Which of the following statements pertaining to the (ISC)2 Code of Ethics is incorrect?

A.
All information systems security professionals who are certified by (ISC)2 recognize that such a
certification is a privilege that must be both earned and maintained.

B.
All information systems security professionals who are certified by (ISC)2 shall provide diligent
and competent service to principals.

C.
All information systems security professionals who are certified by (ISC)2 shall discourage such
behavior as associating or preparing to associate with criminals or criminal behavior.

D.
All information systems security professionals who are certified by (ISC)2 shall promote the
understanding and acceptance of prudent information security measures.

Explanation:
This is not one of the statements of the ISC2 code of Ethics, ISC2 certified people is
free to get in association with any person and any party they want. ISC2 thinks that their certified
people must have liberty of choice in their associations. However ISC2 ask the certified
professionals to promote the certification and the understanding and acceptance of security
measures, they also ask the certified people to provide competent services and be proud of their
exclusive ISC2 certified professional status.
I think is very fair, you are free to who where you want, with the people you want, but always be
proud of your certification and your skills as a security professional.
Code from ISC web site.
“All information systems security professionals who are certified by (ISC)2 recognize that such
certification is a privilege that must be both earned and maintained. In support of this principle, all
Certified Information Systems Security Professionals (CISSPs) commit to fully support this Code
of Ethics. CISSPs who intentionally or knowingly violate any provision of the Code will be subject
to action by a peer review panel, which may result in the revocation of certification.
There are only four mandatory canons in the code. By necessity such high-level guidance is not

intended to substitute for the ethical judgment of the professional.
Additional guidance is provided for each of the canons. While this guidance may be considered by
the Board in judging behavior, it is advisory rather than mandatory. It is intended to help the
professional in identifying and resolving the inevitable ethical dilemmas that will confront him/her.
Code of Ethics Preamble:
* Safety of the commonwealth, duty to our principals, and to each other requires that we adhere,
and be seen to adhere, to the highest ethical standards of behavior.
* Therefore, strict adherence to this code is a condition of certification.
Code of Ethics Canons:
* Protect society, the commonwealth, and the infrastructure.
* Act honorably, honestly, justly, responsibly, and legally.
* Provide diligent and competent service to principals.
* Advance and protect the profession.
The following additional guidance is given in furtherance of these goals.
Objectives for Guidance
In arriving at the following guidance, the committee is mindful of its responsibility to:
* Give guidance for resolving good v. good and bad v. bad dilemmas.
* To encourage right behavior such as:
* Research
* Teaching
* Identifying, mentoring, and sponsoring candidates for the profession
* Valuing the certificate
* To discourage such behavior as:
* Raising unnecessary alarm, fear, uncertainty, or doubt
* Giving unwarranted comfort or reassurance
* Consenting to bad practice
* Attaching weak systems to the public net
* Professional association with non-professionals
* Professional recognition of or association with amateurs
* Associating or appearing to associate with criminals or criminal behavior
However, these objectives are provided for information only; the professional is not required or
expected to agree with them.
In resolving the choices that confront him, the professional should keep in mind that the following
guidance is advisory only. Compliance with the guidance is neither necessary nor sufficient for
ethical conduct.
Compliance with the preamble and canons is mandatory. Conflicts between the canons should be
resolved in the order of the canons. The canons are not equal and conflicts between them are not
intended to create ethical binds.
Protect society, the commonwealth, and the infrastructure
* Promote and preserve public trust and confidence in information and systems.

* Promote the understanding and acceptance of prudent information security measures.
* Preserve and strengthen the integrity of the public infrastructure.
* Discourage unsafe practice.
Act honorably, honestly, justly, responsibly, and legally
* Tell the truth; make all stakeholders aware of your actions on a timely basis.
* Observe all contracts and agreements, express or implied.
* Treat all constituents fairly. In resolving conflicts, consider public safety and duties to principals,
individuals, and the profession in that order.
* Give prudent advice; avoid raising unnecessary alarm or giving unwarranted comfort. Take care
to be truthful, objective, cautious, and within your competence.
* When resolving differing laws in different jurisdictions, give preference to the laws of the
jurisdiction in which you render your service.
Provide diligent and competent service to principals
* Preserve the value of their systems, applications, and information.
* Respect their trust and the privileges that they grant you.
* Avoid conflicts of interest or the appearance thereof.
* Render only those services for which you are fully competent and qualified.
Advance and protect the profession
* Sponsor for professional advancement those best qualified. All other things equal, prefer those
who are certified and who adhere to these canons. Avoid professional association with those
whose practices or reputation might diminish the profession.
* Take care not to injure the reputation of other professionals through malice or indifference.
•Maintain your competence; keep your skills and knowledge current. Give generously of your time
and knowledge in training others.