The Ethics Working Group seeks to define Information Security; a professional discipline within the framework of Information Technology as a recognized profession. Professions have certain common characteristics that define them as such (i.e., Law, Medicine, Accountancy); these include, but are not necessarily limited to:
- A common body of knowledge
- A governing body
- Certification authority (whether self or government created) within the profession
- A code of ethics with an oversight body with authority to enforce the provisions of the code.
It is with the understanding that each of these characteristics must be present for a profession to be recognized as such, individuals representing several organizations came together with the support of their Boards of Directors to establish a generally accepted unified framework of ethical behavior. The participating organizations who have adopted this framework to date are:
(ISC)2 - The International Information Systems Security Certification Consortium
ISSA - The International Information Systems Security Association
GIAC - Global Information Assurance Certification
During the past year, these and organizations representing the information and physical security space have undertaken the challenge to review their respective Codes of Ethics in order to ascertain the areas of commonality. The overall goal was to determine if there is a sufficient degree of extant harmony that would serve as a foundation for uniformity.
The initial effort consisted of examining the respective Codes of Ethics and deriving the common elements. Not surprisingly, many representatives from the participating organizations came to rapid agreement on the basic principles, and found a high degree of consistency in their current Codes of Ethics. The resulting draft Unified Framework of Professional Ethics for Security Professionals is now available for consensus review.
For more information contact us at info @ ethics-wg.org
