Since security intersects so much with privacy, cybersecurity ethics decisions should be on your mind at work.
Being part of a high-performing computer security incident response team (CSIRT) or security operations center (SOC) involves making big, intentional decisions. Increasing the maturity of your team is more than dropping a bag of shiny new tools and technology and then hoping for the best. One of the crucial components to building a successful CSIRT team or SOC are the people pulling the levers of this technology, and the culture in which they have to operate. Chances to train, improve your skill set and form clear career plans are key. Along with them, this culture should include a focus on cybersecurity ethics. You can enforce this with a cybersecurity code of conduct or an IT security code of ethics.
Cybersecurity Ethics Guidance Frameworks
To stress its importance, some maturity frameworks include an entire category for the human aspect. Frameworks based on the Security Incident Management Maturity Model (SIM3) as laid forward by The European Union Agency for Cybersecurity (ENISA) in their CSIRT maturity assessment model and the Global Forum on Cyber Expertise (GFCE) maturity framework include an entire category for the human touch. This ranges from personal strength, skill set descriptions, training options, networking and one topic which is of interest here: codes of conduct. This topic covers a set of rules or guidelines for your staff on how to behave, perhaps outside work, as well as on th ..
Support the originator by clicking the read the rest link below.
