SlideShare ist ein Scribd-Unternehmen logo

Ethics in-information-security

Als PPTX, PDF herunterladen
Milinda Wickramasinghe
Milinda Wickramasinghe

This document discusses ethics in information security and vulnerability disclosure. It outlines 10 commandments of computer ethics focusing on avoiding harming others, respecting privacy and property. It also describes the vulnerability lifecycle from birth to death. Different types of vulnerability disclosure are explained, including non-disclosure, limited disclosure, full disclosure, and responsible disclosure. Responsible disclosure involves notifying the vendor, allowing time for a patch to be developed, then publicly disclosing technical details without exploit code. The benefits of responsible disclosure for researchers are noted. Potential issues with disclosure are acknowledged. Cybersecurity laws and the Budapest Convention are briefly mentioned.

Technologie
1 von 15
Ethics in Information Security By Milinda Wickramasinghe
Ethics
Ethics
Ethics
Why we need ethics in IT Security
Common unethical practice
Ten Commandments of Computer Ethics 1. Thou shalt not use a computer to harm other people. 2. Thou shalt not interfere with other people's computer work. 3. Thou shalt not snoop around in other people's computer files. 4. Thou shalt not use a computer to steal. 5. Thou shalt not use a computer to bear false witness. 6. Thou shalt not copy or use proprietary software for which you have not paid. 7. Thou shalt not use other people's computer resources without authorization or proper compensation. 8. Thou shalt not appropriate other people's intellectual output. 9. Thou shalt think about the social consequences of the program you are writing or the system you are designing. 10.Thou shalt always use a computer in ways that insure consideration and respect for your fellow humans.
BIRTH DISCOVERY DISCLOSURE CORRECTION PUBLICITY DEATH RISK TIME Vulnerability lifecycle
Vulnerability lifecycle RISK TIME
Types of disclosure Non Disclosure Never disclosed to general public Once a vulnerability is found it is kept as a secret and leveraged to exploit vulnerable systems and gain benefits Limited Disclosure Vulnerability information is shared among a few individuals (Discloser, Vendor and possibly, Third party coordinator ) The initial public disclosure contains; the flawed product & very few details about the vulnerability Does not contain full technical details Will only be released once the vendor has fixed the flaw Full Disclosure Full technical details of the vulnerability is disclosed along with the exploit code Without the consent of the vendor / author of the code Vendor is informed at the same time as the general public Responsible Disclosure Discovery Finds the vulnerability by Security Firm or Researcher Initial Contact Notify the vendor - could get the help of a 3rd party Set reasonable deadline Continued Communication Vendor try to reproduce, the originator should provide assistance Patch Development Vendor creates patches, test them and analyzes further for more issues Public disclosure Technical details of the vulnerability is disclosed without the exploit code Exploit Release Enters the scripting stage Tools are developed
Responsible Disclosure - Benefits for the researcher
What could possibly go wrong..?
Cyber Security Laws in Sri Lanka
Convention on Cybercrime - Budapest Convention
Thank you.

Empfohlen

Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Securitymtvvvv
 
Cyber security & Importance of Cyber Security
Cyber security & Importance of Cyber SecurityCyber security & Importance of Cyber Security
Cyber security & Importance of Cyber SecurityMohammed Adam
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityBhandari Hìmáñßhü
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityVivek Agarwal
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Software security
Software securitySoftware security
Software securityRoman Oliynykov
 

Empfohlen

Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Securitymtvvvv
 
Cyber security & Importance of Cyber Security
Cyber security & Importance of Cyber SecurityCyber security & Importance of Cyber Security
Cyber security & Importance of Cyber SecurityMohammed Adam
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityBhandari Hìmáñßhü
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityVivek Agarwal
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Software security
Software securitySoftware security
Software securityRoman Oliynykov
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDr. Loganathan R
 
Information Security
Information SecurityInformation Security
Information SecurityDhilsath Fathima
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Cyber security
Cyber securityCyber security
Cyber securityHarsh verma
 
Network security ppt
Network security pptNetwork security ppt
Network security pptOECLIB Odisha Electronics Control Library
 
Cyber security
Cyber securityCyber security
Cyber securityDr. Kishor Nikam
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attackskrishh sivakrishna
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information securitySyaiful Ahdan
 
Computer security overview
Computer security overviewComputer security overview
Computer security overviewCAS
 
Cyber forensics ppt
Cyber forensics pptCyber forensics ppt
Cyber forensics pptRoshiniVijayakumar1
 
Cyber Security in Society
Cyber Security in SocietyCyber Security in Society
Cyber Security in SocietyRubal Sagwal
 
Network security
Network securityNetwork security
Network securityGichelle Amon
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Cyber security
Cyber securityCyber security
Cyber securityRishav Sadhu
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its typesSai Sakoji
 
