| |
IT Code of
Ethics
This document is
based on the current Version (1.0) of the
SANS (SysAdmin, Audit, Network, Security)
Institute's
IT Code of Ethics dated 24 April 2004,
available on the SANS website for comparison.
The original text of the SANS document has been
modified only slightly to reflect my status as an independent
consultant rather than being an employee of a
company. I have also included an
additional commitment
to never knowingly condone or support software
piracy, which is not explicitly mentioned in the
original SANS document.
I will strive to know myself and be honest about
my capability.
ß I will strive for technical excellence
in the IT profession by maintaining and
enhancing my own knowledge and skills. I
acknowledge that there are many free resources
available on the Internet and affordable books
and that the lack of a corporate training budget
is not an excuse nor does it limit my ability to
stay current in IT. [Duke IS & IT Services has
invested in a self-study technical training
program through
Thompson NETgLearning to prepare for future
certification exams]
ß When possible I will demonstrate my
performance capability with my skills via
projects, leadership, and/or accredited
educational programs and will encourage others
to do so as well.
ß I will not hesitate to seek assistance
or guidance when faced with a task beyond my
abilities or experience. I will embrace other
professionals' advice and learn from their
experiences and mistakes. I will treat this as
an opportunity to learn new techniques and
approaches. When the situation arises that my
assistance is called upon, I will respond
willingly to share my knowledge with others.
ß I will strive to convey any knowledge
(specialist or otherwise) that I have gained to
others so everyone gains the benefit of each
other's knowledge.
ß I will teach the willing and empower
others with Industry Best Practices (IBP). I
will offer my knowledge to show others how to
become security professionals in their own
right. I will strive to be perceived as and be
an honest and trustworthy consultant.
ß I will not advance private interests at
the expense of end users, colleagues, or my
clients.
ß I will not abuse my power. I will use
my technical knowledge, user rights, and
permissions only to fulfill my responsibilities
to my clients.
ß I will avoid and be alert to any
circumstances or actions that might lead to
conflicts of interest or the perception of
conflicts of interest. If such circumstance
occurs, I will notify my clients or business
partners.
ß I will not steal property, time or
resources.
ß I will reject bribery or kickbacks and
will report such illegal activity.
ß I will report on the illegal activities
of myself and others without respect to the
punishments involved. I will not tolerate those
who lie, steal, or cheat as a means of success
in IT.
ß I will not
condone, nor will I knowingly support, the use
of pirated software by my clients. I will strive
to convince my clients of their legal obligation
to comply with licensing agreements for all
operating systems and applications that are in
use within their organization. The financial
expense of software license compliance is not a
justification for using pirated software: I will
assist my clients to identify and obtain open
source alternatives for operating systems and
application software so that they may comply
with software licensing requirements. [This
commitment was not a part of the original SANS
Code of Ethics, but reflects my core belief that
one should not seek to gain at the expense of
another person or company, and that there must
always be a fair exchange of value in all
business transactions.]
I will conduct my business in a manner that
assures the IT profession is considered one of
integrity and professionalism.
ß I will not injure others, their
property, reputation, or employment by false or
malicious action.
ß I will not use availability and access
to information for personal gains through
corporate espionage.
ß I distinguish between advocacy and
engineering. I will not present analysis and
opinion as fact.
ß I will adhere to Industry Best
Practices (IBP) for system design, rollout,
hardening and testing.
ß I am obligated to report all system
vulnerabilities that might result in significant
damage.
ß I respect intellectual property and
will be careful to give credit for other's work.
I will never steal or misuse copyrighted,
patented material, trade secrets or any other
intangible asset.
ß I will accurately document my setup
procedures and any modifications I have done to
equipment. This will ensure that others will be
informed of procedures and changes I've made.
I respect privacy and confidentiality.
ß I respect the privacy of my clients’
information. I will not peruse or examine their
information including data, files, records, or
network traffic except as defined by the
appointed roles, the organization's acceptable
use policy, as approved by Human Resources, and
without the permission of the end user.
ß I will obtain permission before probing
systems on a network for vulnerabilities.
ß I respect the right to confidentiality
with my clients, users, and their employers
except as dictated by applicable law. I respect
human dignity.
ß I treasure and will defend equality,
justice and respect for others.
ß I will not participate in any form of
discrimination, whether due to race, color,
national origin, ancestry, sex, sexual
orientation, gender/sexual identity or
expression, marital status, creed, religion,
age, disability, veteran's status, or political
ideology.
This ethics policy was
last updated on July 7th 2005.
|
|
