Q
Problem solve Get help with specific problems with your technologies, process and projects.

How serious is (ISC)2 about its code of ethics?

One of the many security certification requirements for the CISSP is signing the (ISC)2 code of ethics, but how seriously does (ISC)2 take certificate holders' adherence to that code? David Mortman weighs in.

To receive any (ISC)2 certification, I have to comply with its code of ethics. Not that I intend to break the code, but how seriously does (ISC) 2 take this code; as in, has anyone you've known had his or her certification revoked, and under what circumstances?

It's hard to say how seriously (ISC)2 takes its code of ethics. Clearly, it gives the impression that it is taken seriously, but there's not much evidence to support that. On a purely personal level, I don't think it is taken seriously at all. I've written on this issue several times for Information Security magazine. Once in an article entitled "Smoke and mirrors certifications," and again for an article called "Security certifications' ethics programs merely window-dressing."

The articles go into more detail, but essentially, the point is that it's hard to believe (ISC)2 is genuinely concerned with ethics when it doesn't discuss ethics issues in its trainings, it doesn't require any regular review of a certificate holder's adherence to the code of ethics as part of the CPE process, nor does it even require resigning the code of ethics as part of the CPE cycle. When looked at through that lens, it seems to me that (ISC)2 has the requirement because it thinks it should have one, not because it thinks it has value.

Furthermore, (ISC)2 also has a complete lack of transparency about how many potential ethics violations it has investigated and how many members have been warned or expelled. For that matter, I haven't even heard unofficially of anyone losing his or her cert due to ethics violations.

So while by no means do I condone unethical behavior by any security practitioner, I would be surprised to hear that someone lost his or her CISSP certification strictly because of an ethics violation.

For more information:
 

This was last published in September 2009

Dig Deeper on Information security certifications, training and jobs

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

I am preparing for CISSP and visited the ISC2 official web site for the Code the Ethics and found some typo from the Code of Ethics Preamble that reads as follows:

"The safety and welfare of society and the common good, duty to our principles, and to each other, requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior."

Is the "principles" a typo of "Principals"?

I am not an English native speaker but I don't think ISC2 take it serious in terms of this critical typo, if so, from the preamble.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close