Cyber Basics - Module 5: Legal and Ethics
This is the fifth module in the Cyber Basics course (aka GenCyber). This module stimulates discussion and gets students thinking about the importance of ethical behavior when engaging in cybersecurity activities. It looks at Acceptable Use Policies, various case studies, and existing codes of ethics/conduct in industry today. It also presents the student with several recent case studies on cybersecurity activities (national and international) and allows them to explore and discuss the legal, ethical and privacy considerations of each case.
- Identify aspects of cybersecurity education that could be used for malicious purposes
- Describe why cybersecurity education must be grounded in ethical behavior
- Give examples of ways to encourage appropriate ethical behavior
This module is on legal, ethical, and policy considerations in cybersecurity and it does not have any hands-on computer-based exercises. The point of these discussions is to help instructors to foster an ethical framework the students can apply to decisions regarding the tools and techniques they will learn when studying cybersecurity. Many of the technologies, and even some of the ones covered in the short workshop, have applications from both a defensive and offensive standpoint. For example, network scanning tools are used regularly by system administrators and network security professionals to troubleshoot connectivity problems and to assess the security of networks; however, malicious actors can use those same tools to try to discover vulnerabilities in others’ networks. Students need to have a solid ethical foundation and understand when it is okay to use some of these tools and when it is not, so they can make good decisions in the future. The Virginia Cyber Range is specifically configured to allow students to use these tools in an environment where they cannot affect networks outside the range (like their school network), making it safe to experiment. Using many of these same techniques on the open Internet is generally not appropriate.
- K0003: * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.
- K0206: Knowledge of ethical hacking principles and techniques.
- K0351: Knowledge of all applicable statutes, laws, regulations and policies governing cyber targeting and exploitation.
- K0524: Knowledge of relevant laws, regulations, policies.