Re: Re: MS not telling enough - ethics

["DAN MORRILL" <dan_20407 () msn com>]

Advance and protect the profession

Sponsor for professional advancement those best qualified. All other things 
equal, prefer those who are certified and who adhere to these canons. Avoid 
professional association with those whose practices or reputation might 
diminish the profession.
Take care not to injure the reputation of other professionals through malice 
or indifference.
Maintain your competence; keep your skills and knowledge current. Give 
generously of your time and knowledge in training others.

https://www.isc2.org/cgi-bin/content.cgi?category=12

The language has changed since the last time I have looked, and that is a 
good thing. Thanks for pointing that out as it had been a while since I went 
there. Even though there are 4 canons, the explaination of the code is also 
part of the ethics that they mandate you follow.

Suffice to say, its a good idea, but what real governance power do they 
have? And what harm is it to remove someone's CISSP from them for unethical 
behavior?

Anyone have any statistics they can share on how many people get their CISSP 
revoked due to ethical issues?

Thanks, this is a good discussion.
r/Dan




Sometimes MSN E-mail will indicate that the mesasge failed to be delivered. 
Please resend when you get those, it does not mean that the mail box is bad, 
merely that MSN mail is over worked at the time.






> From: Jeremy Bishop <requiem () praetor org>
> To: full-disclosure () lists grok org uk
> Subject: Re: [Full-disclosure] Re: MS not telling enough - ethics
> Date: Thu, 18 Aug 2005 12:31:04 -0700
>
> On Thursday 18 August 2005 11:31, DAN MORRILL wrote:
>
> > community at large. So who's ethics do we apply, if I was to follow
> > the CISSP code of ethics, in that consorting with non-professionals,
> > would mean that I could not teach information security in college
> > (which I do), nor could I teach what I know to developers or
> > programmers or others who are not information security professionals
> > (which I do) to help them develop better products. One of the reaons
> > why I don't have a CISSP is because of that clause in the code of
> > ethics, I would violate it right and left everytime I got in front of
> > a classroom.
>
> Read over the Code again.  The only mandatory parts are the four canons,
> and it is stated later that the canons are not equal (similar to the
> Three Laws of robotics).  It also states: Compliance with the guidance
> is neither necessary nor sufficient for ethical conduct.
>
> Given the Code as currently presented on the isc2.org site, I see
> nothing 'unethical' about teaching others.  In fact, to treat the
> non-consort clause as banning the activities you mentioned above would
> ignore the precedence rules given for the canons, and could be
> considered, in some small way, as going against the first and second
> canons.
>
> On a side note, the ordering of the first and second canons seems to
> suggest a sanctioning of... how best to say this... "chaotic good"
> behaviors in appropriate situations.  Would a CISSP care to comment on
> this?
>
> --
> The Write Many, Read Never drive.  For those people that don't know
> their system has a /dev/null already.
>               -- Rik Steenwinkel, singing the praises of 8mm Exabytes
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar – get it now! 
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/