peterzayda - stock.adobe.com
Cyber association launches code of conduct for security pros
ISC2’s Code of Professional Conduct will supposedly establish a worldwide framework dedicated to principled and ethical practices in the security trade
ISC2, the non-profit membership association for cyber security professionals, has launched a code of conduct to spread more ethical, principled practices across the global cyber security trade.
The ISC2 Professional Code of Conduct builds on the association’s existing Code of Ethics, and has been developed with input from ISC2 members from all over the world.
It sets out to codify professional obligations and responsibilities, and reaffirms the importance of ethical behaviour, and offers guidance in areas such as sound decision-making, establishing and fostering trust, and upholding their professional integrity.
All this is set against the context of the rapidly evolving digital world, as the security profession works out how to navigate ethical challenges posed by artificial intelligence (AI), disinformation, and other threats. ISC2 said the code would help them navigate such challenges with confidence.
“Cyber security professionals have a profound responsibility not only to protect and secure individuals, organisations and systems around the world but also to uphold the integrity, accountability and trust that the profession depends on,” said ISC2 CEO Scott Beale.
“The Code provides a shared foundation for guiding ethical decision-making and professional conduct, especially as emerging technologies like AI reshape how organisations operate and how security decisions are made.
“Leveraging the collective input and decades of experience from ISC2 volunteers, the Code provides comprehensive guidance for everyone working in the cyber security field,” said Beale.
The code itself is organised around two core pillars – Ethics and Professional Conduct. The first of these sections covers topics such as integrity, client (or victim) confidentiality, respect for laws and regulations, and wider public safety and societal impact. The second section addresses areas such as accountability and responsibility, collaboration and teamwork, competence and continuous improvement, and reporting concerns and other issues.
Living document
The code was developed by a diverse taskforce of almost 1,400 ISC2 member volunteers, who have been meeting regularly to discuss the issues they face in their day-to-day work, and the opportunities that such a code could present.
Some of the key stages in its development included a major feedback-gathering exercise from ISC2 members, and external sources from the world of academia and industry. The volunteers themselves represented a diverse spread of ISC2 membership, with contributors ranging from the organisation’s basic Certified in Cybersecurity (CC) badge holders through to more advanced Certified Information Systems Security Professional (CISSP) practitioners, helping ensure and validate that the code is suitable for cyber pros at all stages of their careers.
Going forward, it will serve as a ‘living document’ subject to further amendment and refinement as the profession evolves in the coming years, and as-yet-unforeseen challenges emerge.
Panos Vlachos, an ISC2 member and code volunteer, said: “As emerging technologies, particularly AI, become more integrated into cyber security and organisational workflows, we created guidelines on ethical implementation and integration.
“Our goal with the global code is to ensure that AI and other transformative innovations align with ethical best practices, fostering responsible adoption while mitigating potential risks,” added Vlachos.
ISC2 member Srija Reddy Allam, who also sat on the panel, said they hoped both ISC2 members and non-affiliated security pros would use the code as a guide and mirror to inform their work, and reflect on their role in shaping a safer digital environment.
“In a field like cyber security, where not every situation has a clear rulebook, the Code can serve to navigate grey areas with integrity,” said Allam. “I also hope it becomes a shared foundation across the profession, encouraging accountability, fostering trust and reinforcing that how we work is just as important as what we do.”
Read more about security careers and skills
- The number of people working in the cyber security field has almost trebled in the 2020s, with one cyber professional for every 68 businesses in the UK.
- The Computer Weekly Security Think Tank considers the burdens and responsibilities that accompany the role of chief information security officer, and share guidance on how to navigate a challenging career path.
- With 2024 seeing surges in security funding cuts, lay-offs and hiring freezes, 2025 brought some relief for cyber pros, but constrained budgets are leaving security teams short-staffed.
Read more on IT education and training
-
![]()
Cyber body ISC2 signs on as UK software security ambassador
By: Alex Scroxton
-
![]()
Cybersecurity conferences to attend in 2026
By: Sharon Shea
-
![]()
Constrained budgets left security teams short-handed in 2025
By: Alex Scroxton
-
![]()
In an AI-first world, the future of cyber security is its workforce
By: Cath Everett
