The Code of Ethical Conduct prescribes the relationships of ethics, morality, and information. As social norms for using IT systems evolve, the Code of Ethical Conduct will change and information security professionals will spread the new concepts throughout their organizations and products. Safeguards may require an ethical judgment for use or to determine limits or controls. For example, entrapment is a process for luring someone into performing an illegal or abusive act. As a security safeguard, a security professional might set up an easy-to-compromise hole in the access control system, then monitor attempts to exploit the hole. This form of entrapment is useful in providing warning that penetration has occurred. It may also provide enough information to identify the perpetrator. Due to laws, regulations, or ethical standards, it may be unethical to use data collected via entrapment in prosecution, but it may be ethical to use entrapment as a detection and prevention strategy. Legal and ethics advice should be sought.