About the (ISC)² Blog
(ISC)² believes in the importance of open dialogue and collaboration. As the certifying body for nearly 66,000 information security professionals worldwide, (ISC)² established this blog to provide a voice to its certified members, who have significant knowledge and valuable insights to share that can benefit the information security industry, the people in it and the public at large.
Whether an (ISC)² member chooses to participate in the (ISC)² blog is his or her own decision. (ISC)² monitors the blog in accordance with the (ISC)² Blog Guidelines, but the bloggers are responsible for their own content. Our blog not only gives our members a forum to exchange ideas but also allows (ISC)² to help make the cyber world a safe place and support the advancement of the information security workforce via a public exchange on a broad range of information security issues.
This open communication, however, also requires prudence from designated (ISC)² bloggers. Although all (ISC)² blog posts will be reviewed by (ISC)² management and communications professionals, common sense and intelligence should prevail in all initial drafts. All (ISC)² bloggers will be asked to adhere to the following guidelines, which are mostly communication practices that any businessperson would be asked to adhere to in their day-to-day professional life. (ISC)² reserves the right to remove any post that violates these guidelines.
1. Add value. The point of the (ISC)² blog is to bring worthwhile information and insights to our members, the industry and society-at-large.
2. When you blog, it is your personal opinion. (ISC)² is merely providing a platform for those opinions; therefore, you are legally responsible for your posts and should exercise caution and forethought accordingly.
3. Exercise fair and ethical business practices and know and follow (ISC)²’s Code of Ethics at all times.
4. Post original content written by an (ISC)² certified member or staff member. Blog “spam”, which includes articles that are only links to other unoriginal content, short posts that are simply pointers to information, websites, or papers elsewhere on the Internet, will be taken down. A gauge might be if you can “Google” that info very easily and get the same information you’re posting, it’s not appropriate for this blog.
5. Write in the first person and make it clear that you are speaking for yourself and not necessarily on behalf of (ISC)² or any other organization.
6. Respect copyright, fair use and financial disclosure laws.
7. Don’t provide any confidential or other proprietary information. Any conversations that are meant to be private or internal to (ISC)² must be approved by (ISC)² management prior to publishing or reporting. All posts are subject to removal at our discretion.
8. Protect (ISC)²’s clients, business alliances, and suppliers and don’t cite them without their prior approval.
9. Respect your audience. Don't use ethnic slurs, personal insults, obscenity, etc., and show proper consideration for others’ privacy and for topics that may be considered objectionable or inflammatory, such as politics or religion.
10. Find out who else is blogging on the topic, and cite them.
11. Don't pick fights, be the first to correct your own mistakes, and don't alter previous posts without indicating that you have done so.
12. Blog posts are viral, so make sure anything you say you would be comfortable seeing on the front page of the New York Times, or home page of Yahoo! News.
Guidelines for (ISC)² bloggers: detailed discussion
1. Add value.
The (ISC)² blog should be used in a way that adds value to (ISC)²’s business. It should help our members, clients, vendors, the business community or society in general to solve problems. If it helps to improve someone’s knowledge or skills; if it helps contribute directly or indirectly to the improvement of (ISC)²’s products, processes and policies; or if it helps to promote (ISC)²’s values, then it is adding value. Though not directly business-related, background information you choose to share about yourself, such as information about your personal interests, may be useful in helping establish a relationship between you and your readers, but it is entirely your choice whether to share this information.
2. You are legally responsible for your posts.
When you choose to publish your opinions via the (ISC)² blog, you are legally responsible for your commentary. A disclaimer on the blog site will state that “the postings on this site are the blogger’s own and don’t necessarily represent (ISC)²’s positions, strategies or opinions.” Individual bloggers can be held personally liable for any commentary deemed to be, obscene, proprietary, or libelous (whether pertaining to (ISC)², individuals, or any other company), or infringes the intellectual property rights of another. This standard disclaimer does not by itself exempt (ISC)² managers and executives from a special responsibility when blogging. By virtue of their position, they must consider whether personal thoughts they publish may be misunderstood as an expression of (ISC)²’s policy. For these reasons, bloggers should exercise caution with regards to exaggeration, colorful language, guesswork, obscenity, copyrighted materials, legal conclusions, and derogatory remarks or characterizations.
