Scribd
Upload
371 views14 pages

Week 2 Introduction To Social and Professional Issues

The document discusses social and professional issues topics for Week 2, including different types of social problems, determining conflicts of interest, and distinguishing vulnerability disclosure from non-disclosure. It covers why ethics and culture are needed, how to evaluate an organization's ethics, and the advantages and disadvantages of vulnerability disclosure versus non-disclosure. Responsible disclosure plans that aim to minimize the window for attacks are also introduced.

Uploaded by

Kyla Shane Talde
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
371 views14 pages

Week 2 Introduction To Social and Professional Issues

The document discusses social and professional issues topics for Week 2, including different types of social problems, determining conflicts of interest, and distinguishing vulnerability disclosure from non-disclosure. It covers why ethics and culture are needed, how to evaluate an organization's ethics, and the advantages and disadvantages of vulnerability disclosure versus non-disclosure. Responsible disclosure plans that aim to minimize the window for attacks are also introduced.

Uploaded by

Kyla Shane Talde
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

WEEK 2

INTRODUCTION TO SOCIAL AND


PROFESSIONAL ISSUES

SPI101 – SOCIAL PRFOFESSIONAL ISSUES


 Describe and understand different type of social
problems and issues.

 Determine the conflict of interest.

 Distinguish the vulnerability disclosure and non-


disclosure in social professional issues

2
SPI101 – SOCIAL PROFESSIONAL ISSUES
WEEK 2 – SOCIAL PROFESSIONAL ISSUES 101

Why we need Ethics & Culture

3
SPI102 – SOCIAL PROFESSIONAL ISSUES
WEEK 2 – SOCIAL PROFESSIONAL ISSUES 102

Why we need Ethics & Culture

4
SPI102 – SOCIAL PROFESSIONAL ISSUES
WEEK 2 – SOCIAL PROFESSIONAL ISSUES 102

Why we need Ethics & Culture

5
SPI102 – SOCIAL PROFESSIONAL ISSUES
WEEK 2 – SOCIAL PROFESSIONAL ISSUES 102

Evaluate Ethics of an Organization


 Formal Ethics Opinion or perceptions officially written and share among
employees.
 Informal Ethics Describe a body of information that is either not written
down or poorly documented, but that nevertheless is consistently and
powerfully held in an organization.
 Ethical Leadership Positive or Negative ethical Leadership.

6
SPI102 – SOCIAL PROFESSIONAL ISSUES
WEEK 2 – SOCIAL PROFESSIONAL ISSUES 102

Social & Professional Issues: Vulnerability Disclosure

A. Vulnerability non-disclosure
 Sign nondisclosure agreement
 Non will report vulnerability details to the outside
 Motivation
 Can you really control information?

Advantages
1. Non-disclosure empowers management
2. Control over information within the organization

7
SPI102 – SOCIAL PROFESSIONAL ISSUES
WEEK 2 – SOCIAL PROFESSIONAL ISSUES 102

Social & Professional Issues: Vulnerability Disclosure

B. Non-Disclosure Agreement

Also known as a confidentiality, Agreement (CA), confidential


disclosure agreement (CDA), proprietary informationagreement (PIA)
or secrecy agreement (SA).

8
SPI102 – SOCIAL PROFESSIONAL ISSUES
WEEK 2 – SOCIAL PROFESSIONAL ISSUES 102

Four main reasons to consider this as bad

1. Leaked or simultaneously discovered


2. Not discovered publicly admins do not have Opportunity
3. No pressure for S/W vendors
4. Difficulty of selecting trusted individuals
-The black hat community

9
SPI102 – SOCIAL PROFESSIONAL ISSUES
WEEK 2 – SOCIAL PROFESSIONAL ISSUES 102

Social & Professional Issues: Vulnerability Disclosure


C. VULNEERABILITY FULL-DISCLOSURE
• The process of broadly disseminating as much information as possible regarding product or system
vulnerabilities so that potential victims possess the same information as the potential attackers
• Revealing of all vulnerability details including the technical details and scripts prior to patches, which fix
the vulnerabilities.
• Potential victims are aware when
1. Implementing IDS
2. Shutting down some vulnerable services
3. System admins activities
4. Product reviews from programmers of the vendor
• Ethically handling system vulnerabilities
• Performing full disclosure

10
SPI102 – SOCIAL PROFESSIONAL ISSUES
WEEK 2 – SOCIAL PROFESSIONAL ISSUES 102

Social & Professional Issues: Vulnerability Disclosure


D. ETHICAL DUTY TO WARN
• Writers exposing system weaknesses
• Instilling public fear with full disclosures

E. PATCH DEVELOPMENT
• Detecting and fixing product vulnerabilities
1. Taking the market advantage
2. Combining system fixes with security patches

11
SPI102 – SOCIAL PROFESSIONAL ISSUES
WEEK 2 – SOCIAL PROFESSIONAL ISSUES 102

Social & Professional Issues: Vulnerability Disclosure


F. RESPONSIBLE DISCLOSURE PLANS
• The purpose of "responsible disclosure" is to allow customers of a
vendor product ample time to protect their systems from exploitation and
attack.
• The primary goal is to minimize that period of time to reduce the
occurrence of attack
1. The Fisher Plan, Government disclosure
2. The responsible disclosure forum

12
SPI102 – SOCIAL PROFESSIONAL ISSUES
WEEK 2 – SOCIAL PROFESSIONAL ISSUES 102

Social & Professional Issues: Cybersecurity Issues


G. RESPONSIBILITY FOR VULNERABILITY REPRODUCTION

1. Vendor coordination
2. Determining a deadline for repair based on the severity of the
vulnerability
3. Fix vulnerabilities within the set timeline
4. coordinating a public disclosure
5. Issue financial compensation to the discoverer

13
SPI102 – SOCIAL PROFESSIONAL ISSUES
14

You might also like