Australia’s Cyber Security Strategy outlines the Australian government’s philosophy to protect and advance the interests Australians, both individuals and businesses, as well as the Australian government, online. In general, an organization’s cyber security responsibility is to protect the confidentiality and integrity of digital information. Australia’s Cyber Security Strategy encourages organisations to educate and empower employees on how to be safe online. Businesses must also ensure that their cyber security policies are “robust and current” because the amount of information online is increasing as systems and people become more interconnected. As a result, there is an increased effort to steal or exploit this information. This threatens individual and organization privacy, as well as safety. Due to the lack of an authority who will set and monitor ethical standards, it is up to each organization to hold its members to an established code of conduct or to adopt existing guidelines from other organizations such as ISSA. The’slippery-slope’ concept is one of the reasons for this. This concept should be addressed in particular in the IT departments of organizations, since they have the largest jurisdiction and are most involved in cyber-security decisions. It is important to address this concept, especially in the IT security department of an organization, as they are typically the ones who have most jurisdiction and involvement with cyber security decisions. Most ethical issues they will encounter have not yet become law. Also, no organization has been established to monitor and enforce a comprehensive code of ethics. Digital technologies offer enormous potential. But their full potential is dependent on the trust an organisation can place in the cyberspace and internet. Organizations are vulnerable to financial and ethical compromise without a strategy. As for incident response, organisations need a procedure that managers must follow in order to know how, where, and when to talk to employees about cyber security breaches. The organization must also decide how far to investigate incidents and the importance of employee privacy compared to the responsibility of the organization to determine and correct the problem. The lack of universally mandated governing bodies is another reason why many corporate methods raise ethical questions. Cyber security experts, regardless of their position, must be ethical when they use or implement any security solutions that involve administrative access to employees’ personal data. The Cyber Security Strategy of Australia encourages employees to be educated and empowered. This reinforces the importance of having a thorough understanding of cyber-related ethical issues. Due to the sensitive nature of health information, it’s important for organizations to make sure that their cybersecurity experts are following these guidelines. IT professionals who specialize in cyber security could play an important role in helping to create ethical organizations from the very beginning by assisting with the vetting and selection of employees. It will help reinforce a culture of ethics and encourage new employees to adopt ethical practices. It is the responsibility of the organization to decide how it will hold Cyber-security specialists, the IT Department, Management, and Executives accountable when there is a cyber breach. The organization should adhere to the principle that allows each module only to have access to information and resources needed for its legitimate purpose. Snowden’s disclosures show that the biggest threat to online security for government and business is often not malware, but “warmware”; the ability of an insider with legitimate access to gain classified information then leak it illegally.