The Information Systems Security Association (ISSA) is an international
organization providing educational forums, publications and peer interaction opportunities
that enhance the knowledge, skills and professional growth of its member
information security professionals. The primary goal of ISSA is to promote
management practices that will ensure availability, integrity and
confidentiality of organizational resources.
Since its inception in 1982, ISSA's membership has grown to
include more than 2,000 information security professionals who represent a
diverse collection of organizations, including major U.S. and international
corporations, leading consulting firms, world class educational institutions
and government agencies. From Information Technology audit and corporate
security to contingency planning and disaster recovery, ISSA members are
committed to protecting their organization's assets and resources.
Our ISSA Code of Ethics
The primary goal of the Information Systems Security Association, Inc. (ISSA) is to promote practices that will ensure the confidentiality, integrity; and availability of organizational information resources. To achieve this goal, members of the Association must reflect the highest standards of ethical conduct. Therefore, ISSA has established the following Code of Ethics and requires its observance as a prerequisite for continued membership and affiliation with the Association.
As an applicant for membership and as a member of ISSA, I have in the past and will in the future:
Perform all professional activities and duties in accordance with all applicable laws and the highest ethical principles;
Promote generally accepted information security current best practices and standards;
Maintain appropriate confidentiality of proprietary or otherwise sensitive information encountered in the course of professional activities;
Discharge professional responsibilities with diligence and honesty;
Refrain from any activities which might constitute a conflict of interest or otherwise damage the reputation of employers, the information security profession, or the Association; and
Not intentionally injure or impugn the professional reputation or practice of colleagues, clients, or employers.