A Survey of Ethical Agreements in Information Security Courses

Existing ethical agreements, as applicable in the teaching of information security courses, typically spell out rules on what students should and should not do. The main problem is that the question of what students should or should not do is not a settled issue, because personal stances on questions of morality and ethics fundamentally influence the ethical recommendations that teachers present to their students. In light of the growing level of malice in the computing domain, experts have highlighted the importance of information security ethics by debating the need for a standard code of ethics for information security. Arguably, differences in ethical stance, with the effect of divergent ethical agreements, will not efficiently serve the purpose of effective universal application of ethics in the field of information security education. Examining current ethical policies in information security courses can provide insight about the prevailing ethics within the information security community. Moreover, understanding what the prevailing philosophies on ethics are within the community, in terms of how they actually diverge or converge, will present a good projection of how a standard policy on ethics may be feasibly applicable in a future regulatory environment. This way, we may be able to forecast the nature of ethical norms that future professionals will accept or allow to be imposed on them. Therefore, in our survey, we analyze ethical agreements on information security courses to identify the nature of existing agreements. We determine the commonalities of these agreements and derive an ethical policy prototype that includes the common elements of 329 ethical policies.