ISC or Organization Code of Ethics?
Hello CISSP Champs.
I have a question, If ISC and organization Code of Ethics conflicts between each other, who is taking over?
I have a question, If ISC and organization Code of Ethics conflicts between each other, who is taking over?
Comments
-
ic3scrap3r Member Posts: 6 ■□□□□□□□□□I'll offer my opinion on this one.
As a CISSP you must ALWAYS follow the ISC CoE. However, if the organization's code is "tighter" or "more restrictive", I think as an employee or contract worker you could ethically follow the organization CoE. By doing so you would still be compliant with the ISC CoE.
If the organization's code is less ethical than the ISC CoE, you cannot follow the organization's CoE. If you knowingly violate the ISC CoE, they can (and should) pull your credentials. To paraphrase 'Gone in 60 Seconds', you have "found yourself smack-dab in the middle of a moral dilema". You can follow the organization's CoE and keep your job but risk your CISSP credentials or follow ISC CoE and lose your job but keep your CISSP.
To be clear, this is my personal opinion. It is how I intend to act as a CISSP. -
gespenstern Member Posts: 1,243 ■■■■■■■■□□Easy to solve, CoE has priorities, top ones always beating bottom ones. Respect for principals is on 3rd place, while protecting society and public good is on 1st.
Therefore, **** your principals if they insist that you should do something against society and public good.
Good example that I can recall from recent days is CISO of Intuit who intentionally refused to introduce security controls that would prevent tax fraudsters from filing fraudulent tax returns and getting money. His name is Indu Kodukula. If you meet him -- make sure that you kick his ass.
Oh, an never use Intuit's TurboTax for tax preparation...