Full Disclosure mailing list archives
Re: Re: MS not telling enough - ethics
From: "DAN MORRILL" <dan_20407 () msn com>
Date: Thu, 18 Aug 2005 19:52:29 +0000
Advance and protect the professionSponsor for professional advancement those best qualified. All other things equal, prefer those who are certified and who adhere to these canons. Avoid professional association with those whose practices or reputation might diminish the profession. Take care not to injure the reputation of other professionals through malice or indifference. Maintain your competence; keep your skills and knowledge current. Give generously of your time and knowledge in training others.
https://www.isc2.org/cgi-bin/content.cgi?category=12The language has changed since the last time I have looked, and that is a good thing. Thanks for pointing that out as it had been a while since I went there. Even though there are 4 canons, the explaination of the code is also part of the ethics that they mandate you follow.
Suffice to say, its a good idea, but what real governance power do they have? And what harm is it to remove someone's CISSP from them for unethical behavior?
Anyone have any statistics they can share on how many people get their CISSP revoked due to ethical issues?
Thanks, this is a good discussion. r/DanSometimes MSN E-mail will indicate that the mesasge failed to be delivered. Please resend when you get those, it does not mean that the mail box is bad, merely that MSN mail is over worked at the time.
From: Jeremy Bishop <requiem () praetor org> To: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Re: MS not telling enough - ethics Date: Thu, 18 Aug 2005 12:31:04 -0700 On Thursday 18 August 2005 11:31, DAN MORRILL wrote: > community at large. So who's ethics do we apply, if I was to follow > the CISSP code of ethics, in that consorting with non-professionals, > would mean that I could not teach information security in college > (which I do), nor could I teach what I know to developers or > programmers or others who are not information security professionals > (which I do) to help them develop better products. One of the reaons > why I don't have a CISSP is because of that clause in the code of > ethics, I would violate it right and left everytime I got in front of > a classroom. Read over the Code again. The only mandatory parts are the four canons, and it is stated later that the canons are not equal (similar to the Three Laws of robotics). It also states: Compliance with the guidance is neither necessary nor sufficient for ethical conduct. Given the Code as currently presented on the isc2.org site, I see nothing 'unethical' about teaching others. In fact, to treat the non-consort clause as banning the activities you mentioned above would ignore the precedence rules given for the canons, and could be considered, in some small way, as going against the first and second canons. On a side note, the ordering of the first and second canons seems to suggest a sanctioning of... how best to say this... "chaotic good" behaviors in appropriate situations. Would a CISSP care to comment on this? -- The Write Many, Read Never drive. For those people that don't know their system has a /dev/null already. -- Rik Steenwinkel, singing the praises of 8mm Exabytes _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_________________________________________________________________FREE pop-up blocking with the new MSN Toolbar get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: MS not telling enough Jason Coombs (Aug 18)
- Re: Re: MS not telling enough TheGesus (Aug 18)
- Re: Re: MS not telling enough J u a n (Aug 18)
- Re: Re: MS not telling enough - ethics DAN MORRILL (Aug 18)
- Re: Re: MS not telling enough - ethics TheGesus (Aug 18)
- Re: Re: MS not telling enough - ethics Jeremy Bishop (Aug 18)
- Re: Re: MS not telling enough - ethics DAN MORRILL (Aug 18)
- Re: Re: MS not telling enough - ethics J.A. Terranson (Aug 18)
- Re: Re: MS not telling enough - ethics Ivan . (Aug 18)
- Re: Re: MS not telling enough - ethics security curmudgeon (Aug 19)
- Re: Re: MS not telling enough - ethics Ivan . (Aug 21)
- morphed into certification argument (was : MS not telling enough - ethics) Michael Holstein (Aug 19)
- Re: Re: MS not telling enough - ethics DAN MORRILL (Aug 18)
- Re: not telling enough - ethics Bennett Todd (Aug 18)
- <Possible follow-ups>
- Re: Re: MS not telling enough tuytumadre (Aug 18)
- Re: Re: MS not telling enough James Tucker (Aug 19)