Q

How serious is (ISC)2 about its code of ethics?

One of the many security certification requirements for the CISSP is signing the (ISC)2 code of ethics, but how seriously does (ISC)2 take certificate holders' adherence to that code? David Mortman weighs in.

To receive any (ISC) 2 certification, I have to comply with its code of ethics. Not that I intend to break the code, but how seriously does (ISC) 2 take this code; as in, has anyone you've known had his or her certification revoked, and under what circumstances?

It's hard to say how seriously (ISC)2 takes its code of ethics. Clearly, it gives the impression that it is taken

seriously, but there's not much evidence to support that. On a purely personal level, I don't think it is taken seriously at all. I've written on this issue several times for Information Security magazine. Once in an article entitled "Smoke and mirrors certifications," and again for an article called "Security certifications' ethics programs merely window-dressing."

The articles go into more detail, but essentially, the point is that it's hard to believe (ISC)2 is genuinely concerned with ethics when it doesn't discuss ethics issues in its trainings, it doesn't require any regular review of a certificate holder's adherence to the code of ethics as part of the CPE process, nor does it even require resigning the code of ethics as part of the CPE cycle. When looked at through that lens, it seems to me that (ISC)2 has the requirement because it thinks it should have one, not because it thinks it has value.

Furthermore, (ISC)2 also has a complete lack of transparency about how many potential ethics violations it has investigated and how many members have been warned or expelled. For that matter, I haven't even heard unofficially of anyone losing his or her cert due to ethics violations.

So while by no means do I condone unethical behavior by any security practitioner, I would be surprised to hear that someone lost his or her CISSP certification strictly because of an ethics violation.

For more information:

  • Read more about how to get CPE credits.
  • Check out our free CISSP training materials.
  • This was first published in September 2009

    Dig deeper on CISSP Certification

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close