> For the complete documentation index, see [llms.txt](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/wgu-network-engineering-and-security/ethics-in-technology/computing-and-technology-ethics-engaging-through-science-fiction-textbook/chapter-6-professional-ethics/6.3-codes-of-ethics.md).

# 6.3 CODES OF ETHICS

Alright! Let's use the **Pareto principle** to make this lesson on **codes of ethics** ADHD-friendly, focused, and fun—highlighting the 20% that gives you 80% of the understanding. I’ll keep it all tied back to **cybersecurity** for better context and relatability.

***

#### 🚀 CODES OF ETHICS IN TECH: CYBER EDITION 🚀

**Main Points:**

* **Why Codes of Ethics Exist**: They set professional standards and guide behavior in tricky situations.
* **Key Ethics Bodies**: ACM, IEEE, and SECEPP each have their own codes, but share common values.
* **Core Principles**: Prioritizing the public good, honesty, avoiding harm, and transparency—these guide decisions, especially in cybersecurity.

***

#### **6.3.1 The ACM and IEEE Codes: Core Values**

**What’s the deal with these codes?** They exist to make sure tech pros keep the **public good** in mind while balancing their own and their clients' interests. Let’s simplify this with the **20% of core values** that matter most in real-world situations.

1. **Prioritizing Public Good**
   * **Cybersecurity context**: Think of protecting user data. Just like a doctor has to prioritize patient safety, cybersecurity pros must prioritize **user safety**—e.g., disclosing vulnerabilities that could harm the public.
   * **ACM 1.1, IEEE 1, SECEPP 1.02**: All focus on **contributing to public welfare** and ensuring the work is beneficial to society.
2. **Avoiding Harm & Risk Disclosure**
   * If your software has a flaw, **disclose it**. This is super important in **cybersecurity**—imagine not reporting a vulnerability in a system that controls a dam or hospital equipment.
   * **ACM 1.2, IEEE 1, SECEPP 1.03**: “Avoid harm,” and always let people know if something could be dangerous.
3. **Honesty and Transparency**
   * **Honesty** isn't just about telling the truth—it’s also about not hiding things. This applies when presenting **penetration test results**: being transparent about risks and findings helps clients make better decisions.
   * **ACM 1.3, IEEE 4, SECEPP 1.06**: Be honest in all dealings, reject bribery, and avoid deceptive practices.
4. **Conflict of Interest**
   * If you work for a cybersecurity company and also hold shares in a vendor selling a security solution, disclose it! Hidden interests can compromise **trust**.
   * **ACM 1.3 elaboration, IEEE 2**: Be transparent about any conflict of interest—it’s crucial for maintaining professional integrity.
5. **Competency and Scope**
   * Stay within your lane! If you’re not trained in **forensic analysis**, don’t offer those services. This principle prevents unqualified individuals from causing harm.
   * **ACM 2.6, IEEE 6**: Only work in areas where you’re qualified—understanding your limits is key.

#### **6.3.2 Guidelines for Algorithms: Bias, Transparency, Accountability**

**ACM and IEEE** have also highlighted specific issues in **algorithmic decision-making**—important for cybersecurity as it increasingly involves **AI** and **machine learning**.

**The Key Principles**:

1. **Awareness of Bias**: Know that **algorithms** can be biased. This is crucial in cybersecurity, where biased algorithms can lead to **unfair flagging** or denying access to users from certain demographics.
2. **Accountability**: Always be accountable for the **decisions your system makes**—e.g., if an AI wrongly identifies someone as a threat, there should be human oversight.
3. **Transparency**: Provide explanations. If your system denies access or flags someone, the decision should be explainable, particularly when dealing with security threats.

***

#### **6.3.3 The Role and Function of Codes of Ethics**

**What are codes of ethics for?**

* They aren’t strict rules but **guidelines** to help professionals make decisions, especially when the answer isn’t black and white.
* **Cybersecurity Example**: In 2016, the FBI wanted Apple to break encryption for a terrorist's phone. Ethical principles like protecting privacy (ACM’s code) conflicted with potential public good (helping law enforcement). This is a classic case where codes of ethics provide guidance but not a definitive answer—professionals must balance multiple ethical considerations.

**Inward and Outward Facing Functions**:

* **Inward**: Remind professionals of shared values. Helps you, as a cybersecurity expert, decide how to act when pressured to take unethical shortcuts.
* **Outward**: Communicate to the **public** what professionals stand for, maintaining trust in fields like cybersecurity—where the stakes for misuse of data are very high.

***

#### **Story Point: “Codename: Delphi”** 🚨

Imagine being **Karin**, a remote handler who gives real-time instructions to soldiers. Karin’s job is high stakes, requiring split-second decisions to keep people safe. This is much like a cybersecurity analyst under pressure during an active **DDoS attack**—making the right ethical call in seconds can make or break the safety of systems or even lives.

***

#### **KEY TAKEAWAYS (Pareto Principle Applied)**

1. **Public Good First**: Always think about how your actions impact the public—data safety, vulnerability disclosure, etc.
2. **Avoid Harm**: If something could be harmful, disclose it (like reporting software vulnerabilities).
3. **Be Honest & Competent**: Stay transparent with clients and only do work within your expertise.
4. **Transparency in AI**: AI and algorithms need to be accountable and explainable—especially when they impact people's security and rights.

***

#### **REFERENCES**

* Burton, E., Goldsmith, J., Mattei, N., Siler, C., & Swiatek, S.-J. (2023). *Computing and Technology Ethics: Engaging Through Science Fiction*. The MIT Press.

***

This version should help you stay focused and give you the essential concepts quickly, with clear applications to cybersecurity. Let me know if there’s anything you want to dive deeper into or if this format works well! 😊
