Having worked in Information Governance and Assurance for a few years now I have yet to come across any information regarding information security and ethics. Which to me is an area where more thought into the issues surrounding what we do as InfoSec Professionals and the ethical ramifications.
There are discussions surrounding disclosure, and how to disclose things like flaws and bugs to the appropriate authorities but little to dictate how we should do our work on a regular basis.
Take the following scenarios (all based on my experiences) and see if you came up with the same decision, and let us know in the comments how you feel about them. Continue reading →