Cybersecurity Ethics — Week 4 · Module 10
Capstone
Capstone Synthesis
Four weeks of cyberethics in one frame. The decisions you'll actually face after the syllabus is gone.
13 slides~13 minAll Spinello chapters + Solarium
Slide 2 of 13
"This is not the end of the questions. It is the beginning of having to answer them without a syllabus."
Slide 3 of 13 · Week 1 review
Week 1: Foundations
CSE-01 Cyberethics Overview
Lessig's 4 modalities (law/norms/market/code), 4 ethical frameworks, Sony BMG & Apple v FBI cases.
CSE-02 Security Pro Role
5 professional relationships, trust asymmetry, 4 codes (ASIS/ISACA/GIAC/Ethics FIRST), NSO Group.
CSE-03 NIST CSF Anchor
5 Functions, 4 subcategories (ID.BE / ID.GV / PR.AT / PR.IP), Equifax cascade across all four.
The Week 1 throughline: by the end of the week, you have a vocabulary for who is regulating what, what your professional codes obligate you to do when those regulations leave gaps, and where the framework places your decisions in the lifecycle.
Slide 4 of 13 · Week 2 review
Week 2: Governance, Speech, Property
CSE-04 Cyberspace Governance
ICANN multistakeholder, 3 visions, Brussels Effect (GDPR), data localization (Russia/China/India), CLOUD Act + Microsoft Ireland.
CSE-05 Free Speech
Section 230(c)(1)+(c)(2) vs DSA, Brandenburg test, foreign election interference (IRA, Mueller Vol I, SSCI Vol II), encryption "going dark".
CSE-06 IP in Cyberspace
DMCA 3 pillars, Aaron Swartz/weev cases, Van Buren (2021) CFAA narrowing, Alice (2014), DTSA (2016).
The Week 2 throughline: who governs cyberspace, who speaks in it, and who owns what runs through it. Each module reveals a different way the legal system has tried — and partially failed — to map borderless infrastructure onto territorial law.
Slide 5 of 13 · Week 3 review
Week 3: Privacy & Moral Obligation
CSE-07 Privacy Rights
Fourth Amendment + Katz, Carpenter v US (2018), US sectoral patchwork (HIPAA/GLBA/FERPA/COPPA/ECPA), state laws (CCPA/CPRA), GDPR operational, Nissenbaum contextual integrity, Schrems II (2020).
CSE-08 Cybercrime & Moral Obligation
Crime actor taxonomy, attribution problem, hack-back debate, ransomware ethics, Colonial Pipeline (2021), defenders ethics: proportionality + honesty + care.
The Week 3 throughline: the defending side. Privacy as the right that security operations either honor or undermine. The moral frame that makes "cybersecurity is a job" insufficient as a self-description.
Slide 6 of 13 · Week 4 review
Week 4: Solarium & Capstone
CSE-09 Solarium Commission
2020 final report, layered cyber deterrence, 6 pillars, defend forward doctrine, NCD created (2021), JCDC at CISA, CIRCIA (2022), National Cybersecurity Strategy (2023), SolarWinds reference.
CSE-10 (this module)
Synthesis. The framework is in your hands.
The Week 4 throughline: where individual professional ethics meets state strategy. Where the codes (written for individual practitioner conduct) collide with national-level operational doctrine that asks the practitioner to participate in something larger.
Slide 7 of 13 · The three lenses
Three Lenses You Carry Out of This Course
Slide 8 of 13 · CSF subcategories revisited
The Four CSF Subcategories Across This Course
Slide 9 of 13 · The codes hierarchy
When Frameworks Disagree, Codes Decide
The single hardest call in cybersecurity ethics is when the public-interest priority requires you to act against the proximity-driven priority. The codes were written precisely to give you the standing to make that call.
Slide 10 of 13 · The defining cases
The Cases Worth Memorizing
Sony BMG (2005)
Code as DRM enforcement. Researcher Mark Russinovich. The defining "code is law" case for cyberethics.
Apple v FBI (2016)
All four Lessig modalities collided. None decisive. The encryption-vs-lawful-access debate's reference case.
NSO / Pegasus
Code-vs-contract for individual practitioners. ~50,000 numbers, US Entity List Nov 2021.
Equifax (2017)
CSF cascade across all 4 subcategories. 147M records. Framework gaps as the cause.
Aaron Swartz (2013)
CFAA at maximum reach. 13-felony superseding indictment. Catalyzed Van Buren narrowing.
Carpenter v US (2018)
Third-party doctrine narrowed. Digital data's pervasive nature defeats "voluntary sharing" framing.
Schrems II (2020)
Privacy Shield invalidated. Cross-border data transfer is a moving target.
Colonial Pipeline (2021)
Single missing MFA control → national fuel-supply consequences. Critical infrastructure stakes.
SolarWinds (2020)
Tested the Solarium model in real time. Supply chain became the federal priority.
Slide 11 of 13 · The path forward
Where You Go From Here
Read your code end-to-end
Whichever certification you carry: read the code, end to end, at least once. Then bookmark it.
Walk the three lenses
Before nontrivial decisions: which modality, which framework, which CSF subcategory. Reflex by the tenth time.
Document concerns
When you raise an ethical concern internally, document it: what, when, to whom, the response. The record is what protects you when the situation escalates.
Find the people
Ethics is easier with community. ASIS chapters, ISACA local groups, FIRST teams, mentors. The decisions get heavier; the support keeps you upright.
The codes do not make ethics easy. They make ethics possible. The rest is up to you.
Slide 12 of 13 · Final exam
The Final Exam
Server-graded. Comprehensive across all 10 modules. Worth 25% of your course grade.
What it covers
All four weeks. Foundational concepts, key cases (the 9 above), four CSF subcategories, four codes. No trick questions — if you understood the modules, you can answer the exam.
How to prepare
Re-walk slides 3-6 above. Read the cases gallery (slide 10). Spend extra time on CSF subcategory mapping. The framework matters more than memorization.
One reminder: the exam is server-graded with multiple attempts. Take it seriously the first time, but the structure is built so that learning continues. Use the result as feedback, not verdict.
Slide 13 of 13
Course Complete
Six anchors to carry into every system you ever build, ship, or refuse to ship.
1Cybersecurity is a profession. The codes (ASIS, ISACA, GIAC, Ethics FIRST) are not optional ornament — they are how you stay one.
2The five obligations — employer, client, profession, public, self — have a hard-case priority order. Public first, even when it costs you.
3Code is law in cyberspace. Engineers make rules whether they admit it or not.
4Three lenses for every decision: which modality, which framework, which CSF subcategory.
5Defender's ethics: proportionality, honesty, care. The three obligations that explain every prior failure case.
6The framework is a discipline, not a checklist. CSF without the moral frame is paperwork. With it, it's a profession.
Mark this module complete to record your progress through the synthesis. Then take the Final Exam from the course home page.