A look at recent updates to three professional ethical codes
Advancing ethical thinking regarding responses to cyber crime
It is common for professional societies and membership organizations to have a Code of Ethics intended to guide their members. Professionals working in the field of information security (INFOSEC) are often members of one or more of these entities, as are academic cyber security researchers and students desiring to enter the INFOSEC field.
In this article I will focus on three such entities: The IEEE and the Association for Computing Machinery (ACM), which are general professional societies with broad membership across many disciplines, and the Forum of Incident Response and Security Teams (FIRST), who “cooperatively handle computer security incidents and promote incident prevention programs”.
Between mid-2018 and the end of 2019, all three of these professional bodies have been actively cultivating their codes of ethics :
- The ACM, who first published an extensive code of ethics in 1992, most recently updated their Code of Ethics and Professional Conduct in June 2018 after an open multi-draft revision process.
- The IEEE , whose original Code of Principles of Professional Conduct goes back to 1912, announced its most recent proposed revisions…