What is the correct order in which the isc2 code of ethics should be upheld?

All information systems security professionals who are certified by (ISC)² recognize that such certification is a privilege that must be both earned and maintained. In support of this principle, all (ISC)² members are required to commit to fully support this Code of Ethics (the "Code"). (ISC)² members who intentionally or knowingly violate any provision of the Code will be subject to action by a peer review panel, which may result in the revocation of certification. (ISC)² members are obligated to follow the ethics complaint procedure upon observing any action by an (ISC)2 member that breach the Code. Failure to do so may be considered a breach of the Code pursuant to Canon IV.

There are only four mandatory canons in the Code. By necessity, such high-level guidance is not intended to be a substitute for the ethical judgment of the professional.

“Hello Security Engineer, do you know where I may obtain Shon Harris CISSP Study Guide 6th Edition?”

“Sure, you can get it at Amazon.com for a really great deal!”

“Oh I mean, can you tell me where I can get the PDF version for free?”

Does everyone see the irony in this scenario?

If you’re already looking to steal a CISSP study guide that someone took the time and effort to write, then you aren’t trying to be a CISSP for the right reasons.

Some may want to get a CISSP just to get a boost in salary or a more prestigious job title. Some may get it just to add another certification to their resume.

But then there are some who actually take the (ISC)² Code of Ethics to show the world that they are information security professionals who have taken the CISSP exam to prove their loyalty and commitment to the profession.

Preamble to (ISC)² Code of Ethics

Here is the official preamble to the Code of Ethics:

The safety and welfare of society and the common good, duty to our principals, and to each other, requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior.

Therefore, strict adherence to this Code is a condition of certification.

EXAM TIP: The (ISC)² Code of Ethics is very testable on the exam! A question may ask for the most ethical course of action for a CISSP. The Canons below are in order of highest standard of ethics (society) to the lowest standard of ethics (the profession). In the exam, try to always aim for the highest standard of ethics. If provided all 4 Canons, choose the first one, protecting society.

Canons of (ISC)² Code of Ethics

1. Protect Society, the Commonwealth, and the Infrastructure

Sometimes I get asked the question, “Hey Security Engineer, do you know where I can get the Shon Harris study guide?”

“Sure” I tell them. “You can get it at Amazon.com for a really good price!”

They reply back with “No I mean do you know where I can get the free PDF version?”

My response is usually “Well if you’re studying to be a CISSP, you shouldn’t be asking for free copies of copyrighted material. The author of the book took the time and effort to create a study guide for this tough exam, and it just isn’t fair to steal her work.”

And you know what? People like that answer. They respect someone who doesn’t easily give in to the temptations of obtaining a free study guide because they are truly trying to protect society, the commonwealth, and infrastructure.

Notice the word “society”? It means protect and uphold the principles in society before you do so for your employer and yourself.

Without a secure society being protected by ethical individuals, there is chaos, crime, lawlessness, and the zombie apocalypse.

2. Act honorably, honestly, justly, responsibly, and legally

Always tell the truth, set the truth free, for the TRUTH will always defend itself. The truth has all the weapons, tactics, and practices to defend itself.

If you lie, you’ll be working overtime to cover up the lies, and defend your lie, tarnishing your reputation in the process.

CISSP consultants make a lot of money. The ones that uphold this canon of being honorable and just, make not only more money, but earn the respect of their clients.

If a customer has a sound information security network, don’t try to sell them something they don’t need. Don’t sell them another firewall when they already have 5 of them. Don’t try to scare small businesses into getting expensive and advanced biometric systems when all they really need is a surveillance camera and a standard lock.

3. Provide Diligent and Competent Service to Principals

If you don’t know how to configure a load balancer for a client, don’t say that you can. If you are an expert at Palo Alto firewalls, don’t tell clients that you are an expert at Cisco firewalls.

If you are signing a contract with a security organization, don’t sign a contract with their competition which causes a conflict of interest.

The money may be good and you may live a rich life, but at what cost? You’re dignity? Your honor? Are you willing to put a price on that?

4. Advance and Protect the Profession

So you studied really hard and finally passed the CISSP exam.

Your friend asks for your study notes, but you say “No, I studied all by myself and through sheer determination I passed it by myself. I suggest you do that same and write your own notes.”

This is a terrible response, and selfish.

Think of all the people that helped you along the way in your road to becoming a CISSP, all the time and effort they put in to answer your questions and your inquiries about cryptography, disaster recovery, test taking strategies.

This is what I’m trying to do with this blog post, this blog, my newsletter, and providing free information to anybody who wants to pass the CISSP exam!

What is ISC 2 Code of Ethics?

Which of the following is a canon of the ISC Code of Ethics?

What are the ethical rules CISSP holders have agreed to follow?

Which of the following is not included in ISC2 code of ethics?