Ethical guidelines

When it comes to information security, and especially research related to it, it is important to consider some ethical guidelines in relation to that. Ethical guidelines can be hard to lay out, especially in the field of information security and the Internet. The ethicality of an action is considered differently across all of the different cultures that the internet touches.

As a group project, at school, we tried to lay out some ethical guidelines relating to the work in information security. The reason they are called guidelines are because they should not be followed at all times, any time. There are reasons not to follow guidelines.

Referencing and group work

If the idea or material being used is not yours, a product of group work, or you got any help coming up with the idea, you should use any participants as references.

Blogging, Forums, mass e-mails

Make sure that the jokes you make are fully understood by all of the parties involved as what it is, a joke. It can be hard for someone of a totally different culture to understand that what you’re conveying is just siliness. This is especially true for sarcasm, in many cultures they don’t even have sarcasm. Try not using sarcasm, even if it is natural to you and you feel like it is very clear.

Don’t discrimate against groups of people or enforce their stereotype. You’re not getting any points across and you just end up insulting a bunch of people. It’s no good for you and no good for people reading what you’ve written.

Be careful with the private data you’re discussing. You might be discussing a data breach somewhere or a vulnerability. Make sure that none of the personal data is posted. Even if you ask an individual, or a company, if you can post some of their data, they might not understand the severeness of the data. You are responsible for making sure that you do not post sensitive data about others.

Also, don’t falsify any of the data. It might not seem like it, but falsifying data might also hurt someone. For one, you might accidentally put someone else’s data on there. Or someone might be fired from a company because the statistics you published where way higher than the actual number. And do your research, don’t automatically assume that the ‘experts’ are right, reflect over what you’re reading, at least a little bit.

Group Work

Make sure everyone is on board with what you’re working on. First of all, other people feel like crap if they can’t keep up. Second, you want to have input from everyone, because it improves on the work you’re doing. Keep it slow, include everyone.

When doing work over Skype or other means of online communication, try having a camera on the group. It makes it so much easier for the one or two people online to see who is talking and what is going on.

Don’t be a dick in the group work. Don’t use any suppression techniques to get your point across. Just have a good point and people will agree. If your point is not good, then reflect over what you said, maybe you didn’t say it right, or the point is just absurd. Don’t force people to work on something they don’t want to, it will just spoil your product in the end.

These guidelines where made in cooperation with other students at Noroff. We tried coming up with something that is not too restrictive, but is helpful for people working across cultures.

Of course, some of this goes away if you’re targetting only a group within your own culture. But I think you’ll go a long way in any group or public work if you keep these points in mind.