INVITATION TO CYBERSECURITY 264 For cybersecurity, no widely embraced, fully fleshed out code of ethics exists (yet).1 However, more broad codes of ethics for computing professionals have stood the test of time and are applicable to cybersecurity professionals. The Association for Computing Machinery (ACM) is arguably the most reputable professional society for computing professionals. They first produced a code of ethics in 1966 and have updated it three times since then. The most recent revision from 2018, the ACM Code of Ethics and Professional Conduct (the Code), was written by a task force of professionals and academicians and included three major drafts, each undergoing extensive peer reviews. The Code starts with a preamble and is organized into four sections: general ethical principles, professional responsibilities, professional leadership principles, and compliance with the Code. Table 10.2 lists the seven general ethical principles and nine professional responsibilities in Sections 1 and 2. In the Code, each item is followed by a detailed explanation. Table 10.2 Sections 1 and 2 of the ACM Code of Ethics and Professional Conduct. Many of the general ethical principles arise from the ethical paradigms outlined in the previous section. For example, 1.2 Avoid harm, 1.3 Be honest and trustworthy, 1.4 Be fair and take action not to discriminate, and 1.6 Respect privacy, pay homage to 1 Information Systems Security Association (ISSA) and International Information System Security Certification Consortium (ISC2) are well known cybersecurity-related professional societies that each have a broad code of ethics.
RkJQdWJsaXNoZXIy MTM4ODY=