This section reviews some of the ethical standards and codes that a CISSP should be aware of. Ethics are a set of principles of right conduct. Ethical standards are sometimes different than legal standards: Laws define what we must do, whereas ethics define what we should do. CISSPs should uphold high ethical standards and promote these ethical standards in others. Some of the ways CISSPs can help promote proper ethical behavior include making sure that organizations have guides to computer ethics, ensuring that ethical issues are included in employee handbooks, promoting computer ethics training, and helping to develop ethical policies on issues such as email and other privacy-related topics. With that being said, you must also remember that not everyone will always act ethically.
Some of the reasons you might hear include the following common ethical fallacies:
ISC2 Code of Ethics
It's a requirement for CISSP candidates to subscribe to and support the ISC2 Code of Ethics, which states that a CISSP should
Exam candidates must read the full Code of Ethics because the exam always includes one or two questions related to the code. It is located at www.isc2.org/cgi/content.cgi?category=12.
Computer Ethics Institute
The Computer Ethics Institute is a group that focuses specifically on ethics in the technology industry. Its website, www.cosr.org, lists the following Ten Commandments of Computer Ethics:
Exam candidates are advised to read the Ten Commandments of Computer Ethics and be able to differentiate it from the ISC2 Code of Ethics.
Internet Activities Board
RFC 1087 was published by the Internet Activities Board (IAB) in January 1987. Its goal is to characterize unethical and unacceptable behavior. It states that the following activities are unethical:
Print and review RFC 1087 before you attempt the CISSP exam. It is available at www.faqs.org/rfcs/rfc1087.html.