CISSP D1 Preview | The ISC² Code of Ethics

In this lecture, we’re going to talk about ethics.
They are very important both on the exam, for your job and for your career.
As part of that, you need to know, adhere to and understand the (ISC)² Code of Ethics not just as an IT security professional, but also for the exam.
This is very testable and luckily it’s not very long.
These are easy points.
So take them where you can get them.
And also understand these are high level guidelines.
They should not replace your good ethical judgment.
For the exam, I would know both the Preamble and the actual Ethics Canons.
And yes, I am going to read them to you because they are so important.
The preamble is the safety and welfare of society and the common good, duty to our principles and to each other, requires that we adhere to and be seen to adhere to the highest ethical standards of behavior.
Therefore, strict adherence to this code is a condition of certification.
That means before you take the exam, you will be signing the Code of Ethics.
And if you actually break them, it is possible you can have your certification revoked.
So know them, understand them, and adhere to them.
In most cases, if this happens, if you lose your certification, it will tie back to negligence or gross negligence.
And now, let’s look at the 4 Canons.
Protect society, the common good, necessary public trust and confidence, and the infrastructure.
Act honourably, honestly, justly, responsibly, and legally.
Provide diligent and competent services to the principles.
And last, but very much not least, advance and protect the profession.
And as I mentioned, these are testable.
You sign them.
So know the Preamble, know the Canons and understand the sentiment behind them.
For the exam, there are a couple of other ethics standards that I would know.
First off, we have the Ten Commandments from the Computer Ethics Institute.
Most of these are similar in their intent.
The wording is, however, different.
Thou shall not use a computer to harm other people.
Thou shall not interfere with other people’s computer work.
Thou shall not snoop around in other people’s computer files.
Thou shall not use a computer to steal.
Thou shall not use the computer to bear false witness.
Thou shall not copy or use proprietary software which you have not paid for.
Thou shall not use other people’s computer resources without authorization and proper compensation.
Thou shall not appropriate other people’s intellectual output.
Think about the social consequences of programs you’re writing or systems you are designing.
And finally, thou shall always use a computer in a way that ensures consideration and respect for your fellow humans.
On the exam, I don’t think you’re going to get any questions that are specific saying, “What is this commandment or that commandment?”
I would recognize them, but much more important, understand the intent behind them.
It is pretty simple.
Don’t do stuff you’re not allowed to or that is illegal.
Think about the consequences of your actions and act ethically.
And then as the last ethics standards that you might see on the exam, is the IABs Ethics and the Internet.
And this is what they consider unethical behavior:
To gain unauthorized access to resources on the Internet.
Disrupt the intended use of the Internet.
Waste resources; that can be people, capacity, or computers, through actions like destroying the integrity of computer-based information or compromising the privacy of users.
And then finally, for your job as an IT security professional, you obviously need to know the ethics standards of your organization.
Many large organizations have their own code of ethics. Most of them, just like the (ISC)² one, boil down to the very same key elements; do what is right, don’t steal, and be ethical.
Learn these, know these, and understand them.
They are easy points on your exam.