WEBVTT 00:00:01.170 --> 00:00:04.240 Let's take a look at the ISC squared Code of Ethics, 00:00:04.420 --> 00:00:06.930 the final part of our Security Principles for the 00:00:06.930 --> 00:00:09.720 Certified in Cybersecurity certification. 00:00:10.650 --> 00:00:15.500 We've looked at a lot of parts of good governance and one of those is to ensure 00:00:15.510 --> 00:00:18.950 we also have professional ethics we are expected to follow. 00:00:20.330 --> 00:00:25.710 The idea of the ISC squared code of ethics is that it guides our behavior. 00:00:26.120 --> 00:00:30.260 It helps us to know what is ethical, and remember, 00:00:30.260 --> 00:00:32.850 ethics is not the same as law. 00:00:33.090 --> 00:00:35.160 Law can influence ethics, 00:00:35.160 --> 00:00:38.920 but law says this is what you're allowed or not allowed to do, 00:00:39.440 --> 00:00:43.240 but ethics are more what do you believe to be right or wrong? 00:00:43.670 --> 00:00:47.320 And one of the reasons that ISC squared, like most professional 00:00:47.320 --> 00:00:52.390 organizations, must have a code of ethics is because everybody can 00:00:52.390 --> 00:00:55.820 have a different idea of right and wrong. 00:00:56.300 --> 00:00:59.380 And we want, as members of this consortium, 00:00:59.580 --> 00:01:05.990 to all have a similar baseline for what is acceptable or unacceptable behaviors. 00:01:06.760 --> 00:01:10.330 So the ISC squared code quite simply says, 00:01:10.460 --> 00:01:14.900 all information security professionals who are certified by ISC squared 00:01:14.900 --> 00:01:18.870 recognize that such certification is a privilege. 00:01:19.310 --> 00:01:22.320 It must be both earned and maintained. 00:01:23.090 --> 00:01:24.780 In support of this principle, 00:01:24.790 --> 00:01:28.480 all ISC squared members are required to commit to 00:01:28.480 --> 00:01:31.650 fully support this code of ethics, the code. 00:01:32.940 --> 00:01:37.910 ISC squared members who intentionally or knowingly violate any provision of 00:01:37.910 --> 00:01:42.170 the code will be subject to action by a peer review panel. 00:01:42.610 --> 00:01:45.910 This may result in the revocation of certification. 00:01:47.000 --> 00:01:51.820 If you observe any actions by an ISC squared member that breach the code, 00:01:52.120 --> 00:01:56.680 you are obligated as an ISC squared member to follow 00:01:56.680 --> 00:01:58.650 the ethical complaint procedure. 00:01:59.260 --> 00:02:04.920 Failure to do so may be considered a breach of the code pursuant to Canon IV. 00:02:05.910 --> 00:02:10.000 There are only four mandatory canons in the code described. 00:02:10.380 --> 00:02:12.100 By necessity, 00:02:12.110 --> 00:02:16.140 such high‑level guidance is not intended to be a substitute for 00:02:16.140 --> 00:02:18.790 the ethical judgment of the professional. 00:02:19.550 --> 00:02:24.280 This is testable on the exam and it's good for us to be familiar 00:02:24.380 --> 00:02:27.920 with what ISC squared code of ethics require. 00:02:28.970 --> 00:02:32.610 We start off with a preamble and introduction, 00:02:33.320 --> 00:02:37.670 and it says here the safety and welfare of society and the common good, 00:02:38.370 --> 00:02:44.390 duty to our principles and duty to each other requires that we adhere and be 00:02:44.390 --> 00:02:48.570 seen to adhere to the highest ethical standards of behavior. 00:02:49.310 --> 00:02:54.200 Therefore, strict adherence to this code is a condition of certification. 00:02:55.170 --> 00:02:58.640 The four canons are in order of importance. 00:02:58.850 --> 00:03:02.360 The most important says that you will protect society, 00:03:02.630 --> 00:03:07.290 the common good, necessary public trust and confidence, 00:03:07.290 --> 00:03:08.500 and the infrastructure. 00:03:09.370 --> 00:03:13.060 The second most important is that you will act honorably, 00:03:13.070 --> 00:03:16.820 honestly, justly, responsibly, and legally. 00:03:17.700 --> 00:03:20.750 The third is that we will provide diligent and 00:03:20.750 --> 00:03:24.310 competent service to our principles, to principles, 00:03:24.380 --> 00:03:27.520 our employers, our customers, for example. 00:03:27.660 --> 00:03:31.250 And we will advance and protect the profession. 00:03:32.360 --> 00:03:33.670 The idea, of course, 00:03:33.680 --> 00:03:39.950 is that these guide our behaviors in a way that can help 00:03:39.950 --> 00:03:43.090 us to make good judgment decisions. 00:03:44.620 --> 00:03:49.340 The idea of ethics has often been based on this concept of do no harm. 00:03:49.710 --> 00:03:53.140 I shouldn't do something that harms another person. 00:03:54.060 --> 00:03:57.610 In security, we often do have to harm another person. 00:03:58.130 --> 00:04:01.440 If we find a breach of some type of, should we say, 00:04:01.440 --> 00:04:02.270 policy, 00:04:02.440 --> 00:04:07.400 it could be that we have to report that person and that is difficult for us. 00:04:07.980 --> 00:04:12.140 But we also know that in order to protect society, 00:04:12.150 --> 00:04:15.000 we must address the things where a person doesn't 00:04:15.000 --> 00:04:17.010 follow the standards of society. 00:04:17.690 --> 00:04:20.760 So that complaint would go before an ethics committee. 00:04:21.500 --> 00:04:24.880 The ethics committee will advise the board of directors, 00:04:24.990 --> 00:04:28.860 and the board of directors would make a final decision on whether or 00:04:28.860 --> 00:04:31.980 not any form of disciplinary action should be taken, 00:04:32.120 --> 00:04:35.510 such as the removal of the person's certification. 00:04:37.270 --> 00:04:38.600 The key points review. 00:04:39.490 --> 00:04:46.200 The core concept of ethics is do no harm and all certification holders should 00:04:46.200 --> 00:04:51.610 be familiar with a content and intent of the code of ethics.