Skip to content

Page035

The (ISC)²® Code of Ethics Canons in Detail

The first, and therefore most important, canon of the (ISC)²® Code of Ethics requires the information security professional to “protect society, the common good, necessary public trust and confidence, and the infrastructure” [7]. The focus of the first canon is on the public and their understanding and faith in information systems. Security professionals are charged with the promoting of safe security practices and bettering the security of systems and infrastructure for the public good.

The second canon in the (ISC)²® Code of Ethics charges information security professionals to “act honorably, honestly, justly, responsibly, and legally” [7]. This canon is straightforward, but there are a few points worth emphasizing here. One point that is detailed within this canon is related to laws from different jurisdictions being found to be in conflict. The (ISC)²® Code of Ethics suggests that priority be given to the jurisdiction in which services are being provided. Another point made by this canon is related to providing prudent advice, and cautioning the security professional from unnecessarily promoting fear, uncertainty, and doubt.

The (ISC)²® Code of Ethics’ third canon requires that security professionals “provide diligent and competent service to principals” [7]. The primary focus of this canon is ensuring that the security professional provides competent service for which she is qualified, and which maintains the value and confidentiality of information and the associated systems. An additional important consideration is to ensure that the professional does not have a conflict of interest in providing quality services.

The fourth and final canon in the (ISC)²® Code of Ethics mandates that information security professionals “advance and protect the profession” [7]. This canon requires that the security professionals maintain their skills and advance the skills and knowledge of others. An additional consideration that warrants mention is that this canon requires that individuals ensure not to negatively impact the security profession by associating in a professional fashion with those who might harm the profession.

Exam Warning:
The (ISC)²® Code of Ethics is highly testable, including applying the canons in order. You may be asked for the “best” ethical answer, when all answers are ethical, per the canons. In that case, choose the answer that is mentioned first in the canons. Also, the most ethical answer is usually the best: hold yourself to a very high ethical level on questions posed during the exam.

Computer Ethics Institute

The Computer Ethics Institute provides their “Ten Commandments of Computer Ethics” as a code of computer ethics. The code is both short and straightforward. Both the name and format are reminiscent of the Ten Commandments of Judaism, Christianity, and Islam, but there is nothing overtly religious in nature about the Computer Ethics Institute’s Ten Commandments. The Computer Ethics Institute’s Ten Commandments of Computer Ethics are:

  1. Thou shalt not use a computer to harm other people.
  2. Thou shalt not interfere with other people’s computer work.
  3. Thou shalt not snoop around in other people’s computer files.
  4. Thou shalt not use a computer to steal.
  5. Thou shalt not use a computer to bear false witness.
  6. Thou shalt not copy or use proprietary software for which you have not paid.
  7. Thou shalt not use other people’s computer resources without authorization or proper compensation.
  8. Thou shalt not appropriate other people’s intellectual output.
  9. Thou shalt think about the social consequences of the program you are writing or the system you are designing.
  10. Thou shalt always use a computer in ways that ensure consideration and respect for your fellow humans [8].

IAB’s Ethics and the Internet

Much like the fundamental protocols of the Internet, the Internet Activities Board’s (IAB) code of ethics, Ethics and the Internet, is defined in an RFC document. RFC 1087, Ethics and the Internet, was published in 1987 to present a policy relating to ethical behavior associated with the Internet. The RFC is short and easy to read, and provides five basic ethical principles. According to the IAB, the following practices would be considered unethical behavior if someone purposely:

  • Seeks to gain unauthorized access to the resources of the Internet;
  • Disrupts the intended use of the Internet;
  • Wastes resources (people, capacity, computer) through such actions;
  • Destroys the integrity of computer-based information;
  • Compromises the privacy of users [9].