🏠 Back to Exam Syllabus 📺 RooCloud on YouTube 🌐 RooCloud Practice Exams

CISSP 19.3 - Ethics

This episode of the ISC2 Certified Information Systems Security Professional (CISSP) exam prep series explores the ethics that govern the profession, drawn from Domain 7. It examines why ethics matter when access is enormous, how organizational and certification codes are structured, how complaints are judged, and how both new AI questions and classic frameworks keep authority worthy of the trust behind it.

What this episode covers

Watch the full episode above for the worked examples and detailed explanations of each concept.

Frequently Asked Questions

Why do ethics matter so much in security?

Ethics matter because you occupy a position of deep trust, with the access to read email, unlock doors, and watch every keystroke. Ethics are the moral rules that guide your conduct when no one is watching, and they earn the trust your job depends on. These codes are not laws but minimum standards of behavior, a floor beneath your judgment rather than a ceiling.

What does an organizational code of ethics look like?

Nearly every organization publishes a code of ethics to guide daily conduct, either as a formal ethics statement or living inside its policies and procedures. A standalone code is usually high-level, offering broad direction rather than answers to every situation, with detailed policies filling the gaps. A government example demands loyalty to country above person or party, honest effort, and refusal of favors that could sway official duties.

What does the ISC2 code of ethics demand?

The ISC2 code of ethics sets the standard of conduct every certified professional agrees to uphold, and signing on is a condition of holding the certification. It opens with a preamble, then lays out four canons in a deliberate order: protect society and the common good, act honorably and legally, provide diligent and competent service to those who hire you, and advance and protect the profession. Society comes first, then clients, then the profession.

How are ethics complaints handled?

Complaints follow a formal process built on the four canons and must name the specific canon that was breached. A rule of standing means only someone actually injured by the behavior may complain. Any member of the public may file under the first two canons, only an employer or contractual party may file under the third, and any licensed professional may file under the fourth. Complaints come as sworn affidavits, and violations can cost someone their certification.

What new questions does artificial intelligence raise?

Artificial intelligence opens a new frontier of ethical responsibility because AI systems automate decisions and must earn trust like any professional. A leading risk management framework stresses that AI must be sound and dependable, accountable and transparent, with human oversight and an explainable path from data to conclusion. Organizations carry a duty to detect and correct algorithmic bias, and a dedicated management-system standard helps bake ethical principles into governance.

📚 Master the ISC2 CISSP Exam!

Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISC2 CISSP certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.


Reference: This article is based on concepts discussed in CISSP 19.3 - Ethics.