By William Knowles @c4i

Senior Editor

InfoSec News

July 11, 2013

On July 4th, The New York Times reported NSA contractor Edward Snowden trained and certified as a Certified Ethical Hacker by the EC-Council, a certificate which has since been rescinded by the organization. After what could be called stall tactics with myself, the (ISC)² has now confirmed that Edward Snowden is in fact currently an (ISC)² member.

While the (ISC)² staff wouldn’t go as far as to say what certification Edward Snowden holds, merely receiving a credential from (ISC)² automatically makes one a member. On Tuesday evening, an (ISC)² Member Services Advisor wouldn’t comment whether or not Edward Snowden is currently a CISSP citing “security issues are involved” and the (ISC)² privacy policy prevents them from being able to confirm his certification status or personal information”

After pointing out the (ISC)² Privacy Policy to the advisor that states “It is an implied duty that (ISC)² identify and attest to the certified status of those individuals who do possess our certification. As such, (ISC)² will verify whether an individual is certified by (ISC)² or not upon receiving sufficient identifying information regarding the subject of the inquiry.”

On late Wednesday evening, a Global Communications Manager for (ISC)² replied that “(ISC)² can verify that Edward Snowden is currently an (ISC)² member.” The Global Communications Manager for (ISC)² goes on to state that “the (ISC)² is in the business of validating the knowledge, skills, and abilities of such professionals, it cannot guarantee a member’s conduct or professional judgment. Mr. Snowden, like all other (ISC)² members around the world must do when they sit for an (ISC)² credential exam, signed an agreement to abide by the (ISC)² Code of Ethics as a condition of maintaining his (ISC)² certification.”

Like the EC-Council, the (ISC)² has an established ethics complaint procedure that is initiated when a member of the public, an employer, or an (ISC)² member submits a complaint to the (ISC)² Ethics Committee when one of their members violates the Canons of the Code of Ethics.

Protect society, the common good, necessary public trust and confidence, and the infrastructure.

Act honorably, honestly, justly, responsibly, and legally.

Provide diligent and competent service to principals.

Advance and protect the profession.

It should be pointed out that a member of the public can only complain about a breach of Canons I or II, principals (those with an employer/contractor relationship with the certificate holder) may complain about violations of Canons III, and only other professionals (those who are certified or licensed as a professional AND also subscribe to a code of ethics) may complain about violations of Canon IV.

Its entirely possible that while Edward Snowden sorts out his asylum requests until he’s formally charged by the U.S. Government, he will be still be allowed under (ISC)² membership regulations to continue practicing security in Iceland, Venezuela, or the SVR Headquarters in Yasenevo.

The (ISC)² Global Communications Manager concluded the mail stating “Mr. Snowden’s previous employers should be applauded for seeking out a certified professional to carry out their very important work. Unfortunately, in the end, no organization can completely ensure those individuals will exercise professional judgment at all times.”

(Screenshot / The Guardian)