We were grateful to have had Kelley Archer present our April WebTracks webinar, “Ethics in IT security.” During his presentation, Archer’s message was clear – as an information security professional, you are likely to encounter ethical issues; so be ready.
Code of ethics
Before diving into examples, Archer, who is heavily involved with UMSA and several of our affiliate organizations, talked about the importance of professional organizations. He told security professionals to turn to their professional organization’s bylaws for help. You joined those organizations for more than just the free food at chapter meetings; you joined them to help guide you.
In the presentation, Archer shared ethical codes from some local information security associations, including UMSA. In comparison to many similar organizations, our ethical code is comprehensive. Here is how we have chosen to guide security professionals through some ethical situations:
As a professional association, the Corporation aspires to, abides by, and promotes the highest standards of ethical and professional conduct.
Abiding by the Code of Ethics is a requisite for initial and continuing membership in the association and shall govern the conduct of all members or member representatives.
All members, member and affiliate representatives or anyone acting as an agent, in conjunction with any or all Corporation activities, shall:
(a) Conduct themselves and their activities according to the highest of ethical principles and in a professional, business-like manner.
(b) Abide by the Corporation’s articles, bylaws, and policies.
(c) Respect the purpose and goals of the Corporation, ensuring the Upper Midwest Security Alliance, UMSA, and Secure360 names are used only in the conduct of Corporation business and never for personal advancement or gain.
(d) Refrain from any activities that might constitute a conflict of interest at Corporation functions or events, including engaging in sales activities or solicitation, engaging in personnel recruiting, posting displays, distributing materials without prior Board approval, or conducting any other activity contrary to the purpose and policies of the Corporation.
(e) Maintain the security and confidentiality of all proprietary Corporation documents and information, restricting their use to those purposes prescribed or intended by the policies and procedures of the Corporation or its Board of Directors, including special restrictions on the Corporation membership and mailing lists.
(f) Not intentionally injure or impugn the professional reputation or practice of colleagues, clients, or employers.
From the beginning, Archer reminded webinar attendees that no one ethical statement or solution fits all, but it is important to study and talk about ethical cases so you have ideas on how to handle your own. For examples, ideas and inspiration, listen to Archer’s full webinar for free.