The Ten Commandments of Computer Ethics:
1. Thou shalt not use a computer to harm other people.
2. Thou shalt not interfere with other people's computer work.
3. Thou shalt not snoop around in other people's computer files.
4. Thou shalt not use a computer to steal.
5. Thou shalt not use a computer to bear false witness.
6. Thou shalt not copy or use proprietary software for which you have not paid.
7. Thou shalt not use other people's computer resources without authorization or proper compensation.
8. Thou shalt not appropriate other people's intellectual output.
9. Thou shalt think about the social consequences of the program you are writing or the system you are designing.
10. Thou shalt always use a computer in ways that ensure consideration and respect for your fellow humans.
7 CODE OF ETHICS for IT:
1. Act honestly, justly, responsibly, and legally, and protecting the commonwealth.
2. Work diligently nad provide competent services and advance the security profession.
3. Encourage the growth of research - teach, mentor, and value the certification.
4. Discourage unsafe practices, and preserve and strengthen the integrity of public infrastructures.
5. Observe and abide by all contracts, expressed or implied, and give prudent advise.
6. Avoid any conflict of interest, respect the trust that others put in you, and take on only those jobs you are qualified to perform.
7. Stay current on skills, and do not become involved with activities that could injure the reputation of other security professionals.
SANS: IT Code of Ethics
I will strive to know myself and be honest about my capability.
I will strive for technical excellence in the IT profession by maintaining and enhancing my own knowledge and skills. I acknowledge that there are many free resources available on the Internet and affordable books and that the lack of my employer's training budget is not an excuse nor limits my ability to stay current in IT.
When possible I will demonstrate my performance capability with my skills via projects, leadership, and/or accredited educational programs and will encourage others to do so as well.
I will not hesitate to seek assistance or guidance when faced with a task beyond my abilities or experience. I will embrace other professionals' advice and learn from their experiences and mistakes. I will treat this as an opportunity to learn new techniques and approaches. When the situation arises that my assistance is called upon, I will respond willingly to share my knowledge with others.
I will strive to convey any knowledge (specialist or otherwise) that I have gained to others so everyone gains the benefit of each other's knowledge.
I will teach the willing and empower others with Industry Best Practices (IBP). I will offer my knowledge to show others how to become security professionals in their own right. I will strive to be perceived as and be an honest and trustworthy employee.
I will not advance private interests at the expense of end users, colleagues, or my employer.
I will not abuse my power. I will use my technical knowledge, user rights, and permissions only to fulfill my responsibilities to my employer.
I will avoid and be alert to any circumstances or actions that might lead to conflicts of interest or the perception of conflicts of interest. If such circumstance occurs, I will notify my employer or business partners.
I will not steal property, time or resources.
I will reject bribery or kickbacks and will report such illegal activity.
I will report on the illegal activities of myself and others without respect to the punishments involved. I will not tolerate those who lie, steal, or cheat as a means of success in IT.
I will conduct my business in a manner that assures the IT profession is considered one of integrity and professionalism.
I will not injure others, their property, reputation, or employment by false or malicious action.
I will not use availability and access to information for personal gains through corporate espionage.
I distinguish between advocacy and engineering. I will not present analysis and opinion as fact.
I will adhere to Industry Best Practices (IBP) for system design, rollout, hardening and testing.
I am obligated to report all system vulnerabilities that might result in significant damage.
I respect intellectual property and will be careful to give credit for other's work. I will never steal or misuse copyrighted, patented material, trade secrets or any other intangible asset.
I will accurately document my setup procedures and any modifications I have done to equipment. This will ensure that others will be informed of procedures and changes I've made.
I respect privacy and confidentiality.
I respect the privacy of my co-workers' information. I will not peruse or examine their information including data, files, records, or network traffic except as defined by the appointed roles, the organization's acceptable use policy, as approved by Human Resources, and without the permission of the end user.
I will obtain permission before probing systems on a network for vulnerabilities.
I respect the right to confidentiality with my employers, clients, and users except as dictated by applicable law. I respect human dignity.
I treasure and will defend equality, justice and respect for others.
I will not participate in any form of discrimination, whether due to race, color, national origin, ancestry, sex, sexual orientation, gender/sexual identity or expression, marital status, creed, religion, age, disability, veteran's status, or political ideology.
