Last year I discussed the value of the CISSP with respect to its code of ethics. Today while renewing my ISSA membership, I was presented with the following:
The primary goal of the Information Systems Security Association, Inc. (ISSA) is to promote practices that will ensure the confidentiality, integrity, and availability of organizational information resources. To achieve this goal, members of the Association must reflect the highest standards of ethical conduct. Therefore, ISSA has established the following Code of Ethics and requires its observance as a prerequisite for continued membership and affiliation with the Association.
As an applicant for membership and as a member of ISSA, I have in the past and will in the future:
* Perform all professional activities and duties in accordance with all applicable laws and the highest ethical principles;
* Promote generally accepted information security current best practices and standards;
* Maintain appropriate confidentiality of proprietary or otherwise sensitive information encountered in the course of professional activities;
* Discharge professional responsibilities with diligence and honesty;
* Refrain from any activities which might constitute a conflict of interest or otherwise damage the reputation of employers, the information security profession, or the Association; and
* Not intentionally injure or impugn the professional reputation of practice of colleagues, clients, or employers.
Please check the box indicating you have read the above statement and agree to its principles:
It looks to me like ISSA has the ethics bases covered. If I agree to that statement, I get as much value as being a CISSP as far as ethics goes.
Unfortunately, misdirected efforts like DoD 8570.1 attach significance to the CISSP out of all proportion to its worth.