CCT 029: Understanding and Adhering to Professional Ethics (CISSP Domain 1) - podcast episode cover

CCT 029: Understanding and Adhering to Professional Ethics (CISSP Domain 1)

CISSP Cyber Training Podcast - CISSP Training Program
Apr 20, 20237 minSeason 1Ep. 29
--:--
--:--
Listen in podcast apps:
Metacast
Spotify
Youtube
RSS

Episode description

Send us a text

In the world of cybersecurity, maintaining professional ethics is paramount. Aspiring CISSP professionals need to understand the importance of ethical behavior and its impact on information security. Join us in this podcast episode as we explore Domain 1 of the CISSP exam, focusing on the fundamental concepts of understanding and adhering to professional ethics.

 

We'll delve into the ethical principles that guide the cybersecurity industry, including integrity, confidentiality, and professional competence. We'll discuss the significance of ethical decision-making, the implications of unethical behavior, and the consequences of non-compliance with industry standards. With insights from seasoned cybersecurity experts, we'll provide real-world examples and scenarios to help you grasp the relevance of professional ethics in the cybersecurity field.

 

Whether you're a cybersecurity professional preparing for the CISSP exam or someone interested in the field of cybersecurity, this episode will provide valuable insights into the ethical foundations of the CISSP certification. Don't miss this opportunity to gain a deeper understanding of professional ethics in the context of CISSP certification. Join us for this thought-provoking discussion on cybersecurity ethics and best practices.

BTW - Get access to all my Training Courses here at:  https://www.cisspcybertraining.com

Want to find Shon Gerber / CISSP Cyber Training elsewhere on the internet?

LinkedIn – www.linkedin.com/in/shongerber

CISSPCyberTraining.com - https://www.cisspcybertraining.com/

Facebook - https://www.facebook.com/CyberRiskReduced/

 

LINKS: 

Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Transcript

CCT 029 - RCR 126 - Adhere to and Promote Professional Ethics (1-4) - CISSP Domain 1.1

[00:00:00] Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action packed informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge.

Alright, let's get started. Let's go. All right, so this is domain 1.1. We're gonna be talking about understanding and adhering to and promoting professional ethics. So these are some of the questions that you can expect to see in the CISSP exam. And so we're gonna kind of roll through all of these, uh, but I'm gonna probably chop 'em up into smaller bites that you'll have access to.

But, uh, we'll just go ahead and get started. So, question number one, what is the primary purpose of a professional code of ethics for information security profess? A, to outline legal requirements for information security professionals. B, to provide guidelines [00:01:00] for ethical decision making in information security.

C, to ensure job security for information security professionals, or D, establish industry standards for informers information security practices. So she noticed all these questions are very similar. Uh, the C stands out pretty quickly about job security. You can throw that one out, but from an ex explanation stand.

The primary purpose of a professional code of ethics for information security professionals is to provide guidelines for ethical decision making. It helps professionals navigate ethical dilemmas and make informed decisions on whereas consistent and ethical principles and values. So the explanation that's B, so the answer is B.

To provide guidelines for ethical decision making in information security so that the, again, legal requirements will change established industry standards. That's usually not under ethics. And C, it's pretty easy to throw out because it's job security. Let's move on to the next question.[00:02:00] 

An information security professional comes across a vulnerability in a system. There are. They are responsible for, However they decide not to disclose to their organization or their system owner, what ethical principle is being violated in this scenario? You can look at, I think it was Uber or one of those, like I had that situation kind of occur.

AA is confidentiality, B is integrity, C is availability, and D is accountability. Mm. Which one is it? So the information security professional comes across a vulnerability in a system where they're responsible for securing, however they decide not to disclose the organization or to the system owner. What ethical principle is being violated in this potential scenario?

A, confidentiality. B, integrity, C, availability, or D accountability. The explanation or answer is D. The ethical principle being violated in this scenario is accountability. Information security professionals [00:03:00] have their due responsibility to be transparent and accountable for their actions. This will bite you if you don't, including promptly disclosing vulnerabilities to the appropriate parties for resolution.

Again, that accountability is a key.

Okay. Question three. What is the role of an information security professional in promoting security awareness among employees? So what is the role of an information security professional in promoting security awareness among employees? A, to develop and implement security policies and procedure? B, to conduct security audits and risk assessments.

C. To provide training and education on a security best practices or D. Monitor and respond to security incidents. So let's answer this. Ask the question one more time. What is the role of information security professional in promoting security awareness among employees? So the role of the professional in promoting security awareness to develop and implement security [00:04:00] policies, to conduct security audits and risk assessments, to provide training and education on security best practices and to provide, respond to security.

So if you look at all three of those, all four of those questions, there's only one that ties into security awareness, and that answer is C. The role of an information security professional in promoting security awareness among employees includes providing training and education on security best practices.

Now I will tell you that doing that is a bit of a challenge at times. Sometimes you have to. Build it into your schedule because it can be very, very challenging. This helps employees understand the importance of security, their responsibilities, and safeguarding information, and how to identify and report security incidents.

All right. Let's move on to the next question.

Question four, which of the following actions by an information security professional would likely be considered a violation of professional? A conducting regular security audits and risk assessments, that [00:05:00] doesn't sound like something that would be ethical or that would be against ethics. B, disclosing the security vulnerability of an appropriate party.

C, sharing confidential information with unauthorized individuals. Mm-hmm. D, implementing security controls to protect sensitive data. So the question again, which of the following actions by an information security professional would likely be considered a violation of the professional? So if you listen to all three of those, conduct regular security audits, not it.

B, disclosing security vulnerability to the appropriate parties, not it. C. Sharing confidential information with unauthorized individuals Probably. And d, implementing security controls to protect sensitive data. That's not it. So the answer would be, C, sharing confidential information with unauthorized individuals would likely be considered a violation of professional ethics.

Hence, the young man in, uh, Massachusetts, who just shared secrets to the United States that will not go well for him. He was going to be going and breaking big rocks into little [00:06:00] rocks. Unfortunately, uh, information security professionals have a responsibility to protect confidential inform. And maintain the confidentiality, integrity, and availability.

Transcript source: Provided by creator in RSS feed: download file