The first step in establishing a cyber ethical culture is to ask the really tough questions, the answer to which may be politically incorrect. HR (Human resources), legal, security and top management need to work together to set the tone they wish to flow through gaming; other times off-site meetings will work.
The second step is to include cyber ethical components in corporate security awareness campaigns to keep employees clued in.
The last but most important step is to be ready to make changes rapidly when cyber ethics becomes a component of information security efforts. We cannot predict how they will change tomorrow or next year – but we need to be prepared.
(MARINOTTO, Demóstene. Reading on Info Tech (Inglês para Informática). São Paulo, Novatec, 2007.)