Security and Risk Management Domain Flashcards
What is a condition of (ISC)2 certification
Fully commit to the code of ethics
Protect society, the common good, necessary public trust and confidence and the infrastructure
First canon of ISC2 Code of Ethics
Act honorably, honestly, justly, responsibly and legally
Second canon of ISC2 Code of Ethics
Provide diligent and competent service to principals
Third canon of ISC2 Code of Ethics
Advance and protect the profession
Fourth canon of ISC2 Code of Ethics
Who can make a complaint to ISC
Only an injured party
Code of Ethics: any member of public can complain
Canon I & II
Code of Ethics: employer/contractor can complain
Canon III
Code of Ethics: certified professional can complain
Canon IV
Who reviews Ethics Complaints
ISC2 Ethics Committee
How is complaint submitted
Sworn affidavit that specifies respondent, behavior, canon breached, standing of complainant and any corroborating evidence
Who decides on discipline of members
ISC2 Board of Directors
Perform duties in accordance with existing laws, exercising the highest moral principles
C3 Unified Principles - Integrity
Perform all duties in a fair manner and without prejudice
C3 Unified Principles - Objectivity
Perform services diligently and with professionalism
C3 Unified Principles - Professional Competence and Due Care
Respect and safeguard information and exercise due care to prevent improper disclosure
C3 Unified Principles - Confidentiality
Clarifies an organization’s mission, values, and principles, linking them with standards of conduct
Organizational Code of Conduct
Number of mandatory canons in ISC2 Code of Ethics
`Four canons
Body that investigates and opines on ISC2 Code of Ethics Complaints
ISC2 Ethics Committee
Body that makes final decision regarding ISC2 Code of Ethics complaings
ISC2 Board of Directors
Extreme action that can be taken against ISC2 member
Decertification
What are the fundamental information security principles
Confidentiality, Integrity, Availability CIA
Assurance that information is not disclosed to unauthorized persons, processes, or devices
Confidentiality
Protection from unintentional, unauthorized, or accidental changes
Ìntegrity