InfoSec Advisory, LLC Code of Conduct
- Keep private and confidential information gained in our professional work, (in particular as it pertains to client lists and client personal information). No collect, give, sell, or transfer any personal information (such as name, email address, social security number, or other unique identifier) to a third party without our client’s prior consent.
- Protect the intellectual property of others by relying on our own innovation and efforts, thus ensuring that all benefits vest with its originator.
- Disclose to appropriate persons or authorities potential dangers to any ecommerce clients, the Internet community, or the public, that we reasonable believe to be associated with a particular set or type of electronic transactions or related software or hardware.
- Provide service in our areas of competence, being honest and forthright about any limitations of our experience and education. Ensure that we are qualified for any project on which we work or propose to work by an appropriate combination of education, training, and experience.
- Never knowingly use software or process that is obtained or retained either illegally or unethically.
- Not to engage in deceptive financial practices such as bribery, double billing, or other improper financial practices.
- Use the property of our clients or employers only in ways properly authorized, and with the owner’s knowledge and consent.
- Disclose to all concerned parties those conflicts of interest that cannot reasonably be avoided or escaped.
- Ensure good management for any project we lead, including effective procedures for promotion of quality and full disclosure of risk.
- Add to the knowledge of the ecommerce profession by constant study, share the lessons of our experience with fellow CISO members, and promote public awareness of benefits of electronic commerce.
- Conduct oneself in the most ethical and competent manner when soliciting professional service or seeking employment, thus meriting confidence in our knowledge and integrity.
- Ensure ethical conduct and professional care at all times on all professional assignments without prejudice.
- Not to neither associate with malicious hackers nor engage in any malicious activities.
- Not to purposefully compromise or allow the client organization’s systems to be compromised in the course of our professional dealings.
- Ensure all penetration testing activities are authorized and within legal limits.
- Not to take part in any black hat activity or be associated with any black hat community that serves to endanger networks.
- Not to be part of any underground hacking community for purposes of preaching and expanding black hat activities.
- Not to make inappropriate reference to the certification or misleading use of certificates, marks or logos in publications, catalogues, documents or speeches.
- Not convicted in any felony.
Senior Business Security Advisor - James M. Myers
James is a Senior Business Security Advisor and comes with the following credentials:
- B.S., Electronics Engineering with an emphasis in communication systems.
- MS., Technology Management with an emphasis in strategy, business finance and technology transfer.
- Fifteen years of business risk management experience across multiple vertical markets.
- Certified Chief Information Security Officer – CCISO.
- Certified Information Systems Security Professional – CISSP.
- Certified in Information Technology Infrastructure Library.
- Executive Certificate in Nonprofit Governance; Institute for Excellence in Corporate Governance.
- Six year United Stated Navy Veteran.