Today I received an email from the International Information Systems Security Certification Consortium, Inc., ISC(2), that read, in part:
"The purpose of this notice is to provide information regarding the status of your (ISC)² certification.
Our records indicate that your anniversary date is near and your Annual Maintenance Fees are current. As you are aware, a total of 120 Continuing Professional Education (CPE) credits, of which at least 80 must be Type 'A' credits, are required to be submitted during each three year certification period in order to maintain your credential. Our records indicate that, based upon your CPE submissions to date, you are not on track to meet your recertification requirements at the end of the three year period. We urge you to pay close attention to this matter to avoid the expiration of your CISSP credential."
OH NO! Time for me to log in to the ISC(2) Web site to record in some of the hundreds of CPEs I haven't logged. However, as soon as I entered my credentials, I see this:
IT IS IMPERATIVE THAT YOU CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS. IF YOU ACCEPT ALL OF THE TERMS AND CONDITIONS CONTAINED IN THIS AGREEMENT, INDICATE BY SELECTING THE "ACCEPT" BUTTON AT THE BOTTOM OF THIS AGREEMENT. IF YOU DO NOT ACCEPT ALL OF THE TERMS AND CONDITIONS CONTAINED HEREIN, INDICATE BY SELECTING "DECLINE". IF YOU DO NOT ACCEPT THE TERMS OF THIS AGREEMENT, YOU SHALL NOT OBTAIN CERTIFICATION AND YOU MAY NOT USE THE CISSP, SSCP or CAP LOGOS.
This Certification Agreement ("Certification Agreement") is entered into as of the date set forth ("Effective Date") on the Application Agreement ("Application Agreement") by and between the undersigned ("Certification Candidate") and the International Information Systems Security Certification Consortium, Inc. "(ISC)²".
This doesn't look so great. As I read through the text (which you can retrieve as a .pdf here, I find this section (all emphasis additions are mine):
6.1 Certification Candidate agrees that to the extent (ISC)² previously disclosed or currently or subsequently discloses to the Certification Candidate, or the Certification Candidate learns from (ISC)², information relating to (ISC)²'s Exams, products or sensitive aspects of (ISC)²'s business (including without limitation, computer programs, names and expertise of employees and consultants, know-how, business, financial, customer and product development plans, forecasts, questions, answers, worksheets, computations, drawings, diagrams, length and/or number of Exam segments and/or questions, or any communication, including verbal communication regarding or related to the Exam, the identity of Exam administrators, and other Exam takers, price and cost data, price and fee amounts, pricing and billing policies, marketing techniques, future plans and potential strategies of (ISC)² which have been or are being discussed), such information shall be deemed the confidential property of (ISC)² ("Proprietary Information"). Certification Candidate recognizes and acknowledges that (ISC)²'s Proprietary Information (and the confidential nature thereof) is critical to (ISC)²'s business and that (ISC)² would not enter into this Agreement without assurance that its Proprietary Information and the value thereof will be protected as provided in this Section and elsewhere in this Agreement.
6.2 Certification Candidate agrees (i) to hold (ISC)²'s Proprietary Information in confidence as a fiduciary and to take all reasonable precautions to protect such Proprietary Information, (ii) not to use such Proprietary Information at any time during or following the term of this Agreement, except as contemplated by this Agreement, and (iii) that to not disclose, publish, disclose, reproduce or transmit any Proprietary Information to any third party, in any form, including without limitation, verbal, written, electronic or any other means for any purpose.
Are they serious? What am I supposed to do with this confidential and proprietary information from the front matter of the CISSP Prep Guide?
"The Examination The examination questions are from the CBK and aim at the level of a three to five-year practitioner in the field. It consists of 250 English language questions, of which 25 are not counted..."
I am honestly considering clicking the "do not accept" button. I wonder if this blog post will upset ISC(2) enough to revoke my CISSP anyway?
2.2 Certification Revocation. (ISC)² may, at its sole discretion, revoke a Certification Candidate's certification under the following circumstances:
2.2.5 Upon (ISC)²'s determination at its sole discretion that Certification Candidate has acted in any manner contradicting the (ISC)² Code of Ethics, that sullies or reflects poorly on the Mark, or involves any form of dishonesty or the giving of a false statement...
What should I do? Have you accepted this new "agreement?"