Book Review: The Code of Honor: Embracing Ethics in Cybersecurity by Paul J. Maurer and Ed Skoudis
The Code of Honor is an easy-to-read, well-structured guide to establishing a code of ethics and conduct for those working in cybersecurity roles. Although potentially a dry-sounding topic, the inclusion of many real-life scenarios, expert views and straight-forward lists of advice makes this an accessible and useful guide.
Does cybersecurity really need a code of ethics?
Against a backdrop where cybercrime is estimated to be a $6 trillion problem annually, the authors believe that above all cybersecurity is a human business. Of course, it requires expert skills around software and technology, but those working in this field also need a clear understanding that the purpose of their role is to keep people and organisations safe. The authors say: “As cyber professionals, we serve human beings; we do not serve technology”.
It is apparent that many professions, such as law and medicine have overarching codes of ethics and conduct. The authors of The Code of Honor believe the absence of an ethical standard for cybersecurity is a significant threat to the safety of consumers and businesses around the world.
How is this book structured?
The Code of Honor provides a set of ethical tenets that together form a code of honour. The authors propose that everyone across the cybersecurity sector signs up to this code or something similar. They believe there is high value in having one consistent ethical code that ties together practitioners across the industry.
Each tenet is introduced in its own chapter with real-life case studies and exercises for the reader to work through “to “build ethical decision-making muscles, which can quicken your response time and improve your decision making during critical situations.”
Who is Code of Honor for?
The blurb says: “It is aimed at managers and executives who seek to sharpen their knowledge of cyber ethics and security, The Code of Honor will also be of interest to security analysts, incident responders, threat hunters, forensic experts, and penetration testers, providing a hands-on framework for the integration of ethical standards from across the cyber world.”
The opening chapter states its purpose as: “A systematic and thoughtfully constructed program for building best practices regarding ethics in decision-making in the tech industry with a particular focus on cybersecurity.”
What are the tenets within the Code of Honor?
The tenets cover areas such as honesty, teamwork, collaboration and privacy. Most of us would agree to them readily. The usefulness of this book lies in how they explain not just the glib promise that people can make, but the intricacies and implications of what this means in the cybersecurity workplace.
About the Authors
PAUL J. MAURER, PhD, is the president of Montreat College, USA, a national leader in cybersecurity education and workforce development. After being approached by the NSA to create a curriculum on cybersecurity ethics for students preparing for cybersecurity careers, Paul was convinced this book needed to be written. He speaks and writes frequently on a wide range of topics, but regularly does so on cybersecurity across the USA.
ED SKOUDIS serves as president of the SANS Technology Institute College, the USA’s leading provider of cybersecurity professional development. Ed began teaching at the SANS Institute in 1999 and has trained over 30,000 cybersecurity professionals in incident response and ethical hacking, codifying many of the practices used throughout the industry today.
The Code of Honor: Embracing Ethics in Cybersecurity
by Paul J. Maurer and Ed Skoudis (ISBN: 9781394275861)
Published June 2024 by Wiley
