| |
The Idaho State University Information Assurance program recognizes the
importance of an ethical foundation of behavior.
One code of ethics that we propose all participants adhere to is that from
(ISC)2, the International Information Systems Security Certifying Consortium.
(ISC)2 Code of Ethics
| "All information systems
security professionals who are certified by (ISC)2
recognize that such certification is a privilege that must
be both earned and maintained. In support of this principle,
all Certified Information Systems Security Professionals (CISSPs)
commit to fully support this Code of Ethics. CISSPs who
intentionally or knowingly violate any provision of the Code
will be subject to action by a peer review panel, which may
result in the revocation of certification.
There are only four mandatory canons in the code. By
necessity such high-level guidance is not intended to
substitute for the ethical judgment of the professional.
Additional guidance is provided for each of the canons.
While this guidance may be considered by the Board in
judging behavior, it is advisory rather than mandatory. It
is intended to help the professional in identifying and
resolving the inevitable ethical dilemmas that will confront
him/her.
Code of
Ethics Preamble:
 |
Safety of the
commonwealth, duty to our principals, and to each other
requires that we adhere, and be seen to adhere, to the
highest ethical standards of behavior.
|
|
|
Therefore,
strict adherence to this code is a condition of
certification.
|
Code of
Ethics Canons:
-
Protect
society, the commonwealth, and the infrastructure.
-
Act
honorably, honestly, justly, responsibly, and legally.
-
Provide
diligent and competent service to principals.
-
Advance and
protect the profession.
The following additional guidance is given in furtherance
of these goals.
Objectives
for Guidance
In arriving at
the following guidance, the committee is mindful of its
responsibility to:
Give guidance
for resolving good v. good and bad v. bad dilemmas.
To encourage
right behavior such as:
|
|
Research
|
|
|
Teaching
|
|
|
Identifying,
mentoring, and sponsoring candidates for the profession
|
|
|
Valuing the
certificate |
|
|
To discourage
such behavior as:
|
|
Raising
unnecessary alarm, fear, uncertainty, or doubt
|
|
|
Giving
unwarranted comfort or reassurance
|
|
|
Consenting to bad practice
|
|
|
Attaching
weak systems to the public net
|
|
|
Professional association with non-professionals
|
|
|
Professional recognition of or association with
amateurs
|
|
|
Associating or appearing to associate with criminals
or criminal behavior
|
|
However, these objectives are provided for information
only; the professional is not required or expected to agree
with them.
In resolving the choices that confront him, the
professional should keep in mind that the following guidance
is advisory only. Compliance with the guidance is neither
necessary nor sufficient for ethical conduct.
Compliance with the preamble and canons is mandatory.
Conflicts between the canons should be resolved in the order
of the canons. The canons are not equal and conflicts
between them are not intended to create ethical binds.
Protect
society, the commonwealth, and the infrastructure
|
|
Promote and
preserve public trust and confidence in information and
systems.
|
|
|
Promote the
understanding and acceptance of prudent information
security measures.
|
|
|
Preserve and
strengthen the integrity of the public infrastructure.
|
|
|
Discourage
unsafe practice. |
Act
honorably, honestly, justly, responsibly, and legally
|
|
Tell the
truth; make all stakeholders aware of your actions on a
timely basis.
|
|
|
Observe all
contracts and agreements, express or implied.
|
|
|
Treat all
constituents fairly. In resolving conflicts, consider
public safety and duties to principals, individuals, and
the profession in that order.
|
|
|
Give prudent
advice; avoid raising unnecessary alarm or giving
unwarranted comfort. Take care to be truthful,
objective, cautious, and within your competence.
|
|
|
When
resolving differing laws in different jurisdictions,
give preference to the laws of the jurisdiction in which
you render your service.
|
Provide
diligent and competent service to principals
|
|
Preserve the
value of their systems, applications, and information.
|
|
|
Respect their
trust and the privileges that they grant you.
|
|
|
Avoid
conflicts of interest or the appearance thereof.
|
|
|
Render only
those services for which you are fully competent and
qualified.
|
Advance and
protect the profession
|
|
Sponsor for
professional advancement those best qualified. All other
things equal, prefer those who are certified and who
adhere to these canons. Avoid professional association
with those whose practices or reputation might diminish
the profession.
|
|
|
Take care not
to injure the reputation of other professionals through
malice or indifference.
|
|
|
Maintain your
competence; keep your skills and knowledge current. Give
generously of your time and knowledge in training others |
|
|
|
