Ask the Expert

How serious is (ISC)2 about its code of ethics?

To receive any (ISC)2 certification, I have to comply with its code of ethics. Not that I intend to break the code, but how seriously does (ISC)2 take this code; as in, has anyone you've known had his or her certification revoked, and under what circumstances?

Requires Free Membership to View

It's hard to say how seriously (ISC)2 takes its code of ethics. Clearly, it gives the impression that it is taken seriously, but there's not much evidence to support that. On a purely personal level, I don't think it is taken seriously at all. I've written on this issue several times for Information Security magazine. Once in an article entitled "Smoke and mirrors certifications," and again for an article called "Security certifications' ethics programs merely window-dressing."

The articles go into more detail, but essentially, the point is that it's hard to believe (ISC)2 is genuinely concerned with ethics when it doesn't discuss ethics issues in its trainings, it doesn't require any regular review of a certificate holder's adherence to the code of ethics as part of the CPE process, nor does it even require resigning the code of ethics as part of the CPE cycle. When looked at through that lens, it seems to me that (ISC)2 has the requirement because it thinks it should have one, not because it thinks it has value.

Furthermore, (ISC)2 also has a complete lack of transparency about how many potential ethics violations it has investigated and how many members have been warned or expelled. For that matter, I haven't even heard unofficially of anyone losing his or her cert due to ethics violations.

So while by no means do I condone unethical behavior by any security practitioner, I would be surprised to hear that someone lost his or her CISSP certification strictly because of an ethics violation.

For more information:

  • Read more about how to get CPE credits.
  • Check out our free CISSP training materials.
  • This was first published in September 2009

    There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: