The Ten Commandments of computer ethics have been defined by the Computer Ethics Institute.

1) Thou shalt not use a computer to harm other people: If it is unethical to harm people by making a bomb, for example, it is equally bad to write a program that handles the timing of the bomb. Or, to put it more simply, if it is bad to steal and destroy other peoples books and notebooks, it is equally bad to access and destroy their files. 2) Thou shalt not interfere with other people's computer work: Computer viruses are small programs that disrupt other peoples computer work by destroying their files, taking huge amounts of computer time or memory, or by simply displaying annoying messages. Generating and consciously spreading computer viruses is unethical. 3) Thou shalt not snoop around in other people's files: Reading other peoples e-mail messages is as bad as opening and reading their letters: This is invading their privacy. Obtaining other peoples non-public files should be judged the same way as breaking into their rooms and stealing their documents. Text documents on the Internet may be protected by encryption. 4) Thou shalt not use a computer to steal: Using a computer to break into the accounts of a company or a bank and transferring money should be judged the same way as robbery. It is illegal and there are strict laws against it. 5) Thou shalt not use a computer to bear false witness: The Internet can spread untruth as fast as it can spread truth. Putting out false "information" to the world is bad. For instance, spreading false rumors about a person or false propaganda about historical events is wrong. 6) Thou shalt not use or copy software for which you have not paid: Software is an intellectual product. In that way, it is like a book: Obtaining illegal copies of copyrighted software is as bad as photocopying a copyrighted book. There are laws against both. Information about the copyright owner can be embedded by a process called watermarking into pictures in the digital format. 7) Thou shalt not use other people's computer resources without authorization: Multiuser systems use user ids and passwords to enforce their memory and time allocations, and to safeguard information. You should not try to bypass this authorization system. Hacking a system to break and bypass the authorization is unethical. 8) Thou shalt not appropriate other people's intellectual output: For example, the programs you write for the projects assigned in this course are your own intellectual output. Copying somebody elses program without proper authorization is software piracy and is unethical. Intellectual property is a form of ownership, and may be protected by copyright laws. 9) Thou shalt think about the social consequences of the program you write: You have to think about computer issues in a more general social framework: Can the program you write be used in a way that is harmful to society? For example, if you are working for an animation house, and are producing animated films for children, you are responsible for their contents. Do the

animations include scenes that can be harmful to children? In the United States, the Communications Decency Act was an attempt by lawmakers to ban certain types of content from Internet websites to protect young children from harmful material. That law was struck down because it violated the free speech principles in that country's constitution. The discussion, of course, is going on. 10) Thou shalt use a computer in ways that show consideration and respect: Just like public buses or banks, people using computer communications systems may find themselves in situations where there is some form of queuing and you have to wait for your turn and generally be nice to other people in the environment. The fact that you cannot see the people you are interacting with does not mean that you can be rude to them. See http://www.ccsr.cms.dmu.ac.uk/resources/professionalism/codes/cei_command_com.html for further comments on the ten commandments.

IT Code of Ethics
This document may be reproduced and distributed -- providing proper credit to SANS is given.

I will strive to know myself and be honest about my capability.

I will strive for technical excellence in the IT profession by maintaining and enhancing my own knowledge and skills. I acknowledge that there are many free resources available on the Internet and affordable books and that the lack of my employer's training budget is not an excuse nor limits my ability to stay current in IT. When possible I will demonstrate my performance capability with my skills via projects, leadership, and/or accredited educational programs and will encourage others to do so as well. I will not hesitate to seek assistance or guidance when faced with a task beyond my abilities or experience. I will embrace other professionals' advice and learn from their experiences and mistakes. I will treat this as an opportunity to learn new techniques and approaches. When the situation arises that my assistance is called upon, I will respond willingly to share my knowledge with others. I will strive to convey any knowledge (specialist or otherwise) that I have gained to others so everyone gains the benefit of each other's knowledge. I will teach the willing and empower others with Industry Best Practices (IBP). I will offer my knowledge to show others how to become security professionals in their own right. I will strive to be perceived as and be an honest and trustworthy employee. I will not advance private interests at the expense of end users, colleagues, or my employer. I will not abuse my power. I will use my technical knowledge, user rights, and permissions only to fulfill my responsibilities to my employer. I will avoid and be alert to any circumstances or actions that might lead to conflicts of interest or the perception of conflicts of interest. If such circumstance occurs, I will notify my employer or business partners. I will not steal property, time or resources. I will reject bribery or kickbacks and will report such illegal activity. I will report on the illegal activities of myself and others without respect to the punishments involved. I will not tolerate those who lie, steal, or cheat as a means of success in IT.

I will conduct my business in a manner that assures the IT profession is considered one of integrity and professionalism.

I will not injure others, their property, reputation, or employment by false or malicious action. I will not use availability and access to information for personal gains through corporate espionage.

I distinguish between advocacy and engineering. I will not present analysis and opinion as fact. I will adhere to Industry Best Practices (IBP) for system design, rollout, hardening and testing. I am obligated to report all system vulnerabilities that might result in significant damage. I respect intellectual property and will be careful to give credit for other's work. I will never steal or misuse copyrighted, patented material, trade secrets or any other intangible asset. I will accurately document my setup procedures and any modifications I have done to equipment. This will ensure that others will be informed of procedures and changes I've made.

I respect privacy and confidentiality.

I respect the privacy of my co-workers' information. I will not peruse or examine their information including data, files, records, or network traffic except as defined by the appointed roles, the organization's acceptable use policy, as approved by Human Resources, and without the permission of the end user. I will obtain permission before probing systems on a network for vulnerabilities. I respect the right to confidentiality with my employers, clients, and users except as dictated by applicable law. I respect human dignity. I treasure and will defend equality, justice and respect for others. I will not participate in any form of discrimination, whether due to race, color, national origin, ancestry, sex, sexual orientation, gender/sexual identity or expression, marital status, creed, religion, age, disability, veteran's status, or political ideology.