C841 Task2 v3 - Legal Issues in Information Security Task 2

IHP3 Task 2: Ethics and Cybersecurity A1a. Ethical Guidelines and Other Organizations The International Information System Security Certification Consortium, Inc (ISC)² founded in 1989 is the world’s leading Cybersecurity Professional Organization. ISC² established a cybersecurity framework that integrates elements of security through industry-recognized certifications. Instituted as the cybersecurity standard, ISC² influenced the information security industry and developed the ISC2 Code of Ethics Canon. Protecting and safeguarding public trust and confidence in securing critical infrastructure is one of the four canons. Showing strict regard for what is morally right even when it's difficult is demonstrated through the understanding of the second canon. Avoiding conflicts of interest and providing services based on individual competency and qualification ensures adherence to the third canon, to “Provide diligent and competent service to principals”. Committing to professional growth by keeping skills and knowledge current and practicing professional ethics through the training of others is the guidance offered in the fourth canon, “Advance and protect the profession” (Cybersecurity and IT security certifications and training: (ISC)²). The second canon from ISC2, Act honorably, honestly, justly, responsibly, and legally is used to demonstrate how TechFite should have conducted its business practices. On two separate occasions, Carl Jaspers the head of the Applications Division for TechFite met with two potential clients, Orange Leaf Software LLC and Union City Electronic Ventures. The meetings were held to discuss the possibility of hiring TechFite for consulting services. In both cases, Carl Jaspers signed Non-Disclosure Agreements (NDAs) protecting sensitive or proprietary information from being shared before discussions about technical details occurred. TechFite produced 2lOMoAR cPSD| questionnaires for both clients to complete during the pre-consultation process and once filled out, included technical information about Orange Leafs and Union City Electronic Ventures products. After neither company decided to hire TechFite, proprietary information from the questionnaires was leaked to competitors that were releasing similar products to the market. TechFite needed to use basic moral judgments and not break the NDA to have passed the ISC2 second canon. The Information Systems Security Association, Inc. (ISSA) promotes practices to guarantee the privacy, reliability, and accessibility of organizational information assets. To accomplish the objectives, members of the organization reflect the highest principles of ethical behavior. The ISSA established mandatory compliance to the Code of Ethics as a precondition for sustained participation and association. The ISSA Code of Ethics delivers the framework on how to perform all professional activities and duties by following all applicable laws with the highest ethical principles. They support generally recognized information security b