The Ten Commandments of computer ethics have been defined by the Computer Ethics Institute.

1) Thou shalt not use a computer to harm other people: If it is unethical to harm people by making a bomb, for example, it is equally bad to write a program that handles the timing of the bomb. Or, to put it more simply, if it is bad to steal and destroy other peoples books and notebooks, it is equally bad to access and destroy their files. 2) Thou shalt not interfere with other people's computer work: omputer viruses are small programs that disrupt other peoples computer work by destroying their files, taking huge amounts of computer time or memory, or by simply displaying annoying messages. !enerating and consciously spreading computer viruses is unethical. 3) Thou shalt not snoop around in other people's files: "eading other peoples e#mail messages is as bad as opening and reading their letters$ This is invading their privacy. Obtaining other peoples non#public files should be %udged the same way as breaking into their rooms and stealing their documents. Text documents on the Internet may be protected by encryption. ) Thou shalt not use a computer to steal: &sing a computer to break into the accounts of a company or a bank and transferring money should be %udged the same way as robbery. It is illegal and there are strict laws against it. !) Thou shalt not use a computer to "ear false witness: The Internet can spread untruth as fast as it can spread truth. 'utting out false (information( to the world is bad. )or instance, spreading false rumors about a person or false propaganda about historical events is wrong. #) Thou shalt not use or copy software for which you have not paid: *oftware is an intellectual product. In that way, it is like a book$ Obtaining illegal copies of copyrighted software is as bad as photocopying a copyrighted book. There are laws against both. Information about the copyright owner can be embedded by a process called watermarkin$ into pictures in the digital format. %) Thou shalt not use other people's computer resources without authori&ation: +ultiuser systems use user id's and passwords to enforce their memory and time allocations, and to safeguard information. ,ou should not try to bypass this authori-ation system. (ackin$ a system to break and bypass the authori-ation is unethical. )) Thou shalt not appropriate other people's intellectual output: )or example, the programs you write for the pro%ects assigned in this course are your own intellectual output. opying somebody elses program without proper authori-ation is software piracy and is unethical. Intellectual property is a form of ownership, and may be protected by copyright laws. *) Thou shalt think a"out the social conse+uences of the pro$ram you write: ,ou have to think about computer issues in a more general social framework$ an the program you write be used in a way that is harmful to society. )or example, if you are working for an animation house, and are producing animated films for children, you are responsible for their contents. /o the

animations include scenes that can be harmful to children. In the &nited *tates, the Communications ,ecency -ct was an attempt by lawmakers to ban certain types of content from Internet websites to protect young children from harmful material. That law was struck down because it violated the free speech principles in that country0s constitution. The discussion, of course, is going on. 1.) Thou shalt use a computer in ways that show consideration and respect: 1ust like public buses or banks, people using computer communications systems may find themselves in situations where there is some form of queuing and you have to wait for your turn and generally be nice to other people in the environment. The fact that you cannot see the people you are interacting with does not mean that you can be rude to them. *ee http$22www.ccsr.cms.dmu.ac.uk2resources2professionalism2codes2cei3command3com.html for further comments on the ten commandments.

IT Code of Ethics
This document may be reproduced and distributed -- providing proper credit to SANS is given.

I will strive to know myself and be honest about my capability.

I will strive for technical excellence in the IT profession by maintaining and enhancing my own knowledge and skills. I acknowledge that there are many free resources available on the Internet and affordable books and that the lack of my employer s training budget is not an excuse nor limits my ability to stay current in IT. !hen possible I will demonstrate my performance capability with my skills via pro"ects# leadership# and$or accredited educational programs and will encourage others to do so as well. I will not hesitate to seek assistance or guidance when faced with a task beyond my abilities or experience. I will embrace other professionals advice and learn from their experiences and mistakes. I will treat this as an opportunity to learn new techni%ues and approaches. !hen the situation arises that my assistance is called upon# I will respond willingly to share my knowledge with others. I will strive to convey any knowledge &specialist or otherwise' that I have gained to others so everyone gains the benefit of each other s knowledge. I will teach the willing and empower others with Industry (est )ractices &I()'. I will offer my knowledge to show others how to become security professionals in their own right. I will strive to be perceived as and be an honest and trustworthy employee. I will not advance private interests at the expense of end users# colleagues# or my employer. I will not abuse my power. I will use my technical knowledge# user rights# and permissions only to fulfill my responsibilities to my employer. I will avoid and be alert to any circumstances or actions that might lead to conflicts of interest or the perception of conflicts of interest. If such circumstance occurs# I will notify my employer or business partners. I will not steal property# time or resources. I will re"ect bribery or kickbacks and will report such illegal activity. I will report on the illegal activities of myself and others without respect to the punishments involved. I will not tolerate those who lie# steal# or cheat as a means of success in IT.

I will conduct my business in a manner that assures the IT profession is considered one of integrity and professionalism.
I will not in"ure others# their property# reputation# or employment by false or malicious action. I will not use availability and access to information for personal gains through corporate espionage.

I distinguish between advocacy and engineering. I will not present analysis and opinion as fact. I will adhere to Industry (est )ractices &I()' for system design# rollout# hardening and testing. I am obligated to report all system vulnerabilities that might result in significant damage. I respect intellectual property and will be careful to give credit for other s work. I will never steal or misuse copyrighted# patented material# trade secrets or any other intangible asset. I will accurately document my setup procedures and any modifications I have done to e%uipment. This will ensure that others will be informed of procedures and changes I ve made.

I respect privacy and confidentiality.

I respect the privacy of my co-workers information. I will not peruse or examine their information including data# files# records# or network traffic except as defined by the appointed roles# the organi*ation s acceptable use policy# as approved by +uman ,esources# and without the permission of the end user. I will obtain permission before probing systems on a network for vulnerabilities. I respect the right to confidentiality with my employers# clients# and users except as dictated by applicable law. I respect human dignity. I treasure and will defend e%uality# "ustice and respect for others. I will not participate in any form of discrimination# whether due to race# color# national origin# ancestry# sex# sexual orientation# gender$sexual identity or expression# marital status# creed# religion# age# disability# veteran s status# or political ideology.