CISSP Section 1 Flashcards
(11 cards)
ISC2 Code of Ethics Cannons
- Protect Society the common good, necessary public trust and confidence, and the infrastructure.
- Act honorably, honestly, justly, responsibly, and legally.
- Provide diligent and competent service to principals.
- Advance and protect the profession.
All are equally important. Think PAPA.
Identify the cannon in practice.
Safeguard info and sys. that are essential for public safety and welfare. Consider societal impact. Always do your best, thoroughly analyze sec. needs of assets you are responsible for, finally provide or recommend the necessary sec. to protect all people and assets.
P for Protect everything you are responsible for.
Identify the cannon in practice.
Maintain personal integrity, be clear and transparent, be ethical in approach to infosec, lead by example, hold yourself accountable.
A for Act with good intentions and honorably and if not, why?
Identify the cannon in practice.
Maintain high level of professional competence aka be good at your job.
Stay current with trends
Deliver reliable services to clients; perform high value work, improve and grow sec. skillset, serve employer and clients
P for Provide your best efforts.
Identify the cannon in practice.
Contribute to the growth and maturity of cyber practices, share knowledge mentor and participate in professional organizations, raise info sec awareness within organization.
A for Advance your knowledge and skills and for others too.
Define Ethical Conduct.
Ethical conduct ensures professionals take responsibility for their actions and adhering to them protects the integrity of the professions.
Promote a culture of ethical behavior within organizations.
Regularly reflect on how decision align with CoE.
Imagine a file window opened up from a C:\ and in this drive there is an excel file with account numbers a database file with customer account information, and a word document titled investment opportunity.
In the context of Confidentiality what questions should we ask ourselves?
Can all of the users see this data?
Can users with access to the network see this data?
Can this data be released?
How do the files need to be protected from unauthorized access?
Imagine a file window opened up from a C:\ and in this drive there is an excel file with account numbers a database file with customer account information, and a word document titled investment opportunity.
In the context of Availability what questions should we ask ourselves?
Who can change this data?
How can the file be protected from unauthorized changes?
How important is the data to the company?
Imagine a file window opened up from a C:\ and in this drive there is an excel file with account numbers a database file with customer account information, and a word document titled investment opportunity.
In the context of Integrity what questions should we ask ourselves?
Can this be stored in long-term or does is need to be accessed quickly?
How do we make sure data is available when needed?
What two concepts make up authenticity? Define them.
Authentic: data or actions that come from a legitimate source.
Authenticated: subjects must prove to be authentic through identification and authentication.
Non-repudiation
Undeniable proof: proof that data or actions originated from a subject and cannot be disputed. This is accomplished using cryptography.
