CERTIFIED-IN-CYBERSECURITY · Question #174
CERTIFIED-IN-CYBERSECURITY Question #174: Real Exam Question with Answer & Explanation
The correct answer is C: Company management. The code of ethics requires security professionals to be honest, but not to behave as law enforcers. The violation of a company's security policy should be reported and handled within the company itself (this will typically involve the human resources, legal, and/or management de
Question
A security professional should report violations of a company's security policy to:
Options
- AA court of law
- BThe ISC Ethics Committee
- CCompany management
- DNational authorities
Explanation
The code of ethics requires security professionals to be honest, but not to behave as law enforcers. The violation of a company's security policy should be reported and handled within the company itself (this will typically involve the human resources, legal, and/or management departments) (see ISC2 Study Guide, chapter 2, module 1). Moreover, only individuals can be reported to the (ISC)?Ethics Committee (not companies). National authorities can only deal with direct violations of laws and regulations.
Topics
Community Discussion
No community discussion yet for this question.