Stories of a CISSP: Censorship
This is the second canon of the ISC2 Code of Ethics:
"Act honorably, honestly, justly, responsibly, and legally."
You can ask, "why should I follow these ethics?". Well, you don't have to. The only ethics you have to follow are your own. However, your certification status is contingent on following the list of ethics. These ethics just provide a general foundation of where to steer yourself when faced with ethical dilemmas in the professional world.
Here's where I'm going with this:
One time I approved a request for a member to join the Telegram group, but he was having trouble connecting. He would be able to buy the app from his iPhone's App Store, create a username, enter his telephone number...but wouldn't be able to connect.
Some of the suggestions from my side were to :
Make sure it is the correct app
Reinstall the app
Reset the phone
Try a different network if behind a work or government computer
The firewall may not allow it
Search for the Telegram group manually
Check any network firewall settings if at home
None of these suggestions helped.
I happened to notice that the user was not originating from the United States and somewhere else in the world. Just as a quick search, I thought I'd Google the terms "telegram" and the country name, just to confirm something.
It was found that recently the leading ISPs of the country were blocking Telegram traffic. This is why the member was unable to join and unable to use the app.
"Luke, do you know a way around this?" - This was the inevitable question.
What do I do?
Suggest a VPN to subvert the law of another country so it could accommodate a paying customer? No, not doing that.
Refrain from suggesting anything as it would go above the policy of a country's governing body and risk a member from using my site's full services? Yes, without question!
As a CISSP, you don't want to break the law, whether for monetary or professional gain. You don't want to break the law of the land you reside in, and not the law of any other land either.
One of the subheadings of the second canon of the ISC2 Code of Ethics states:
"When resolving differing laws in different jurisdictions, give preference to the laws of the jurisdiction in which you render your service."
This was my guiding principle.
"...laws of the jurisdiction in which you render your service". My services are actually rendered in the United States so I didn't quite know how to approach it.
Either way, I didn't want to chance it, so I told the member I couldn't provide that kind of information. I didn't want to suggest a way to break the law of another country and their laws about Internet traffic.
Thanks for reading.
CISSP Take-Away Concepts
Domain 1: Security and Risk Management
CISSP Code of Ethics
The ISC2 Code of Ethics is a highly testable topic to know for the CISSP exam. It is a code created by the ISC2, so expect to be tested on it.
Domain 4: Network Security
VPNs can be used to subvert nation-wide ISP firewalls. A VPN can change your IP address to look like it is originating from another country.