SUT - Code of Ethics and Professional Conduct
Information security professionals are afforded a great deal of responsibility and trust in protecting the confidentiality, integrity, and availability of an organization's information assets.
It is not enough for information security professionals to simply "do the job". We must hold ourselves and our discipline to the highest standards of ethical and professional conduct.
Security University is committed to upholding these standards and fostering them within the information security community. All Security University-certified members and all Security University certification student candidates agree to uphold and be bound by the following Code of Ethics.
This Code was developed through the consensus of the Security University Advisory Board members and Security University management.
Special thanks to Advisory Board members for their efforts in developing the initial draft and coordinating the review process.
Code of Ethics
The scope and responsibilities of an information security professional are diverse. The services provided by an information security professional are critical to the success of an organization and to the overall security posture of the information technology community. Such responsibilities place a significant expectation on certified professionals to uphold a standard of ethics to guide the application and practice of the information security discipline.
A professional certified by Security University acknowledges that such a certification is a privilege that must be earned and upheld. Security University certified professionals pledge to advocate, adhere to, and support the Code of Ethics.
Security University certified professionals who willfully violate any principle of the Code may be subject to disciplinary action by Security University.
Respect for the Public
- I will accept responsibility in making decisions with consideration for the security and welfare of the community.
- I will not engage in or be a party to unethical or unlawful acts that negatively affect the community, my professional reputation, or the information security discipline.
Respect for the Certification
- I will not share, disseminate, or otherwise distribute confidential or proprietary information pertaining to the Security University certification process.
- I will not use my certification, or objects or information associated with my certification (such as certificates or logos) to represent any individual or entity other than myself as being certified by Security University.
Respect for my Employer
- I will deliver capable service that is consistent with the expectations of my certification and position.
- I will protect confidential and proprietary information with which I come into contact.
- I will minimize risks to the confidentiality, integrity, or availability of an information technology solution, consistent with risk management practice.
Respect for Myself
- I will avoid conflicts of interest.
- I will not misuse any information or privileges I am afforded as part of my responsibilities.
- I will not misrepresent my abilities or my work to the community, my employer, or my peers.
Code of Ethics Professional Condust
A. Code
All qualified information security professionals who are qualified by Security University recognize that such qualification is a privilege that must be both earned, validated and maintained. In support of this principle, all Security University members are required to commit to fully support this Code of Ethics (the "Code"). Security University qualified credential holders who intentionally or knowingly violate any provision of the Code will be subject to action by a peer review panel, which may result in the revocation of member qualification. Member are obligated to follow the ethics complaint procedure upon observing any action by an Security University qualification holder that breach the Code. Failure to do so may be considered a breach of the Code pursuant to Canon III.
There are 3 mandatory canons in the Code. By necessity, high-level guidance is not a substitute for the ethical judgment of the qualified information security or assurance professional.
Guidance is provided for each of the 3 canons. This guidance may be considered by the Board of directors in judging behavior, it is not mandatory, only advisory. It is intended to help IS and IA professionals identify and resolve the any ethical dilemmas they confront during the normal course of their qualified information security or information assurance career.
Code of Ethics Preamble :
To each other requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior. Strict adherence to this Code is a condition of qualification.
Code of Ethics Canons:
Protect society, the commonwealth, and the infrastructure.
Act honorably, honestly, justly, responsibly, and legally.
Provide diligent and competent service to principals.
Advance and protect the profession.
Compliance with the preamble and canons is mandatory. If conflicts arise they should be resolved and are not intended to create ethical binds.
Canon 1 Act honorably, responsibly, and legally
Tell the truth.
Observe all contracts and agreements, express or implied.
Treat all members fairly.
Take care to be truthful, objective, cautious, and within competence. Give prudent advice; avoid raising unnecessary alarm or giving unwarranted comfort.
Canon 2 Provide diligent and qualified services
Preserve the value of their systems, applications, and information.
Respect their trust and the privileges that they grant member.
Avoid conflicts of interest or the appearance thereof.
Work on systems for which member are fully qualified and validated.
Canon 3 Advance and protect the profession
Sponsor for professional advancement those best qualified. All other things equal, prefer those who are qualified, validated and who adhere to these canons. Avoid professional association with those whose practices or reputation might diminish the profession.
Maintain member competence; keep member security skills and knowledge current. Give generously of member time and knowledge in training others.