New ethics guidelines for incident response and security teams have been released by the Forum of Incident Response and Security Teams (FIRST) to coincide with Global Ethics Day today. The document offers advice and recommendations for cybersecurity professionals on how they should conduct themselves in a professional and ethical manner when dealing with incidents.
Created by ethicsFirst, a special interest group within FIRST, the framework outlines a number of principles with an accompanying explanation of how they can be applied. Each serve as a reminder that the primary focus of security personnel during an incident should be the public interest. FIRST added that each principle has been reviewed by senior practitioners and that they are based on real-life scenarios.
It is hoped the guidance will reinforce the importance of principles such as trustworthiness, coordinated vulnerability disclosure, authorization, team health and recognition of jurisdictional boundaries when cybersecurity teams handle these difficult situations.
Jeroen van der Ham and Shawn Richardson, Ethics SIG co-chairs of FIRST, commented: “Integrity and professionalism are paramount in our industry. The new ethicsFirst principles were developed and examined by some of the world’s most senior cybersecurity experts with the aim of providing a universal language of how to deal with incidents and make the internet safe for everyone.”