Certified Information Systems Security Professional (CISSP) is a certification for those who wish to pursue a career in professional information security policy and procedure development. It is governed by the nonprofit information security organization International Information Systems Security Certification Consortium, also known as (ISC)2. Professionals certified by (ISC)2 are required to adhere to a code of ethics that has four canons; violations of the canons may lead to a loss of certification.
The first canon of the (ISC)2 Code of Ethics is to "protect society, the commonwealth, and the infrastructure." In short, CISSPs must promote public trust in information and systems, as well as the understanding of proper information security measures. They must also discourage unsafe information security practices and strengthen the integrity of the public infrastructure.
The second canon is to "act honorably, honestly, justly, responsibly, and legally." CISSPs must tell the truth, as well as honor all commitments and agreements. Their advice must be given prudently and without unnecessary alarming. They must be objective and fair with those they deal with and in the advice they give, and when resolving laws in different jurisdictions, the laws of the current jurisdiction must take precedence.
The third canon is to "provide diligent and competent service to principals." This means that CISSPs must avoid conflicts of interest while respecting the trust placed in them as well as the value of systems and information. CISSPs are also obligated to render services only when they are fully competent and qualified to do so.
The fourth canon is to "advance and protect the profession." A CISSP must respect the reputations of other professionals and sponsor those best qualified for advancement. Conversely, a CISSP should avoid professional association with those who degrade the profession. Above all, a CISSP should keep his own skills and knowledge sharp and current while giving generously of his time and knowledge to others.