CISSP · Question #793
An Information System Security Officer (ISSO) employed by a large corporation, while also freelancing in a similar role for a competitor, violates what canon of the (ISC)2 Code of Professional Ethics?
The correct answer is B. Provide diligent and competent service to principals. Working simultaneously for two competing organizations in the same security role creates a conflict of interest that violates the duty of diligent and competent service to principals under the (ISC)2 Code of Ethics.
Question
Options
- AAdvance and protect the profession
- BProvide diligent and competent service to principals
- CAct honorably, honestly, justly, responsibly, and legally
- DProtect society, the commonwealth, and the infrastructure
How the community answered
(45 responses)- A2% (1)
- B93% (42)
- D4% (2)
Why each option
Working simultaneously for two competing organizations in the same security role creates a conflict of interest that violates the duty of diligent and competent service to principals under the (ISC)2 Code of Ethics.
Canon IV ('Advance and protect the profession') concerns behaviors that reflect on the reputation of the cybersecurity field as a whole, such as discrediting the profession publicly - not conflicts of interest between employers.
The canon 'Provide diligent and competent service to principals' requires members to act in the best interests of their principals (employers/clients) and avoid conflicts of interest. By simultaneously serving a direct competitor, the ISSO cannot provide undivided loyalty, creating a conflict of interest that compromises the confidentiality, integrity, and diligence owed to both organizations as principals.
Canon II ('Act honorably, honestly, justly, responsibly, and legally') addresses personal integrity and lawful conduct broadly; while dual employment may touch on honesty, the more specific and directly applicable canon is the duty owed to principals.
Canon I ('Protect society, the commonwealth, and the infrastructure') pertains to safeguarding the public and critical infrastructure from harm, which is not the primary issue raised by a conflict of interest between two private employers.
Concept tested: (ISC)2 Code of Ethics conflict of interest canon
Source: https://www.isc2.org/ethics
Topics
Community Discussion
No community discussion yet for this question.