Читать книгу The Official (ISC)2 SSCP CBK Reference - Mike Wills - Страница 25

Your day-to-day journey along the roadmap of security operations and administration must keep one central ideal clearly in focus. Every day that you serve as an information security professional, you make or influence decisions. Every one of those decision moments is an opportunity or a vulnerability; it is a moment in which you can choose to do the technically and ethically correct thing or the expedient thing. Each of those decision moments is a test for you.

Those decisions must be ethically sound; yes, they must be technically correct, cost-effective, and compliant with legal and regulatory requirements, but at their heart they must be ethical. Failure to do so puts your professional and personal integrity at risk, as much as it puts your employer's or your clients' reputation and integrity at risk.

Being a security professional requires you to work, act, and think in ways that comply with and support the codes of ethics that are fundamental parts of your workplace, your profession, and your society and culture at large. Those codes of ethics should harmonize with if not be the fundamental ethical values and principles you live your life by—if they do not, that internal conflict in values may make it difficult if not impossible to achieve a sense of personal and professional integrity! Professional and personal integrity should be wonderfully, mutually self-reinforcing.

Let's first focus on what ethical decision-making means. This provides a context for how you, as an SSCP, comply with and support the (ISC)² Code of Ethics in your daily work and life. We'll see that this is critical to being able to live up to and fulfill the “three dues” of your responsibilities: due care, due diligence, and due process.