Following a global consultation, the Forum of Incident Response and Security Teams (FIRST) is launching new ethics guidelines for incident response and security teams on Global Ethics Day. ethicsfIRST provides guidance for cybersecurity professionals on how to conduct themselves professionally and ethically during incidents. Inspired by Earth Day, Global Ethics Day provides an opportunity for organizations to explore the meaning of ethics in international affairs.
Developed by the FIRST Ethics special interest group, the ethicsfIRST framework covers a list of principles, with an explanation on how to apply each one, that detail the responsibility of cybersecurity professionals during an incident to ensure that the interest of the public is always the primary consideration. Each principle has been thoroughly reviewed by senior practitioners and is based on real-life scenarios.
The website was developed, and is supported by diverse members of the FIRST community to empower security teams to handle difficult ethical situations in a confident and methodical manner. ethicsfIRST seeks to reinforce the duties of trustworthiness, coordinated vulnerability disclosure, authorization, team health, and recognition of jurisdictional boundaries, among others.
“Integrity and professionalism are paramount in our industry. The new ethicsfIRST principles were developed and examined by some of the world’s most senior cybersecurity experts with the aim of providing a universal language of how to deal with incidents and make the internet safe for everyone,” stated Jeroen van der Ham and Shawn Richardson, Ethics SIG co-Chairs of FIRST.
The document is now available on ethicsfIRST website.