IT
Security Risk Advisory
Ethics
We feel strongly that there can be some real concerns in this area for all IT security companies which our clients should be aware of.
Not all security companies are
created equal! only some share the
same views and values that we feel are ethical. We encourage you to ask
several key questions when procuring a company for any sensitive IT
Security service:
- What backgrounds do the employees have? in the past some security consulting companies hired known hackers for expertise (those who have in the past made claims to have broken local laws on computer abuse)
- How does the company securely manage vulnerability data following a test/report ? some companies do not use encrypted laptops/virtual machines to carry out testing and don't have a clear policy on data retention for sensitive customer data.
- How can I trust the company? some are able to show proof of background checks by 3rd parties, government based checks or trusted references.
Our guidelines:
- We try to ensure that none of our employees have had any history working along side the security hacking community to release worms, virus or any other malware. (We share openly our background check policy with all our customers)foundation
- We do not use Fear, Uncertainty or Doubt to persuade our clients to implement security controls or perform unneeded tests.
- We never attempt to sell a service that would cause our client to continually rely on us when that is not their intention.
- We ensure that all our employees are familiar with the ISC2 code of ethics, which we believe is a good standard to adhere to.