The scope and responsibilities of an information security professional are diverse. The services provided by an information security professional are critical to the success of an organization and to the overall security posture of the information technology community. Such responsibilities place a significant expectation on certified professionals to uphold a standard of ethics to guide the application and practice of the information security discipline.
GIAC is committed to upholding these standards and fostering them within the information security community. All GIAC-certified individuals agree to uphold and be bound by the following Code of Ethics.
This Code was developed through the consensus of the GIAC Advisory Board members and GIAC management. A professional certified by GIAC acknowledges that such a certification is a privilege that must be earned and upheld. GIAC certified professionals pledge to advocate, adhere to, and support the Code of Ethics. Any GIAC member, or member of the public, may submit a written complaint to the GIAC Ethics Council. Complaints may be submitted via the web-based complaint form.
It is not enough for information security professionals to simply "do the job". We must hold ourselves and our discipline to the highest standards of ethical and professional conduct.
Special thanks to Advisory Board members James O'Brien, Bill Royds, and Alan Moe for their efforts in developing the initial draft and coordinating the review process.
Respect for the Public
- I will accept responsibility in making decisions with consideration for the security and welfare of the community.
- I will not engage in or be a party to unethical or unlawful acts that negatively affect the community, my professional reputation, or the information security discipline.
Respect for the Certification
- I will not share, disseminate, or otherwise distribute confidential or proprietary information pertaining to the GIAC certification process.
- I will not use my certification, or objects or information associated with my certification (such as certificates or logos) to represent any individual or entity other than myself as being certified by GIAC.
Respect for My Employer
- I will deliver capable service that is consistent with the expectations of my certification and position.
- I will protect confidential and proprietary information with which I come into contact.
- I will minimize risks to the confidentiality, integrity, or availability of an information technology solution, consistent with risk management practice.
Respect for Myself
- I will avoid conflicts of interest.
- I will not misuse any information or privileges I am afforded as part of my responsibilities.
- I will not misrepresent my abilities or my work to the community, my employer, or my peers.