CERTIFIED-IN-CYBERSECURITY Question #365: Real Exam Question with Answer & Explanation

Question

A security analyst discovers a vulnerability in a client's system but decides to withhold the information, fearing negative publicity for the client. Which ISC2 Code of Ethics Canon has the analyst potentially violated?

Options

• AProvide diligent and competent service to principals
• BAct honorably, honestly, justly, responsibly, and legally
• CAdvance and protect the profession
• DProtect society, the common good, necessary public trust and confidence, and the infrastructure

Explanation

The analyst may have violated the (ISC)?Code of Ethics canon that requires members to";render diligent and competent service to principals" (see ISC2 Study Guide, Module 5, under Professional Code of Conduct). By withholding information about a vulnerability, the analyst is not providing diligent service to the client, as it is the analyst's responsibility to inform the client of any vulnerabilities discovered, regardless of potential negative publicity. For example, if the analyst discovers a vulnerability that could allow unauthorized access to sensitive customer data, withholding this information could result in a data breach. This would not only damage the client's reputation, but could also have legal and financial consequences. Instead, the analyst should inform the client of the vulnerability and work with them to address it quickly and effectively. As for the other options, "Act honorably, honestly, justly, responsibly, and legally," could be applicable but is not as directly relevant. Then, "Protect society, the common good, necessary public trust and confidence, and the infrastructure," is not the best fit as it is more about the broader impact of the profession on society and infrastructure. Finally, "Advance and protect the profession," is more about the overall growth and integrity of the cybersecurity profession, not specific to the analyst-client relationship.

No community discussion yet for this question.