In this lecture, we’re going to talk about ethics.
They are very important both on the exam, for your job and for your career.
As part of that, you need to know, adhere to and understand the (ISC)² Code of Ethics not just as an IT security professional, but also for the exam.
This is very testable and luckily it’s not very long.
These are easy points.
So take them where you can get them.
And also understand these are high level guidelines.
They should not replace your good ethical judgment.
For the exam, I would know both the Preamble and the actual Ethics Canons.
And yes, I am going to read them to you because they are so important.
The preamble is the safety and welfare of society and the common good, duty to our principles and to each other, requires that we adhere to and be seen to adhere to the highest ethical standards of behavior.
Therefore, strict adherence to this code is a condition of certification.
That means before you take the exam, you will be signing the Code of Ethics.
And if you actually break them, it is possible you can have your certification revoked.
So know them, understand them, and adhere to them.
In most cases, if this happens, if you lose your certification, it will tie back to negligence or gross negligence.
And now, let’s look at the 4 Canons.
Protect society, the common good, necessary public trust and confidence, and the infrastructure.
Act honourably, honestly, justly, responsibly, and legally.
Provide diligent and competent services to the principles.
And last, but very much not least, advance and protect the profession.
And as I mentioned, these are testable.
You sign them.
So know the Preamble, know the Canons and understand the sentiment behind them.
For the exam, there are a couple of other ethics standards that I would know.
First off, we have the Ten Commandments from the Computer Ethics Institute.
Most of these are similar in their intent.
The wording is, however, different.
Thou shall not use a computer to harm other people.
Thou shall not interfere with other people’s computer work.
Thou shall not snoop around in other people’s computer files.
Thou shall not use a computer to steal.
Thou shall not use the computer to bear false witness.
Thou shall not copy or use proprietary software which you have not paid for.
Thou shall not use other people’s computer resources without authorization and proper compensation.
Thou shall not appropriate other people’s intellectual output.
Think about the social consequences of programs you’re writing or systems you are designing.
And finally, thou shall always use a computer in a way that ensures consideration and respect for your fellow humans.
On the exam, I don’t think you’re going to get any questions that are specific saying, “What is this commandment or that commandment?”
I would recognize them, but much more important, understand the intent behind them.
It is pretty simple.
Don’t do stuff you’re not allowed to or that is illegal.
Think about the consequences of your actions and act ethically.
And then as the last ethics standards that you might see on the exam, is the IABs Ethics and the Internet.
And this is what they consider unethical behavior:
To gain unauthorized access to resources on the Internet.
Disrupt the intended use of the Internet.
Waste resources; that can be people, capacity, or computers, through actions like destroying the integrity of computer-based information or compromising the privacy of users.
And then finally, for your job as an IT security professional, you obviously need to know the ethics standards of your organization.
Many large organizations have their own code of ethics. Most of them, just like the (ISC)² one, boil down to the very same key elements; do what is right, don’t steal, and be ethical.
Learn these, know these, and understand them.
They are easy points on your exam. Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.My suggested answer is D. None of the above. (ISC)² Code Of Ethics applies to CISSPs and other security professionals who subscribe to it. If their behavior injures you, you can make a written complaint to the Ethics Committee that specifies the canon of our (ISC)² Code of Ethics that has been violated. The vendors in question are not bound to the (ISC)² Code Of Ethics, and their products or services do not injure you. It’s out of the scope of the (ISC)² Code Of Ethics and the authority of the Ethics Committee. Which of the following are the steps usually followed in the development of documents such as
security policy, standards and procedures?
A.
design, development, publication, coding, and testing
B.
design, evaluation, approval, publication, and implementation
C.
initiation, evaluation, development, approval, publication, implementation, and maintenance
D.
feasibility, development, approval, implementation, and integration
Which of the following is a canon of the ISC 2 Code of Ethics?
The official four canons are as follows: Protect society, the commonwealth and the infrastructure. Act honorably, honestly, justly, responsibly and legally. Provide diligent and competent service to principals.
What is the correct order in which the ISC2 code of ethics should be upheld?
What is the correct order in which the ISC2 Code of Ethics should be upheld? "Protect society, the commonwealth, and the infrastructure; Act honorably, honestly, justly, responsibly, and legally; Provide diligent and competent service to principals; Advance and protect the profession."
What does ISC2 stand for?
(ISC)² was founded in 1989 as the International Information System Security Certification Consortium, Inc. Our founders saw the need for standardization and certification in the cybersecurity industry.
What are the ethical rules CISSP holders have agreed to follow?
The ethical rules that CISSP holders have agreed to follow are the following: First: Protect society, the common good, necessary public trust and confidence, and the infrastructure. Second: Act honorably, honestly, justly, responsibly, and legally. Third: Provide diligent and competent service to principles.
|
