ISC2 , a nonprofit organisation dedicated to cybersecurity professionals, has introduced a global Code of Professional Conduct. The framework is intended to support ethical practices across the industry and aligns with an updated version of the ISC2 Code of Ethics. It defines expectations and responsibilities for cybersecurity professionals and provides guidance for decision-making, trust-building, and maintaining professional standards.
As cybersecurity continues to evolve, new ethical challenges are emerging, including those associated with artificial intelligence and the spread of disinformation. The Code is designed to provide professionals with guidance for addressing complex situations related to these developments.
The Code is described as a living document that will be refined as the profession evolves. It was developed with input from nearly 1,400 professionals and has been endorsed by the ISC2 Professional Conduct (Ethics) Committee and approved by the ISC2 Board of Directors. It is positioned as a standard for cybersecurity practitioners, similar to professional codes in fields such as law and healthcare.
According to ISC2 leadership, the initiative focuses on reinforcing responsibility among cybersecurity professionals in protecting systems globally. It emphasises integrity and professional conduct as technologies such as AI reshape security practices. Contributions from more than 1,000 volunteers informed the framework to ensure it is applicable across different levels of experience within the industry.
The development process involved a task force of volunteers from around the world who met to discuss challenges faced by practitioners and opportunities introduced by the Code. With AI becoming increasingly integrated into workflows, guidelines have been established to encourage ethical implementation and to address potential risks associated with adoption.
The Code is organised around two main principles: Ethics and Professional Conduct. The Ethics section covers topics including integrity, confidentiality, compliance with laws and regulations, and public safety impact. The Professional Conduct section addresses responsibility, collaboration, competence, continuous improvement, and reporting concerns.
The objective is for the Code to act as both a reference and a framework for reflection, supporting cybersecurity professionals in their daily work and decision-making. In situations where guidance may not be straightforward, the framework aims to provide direction for navigating ambiguity with accountability.
Ultimately, the Code is intended to connect the global cybersecurity community by promoting accountability, trust, and consistent ethical practices across the profession.
