In studying for my next certification, I read about this IT Code of Ethics from SANS. Although it's a bit dated coming from 2004, it still seems relevant and eye-opening.
I will strive to know myself and be honest about my capability.
- I will strive for technical excellence in the IT profession by maintaining and enhancing my own knowledge and skills. I acknowledge that there are many free resources available on the Internet and affordable books and that the lack of my employer's training budget is not an excuse nor limits my ability to stay current in IT.
- When possible I will demonstrate my performance capability with my skills via projects, leadership, and/or accredited educational programs and will encourage others to do so as well.
- I will not hesitate to seek assistance or guidance when faced with a task beyond my abilities or experience. I will embrace other professionals' advice and learn from their experiences and mistakes. I will treat this as an opportunity to learn new techniques and approaches. When the situation arises that my assistance is called upon, I will respond willingly to share my knowledge with others.
- I will strive to convey any knowledge (specialist or otherwise) that I have gained to others so everyone gains the benefit of each other's knowledge.
- I will teach the willing and empower others with Industry Best Practices (IBP). I will offer my knowledge to show others how to become security professionals in their own right. I will strive to be perceived as and be an honest and trustworthy employee.
- I will not advance private interests at the expense of end users, colleagues, or my employer.
- I will not abuse my power. I will use my technical knowledge, user rights, and permissions only to fulfill my responsibilities to my employer.
- I will avoid and be alert to any circumstances or actions that might lead to conflicts of interest or the perception of conflicts of interest. If such circumstance occurs, I will notify my employer or business partners.
- I will not steal property, time or resources.
- I will reject bribery or kickbacks and will report such illegal activity.
- I will report on the illegal activities of myself and others without respect to the punishments involved. I will not tolerate those who lie, steal, or cheat as a means of success in IT.
I will conduct my business in a manner that assures the IT profession is considered one of integrity and professionalism.
- I will not injure others, their property, reputation, or employment by false or malicious action.
- I will not use availability and access to information for personal gains through corporate espionage.
- I distinguish between advocacy and engineering. I will not present analysis and opinion as fact.
- I will adhere to Industry Best Practices (IBP) for system design, rollout, hardening and testing.
- I am obligated to report all system vulnerabilities that might result in significant damage.
- I respect intellectual property and will be careful to give credit for other's work. I will never steal or misuse copyrighted, patented material, trade secrets or any other intangible asset.
- I will accurately document my setup procedures and any modifications I have done to equipment. This will ensure that others will be informed of procedures and changes I've made.
I respect privacy and confidentiality.
- I respect the privacy of my co-workers' information. I will not peruse or examine their information including data, files, records, or network traffic except as defined by the appointed roles, the organization's acceptable use policy, as approved by Human Resources, and without the permission of the end user.
- I will obtain permission before probing systems on a network for vulnerabilities.
- I respect the right to confidentiality with my employers, clients, and users except as dictated by applicable law. I respect human dignity.
- I treasure and will defend equality, justice and respect for others.
- I will not participate in any form of discrimination, whether due to race, color, national origin, ancestry, sex, sexual orientation, gender/sexual identity or expression, marital status, creed, religion, age, disability, veteran's status, or political ideology.
Version 1.0 - April 24, 2004
Do you agree or disagree with the Code of Ethics? Is there anything you would add or remove to update it from version 1.0 and 2004?