Code of Ethics

Code of Ethics

Notice: Number Of Students Terminated/Revoked for Plagiarism or Other Ethics Violations: 122
Don't make yourself number 123!
Read the Administrivia and all other directions very carefully.

Information security professionals are afforded a great deal of responsibility and trust in protecting the confidentiality, integrity, and availability of an organization's information assets.

It is not enough for information security professionals to simply "do the job". We must hold ourselves and our discipline to the highest standards of ethical and professional conduct.

GIAC is committed to upholding these standards and fostering them within the information security community. All GIAC-certified individuals and all GIAC certification candidates agree to uphold and be bound by the following Code of Ethics.

This Code was developed through the consensus of the GIAC Advisory Board members and GIAC management.

Special thanks to Advisory Board members James O'Brien, Bill Royds, and Alan Moe for their efforts in developing the initial draft and coordinating the review process.

Exam Ethics

If any exam anomalies are detected before, during or after a GIAC exam attempt, GIAC has the right to void certification results and offer the candidate a retest under formal proctored conditions.

Code of Ethics

The scope and responsibilities of an information security professional are diverse. The services provided by an information security professional are critical to the success of an organization and to the overall security posture of the information technology community. Such responsibilities place a significant expectation on certified professionals to uphold a standard of ethics to guide the application and practice of the information security discipline.

A professional certified by GIAC acknowledges that such a certification is a privilege that must be earned and upheld. GIAC certified professionals pledge to advocate, adhere to, and support the Code of Ethics.

GIAC certified professionals who willfully violate any principle of the Code may be subject to disciplinary action by GIAC.

Respect for the Public

  • I will accept responsibility in making decisions with consideration for the security and welfare of the community.
  • I will not engage in or be a party to unethical or unlawful acts that negatively affect the community, my professional reputation, or the information security discipline.

Respect for the Certification

  • I will not share, disseminate, or otherwise distribute confidential or proprietary information pertaining to the GIAC certification process.
  • I will not use my certification, or objects or information associated with my certification (such as certificates or logos) to represent any individual or entity other than myself as being certified by GIAC.

Respect for my Employer

  • I will deliver capable service that is consistent with the expectations of my certification and position.
  • I will protect confidential and proprietary information with which I come into contact.
  • I will minimize risks to the confidentiality, integrity, or availability of an information technology solution, consistent with risk management practice.

Respect for Myself

  • I will avoid conflicts of interest.
  • I will not misuse any information or privileges I am afforded as part of my responsibilities.
  • I will not misrepresent my abilities or my work to the community, my employer, or my peers.

If there are any matters affecting a certified individual's ability to continue to fulfill the competencies associated with a specific GIAC certification they hold, the certified individual is required under the code of ethics to inform GIAC without delay by emailing with specific information.

In the event that an individual's certified status is withdrawn for any reason, the person must refrain from use of all references to a certified status.