Page 1373 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1373
Ethics
Security professionals hold themselves and each other to a high
standard of conduct because of the sensitive positions of trust they
occupy. The rules that govern personal conduct are collectively known
as rules of ethics. Several organizations have recognized the need for
standard ethics rules, or codes, and have devised guidelines for ethical
behavior.
We present two codes of ethics in the following sections. These rules
are not laws. They are minimum standards for professional behavior.
They should provide you with a basis for sound, ethical judgment. We
expect all security professionals to abide by these guidelines regardless
of their area of specialty or employer. Make sure you understand and
agree with the codes of ethics outlined in the following sections. In
addition to these codes, all information security professionals should
also support their organization’s code of ethics.
2
(ISC) Code of Ethics
The governing body that administers the CISSP certification is the
International Information Systems Security Certification Consortium,
2
2
or (ISC) . The (ISC) Code of Ethics was developed to provide the
basis for CISSP behavior. It is a simple code with a preamble and four
canons. The following is a short summary of the major concepts of the
Code of Ethics.
All CISSP candidates should be familiar with the entire
2
(ISC) Code of Ethics because they have to sign an agreement that
they will adhere to this code. We won’t cover the code in depth, but
2
you can find further details about the (ISC) ’s Code of Ethics at
www.isc2.org/ethics. You need to visit this site and read the entire
code.
