Last week ISC2 launched a Code of Professional Conduct. This new Code builds upon the canons set forth in the ISC2 Code of Ethics, which all ISC2-certified members and associates commit to uphold. As a standalone resource, it broadens the scope of application to all cybersecurity professionals, expanding on the canons to provide practical guidelines for issues that professionals might encounter in their work.
To learn more about how and why the Code was developed, watch our ISC2 Insights interview with Rick Gamache, CISSP, Sr. Director, Standards and Practice, Rachel Williams, Sr. Manager, Ethics and Compliance and James McQuiggan, CISSP, CISO Advisor and Course Instructor.
When asked why the Code matters, Rachel Williams, who led the project to develop the Code with a dedicated taskforce of volunteers, responded “It’s not just showing up and knowing the technical competencies behind what you do. But it’s also how you show up, the conduct behind it, and the ethical decision making you do in your day to day.”
Discussing how the Code relates to the ISC2 strategic priorities, and our obligation to our members and the profession, Rick Gamache advised “It’s a real foundation of how we practice cybersecurity.”
We asked James McQuiggan why a Code is needed for the profession. Speaking from his experience as a seasoned ISC2 volunteer and chapter leader, who is also teaching cybersecurity to students, James replied “It’s our oath to the industry, to society, to make sure that we’re acting … in the best interests of our profession.”
A Key Resource for your Practice
Of note, the ISC2 Code of Ethics remains in place, unchanged. Additionally, there are no changes to certification requirements, which remain based on the ISC2 Code of Ethics. Professionals are encouraged to freely use the new Code, designed to support their daily practice. Keep in mind, though, that this isn’t a mandatory set of rules.
Providing context, Gamache continued, “The ability for all of us to communicate back, upward, and even downward why we do something within the context of values and what's important to us as professionals and why it matters, is where the Code really shines.”
How Can You Get Involved
The Code is the first step for ISC2 in expanding ethical and conduct guidance. More will be developed and released to provide resources, guidelines and tools for cybersecurity professionals to use in their work.
If you’d like to be involved in evolving the Code by providing direction, suggestions or feedback on future developments, please click here to volunteer or contact codeofconducttaskforce@isc2.org for more information.
To read the full Code and learn how it can support your professional practice, visit /about/Code-of-Professional-Conduct