Center for Qualified CyberSecurity Excellence & Mastery

"Where Qualified Cyber Education Happens"

Text Box: Security University Testing

SUT - Code of Ethics and Professional Conduct

Information security professionals are afforded a great deal of responsibility and trust in protecting the confidentiality, integrity, and availability of an organization's information assets.

It is not enough for information security professionals to simply "do the job". We must hold ourselves and our discipline to the highest standards of ethical and professional conduct.

Security University is committed to upholding these standards and fostering them within the information security community. All Security University-certified members and all Security University certification student candidates agree to uphold and be bound by the following Code of Ethics.

This Code was developed through the consensus of the Security University Advisory Board members and Security University management.

Special thanks to Advisory Board members for their efforts in developing the initial draft and coordinating the review process.

Code of Ethics

The scope and responsibilities of an information security professional are diverse. The services provided by an information security professional are critical to the success of an organization and to the overall security posture of the information technology community. Such responsibilities place a significant expectation on certified professionals to uphold a standard of ethics to guide the application and practice of the information security discipline.

A professional certified by Security University acknowledges that such a certification is a privilege that must be earned and upheld. Security University certified professionals pledge to advocate, adhere to, and support the Code of Ethics.

Security University certified professionals who willfully violate any principle of the Code may be subject to disciplinary action by Security University.

Respect for the Public

Respect for the Certification

Respect for my Employer

Respect for Myself

Code of Ethics Professional Condust

A. Code

All qualified information security professionals who are qualified by Security University recognize that such qualification is a privilege that must be both earned, validated and maintained. In support of this principle, all Security University members are required to commit to fully support this Code of Ethics (the "Code"). Security University qualified credential holders who intentionally or knowingly violate any provision of the Code will be subject to action by a peer review panel, which may result in the revocation of member qualification. Member are obligated to follow the ethics complaint procedure upon observing any action by an Security University qualification holder that breach the Code. Failure to do so may be considered a breach of the Code pursuant to Canon III.

There are 3 mandatory canons in the Code. By necessity, high-level guidance is not a substitute for the ethical judgment of the qualified information security or assurance professional.

Guidance is provided for each of the 3 canons. This guidance may be considered by the Board of directors in judging behavior, it is not mandatory, only advisory. It is intended to help IS and IA professionals identify and resolve the any ethical dilemmas they confront during the normal course of their qualified information security or information assurance career.

Code of Ethics Preamble :

To each other requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior. Strict adherence to this Code is a condition of qualification.

Code of Ethics Canons:

•  Protect society, the commonwealth, and the infrastructure.

•  Act honorably, honestly, justly, responsibly, and legally.

•  Provide diligent and competent service to principals.

•  Advance and protect the profession.

•  Compliance with the preamble and canons is mandatory. If conflicts arise they should be resolved and are not intended to create ethical binds.

Canon 1 Act honorably, responsibly, and legally

•  Tell the truth.

•  Observe all contracts and agreements, express or implied.

•  Treat all members fairly.

•  Take care to be truthful, objective, cautious, and within competence. Give prudent advice; avoid raising unnecessary alarm or giving unwarranted comfort.

Canon 2 Provide diligent and qualified services

•  Preserve the value of their systems, applications, and information.

•  Respect their trust and the privileges that they grant member.

•  Avoid conflicts of interest or the appearance thereof.

•  Work on systems for which member are fully qualified and validated.

Canon 3 Advance and protect the profession

•  Sponsor for professional advancement those best qualified. All other things equal, prefer those who are qualified, validated and who adhere to these canons. Avoid professional association with those whose practices or reputation might diminish the profession.

Maintain member competence; keep member security skills and knowledge current. Give generously of member time and knowledge in training others.