a malicious actor selling a user’s data for profit. Malicious actors can harass, coerce, embarrass, and target users in a way that has a long-lasting impact on their lives. Breached sensitive information can cause a user to lose their job, their marriage, and their reputation. It could even lead to jail time or the abduction of your children. There is no end to the extent a user could suffer because the intent of the malicious actor is unknown. 


Best Practice 1: Protecting the Confidentiality, Integrity, and Availability of Data

The implementation of two-factor authentication helps to safeguard user data by adding an extra layer of authentication before accessing accounts. Two-factor authentication can be implemented with biometrics, tokens, key fobs, and SMS to protect the confidentiality of data. Nonrepudiation ensures data integrity by maintaining logs of user activity. Inaccurate user data can affect a user’s ability to apply for loans and maintain a positive reputation. Data Integrity ensures agreements between the user and the organization are valid. Whether data is stored in a file or database, access controls aim to prevent unauthorized access through proper authentication with user credentials. SMS further enhances the authentication process through access controls. When data integrity is misrepresented, agreements are void. Users lose representation and often experience a financial loss. Sufficiently maintaining backups of user data is essential to ensuring the user retains the ability to continuously access their data, when the availability of data is compromised, users may lose all record of their business transactions. This can cause financial loss or even put the user’s life at risk when dealing with sensitive health data.


Best Practice 2: Ethical Conduct and Confidentiality in IT Auditing

As highlighted by the ISACA Code of Professional Ethics, auditors often handle sensitive information that could cause significant harm to users and stakeholders if disclosed to the public. Ethical IT auditors are essential for building trust between users and organizations. By conducting comprehensive IT Audits, IT Auditors raise the ethical application of security at all levels of an organization. 


Through careful implementation of cybersecurity best practices, organizations maintain the public good by ensuring that business practices are both ethically sound and effectively protective of user data.



Reference:


Hashemi-Pour, C. (2024). CIA triad (confidentiality, integrity and availability). TechTarget. https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA


ISACA. (2023). Code of Professional Ethics. Higher Logic. https://engage.isaca.org/newyorkmetropolitanchapter/aboutchapter/codeofprofessionalethics


University of Tulsa. (2023, December 13). Cybersecurity Ethics: Why It’s Important. https://online.utulsa.edu/blog/cybersecurity-ethics/#:~:text=The%20tenets%20of%20ethical%20practice,privacy%20and%20confidentiality%20of%20information

Comments

Post a Comment

Popular posts from this blog

SalonAboutBeauty: Less Integration for Consistent Styling Across Components

Ensuring Consistent Variables Less provides several advantages for organizing CSS to ensure consistency across a website. The variables.less file defines reusable properties that allow a developer to easily communicate and maintain styles according to a style guide or theme.  The Less Web Development Cookbook describes properties in the variables.less file in relation to other programming languages: “Variables in Less are defined as the equivalent to statics in other programming languages. You assign a value to a variable once and use it everywhere in your code” (Meyghani & Jobsen, 2015, p. 50). It suggests that less allows a developer to set properties, such as colors and length, to variable names that retain their meaning and can be used everywhere in the code. Examples: @base-color: red, @primary: green.  By providing these definitions in a central location, developers create code consistency in all areas of the website. Creating an Organized File St...
Read more

Why “Human Error” Is Usually a System Design Problem

In complex systems, failure rarely comes from a single bad decision. It comes from problems that evolve slowly, cross boundaries, and remain unresolved while everyone involved behaves reasonably. Managing risk in these environments means managing trajectories, not just incidents. When ownership is divided strictly by role, function, or severity threshold, gaps are inevitable. Those gaps are where issues linger, age, and quietly accumulate risk, not because they were ignored, but because no one was responsible for carrying them forward end to end. This is common in healthcare, where delay is often necessary. A patient may require observation, referrals, or time to clarify diagnosis. The failure is not that care takes time; it is that the trajectory of care becomes fragmented. Each clinician escalates correctly within scope, yet no one owns the evolving picture across visits, domains, and decisions. The patient is evaluated repeatedly, reassured locally, and sent away without continuity ...
Read more

Challenges in Prosecuting Deep Web and Darknet Crimes: The Case of Ross Ulbricht and the Silk Road

  The deep web represents online information that is not easily accessible through search engines. Prosecuting crimes on the deep web is no more challenging than prosecuting crimes for any standard website because law enforcement can still track the user's location through a domain or IP address. Alternately, the darknet poses a challenge for law enforcement to address illicit activity because while the darknet is a web-based system, it is accessible only through the Tor protocol that encapsulates HTTP and HTTPS traffic, much like a VPN that hides a user’s location and identity. The Tor protocol, often called the Onion Router, contains methods for encrypting and routing traffic between peers. The purpose of the Tor protocol is to make web browsing anonymous by routing each request through multiple peers and altering encryption at various steps until the request reaches its destination. Subsequent requests may hop through different peers, making traffic appear random, unpredictable,...
Read more