Crossing the Line: Ethics for the Security Professional

We often hear of the 'hacker' (A) who breaks into a system and steals credit card numbers releases a destructive worm or maybe defaces a website. What do you think about his actions? Are they ethical? Unethical? I think most of us would agree that this constitutes unethical behavior. What about us (B) though? How are our actions viewed when we in defense of our clients networks or our own networks engage in activities similar to the above mentioned hacker. I will briefly talk about several systems of ethics and then we will apply them to situations that we as IT security personnel face. Hopefully this will give you a framework for making ethical decisions within the framework of this job. We will find through this analysis that we have to hold ourselves to an even higher standard than that to which we hold the average computer users or even hackers.