PRO+ Premium Content/Information Security

Thank you for joining!
Access your Pro+ Content below.
July/August 2007

Perspectives: Smoke and mirrors certifications

Professional organizations use ethics policies to protect their certifications instead of promoting ethical behavior. Every major security certification organization--ISACA, GIAC, (ISC)2 and ASIS--has some sort of ethics requirements, which at first blush appears good for both the security community and the world at large. After all, doctors and lawyers have ethics requirements. And Sarbanes-Oxley requires every employee of every covered company to annually sign off on what is effectively an ethics statement. However, these security organizations seem to use ethics requirements as more of an excuse to protect the certification rather than having any real interest in promulgating ethical behavior by their members or constituencies. These groups like to say that they certify knowledge, not qualifications for employment. However, aside from the Professional Certified Investigator (PCI) from ASIS, which requires the ability to identify potential ethical conflicts in investigations, none of the traditional information security ...

Access this PRO+ Content for Free!

Features in this issue

Columns in this issue