Ethics for Incident Response and Security Teams - Case Studies

Also available in PDF

February 1, 2023

This document describes a set of case studies to help explain the duties as described by the Code of Ethics for Incident Response and Security Teams (EthicsfIRST). These case studies are meant to represent dilemmas faced by security teams. For each of the duties there is one example that captures relevant aspects of that duty. The format of an example is that first the context is described in the Situation section, then a suggested action is described, followed by a Resolution describing how this balances the different duties as described by EthicsfIRST. For ease of reading, this SIG chose to simplify and clarify examples. There is no specific example for the Duty to Respect Human Rights. EthicsfIRST follows the definitions of Human Rights as outlined by the United Nations, and these are represented throughout the below principle case studies.

Duty of trustworthiness

Duty of coordinated vulnerability disclosure

Duty of confidentiality

Duty to acknowledge

Duty of authorization

Duty to inform

Duty to Team health

Duty to Team ability

Duty for responsible collection

Duty to recognize jurisdictional boundaries

Duty of evidence-based reasoning