Question

• Should a information security professional should be required to adhere to a code of ethics? If so or not why? What would be an example of this?

• Is the ISC2 Code of Ethics is an appropriate code for information security professionals? What would be an example of this?

• Should we add or remove any elements of the ISC2 Code of Ethics?

Answer 1

yes, information security professional should be required to adhere to a code of ethics.

International Information Security Certification Consortium or (ISC) ² : it came into existence in 1989. A non-profit organization, it has since then become famous for providing standardized information security certifications. The certified information systems security professional (CISSP) certification is the best-known certification of the many offered by the organization. Some other examples are: SSCP, CCSP, and the HCISPP. More details about these can be found on the Certifications page of the official (ISC) ² website.

( I S C)2 Code Of Ethics : It’s the gold standard when it comes to information security professionals and can open the door to many positions within companies, organizations, and government agencies around the world.

(I S C)2 is committed to ensuring that all members of the organization behave in an ethical manner. “They are expected to make difficult ethical decisions and to support one another in doing so.” Not only is the code covered on the CISSP exam, but you will be expected to adhere to these canons during your career as an information security specialist, and even to report those who breach the code to the organization.

(ISC)2 states in its preamble to the actual code of ethics, “The safety and welfare of society and the common good, duty to our principles, and to each other, requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior. Therefore, strict adherence to this code is a condition of certification.”

Essentially, the (ISC)2 code of ethics is a collection of requirements that apply to how you act, interact with others (including employers), and make decisions as an information security professional. The code is designed to “give assured reliance on the character, ability, strength, or truth of a fellow (ISC)2 member, and it provides a high level of confidence when dealing with a peer member.”

Essentially, these are rules that apply to your behavior and that of all other (ISC)2 certification holders at a high level. The code itself only includes four mandatory canons, but the organization does offer further guidance on those canons and how to apply them in your professional life.

There are four canons within the (ISC)2 code of ethics:

• Protect society, the commonwealth, and the infrastructure.
• Act honorably, honestly, justly, responsibly, and legally.
• Provide diligent and competent service to principals.
• Advance and protect the profession.

he (ISC)2 code of ethics is meant to be a vital guide for making decisions in today’s information security world, as well as for how you comport yourself with principals, the general public, and other certificate holders.

CISSP for Security Professionals:

(ISC) ² has been striving to nurture the talent and the experience in the information security field for over two decades now and CISSP has been gaining more and more relevance with each passing year. As of now, there are over 70,000 CISSP certified professionals in the U.S. alone. The complete list of CISSP member counts across 160 countries can be seen here. After clinching the CISSP credential, security professionals are able to:

1. Protecting their organizations against security threats because CISSP certified professionals have the ability and the expertise needed to design, construct, and ensure maintenance of sound security infrastructures.
2. Ensuring that their information security employees stay updated with the latest technologies, standards, regulations, emerging threats, and practices by gaining the CISSP certification.
3. Ensuring that all employees use a universally acknowledged knowledge, avoiding ambiguity with industry-complied practices and terms.
4. Increasing the credibility of the organization when dealing with vendors and clients.
5. Increasing their own confidence by realizing that employees are all well-qualified and determined to comply with the standards and norms of the field of information security.