Cyber

Code of Professional Conduct

by Mark Rowe

New from the membership body for cybersecurity people ISC2 is a Code of Professional Conduct. ISC2 (pronounced ISC-squared) describe the document as a global framework dedicated to principled and ethical practices across the cybersecurity profession. It’s building upon the ISC2 Code of Ethics, as guidance for cybers people to make sound decisions, foster trust and uphold integrity of the workforce.

The US-based body points to such ethical challenges as artificial intelligence (AI), disinformation and evolving digital threats. ISC2 says that the code will be a living document that is amended and refine. Developed with input from nearly 1,400 cyber people, endorsed by the ISC2 Professional Conduct (Ethics) Committee and approved by the ISC2 Board of Directors, the code can enable principled decision-making and promote professional accountability. ISC2 says that it’s akin to codes of conduct across other professionalized disciplines, such as accounting, finance, healthcare and law.

ISC2 Chief Executive Officer Scott Beale said: “Cybersecurity professionals have a profound responsibility not only to protect and secure individuals, organizations and systems around the world but also to uphold the integrity, accountability and trust that the profession depends on. “The Code provides a shared foundation for guiding ethical decision-making and professional conduct, especially as emerging technologies like AI reshape how organizations operate and how security decisions are made. Leveraging the collective input and decades of experience from more than 1,000 ISC2 volunteers, the Code provides comprehensive guidance for everyone working in the cybersecurity field.”

Volunteers globally met to discuss the challenges practitioners face in their professional duties. ISC2 member and Code Volunteer Panos Vlachos, CCSP said: “Our goal with the global Code is to ensure that AI and other transformative innovations align with ethical best practices, fostering responsible adoption while mitigating potential risks.”

Other sources were in academia and industry. The code is written around two guiding principles, ethics and professional conduct. In the Ethics section, the code discusses topics such as integrity (being honest, and transparent), confidentiality (such as, a commitment to data privacy), respect for laws and regulations and public safety and societal impact; while the Professional Conduct section goes over responsibility and accountability, collaboration and teamwork, competence and continuous improvement, as well as reporting issues and concerns.

ISC2 Member and Code Volunteer Srija Reddy Allam, CISSP, CCSP said: “I hope ISC2 members and cybersecurity professionals will use the Code of Professional Conduct as both a guide and a mirror to inform their daily decisions and also reflect on their paramount role in shaping a safer cyber world. In a field like cybersecurity, where not every situation has a clear rulebook, the Code can serve to navigate gray areas with integrity. I also hope it becomes a shared foundation across the profession, encouraging accountability, fostering trust and reinforcing that how we work is just as important as what we do.”

More reading

To explore the code visit: http://www.isc2.org/about/Code-of-Professional-Conduct. ISC2 has numerous chapters in the British Isles; visit https://www.isc2.org/chapters.