3. Know (ISC)²’s Code of Ethics.
One of our Code of Ethics canons is to “Act honorably, honestly, justly, responsibly, and legally.” As an organization, we trust – and expect – our members to exercise personal responsibility whenever they blog. This includes not violating the trust of those with whom they are engaging. Members should not use this medium for covert marketing or public relations. If and when members of (ISC)²’s Communications, Marketing, Sales or other functions engaged in advocacy for the company have the authorization to participate in blogs, they should identify themselves as such.
4. Post original content.
The value of the (ISC)² blog lies in the original insights and opinions provided by (ISC)² members – the pre-eminent information security experts in the world. Don’t be afraid to share yours. Authors should not post “referral content” and “links” unless the links and referred content are a minor element of a larger, original, thoughtful story related to the security topic at hand. Authors should never post an article that is mostly a “cut-and-paste” from other sources.
5. Write in the first person.
What makes blogs interesting is the informal nature of the medium. Use your own voice; bring your own personality to the forefront; say what is on your mind. Always consider the content carefully and be judicious in disclosing personal details. If you have a vested interest in something you are discussing, be the first to point it out. Avoid misrepresentation. If, at any time you are unclear as to the propriety of a post, it is best to refrain and seek the advice of (ISC)² management.
6. Respect copyright and fair use laws.
For (ISC)²’s protection as well as your own, it is critical that you show proper respect for the laws governing copyright and fair use of copyrighted material owned by others, including (ISC)²’s own copyrights and brands. You should never quote more than short excerpts of someone else’s work, and you should clearly attribute the excerpt to its author. And it is good general blogging practice to link to others’ work.
7. Protect confidential and proprietary information.
You must make sure you do not disclose or use (ISC)²’s confidential or proprietary information or that of any other person or company on any blog. For example, ask permission to publish someone’s picture or a conversation that was meant to be private. You must not comment on confidential (ISC)² financial information such as projections for future business performance, business plans, or prospects anywhere in world. (ISC)² is not to comment on rumors in any way. Do not deny or affirm them – or suggest either denial or affirmation in subtle ways.
8. Protect (ISC)²’s members, business affiliates, and suppliers.
Members, affiliates, vendors or suppliers should not be cited or obviously referenced without their approval. On your blog, never identify a client, partner or supplier by name without permission and never discuss confidential details of a client engagement. It is acceptable to discuss general details about kinds of projects so long as the information provided does not violate any non-disclosure agreements that may be in place with the client or make it easy for someone to identify the client or partner.
9. Respect your audience.
Remember that (ISC)² is a global organization whose employees and members reflect a diverse set of customs, values and points of view. Don’t be afraid to be yourself, but do so respectfully. This includes not only the obvious (no ethnic slurs, personal insults, obscenity, etc.) but also proper consideration of privacy and of topics that may be considered objectionable or inflammatory, such as political or religious beliefs. And now that you are blogging on the (ISC)² site, never use an external blog to air your differences in an inappropriate manner.
10. Know your fellow bloggers.
The most successful bloggers are those who pay attention to what others are saying about the topic they want to write about, and generously reference and link to them. Who’s blogging on the topics that most interest you? On the Internet, a quick way to find out who’s saying what is to use the search tools on Technorati, DayPop or Blogdigger. Drop your fellow bloggers a note to introduce yourself and your blog.
11. Don’t pick fights.
When you see misrepresentations made about (ISC)² in the media, by analysts or by other bloggers, you may certainly use your blog post to point that out. Always do so with respect and with the facts. Also, if you speak about a competitor, you must make sure that what you say is factual and that it does not disparage the competitor. You should avoid arguments. Brawls may earn traffic, but nobody wins in the end. Don’t try to settle scores or provoke competitors or others into inflammatory debates. Here and in other areas of public discussion, make sure that what you are saying is factually correct. If you make an error, be up front about your mistake and correct it quickly. If you choose to modify an earlier post, make it clear that you have done so. Ultimately the blogger is solely responsible for what they post on their blog.
12. Blogs are viral.
If you’re worried about what someone may think about your post, listen to that instinct. And realize that once a questionable post is on the Internet, you can never get it back. The blog world is incredibly efficient at spreading rumors, secrets, rants, hyperbole, and your misstatements, around the globe in minutes. The media may also take notice as well.