This is another in an occasional series of articles looking at Computer Incident Response Team management. The primary source for this series is the U.S. Defense Information Systems Agency training course listed at the end of the article.The DISA course wisely emphasizes the importance of professional behavior by all members of the CIRT. The authors write:\u201cThe survival of your CIRT may well depend upon using a Code of Conduct, which will earn the trust and respect of the commands you support. The conduct of any single team member reflects upon the entire CIRT organization. If the commands don't trust your CIRT, they won't report to you. It is important, therefore, not only to have a Code of Conduct, but to shake it out and dust it off every once in a while. Remind team members what it is and why it is important... and use it.\u201dHere are some of the practical recommendations from that course (although I have put them in my own words for the most part):* Write down the rules - a Code of Conduct - that represent your ideals of courteous, professional service to your clients.* Train the team to understand and apply the Code.* Review the Code periodically with the team.* Speak clearly and avoid techno-babble.* Tell people exactly what you intend to do.* Never hesitate to say, \u201cI don\u2019t know - but I\u2019ll find out.\u201d* Don\u2019t criticize other people in your interactions with clients.* Respect the confidentiality of your clients.* Be respectful of your callers: don\u2019t belittle them or make them feel bad.I was a member and then team leader of the Phone-In Consulting Service (PICS) at Hewlett-Packard (Canada) Ltd. in Montreal in the early 1980s and later was director of technical services at a big service bureau in that city. Those experiences support the correctness of DISA\u2019s advice.Notice how consistently DISA (and I) refer to clients; this usage emphasizes that both technical support teams and CIRTs all perceive users as those to whom we owe service. There is no benefit to allowing an adversarial relationship between the technical support team or a CIRT and the client base. Don\u2019t allow a gulf to develop between the CIRT and the client community; clamp down on disparaging terms and derogatory comments about users. Ensure that team members understand why such language is harmful.Identify CIRT members with a chip on their shoulders: don\u2019t let them adopt a defensive, arrogant or aggressive attitude toward the users. If a computer-security incident can be traced to procedural errors, the person reporting the problem should be thanked for the information, not criticized for having experienced or identified the problem.No one in a CIRT has ever regretted being professional. Go out there and be NICE.\u201cIntroduction to Computer Incident Response Team (CIRT) Management\u201d is offered by the Defense Information Systems Agency, U.S. Department of Defense. A full PDF catalog of free training materials is available for download.