|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: William Hugh Murray (whmurray@sprynet.com)
Date: Fri Jan 25 2002 - 20:49:13 CST
auto318190@hushmail.com wrote:
> Hi. I do not know if this is the right place to ask such question. If not, please forward me to a more appropriate mailing list.
I think that it is not. The moderator thinks that it is. He rules.
> While taking a look at the CISSP code of ethics, I have set foot on a point which raised doubt in my mind:
>
> --- quote start ---
> [...]
> To discourage such behavior as:
> [...]
> - Professional association with non-professionals
> - Professional recognition of or association with amateurs
> [...]
> --- quote stop ---
>
> I wondered what those two points really meant. My understanding of the information security industry is that much of the research work has been peformed by those "non-professionals" and "amateurs", often kids in their early 20's, publicating their research results on forums like Bugtraq or magazines like Phrack, under the most original pseudonymes and nicknames such as 'rain forest puppy', 'zen-parse', 'lcamtuf', 'aleph1', etc. This is a truth that cannot be hidden. Many security professionals have gained most of their knowledge, directly or indirectly, thanks to these publications and sources of highly valuable information.
>
> Maybe I am mistaken, but I believe this specific part of the CISSP's code of ethics is a huge lack of respect to the security community, and the "amateurs" and "non-professionals" who form it. What do you people think?
First, this is not part of the code of ethics. The code consists only of the preamble and the four canons.
Second, it is not part of the guidance.
It is an objective that the professional practices committee had in mind when we wrote the guidance. There is a specific disclaimer that says that the professional is not expected to accept or agree with these objectives.
"Professional association" is a term of art. It means for a professional to treat an amateur or non-professional as a professional peer. Professionals do not do this. If you are a lawyer and you treat amateurs as lawyers, you will go to jail. Those whe desire to be our peers must qualify.
The committee wishes to discourage such association. We wish to do so in part to identify ourselves as professionals by adopting the same standards as the more established professions. We do it to avoid potential embarrassment to the profession. We wish to discourage it because information technology is full of unethical people who are atttempting to rehabilitate themselves by association with us.
Whether you agree with this or not is irrelevant. No one has asked you to. We have simply shared our thinking with you. Whether every reader of this list agrees with it or not is irrelevant. It is an objective of the commttee and we are entitled to it.
Incidentally, professionals do business in their own names, not under aliases, and not anonymously. (I am embarrassed that the moderator of this list has accepted an anonymous post.)
William Hugh Murray, CISSP
Chairman, Professional Practices Commettee
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]