Security personnel should be required to prove that they know how to do things right, and that they do the right thing. An industry-wide code of ethics is at least as essential as functional certification, if not more so. Security personnel must demonstrate that they are committed to behaving ethically while protecting assets. Organizations employing or contracting non-certified security professionals should outline their ethical expectations of that employee, in writing, before giving them access to data and critical infrastructure. The industry has tried to develop such a code of conduct in the past, but the various players have never been able to agree on the semantics.”]
Source: https://www.cuinfosecurity.com/blogs/do-right-thing-p-1317