“Global Ethics Day” is celebrated on the third Wednesday of October across the world. This year it is celebrated on October 21, 2020. Founded by Carnegie Council in 2014, it was instated to inspire and make people aware about the role of ethics in a globalized world. Following this inspirational lesson, the Forum of Incident Response and Security Teams (FIRST) has now decided to implement “The Code of Ethics” in the digital world. After doing a global consultation, FIRST is launching the new ethics guidelines for incident response and security teams called “ethicsfIRST.” This code of ethics provides guidance for cybersecurity professionals on how to conduct themselves professionally and ethically during incidents.
What is “ethicsfIRST”
Developed by the FIRST Ethics special interest group, the ethicsfIRST framework covers a list of principles that explains how to apply each one. Every principle details the responsibility of a cybersecurity professional during an incident to ensure that the interest of the public is always at the core. Each principle has been thoroughly reviewed by senior practitioners and is based on real-life scenarios.
The ethicsfIRST website was developed and supported by diverse members of the FIRST community to empower security teams in handling difficult ethical situations in a confident and methodical manner. Some of the principles of ethicsfIRST seek to reinforce the duties of trustworthiness, coordinated vulnerability disclosure, authorization, team health, and recognition of jurisdictional boundaries, among others.
Jeroen van der Ham and Shawn Richardson, Ethics SIG co-Chairs of FIRST, stated, “Integrity and professionalism are paramount in our industry. The new ethicsfIRST principles were developed and examined by some of the world’s most senior cybersecurity experts with the aim of providing a universal language of how to deal with incidents and make the internet safe for everyone.”