As a Information systems security professional, you must understand and follow the code of ethics, as well as your organization’s own code. following are the main points to be followed.
- Protect society, the common good, necessary public trust and confidence, and the infrastructure. This is “do the right thing.” Put the common good ahead of yourself. Ensure that the public can have faith in your infrastructure and security.
- Act honorably, honestly, justly, responsibly, and legally. Always follow the laws. But what if you find yourself working on a project where conflicting laws from different countries or jurisdictions apply? In such a case, you should prioritize the local jurisdiction from which you are performing the services.
- Provide diligent and competent service to principles. Avoid passing yourself as an expert or as qualified in areas that you aren’t. Maintain and expand your skills to provide competent services.
- Advance and protect the profession. Don’t bring negative publicity to the profession. Provide competent services, get training and act honorably. Think of it like this: If you follow the first three canons in the code of ethics, you automatically comply with this one.
- Organizational code of ethics. You must also support ethics at your organization. This can be interpreted to mean evangelizing ethics throughout the organization, providing documentation and training around ethics, or looking for ways to enhance the existing organizational ethics. Some organizations might have slightly different ethics than others, so be sure to familiarize yourself with your organization’s ethics and guidelines.