CISSP Code of Ethics Essay

Submitted By OluwaToby-Loba
Words: 662
Pages: 3

All information systems security professionals who are certified by (ISC)² recognize that such certification is a privilege that must be both earned and maintained. In support of this principle, all Certified Information Systems Security Professionals (CISSPs) commit to fully support this Code of Ethics. CISSPs who intentionally or knowingly violate any provision of the Code will be subject to action by a peer review panel, which may result in the revocation of certification.
There are only four mandatory canons in the code. By necessity such high-level guidance is not intended to substitute for the ethical judgment of the professional. Additional guidance is provided for each of the canons. While this guidance may be considered by the Board in judging behavior, it is advisory rather than mandatory. It is intended to help the professional in identifying and resolving the inevitable ethical dilemmas that will confront him/her.

Compliance with the preambles and canons is mandatory. Conflicts between the canons should be resolved in the order of the canons. The canons are not equal and conflicts between them is not intended to create ethical binds.
Code of Ethics Preamble:
Safety of the commonwealth, duty to our principals, and to each other requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior. Therefore, strict adherence to this code is a condition of certification.
Code of Ethics Canons:
Protect society, the commonwealth, and the infrastructure.
Act honorably, honestly, justly, responsibly, and legally.
Provide diligent and competent service to principals.
Advance and protect the profession.
The following additional guidance is given in furtherance of these goals:
Give guidance for resolving good v. good and bad v. bad dilemmas.
To encourage right behavior such as: Research, Teaching, Identifying, mentoring, and sponsoring candidates for the profession and Valuing the certificate
To discourage such behavior as: Raising unnecessary alarm, fear, uncertainty, or doubt, giving unwarranted comfort or reassurance, consenting to bad practice, attaching weak systems to the public net, professional association with non-professionals, professional recognition of or association with amateurs, associating or appearing to associate with criminals or criminal behavior
However, these objectives are provided for information only; the professional is not required or expected to agree with them. In resolving the choices that confront him, the professional should keep in mind that the following guidance is advisory only. Compliance with the guidance is neither necessary nor sufficient for ethical conduct.
Protect society, the commonwealth, and the infrastructure:
Promote and preserve public trust and confidence in information and systems.
Promote the understanding and acceptance of prudent information security measures.…