Information ethics
Information ethicsInformation ethics
Information ethicsSTCC Library
 
MS810 Information Security and Ethics Assignment
MS810 Information Security and Ethics AssignmentMS810 Information Security and Ethics Assignment
MS810 Information Security and Ethics AssignmentDarren McManus
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDr. Loganathan R
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information securitySyaiful Ahdan
 
Computer security overview
Computer security overviewComputer security overview
Computer security overviewCAS
 
Cyber Security in Society
Cyber Security in SocietyCyber Security in Society
Cyber Security in SocietyRubal Sagwal
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its typesSai Sakoji
 

Was ist angesagt? (20)

Cia security model
Cia security modelCia security model
Cia security model
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Information Security
Information SecurityInformation Security
Information Security
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
Cyber security
Cyber securityCyber security
Cyber security
 
Network security ppt
Network security pptNetwork security ppt
Network security ppt
 
Cyber security
Cyber securityCyber security
Cyber security
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information security
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
 
Cyber forensics ppt
Cyber forensics pptCyber forensics ppt
Cyber forensics ppt
 
Cyber Security in Society
Cyber Security in SocietyCyber Security in Society
Cyber Security in Society
 
Network security
Network securityNetwork security
Network security
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
 
Cyber security
Cyber securityCyber security
Cyber security
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its types
 

Andere mochten auch

Information ethics
Information ethicsInformation ethics
Information ethicsSTCC Library
 
MS810 Information Security and Ethics Assignment
MS810 Information Security and Ethics AssignmentMS810 Information Security and Ethics Assignment
MS810 Information Security and Ethics AssignmentDarren McManus
 
ABC's of Privacy and Security
ABC's of Privacy and SecurityABC's of Privacy and Security
ABC's of Privacy and SecurityChristina Gagnier
 
Rainer+3e Student Pp Ts Ch03
Rainer+3e Student Pp Ts Ch03Rainer+3e Student Pp Ts Ch03
Rainer+3e Student Pp Ts Ch03kbzdox ivanovich
 
Human Impact on Information Security - Computer Society of India Conference, ...
Human Impact on Information Security - Computer Society of India Conference, ...Human Impact on Information Security - Computer Society of India Conference, ...
Human Impact on Information Security - Computer Society of India Conference, ...Anup Narayanan
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
Proposal risk based internal audit 2013
Proposal risk based internal audit 2013Proposal risk based internal audit 2013
Proposal risk based internal audit 2013Nidhi Gupta
 
Organizational Culture and Ethics, Enron Case Study
Organizational Culture and Ethics, Enron Case StudyOrganizational Culture and Ethics, Enron Case Study
Organizational Culture and Ethics, Enron Case StudyBrynne VanHettinga
 
The 10 Commandments of Computer Ethics
The 10 Commandments of Computer EthicsThe 10 Commandments of Computer Ethics
The 10 Commandments of Computer Ethicssmartinson
 

Andere mochten auch (11)

Information ethics
Information ethicsInformation ethics
Information ethics
 
MS810 Information Security and Ethics Assignment
MS810 Information Security and Ethics AssignmentMS810 Information Security and Ethics Assignment
MS810 Information Security and Ethics Assignment
 
ABC's of Privacy and Security
ABC's of Privacy and SecurityABC's of Privacy and Security
ABC's of Privacy and Security
 
Rainer+3e Student Pp Ts Ch03
Rainer+3e Student Pp Ts Ch03Rainer+3e Student Pp Ts Ch03
Rainer+3e Student Pp Ts Ch03
 
Ethics and information security 2
Ethics and information security 2Ethics and information security 2
Ethics and information security 2
 
Human Impact on Information Security - Computer Society of India Conference, ...
Human Impact on Information Security - Computer Society of India Conference, ...Human Impact on Information Security - Computer Society of India Conference, ...
Human Impact on Information Security - Computer Society of India Conference, ...
 
Risk based internal auditing
Risk based internal auditing Risk based internal auditing
Risk based internal auditing
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About Compliance
 
Proposal risk based internal audit 2013
Proposal risk based internal audit 2013Proposal risk based internal audit 2013
Proposal risk based internal audit 2013
 
Organizational Culture and Ethics, Enron Case Study
Organizational Culture and Ethics, Enron Case StudyOrganizational Culture and Ethics, Enron Case Study
Organizational Culture and Ethics, Enron Case Study
 
The 10 Commandments of Computer Ethics
The 10 Commandments of Computer EthicsThe 10 Commandments of Computer Ethics
The 10 Commandments of Computer Ethics
 

Ähnlich wie Ethics in-information-security

Computer ethics cyber security and technology of it
Computer ethics cyber security and technology of itComputer ethics cyber security and technology of it
Computer ethics cyber security and technology of itsr24production
 
GETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptxGETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptxBishalRay8
 
Super billing computers are your future
Super billing computers are your futureSuper billing computers are your future
Super billing computers are your futuresuperb11b
 
chapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggchapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggadabotor7
 
computer and society impact of Computer in society
computer and society impact of Computer in society computer and society impact of Computer in society
computer and society impact of Computer in society Sumama Shakir
 
IS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and PrivacyIS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and PrivacyJan Wong
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityNcell
 
computer ethics.pptx
computer ethics.pptxcomputer ethics.pptx
computer ethics.pptxglorysunny
 
Computer Ethics
Computer EthicsComputer Ethics
Computer EthicsRamki M
 
Security & ethical challenges
Security & ethical challengesSecurity & ethical challenges
Security & ethical challengesLouie Medinaceli
 
Computer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdfComputer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdfxererenhosdominaram
 
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdfUnit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdfSujanTimalsina5
 
Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...
Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...
Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...Dr. Khaled Bakro
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsMuhammadRobeel3
 

Ähnlich wie Ethics in-information-security (20)

Computer ethics cyber security and technology of it
Computer ethics cyber security and technology of itComputer ethics cyber security and technology of it
Computer ethics cyber security and technology of it
 
GETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptxGETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptx
 
Super billing computers are your future
Super billing computers are your futureSuper billing computers are your future
Super billing computers are your future
 
chapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggchapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxggggggggggggggggggggggggggg
 
Cyber laws
Cyber lawsCyber laws
Cyber laws
 
computer and society impact of Computer in society
computer and society impact of Computer in society computer and society impact of Computer in society
computer and society impact of Computer in society
 
Cyber Laws
Cyber LawsCyber Laws
Cyber Laws
 
IS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and PrivacyIS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and Privacy
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
computer ethics.pptx
computer ethics.pptxcomputer ethics.pptx
computer ethics.pptx
 
Computer Ethics
Computer EthicsComputer Ethics
Computer Ethics
 
Puna 2015
Puna 2015Puna 2015
Puna 2015
 
Security & ethical challenges
Security & ethical challengesSecurity & ethical challenges
Security & ethical challenges
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Computer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdfComputer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdf
 
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdfUnit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
 
Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...
Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...
Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guards
 
Chapter 5.pptx
Chapter 5.pptxChapter 5.pptx
Chapter 5.pptx
 
COMPUTER ETHICS.pptx
COMPUTER ETHICS.pptxCOMPUTER ETHICS.pptx
COMPUTER ETHICS.pptx
 

Kürzlich hochgeladen

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Kürzlich hochgeladen (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Ethics in-information-security

  • 1. Ethics in Information Security By Milinda Wickramasinghe
  • 5. Why we need ethics in IT Security
  • 7. Ten Commandments of Computer Ethics 1. Thou shalt not use a computer to harm other people. 2. Thou shalt not interfere with other people's computer work. 3. Thou shalt not snoop around in other people's computer files. 4. Thou shalt not use a computer to steal. 5. Thou shalt not use a computer to bear false witness. 6. Thou shalt not copy or use proprietary software for which you have not paid. 7. Thou shalt not use other people's computer resources without authorization or proper compensation. 8. Thou shalt not appropriate other people's intellectual output. 9. Thou shalt think about the social consequences of the program you are writing or the system you are designing. 10.Thou shalt always use a computer in ways that insure consideration and respect for your fellow humans.
  • 8. BIRTH DISCOVERY DISCLOSURE CORRECTION PUBLICITY DEATH RISK TIME Vulnerability lifecycle
  • 10. Types of disclosure Non Disclosure Never disclosed to general public Once a vulnerability is found it is kept as a secret and leveraged to exploit vulnerable systems and gain benefits Limited Disclosure Vulnerability information is shared among a few individuals (Discloser, Vendor and possibly, Third party coordinator ) The initial public disclosure contains; the flawed product & very few details about the vulnerability Does not contain full technical details Will only be released once the vendor has fixed the flaw Full Disclosure Full technical details of the vulnerability is disclosed along with the exploit code Without the consent of the vendor / author of the code Vendor is informed at the same time as the general public Responsible Disclosure Discovery Finds the vulnerability by Security Firm or Researcher Initial Contact Notify the vendor - could get the help of a 3rd party Set reasonable deadline Continued Communication Vendor try to reproduce, the originator should provide assistance Patch Development Vendor creates patches, test them and analyzes further for more issues Public disclosure Technical details of the vulnerability is disclosed without the exploit code Exploit Release Enters the scripting stage Tools are developed
  • 11. Responsible Disclosure - Benefits for the researcher
  • 12. What could possibly go wrong..?
  • 13. Cyber Security Laws in Sri Lanka
  • 14. Convention on Cybercrime - Budapest Convention