In a significant step toward strengthening the ethical foundation of the cybersecurit profession, ISC2 has officially launched a Code of Professional Conduct, a globally developed Code designed to guide cybersecurity professionals in making principled, responsible decisions in an increasingly complex digital world.
This new Code builds upon the well-established ISC2 Code of Ethics, which all ISC2-certified members and associates are required to uphold. However, the Code of Professional Conduct expands the scope significantly, offering a broader, more actionable set of principles and ethical standards that can apply across the entire cybersecurity profession—not just to ISC2 members.
Developed in collaboration with nearly 1,400 volunteers from around the world, the Code reflects a diverse range of perspectives and experiences. It has undergone rigorous review by association staff, a dedicated Code Taskforce of certified practitioners, the ISC2 Ethics Committee, and has been formally approved by the ISC2 Board of Directors.
“Cybersecurity professionals have a profound responsibility not only to protect and secure individuals, organizations and systems around the world but also to uphold the integrity, accountability and trust that the profession depends on,” said ISC2 Chief Executive Officer Scott Beale, CC. “The Code provides a shared foundation for guiding ethical decision-making and professional conduct, especially as emerging technologies like AI reshape how organizations operate and how security decisions are made. Leveraging the collective input and decades of experience from more than 1,000 ISC2 volunteers, the Code provides comprehensive guidance for everyone working in the cybersecurity field.”
A Tool for Trust and Accountability
The Code of Professional Conduct is more than a set of ideals. It is a practical tool designed to help practitioners:
- Act justly, fairly and responsibly in day-to-day professional activities.
- Foster trust with clients, employers, and the public by demonstrating consistent ethicaland professional conduct.
- Navigate ethical dilemmas with confidence, especially in high-pressure or ambiguous situations.
- Uphold the reputation of the cybersecurity profession by modeling integrity and accountability.
In a field where the stakes are high and the pace of change is relentless, having a shared framework for ethical and professional conduct is essential. Whether dealing with data privacy, balancing security and organizational objectives, incident response, AI governance, or emerging threats, cybersecurity professionals now have a globally recognized standard to guide their behavior.
A Profession-Wide Resource
Importantly, the Code is not limited to ISC2 members. It is intended as a resource for the entire cybersecurity community, regardless of certification or affiliation. By making the Code publicly available, ISC2 aims to foster a culture of excellence across the profession.
Jerrad Dahlager, CISSP, served on the Code Task Force that developed the Code. When asked how professionals will be able to use this resource, he answered, “Ideally, it will serve as a practical decision-making framework that helps professionals navigate complex situations with confidence and consistency. Organizations can adopt it as a baseline for their security teams, creating alignment across the industry. For newer professionals, it should help provide clarity about the expectations and responsibilities they're assuming. I believe the Code will help demonstrate to the broader business community and the public that cybersecurity is a mature profession with shared principles and standards of excellence."
Cybersecurity is no longer just a technical discipline—it is a societal imperative. As threats evolve and responsibilities grow, so too must the ethical standards that guide the profession. The Code of Professional Conduct is a timely and necessary step in that evolution.
To read the full Code and learn how it can support your professional practice, visit https://www.isc2.org/about/Code-of-Professional-Conduct