•  Risk transference: a.k.a. Risk-sharing
                              (insurance)
                          •  Risk acceptance: accept risk
                              (document & acknowledge)
                          •  Risk avoidance: avoid the
                              environment to avoid the threat (e.g.,
                              banning all wireless networks)
                   •  You should not put all countermeasures in
                       one box as this is a single point of failure,
                       and it is rare for one solution to be good for
                       everything.
               Ethics
               •  Teleology: ethics of purpose or goal.  The
                   greatest good to the greatest number
               •  Deontology: ethics of duty. For example,
                   religious.
               •  Code of Ethics
                   •  (ISC)
                            2
                          •  Protect society, commonwealth, and
                              infrastructure (People).
                          •  Act honorably, honestly, justly,
                              responsibly, and legally (Law).
                          •  Provide diligent and competent
                              service to principals (Organization).
                          •  Advance and protect the profession
                              (CISSP).
                   •  RFC 1087: access and use of the Internet is
                       a privilege.
                          •  Internet Activities Board (IAB):
                              defines what is
                              unacceptable/unethical.  Unethical: