CISSP Domain 1 Study Guide – ISC2 code of ethics

CISSP ISC2 code of ethics

So you are on a journey to become a CISSP? Consider this journey not just a case where you learn the material, take a test and receive a certificate. It is much more than that. As a CISSP you are expected to be great in technically making the right decisions when it comes to Information Security while also acting in an ethical manner. Simply put, the CISSP ISC2 code of ethics is a collection of requirements that apply to how you act, interact with others (including employers) and make decisions as an information security professional. 

(ISC)² states in its preamble to the actual code of ethics, “The safety and welfare of society and the common good, duty to our principles, and to each other, requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior. Therefore, strict adherence to this code is a condition of certification.”

What are the (ISC)² code of ethics canons?

1. Protect society, commonwealth and the infrastructure – In short, CISSPs must promote public trust in information and systems, as well as the understanding of proper information security measures. They must also discourage unsafe information security practices and strengthen the integrity of the public infrastructure.
2. Act honorably, honestly, justly, responsibly and legally – CISSPs must tell the truth, as well as honor all commitments and agreements. Their advice must be given prudently and without unnecessary alarming. They must be objective and fair with those they deal with and in the advice they give, and when resolving laws in different jurisdictions, the laws of the current jurisdiction must take precedence.
3. Provide diligent & competent service to principals – This means that CISSPs must avoid conflicts of interest while respecting the trust placed in them as well as the value of systems and information. CISSPs are also obligated to render services only when they are fully competent and qualified to do so.
4. Advance & protect the profession – A CISSP must respect the reputations of other professionals and sponsor those best qualified for advancement. Conversely, a CISSP should avoid professional association with those who degrade the profession. Above all, a CISSP should keep his own skills and knowledge sharp and current while giving generously of his time and knowledge to others.

Ten commandments of Computer Ethics

1. Thou shalt not use a computer to harm other people
2. Thou shalt not interfere with other people’s computer work
3. Thou shalt not snoop around in the other people’s computer files.
4. Thou shalt not use a computer to steal
5. Thou shalt not use a computer to bear false witness.
6. Thou shalt not copy or use proprietary software for which you have not paid.
7. Thou shalt not use other people’s computer resources without authorization or proper compensation
8. Thou shalt not appropriate other people’s intellectual output
9. Thou shalt think about the social consequences of the program you are writing or the system you are designing
10. Thou shalt always use a computer in ways that ensure consideration and respect for your fellow humans

IAB’s Ethics and the internet

RFC1087 Internet activities Board code of ethics. Below are unethical practices

• Seek to gain unauthorized access to the resources of the internet;
• Disrupts the intended user of the Internet;
• Wastes resources (people, capacity, computer) through such actions;
• Destroys the integrity of computer-based information;
• Compromises the privacy of users