The order in which the information security professional must consider the factors when resolving ethical conflicts is public safety, duties to individuals, duties to the profession, and duties to principals. Ethics are the principles or standards that guide the conduct or behavior of a person or a group. Ethics are important for the information security profession, as the information security professionals have the responsibility to protect the confidentiality, integrity, and availability of the information and systems they manage or access, and to ensure the trust and confidence of the stakeholders and the society. The information security professionals may face ethical conflicts or dilemmas, which are situations where there are two or more choices that have different ethical implications or consequences, and no clear or easy solution. When resolving ethical conflicts, the information security professional must consider the following factors, in the order of priority:
Public safety: The information security professional must protect the health, safety, and welfare of the public, and avoid any actions or decisions that could harm or endanger the public.
Duties to individuals: The information security professional must respect the rights, privacy, and dignity of the individuals, and avoid any actions or decisions that could harm or discriminate the individuals.
Duties to the profession: The information security professional must uphold the reputation, integrity, and competence of the profession, and follow the code of ethics and standards of practice of the profession.
Duties to principals: The information security professional must act in the best interest of the principals, such as the employers, clients, or customers, and fulfill the contractual obligations and fiduciary duties to the principals. References: CISSP All-in-One Exam Guide, Chapter 1: Security and Risk Management, Section: Professional Ethics, pp. 29-30.
