All CISSP candidates should be familiar with the entire ISC 2 Code of Ethics because they have to sign an agreement that they will adhere to this code. We won’t cover the code in depth, but you can find further details about the ISC 2 ’s Code of Ethics at www.isc2.org. You need to visit this site and read the entire code. Code of Ethics Preamble: Safety of the commonwealth, duty to our principals, and to each other requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior. Therefore, strict adherence to this code is a condition of certification. Code of Ethics Canons: Protect society, the commonwealth, and the infrastructure. Security professionals have great social responsibility. We are charged with the burden of ensuring that our actions benefit the common good. Act honorably, honestly, justly, responsibly, and legally. Integrity is essential to the conduct of our duties. We cannot carry out our duties effectively if others within our organization, the security community, or the general public have doubts about the accuracy of the guidance we provide or the motives behind our actions. Provide diligent and competent service to principals. Although we have responsibilities to society as a whole, we also have specific responsibilities to those who have hired us to protect their infrastructure. We must ensure that we are in a position to provide unbiased, competent service to our organization. Advance and protect the profession. Our chosen profession changes on a continuous basis. As security professionals, we must ensure that our knowledge remains current and that we con- tribute our own knowledge to the community’s common body of knowledge. Ethics and the Internet In January 1989, the Internet Advisory Board IAB issued a statement of policy concerning the proper use of the Internet. The contents of this statement are valid even today. It is important that you know the basic contents of the document, titled “Ethics and the Internet,” Request for Com- ment RFC 1087, because most codes of ethics can trace their roots back to this document. The statement is a brief list of practices considered unethical. Where a code of ethics states what you should do, this document outlines what you should not do. RFC 1087 states that any activity with the following purposes is unacceptable and unethical: Seeks to gain unauthorized access to the resources of the Internet Disrupts the intended use of the Internet Wastes resources people, capacity, computer through such actions Destroys the integrity of computer-based information Compromises the privacy of users