Tech Support > Computers & Technology > Computer Security > REVIEW: "IT Ethics Handbook", Stephen Northcutt
REVIEW: "IT Ethics Handbook", Stephen Northcutt
Posted by Rob Slade, doting grandpa of Ryan and Trevor on December 13th, 2004


BKITETHB.RVW 20041010

"IT Ethics Handbook", Stephen Northcutt, 2004, 1-931836-14-0,
U$49.95/C$69.95
%A Stephen Northcutt stephen@sans.org
%C 800 Hingham Street, Rockland, MA 02370
%D 2004
%G 1-931836-14-0
%I Syngress Media, Inc.
%O U$49.95/C$69.95 781-681-5151 fax: 781-681-3585 www.syngress.com
%O http://www.amazon.com/exec/obidos/AS...bsladesinterne
http://www.amazon.co.uk/exec/obidos/...bsladesinte-21
%O http://www.amazon.ca/exec/obidos/ASI...bsladesin03-20
%P 604 p.
%T "IT Ethics Handbook"

This isn't a very good book about ethics, but it is a useful book.
It's just got the wrong title.

The introduction doesn't provide any proper background to the study of
ethics. The brief review of related terms doesn't give much in the
way of help: ethics are defined as personal principles, and
differentiated from morals only in that the latter are assumed to be
accepted from some outside source. (This distinction makes ethics
appear to be the base, uneducated, conscience.) Most of the anecdotes
listed deal with cultural, rather than ethical, issues.

The work contains hundreds of questions or scenarios. These are
divided into twenty topical chapters, although the categorization
isn't particularly solid. Chapter one, "System Administration and
Operations," starts off with a series of items more directly related
to development, even though there is a "Programmers and Systems
Analysts" chapter later on. Each item is presented with a
"conservative" view, a "liberal" perspective, and a summary. (There
are also "soapboxes" and anecdotes, bringing personal views and real
experiences to the discussion. I'd forgotten that I'd actually
submitted one, until I came across it on page 500.) Interesting
points are raised, but these are seldom based in ethics, tending to
deal more with standards of formal policy as opposed to the messy
practicalities of life.

It is, in fact, in the field of policy creation and review that this
volume should be used. Over and over again it challenges commonly
accepted policies and practices in the security field. Is your usage
policy flexible enough to cover all cases? Does your monitoring
policy run counter to the law? Does your disclosure policy help or
hinder the development of secure products?

The book raises lots of questions, although it provides few answers.
(What advice exists is occasionally contradictory, such as the
recommendations regarding email monitoring on page 33 versus 107.) At
times the material doesn't even deal with policy issues: chapter
five's content on email scams is more relevant to personal security
matters such as phishing.

Some, although relatively few, of the items can be used for scenarios
when discussing ethics. Almost all of the questions can be used
during an assessment of the coverage of a corporate security policy.
So, yes, the book is useful for those in the security field. (It
would have been even more useful if an index had been included.)

copyright Robert M. Slade, 2004 BKITETHB.RVW 20041010

--
======================
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@sun.soci.niu.edu
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
or mirror http://sun.soci.niu.edu/~rslade/
CISSP refs: [Base URL]mnbksccd.htm
Security Dict.: [Base URL]secgloss.htm
Book reviews: [Base URL]mnbk.htm
Review mailing list: send mail to techbooks-subscribe@egroups.com
or techbooks-subscribe@topica.com


Similar Posts